./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1314596245 <...> file descriptor) [pid 5259] close(22) = -1 EBADF (Bad file descriptor) [pid 5259] close(23) = -1 EBADF (Bad file descriptor) [pid 5259] close(24) = -1 EBADF (Bad file descriptor) [pid 5259] close(25) = -1 EBADF (Bad file descriptor) [pid 5259] close(26) = -1 EBADF (Bad file descriptor) [pid 5259] close(27) = -1 EBADF (Bad file descriptor) [ 107.327082][ T5266] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 107.333127][ T5266] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 107.339175][ T5266] do_syscall_64+0x41/0xc0 [ 107.343645][ T5266] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.349592][ T5266] RIP: 0033:0x7fd49ce20129 [ 107.354048][ T5266] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5259] close(28) = -1 EBADF (Bad file descriptor) [pid 5259] close(29) = -1 EBADF (Bad file descriptor) [pid 5259] exit_group(0) = ? [pid 5259] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./7/binderfs") = 0 [pid 5072] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./7/cgroup") = 0 [pid 5072] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./7/cgroup.net") = 0 [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 107.373703][ T5266] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 107.382173][ T5266] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 107.390193][ T5266] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 107.398227][ T5266] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 107.406245][ T5266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 107.414256][ T5266] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000d [ 107.422739][ T5266] [pid 5072] close(4) = 0 [pid 5072] rmdir("./7/file0") = 0 [pid 5072] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./7/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./7") = 0 [pid 5072] mkdir("./8", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached [pid 5282] chdir("./8" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 10 [pid 5282] <... chdir resumed>) = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 107.437522][ T5266] memory: usage 12kB, limit 0kB, failcnt 55 [ 107.444273][ T5266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 107.452665][ T5266] Memory cgroup stats for /syz1: [ 107.452887][ T5266] anon 0 [ 107.452887][ T5266] file 0 [ 107.452887][ T5266] kernel 12288 [ 107.452887][ T5266] kernel_stack 0 [ 107.452887][ T5266] pagetables 0 [ 107.452887][ T5266] sec_pagetables 0 [ 107.452887][ T5266] percpu 0 [ 107.452887][ T5266] sock 0 [ 107.452887][ T5266] vmalloc 0 [ 107.452887][ T5266] shmem 0 [pid 5282] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5282] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5282] mkdir("./file0", 000) = 0 [pid 5282] open("./file0", O_RDONLY) = 3 [ 107.452887][ T5266] zswap 0 [ 107.452887][ T5266] zswapped 0 [ 107.452887][ T5266] file_mapped 0 [ 107.452887][ T5266] file_dirty 0 [ 107.452887][ T5266] file_writeback 0 [ 107.452887][ T5266] swapcached 0 [ 107.452887][ T5266] anon_thp 0 [ 107.452887][ T5266] file_thp 0 [ 107.452887][ T5266] shmem_thp 0 [ 107.452887][ T5266] inactive_anon 0 [ 107.452887][ T5266] active_anon 0 [ 107.452887][ T5266] inactive_file 0 [ 107.452887][ T5266] active_file 0 [ 107.452887][ T5266] unevictable 0 [ 107.452887][ T5266] slab_reclaimable 9328 [pid 5282] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5282] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5282] openat(5, "memory.max", O_RDWR) = 6 [ 107.452887][ T5266] slab_unreclaimable 0 [ 107.452887][ T5266] slab 9328 [ 107.452887][ T5266] workingset_refault_anon 0 [ 107.557521][ T5266] Tasks state (memory values in pages): [ 107.563298][ T5266] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 107.575780][ T5266] Out of memory and no killable processes... [pid 5282] write(6, "0x000000000000040e", 18 [pid 5266] <... write resumed>) = 18 [ 107.582508][ T5270] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 107.593724][ T5270] CPU: 1 PID: 5270 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 107.604194][ T5270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 107.614296][ T5270] Call Trace: [ 107.617615][ T5270] [ 107.620586][ T5270] dump_stack_lvl+0x1e7/0x2d0 [ 107.625322][ T5270] ? nf_tcp_handle_invalid+0x640/0x640 [ 107.630833][ T5270] ? panic+0x770/0x770 [ 107.634972][ T5270] dump_header+0xdc/0x940 [ 107.639354][ T5270] out_of_memory+0xf21/0x12c0 [ 107.644090][ T5270] ? mutex_lock_io_nested+0x60/0x60 [ 107.649351][ T5270] ? preempt_schedule+0xdd/0xf0 [ 107.654255][ T5270] ? unregister_oom_notifier+0x20/0x20 [ 107.659858][ T5270] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 107.665907][ T5270] mem_cgroup_out_of_memory+0x263/0x3b0 [ 107.671509][ T5270] ? preempt_schedule_thunk+0x1a/0x20 [ 107.676932][ T5270] ? mem_cgroup_oom_trylock+0x210/0x210 [ 107.682516][ T5270] ? cgroup_file_notify+0x127/0x190 [ 107.687755][ T5270] memory_max_write+0x355/0x470 [ 107.692660][ T5270] ? memory_max_show+0xa0/0xa0 [ 107.697449][ T5270] ? read_lock_is_recursive+0x20/0x20 [ 107.702852][ T5270] ? memory_max_show+0xa0/0xa0 [ 107.707729][ T5270] cgroup_file_write+0x2b1/0x780 [ 107.712711][ T5270] ? cgroup_seqfile_stop+0xd0/0xd0 [ 107.717863][ T5270] ? __virt_addr_valid+0x22f/0x2e0 [ 107.723012][ T5270] ? cgroup_seqfile_stop+0xd0/0xd0 [ 107.728142][ T5270] kernfs_fop_write_iter+0x3a6/0x4f0 [ 107.733459][ T5270] vfs_write+0x7b2/0xbb0 [ 107.737733][ T5270] ? file_end_write+0x240/0x240 [ 107.742611][ T5270] ? do_raw_spin_unlock+0x13b/0x8b0 [ 107.747826][ T5270] ? lockdep_hardirqs_on+0x98/0x140 [ 107.753044][ T5270] ? __fdget_pos+0x265/0x2f0 [ 107.757652][ T5270] ksys_write+0x1a0/0x2c0 [ 107.762004][ T5270] ? __ia32_sys_read+0x90/0x90 [ 107.766787][ T5270] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 107.772793][ T5270] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 107.778801][ T5270] do_syscall_64+0x41/0xc0 [ 107.783237][ T5270] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.789152][ T5270] RIP: 0033:0x7fd49ce20129 [ 107.793578][ T5270] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 107.813196][ T5270] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 107.821622][ T5270] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 107.829633][ T5270] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5266] close(3) = 0 [pid 5266] close(4) = 0 [pid 5266] close(5) = 0 [pid 5266] close(6) = 0 [pid 5266] close(7) = -1 EBADF (Bad file descriptor) [pid 5266] close(8) = -1 EBADF (Bad file descriptor) [pid 5266] close(9) = -1 EBADF (Bad file descriptor) [pid 5266] close(10) = -1 EBADF (Bad file descriptor) [pid 5266] close(11) = -1 EBADF (Bad file descriptor) [pid 5266] close(12) = -1 EBADF (Bad file descriptor) [pid 5266] close(13) = -1 EBADF (Bad file descriptor) [pid 5266] close(14) = -1 EBADF (Bad file descriptor) [pid 5266] close(15) = -1 EBADF (Bad file descriptor) [pid 5266] close(16) = -1 EBADF (Bad file descriptor) [pid 5266] close(17) = -1 EBADF (Bad file descriptor) [pid 5266] close(18) = -1 EBADF (Bad file descriptor) [pid 5266] close(19) = -1 EBADF (Bad file descriptor) [pid 5266] close(20) = -1 EBADF (Bad file descriptor) [pid 5266] close(21) = -1 EBADF (Bad file descriptor) [pid 5266] close(22) = -1 EBADF (Bad file descriptor) [pid 5266] close(23) = -1 EBADF (Bad file descriptor) [pid 5266] close(24) = -1 EBADF (Bad file descriptor) [pid 5266] close(25) = -1 EBADF (Bad file descriptor) [pid 5266] close(26) = -1 EBADF (Bad file descriptor) [pid 5266] close(27) = -1 EBADF (Bad file descriptor) [pid 5266] close(28) = -1 EBADF (Bad file descriptor) [pid 5266] close(29) = -1 EBADF (Bad file descriptor) [pid 5266] exit_group(0) = ? [ 107.837635][ T5270] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 107.845626][ T5270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 107.853608][ T5270] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000d [ 107.861608][ T5270] [ 107.876722][ T5270] memory: usage 12kB, limit 0kB, failcnt 55 [ 107.883439][ T5270] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5266] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./13/binderfs") = 0 [pid 5074] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./13/cgroup") = 0 [pid 5074] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./13/cgroup.net") = 0 [ 107.902496][ T5270] Memory cgroup stats for /syz1: [ 107.902732][ T5270] anon 0 [ 107.902732][ T5270] file 0 [ 107.902732][ T5270] kernel 12288 [ 107.902732][ T5270] kernel_stack 0 [ 107.902732][ T5270] pagetables 0 [ 107.902732][ T5270] sec_pagetables 0 [ 107.902732][ T5270] percpu 0 [ 107.902732][ T5270] sock 0 [ 107.902732][ T5270] vmalloc 0 [ 107.902732][ T5270] shmem 0 [ 107.902732][ T5270] zswap 0 [ 107.902732][ T5270] zswapped 0 [ 107.902732][ T5270] file_mapped 0 [ 107.902732][ T5270] file_dirty 0 [pid 5074] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./13/file0") = 0 [pid 5074] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./13/cgroup.cpu") = 0 [ 107.902732][ T5270] file_writeback 0 [ 107.902732][ T5270] swapcached 0 [ 107.902732][ T5270] anon_thp 0 [ 107.902732][ T5270] file_thp 0 [ 107.902732][ T5270] shmem_thp 0 [ 107.902732][ T5270] inactive_anon 0 [ 107.902732][ T5270] active_anon 0 [ 107.902732][ T5270] inactive_file 0 [ 107.902732][ T5270] active_file 0 [ 107.902732][ T5270] unevictable 0 [ 107.902732][ T5270] slab_reclaimable 9328 [ 107.902732][ T5270] slab_unreclaimable 0 [ 107.902732][ T5270] slab 9328 [ 107.902732][ T5270] workingset_refault_anon 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./13") = 0 [pid 5074] mkdir("./14", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached [pid 5284] chdir("./14" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 16 [pid 5284] <... chdir resumed>) = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5284] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5284] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 108.051935][ T5270] Tasks state (memory values in pages): [ 108.058755][ T5270] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 108.084386][ T5270] Out of memory and no killable processes... [ 108.091587][ T5275] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5284] write(3, "1000", 4 [pid 5270] <... write resumed>) = 18 [ 108.102298][ T5275] CPU: 0 PID: 5275 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 108.112776][ T5275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 108.122878][ T5275] Call Trace: [ 108.126206][ T5275] [ 108.129182][ T5275] dump_stack_lvl+0x1e7/0x2d0 [ 108.133913][ T5275] ? nf_tcp_handle_invalid+0x640/0x640 [ 108.139423][ T5275] ? panic+0x770/0x770 [ 108.143563][ T5275] dump_header+0xdc/0x940 [ 108.147947][ T5275] out_of_memory+0xf21/0x12c0 [ 108.152690][ T5275] ? mutex_lock_io_nested+0x60/0x60 [ 108.157959][ T5275] ? preempt_schedule+0xdd/0xf0 [ 108.162855][ T5275] ? unregister_oom_notifier+0x20/0x20 [ 108.168345][ T5275] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 108.174375][ T5275] mem_cgroup_out_of_memory+0x263/0x3b0 [ 108.180038][ T5275] ? preempt_schedule_thunk+0x1a/0x20 [ 108.185435][ T5275] ? mem_cgroup_oom_trylock+0x210/0x210 [ 108.191015][ T5275] ? cgroup_file_notify+0x127/0x190 [ 108.196238][ T5275] memory_max_write+0x355/0x470 [ 108.201127][ T5275] ? memory_max_show+0xa0/0xa0 [ 108.205956][ T5275] ? read_lock_is_recursive+0x20/0x20 [ 108.211355][ T5275] ? memory_max_show+0xa0/0xa0 [ 108.216139][ T5275] cgroup_file_write+0x2b1/0x780 [ 108.221097][ T5275] ? cgroup_seqfile_stop+0xd0/0xd0 [ 108.226228][ T5275] ? __virt_addr_valid+0x22f/0x2e0 [ 108.231369][ T5275] ? cgroup_seqfile_stop+0xd0/0xd0 [ 108.236495][ T5275] kernfs_fop_write_iter+0x3a6/0x4f0 [ 108.241821][ T5275] vfs_write+0x7b2/0xbb0 [ 108.246089][ T5275] ? file_end_write+0x240/0x240 [ 108.250975][ T5275] ? do_raw_spin_unlock+0x13b/0x8b0 [ 108.256191][ T5275] ? lockdep_hardirqs_on+0x98/0x140 [ 108.261413][ T5275] ? __fdget_pos+0x265/0x2f0 [ 108.266026][ T5275] ksys_write+0x1a0/0x2c0 [ 108.270377][ T5275] ? __ia32_sys_read+0x90/0x90 [ 108.275157][ T5275] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 108.281164][ T5275] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 108.287186][ T5275] do_syscall_64+0x41/0xc0 [ 108.291624][ T5275] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 108.297558][ T5275] RIP: 0033:0x7fd49ce20129 [ 108.301983][ T5275] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 108.321615][ T5275] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.330079][ T5275] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 108.338120][ T5275] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 108.346118][ T5275] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 108.354113][ T5275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 108.362108][ T5275] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000007 [ 108.370115][ T5275] [ 108.379098][ T5275] memory: usage 12kB, limit 0kB, failcnt 55 [ 108.385064][ T5275] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 108.396040][ T5275] Memory cgroup stats for /syz1: [ 108.396214][ T5275] anon 0 [ 108.396214][ T5275] file 0 [ 108.396214][ T5275] kernel 12288 [ 108.396214][ T5275] kernel_stack 0 [ 108.396214][ T5275] pagetables 0 [ 108.396214][ T5275] sec_pagetables 0 [ 108.396214][ T5275] percpu 0 [ 108.396214][ T5275] sock 0 [ 108.396214][ T5275] vmalloc 0 [ 108.396214][ T5275] shmem 0 [ 108.396214][ T5275] zswap 0 [ 108.396214][ T5275] zswapped 0 [ 108.396214][ T5275] file_mapped 0 [ 108.396214][ T5275] file_dirty 0 [ 108.396214][ T5275] file_writeback 0 [ 108.396214][ T5275] swapcached 0 [ 108.396214][ T5275] anon_thp 0 [pid 5284] <... write resumed>) = 4 [pid 5270] close(3 [pid 5284] close(3 [pid 5270] <... close resumed>) = 0 [pid 5284] <... close resumed>) = 0 [pid 5270] close(4 [pid 5284] symlink("/dev/binderfs", "./binderfs" [pid 5270] <... close resumed>) = 0 [pid 5284] <... symlink resumed>) = 0 [pid 5270] close(5 [pid 5284] mkdir("./file0", 000 [pid 5270] <... close resumed>) = 0 [pid 5284] <... mkdir resumed>) = 0 [pid 5270] close(6 [pid 5284] open("./file0", O_RDONLY [pid 5270] <... close resumed>) = 0 [pid 5284] <... open resumed>) = 3 [pid 5270] close(7 [pid 5284] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5270] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... mount resumed>) = 0 [pid 5270] close(8 [pid 5284] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5270] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... openat resumed>) = 4 [pid 5270] close(9 [pid 5284] openat(4, "syz1", O_RDWR|O_PATH [pid 5270] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... openat resumed>) = 5 [pid 5270] close(10 [pid 5284] openat(5, "memory.max", O_RDWR [pid 5270] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... openat resumed>) = 6 [pid 5270] close(11 [pid 5284] write(6, "0x000000000000040e", 18 [pid 5270] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5270] close(12) = -1 EBADF (Bad file descriptor) [pid 5270] close(13) = -1 EBADF (Bad file descriptor) [pid 5270] close(14) = -1 EBADF (Bad file descriptor) [pid 5270] close(15) = -1 EBADF (Bad file descriptor) [pid 5270] close(16) = -1 EBADF (Bad file descriptor) [pid 5270] close(17) = -1 EBADF (Bad file descriptor) [pid 5270] close(18) = -1 EBADF (Bad file descriptor) [pid 5270] close(19) = -1 EBADF (Bad file descriptor) [pid 5270] close(20) = -1 EBADF (Bad file descriptor) [pid 5270] close(21) = -1 EBADF (Bad file descriptor) [pid 5270] close(22) = -1 EBADF (Bad file descriptor) [pid 5270] close(23) = -1 EBADF (Bad file descriptor) [pid 5270] close(24) = -1 EBADF (Bad file descriptor) [pid 5270] close(25) = -1 EBADF (Bad file descriptor) [pid 5270] close(26) = -1 EBADF (Bad file descriptor) [pid 5270] close(27) = -1 EBADF (Bad file descriptor) [pid 5270] close(28) = -1 EBADF (Bad file descriptor) [pid 5270] close(29) = -1 EBADF (Bad file descriptor) [pid 5270] exit_group(0) = ? [pid 5270] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5075] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./13/binderfs") = 0 [pid 5075] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./13/cgroup") = 0 [pid 5075] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./13/cgroup.net") = 0 [ 108.396214][ T5275] file_thp 0 [ 108.396214][ T5275] shmem_thp 0 [ 108.396214][ T5275] inactive_anon 0 [ 108.396214][ T5275] active_anon 0 [ 108.396214][ T5275] inactive_file 0 [ 108.396214][ T5275] active_file 0 [ 108.396214][ T5275] unevictable 0 [ 108.396214][ T5275] slab_reclaimable 9328 [ 108.396214][ T5275] slab_unreclaimable 0 [ 108.396214][ T5275] slab 9328 [ 108.396214][ T5275] workingset_refault_anon 0 [ 108.495240][ T5275] Tasks state (memory values in pages): [pid 5075] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./13/file0") = 0 [pid 5075] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./13/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./13") = 0 [pid 5075] mkdir("./14", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached [pid 5287] chdir("./14" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 16 [pid 5287] <... chdir resumed>) = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5287] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5287] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] mkdir("./file0", 000) = 0 [pid 5287] open("./file0", O_RDONLY) = 3 [pid 5287] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5287] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 108.502077][ T5275] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5287] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5287] openat(5, "memory.max", O_RDWR) = 6 [pid 5287] write(6, "0x000000000000040e", 18 [pid 5275] <... write resumed>) = 18 [pid 5275] close(3) = 0 [pid 5275] close(4) = 0 [pid 5275] close(5) = 0 [pid 5275] close(6) = 0 [pid 5275] close(7) = -1 EBADF (Bad file descriptor) [pid 5275] close(8) = -1 EBADF (Bad file descriptor) [pid 5275] close(9) = -1 EBADF (Bad file descriptor) [pid 5275] close(10) = -1 EBADF (Bad file descriptor) [pid 5275] close(11) = -1 EBADF (Bad file descriptor) [pid 5275] close(12) = -1 EBADF (Bad file descriptor) [pid 5275] close(13) = -1 EBADF (Bad file descriptor) [pid 5275] close(14) = -1 EBADF (Bad file descriptor) [pid 5275] close(15) = -1 EBADF (Bad file descriptor) [pid 5275] close(16) = -1 EBADF (Bad file descriptor) [pid 5275] close(17) = -1 EBADF (Bad file descriptor) [pid 5275] close(18) = -1 EBADF (Bad file descriptor) [pid 5275] close(19) = -1 EBADF (Bad file descriptor) [pid 5275] close(20) = -1 EBADF (Bad file descriptor) [pid 5275] close(21) = -1 EBADF (Bad file descriptor) [pid 5275] close(22) = -1 EBADF (Bad file descriptor) [pid 5275] close(23) = -1 EBADF (Bad file descriptor) [ 108.587365][ T5275] Out of memory and no killable processes... [ 108.603309][ T5278] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 108.650602][ T5278] CPU: 0 PID: 5278 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 108.661104][ T5278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 108.671214][ T5278] Call Trace: [ 108.674530][ T5278] [ 108.677509][ T5278] dump_stack_lvl+0x1e7/0x2d0 [ 108.682249][ T5278] ? nf_tcp_handle_invalid+0x640/0x640 [ 108.687758][ T5278] ? panic+0x770/0x770 [ 108.691893][ T5278] dump_header+0xdc/0x940 [ 108.696458][ T5278] out_of_memory+0xf21/0x12c0 [ 108.701230][ T5278] ? mutex_lock_io_nested+0x60/0x60 [ 108.706491][ T5278] ? mark_lock+0x9a/0x340 [ 108.710854][ T5278] ? unregister_oom_notifier+0x20/0x20 [ 108.716332][ T5278] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 108.722355][ T5278] mem_cgroup_out_of_memory+0x263/0x3b0 [ 108.727944][ T5278] ? mem_cgroup_oom_trylock+0x210/0x210 [ 108.733537][ T5278] ? cgroup_file_notify+0x127/0x190 [ 108.738772][ T5278] memory_max_write+0x355/0x470 [ 108.743659][ T5278] ? memory_max_show+0xa0/0xa0 [ 108.748462][ T5278] ? read_lock_is_recursive+0x20/0x20 [ 108.753866][ T5278] ? memory_max_show+0xa0/0xa0 [ 108.758646][ T5278] cgroup_file_write+0x2b1/0x780 [ 108.763603][ T5278] ? cgroup_seqfile_stop+0xd0/0xd0 [ 108.768728][ T5278] ? __virt_addr_valid+0x22f/0x2e0 [ 108.773867][ T5278] ? cgroup_seqfile_stop+0xd0/0xd0 [ 108.778990][ T5278] kernfs_fop_write_iter+0x3a6/0x4f0 [ 108.784302][ T5278] vfs_write+0x7b2/0xbb0 [ 108.788572][ T5278] ? file_end_write+0x240/0x240 [ 108.793547][ T5278] ? do_raw_spin_unlock+0x13b/0x8b0 [ 108.798766][ T5278] ? lockdep_hardirqs_on+0x98/0x140 [ 108.803987][ T5278] ? __fdget_pos+0x265/0x2f0 [ 108.808638][ T5278] ksys_write+0x1a0/0x2c0 [ 108.813342][ T5278] ? __ia32_sys_read+0x90/0x90 [ 108.818143][ T5278] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 108.824160][ T5278] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 108.830183][ T5278] do_syscall_64+0x41/0xc0 [ 108.834625][ T5278] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 108.840543][ T5278] RIP: 0033:0x7fd49ce20129 [ 108.845080][ T5278] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 108.864731][ T5278] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.873166][ T5278] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 108.881149][ T5278] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 108.889128][ T5278] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 108.897111][ T5278] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 108.905384][ T5278] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000a [ 108.913399][ T5278] [ 108.921728][ T5278] memory: usage 12kB, limit 0kB, failcnt 55 [ 108.935934][ T5278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 108.943759][ T5278] Memory cgroup stats for /syz1: [ 108.943969][ T5278] anon 0 [ 108.943969][ T5278] file 0 [ 108.943969][ T5278] kernel 12288 [ 108.943969][ T5278] kernel_stack 0 [ 108.943969][ T5278] pagetables 0 [ 108.943969][ T5278] sec_pagetables 0 [ 108.943969][ T5278] percpu 0 [ 108.943969][ T5278] sock 0 [ 108.943969][ T5278] vmalloc 0 [ 108.943969][ T5278] shmem 0 [ 108.943969][ T5278] zswap 0 [ 108.943969][ T5278] zswapped 0 [ 108.943969][ T5278] file_mapped 0 [ 108.943969][ T5278] file_dirty 0 [ 108.943969][ T5278] file_writeback 0 [ 108.943969][ T5278] swapcached 0 [ 108.943969][ T5278] anon_thp 0 [pid 5275] close(24) = -1 EBADF (Bad file descriptor) [ 108.943969][ T5278] file_thp 0 [ 108.943969][ T5278] shmem_thp 0 [ 108.943969][ T5278] inactive_anon 0 [ 108.943969][ T5278] active_anon 0 [ 108.943969][ T5278] inactive_file 0 [ 108.943969][ T5278] active_file 0 [ 108.943969][ T5278] unevictable 0 [ 108.943969][ T5278] slab_reclaimable 9328 [ 108.943969][ T5278] slab_unreclaimable 0 [ 108.943969][ T5278] slab 9328 [ 108.943969][ T5278] workingset_refault_anon 0 [ 109.044383][ T5278] Tasks state (memory values in pages): [pid 5275] close(25) = -1 EBADF (Bad file descriptor) [pid 5275] close(26) = -1 EBADF (Bad file descriptor) [pid 5275] close(27) = -1 EBADF (Bad file descriptor) [pid 5275] close(28) = -1 EBADF (Bad file descriptor) [pid 5275] close(29) = -1 EBADF (Bad file descriptor) [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5278] <... write resumed>) = 18 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] close(5) = 0 [pid 5278] close(6) = 0 [pid 5278] close(7) = -1 EBADF (Bad file descriptor) [pid 5278] close(8) = -1 EBADF (Bad file descriptor) [pid 5278] close(9) = -1 EBADF (Bad file descriptor) [pid 5278] close(10) = -1 EBADF (Bad file descriptor) [pid 5278] close(11) = -1 EBADF (Bad file descriptor) [pid 5278] close(12) = -1 EBADF (Bad file descriptor) [pid 5278] close(13) = -1 EBADF (Bad file descriptor) [pid 5278] close(14) = -1 EBADF (Bad file descriptor) [pid 5278] close(15) = -1 EBADF (Bad file descriptor) [pid 5278] close(16) = -1 EBADF (Bad file descriptor) [pid 5278] close(17) = -1 EBADF (Bad file descriptor) [pid 5278] close(18) = -1 EBADF (Bad file descriptor) [pid 5278] close(19) = -1 EBADF (Bad file descriptor) [pid 5278] close(20) = -1 EBADF (Bad file descriptor) [pid 5278] close(21) = -1 EBADF (Bad file descriptor) [pid 5278] close(22) = -1 EBADF (Bad file descriptor) [pid 5278] close(23) = -1 EBADF (Bad file descriptor) [pid 5278] close(24) = -1 EBADF (Bad file descriptor) [pid 5278] close(25) = -1 EBADF (Bad file descriptor) [pid 5278] close(26) = -1 EBADF (Bad file descriptor) [pid 5278] close(27) = -1 EBADF (Bad file descriptor) [pid 5278] close(28) = -1 EBADF (Bad file descriptor) [pid 5278] close(29) = -1 EBADF (Bad file descriptor) [pid 5278] exit_group(0) = ? [pid 5278] +++ exited with 0 +++ [ 109.051448][ T5278] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 109.062375][ T5278] Out of memory and no killable processes... [ 109.075761][ T5282] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 109.087483][ T5282] CPU: 0 PID: 5282 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 109.097962][ T5282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 109.108063][ T5282] Call Trace: [ 109.111389][ T5282] [ 109.114357][ T5282] dump_stack_lvl+0x1e7/0x2d0 [ 109.119090][ T5282] ? nf_tcp_handle_invalid+0x640/0x640 [ 109.124611][ T5282] ? panic+0x770/0x770 [ 109.128752][ T5282] dump_header+0xdc/0x940 [ 109.133147][ T5282] out_of_memory+0xf21/0x12c0 [ 109.137885][ T5282] ? mutex_lock_io_nested+0x60/0x60 [ 109.143171][ T5282] ? preempt_schedule+0xdd/0xf0 [ 109.148094][ T5282] ? unregister_oom_notifier+0x20/0x20 [ 109.153595][ T5282] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 109.159611][ T5282] mem_cgroup_out_of_memory+0x263/0x3b0 [ 109.165179][ T5282] ? preempt_schedule_thunk+0x1a/0x20 [ 109.171606][ T5282] ? mem_cgroup_oom_trylock+0x210/0x210 [ 109.178962][ T5282] ? cgroup_file_notify+0x127/0x190 [ 109.184182][ T5282] memory_max_write+0x355/0x470 [ 109.189056][ T5282] ? memory_max_show+0xa0/0xa0 [ 109.193837][ T5282] ? read_lock_is_recursive+0x20/0x20 [ 109.199230][ T5282] ? memory_max_show+0xa0/0xa0 [ 109.204010][ T5282] cgroup_file_write+0x2b1/0x780 [ 109.208966][ T5282] ? cgroup_seqfile_stop+0xd0/0xd0 [ 109.214090][ T5282] ? __virt_addr_valid+0x22f/0x2e0 [ 109.219236][ T5282] ? cgroup_seqfile_stop+0xd0/0xd0 [ 109.224356][ T5282] kernfs_fop_write_iter+0x3a6/0x4f0 [ 109.229665][ T5282] vfs_write+0x7b2/0xbb0 [ 109.233930][ T5282] ? file_end_write+0x240/0x240 [ 109.238802][ T5282] ? do_raw_spin_unlock+0x13b/0x8b0 [ 109.244017][ T5282] ? lockdep_hardirqs_on+0x98/0x140 [ 109.249258][ T5282] ? __fdget_pos+0x265/0x2f0 [ 109.253866][ T5282] ksys_write+0x1a0/0x2c0 [ 109.258215][ T5282] ? __ia32_sys_read+0x90/0x90 [ 109.262992][ T5282] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 109.268998][ T5282] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 109.275001][ T5282] do_syscall_64+0x41/0xc0 [ 109.279438][ T5282] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 109.285350][ T5282] RIP: 0033:0x7fd49ce20129 [ 109.289774][ T5282] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 109.309388][ T5282] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.317833][ T5282] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 109.325820][ T5282] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 109.333804][ T5282] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 109.341784][ T5282] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] restart_syscall(<... resuming interrupted clone ...> [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] <... restart_syscall resumed>) = 0 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, [pid 5070] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./10/binderfs" [pid 5070] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] <... unlink resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5073] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] fstat(3, [pid 5073] unlink("./10/cgroup" [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5070] getdents64(3, [pid 5073] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] unlink("./10/cgroup.net" [pid 5070] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... unlink resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./7/binderfs", [pid 5073] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./7/binderfs" [pid 5073] <... umount2 resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5073] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./10/file0", [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] lstat("./7/cgroup", [pid 5073] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] unlink("./7/cgroup" [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5073] getdents64(4, [pid 5070] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] getdents64(4, [pid 5070] lstat("./7/cgroup.net", [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] <... close resumed>) = 0 [pid 5070] unlink("./7/cgroup.net" [pid 5073] rmdir("./10/file0") = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5073] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5073] unlink("./10/cgroup.cpu" [pid 5070] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... unlink resumed>) = 0 [pid 5073] getdents64(3, [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] lstat("./7/file0", [pid 5073] close(3 [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] <... close resumed>) = 0 [pid 5070] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] rmdir("./10" [pid 5070] <... openat resumed>) = 4 [pid 5073] <... rmdir resumed>) = 0 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, [pid 5073] mkdir("./11", 0777 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] <... mkdir resumed>) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] close(4./strace-static-x86_64: Process 5294 attached ) = 0 [pid 5070] rmdir("./7/file0" [pid 5294] chdir("./11" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 13 [pid 5294] <... chdir resumed>) = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] <... rmdir resumed>) = 0 [pid 5070] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5294] <... prctl resumed>) = 0 [pid 5294] setpgid(0, 0 [pid 5070] lstat("./7/cgroup.cpu", [pid 5294] <... setpgid resumed>) = 0 [pid 5294] symlink("/syzcgroup/unified/syz4", "./cgroup" [ 109.349769][ T5282] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000008 [ 109.357768][ T5282] [ 109.368263][ T5282] memory: usage 12kB, limit 0kB, failcnt 55 [ 109.374205][ T5282] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 109.416430][ T5282] Memory cgroup stats for /syz1: [ 109.432210][ T5282] anon 0 [ 109.432210][ T5282] file 0 [ 109.432210][ T5282] kernel 12288 [ 109.432210][ T5282] kernel_stack 0 [ 109.432210][ T5282] pagetables 0 [ 109.432210][ T5282] sec_pagetables 0 [ 109.432210][ T5282] percpu 0 [ 109.432210][ T5282] sock 0 [ 109.432210][ T5282] vmalloc 0 [ 109.432210][ T5282] shmem 0 [ 109.432210][ T5282] zswap 0 [ 109.432210][ T5282] zswapped 0 [ 109.432210][ T5282] file_mapped 0 [ 109.432210][ T5282] file_dirty 0 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5294] <... symlink resumed>) = 0 [pid 5070] unlink("./7/cgroup.cpu" [pid 5294] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5294] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] mkdir("./file0", 000) = 0 [pid 5294] open("./file0", O_RDONLY [pid 5070] getdents64(3, [pid 5294] <... open resumed>) = 3 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5294] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5070] close(3 [pid 5294] <... mount resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5070] rmdir("./7" [pid 5294] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5294] openat(5, "memory.max", O_RDWR [pid 5070] <... rmdir resumed>) = 0 [pid 5294] <... openat resumed>) = 6 [pid 5070] mkdir("./8", 0777 [pid 5294] write(6, "0x000000000000040e", 18 [pid 5070] <... mkdir resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached [pid 5296] chdir("./8" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 10 [pid 5296] <... chdir resumed>) = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [ 109.432210][ T5282] file_writeback 0 [ 109.432210][ T5282] swapcached 0 [ 109.432210][ T5282] anon_thp 0 [ 109.432210][ T5282] file_thp 0 [ 109.432210][ T5282] shmem_thp 0 [ 109.432210][ T5282] inactive_anon 0 [ 109.432210][ T5282] active_anon 0 [ 109.432210][ T5282] inactive_file 0 [ 109.432210][ T5282] active_file 0 [ 109.432210][ T5282] unevictable 0 [ 109.432210][ T5282] slab_reclaimable 9328 [ 109.432210][ T5282] slab_unreclaimable 0 [ 109.432210][ T5282] slab 9328 [ 109.432210][ T5282] workingset_refault_anon 0 [pid 5296] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5296] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5296] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] mkdir("./file0", 000) = 0 [pid 5296] open("./file0", O_RDONLY) = 3 [pid 5296] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5296] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5296] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5296] openat(5, "memory.max", O_RDWR) = 6 [ 109.594104][ T5282] Tasks state (memory values in pages): [ 109.602150][ T5282] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5296] write(6, "0x000000000000040e", 18 [pid 5282] <... write resumed>) = 18 [pid 5282] close(3) = 0 [ 109.639569][ T5282] Out of memory and no killable processes... [ 109.645667][ T5284] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 109.673651][ T5284] CPU: 0 PID: 5284 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 109.684145][ T5284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 109.694241][ T5284] Call Trace: [ 109.697566][ T5284] [ 109.700537][ T5284] dump_stack_lvl+0x1e7/0x2d0 [ 109.705276][ T5284] ? nf_tcp_handle_invalid+0x640/0x640 [ 109.710790][ T5284] ? panic+0x770/0x770 [ 109.714921][ T5284] dump_header+0xdc/0x940 [ 109.719303][ T5284] out_of_memory+0xf21/0x12c0 [ 109.724045][ T5284] ? mutex_lock_io_nested+0x60/0x60 [ 109.729310][ T5284] ? mark_lock+0x9a/0x340 [ 109.733690][ T5284] ? unregister_oom_notifier+0x20/0x20 [ 109.739201][ T5284] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 109.745250][ T5284] mem_cgroup_out_of_memory+0x263/0x3b0 [ 109.750854][ T5284] ? mem_cgroup_oom_trylock+0x210/0x210 [ 109.756471][ T5284] ? cgroup_file_notify+0x127/0x190 [ 109.761728][ T5284] memory_max_write+0x355/0x470 [ 109.766643][ T5284] ? memory_max_show+0xa0/0xa0 [ 109.771461][ T5284] ? read_lock_is_recursive+0x20/0x20 [ 109.776885][ T5284] ? memory_max_show+0xa0/0xa0 [ 109.781700][ T5284] cgroup_file_write+0x2b1/0x780 [ 109.786702][ T5284] ? cgroup_seqfile_stop+0xd0/0xd0 [ 109.791862][ T5284] ? __virt_addr_valid+0x22f/0x2e0 [ 109.797045][ T5284] ? cgroup_seqfile_stop+0xd0/0xd0 [ 109.802197][ T5284] kernfs_fop_write_iter+0x3a6/0x4f0 [ 109.807537][ T5284] vfs_write+0x7b2/0xbb0 [ 109.811834][ T5284] ? file_end_write+0x240/0x240 [ 109.816745][ T5284] ? do_raw_spin_unlock+0x13b/0x8b0 [ 109.821998][ T5284] ? lockdep_hardirqs_on+0x98/0x140 [ 109.827272][ T5284] ? __fdget_pos+0x265/0x2f0 [ 109.831918][ T5284] ksys_write+0x1a0/0x2c0 [ 109.836327][ T5284] ? __ia32_sys_read+0x90/0x90 [ 109.841142][ T5284] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 109.848293][ T5284] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 109.854426][ T5284] do_syscall_64+0x41/0xc0 [ 109.858898][ T5284] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 109.864852][ T5284] RIP: 0033:0x7fd49ce20129 [ 109.869304][ T5284] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5282] close(4) = 0 [pid 5282] close(5) = 0 [pid 5282] close(6) = 0 [pid 5282] close(7) = -1 EBADF (Bad file descriptor) [pid 5282] close(8) = -1 EBADF (Bad file descriptor) [pid 5282] close(9) = -1 EBADF (Bad file descriptor) [pid 5282] close(10) = -1 EBADF (Bad file descriptor) [pid 5282] close(11) = -1 EBADF (Bad file descriptor) [pid 5282] close(12) = -1 EBADF (Bad file descriptor) [pid 5282] close(13) = -1 EBADF (Bad file descriptor) [pid 5282] close(14) = -1 EBADF (Bad file descriptor) [pid 5282] close(15) = -1 EBADF (Bad file descriptor) [pid 5282] close(16) = -1 EBADF (Bad file descriptor) [pid 5282] close(17) = -1 EBADF (Bad file descriptor) [pid 5282] close(18) = -1 EBADF (Bad file descriptor) [pid 5282] close(19) = -1 EBADF (Bad file descriptor) [pid 5282] close(20) = -1 EBADF (Bad file descriptor) [pid 5282] close(21) = -1 EBADF (Bad file descriptor) [pid 5282] close(22) = -1 EBADF (Bad file descriptor) [pid 5282] close(23) = -1 EBADF (Bad file descriptor) [pid 5282] close(24) = -1 EBADF (Bad file descriptor) [pid 5282] close(25) = -1 EBADF (Bad file descriptor) [pid 5282] close(26) = -1 EBADF (Bad file descriptor) [pid 5282] close(27) = -1 EBADF (Bad file descriptor) [pid 5282] close(28) = -1 EBADF (Bad file descriptor) [pid 5282] close(29) = -1 EBADF (Bad file descriptor) [pid 5282] exit_group(0) = ? [pid 5282] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./8/binderfs") = 0 [pid 5072] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./8/cgroup") = 0 [pid 5072] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./8/cgroup.net") = 0 [ 109.888958][ T5284] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.897439][ T5284] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 109.905466][ T5284] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 109.913484][ T5284] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 109.921489][ T5284] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 109.929517][ T5284] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000e [ 109.937552][ T5284] [ 109.951512][ T5284] memory: usage 12kB, limit 0kB, failcnt 55 [ 109.960030][ T5284] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 109.967247][ T5284] Memory cgroup stats for /syz1: [ 109.967464][ T5284] anon 0 [ 109.967464][ T5284] file 0 [ 109.967464][ T5284] kernel 12288 [ 109.967464][ T5284] kernel_stack 0 [ 109.967464][ T5284] pagetables 0 [ 109.967464][ T5284] sec_pagetables 0 [ 109.967464][ T5284] percpu 0 [ 109.967464][ T5284] sock 0 [ 109.967464][ T5284] vmalloc 0 [ 109.967464][ T5284] shmem 0 [ 109.967464][ T5284] zswap 0 [ 109.967464][ T5284] zswapped 0 [ 109.967464][ T5284] file_mapped 0 [ 109.967464][ T5284] file_dirty 0 [ 109.967464][ T5284] file_writeback 0 [ 109.967464][ T5284] swapcached 0 [ 109.967464][ T5284] anon_thp 0 [ 109.967464][ T5284] file_thp 0 [ 109.967464][ T5284] shmem_thp 0 [ 109.967464][ T5284] inactive_anon 0 [ 109.967464][ T5284] active_anon 0 [ 109.967464][ T5284] inactive_file 0 [ 109.967464][ T5284] active_file 0 [ 109.967464][ T5284] unevictable 0 [ 109.967464][ T5284] slab_reclaimable 9328 [pid 5072] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./8/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./8/file0") = 0 [pid 5072] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./8/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./8") = 0 [pid 5072] mkdir("./9", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 11 ./strace-static-x86_64: Process 5308 attached [pid 5308] chdir("./9") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5308] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 109.967464][ T5284] slab_unreclaimable 0 [ 109.967464][ T5284] slab 9328 [ 109.967464][ T5284] workingset_refault_anon 0 [ 110.075869][ T5284] Tasks state (memory values in pages): [ 110.086090][ T5284] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5308] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5284] <... write resumed>) = 18 [pid 5308] <... openat resumed>) = 3 [ 110.100318][ T5284] Out of memory and no killable processes... [ 110.106742][ T5287] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 110.119603][ T5287] CPU: 1 PID: 5287 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 110.130080][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 110.140180][ T5287] Call Trace: [ 110.143500][ T5287] [ 110.146468][ T5287] dump_stack_lvl+0x1e7/0x2d0 [ 110.151206][ T5287] ? nf_tcp_handle_invalid+0x640/0x640 [ 110.156718][ T5287] ? panic+0x770/0x770 [ 110.160883][ T5287] dump_header+0xdc/0x940 [ 110.165272][ T5287] out_of_memory+0xf21/0x12c0 [ 110.170003][ T5287] ? mutex_lock_io_nested+0x60/0x60 [ 110.175264][ T5287] ? preempt_schedule+0xdd/0xf0 [ 110.180165][ T5287] ? unregister_oom_notifier+0x20/0x20 [ 110.185674][ T5287] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 110.191723][ T5287] mem_cgroup_out_of_memory+0x263/0x3b0 [ 110.197329][ T5287] ? preempt_schedule_thunk+0x1a/0x20 [ 110.202775][ T5287] ? mem_cgroup_oom_trylock+0x210/0x210 [ 110.208396][ T5287] ? cgroup_file_notify+0x127/0x190 [ 110.213631][ T5287] memory_max_write+0x355/0x470 [ 110.218518][ T5287] ? memory_max_show+0xa0/0xa0 [ 110.223308][ T5287] ? read_lock_is_recursive+0x20/0x20 [ 110.228706][ T5287] ? memory_max_show+0xa0/0xa0 [ 110.233487][ T5287] cgroup_file_write+0x2b1/0x780 [ 110.238449][ T5287] ? cgroup_seqfile_stop+0xd0/0xd0 [ 110.243575][ T5287] ? __virt_addr_valid+0x22f/0x2e0 [ 110.248754][ T5287] ? cgroup_seqfile_stop+0xd0/0xd0 [ 110.253898][ T5287] kernfs_fop_write_iter+0x3a6/0x4f0 [ 110.259221][ T5287] vfs_write+0x7b2/0xbb0 [ 110.263498][ T5287] ? file_end_write+0x240/0x240 [ 110.268375][ T5287] ? do_raw_spin_unlock+0x13b/0x8b0 [ 110.273595][ T5287] ? lockdep_hardirqs_on+0x98/0x140 [ 110.278821][ T5287] ? __fdget_pos+0x265/0x2f0 [ 110.283436][ T5287] ksys_write+0x1a0/0x2c0 [ 110.287794][ T5287] ? __ia32_sys_read+0x90/0x90 [ 110.292610][ T5287] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 110.298630][ T5287] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 110.304648][ T5287] do_syscall_64+0x41/0xc0 [ 110.309093][ T5287] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.315012][ T5287] RIP: 0033:0x7fd49ce20129 [ 110.319442][ T5287] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 110.339080][ T5287] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5308] write(3, "1000", 4 [pid 5284] close(3 [pid 5308] <... write resumed>) = 4 [pid 5284] <... close resumed>) = 0 [pid 5308] close(3 [pid 5284] close(4 [pid 5308] <... close resumed>) = 0 [pid 5284] <... close resumed>) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs" [pid 5284] close(5 [pid 5308] <... symlink resumed>) = 0 [pid 5284] <... close resumed>) = 0 [pid 5284] close(6) = 0 [pid 5284] close(7 [pid 5308] mkdir("./file0", 000 [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] close(8) = -1 EBADF (Bad file descriptor) [pid 5284] close(9) = -1 EBADF (Bad file descriptor) [pid 5284] close(10) = -1 EBADF (Bad file descriptor) [pid 5284] close(11) = -1 EBADF (Bad file descriptor) [pid 5284] close(12) = -1 EBADF (Bad file descriptor) [pid 5284] close(13 [pid 5308] <... mkdir resumed>) = 0 [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] open("./file0", O_RDONLY [pid 5284] close(14) = -1 EBADF (Bad file descriptor) [pid 5308] <... open resumed>) = 3 [pid 5284] close(15 [pid 5308] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] close(16) = -1 EBADF (Bad file descriptor) [pid 5308] <... mount resumed>) = 0 [pid 5284] close(17 [pid 5308] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] close(18 [pid 5308] <... openat resumed>) = 4 [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] close(19 [pid 5308] openat(4, "syz1", O_RDWR|O_PATH [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] <... openat resumed>) = 5 [pid 5284] close(20 [pid 5308] openat(5, "memory.max", O_RDWR [ 110.347521][ T5287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 110.355507][ T5287] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 110.363496][ T5287] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 110.371499][ T5287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 110.379488][ T5287] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000e [ 110.387537][ T5287] [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] <... openat resumed>) = 6 [pid 5284] close(21 [pid 5308] write(6, "0x000000000000040e", 18 [pid 5284] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] close(22) = -1 EBADF (Bad file descriptor) [pid 5284] close(23) = -1 EBADF (Bad file descriptor) [pid 5284] close(24) = -1 EBADF (Bad file descriptor) [pid 5284] close(25) = -1 EBADF (Bad file descriptor) [pid 5284] close(26) = -1 EBADF (Bad file descriptor) [pid 5284] close(27) = -1 EBADF (Bad file descriptor) [pid 5284] close(28) = -1 EBADF (Bad file descriptor) [pid 5284] close(29) = -1 EBADF (Bad file descriptor) [pid 5284] exit_group(0) = ? [pid 5284] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.434905][ T5287] memory: usage 12kB, limit 0kB, failcnt 55 [pid 5074] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./14/binderfs") = 0 [pid 5074] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./14/cgroup") = 0 [pid 5074] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./14/cgroup.net") = 0 [pid 5074] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./14/file0") = 0 [pid 5074] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./14/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./14") = 0 [pid 5074] mkdir("./15", 0777) = 0 [ 110.478260][ T5287] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 110.494710][ T5287] Memory cgroup stats for /syz1: [ 110.494874][ T5287] anon 0 [ 110.494874][ T5287] file 0 [ 110.494874][ T5287] kernel 12288 [ 110.494874][ T5287] kernel_stack 0 [ 110.494874][ T5287] pagetables 0 [ 110.494874][ T5287] sec_pagetables 0 [ 110.494874][ T5287] percpu 0 [ 110.494874][ T5287] sock 0 [ 110.494874][ T5287] vmalloc 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached [pid 5311] chdir("./15" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 17 [pid 5311] <... chdir resumed>) = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 110.494874][ T5287] shmem 0 [ 110.494874][ T5287] zswap 0 [ 110.494874][ T5287] zswapped 0 [ 110.494874][ T5287] file_mapped 0 [ 110.494874][ T5287] file_dirty 0 [ 110.494874][ T5287] file_writeback 0 [ 110.494874][ T5287] swapcached 0 [ 110.494874][ T5287] anon_thp 0 [ 110.494874][ T5287] file_thp 0 [ 110.494874][ T5287] shmem_thp 0 [ 110.494874][ T5287] inactive_anon 0 [ 110.494874][ T5287] active_anon 0 [ 110.494874][ T5287] inactive_file 0 [ 110.494874][ T5287] active_file 0 [ 110.494874][ T5287] unevictable 0 [pid 5311] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5311] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] mkdir("./file0", 000) = 0 [pid 5311] open("./file0", O_RDONLY) = 3 [pid 5311] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5311] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5311] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5311] openat(5, "memory.max", O_RDWR) = 6 [ 110.494874][ T5287] slab_reclaimable 9328 [ 110.494874][ T5287] slab_unreclaimable 0 [ 110.494874][ T5287] slab 9328 [ 110.494874][ T5287] workingset_refault_anon 0 [ 110.605219][ T5287] Tasks state (memory values in pages): [ 110.618251][ T5287] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5311] write(6, "0x000000000000040e", 18 [pid 5287] <... write resumed>) = 18 [pid 5287] close(3) = 0 [pid 5287] close(4) = 0 [ 110.637245][ T5287] Out of memory and no killable processes... [ 110.643620][ T5294] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 110.664922][ T5294] CPU: 1 PID: 5294 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 110.675416][ T5294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 110.685517][ T5294] Call Trace: [ 110.688835][ T5294] [ 110.691814][ T5294] dump_stack_lvl+0x1e7/0x2d0 [ 110.696557][ T5294] ? nf_tcp_handle_invalid+0x640/0x640 [ 110.702050][ T5294] ? panic+0x770/0x770 [ 110.706133][ T5294] ? lockdep_hardirqs_on+0x98/0x140 [ 110.711378][ T5294] dump_header+0xdc/0x940 [ 110.715734][ T5294] out_of_memory+0xf21/0x12c0 [ 110.720461][ T5294] ? mutex_lock_io_nested+0x60/0x60 [ 110.725703][ T5294] ? preempt_schedule+0xdd/0xf0 [ 110.730573][ T5294] ? unregister_oom_notifier+0x20/0x20 [ 110.736050][ T5294] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 110.742058][ T5294] mem_cgroup_out_of_memory+0x263/0x3b0 [ 110.747625][ T5294] ? preempt_schedule_thunk+0x1a/0x20 [ 110.753016][ T5294] ? mem_cgroup_oom_trylock+0x210/0x210 [ 110.758592][ T5294] ? cgroup_file_notify+0x127/0x190 [ 110.763810][ T5294] memory_max_write+0x355/0x470 [ 110.768692][ T5294] ? memory_max_show+0xa0/0xa0 [ 110.773477][ T5294] ? read_lock_is_recursive+0x20/0x20 [ 110.778874][ T5294] ? memory_max_show+0xa0/0xa0 [ 110.783659][ T5294] cgroup_file_write+0x2b1/0x780 [ 110.788617][ T5294] ? cgroup_seqfile_stop+0xd0/0xd0 [ 110.793738][ T5294] ? __virt_addr_valid+0x22f/0x2e0 [ 110.798877][ T5294] ? cgroup_seqfile_stop+0xd0/0xd0 [ 110.803997][ T5294] kernfs_fop_write_iter+0x3a6/0x4f0 [ 110.809304][ T5294] vfs_write+0x7b2/0xbb0 [ 110.813570][ T5294] ? file_end_write+0x240/0x240 [ 110.818437][ T5294] ? do_raw_spin_unlock+0x13b/0x8b0 [ 110.823668][ T5294] ? lockdep_hardirqs_on+0x98/0x140 [ 110.828889][ T5294] ? __fdget_pos+0x265/0x2f0 [ 110.833496][ T5294] ksys_write+0x1a0/0x2c0 [ 110.837847][ T5294] ? __ia32_sys_read+0x90/0x90 [ 110.842626][ T5294] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 110.848632][ T5294] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 110.854634][ T5294] do_syscall_64+0x41/0xc0 [ 110.859070][ T5294] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.864998][ T5294] RIP: 0033:0x7fd49ce20129 [ 110.869429][ T5294] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 110.889042][ T5294] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.897471][ T5294] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 110.905494][ T5294] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 110.913502][ T5294] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 110.921499][ T5294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 110.929492][ T5294] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000b [pid 5287] close(5) = 0 [pid 5287] close(6) = 0 [pid 5287] close(7) = -1 EBADF (Bad file descriptor) [pid 5287] close(8) = -1 EBADF (Bad file descriptor) [pid 5287] close(9) = -1 EBADF (Bad file descriptor) [pid 5287] close(10) = -1 EBADF (Bad file descriptor) [pid 5287] close(11) = -1 EBADF (Bad file descriptor) [pid 5287] close(12) = -1 EBADF (Bad file descriptor) [pid 5287] close(13) = -1 EBADF (Bad file descriptor) [ 110.937505][ T5294] [ 110.944424][ T5294] memory: usage 12kB, limit 0kB, failcnt 55 [ 110.950542][ T5294] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 110.958906][ T5294] Memory cgroup stats for /syz1: [ 110.959121][ T5294] anon 0 [ 110.959121][ T5294] file 0 [ 110.959121][ T5294] kernel 12288 [ 110.959121][ T5294] kernel_stack 0 [ 110.959121][ T5294] pagetables 0 [ 110.959121][ T5294] sec_pagetables 0 [ 110.959121][ T5294] percpu 0 [ 110.959121][ T5294] sock 0 [ 110.959121][ T5294] vmalloc 0 [ 110.959121][ T5294] shmem 0 [ 110.959121][ T5294] zswap 0 [ 110.959121][ T5294] zswapped 0 [ 110.959121][ T5294] file_mapped 0 [ 110.959121][ T5294] file_dirty 0 [ 110.959121][ T5294] file_writeback 0 [ 110.959121][ T5294] swapcached 0 [ 110.959121][ T5294] anon_thp 0 [ 110.959121][ T5294] file_thp 0 [ 110.959121][ T5294] shmem_thp 0 [ 110.959121][ T5294] inactive_anon 0 [ 110.959121][ T5294] active_anon 0 [ 110.959121][ T5294] inactive_file 0 [ 110.959121][ T5294] active_file 0 [pid 5287] close(14) = -1 EBADF (Bad file descriptor) [pid 5287] close(15) = -1 EBADF (Bad file descriptor) [pid 5287] close(16) = -1 EBADF (Bad file descriptor) [pid 5287] close(17) = -1 EBADF (Bad file descriptor) [pid 5287] close(18) = -1 EBADF (Bad file descriptor) [pid 5287] close(19) = -1 EBADF (Bad file descriptor) [pid 5287] close(20) = -1 EBADF (Bad file descriptor) [pid 5287] close(21) = -1 EBADF (Bad file descriptor) [pid 5287] close(22) = -1 EBADF (Bad file descriptor) [pid 5287] close(23) = -1 EBADF (Bad file descriptor) [pid 5287] close(24) = -1 EBADF (Bad file descriptor) [pid 5287] close(25) = -1 EBADF (Bad file descriptor) [pid 5287] close(26) = -1 EBADF (Bad file descriptor) [pid 5287] close(27) = -1 EBADF (Bad file descriptor) [pid 5287] close(28) = -1 EBADF (Bad file descriptor) [pid 5287] close(29) = -1 EBADF (Bad file descriptor) [pid 5287] exit_group(0) = ? [pid 5287] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 110.959121][ T5294] unevictable 0 [ 110.959121][ T5294] slab_reclaimable 9328 [ 110.959121][ T5294] slab_unreclaimable 0 [ 110.959121][ T5294] slab 9328 [ 110.959121][ T5294] workingset_refault_anon 0 [ 111.059411][ T5294] Tasks state (memory values in pages): [ 111.065090][ T5294] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 111.075285][ T5294] Out of memory and no killable processes... [pid 5075] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 111.082297][ T5296] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 111.094147][ T5296] CPU: 0 PID: 5296 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 111.104701][ T5296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 111.114794][ T5296] Call Trace: [ 111.118107][ T5296] [ 111.121070][ T5296] dump_stack_lvl+0x1e7/0x2d0 [ 111.125803][ T5296] ? nf_tcp_handle_invalid+0x640/0x640 [ 111.131338][ T5296] ? panic+0x770/0x770 [ 111.135465][ T5296] dump_header+0xdc/0x940 [ 111.139836][ T5296] out_of_memory+0xf21/0x12c0 [ 111.144563][ T5296] ? mutex_lock_io_nested+0x60/0x60 [ 111.149814][ T5296] ? mark_lock+0x9a/0x340 [ 111.154180][ T5296] ? unregister_oom_notifier+0x20/0x20 [ 111.159687][ T5296] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 111.165752][ T5296] mem_cgroup_out_of_memory+0x263/0x3b0 [ 111.171365][ T5296] ? mem_cgroup_oom_trylock+0x210/0x210 [ 111.176985][ T5296] ? cgroup_file_notify+0x10a/0x190 [ 111.182271][ T5296] memory_max_write+0x355/0x470 [ 111.187193][ T5296] ? memory_max_show+0xa0/0xa0 [ 111.192012][ T5296] ? read_lock_is_recursive+0x20/0x20 [ 111.197433][ T5296] ? memory_max_show+0xa0/0xa0 [ 111.202221][ T5296] cgroup_file_write+0x2b1/0x780 [ 111.207199][ T5296] ? cgroup_seqfile_stop+0xd0/0xd0 [ 111.212322][ T5296] ? __virt_addr_valid+0x22f/0x2e0 [ 111.217465][ T5296] ? cgroup_seqfile_stop+0xd0/0xd0 [ 111.222592][ T5296] kernfs_fop_write_iter+0x3a6/0x4f0 [ 111.227902][ T5296] vfs_write+0x7b2/0xbb0 [ 111.232168][ T5296] ? file_end_write+0x240/0x240 [ 111.237043][ T5296] ? do_raw_spin_unlock+0x13b/0x8b0 [ 111.242268][ T5296] ? lockdep_hardirqs_on+0x98/0x140 [ 111.247496][ T5296] ? __fdget_pos+0x265/0x2f0 [ 111.252108][ T5296] ksys_write+0x1a0/0x2c0 [ 111.256458][ T5296] ? __ia32_sys_read+0x90/0x90 [ 111.261241][ T5296] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 111.267250][ T5296] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 111.273256][ T5296] do_syscall_64+0x41/0xc0 [ 111.277696][ T5296] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.283622][ T5296] RIP: 0033:0x7fd49ce20129 [ 111.288049][ T5296] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 111.307686][ T5296] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.316113][ T5296] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 111.324094][ T5296] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 111.332076][ T5296] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] fstat(3, [pid 5294] <... write resumed>) = 18 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5294] close(3) = 0 [pid 5075] unlink("./14/binderfs") = 0 [pid 5294] close(4 [pid 5075] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... close resumed>) = 0 [pid 5294] close(5 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] <... close resumed>) = 0 [pid 5075] lstat("./14/cgroup", [pid 5294] close(6) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5294] close(7 [pid 5075] unlink("./14/cgroup" [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5294] close(8 [pid 5075] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] close(9 [pid 5075] lstat("./14/cgroup.net", [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5294] close(10 [pid 5075] unlink("./14/cgroup.net" [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5294] close(11 [pid 5075] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(12 [pid 5075] <... umount2 resumed>) = 0 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] close(13 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] lstat("./14/file0", [pid 5294] close(14 [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 111.340058][ T5296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 111.348037][ T5296] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000008 [ 111.356034][ T5296] [pid 5294] close(15 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(16 [pid 5075] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(17 [pid 5075] <... openat resumed>) = 4 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(18 [pid 5075] fstat(4, [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5294] close(19 [pid 5075] getdents64(4, [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(20 [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] getdents64(4, [pid 5294] close(21 [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] close(4 [pid 5294] close(22 [pid 5075] <... close resumed>) = 0 [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] rmdir("./14/file0" [pid 5294] close(23) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [ 111.389772][ T5296] memory: usage 12kB, limit 0kB, failcnt 55 [ 111.395855][ T5296] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 111.415276][ T5296] Memory cgroup stats for /syz1: [ 111.415501][ T5296] anon 0 [ 111.415501][ T5296] file 0 [ 111.415501][ T5296] kernel 12288 [ 111.415501][ T5296] kernel_stack 0 [ 111.415501][ T5296] pagetables 0 [ 111.415501][ T5296] sec_pagetables 0 [ 111.415501][ T5296] percpu 0 [ 111.415501][ T5296] sock 0 [ 111.415501][ T5296] vmalloc 0 [ 111.415501][ T5296] shmem 0 [ 111.415501][ T5296] zswap 0 [ 111.415501][ T5296] zswapped 0 [ 111.415501][ T5296] file_mapped 0 [ 111.415501][ T5296] file_dirty 0 [ 111.415501][ T5296] file_writeback 0 [ 111.415501][ T5296] swapcached 0 [ 111.415501][ T5296] anon_thp 0 [ 111.415501][ T5296] file_thp 0 [ 111.415501][ T5296] shmem_thp 0 [ 111.415501][ T5296] inactive_anon 0 [ 111.415501][ T5296] active_anon 0 [ 111.415501][ T5296] inactive_file 0 [pid 5294] close(24 [pid 5075] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./14/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [ 111.415501][ T5296] active_file 0 [ 111.415501][ T5296] unevictable 0 [ 111.415501][ T5296] slab_reclaimable 9328 [ 111.415501][ T5296] slab_unreclaimable 0 [ 111.415501][ T5296] slab 9328 [ 111.415501][ T5296] workingset_refault_anon 0 [ 111.517334][ T5296] Tasks state (memory values in pages): [ 111.522963][ T5296] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5075] rmdir("./14") = 0 [pid 5075] mkdir("./15", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached , child_tidptr=0x5555574ac5d0) = 17 [pid 5320] chdir("./15") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5320] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5296] <... write resumed>) = 18 [pid 5320] <... symlink resumed>) = 0 [pid 5296] close(3 [pid 5320] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5296] <... close resumed>) = 0 [pid 5294] close(25 [pid 5320] <... symlink resumed>) = 0 [pid 5296] close(4 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] <... close resumed>) = 0 [pid 5320] write(3, "1000", 4 [pid 5296] close(5 [pid 5320] <... write resumed>) = 4 [pid 5296] <... close resumed>) = 0 [pid 5320] close(3 [ 111.537740][ T5296] Out of memory and no killable processes... [ 111.546426][ T5308] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 111.573562][ T5308] CPU: 0 PID: 5308 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5296] close(6 [pid 5320] <... close resumed>) = 0 [pid 5296] <... close resumed>) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs" [pid 5296] close(7 [pid 5320] <... symlink resumed>) = 0 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] mkdir("./file0", 000 [pid 5296] close(8 [pid 5320] <... mkdir resumed>) = 0 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] open("./file0", O_RDONLY [pid 5296] close(9 [pid 5320] <... open resumed>) = 3 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5296] close(10 [pid 5320] <... mount resumed>) = 0 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5296] close(11 [pid 5320] <... openat resumed>) = 4 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] openat(4, "syz1", O_RDWR|O_PATH [pid 5296] close(12 [pid 5320] <... openat resumed>) = 5 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] openat(5, "memory.max", O_RDWR [pid 5296] close(13 [pid 5320] <... openat resumed>) = 6 [pid 5296] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5320] write(6, "0x000000000000040e", 18 [pid 5296] close(14) = -1 EBADF (Bad file descriptor) [pid 5296] close(15) = -1 EBADF (Bad file descriptor) [pid 5296] close(16) = -1 EBADF (Bad file descriptor) [pid 5296] close(17) = -1 EBADF (Bad file descriptor) [pid 5296] close(18) = -1 EBADF (Bad file descriptor) [pid 5296] close(19) = -1 EBADF (Bad file descriptor) [pid 5296] close(20) = -1 EBADF (Bad file descriptor) [pid 5296] close(21) = -1 EBADF (Bad file descriptor) [pid 5296] close(22) = -1 EBADF (Bad file descriptor) [pid 5296] close(23) = -1 EBADF (Bad file descriptor) [pid 5296] close(24) = -1 EBADF (Bad file descriptor) [pid 5296] close(25) = -1 EBADF (Bad file descriptor) [pid 5296] close(26) = -1 EBADF (Bad file descriptor) [pid 5296] close(27) = -1 EBADF (Bad file descriptor) [pid 5296] close(28) = -1 EBADF (Bad file descriptor) [pid 5296] close(29) = -1 EBADF (Bad file descriptor) [pid 5296] exit_group(0) = ? [pid 5296] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 111.584065][ T5308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 111.594172][ T5308] Call Trace: [ 111.597497][ T5308] [ 111.600473][ T5308] dump_stack_lvl+0x1e7/0x2d0 [ 111.605220][ T5308] ? nf_tcp_handle_invalid+0x640/0x640 [ 111.610736][ T5308] ? panic+0x770/0x770 [ 111.614883][ T5308] dump_header+0xdc/0x940 [ 111.619276][ T5308] out_of_memory+0xf21/0x12c0 [ 111.624013][ T5308] ? mutex_lock_io_nested+0x60/0x60 [ 111.629272][ T5308] ? preempt_schedule+0xdd/0xf0 [ 111.634174][ T5308] ? unregister_oom_notifier+0x20/0x20 [pid 5070] unlink("./8/binderfs") = 0 [pid 5070] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./8/cgroup") = 0 [pid 5070] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./8/cgroup.net") = 0 [ 111.639690][ T5308] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 111.645753][ T5308] mem_cgroup_out_of_memory+0x263/0x3b0 [ 111.651456][ T5308] ? preempt_schedule_thunk+0x1a/0x20 [ 111.657049][ T5308] ? mem_cgroup_oom_trylock+0x210/0x210 [ 111.662672][ T5308] ? cgroup_file_notify+0x127/0x190 [ 111.667946][ T5308] memory_max_write+0x355/0x470 [ 111.672865][ T5308] ? memory_max_show+0xa0/0xa0 [ 111.677691][ T5308] ? read_lock_is_recursive+0x20/0x20 [ 111.683121][ T5308] ? memory_max_show+0xa0/0xa0 [ 111.687934][ T5308] cgroup_file_write+0x2b1/0x780 [ 111.692930][ T5308] ? cgroup_seqfile_stop+0xd0/0xd0 [ 111.698087][ T5308] ? __virt_addr_valid+0x22f/0x2e0 [ 111.703269][ T5308] ? cgroup_seqfile_stop+0xd0/0xd0 [ 111.708423][ T5308] kernfs_fop_write_iter+0x3a6/0x4f0 [ 111.713774][ T5308] vfs_write+0x7b2/0xbb0 [ 111.718087][ T5308] ? file_end_write+0x240/0x240 [ 111.722993][ T5308] ? do_raw_spin_unlock+0x13b/0x8b0 [ 111.728244][ T5308] ? lockdep_hardirqs_on+0x98/0x140 [ 111.733520][ T5308] ? __fdget_pos+0x265/0x2f0 [pid 5070] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5294] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5294] close(26) = -1 EBADF (Bad file descriptor) [pid 5294] close(27) = -1 EBADF (Bad file descriptor) [pid 5294] close(28) = -1 EBADF (Bad file descriptor) [pid 5294] close(29) = -1 EBADF (Bad file descriptor) [pid 5294] exit_group(0) = ? [pid 5294] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.738255][ T5308] ksys_write+0x1a0/0x2c0 [ 111.742650][ T5308] ? __ia32_sys_read+0x90/0x90 [ 111.747472][ T5308] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 111.753516][ T5308] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 111.759555][ T5308] do_syscall_64+0x41/0xc0 [ 111.764064][ T5308] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.770017][ T5308] RIP: 0033:0x7fd49ce20129 [pid 5073] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./11/binderfs") = 0 [pid 5073] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./11/cgroup") = 0 [pid 5073] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./11/cgroup.net") = 0 [ 111.774478][ T5308] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 111.794138][ T5308] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.802606][ T5308] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 111.810621][ T5308] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 111.818633][ T5308] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 111.826648][ T5308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5073] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./11/file0", [pid 5070] lstat("./8/file0", [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] <... openat resumed>) = 4 [pid 5070] <... openat resumed>) = 4 [pid 5073] fstat(4, [pid 5070] fstat(4, [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, [pid 5070] getdents64(4, [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, [pid 5070] getdents64(4, [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4 [pid 5070] close(4 [pid 5073] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [ 111.834663][ T5308] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000009 [ 111.842707][ T5308] [pid 5073] rmdir("./11/file0" [pid 5070] rmdir("./8/file0" [pid 5073] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5073] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./11/cgroup.cpu", [pid 5070] lstat("./8/cgroup.cpu", [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./11/cgroup.cpu" [pid 5070] unlink("./8/cgroup.cpu" [pid 5073] <... unlink resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5073] getdents64(3, [pid 5070] getdents64(3, [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3 [pid 5070] close(3 [pid 5073] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5073] rmdir("./11" [pid 5070] rmdir("./8" [pid 5073] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5073] mkdir("./12", 0777 [pid 5070] mkdir("./9", 0777 [pid 5073] <... mkdir resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached ./strace-static-x86_64: Process 5324 attached [pid 5325] chdir("./9" [pid 5324] chdir("./12" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 14 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 11 [pid 5325] <... chdir resumed>) = 0 [pid 5324] <... chdir resumed>) = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5325] <... prctl resumed>) = 0 [pid 5324] <... prctl resumed>) = 0 [pid 5325] setpgid(0, 0 [pid 5324] setpgid(0, 0 [pid 5325] <... setpgid resumed>) = 0 [pid 5324] <... setpgid resumed>) = 0 [pid 5325] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5324] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5324] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5325] <... symlink resumed>) = 0 [pid 5324] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5325] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5324] <... symlink resumed>) = 0 [pid 5325] <... symlink resumed>) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.882375][ T5308] memory: usage 12kB, limit 0kB, failcnt 55 [ 111.892945][ T5308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5324] mkdir("./file0", 000) = 0 [pid 5324] open("./file0", O_RDONLY) = 3 [pid 5324] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5324] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5324] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5324] openat(5, "memory.max", O_RDWR) = 6 [ 111.925509][ T5308] Memory cgroup stats for /syz1: [ 111.925730][ T5308] anon 0 [ 111.925730][ T5308] file 0 [ 111.925730][ T5308] kernel 12288 [ 111.925730][ T5308] kernel_stack 0 [ 111.925730][ T5308] pagetables 0 [ 111.925730][ T5308] sec_pagetables 0 [ 111.925730][ T5308] percpu 0 [ 111.925730][ T5308] sock 0 [ 111.925730][ T5308] vmalloc 0 [ 111.925730][ T5308] shmem 0 [ 111.925730][ T5308] zswap 0 [ 111.925730][ T5308] zswapped 0 [ 111.925730][ T5308] file_mapped 0 [ 111.925730][ T5308] file_dirty 0 [pid 5324] write(6, "0x000000000000040e", 18 [pid 5325] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] mkdir("./file0", 000) = 0 [pid 5325] open("./file0", O_RDONLY) = 3 [pid 5325] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5325] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5325] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5325] openat(5, "memory.max", O_RDWR) = 6 [ 111.925730][ T5308] file_writeback 0 [ 111.925730][ T5308] swapcached 0 [ 111.925730][ T5308] anon_thp 0 [ 111.925730][ T5308] file_thp 0 [ 111.925730][ T5308] shmem_thp 0 [ 111.925730][ T5308] inactive_anon 0 [ 111.925730][ T5308] active_anon 0 [ 111.925730][ T5308] inactive_file 0 [ 111.925730][ T5308] active_file 0 [ 111.925730][ T5308] unevictable 0 [ 111.925730][ T5308] slab_reclaimable 9328 [ 111.925730][ T5308] slab_unreclaimable 0 [ 111.925730][ T5308] slab 9328 [ 111.925730][ T5308] workingset_refault_anon 0 [pid 5325] write(6, "0x000000000000040e", 18 [pid 5308] <... write resumed>) = 18 [pid 5308] close(3) = 0 [pid 5308] close(4) = 0 [pid 5308] close(5) = 0 [pid 5308] close(6) = 0 [pid 5308] close(7) = -1 EBADF (Bad file descriptor) [ 112.061412][ T5308] Tasks state (memory values in pages): [ 112.067772][ T5308] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 112.079490][ T5308] Out of memory and no killable processes... [ 112.087983][ T5311] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5308] close(8) = -1 EBADF (Bad file descriptor) [pid 5308] close(9) = -1 EBADF (Bad file descriptor) [pid 5308] close(10) = -1 EBADF (Bad file descriptor) [pid 5308] close(11) = -1 EBADF (Bad file descriptor) [pid 5308] close(12) = -1 EBADF (Bad file descriptor) [pid 5308] close(13) = -1 EBADF (Bad file descriptor) [pid 5308] close(14) = -1 EBADF (Bad file descriptor) [pid 5308] close(15) = -1 EBADF (Bad file descriptor) [pid 5308] close(16) = -1 EBADF (Bad file descriptor) [pid 5308] close(17) = -1 EBADF (Bad file descriptor) [pid 5308] close(18) = -1 EBADF (Bad file descriptor) [pid 5308] close(19) = -1 EBADF (Bad file descriptor) [pid 5308] close(20) = -1 EBADF (Bad file descriptor) [pid 5308] close(21) = -1 EBADF (Bad file descriptor) [pid 5308] close(22) = -1 EBADF (Bad file descriptor) [pid 5308] close(23) = -1 EBADF (Bad file descriptor) [pid 5308] close(24) = -1 EBADF (Bad file descriptor) [pid 5308] close(25) = -1 EBADF (Bad file descriptor) [pid 5308] close(26) = -1 EBADF (Bad file descriptor) [pid 5308] close(27) = -1 EBADF (Bad file descriptor) [pid 5308] close(28) = -1 EBADF (Bad file descriptor) [pid 5308] close(29) = -1 EBADF (Bad file descriptor) [pid 5308] exit_group(0) = ? [pid 5308] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 112.114049][ T5311] CPU: 0 PID: 5311 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 112.124573][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 112.134687][ T5311] Call Trace: [ 112.138051][ T5311] [ 112.141027][ T5311] dump_stack_lvl+0x1e7/0x2d0 [ 112.145770][ T5311] ? nf_tcp_handle_invalid+0x640/0x640 [ 112.151298][ T5311] ? panic+0x770/0x770 [ 112.155447][ T5311] dump_header+0xdc/0x940 [ 112.159835][ T5311] out_of_memory+0xf21/0x12c0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./9/binderfs") = 0 [pid 5072] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./9/cgroup") = 0 [pid 5072] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./9/cgroup.net") = 0 [ 112.164581][ T5311] ? mutex_lock_io_nested+0x60/0x60 [ 112.169851][ T5311] ? preempt_schedule+0xdd/0xf0 [ 112.174821][ T5311] ? unregister_oom_notifier+0x20/0x20 [ 112.180340][ T5311] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 112.186406][ T5311] mem_cgroup_out_of_memory+0x263/0x3b0 [ 112.192020][ T5311] ? preempt_schedule_thunk+0x1a/0x20 [ 112.197471][ T5311] ? mem_cgroup_oom_trylock+0x210/0x210 [ 112.203098][ T5311] ? cgroup_file_notify+0x127/0x190 [ 112.208359][ T5311] memory_max_write+0x355/0x470 [ 112.213282][ T5311] ? memory_max_show+0xa0/0xa0 [ 112.218114][ T5311] ? read_lock_is_recursive+0x20/0x20 [ 112.223546][ T5311] ? memory_max_show+0xa0/0xa0 [ 112.228365][ T5311] cgroup_file_write+0x2b1/0x780 [ 112.233361][ T5311] ? cgroup_seqfile_stop+0xd0/0xd0 [ 112.238516][ T5311] ? __virt_addr_valid+0x22f/0x2e0 [ 112.243703][ T5311] ? cgroup_seqfile_stop+0xd0/0xd0 [ 112.248852][ T5311] kernfs_fop_write_iter+0x3a6/0x4f0 [ 112.254198][ T5311] vfs_write+0x7b2/0xbb0 [ 112.258508][ T5311] ? file_end_write+0x240/0x240 [ 112.263413][ T5311] ? do_raw_spin_unlock+0x13b/0x8b0 [ 112.268651][ T5311] ? lockdep_hardirqs_on+0x98/0x140 [ 112.273881][ T5311] ? __fdget_pos+0x265/0x2f0 [ 112.278492][ T5311] ksys_write+0x1a0/0x2c0 [ 112.282844][ T5311] ? __ia32_sys_read+0x90/0x90 [ 112.287624][ T5311] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 112.293632][ T5311] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 112.299636][ T5311] do_syscall_64+0x41/0xc0 [ 112.304071][ T5311] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.309985][ T5311] RIP: 0033:0x7fd49ce20129 [ 112.314410][ T5311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 112.334028][ T5311] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.342457][ T5311] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 112.350438][ T5311] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 112.358418][ T5311] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 112.366396][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 112.374375][ T5311] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000f [ 112.382377][ T5311] [ 112.388805][ T5311] memory: usage 12kB, limit 0kB, failcnt 55 [ 112.394769][ T5311] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 112.401739][ T5311] Memory cgroup stats for /syz1: [ 112.401942][ T5311] anon 0 [ 112.401942][ T5311] file 0 [ 112.401942][ T5311] kernel 12288 [ 112.401942][ T5311] kernel_stack 0 [ 112.401942][ T5311] pagetables 0 [ 112.401942][ T5311] sec_pagetables 0 [ 112.401942][ T5311] percpu 0 [ 112.401942][ T5311] sock 0 [ 112.401942][ T5311] vmalloc 0 [ 112.401942][ T5311] shmem 0 [ 112.401942][ T5311] zswap 0 [ 112.401942][ T5311] zswapped 0 [ 112.401942][ T5311] file_mapped 0 [ 112.401942][ T5311] file_dirty 0 [ 112.401942][ T5311] file_writeback 0 [ 112.401942][ T5311] swapcached 0 [ 112.401942][ T5311] anon_thp 0 [ 112.401942][ T5311] file_thp 0 [ 112.401942][ T5311] shmem_thp 0 [pid 5072] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.401942][ T5311] inactive_anon 0 [ 112.401942][ T5311] active_anon 0 [ 112.401942][ T5311] inactive_file 0 [ 112.401942][ T5311] active_file 0 [ 112.401942][ T5311] unevictable 0 [ 112.401942][ T5311] slab_reclaimable 9328 [ 112.401942][ T5311] slab_unreclaimable 0 [ 112.401942][ T5311] slab 9328 [ 112.401942][ T5311] workingset_refault_anon 0 [ 112.505111][ T5311] Tasks state (memory values in pages): [pid 5072] lstat("./9/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4 [pid 5311] <... write resumed>) = 18 [pid 5072] <... close resumed>) = 0 [ 112.510943][ T5311] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 112.522923][ T5311] Out of memory and no killable processes... [ 112.533878][ T5320] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 112.546902][ T5320] CPU: 1 PID: 5320 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 112.557377][ T5320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 112.567460][ T5320] Call Trace: [ 112.570761][ T5320] [ 112.573707][ T5320] dump_stack_lvl+0x1e7/0x2d0 [ 112.578420][ T5320] ? nf_tcp_handle_invalid+0x640/0x640 [ 112.583899][ T5320] ? panic+0x770/0x770 [ 112.587997][ T5320] dump_header+0xdc/0x940 [ 112.592348][ T5320] out_of_memory+0xf21/0x12c0 [ 112.597065][ T5320] ? mutex_lock_io_nested+0x60/0x60 [ 112.602291][ T5320] ? preempt_schedule+0xdd/0xf0 [ 112.607165][ T5320] ? unregister_oom_notifier+0x20/0x20 [ 112.612645][ T5320] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 112.618661][ T5320] mem_cgroup_out_of_memory+0x263/0x3b0 [ 112.624234][ T5320] ? preempt_schedule_thunk+0x1a/0x20 [ 112.629633][ T5320] ? mem_cgroup_oom_trylock+0x210/0x210 [ 112.635216][ T5320] ? cgroup_file_notify+0x127/0x190 [ 112.640439][ T5320] memory_max_write+0x355/0x470 [ 112.645312][ T5320] ? memory_max_show+0xa0/0xa0 [ 112.650100][ T5320] ? read_lock_is_recursive+0x20/0x20 [ 112.655493][ T5320] ? memory_max_show+0xa0/0xa0 [ 112.660271][ T5320] cgroup_file_write+0x2b1/0x780 [ 112.665234][ T5320] ? cgroup_seqfile_stop+0xd0/0xd0 [ 112.670370][ T5320] ? __virt_addr_valid+0x22f/0x2e0 [ 112.675507][ T5320] ? cgroup_seqfile_stop+0xd0/0xd0 [ 112.680631][ T5320] kernfs_fop_write_iter+0x3a6/0x4f0 [ 112.685954][ T5320] vfs_write+0x7b2/0xbb0 [ 112.690287][ T5320] ? file_end_write+0x240/0x240 [ 112.695199][ T5320] ? do_raw_spin_unlock+0x13b/0x8b0 [ 112.700428][ T5320] ? lockdep_hardirqs_on+0x98/0x140 [ 112.705660][ T5320] ? __fdget_pos+0x265/0x2f0 [ 112.710277][ T5320] ksys_write+0x1a0/0x2c0 [ 112.714631][ T5320] ? __ia32_sys_read+0x90/0x90 [ 112.719412][ T5320] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 112.725417][ T5320] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 112.731418][ T5320] do_syscall_64+0x41/0xc0 [ 112.735851][ T5320] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.741767][ T5320] RIP: 0033:0x7fd49ce20129 [ 112.746195][ T5320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5072] rmdir("./9/file0" [pid 5311] close(3) = 0 [pid 5311] close(4 [pid 5072] <... rmdir resumed>) = 0 [pid 5311] <... close resumed>) = 0 [pid 5072] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5311] close(5 [pid 5072] lstat("./9/cgroup.cpu", [pid 5311] <... close resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./9/cgroup.cpu" [pid 5311] close(6 [pid 5072] <... unlink resumed>) = 0 [pid 5311] <... close resumed>) = 0 [pid 5072] getdents64(3, [pid 5311] close(7) = -1 EBADF (Bad file descriptor) [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5311] close(8 [pid 5072] close(3 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] close(9 [pid 5072] <... close resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] rmdir("./9" [pid 5311] close(10) = -1 EBADF (Bad file descriptor) [ 112.765820][ T5320] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.774252][ T5320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 112.782235][ T5320] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 112.790214][ T5320] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 112.798199][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 112.806198][ T5320] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000f [ 112.814219][ T5320] [pid 5311] close(11 [pid 5072] <... rmdir resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] mkdir("./10", 0777 [pid 5311] close(12) = -1 EBADF (Bad file descriptor) [pid 5311] close(13) = -1 EBADF (Bad file descriptor) [pid 5311] close(14) = -1 EBADF (Bad file descriptor) [pid 5072] <... mkdir resumed>) = 0 [pid 5311] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5311] close(16) = -1 EBADF (Bad file descriptor) [pid 5311] close(17) = -1 EBADF (Bad file descriptor) [pid 5311] close(18) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5330 attached [pid 5311] close(19 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 12 [pid 5330] chdir("./10" [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] <... chdir resumed>) = 0 [pid 5311] close(20 [pid 5330] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] <... prctl resumed>) = 0 [pid 5311] close(21 [pid 5330] setpgid(0, 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] <... setpgid resumed>) = 0 [pid 5311] close(22) = -1 EBADF (Bad file descriptor) [pid 5330] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5311] close(23) = -1 EBADF (Bad file descriptor) [pid 5330] <... symlink resumed>) = 0 [pid 5330] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5311] close(24) = -1 EBADF (Bad file descriptor) [pid 5330] <... symlink resumed>) = 0 [pid 5311] close(25 [pid 5330] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5311] close(26 [pid 5330] <... symlink resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5311] close(27 [pid 5330] <... openat resumed>) = 3 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] write(3, "1000", 4 [pid 5311] close(28 [pid 5330] <... write resumed>) = 4 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] close(3 [pid 5311] close(29 [pid 5330] <... close resumed>) = 0 [pid 5311] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5330] symlink("/dev/binderfs", "./binderfs" [pid 5311] exit_group(0 [pid 5330] <... symlink resumed>) = 0 [pid 5311] <... exit_group resumed>) = ? [pid 5330] mkdir("./file0", 000 [pid 5311] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5330] <... mkdir resumed>) = 0 [pid 5330] open("./file0", O_RDONLY) = 3 [pid 5330] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5074] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5330] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5330] <... openat resumed>) = 4 [pid 5074] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5330] openat(4, "syz1", O_RDWR|O_PATH [pid 5074] <... openat resumed>) = 3 [pid 5330] <... openat resumed>) = 5 [pid 5074] fstat(3, [pid 5330] openat(5, "memory.max", O_RDWR [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5330] <... openat resumed>) = 6 [pid 5074] getdents64(3, [pid 5330] write(6, "0x000000000000040e", 18 [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./15/binderfs") = 0 [pid 5074] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./15/cgroup") = 0 [pid 5074] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./15/cgroup.net") = 0 [pid 5074] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./15/file0") = 0 [pid 5074] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./15/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./15") = 0 [pid 5074] mkdir("./16", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5333 attached [pid 5333] chdir("./16") = 0 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 18 [pid 5333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5333] setpgid(0, 0) = 0 [pid 5333] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5333] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5333] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5333] write(3, "1000", 4) = 4 [pid 5333] close(3) = 0 [pid 5333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5333] mkdir("./file0", 000) = 0 [pid 5333] open("./file0", O_RDONLY) = 3 [pid 5333] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5333] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5333] openat(5, "memory.max", O_RDWR) = 6 [ 112.975611][ T5320] memory: usage 12kB, limit 0kB, failcnt 55 [ 112.988053][ T5320] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 113.014968][ T5320] Memory cgroup stats for /syz1: [ 113.015663][ T5320] anon 0 [ 113.015663][ T5320] file 0 [ 113.015663][ T5320] kernel 12288 [ 113.015663][ T5320] kernel_stack 0 [ 113.015663][ T5320] pagetables 0 [ 113.015663][ T5320] sec_pagetables 0 [ 113.015663][ T5320] percpu 0 [ 113.015663][ T5320] sock 0 [ 113.015663][ T5320] vmalloc 0 [ 113.015663][ T5320] shmem 0 [ 113.015663][ T5320] zswap 0 [ 113.015663][ T5320] zswapped 0 [ 113.015663][ T5320] file_mapped 0 [ 113.015663][ T5320] file_dirty 0 [ 113.015663][ T5320] file_writeback 0 [ 113.015663][ T5320] swapcached 0 [ 113.015663][ T5320] anon_thp 0 [ 113.015663][ T5320] file_thp 0 [ 113.015663][ T5320] shmem_thp 0 [ 113.015663][ T5320] inactive_anon 0 [ 113.015663][ T5320] active_anon 0 [ 113.015663][ T5320] inactive_file 0 [ 113.015663][ T5320] active_file 0 [ 113.015663][ T5320] unevictable 0 [ 113.015663][ T5320] slab_reclaimable 9328 [ 113.015663][ T5320] slab_unreclaimable 0 [ 113.015663][ T5320] slab 9328 [ 113.015663][ T5320] workingset_refault_anon 0 [ 113.148205][ T5320] Tasks state (memory values in pages): [ 113.153916][ T5320] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 113.172507][ T5320] Out of memory and no killable processes... [ 113.180810][ T5324] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 113.199016][ T5324] CPU: 0 PID: 5324 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 113.209504][ T5324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 113.219611][ T5324] Call Trace: [ 113.222930][ T5324] [ 113.225905][ T5324] dump_stack_lvl+0x1e7/0x2d0 [ 113.230636][ T5324] ? nf_tcp_handle_invalid+0x640/0x640 [ 113.236147][ T5324] ? panic+0x770/0x770 [ 113.240287][ T5324] dump_header+0xdc/0x940 [ 113.244674][ T5324] out_of_memory+0xf21/0x12c0 [pid 5333] write(6, "0x000000000000040e", 18 [pid 5320] <... write resumed>) = 18 [pid 5320] close(3) = 0 [pid 5320] close(4) = 0 [pid 5320] close(5) = 0 [ 113.249411][ T5324] ? mutex_lock_io_nested+0x60/0x60 [ 113.254677][ T5324] ? preempt_schedule+0xdd/0xf0 [ 113.259589][ T5324] ? unregister_oom_notifier+0x20/0x20 [ 113.265097][ T5324] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 113.271153][ T5324] mem_cgroup_out_of_memory+0x263/0x3b0 [ 113.276776][ T5324] ? preempt_schedule_thunk+0x1a/0x20 [ 113.282207][ T5324] ? mem_cgroup_oom_trylock+0x210/0x210 [ 113.287849][ T5324] ? cgroup_file_notify+0x127/0x190 [ 113.293119][ T5324] memory_max_write+0x355/0x470 [pid 5320] close(6) = 0 [pid 5320] close(7) = -1 EBADF (Bad file descriptor) [pid 5320] close(8) = -1 EBADF (Bad file descriptor) [pid 5320] close(9) = -1 EBADF (Bad file descriptor) [pid 5320] close(10) = -1 EBADF (Bad file descriptor) [pid 5320] close(11) = -1 EBADF (Bad file descriptor) [pid 5320] close(12) = -1 EBADF (Bad file descriptor) [pid 5320] close(13) = -1 EBADF (Bad file descriptor) [pid 5320] close(14) = -1 EBADF (Bad file descriptor) [pid 5320] close(15) = -1 EBADF (Bad file descriptor) [pid 5320] close(16) = -1 EBADF (Bad file descriptor) [pid 5320] close(17) = -1 EBADF (Bad file descriptor) [pid 5320] close(18) = -1 EBADF (Bad file descriptor) [pid 5320] close(19) = -1 EBADF (Bad file descriptor) [pid 5320] close(20) = -1 EBADF (Bad file descriptor) [pid 5320] close(21) = -1 EBADF (Bad file descriptor) [pid 5320] close(22) = -1 EBADF (Bad file descriptor) [ 113.298043][ T5324] ? memory_max_show+0xa0/0xa0 [ 113.302878][ T5324] ? read_lock_is_recursive+0x20/0x20 [ 113.308318][ T5324] ? memory_max_show+0xa0/0xa0 [ 113.313138][ T5324] cgroup_file_write+0x2b1/0x780 [ 113.318136][ T5324] ? cgroup_seqfile_stop+0xd0/0xd0 [ 113.323306][ T5324] ? __virt_addr_valid+0x22f/0x2e0 [ 113.328488][ T5324] ? cgroup_seqfile_stop+0xd0/0xd0 [ 113.333644][ T5324] kernfs_fop_write_iter+0x3a6/0x4f0 [ 113.338995][ T5324] vfs_write+0x7b2/0xbb0 [ 113.343313][ T5324] ? file_end_write+0x240/0x240 [pid 5320] close(23) = -1 EBADF (Bad file descriptor) [pid 5320] close(24) = -1 EBADF (Bad file descriptor) [pid 5320] close(25) = -1 EBADF (Bad file descriptor) [pid 5320] close(26) = -1 EBADF (Bad file descriptor) [pid 5320] close(27) = -1 EBADF (Bad file descriptor) [pid 5320] close(28) = -1 EBADF (Bad file descriptor) [pid 5320] close(29) = -1 EBADF (Bad file descriptor) [pid 5320] exit_group(0) = ? [pid 5320] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5075] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./15/binderfs") = 0 [pid 5075] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./15/cgroup") = 0 [pid 5075] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./15/cgroup.net") = 0 [ 113.348230][ T5324] ? do_raw_spin_unlock+0x13b/0x8b0 [ 113.353483][ T5324] ? lockdep_hardirqs_on+0x98/0x140 [ 113.358753][ T5324] ? __fdget_pos+0x265/0x2f0 [ 113.363401][ T5324] ksys_write+0x1a0/0x2c0 [ 113.367798][ T5324] ? __ia32_sys_read+0x90/0x90 [ 113.372618][ T5324] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 113.378663][ T5324] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 113.384712][ T5324] do_syscall_64+0x41/0xc0 [ 113.389194][ T5324] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.395154][ T5324] RIP: 0033:0x7fd49ce20129 [ 113.399619][ T5324] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 113.419294][ T5324] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.427769][ T5324] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 113.435792][ T5324] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./15/file0") = 0 [pid 5075] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.443813][ T5324] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 113.451830][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 113.459857][ T5324] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000c [ 113.467906][ T5324] [ 113.489679][ T5324] memory: usage 12kB, limit 0kB, failcnt 55 [pid 5075] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./15/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./15") = 0 [pid 5075] mkdir("./16", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 18 [ 113.495728][ T5324] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 113.510733][ T5324] Memory cgroup stats for /syz1: [ 113.510948][ T5324] anon 0 [ 113.510948][ T5324] file 0 [ 113.510948][ T5324] kernel 12288 [ 113.510948][ T5324] kernel_stack 0 [ 113.510948][ T5324] pagetables 0 [ 113.510948][ T5324] sec_pagetables 0 [ 113.510948][ T5324] percpu 0 [ 113.510948][ T5324] sock 0 [ 113.510948][ T5324] vmalloc 0 [ 113.510948][ T5324] shmem 0 [ 113.510948][ T5324] zswap 0 [ 113.510948][ T5324] zswapped 0 [ 113.510948][ T5324] file_mapped 0 [ 113.510948][ T5324] file_dirty 0 [ 113.510948][ T5324] file_writeback 0 [ 113.510948][ T5324] swapcached 0 [ 113.510948][ T5324] anon_thp 0 [ 113.510948][ T5324] file_thp 0 [ 113.510948][ T5324] shmem_thp 0 [ 113.510948][ T5324] inactive_anon 0 [ 113.510948][ T5324] active_anon 0 [ 113.510948][ T5324] inactive_file 0 [ 113.510948][ T5324] active_file 0 [ 113.510948][ T5324] unevictable 0 [ 113.510948][ T5324] slab_reclaimable 9328 [ 113.510948][ T5324] slab_unreclaimable 0 ./strace-static-x86_64: Process 5339 attached [pid 5339] chdir("./16") = 0 [pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] setpgid(0, 0) = 0 [pid 5339] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5339] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5339] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] write(3, "1000", 4) = 4 [pid 5339] close(3) = 0 [pid 5339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5339] mkdir("./file0", 000) = 0 [ 113.510948][ T5324] slab 9328 [ 113.510948][ T5324] workingset_refault_anon 0 [ 113.611531][ T5324] Tasks state (memory values in pages): [ 113.620011][ T5324] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 113.640287][ T5324] Out of memory and no killable processes... [pid 5339] open("./file0", O_RDONLY [pid 5324] <... write resumed>) = 18 [pid 5324] close(3) = 0 [pid 5324] close(4) = 0 [pid 5324] close(5) = 0 [pid 5339] <... open resumed>) = 3 [pid 5324] close(6) = 0 [pid 5324] close(7) = -1 EBADF (Bad file descriptor) [pid 5324] close(8 [pid 5339] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5324] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5339] <... mount resumed>) = 0 [pid 5324] close(9 [pid 5339] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5324] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5339] <... openat resumed>) = 4 [pid 5324] close(10) = -1 EBADF (Bad file descriptor) [pid 5324] close(11) = -1 EBADF (Bad file descriptor) [pid 5324] close(12) = -1 EBADF (Bad file descriptor) [pid 5324] close(13) = -1 EBADF (Bad file descriptor) [pid 5324] close(14) = -1 EBADF (Bad file descriptor) [pid 5324] close(15) = -1 EBADF (Bad file descriptor) [pid 5324] close(16) = -1 EBADF (Bad file descriptor) [pid 5324] close(17) = -1 EBADF (Bad file descriptor) [pid 5324] close(18) = -1 EBADF (Bad file descriptor) [pid 5324] close(19) = -1 EBADF (Bad file descriptor) [ 113.652257][ T5325] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 113.682153][ T5325] CPU: 0 PID: 5325 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 113.692647][ T5325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5324] close(20) = -1 EBADF (Bad file descriptor) [pid 5324] close(21) = -1 EBADF (Bad file descriptor) [pid 5324] close(22) = -1 EBADF (Bad file descriptor) [pid 5324] close(23) = -1 EBADF (Bad file descriptor) [pid 5324] close(24) = -1 EBADF (Bad file descriptor) [pid 5324] close(25) = -1 EBADF (Bad file descriptor) [pid 5324] close(26) = -1 EBADF (Bad file descriptor) [pid 5324] close(27) = -1 EBADF (Bad file descriptor) [pid 5324] close(28) = -1 EBADF (Bad file descriptor) [pid 5324] close(29) = -1 EBADF (Bad file descriptor) [pid 5324] exit_group(0) = ? [pid 5324] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./12/binderfs") = 0 [pid 5073] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./12/cgroup") = 0 [pid 5073] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.702757][ T5325] Call Trace: [ 113.706087][ T5325] [ 113.709069][ T5325] dump_stack_lvl+0x1e7/0x2d0 [ 113.713813][ T5325] ? nf_tcp_handle_invalid+0x640/0x640 [ 113.719343][ T5325] ? panic+0x770/0x770 [ 113.723487][ T5325] dump_header+0xdc/0x940 [ 113.727879][ T5325] out_of_memory+0xf21/0x12c0 [ 113.732622][ T5325] ? mutex_lock_io_nested+0x60/0x60 [ 113.737886][ T5325] ? mark_lock+0x9a/0x340 [ 113.742259][ T5325] ? unregister_oom_notifier+0x20/0x20 [pid 5073] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./12/cgroup.net") = 0 [pid 5073] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5339] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5339] openat(5, "memory.max", O_RDWR) = 6 [ 113.747776][ T5325] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 113.753829][ T5325] mem_cgroup_out_of_memory+0x263/0x3b0 [ 113.759437][ T5325] ? mem_cgroup_oom_trylock+0x210/0x210 [ 113.765057][ T5325] ? cgroup_file_notify+0x127/0x190 [ 113.770315][ T5325] memory_max_write+0x355/0x470 [ 113.775292][ T5325] ? memory_max_show+0xa0/0xa0 [ 113.780112][ T5325] ? read_lock_is_recursive+0x20/0x20 [ 113.785542][ T5325] ? memory_max_show+0xa0/0xa0 [ 113.790365][ T5325] cgroup_file_write+0x2b1/0x780 [ 113.795359][ T5325] ? cgroup_seqfile_stop+0xd0/0xd0 [ 113.800512][ T5325] ? __virt_addr_valid+0x22f/0x2e0 [ 113.805691][ T5325] ? cgroup_seqfile_stop+0xd0/0xd0 [ 113.810849][ T5325] kernfs_fop_write_iter+0x3a6/0x4f0 [ 113.816197][ T5325] vfs_write+0x7b2/0xbb0 [ 113.820499][ T5325] ? file_end_write+0x240/0x240 [ 113.825445][ T5325] ? do_raw_spin_unlock+0x13b/0x8b0 [ 113.830696][ T5325] ? lockdep_hardirqs_on+0x98/0x140 [ 113.836047][ T5325] ? __fdget_pos+0x265/0x2f0 [ 113.840702][ T5325] ksys_write+0x1a0/0x2c0 [ 113.845116][ T5325] ? __ia32_sys_read+0x90/0x90 [ 113.849943][ T5325] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 113.856084][ T5325] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 113.862179][ T5325] do_syscall_64+0x41/0xc0 [ 113.866658][ T5325] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.872617][ T5325] RIP: 0033:0x7fd49ce20129 [ 113.877085][ T5325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5339] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./12/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./12/file0") = 0 [pid 5073] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./12/cgroup.cpu") = 0 [ 113.896755][ T5325] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.905231][ T5325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 113.913257][ T5325] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 113.921287][ T5325] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 113.929315][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 113.937333][ T5325] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000009 [ 113.945379][ T5325] [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./12") = 0 [pid 5073] mkdir("./13", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 15 ./strace-static-x86_64: Process 5341 attached [pid 5341] chdir("./13") = 0 [ 113.993936][ T5325] memory: usage 12kB, limit 0kB, failcnt 55 [ 114.000573][ T5325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 114.015863][ T5325] Memory cgroup stats for /syz1: [ 114.016088][ T5325] anon 0 [ 114.016088][ T5325] file 0 [ 114.016088][ T5325] kernel 12288 [ 114.016088][ T5325] kernel_stack 0 [ 114.016088][ T5325] pagetables 0 [ 114.016088][ T5325] sec_pagetables 0 [ 114.016088][ T5325] percpu 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5341] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5341] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 114.016088][ T5325] sock 0 [ 114.016088][ T5325] vmalloc 0 [ 114.016088][ T5325] shmem 0 [ 114.016088][ T5325] zswap 0 [ 114.016088][ T5325] zswapped 0 [ 114.016088][ T5325] file_mapped 0 [ 114.016088][ T5325] file_dirty 0 [ 114.016088][ T5325] file_writeback 0 [ 114.016088][ T5325] swapcached 0 [ 114.016088][ T5325] anon_thp 0 [ 114.016088][ T5325] file_thp 0 [ 114.016088][ T5325] shmem_thp 0 [ 114.016088][ T5325] inactive_anon 0 [ 114.016088][ T5325] active_anon 0 [ 114.016088][ T5325] inactive_file 0 [ 114.016088][ T5325] active_file 0 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] mkdir("./file0", 000) = 0 [pid 5341] open("./file0", O_RDONLY) = 3 [pid 5341] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5341] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5341] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5341] openat(5, "memory.max", O_RDWR) = 6 [ 114.016088][ T5325] unevictable 0 [ 114.016088][ T5325] slab_reclaimable 9328 [ 114.016088][ T5325] slab_unreclaimable 0 [ 114.016088][ T5325] slab 9328 [ 114.016088][ T5325] workingset_refault_anon 0 [ 114.124423][ T5325] Tasks state (memory values in pages): [ 114.133282][ T5325] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5341] write(6, "0x000000000000040e", 18 [pid 5325] <... write resumed>) = 18 [pid 5325] close(3) = 0 [pid 5325] close(4) = 0 [pid 5325] close(5) = 0 [ 114.150920][ T5325] Out of memory and no killable processes... [ 114.160353][ T5330] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 114.178416][ T5330] CPU: 1 PID: 5330 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 114.188900][ T5330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 114.198992][ T5330] Call Trace: [ 114.202319][ T5330] [ 114.205282][ T5330] dump_stack_lvl+0x1e7/0x2d0 [ 114.210018][ T5330] ? nf_tcp_handle_invalid+0x640/0x640 [ 114.215528][ T5330] ? panic+0x770/0x770 [ 114.219668][ T5330] dump_header+0xdc/0x940 [ 114.224048][ T5330] out_of_memory+0xf21/0x12c0 [ 114.228764][ T5330] ? mutex_lock_io_nested+0x60/0x60 [ 114.233992][ T5330] ? preempt_schedule+0xdd/0xf0 [ 114.238863][ T5330] ? unregister_oom_notifier+0x20/0x20 [ 114.244340][ T5330] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 114.250350][ T5330] mem_cgroup_out_of_memory+0x263/0x3b0 [ 114.255919][ T5330] ? preempt_schedule_thunk+0x1a/0x20 [ 114.261314][ T5330] ? mem_cgroup_oom_trylock+0x210/0x210 [ 114.266892][ T5330] ? cgroup_file_notify+0x127/0x190 [ 114.272116][ T5330] memory_max_write+0x355/0x470 [ 114.276997][ T5330] ? memory_max_show+0xa0/0xa0 [ 114.281779][ T5330] ? read_lock_is_recursive+0x20/0x20 [ 114.287176][ T5330] ? memory_max_show+0xa0/0xa0 [ 114.291955][ T5330] cgroup_file_write+0x2b1/0x780 [ 114.296918][ T5330] ? cgroup_seqfile_stop+0xd0/0xd0 [ 114.302048][ T5330] ? __virt_addr_valid+0x22f/0x2e0 [ 114.307189][ T5330] ? cgroup_seqfile_stop+0xd0/0xd0 [ 114.312309][ T5330] kernfs_fop_write_iter+0x3a6/0x4f0 [ 114.317634][ T5330] vfs_write+0x7b2/0xbb0 [ 114.321898][ T5330] ? file_end_write+0x240/0x240 [ 114.326785][ T5330] ? do_raw_spin_unlock+0x13b/0x8b0 [ 114.332019][ T5330] ? lockdep_hardirqs_on+0x98/0x140 [ 114.337241][ T5330] ? __fdget_pos+0x265/0x2f0 [ 114.341852][ T5330] ksys_write+0x1a0/0x2c0 [ 114.346210][ T5330] ? __ia32_sys_read+0x90/0x90 [ 114.350996][ T5330] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 114.357014][ T5330] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 114.363018][ T5330] do_syscall_64+0x41/0xc0 [ 114.367478][ T5330] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 114.373395][ T5330] RIP: 0033:0x7fd49ce20129 [ 114.377853][ T5330] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5325] close(6) = 0 [pid 5325] close(7) = -1 EBADF (Bad file descriptor) [pid 5325] close(8) = -1 EBADF (Bad file descriptor) [ 114.397497][ T5330] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.405927][ T5330] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 114.413914][ T5330] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 114.421918][ T5330] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 114.429916][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 114.437915][ T5330] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000a [ 114.445956][ T5330] [pid 5325] close(9) = -1 EBADF (Bad file descriptor) [ 114.457882][ T5330] memory: usage 12kB, limit 0kB, failcnt 55 [ 114.463861][ T5330] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 114.471372][ T5330] Memory cgroup stats for /syz1: [ 114.471586][ T5330] anon 0 [ 114.471586][ T5330] file 0 [ 114.471586][ T5330] kernel 12288 [ 114.471586][ T5330] kernel_stack 0 [ 114.471586][ T5330] pagetables 0 [ 114.471586][ T5330] sec_pagetables 0 [ 114.471586][ T5330] percpu 0 [ 114.471586][ T5330] sock 0 [ 114.471586][ T5330] vmalloc 0 [ 114.471586][ T5330] shmem 0 [pid 5325] close(10) = -1 EBADF (Bad file descriptor) [pid 5325] close(11) = -1 EBADF (Bad file descriptor) [pid 5325] close(12) = -1 EBADF (Bad file descriptor) [pid 5325] close(13) = -1 EBADF (Bad file descriptor) [pid 5325] close(14) = -1 EBADF (Bad file descriptor) [pid 5325] close(15) = -1 EBADF (Bad file descriptor) [pid 5325] close(16) = -1 EBADF (Bad file descriptor) [pid 5325] close(17) = -1 EBADF (Bad file descriptor) [pid 5325] close(18) = -1 EBADF (Bad file descriptor) [pid 5325] close(19) = -1 EBADF (Bad file descriptor) [pid 5325] close(20) = -1 EBADF (Bad file descriptor) [pid 5325] close(21) = -1 EBADF (Bad file descriptor) [pid 5325] close(22) = -1 EBADF (Bad file descriptor) [pid 5325] close(23) = -1 EBADF (Bad file descriptor) [pid 5325] close(24) = -1 EBADF (Bad file descriptor) [pid 5325] close(25) = -1 EBADF (Bad file descriptor) [pid 5325] close(26) = -1 EBADF (Bad file descriptor) [pid 5325] close(27) = -1 EBADF (Bad file descriptor) [pid 5325] close(28) = -1 EBADF (Bad file descriptor) [pid 5325] close(29) = -1 EBADF (Bad file descriptor) [pid 5325] exit_group(0) = ? [pid 5325] +++ exited with 0 +++ [ 114.471586][ T5330] zswap 0 [ 114.471586][ T5330] zswapped 0 [ 114.471586][ T5330] file_mapped 0 [ 114.471586][ T5330] file_dirty 0 [ 114.471586][ T5330] file_writeback 0 [ 114.471586][ T5330] swapcached 0 [ 114.471586][ T5330] anon_thp 0 [ 114.471586][ T5330] file_thp 0 [ 114.471586][ T5330] shmem_thp 0 [ 114.471586][ T5330] inactive_anon 0 [ 114.471586][ T5330] active_anon 0 [ 114.471586][ T5330] inactive_file 0 [ 114.471586][ T5330] active_file 0 [ 114.471586][ T5330] unevictable 0 [ 114.471586][ T5330] slab_reclaimable 9328 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./9/binderfs") = 0 [pid 5070] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5330] <... write resumed>) = 18 [ 114.471586][ T5330] slab_unreclaimable 0 [ 114.471586][ T5330] slab 9328 [ 114.471586][ T5330] workingset_refault_anon 0 [ 114.572021][ T5330] Tasks state (memory values in pages): [ 114.578486][ T5330] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 114.588097][ T5330] Out of memory and no killable processes... [ 114.594232][ T5333] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./9/cgroup") = 0 [pid 5070] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./9/cgroup.net") = 0 [ 114.604696][ T5333] CPU: 0 PID: 5333 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 114.615162][ T5333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 114.625270][ T5333] Call Trace: [ 114.628586][ T5333] [ 114.631555][ T5333] dump_stack_lvl+0x1e7/0x2d0 [ 114.636295][ T5333] ? nf_tcp_handle_invalid+0x640/0x640 [ 114.641807][ T5333] ? panic+0x770/0x770 [ 114.645945][ T5333] dump_header+0xdc/0x940 [ 114.650334][ T5333] out_of_memory+0xf21/0x12c0 [ 114.655067][ T5333] ? mutex_lock_io_nested+0x60/0x60 [ 114.660329][ T5333] ? mark_lock+0x9a/0x340 [ 114.664698][ T5333] ? unregister_oom_notifier+0x20/0x20 [ 114.670204][ T5333] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 114.676258][ T5333] mem_cgroup_out_of_memory+0x263/0x3b0 [ 114.681880][ T5333] ? mem_cgroup_oom_trylock+0x210/0x210 [ 114.687532][ T5333] ? cgroup_file_notify+0x127/0x190 [ 114.692801][ T5333] memory_max_write+0x355/0x470 [ 114.697727][ T5333] ? memory_max_show+0xa0/0xa0 [ 114.702552][ T5333] ? read_lock_is_recursive+0x20/0x20 [ 114.707986][ T5333] ? memory_max_show+0xa0/0xa0 [ 114.712786][ T5333] cgroup_file_write+0x2b1/0x780 [ 114.717817][ T5333] ? cgroup_seqfile_stop+0xd0/0xd0 [ 114.722953][ T5333] ? __virt_addr_valid+0x22f/0x2e0 [ 114.728107][ T5333] ? cgroup_seqfile_stop+0xd0/0xd0 [ 114.733232][ T5333] kernfs_fop_write_iter+0x3a6/0x4f0 [ 114.738544][ T5333] vfs_write+0x7b2/0xbb0 [ 114.742902][ T5333] ? file_end_write+0x240/0x240 [ 114.747780][ T5333] ? do_raw_spin_unlock+0x13b/0x8b0 [ 114.752998][ T5333] ? lockdep_hardirqs_on+0x98/0x140 [ 114.758236][ T5333] ? __fdget_pos+0x265/0x2f0 [ 114.762873][ T5333] ksys_write+0x1a0/0x2c0 [ 114.767260][ T5333] ? __ia32_sys_read+0x90/0x90 [ 114.772059][ T5333] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 114.778069][ T5333] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 114.784079][ T5333] do_syscall_64+0x41/0xc0 [ 114.788667][ T5333] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 114.794632][ T5333] RIP: 0033:0x7fd49ce20129 [ 114.799072][ T5333] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 114.818706][ T5333] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.827137][ T5333] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 114.835141][ T5333] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 114.843126][ T5333] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 114.851107][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5330] close(3 [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./9/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./9/file0") = 0 [pid 5070] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./9/cgroup.cpu" [pid 5330] <... close resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5330] close(4 [pid 5070] getdents64(3, [pid 5330] <... close resumed>) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5330] close(5 [pid 5070] close(3 [pid 5330] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5330] close(6 [pid 5070] rmdir("./9" [pid 5330] <... close resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5330] close(7 [pid 5070] mkdir("./10", 0777 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... mkdir resumed>) = 0 [pid 5330] close(8 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5346 attached [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] chdir("./10" [pid 5330] close(9 [pid 5346] <... chdir resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 12 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5330] close(10 [pid 5346] <... prctl resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] setpgid(0, 0 [ 114.859092][ T5333] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000010 [ 114.867109][ T5333] [pid 5330] close(11 [pid 5346] <... setpgid resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5346] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5330] close(12 [pid 5346] <... symlink resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5330] close(13 [pid 5346] <... symlink resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5330] close(14 [pid 5346] <... openat resumed>) = 3 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] write(3, "1000", 4 [pid 5330] close(15 [pid 5346] <... write resumed>) = 4 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] close(3 [pid 5330] close(16 [pid 5346] <... close resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5346] mkdir("./file0", 000 [pid 5330] close(17 [pid 5346] <... mkdir resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] open("./file0", O_RDONLY [pid 5330] close(18 [pid 5346] <... open resumed>) = 3 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] mount(NULL, "./file0", "cgroup2", 0, NULL [ 114.916670][ T5333] memory: usage 12kB, limit 0kB, failcnt 55 [ 114.922652][ T5333] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 114.957596][ T5333] Memory cgroup stats for /syz1: [ 114.957805][ T5333] anon 0 [ 114.957805][ T5333] file 0 [ 114.957805][ T5333] kernel 12288 [ 114.957805][ T5333] kernel_stack 0 [ 114.957805][ T5333] pagetables 0 [ 114.957805][ T5333] sec_pagetables 0 [ 114.957805][ T5333] percpu 0 [ 114.957805][ T5333] sock 0 [ 114.957805][ T5333] vmalloc 0 [ 114.957805][ T5333] shmem 0 [ 114.957805][ T5333] zswap 0 [ 114.957805][ T5333] zswapped 0 [ 114.957805][ T5333] file_mapped 0 [ 114.957805][ T5333] file_dirty 0 [pid 5330] close(19 [pid 5346] <... mount resumed>) = 0 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5330] close(20 [pid 5346] <... openat resumed>) = 4 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] openat(4, "syz1", O_RDWR|O_PATH [pid 5330] close(21 [pid 5346] <... openat resumed>) = 5 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] openat(5, "memory.max", O_RDWR [pid 5330] close(22 [pid 5346] <... openat resumed>) = 6 [pid 5330] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5346] write(6, "0x000000000000040e", 18 [pid 5330] close(23) = -1 EBADF (Bad file descriptor) [ 114.957805][ T5333] file_writeback 0 [ 114.957805][ T5333] swapcached 0 [ 114.957805][ T5333] anon_thp 0 [ 114.957805][ T5333] file_thp 0 [ 114.957805][ T5333] shmem_thp 0 [ 114.957805][ T5333] inactive_anon 0 [ 114.957805][ T5333] active_anon 0 [ 114.957805][ T5333] inactive_file 0 [ 114.957805][ T5333] active_file 0 [ 114.957805][ T5333] unevictable 0 [ 114.957805][ T5333] slab_reclaimable 9328 [ 114.957805][ T5333] slab_unreclaimable 0 [ 114.957805][ T5333] slab 9328 [ 114.957805][ T5333] workingset_refault_anon 0 [pid 5330] close(24) = -1 EBADF (Bad file descriptor) [pid 5330] close(25) = -1 EBADF (Bad file descriptor) [pid 5330] close(26) = -1 EBADF (Bad file descriptor) [pid 5330] close(27) = -1 EBADF (Bad file descriptor) [pid 5330] close(28) = -1 EBADF (Bad file descriptor) [pid 5330] close(29) = -1 EBADF (Bad file descriptor) [pid 5333] <... write resumed>) = 18 [pid 5330] exit_group(0 [pid 5333] close(3 [pid 5330] <... exit_group resumed>) = ? [pid 5333] <... close resumed>) = 0 [ 115.075336][ T5333] Tasks state (memory values in pages): [ 115.084318][ T5333] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 115.094778][ T5333] Out of memory and no killable processes... [ 115.112683][ T5339] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 115.126246][ T5339] CPU: 1 PID: 5339 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 115.136724][ T5339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 115.146822][ T5339] Call Trace: [ 115.150130][ T5339] [ 115.153093][ T5339] dump_stack_lvl+0x1e7/0x2d0 [ 115.157824][ T5339] ? nf_tcp_handle_invalid+0x640/0x640 [ 115.163323][ T5339] ? panic+0x770/0x770 [ 115.167423][ T5339] dump_header+0xdc/0x940 [ 115.171776][ T5339] out_of_memory+0xf21/0x12c0 [ 115.176475][ T5339] ? mutex_lock_io_nested+0x60/0x60 [ 115.181699][ T5339] ? mark_lock+0x9a/0x340 [ 115.186044][ T5339] ? unregister_oom_notifier+0x20/0x20 [ 115.191522][ T5339] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 115.197530][ T5339] mem_cgroup_out_of_memory+0x263/0x3b0 [ 115.203098][ T5339] ? mem_cgroup_oom_trylock+0x210/0x210 [ 115.208674][ T5339] ? cgroup_file_notify+0x127/0x190 [ 115.213899][ T5339] memory_max_write+0x355/0x470 [ 115.218773][ T5339] ? memory_max_show+0xa0/0xa0 [ 115.223554][ T5339] ? read_lock_is_recursive+0x20/0x20 [ 115.228950][ T5339] ? memory_max_show+0xa0/0xa0 [ 115.233731][ T5339] cgroup_file_write+0x2b1/0x780 [ 115.238687][ T5339] ? cgroup_seqfile_stop+0xd0/0xd0 [ 115.243808][ T5339] ? __virt_addr_valid+0x22f/0x2e0 [ 115.248963][ T5339] ? cgroup_seqfile_stop+0xd0/0xd0 [ 115.254090][ T5339] kernfs_fop_write_iter+0x3a6/0x4f0 [ 115.259400][ T5339] vfs_write+0x7b2/0xbb0 [ 115.263670][ T5339] ? file_end_write+0x240/0x240 [ 115.268557][ T5339] ? do_raw_spin_unlock+0x13b/0x8b0 [ 115.273794][ T5339] ? lockdep_hardirqs_on+0x98/0x140 [ 115.279036][ T5339] ? __fdget_pos+0x265/0x2f0 [ 115.283661][ T5339] ksys_write+0x1a0/0x2c0 [ 115.288018][ T5339] ? __ia32_sys_read+0x90/0x90 [ 115.292798][ T5339] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 115.298818][ T5339] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 115.304820][ T5339] do_syscall_64+0x41/0xc0 [ 115.309256][ T5339] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.315175][ T5339] RIP: 0033:0x7fd49ce20129 [ 115.319600][ T5339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 115.339214][ T5339] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.347640][ T5339] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 115.355619][ T5339] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 115.363599][ T5339] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5333] close(4 [pid 5330] +++ exited with 0 +++ [pid 5333] <... close resumed>) = 0 [pid 5333] close(5) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5333] close(6 [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5333] <... close resumed>) = 0 [pid 5333] close(7) = -1 EBADF (Bad file descriptor) [pid 5333] close(8) = -1 EBADF (Bad file descriptor) [pid 5333] close(9) = -1 EBADF (Bad file descriptor) [pid 5072] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5333] close(10 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] <... openat resumed>) = 3 [pid 5333] close(11) = -1 EBADF (Bad file descriptor) [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, [pid 5333] close(12) = -1 EBADF (Bad file descriptor) [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5333] close(13 [pid 5072] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5333] close(14 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] lstat("./10/binderfs", [pid 5333] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5333] close(16 [pid 5072] unlink("./10/binderfs" [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5333] close(17) = -1 EBADF (Bad file descriptor) [pid 5333] close(18 [pid 5072] <... unlink resumed>) = 0 [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5333] close(19) = -1 EBADF (Bad file descriptor) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5333] close(20) = -1 EBADF (Bad file descriptor) [pid 5072] lstat("./10/cgroup", [pid 5333] close(21 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] unlink("./10/cgroup" [pid 5333] close(22) = -1 EBADF (Bad file descriptor) [pid 5333] close(23) = -1 EBADF (Bad file descriptor) [pid 5333] close(24) = -1 EBADF (Bad file descriptor) [pid 5333] close(25) = -1 EBADF (Bad file descriptor) [pid 5072] <... unlink resumed>) = 0 [pid 5333] close(26 [pid 5072] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5333] close(27 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5333] close(28) = -1 EBADF (Bad file descriptor) [pid 5072] lstat("./10/cgroup.net", [pid 5333] close(29) = -1 EBADF (Bad file descriptor) [pid 5333] exit_group(0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5333] <... exit_group resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5072] unlink("./10/cgroup.net" [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] <... unlink resumed>) = 0 [pid 5074] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] <... umount2 resumed>) = 0 [pid 5074] fstat(3, [ 115.371581][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 115.379562][ T5339] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000010 [ 115.387560][ T5339] [ 115.393839][ T5339] memory: usage 12kB, limit 0kB, failcnt 55 [ 115.400924][ T5339] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] getdents64(3, [pid 5072] lstat("./10/file0", [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./16/binderfs") = 0 [pid 5074] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./16/cgroup") = 0 [pid 5074] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./16/cgroup.net") = 0 [pid 5074] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./10/file0") = 0 [pid 5072] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./10/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./10") = 0 [ 115.459197][ T5339] Memory cgroup stats for /syz1: [ 115.459688][ T5339] anon 0 [ 115.459688][ T5339] file 0 [ 115.459688][ T5339] kernel 12288 [ 115.459688][ T5339] kernel_stack 0 [ 115.459688][ T5339] pagetables 0 [ 115.459688][ T5339] sec_pagetables 0 [ 115.459688][ T5339] percpu 0 [ 115.459688][ T5339] sock 0 [ 115.459688][ T5339] vmalloc 0 [ 115.459688][ T5339] shmem 0 [ 115.459688][ T5339] zswap 0 [ 115.459688][ T5339] zswapped 0 [ 115.459688][ T5339] file_mapped 0 [ 115.459688][ T5339] file_dirty 0 [pid 5072] mkdir("./11", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 13 ./strace-static-x86_64: Process 5352 attached [pid 5352] chdir("./11") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5352] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5352] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] mkdir("./file0", 000) = 0 [pid 5352] open("./file0", O_RDONLY) = 3 [pid 5352] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5352] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 115.459688][ T5339] file_writeback 0 [ 115.459688][ T5339] swapcached 0 [ 115.459688][ T5339] anon_thp 0 [ 115.459688][ T5339] file_thp 0 [ 115.459688][ T5339] shmem_thp 0 [ 115.459688][ T5339] inactive_anon 0 [ 115.459688][ T5339] active_anon 0 [ 115.459688][ T5339] inactive_file 0 [ 115.459688][ T5339] active_file 0 [ 115.459688][ T5339] unevictable 0 [ 115.459688][ T5339] slab_reclaimable 9328 [ 115.459688][ T5339] slab_unreclaimable 0 [ 115.459688][ T5339] slab 9328 [ 115.459688][ T5339] workingset_refault_anon 0 [pid 5074] <... umount2 resumed>) = 0 [pid 5074] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./16/file0") = 0 [pid 5074] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./16/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5352] openat(4, "syz1", O_RDWR|O_PATH [pid 5074] close(3 [pid 5352] <... openat resumed>) = 5 [pid 5074] <... close resumed>) = 0 [pid 5352] openat(5, "memory.max", O_RDWR [pid 5074] rmdir("./16" [pid 5352] <... openat resumed>) = 6 [pid 5074] <... rmdir resumed>) = 0 [pid 5352] write(6, "0x000000000000040e", 18 [pid 5074] mkdir("./17", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5355 attached [pid 5355] chdir("./17" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 19 [pid 5355] <... chdir resumed>) = 0 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 115.562549][ T5339] Tasks state (memory values in pages): [ 115.574435][ T5339] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5355] setpgid(0, 0) = 0 [pid 5355] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5355] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5355] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] <... write resumed>) = 18 [pid 5339] close(3 [pid 5355] write(3, "1000", 4 [pid 5339] <... close resumed>) = 0 [pid 5339] close(4) = 0 [pid 5339] close(5) = 0 [pid 5339] close(6 [pid 5355] <... write resumed>) = 4 [pid 5339] <... close resumed>) = 0 [pid 5355] close(3 [pid 5339] close(7 [pid 5355] <... close resumed>) = 0 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5355] symlink("/dev/binderfs", "./binderfs" [pid 5339] close(8 [pid 5355] <... symlink resumed>) = 0 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5355] mkdir("./file0", 000 [pid 5339] close(9 [pid 5355] <... mkdir resumed>) = 0 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5355] open("./file0", O_RDONLY [pid 5339] close(10 [pid 5355] <... open resumed>) = 3 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5355] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5339] close(11 [pid 5355] <... mount resumed>) = 0 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5355] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5355] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 115.606229][ T5339] Out of memory and no killable processes... [ 115.625238][ T5341] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5339] close(12 [pid 5355] openat(5, "memory.max", O_RDWR) = 6 [ 115.668998][ T5341] CPU: 0 PID: 5341 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 115.679497][ T5341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 115.689591][ T5341] Call Trace: [ 115.692906][ T5341] [ 115.695878][ T5341] dump_stack_lvl+0x1e7/0x2d0 [ 115.700618][ T5341] ? nf_tcp_handle_invalid+0x640/0x640 [ 115.706129][ T5341] ? panic+0x770/0x770 [ 115.710264][ T5341] dump_header+0xdc/0x940 [ 115.714665][ T5341] out_of_memory+0xf21/0x12c0 [ 115.719397][ T5341] ? mutex_lock_io_nested+0x60/0x60 [ 115.724654][ T5341] ? preempt_schedule+0xdd/0xf0 [ 115.729551][ T5341] ? unregister_oom_notifier+0x20/0x20 [ 115.735121][ T5341] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 115.741289][ T5341] mem_cgroup_out_of_memory+0x263/0x3b0 [ 115.747066][ T5341] ? preempt_schedule_thunk+0x1a/0x20 [ 115.752510][ T5341] ? mem_cgroup_oom_trylock+0x210/0x210 [ 115.758134][ T5341] ? cgroup_file_notify+0x127/0x190 [ 115.763469][ T5341] memory_max_write+0x355/0x470 [ 115.768467][ T5341] ? memory_max_show+0xa0/0xa0 [ 115.773280][ T5341] ? read_lock_is_recursive+0x20/0x20 [ 115.778689][ T5341] ? memory_max_show+0xa0/0xa0 [ 115.783500][ T5341] cgroup_file_write+0x2b1/0x780 [ 115.788530][ T5341] ? cgroup_seqfile_stop+0xd0/0xd0 [ 115.793698][ T5341] ? __virt_addr_valid+0x22f/0x2e0 [ 115.798865][ T5341] ? cgroup_seqfile_stop+0xd0/0xd0 [ 115.803997][ T5341] kernfs_fop_write_iter+0x3a6/0x4f0 [ 115.809322][ T5341] vfs_write+0x7b2/0xbb0 [ 115.813601][ T5341] ? file_end_write+0x240/0x240 [ 115.818492][ T5341] ? do_raw_spin_unlock+0x13b/0x8b0 [ 115.823747][ T5341] ? lockdep_hardirqs_on+0x98/0x140 [ 115.828990][ T5341] ? __fdget_pos+0x265/0x2f0 [ 115.833607][ T5341] ksys_write+0x1a0/0x2c0 [ 115.837980][ T5341] ? __ia32_sys_read+0x90/0x90 [ 115.842758][ T5341] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 115.848761][ T5341] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 115.854764][ T5341] do_syscall_64+0x41/0xc0 [ 115.859202][ T5341] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.865115][ T5341] RIP: 0033:0x7fd49ce20129 [ 115.869545][ T5341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 115.889235][ T5341] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.897681][ T5341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 115.905786][ T5341] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5355] write(6, "0x000000000000040e", 18 [pid 5339] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5339] close(13) = -1 EBADF (Bad file descriptor) [pid 5339] close(14) = -1 EBADF (Bad file descriptor) [pid 5339] close(15) = -1 EBADF (Bad file descriptor) [pid 5339] close(16) = -1 EBADF (Bad file descriptor) [pid 5339] close(17) = -1 EBADF (Bad file descriptor) [pid 5339] close(18) = -1 EBADF (Bad file descriptor) [pid 5339] close(19) = -1 EBADF (Bad file descriptor) [pid 5339] close(20) = -1 EBADF (Bad file descriptor) [pid 5339] close(21) = -1 EBADF (Bad file descriptor) [pid 5339] close(22) = -1 EBADF (Bad file descriptor) [pid 5339] close(23) = -1 EBADF (Bad file descriptor) [pid 5339] close(24) = -1 EBADF (Bad file descriptor) [pid 5339] close(25) = -1 EBADF (Bad file descriptor) [pid 5339] close(26) = -1 EBADF (Bad file descriptor) [pid 5339] close(27) = -1 EBADF (Bad file descriptor) [pid 5339] close(28) = -1 EBADF (Bad file descriptor) [pid 5339] close(29) = -1 EBADF (Bad file descriptor) [pid 5339] exit_group(0) = ? [ 115.913768][ T5341] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 115.921776][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 115.929819][ T5341] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000d [ 115.937921][ T5341] [pid 5339] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./16/binderfs") = 0 [pid 5075] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./16/cgroup") = 0 [pid 5075] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./16/cgroup.net") = 0 [ 115.960882][ T5341] memory: usage 12kB, limit 0kB, failcnt 55 [ 115.967571][ T5341] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 115.974915][ T5341] Memory cgroup stats for /syz1: [ 115.975295][ T5341] anon 0 [ 115.975295][ T5341] file 0 [ 115.975295][ T5341] kernel 12288 [ 115.975295][ T5341] kernel_stack 0 [ 115.975295][ T5341] pagetables 0 [ 115.975295][ T5341] sec_pagetables 0 [ 115.975295][ T5341] percpu 0 [ 115.975295][ T5341] sock 0 [ 115.975295][ T5341] vmalloc 0 [ 115.975295][ T5341] shmem 0 [ 115.975295][ T5341] zswap 0 [ 115.975295][ T5341] zswapped 0 [ 115.975295][ T5341] file_mapped 0 [ 115.975295][ T5341] file_dirty 0 [ 115.975295][ T5341] file_writeback 0 [ 115.975295][ T5341] swapcached 0 [ 115.975295][ T5341] anon_thp 0 [ 115.975295][ T5341] file_thp 0 [ 115.975295][ T5341] shmem_thp 0 [ 115.975295][ T5341] inactive_anon 0 [ 115.975295][ T5341] active_anon 0 [ 115.975295][ T5341] inactive_file 0 [ 115.975295][ T5341] active_file 0 [ 115.975295][ T5341] unevictable 0 [ 115.975295][ T5341] slab_reclaimable 9328 [pid 5075] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5341] <... write resumed>) = 18 [ 115.975295][ T5341] slab_unreclaimable 0 [ 115.975295][ T5341] slab 9328 [ 115.975295][ T5341] workingset_refault_anon 0 [ 116.074581][ T5341] Tasks state (memory values in pages): [ 116.080798][ T5341] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 116.090757][ T5341] Out of memory and no killable processes... [ 116.097236][ T5346] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 116.108175][ T5346] CPU: 1 PID: 5346 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 116.118649][ T5346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 116.128753][ T5346] Call Trace: [ 116.132062][ T5346] [ 116.135039][ T5346] dump_stack_lvl+0x1e7/0x2d0 [ 116.139779][ T5346] ? nf_tcp_handle_invalid+0x640/0x640 [ 116.145299][ T5346] ? panic+0x770/0x770 [ 116.149437][ T5346] dump_header+0xdc/0x940 [ 116.153827][ T5346] out_of_memory+0xf21/0x12c0 [ 116.158564][ T5346] ? mutex_lock_io_nested+0x60/0x60 [ 116.163824][ T5346] ? mark_lock+0x9a/0x340 [ 116.168202][ T5346] ? unregister_oom_notifier+0x20/0x20 [ 116.173714][ T5346] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 116.179767][ T5346] mem_cgroup_out_of_memory+0x263/0x3b0 [ 116.185377][ T5346] ? mem_cgroup_oom_trylock+0x210/0x210 [ 116.190998][ T5346] ? cgroup_file_notify+0x127/0x190 [ 116.196252][ T5346] memory_max_write+0x355/0x470 [ 116.201160][ T5346] ? memory_max_show+0xa0/0xa0 [ 116.205999][ T5346] ? read_lock_is_recursive+0x20/0x20 [ 116.211440][ T5346] ? memory_max_show+0xa0/0xa0 [ 116.216265][ T5346] cgroup_file_write+0x2b1/0x780 [ 116.221258][ T5346] ? cgroup_seqfile_stop+0xd0/0xd0 [ 116.226428][ T5346] ? __virt_addr_valid+0x22f/0x2e0 [ 116.231608][ T5346] ? cgroup_seqfile_stop+0xd0/0xd0 [ 116.236767][ T5346] kernfs_fop_write_iter+0x3a6/0x4f0 [ 116.242128][ T5346] vfs_write+0x7b2/0xbb0 [ 116.246439][ T5346] ? file_end_write+0x240/0x240 [ 116.251347][ T5346] ? do_raw_spin_unlock+0x13b/0x8b0 [ 116.256596][ T5346] ? lockdep_hardirqs_on+0x98/0x140 [pid 5075] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 116.261852][ T5346] ? __fdget_pos+0x265/0x2f0 [ 116.266495][ T5346] ksys_write+0x1a0/0x2c0 [ 116.270886][ T5346] ? __ia32_sys_read+0x90/0x90 [ 116.275708][ T5346] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 116.281770][ T5346] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 116.287824][ T5346] do_syscall_64+0x41/0xc0 [ 116.292301][ T5346] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.298264][ T5346] RIP: 0033:0x7fd49ce20129 [ 116.302722][ T5346] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 116.322382][ T5346] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.330861][ T5346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 116.338882][ T5346] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 116.346899][ T5346] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 116.354913][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./16/file0") = 0 [pid 5075] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./16/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./16") = 0 [pid 5075] mkdir("./17", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 19 [pid 5341] close(3) = 0 [pid 5341] close(4) = 0 [pid 5341] close(5) = 0 [pid 5341] close(6) = 0 [pid 5341] close(7) = -1 EBADF (Bad file descriptor) [pid 5341] close(8) = -1 EBADF (Bad file descriptor) [pid 5341] close(9) = -1 EBADF (Bad file descriptor) [pid 5341] close(10) = -1 EBADF (Bad file descriptor) [pid 5341] close(11) = -1 EBADF (Bad file descriptor) [pid 5341] close(12) = -1 EBADF (Bad file descriptor) [pid 5341] close(13) = -1 EBADF (Bad file descriptor) [pid 5341] close(14) = -1 EBADF (Bad file descriptor) [pid 5341] close(15) = -1 EBADF (Bad file descriptor) [pid 5341] close(16) = -1 EBADF (Bad file descriptor) [pid 5341] close(17) = -1 EBADF (Bad file descriptor) [pid 5341] close(18) = -1 EBADF (Bad file descriptor) [pid 5341] close(19) = -1 EBADF (Bad file descriptor) [pid 5341] close(20) = -1 EBADF (Bad file descriptor) [pid 5341] close(21) = -1 EBADF (Bad file descriptor) [pid 5341] close(22) = -1 EBADF (Bad file descriptor) [pid 5341] close(23) = -1 EBADF (Bad file descriptor) [pid 5341] close(24) = -1 EBADF (Bad file descriptor) [pid 5341] close(25) = -1 EBADF (Bad file descriptor) [pid 5341] close(26) = -1 EBADF (Bad file descriptor) [pid 5341] close(27) = -1 EBADF (Bad file descriptor) [pid 5341] close(28) = -1 EBADF (Bad file descriptor) [pid 5341] close(29) = -1 EBADF (Bad file descriptor) [pid 5341] exit_group(0./strace-static-x86_64: Process 5358 attached ) = ? [pid 5358] chdir("./17" [pid 5341] +++ exited with 0 +++ [pid 5358] <... chdir resumed>) = 0 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] restart_syscall(<... resuming interrupted clone ...> [pid 5358] <... prctl resumed>) = 0 [pid 5073] <... restart_syscall resumed>) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5073] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5358] <... symlink resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5358] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5073] <... openat resumed>) = 3 [pid 5073] fstat(3, [pid 5358] <... symlink resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5358] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5073] getdents64(3, [pid 5358] <... symlink resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5073] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] <... openat resumed>) = 3 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5358] write(3, "1000", 4 [pid 5073] lstat("./13/binderfs", [pid 5358] <... write resumed>) = 4 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5358] close(3 [pid 5073] unlink("./13/binderfs" [pid 5358] <... close resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs" [ 116.362932][ T5346] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000a [ 116.370979][ T5346] [pid 5073] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] <... symlink resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5358] mkdir("./file0", 000 [pid 5073] lstat("./13/cgroup", [pid 5358] <... mkdir resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5358] open("./file0", O_RDONLY [pid 5073] unlink("./13/cgroup" [pid 5358] <... open resumed>) = 3 [pid 5073] <... unlink resumed>) = 0 [pid 5358] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5073] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] <... mount resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5358] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5073] lstat("./13/cgroup.net", [pid 5358] <... openat resumed>) = 4 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5358] openat(4, "syz1", O_RDWR|O_PATH [pid 5073] unlink("./13/cgroup.net" [pid 5358] <... openat resumed>) = 5 [pid 5073] <... unlink resumed>) = 0 [pid 5358] openat(5, "memory.max", O_RDWR [pid 5073] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] <... openat resumed>) = 6 [pid 5358] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./13/file0") = 0 [pid 5073] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./13/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 116.446727][ T5346] memory: usage 12kB, limit 0kB, failcnt 55 [ 116.452718][ T5346] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 116.486682][ T5346] Memory cgroup stats for /syz1: [ 116.486890][ T5346] anon 0 [ 116.486890][ T5346] file 0 [ 116.486890][ T5346] kernel 12288 [ 116.486890][ T5346] kernel_stack 0 [ 116.486890][ T5346] pagetables 0 [ 116.486890][ T5346] sec_pagetables 0 [ 116.486890][ T5346] percpu 0 [ 116.486890][ T5346] sock 0 [ 116.486890][ T5346] vmalloc 0 [ 116.486890][ T5346] shmem 0 [ 116.486890][ T5346] zswap 0 [ 116.486890][ T5346] zswapped 0 [ 116.486890][ T5346] file_mapped 0 [ 116.486890][ T5346] file_dirty 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./13") = 0 [pid 5073] mkdir("./14", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5361 attached [pid 5361] chdir("./14" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 16 [pid 5361] <... chdir resumed>) = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5361] setpgid(0, 0) = 0 [pid 5361] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5361] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5361] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [ 116.486890][ T5346] file_writeback 0 [ 116.486890][ T5346] swapcached 0 [ 116.486890][ T5346] anon_thp 0 [ 116.486890][ T5346] file_thp 0 [ 116.486890][ T5346] shmem_thp 0 [ 116.486890][ T5346] inactive_anon 0 [ 116.486890][ T5346] active_anon 0 [ 116.486890][ T5346] inactive_file 0 [ 116.486890][ T5346] active_file 0 [ 116.486890][ T5346] unevictable 0 [ 116.486890][ T5346] slab_reclaimable 9328 [ 116.486890][ T5346] slab_unreclaimable 0 [ 116.486890][ T5346] slab 9328 [ 116.486890][ T5346] workingset_refault_anon 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] mkdir("./file0", 000) = 0 [pid 5361] open("./file0", O_RDONLY) = 3 [pid 5361] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5361] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5361] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5361] openat(5, "memory.max", O_RDWR) = 6 [pid 5361] write(6, "0x000000000000040e", 18 [pid 5346] <... write resumed>) = 18 [pid 5346] close(3) = 0 [pid 5346] close(4) = 0 [pid 5346] close(5) = 0 [pid 5346] close(6) = 0 [pid 5346] close(7) = -1 EBADF (Bad file descriptor) [pid 5346] close(8) = -1 EBADF (Bad file descriptor) [pid 5346] close(9) = -1 EBADF (Bad file descriptor) [pid 5346] close(10) = -1 EBADF (Bad file descriptor) [ 116.631570][ T5346] Tasks state (memory values in pages): [ 116.640790][ T5346] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 116.653929][ T5346] Out of memory and no killable processes... [ 116.664656][ T5352] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5346] close(11) = -1 EBADF (Bad file descriptor) [pid 5346] close(12) = -1 EBADF (Bad file descriptor) [pid 5346] close(13) = -1 EBADF (Bad file descriptor) [pid 5346] close(14) = -1 EBADF (Bad file descriptor) [pid 5346] close(15) = -1 EBADF (Bad file descriptor) [pid 5346] close(16) = -1 EBADF (Bad file descriptor) [pid 5346] close(17) = -1 EBADF (Bad file descriptor) [pid 5346] close(18) = -1 EBADF (Bad file descriptor) [pid 5346] close(19) = -1 EBADF (Bad file descriptor) [pid 5346] close(20) = -1 EBADF (Bad file descriptor) [pid 5346] close(21) = -1 EBADF (Bad file descriptor) [pid 5346] close(22) = -1 EBADF (Bad file descriptor) [pid 5346] close(23) = -1 EBADF (Bad file descriptor) [ 116.684286][ T5352] CPU: 1 PID: 5352 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 116.694780][ T5352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 116.704887][ T5352] Call Trace: [ 116.708212][ T5352] [ 116.711193][ T5352] dump_stack_lvl+0x1e7/0x2d0 [ 116.715939][ T5352] ? nf_tcp_handle_invalid+0x640/0x640 [ 116.721454][ T5352] ? panic+0x770/0x770 [ 116.725590][ T5352] dump_header+0xdc/0x940 [ 116.729976][ T5352] out_of_memory+0xf21/0x12c0 [pid 5346] close(24) = -1 EBADF (Bad file descriptor) [pid 5346] close(25) = -1 EBADF (Bad file descriptor) [pid 5346] close(26) = -1 EBADF (Bad file descriptor) [pid 5346] close(27) = -1 EBADF (Bad file descriptor) [pid 5346] close(28) = -1 EBADF (Bad file descriptor) [pid 5346] close(29) = -1 EBADF (Bad file descriptor) [pid 5346] exit_group(0) = ? [pid 5346] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 116.734707][ T5352] ? mutex_lock_io_nested+0x60/0x60 [ 116.739964][ T5352] ? preempt_schedule+0xdd/0xf0 [ 116.744869][ T5352] ? unregister_oom_notifier+0x20/0x20 [ 116.750380][ T5352] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 116.756428][ T5352] mem_cgroup_out_of_memory+0x263/0x3b0 [ 116.762021][ T5352] ? preempt_schedule_thunk+0x1a/0x20 [ 116.767421][ T5352] ? mem_cgroup_oom_trylock+0x210/0x210 [ 116.772999][ T5352] ? cgroup_file_notify+0x127/0x190 [ 116.778241][ T5352] memory_max_write+0x355/0x470 [ 116.783119][ T5352] ? memory_max_show+0xa0/0xa0 [ 116.787904][ T5352] ? read_lock_is_recursive+0x20/0x20 [ 116.793295][ T5352] ? memory_max_show+0xa0/0xa0 [ 116.798074][ T5352] cgroup_file_write+0x2b1/0x780 [ 116.803049][ T5352] ? cgroup_seqfile_stop+0xd0/0xd0 [ 116.808175][ T5352] ? __virt_addr_valid+0x22f/0x2e0 [ 116.813326][ T5352] ? cgroup_seqfile_stop+0xd0/0xd0 [ 116.818461][ T5352] kernfs_fop_write_iter+0x3a6/0x4f0 [ 116.823772][ T5352] vfs_write+0x7b2/0xbb0 [ 116.828044][ T5352] ? file_end_write+0x240/0x240 [ 116.832919][ T5352] ? do_raw_spin_unlock+0x13b/0x8b0 [ 116.838134][ T5352] ? lockdep_hardirqs_on+0x98/0x140 [ 116.843361][ T5352] ? __fdget_pos+0x265/0x2f0 [ 116.847974][ T5352] ksys_write+0x1a0/0x2c0 [ 116.852364][ T5352] ? __ia32_sys_read+0x90/0x90 [ 116.857185][ T5352] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 116.863233][ T5352] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 116.869272][ T5352] do_syscall_64+0x41/0xc0 [ 116.873721][ T5352] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.879653][ T5352] RIP: 0033:0x7fd49ce20129 [ 116.884082][ T5352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 116.903700][ T5352] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.912127][ T5352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 116.920131][ T5352] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./10/binderfs") = 0 [pid 5070] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./10/cgroup") = 0 [ 116.928113][ T5352] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 116.936093][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 116.944091][ T5352] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000b [ 116.952180][ T5352] [ 116.962856][ T5352] memory: usage 12kB, limit 0kB, failcnt 55 [ 116.970296][ T5352] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./10/cgroup.net") = 0 [ 116.978780][ T5352] Memory cgroup stats for /syz1: [ 116.980193][ T5352] anon 0 [ 116.980193][ T5352] file 0 [ 116.980193][ T5352] kernel 12288 [ 116.980193][ T5352] kernel_stack 0 [ 116.980193][ T5352] pagetables 0 [ 116.980193][ T5352] sec_pagetables 0 [ 116.980193][ T5352] percpu 0 [ 116.980193][ T5352] sock 0 [ 116.980193][ T5352] vmalloc 0 [ 116.980193][ T5352] shmem 0 [ 116.980193][ T5352] zswap 0 [ 116.980193][ T5352] zswapped 0 [ 116.980193][ T5352] file_mapped 0 [ 116.980193][ T5352] file_dirty 0 [ 116.980193][ T5352] file_writeback 0 [pid 5070] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 116.980193][ T5352] swapcached 0 [ 116.980193][ T5352] anon_thp 0 [ 116.980193][ T5352] file_thp 0 [ 116.980193][ T5352] shmem_thp 0 [ 116.980193][ T5352] inactive_anon 0 [ 116.980193][ T5352] active_anon 0 [ 116.980193][ T5352] inactive_file 0 [ 116.980193][ T5352] active_file 0 [ 116.980193][ T5352] unevictable 0 [ 116.980193][ T5352] slab_reclaimable 9328 [ 116.980193][ T5352] slab_unreclaimable 0 [ 116.980193][ T5352] slab 9328 [ 116.980193][ T5352] workingset_refault_anon 0 [pid 5070] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./10/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./10/file0") = 0 [ 117.081949][ T5352] Tasks state (memory values in pages): [pid 5070] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./10/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./10") = 0 [pid 5070] mkdir("./11", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5366 attached [pid 5366] chdir("./11" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 13 [pid 5352] <... write resumed>) = 18 [pid 5352] close(3) = 0 [pid 5352] close(4) = 0 [pid 5352] close(5) = 0 [pid 5352] close(6) = 0 [pid 5352] close(7) = -1 EBADF (Bad file descriptor) [pid 5352] close(8) = -1 EBADF (Bad file descriptor) [pid 5352] close(9) = -1 EBADF (Bad file descriptor) [pid 5352] close(10) = -1 EBADF (Bad file descriptor) [pid 5352] close(11) = -1 EBADF (Bad file descriptor) [pid 5352] close(12) = -1 EBADF (Bad file descriptor) [pid 5352] close(13) = -1 EBADF (Bad file descriptor) [ 117.117592][ T5352] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 117.141360][ T5352] Out of memory and no killable processes... [ 117.156905][ T5355] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5352] close(14) = -1 EBADF (Bad file descriptor) [pid 5352] close(15 [pid 5366] <... chdir resumed>) = 0 [pid 5352] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5352] close(16) = -1 EBADF (Bad file descriptor) [pid 5352] close(17) = -1 EBADF (Bad file descriptor) [pid 5352] close(18) = -1 EBADF (Bad file descriptor) [pid 5352] close(19) = -1 EBADF (Bad file descriptor) [pid 5352] close(20) = -1 EBADF (Bad file descriptor) [pid 5352] close(21) = -1 EBADF (Bad file descriptor) [pid 5352] close(22) = -1 EBADF (Bad file descriptor) [pid 5352] close(23) = -1 EBADF (Bad file descriptor) [pid 5352] close(24) = -1 EBADF (Bad file descriptor) [pid 5352] close(25) = -1 EBADF (Bad file descriptor) [pid 5352] close(26) = -1 EBADF (Bad file descriptor) [pid 5352] close(27) = -1 EBADF (Bad file descriptor) [pid 5352] close(28) = -1 EBADF (Bad file descriptor) [pid 5352] close(29) = -1 EBADF (Bad file descriptor) [pid 5352] exit_group(0) = ? [pid 5352] +++ exited with 0 +++ [pid 5366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5072] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./11/binderfs") = 0 [pid 5072] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./11/cgroup") = 0 [pid 5072] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./11/cgroup.net") = 0 [ 117.168907][ T5355] CPU: 1 PID: 5355 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 117.179378][ T5355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 117.189480][ T5355] Call Trace: [ 117.192809][ T5355] [ 117.195793][ T5355] dump_stack_lvl+0x1e7/0x2d0 [ 117.200537][ T5355] ? nf_tcp_handle_invalid+0x640/0x640 [ 117.206053][ T5355] ? panic+0x770/0x770 [ 117.210187][ T5355] dump_header+0xdc/0x940 [ 117.214572][ T5355] out_of_memory+0xf21/0x12c0 [pid 5072] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5366] <... prctl resumed>) = 0 [pid 5366] setpgid(0, 0) = 0 [pid 5366] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5366] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5366] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5366] write(3, "1000", 4) = 4 [pid 5366] close(3) = 0 [pid 5366] symlink("/dev/binderfs", "./binderfs") = 0 [ 117.219309][ T5355] ? mutex_lock_io_nested+0x60/0x60 [ 117.224565][ T5355] ? mark_lock+0x9a/0x340 [ 117.228935][ T5355] ? unregister_oom_notifier+0x20/0x20 [ 117.234453][ T5355] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 117.240502][ T5355] mem_cgroup_out_of_memory+0x263/0x3b0 [ 117.246122][ T5355] ? mem_cgroup_oom_trylock+0x210/0x210 [ 117.251770][ T5355] ? cgroup_file_notify+0x10a/0x190 [ 117.257032][ T5355] memory_max_write+0x355/0x470 [ 117.261955][ T5355] ? memory_max_show+0xa0/0xa0 [ 117.266780][ T5355] ? read_lock_is_recursive+0x20/0x20 [ 117.272213][ T5355] ? memory_max_show+0xa0/0xa0 [ 117.277036][ T5355] cgroup_file_write+0x2b1/0x780 [ 117.282026][ T5355] ? cgroup_seqfile_stop+0xd0/0xd0 [ 117.287178][ T5355] ? __virt_addr_valid+0x22f/0x2e0 [ 117.292355][ T5355] ? cgroup_seqfile_stop+0xd0/0xd0 [ 117.297505][ T5355] kernfs_fop_write_iter+0x3a6/0x4f0 [ 117.302847][ T5355] vfs_write+0x7b2/0xbb0 [ 117.307147][ T5355] ? file_end_write+0x240/0x240 [ 117.312052][ T5355] ? do_raw_spin_unlock+0x13b/0x8b0 [ 117.317299][ T5355] ? lockdep_hardirqs_on+0x98/0x140 [ 117.322554][ T5355] ? __fdget_pos+0x265/0x2f0 [ 117.327195][ T5355] ksys_write+0x1a0/0x2c0 [ 117.331578][ T5355] ? __ia32_sys_read+0x90/0x90 [ 117.336384][ T5355] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 117.342421][ T5355] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 117.348454][ T5355] do_syscall_64+0x41/0xc0 [ 117.352919][ T5355] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.358986][ T5355] RIP: 0033:0x7fd49ce20129 [ 117.363461][ T5355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 117.383117][ T5355] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.391591][ T5355] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 117.399608][ T5355] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 117.407623][ T5355] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5366] mkdir("./file0", 000) = 0 [pid 5366] open("./file0", O_RDONLY) = 3 [pid 5366] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5366] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5366] openat(5, "memory.max", O_RDWR) = 6 [pid 5366] write(6, "0x000000000000040e", 18 [pid 5072] <... umount2 resumed>) = 0 [pid 5072] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./11/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 117.415635][ T5355] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 117.423654][ T5355] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000011 [ 117.431712][ T5355] [ 117.445963][ T5355] memory: usage 12kB, limit 0kB, failcnt 55 [ 117.452380][ T5355] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 117.460477][ T5355] Memory cgroup stats for /syz1: [ 117.460684][ T5355] anon 0 [ 117.460684][ T5355] file 0 [ 117.460684][ T5355] kernel 12288 [ 117.460684][ T5355] kernel_stack 0 [ 117.460684][ T5355] pagetables 0 [ 117.460684][ T5355] sec_pagetables 0 [ 117.460684][ T5355] percpu 0 [ 117.460684][ T5355] sock 0 [ 117.460684][ T5355] vmalloc 0 [ 117.460684][ T5355] shmem 0 [ 117.460684][ T5355] zswap 0 [ 117.460684][ T5355] zswapped 0 [ 117.460684][ T5355] file_mapped 0 [ 117.460684][ T5355] file_dirty 0 [ 117.460684][ T5355] file_writeback 0 [ 117.460684][ T5355] swapcached 0 [ 117.460684][ T5355] anon_thp 0 [ 117.460684][ T5355] file_thp 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./11/file0") = 0 [pid 5072] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./11/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./11") = 0 [pid 5072] mkdir("./12", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached [pid 5368] chdir("./12" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 14 [pid 5368] <... chdir resumed>) = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5368] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5368] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [ 117.460684][ T5355] shmem_thp 0 [ 117.460684][ T5355] inactive_anon 0 [ 117.460684][ T5355] active_anon 0 [ 117.460684][ T5355] inactive_file 0 [ 117.460684][ T5355] active_file 0 [ 117.460684][ T5355] unevictable 0 [ 117.460684][ T5355] slab_reclaimable 9328 [ 117.460684][ T5355] slab_unreclaimable 0 [ 117.460684][ T5355] slab 9328 [ 117.460684][ T5355] workingset_refault_anon 0 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] mkdir("./file0", 000) = 0 [pid 5368] open("./file0", O_RDONLY) = 3 [pid 5368] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5368] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5368] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5368] openat(5, "memory.max", O_RDWR) = 6 [pid 5368] write(6, "0x000000000000040e", 18 [pid 5355] <... write resumed>) = 18 [pid 5355] close(3) = 0 [pid 5355] close(4) = 0 [pid 5355] close(5) = 0 [pid 5355] close(6) = 0 [pid 5355] close(7) = -1 EBADF (Bad file descriptor) [pid 5355] close(8) = -1 EBADF (Bad file descriptor) [pid 5355] close(9) = -1 EBADF (Bad file descriptor) [pid 5355] close(10) = -1 EBADF (Bad file descriptor) [pid 5355] close(11) = -1 EBADF (Bad file descriptor) [pid 5355] close(12) = -1 EBADF (Bad file descriptor) [ 117.625565][ T5355] Tasks state (memory values in pages): [ 117.633364][ T5355] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 117.645175][ T5355] Out of memory and no killable processes... [ 117.653654][ T5358] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 117.690474][ T5358] CPU: 0 PID: 5358 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 117.700965][ T5358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 117.711059][ T5358] Call Trace: [ 117.714382][ T5358] [ 117.717345][ T5358] dump_stack_lvl+0x1e7/0x2d0 [ 117.722075][ T5358] ? nf_tcp_handle_invalid+0x640/0x640 [ 117.727579][ T5358] ? panic+0x770/0x770 [ 117.731706][ T5358] dump_header+0xdc/0x940 [ 117.736089][ T5358] out_of_memory+0xf21/0x12c0 [ 117.740812][ T5358] ? mutex_lock_io_nested+0x60/0x60 [ 117.746070][ T5358] ? preempt_schedule+0xdd/0xf0 [ 117.751003][ T5358] ? unregister_oom_notifier+0x20/0x20 [ 117.756497][ T5358] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 117.762515][ T5358] mem_cgroup_out_of_memory+0x263/0x3b0 [ 117.768091][ T5358] ? preempt_schedule_thunk+0x1a/0x20 [ 117.773497][ T5358] ? mem_cgroup_oom_trylock+0x210/0x210 [ 117.779082][ T5358] ? cgroup_file_notify+0x127/0x190 [ 117.784305][ T5358] memory_max_write+0x355/0x470 [ 117.789199][ T5358] ? memory_max_show+0xa0/0xa0 [ 117.793979][ T5358] ? read_lock_is_recursive+0x20/0x20 [ 117.799376][ T5358] ? memory_max_show+0xa0/0xa0 [ 117.804154][ T5358] cgroup_file_write+0x2b1/0x780 [ 117.809109][ T5358] ? cgroup_seqfile_stop+0xd0/0xd0 [ 117.814232][ T5358] ? __virt_addr_valid+0x22f/0x2e0 [ 117.819370][ T5358] ? cgroup_seqfile_stop+0xd0/0xd0 [ 117.824492][ T5358] kernfs_fop_write_iter+0x3a6/0x4f0 [ 117.829800][ T5358] vfs_write+0x7b2/0xbb0 [ 117.834065][ T5358] ? file_end_write+0x240/0x240 [ 117.838929][ T5358] ? do_raw_spin_unlock+0x13b/0x8b0 [ 117.844138][ T5358] ? lockdep_hardirqs_on+0x98/0x140 [ 117.849365][ T5358] ? __fdget_pos+0x265/0x2f0 [ 117.853976][ T5358] ksys_write+0x1a0/0x2c0 [ 117.858322][ T5358] ? __ia32_sys_read+0x90/0x90 [ 117.863097][ T5358] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 117.869099][ T5358] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 117.875122][ T5358] do_syscall_64+0x41/0xc0 [ 117.879569][ T5358] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.885497][ T5358] RIP: 0033:0x7fd49ce20129 [ 117.889935][ T5358] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 117.909579][ T5358] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.918019][ T5358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 117.926018][ T5358] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 117.933998][ T5358] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5355] close(13) = -1 EBADF (Bad file descriptor) [pid 5355] close(14) = -1 EBADF (Bad file descriptor) [pid 5355] close(15) = -1 EBADF (Bad file descriptor) [pid 5355] close(16) = -1 EBADF (Bad file descriptor) [pid 5355] close(17) = -1 EBADF (Bad file descriptor) [pid 5355] close(18) = -1 EBADF (Bad file descriptor) [pid 5355] close(19) = -1 EBADF (Bad file descriptor) [pid 5355] close(20) = -1 EBADF (Bad file descriptor) [pid 5355] close(21) = -1 EBADF (Bad file descriptor) [pid 5355] close(22) = -1 EBADF (Bad file descriptor) [ 117.941981][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 117.949963][ T5358] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000011 [ 117.957962][ T5358] [ 117.964766][ T5358] memory: usage 12kB, limit 0kB, failcnt 55 [ 117.977312][ T5358] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 117.984367][ T5358] Memory cgroup stats for /syz1: [pid 5355] close(23) = -1 EBADF (Bad file descriptor) [pid 5355] close(24) = -1 EBADF (Bad file descriptor) [pid 5355] close(25) = -1 EBADF (Bad file descriptor) [pid 5355] close(26) = -1 EBADF (Bad file descriptor) [pid 5355] close(27) = -1 EBADF (Bad file descriptor) [pid 5355] close(28) = -1 EBADF (Bad file descriptor) [pid 5355] close(29) = -1 EBADF (Bad file descriptor) [pid 5355] exit_group(0) = ? [pid 5355] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 117.984559][ T5358] anon 0 [ 117.984559][ T5358] file 0 [ 117.984559][ T5358] kernel 12288 [ 117.984559][ T5358] kernel_stack 0 [ 117.984559][ T5358] pagetables 0 [ 117.984559][ T5358] sec_pagetables 0 [ 117.984559][ T5358] percpu 0 [ 117.984559][ T5358] sock 0 [ 117.984559][ T5358] vmalloc 0 [ 117.984559][ T5358] shmem 0 [ 117.984559][ T5358] zswap 0 [ 117.984559][ T5358] zswapped 0 [ 117.984559][ T5358] file_mapped 0 [ 117.984559][ T5358] file_dirty 0 [ 117.984559][ T5358] file_writeback 0 [ 117.984559][ T5358] swapcached 0 [ 117.984559][ T5358] anon_thp 0 [pid 5074] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./17/binderfs") = 0 [pid 5074] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./17/cgroup") = 0 [pid 5074] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./17/cgroup.net") = 0 [ 117.984559][ T5358] file_thp 0 [ 117.984559][ T5358] shmem_thp 0 [ 117.984559][ T5358] inactive_anon 0 [ 117.984559][ T5358] active_anon 0 [ 117.984559][ T5358] inactive_file 0 [ 117.984559][ T5358] active_file 0 [ 117.984559][ T5358] unevictable 0 [ 117.984559][ T5358] slab_reclaimable 9328 [ 117.984559][ T5358] slab_unreclaimable 0 [ 117.984559][ T5358] slab 9328 [ 117.984559][ T5358] workingset_refault_anon 0 [pid 5074] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] <... write resumed>) = 18 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5358] close(3 [pid 5074] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5358] <... close resumed>) = 0 [pid 5358] close(4) = 0 [pid 5358] close(5) = 0 [pid 5358] close(6) = 0 [pid 5074] <... openat resumed>) = 4 [pid 5074] fstat(4, [pid 5358] close(7 [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5358] close(8 [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./17/file0" [pid 5358] close(9) = -1 EBADF (Bad file descriptor) [pid 5358] close(10) = -1 EBADF (Bad file descriptor) [pid 5074] <... rmdir resumed>) = 0 [pid 5074] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5358] close(11) = -1 EBADF (Bad file descriptor) [pid 5358] close(12 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./17/cgroup.cpu", [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./17/cgroup.cpu" [pid 5358] close(13) = -1 EBADF (Bad file descriptor) [pid 5074] <... unlink resumed>) = 0 [pid 5074] getdents64(3, [pid 5358] close(14 [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... close resumed>) = 0 [pid 5358] close(15 [pid 5074] rmdir("./17" [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5358] close(16) = -1 EBADF (Bad file descriptor) [pid 5358] close(17) = -1 EBADF (Bad file descriptor) [pid 5358] close(18) = -1 EBADF (Bad file descriptor) [pid 5358] close(19) = -1 EBADF (Bad file descriptor) [pid 5358] close(20) = -1 EBADF (Bad file descriptor) [pid 5358] close(21) = -1 EBADF (Bad file descriptor) [pid 5358] close(22) = -1 EBADF (Bad file descriptor) [pid 5074] <... rmdir resumed>) = 0 [pid 5074] mkdir("./18", 0777 [pid 5358] close(23) = -1 EBADF (Bad file descriptor) [pid 5358] close(24) = -1 EBADF (Bad file descriptor) [pid 5358] close(25) = -1 EBADF (Bad file descriptor) [pid 5358] close(26 [pid 5074] <... mkdir resumed>) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5358] close(27) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5373 attached [pid 5358] close(28 [pid 5373] chdir("./18" [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5373] <... chdir resumed>) = 0 [pid 5358] close(29 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 20 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5373] <... prctl resumed>) = 0 [ 118.088656][ T5358] Tasks state (memory values in pages): [ 118.094429][ T5358] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 118.106350][ T5358] Out of memory and no killable processes... [ 118.113736][ T5361] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 118.166980][ T5361] CPU: 1 PID: 5361 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 118.177491][ T5361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 118.187589][ T5361] Call Trace: [ 118.190886][ T5361] [ 118.193831][ T5361] dump_stack_lvl+0x1e7/0x2d0 [ 118.198534][ T5361] ? nf_tcp_handle_invalid+0x640/0x640 [ 118.204051][ T5361] ? panic+0x770/0x770 [ 118.208181][ T5361] dump_header+0xdc/0x940 [ 118.212551][ T5361] out_of_memory+0xf21/0x12c0 [ 118.217259][ T5361] ? mutex_lock_io_nested+0x60/0x60 [ 118.222493][ T5361] ? mark_lock+0x9a/0x340 [ 118.226841][ T5361] ? unregister_oom_notifier+0x20/0x20 [ 118.232321][ T5361] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 118.238332][ T5361] mem_cgroup_out_of_memory+0x263/0x3b0 [ 118.243906][ T5361] ? mem_cgroup_oom_trylock+0x210/0x210 [ 118.249482][ T5361] ? cgroup_file_notify+0x127/0x190 [ 118.254703][ T5361] memory_max_write+0x355/0x470 [ 118.259596][ T5361] ? memory_max_show+0xa0/0xa0 [ 118.264378][ T5361] ? read_lock_is_recursive+0x20/0x20 [ 118.269770][ T5361] ? memory_max_show+0xa0/0xa0 [ 118.274547][ T5361] cgroup_file_write+0x2b1/0x780 [ 118.279503][ T5361] ? cgroup_seqfile_stop+0xd0/0xd0 [ 118.284643][ T5361] ? __virt_addr_valid+0x22f/0x2e0 [ 118.289813][ T5361] ? cgroup_seqfile_stop+0xd0/0xd0 [ 118.294938][ T5361] kernfs_fop_write_iter+0x3a6/0x4f0 [ 118.300261][ T5361] vfs_write+0x7b2/0xbb0 [ 118.304530][ T5361] ? file_end_write+0x240/0x240 [ 118.309400][ T5361] ? do_raw_spin_unlock+0x13b/0x8b0 [ 118.314613][ T5361] ? lockdep_hardirqs_on+0x98/0x140 [ 118.319835][ T5361] ? __fdget_pos+0x265/0x2f0 [ 118.324438][ T5361] ksys_write+0x1a0/0x2c0 [ 118.328788][ T5361] ? __ia32_sys_read+0x90/0x90 [ 118.333563][ T5361] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 118.339565][ T5361] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 118.345583][ T5361] do_syscall_64+0x41/0xc0 [ 118.350032][ T5361] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.355968][ T5361] RIP: 0033:0x7fd49ce20129 [ 118.360392][ T5361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 118.380011][ T5361] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 118.388456][ T5361] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 118.396436][ T5361] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 118.404416][ T5361] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5358] exit_group(0 [pid 5373] setpgid(0, 0 [pid 5358] <... exit_group resumed>) = ? [pid 5373] <... setpgid resumed>) = 0 [pid 5358] +++ exited with 0 +++ [pid 5373] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5373] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5075] restart_syscall(<... resuming interrupted clone ...> [pid 5373] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5075] <... restart_syscall resumed>) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] mkdir("./file0", 000 [pid 5075] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5373] <... mkdir resumed>) = 0 [pid 5373] open("./file0", O_RDONLY) = 3 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5373] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5075] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5373] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5373] openat(4, "syz1", O_RDWR|O_PATH [pid 5075] <... openat resumed>) = 3 [pid 5373] <... openat resumed>) = 5 [pid 5373] openat(5, "memory.max", O_RDWR) = 6 [pid 5075] fstat(3, [pid 5373] write(6, "0x000000000000040e", 18 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 118.412401][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 118.420390][ T5361] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000e [ 118.428388][ T5361] [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./17/binderfs") = 0 [pid 5075] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./17/cgroup") = 0 [pid 5075] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./17/cgroup.net") = 0 [ 118.495256][ T5361] memory: usage 12kB, limit 0kB, failcnt 55 [ 118.504193][ T5361] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 118.517976][ T5361] Memory cgroup stats for /syz1: [ 118.518192][ T5361] anon 0 [ 118.518192][ T5361] file 0 [ 118.518192][ T5361] kernel 12288 [ 118.518192][ T5361] kernel_stack 0 [ 118.518192][ T5361] pagetables 0 [ 118.518192][ T5361] sec_pagetables 0 [ 118.518192][ T5361] percpu 0 [ 118.518192][ T5361] sock 0 [ 118.518192][ T5361] vmalloc 0 [ 118.518192][ T5361] shmem 0 [ 118.518192][ T5361] zswap 0 [ 118.518192][ T5361] zswapped 0 [ 118.518192][ T5361] file_mapped 0 [ 118.518192][ T5361] file_dirty 0 [ 118.518192][ T5361] file_writeback 0 [ 118.518192][ T5361] swapcached 0 [ 118.518192][ T5361] anon_thp 0 [ 118.518192][ T5361] file_thp 0 [ 118.518192][ T5361] shmem_thp 0 [ 118.518192][ T5361] inactive_anon 0 [ 118.518192][ T5361] active_anon 0 [ 118.518192][ T5361] inactive_file 0 [ 118.518192][ T5361] active_file 0 [pid 5075] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./17/file0") = 0 [pid 5075] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 118.518192][ T5361] unevictable 0 [ 118.518192][ T5361] slab_reclaimable 9328 [ 118.518192][ T5361] slab_unreclaimable 0 [ 118.518192][ T5361] slab 9328 [ 118.518192][ T5361] workingset_refault_anon 0 [pid 5075] unlink("./17/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./17") = 0 [pid 5075] mkdir("./18", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 20 ./strace-static-x86_64: Process 5377 attached [pid 5377] chdir("./18") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5377] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5377] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5361] <... write resumed>) = 18 [pid 5377] <... symlink resumed>) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5361] close(3 [pid 5377] <... openat resumed>) = 3 [pid 5361] <... close resumed>) = 0 [pid 5377] write(3, "1000", 4 [pid 5361] close(4 [pid 5377] <... write resumed>) = 4 [pid 5361] <... close resumed>) = 0 [pid 5377] close(3 [pid 5361] close(5 [pid 5377] <... close resumed>) = 0 [pid 5361] <... close resumed>) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs" [pid 5361] close(6 [pid 5377] <... symlink resumed>) = 0 [pid 5361] <... close resumed>) = 0 [pid 5377] mkdir("./file0", 000 [pid 5361] close(7 [pid 5377] <... mkdir resumed>) = 0 [pid 5361] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5377] open("./file0", O_RDONLY [ 118.645833][ T5361] Tasks state (memory values in pages): [ 118.651914][ T5361] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 118.670868][ T5361] Out of memory and no killable processes... [ 118.681190][ T5366] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5361] close(8 [pid 5377] <... open resumed>) = 3 [pid 5361] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 118.712660][ T5366] CPU: 0 PID: 5366 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 118.723167][ T5366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 118.733270][ T5366] Call Trace: [ 118.736585][ T5366] [ 118.739555][ T5366] dump_stack_lvl+0x1e7/0x2d0 [ 118.744309][ T5366] ? nf_tcp_handle_invalid+0x640/0x640 [ 118.749821][ T5366] ? panic+0x770/0x770 [ 118.754046][ T5366] dump_header+0xdc/0x940 [ 118.758437][ T5366] out_of_memory+0xf21/0x12c0 [ 118.763164][ T5366] ? mutex_lock_io_nested+0x60/0x60 [ 118.768417][ T5366] ? preempt_schedule+0xdd/0xf0 [ 118.773318][ T5366] ? unregister_oom_notifier+0x20/0x20 [ 118.778834][ T5366] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 118.784879][ T5366] mem_cgroup_out_of_memory+0x263/0x3b0 [ 118.790562][ T5366] ? preempt_schedule_thunk+0x1a/0x20 [ 118.795997][ T5366] ? mem_cgroup_oom_trylock+0x210/0x210 [ 118.801610][ T5366] ? cgroup_file_notify+0x127/0x190 [ 118.806866][ T5366] memory_max_write+0x355/0x470 [ 118.811780][ T5366] ? memory_max_show+0xa0/0xa0 [ 118.816593][ T5366] ? read_lock_is_recursive+0x20/0x20 [ 118.822016][ T5366] ? memory_max_show+0xa0/0xa0 [ 118.826827][ T5366] cgroup_file_write+0x2b1/0x780 [ 118.831823][ T5366] ? cgroup_seqfile_stop+0xd0/0xd0 [ 118.836991][ T5366] ? __virt_addr_valid+0x22f/0x2e0 [ 118.842180][ T5366] ? cgroup_seqfile_stop+0xd0/0xd0 [ 118.847337][ T5366] kernfs_fop_write_iter+0x3a6/0x4f0 [ 118.852682][ T5366] vfs_write+0x7b2/0xbb0 [ 118.856985][ T5366] ? file_end_write+0x240/0x240 [ 118.861897][ T5366] ? do_raw_spin_unlock+0x13b/0x8b0 [ 118.867164][ T5366] ? lockdep_hardirqs_on+0x98/0x140 [ 118.872417][ T5366] ? __fdget_pos+0x265/0x2f0 [ 118.877063][ T5366] ksys_write+0x1a0/0x2c0 [ 118.881458][ T5366] ? __ia32_sys_read+0x90/0x90 [ 118.886285][ T5366] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 118.892325][ T5366] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 118.898395][ T5366] do_syscall_64+0x41/0xc0 [ 118.902870][ T5366] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 118.908821][ T5366] RIP: 0033:0x7fd49ce20129 [ 118.913280][ T5366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 118.932933][ T5366] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 118.941407][ T5366] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 118.949429][ T5366] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5377] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5377] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5377] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5377] openat(5, "memory.max", O_RDWR) = 6 [pid 5377] write(6, "0x000000000000040e", 18 [pid 5361] close(9) = -1 EBADF (Bad file descriptor) [pid 5361] close(10) = -1 EBADF (Bad file descriptor) [pid 5361] close(11) = -1 EBADF (Bad file descriptor) [pid 5361] close(12) = -1 EBADF (Bad file descriptor) [pid 5361] close(13) = -1 EBADF (Bad file descriptor) [pid 5361] close(14) = -1 EBADF (Bad file descriptor) [pid 5361] close(15) = -1 EBADF (Bad file descriptor) [pid 5361] close(16) = -1 EBADF (Bad file descriptor) [pid 5361] close(17) = -1 EBADF (Bad file descriptor) [ 118.957445][ T5366] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 118.965458][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 118.973474][ T5366] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000b [ 118.981538][ T5366] [pid 5361] close(18) = -1 EBADF (Bad file descriptor) [pid 5361] close(19) = -1 EBADF (Bad file descriptor) [pid 5361] close(20) = -1 EBADF (Bad file descriptor) [pid 5361] close(21) = -1 EBADF (Bad file descriptor) [pid 5361] close(22) = -1 EBADF (Bad file descriptor) [pid 5361] close(23) = -1 EBADF (Bad file descriptor) [pid 5361] close(24) = -1 EBADF (Bad file descriptor) [pid 5361] close(25) = -1 EBADF (Bad file descriptor) [pid 5361] close(26) = -1 EBADF (Bad file descriptor) [pid 5361] close(27) = -1 EBADF (Bad file descriptor) [pid 5361] close(28) = -1 EBADF (Bad file descriptor) [ 119.024623][ T5366] memory: usage 12kB, limit 0kB, failcnt 55 [ 119.033770][ T5366] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 119.045368][ T5366] Memory cgroup stats for /syz1: [ 119.045634][ T5366] anon 0 [ 119.045634][ T5366] file 0 [ 119.045634][ T5366] kernel 12288 [ 119.045634][ T5366] kernel_stack 0 [ 119.045634][ T5366] pagetables 0 [ 119.045634][ T5366] sec_pagetables 0 [ 119.045634][ T5366] percpu 0 [pid 5361] close(29) = -1 EBADF (Bad file descriptor) [pid 5361] exit_group(0) = ? [pid 5361] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./14/binderfs") = 0 [pid 5073] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./14/cgroup") = 0 [pid 5073] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./14/cgroup.net") = 0 [ 119.045634][ T5366] sock 0 [ 119.045634][ T5366] vmalloc 0 [ 119.045634][ T5366] shmem 0 [ 119.045634][ T5366] zswap 0 [ 119.045634][ T5366] zswapped 0 [ 119.045634][ T5366] file_mapped 0 [ 119.045634][ T5366] file_dirty 0 [ 119.045634][ T5366] file_writeback 0 [ 119.045634][ T5366] swapcached 0 [ 119.045634][ T5366] anon_thp 0 [ 119.045634][ T5366] file_thp 0 [ 119.045634][ T5366] shmem_thp 0 [ 119.045634][ T5366] inactive_anon 0 [ 119.045634][ T5366] active_anon 0 [ 119.045634][ T5366] inactive_file 0 [ 119.045634][ T5366] active_file 0 [pid 5073] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./14/file0") = 0 [pid 5073] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./14/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./14") = 0 [pid 5073] mkdir("./15", 0777) = 0 [ 119.045634][ T5366] unevictable 0 [ 119.045634][ T5366] slab_reclaimable 9328 [ 119.045634][ T5366] slab_unreclaimable 0 [ 119.045634][ T5366] slab 9328 [ 119.045634][ T5366] workingset_refault_anon 0 [ 119.147156][ T5366] Tasks state (memory values in pages): [ 119.153582][ T5366] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5384 attached [pid 5384] chdir("./15" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 17 [pid 5384] <... chdir resumed>) = 0 [pid 5384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5384] setpgid(0, 0) = 0 [pid 5384] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5384] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5384] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5384] write(3, "1000", 4) = 4 [pid 5384] close(3) = 0 [pid 5384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5384] mkdir("./file0", 000) = 0 [pid 5384] open("./file0", O_RDONLY) = 3 [pid 5384] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5366] <... write resumed>) = 18 [pid 5366] close(3 [pid 5384] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5366] <... close resumed>) = 0 [pid 5366] close(4 [pid 5384] <... openat resumed>) = 4 [pid 5384] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5384] openat(5, "memory.max", O_RDWR) = 6 [ 119.184755][ T5366] Out of memory and no killable processes... [ 119.199998][ T5368] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 119.219261][ T5368] CPU: 0 PID: 5368 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 119.229755][ T5368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 119.239848][ T5368] Call Trace: [ 119.243156][ T5368] [ 119.246119][ T5368] dump_stack_lvl+0x1e7/0x2d0 [ 119.250855][ T5368] ? nf_tcp_handle_invalid+0x640/0x640 [ 119.256373][ T5368] ? panic+0x770/0x770 [ 119.260520][ T5368] dump_header+0xdc/0x940 [ 119.264906][ T5368] out_of_memory+0xf21/0x12c0 [ 119.269640][ T5368] ? mutex_lock_io_nested+0x60/0x60 [ 119.274894][ T5368] ? mark_lock+0x9a/0x340 [ 119.279269][ T5368] ? unregister_oom_notifier+0x20/0x20 [ 119.284788][ T5368] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 119.290894][ T5368] mem_cgroup_out_of_memory+0x263/0x3b0 [ 119.296466][ T5368] ? mem_cgroup_oom_trylock+0x210/0x210 [ 119.302047][ T5368] ? cgroup_file_notify+0x127/0x190 [ 119.307274][ T5368] memory_max_write+0x355/0x470 [ 119.312149][ T5368] ? memory_max_show+0xa0/0xa0 [ 119.316952][ T5368] ? read_lock_is_recursive+0x20/0x20 [ 119.322348][ T5368] ? memory_max_show+0xa0/0xa0 [ 119.327132][ T5368] cgroup_file_write+0x2b1/0x780 [ 119.332096][ T5368] ? cgroup_seqfile_stop+0xd0/0xd0 [ 119.337219][ T5368] ? __virt_addr_valid+0x22f/0x2e0 [ 119.342361][ T5368] ? cgroup_seqfile_stop+0xd0/0xd0 [ 119.347484][ T5368] kernfs_fop_write_iter+0x3a6/0x4f0 [ 119.352804][ T5368] vfs_write+0x7b2/0xbb0 [ 119.357072][ T5368] ? file_end_write+0x240/0x240 [ 119.361942][ T5368] ? do_raw_spin_unlock+0x13b/0x8b0 [ 119.367262][ T5368] ? lockdep_hardirqs_on+0x98/0x140 [ 119.372487][ T5368] ? __fdget_pos+0x265/0x2f0 [ 119.377106][ T5368] ksys_write+0x1a0/0x2c0 [ 119.381454][ T5368] ? __ia32_sys_read+0x90/0x90 [ 119.386248][ T5368] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 119.392253][ T5368] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 119.398257][ T5368] do_syscall_64+0x41/0xc0 [ 119.402691][ T5368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.408623][ T5368] RIP: 0033:0x7fd49ce20129 [ 119.413050][ T5368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 119.432680][ T5368] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.441109][ T5368] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 119.449091][ T5368] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 119.457070][ T5368] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 119.465048][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 119.473027][ T5368] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000c [ 119.481027][ T5368] [pid 5384] write(6, "0x000000000000040e", 18 [pid 5366] <... close resumed>) = 0 [pid 5366] close(5) = 0 [pid 5366] close(6) = 0 [ 119.487326][ T5368] memory: usage 12kB, limit 0kB, failcnt 55 [ 119.493519][ T5368] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 119.500728][ T5368] Memory cgroup stats for /syz1: [ 119.501178][ T5368] anon 0 [ 119.501178][ T5368] file 0 [ 119.501178][ T5368] kernel 12288 [ 119.501178][ T5368] kernel_stack 0 [ 119.501178][ T5368] pagetables 0 [ 119.501178][ T5368] sec_pagetables 0 [ 119.501178][ T5368] percpu 0 [ 119.501178][ T5368] sock 0 [ 119.501178][ T5368] vmalloc 0 [ 119.501178][ T5368] shmem 0 [ 119.501178][ T5368] zswap 0 [ 119.501178][ T5368] zswapped 0 [ 119.501178][ T5368] file_mapped 0 [ 119.501178][ T5368] file_dirty 0 [ 119.501178][ T5368] file_writeback 0 [ 119.501178][ T5368] swapcached 0 [ 119.501178][ T5368] anon_thp 0 [ 119.501178][ T5368] file_thp 0 [ 119.501178][ T5368] shmem_thp 0 [ 119.501178][ T5368] inactive_anon 0 [ 119.501178][ T5368] active_anon 0 [ 119.501178][ T5368] inactive_file 0 [ 119.501178][ T5368] active_file 0 [ 119.501178][ T5368] unevictable 0 [ 119.501178][ T5368] slab_reclaimable 9328 [pid 5366] close(7) = -1 EBADF (Bad file descriptor) [pid 5366] close(8) = -1 EBADF (Bad file descriptor) [pid 5366] close(9) = -1 EBADF (Bad file descriptor) [pid 5366] close(10) = -1 EBADF (Bad file descriptor) [pid 5366] close(11) = -1 EBADF (Bad file descriptor) [pid 5366] close(12) = -1 EBADF (Bad file descriptor) [pid 5366] close(13) = -1 EBADF (Bad file descriptor) [pid 5366] close(14) = -1 EBADF (Bad file descriptor) [pid 5366] close(15) = -1 EBADF (Bad file descriptor) [pid 5366] close(16) = -1 EBADF (Bad file descriptor) [pid 5366] close(17) = -1 EBADF (Bad file descriptor) [pid 5366] close(18) = -1 EBADF (Bad file descriptor) [pid 5366] close(19) = -1 EBADF (Bad file descriptor) [pid 5366] close(20) = -1 EBADF (Bad file descriptor) [pid 5366] close(21) = -1 EBADF (Bad file descriptor) [pid 5366] close(22) = -1 EBADF (Bad file descriptor) [pid 5366] close(23) = -1 EBADF (Bad file descriptor) [pid 5366] close(24) = -1 EBADF (Bad file descriptor) [pid 5366] close(25) = -1 EBADF (Bad file descriptor) [pid 5366] close(26) = -1 EBADF (Bad file descriptor) [pid 5366] close(27) = -1 EBADF (Bad file descriptor) [pid 5366] close(28) = -1 EBADF (Bad file descriptor) [pid 5366] close(29) = -1 EBADF (Bad file descriptor) [pid 5366] exit_group(0) = ? [pid 5366] +++ exited with 0 +++ [ 119.501178][ T5368] slab_unreclaimable 0 [ 119.501178][ T5368] slab 9328 [ 119.501178][ T5368] workingset_refault_anon 0 [ 119.600418][ T5368] Tasks state (memory values in pages): [ 119.606484][ T5368] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 119.623812][ T5368] Out of memory and no killable processes... [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5368] <... write resumed>) = 18 [pid 5070] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5368] close(3 [pid 5070] <... openat resumed>) = 3 [pid 5070] fstat(3, [pid 5368] <... close resumed>) = 0 [pid 5368] close(4 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5368] <... close resumed>) = 0 [pid 5070] getdents64(3, [pid 5368] close(5 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [ 119.630343][ T5373] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 119.652408][ T5373] CPU: 0 PID: 5373 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 119.662905][ T5373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 119.673042][ T5373] Call Trace: [ 119.676362][ T5373] [ 119.679330][ T5373] dump_stack_lvl+0x1e7/0x2d0 [pid 5070] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./11/binderfs") = 0 [pid 5070] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./11/cgroup") = 0 [pid 5070] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./11/cgroup.net") = 0 [ 119.684066][ T5373] ? nf_tcp_handle_invalid+0x640/0x640 [ 119.689581][ T5373] ? panic+0x770/0x770 [ 119.693722][ T5373] dump_header+0xdc/0x940 [ 119.698114][ T5373] out_of_memory+0xf21/0x12c0 [ 119.702855][ T5373] ? mutex_lock_io_nested+0x60/0x60 [ 119.708117][ T5373] ? preempt_schedule+0xdd/0xf0 [ 119.713020][ T5373] ? unregister_oom_notifier+0x20/0x20 [ 119.718532][ T5373] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 119.724574][ T5373] mem_cgroup_out_of_memory+0x263/0x3b0 [ 119.730176][ T5373] ? preempt_schedule_thunk+0x1a/0x20 [ 119.735604][ T5373] ? mem_cgroup_oom_trylock+0x210/0x210 [ 119.741223][ T5373] ? cgroup_file_notify+0x127/0x190 [ 119.746499][ T5373] memory_max_write+0x355/0x470 [ 119.751396][ T5373] ? memory_max_show+0xa0/0xa0 [ 119.756184][ T5373] ? read_lock_is_recursive+0x20/0x20 [ 119.761607][ T5373] ? memory_max_show+0xa0/0xa0 [ 119.766394][ T5373] cgroup_file_write+0x2b1/0x780 [ 119.771362][ T5373] ? cgroup_seqfile_stop+0xd0/0xd0 [ 119.776487][ T5373] ? __virt_addr_valid+0x22f/0x2e0 [ 119.781634][ T5373] ? cgroup_seqfile_stop+0xd0/0xd0 [ 119.786755][ T5373] kernfs_fop_write_iter+0x3a6/0x4f0 [ 119.792067][ T5373] vfs_write+0x7b2/0xbb0 [ 119.796352][ T5373] ? file_end_write+0x240/0x240 [ 119.801227][ T5373] ? do_raw_spin_unlock+0x13b/0x8b0 [ 119.806444][ T5373] ? lockdep_hardirqs_on+0x98/0x140 [ 119.811669][ T5373] ? __fdget_pos+0x265/0x2f0 [ 119.816293][ T5373] ksys_write+0x1a0/0x2c0 [ 119.820642][ T5373] ? __ia32_sys_read+0x90/0x90 [ 119.825419][ T5373] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 119.831475][ T5373] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 119.837524][ T5373] do_syscall_64+0x41/0xc0 [ 119.841969][ T5373] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.847887][ T5373] RIP: 0033:0x7fd49ce20129 [ 119.852312][ T5373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 119.871948][ T5373] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.880398][ T5373] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5070] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5368] <... close resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5368] close(6) = 0 [pid 5368] close(7) = -1 EBADF (Bad file descriptor) [pid 5368] close(8) = -1 EBADF (Bad file descriptor) [pid 5368] close(9 [pid 5070] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5368] close(10) = -1 EBADF (Bad file descriptor) [pid 5368] close(11) = -1 EBADF (Bad file descriptor) [pid 5368] close(12) = -1 EBADF (Bad file descriptor) [pid 5368] close(13) = -1 EBADF (Bad file descriptor) [pid 5368] close(14) = -1 EBADF (Bad file descriptor) [pid 5368] close(15) = -1 EBADF (Bad file descriptor) [pid 5368] close(16) = -1 EBADF (Bad file descriptor) [pid 5070] lstat("./11/file0", [pid 5368] close(17) = -1 EBADF (Bad file descriptor) [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5368] close(18 [pid 5070] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(19 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(20) = -1 EBADF (Bad file descriptor) [pid 5070] <... openat resumed>) = 4 [pid 5368] close(21 [pid 5070] fstat(4, [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(22 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] getdents64(4, [pid 5368] close(23) = -1 EBADF (Bad file descriptor) [pid 5368] close(24 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] getdents64(4, [pid 5368] close(25 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(26 [pid 5070] close(4 [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(27 [pid 5070] <... close resumed>) = 0 [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(28 [pid 5070] rmdir("./11/file0" [pid 5368] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] close(29) = -1 EBADF (Bad file descriptor) [pid 5368] exit_group(0 [pid 5070] <... rmdir resumed>) = 0 [pid 5368] <... exit_group resumed>) = ? [pid 5070] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5368] +++ exited with 0 +++ [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./11/cgroup.cpu", [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] unlink("./11/cgroup.cpu" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... unlink resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5070] getdents64(3, [pid 5072] fstat(3, [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] close(3 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] <... close resumed>) = 0 [pid 5072] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 119.888381][ T5373] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 119.896360][ T5373] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 119.904355][ T5373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 119.912351][ T5373] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000012 [ 119.920528][ T5373] [pid 5070] rmdir("./11" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... rmdir resumed>) = 0 [pid 5072] lstat("./12/binderfs", [pid 5070] mkdir("./12", 0777 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./12/binderfs" [pid 5070] <... mkdir resumed>) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5390 attached ) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./12/cgroup", [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 14 [pid 5390] chdir("./12" [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5390] <... chdir resumed>) = 0 [pid 5072] unlink("./12/cgroup" [pid 5390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5390] setpgid(0, 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5390] <... setpgid resumed>) = 0 [pid 5072] lstat("./12/cgroup.net", [pid 5390] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5390] <... symlink resumed>) = 0 [pid 5072] unlink("./12/cgroup.net" [pid 5390] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5390] <... symlink resumed>) = 0 [pid 5390] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5072] <... umount2 resumed>) = 0 [pid 5390] <... symlink resumed>) = 0 [pid 5072] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] lstat("./12/file0", [pid 5390] <... openat resumed>) = 3 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5390] write(3, "1000", 4 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5390] <... write resumed>) = 4 [pid 5072] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5390] close(3 [pid 5072] <... openat resumed>) = 4 [pid 5390] <... close resumed>) = 0 [pid 5072] fstat(4, [pid 5390] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5390] <... symlink resumed>) = 0 [pid 5072] getdents64(4, [pid 5390] mkdir("./file0", 000 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, [pid 5390] <... mkdir resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4 [pid 5390] open("./file0", O_RDONLY [pid 5072] <... close resumed>) = 0 [pid 5072] rmdir("./12/file0" [pid 5390] <... open resumed>) = 3 [pid 5072] <... rmdir resumed>) = 0 [pid 5072] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5390] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5390] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5072] lstat("./12/cgroup.cpu", [pid 5390] <... openat resumed>) = 4 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5390] openat(4, "syz1", O_RDWR|O_PATH [pid 5072] unlink("./12/cgroup.cpu" [pid 5390] <... openat resumed>) = 5 [pid 5390] openat(5, "memory.max", O_RDWR [pid 5072] <... unlink resumed>) = 0 [pid 5390] <... openat resumed>) = 6 [pid 5072] getdents64(3, [pid 5390] write(6, "0x000000000000040e", 18 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./12") = 0 [pid 5072] mkdir("./13", 0777) = 0 [ 120.005058][ T5373] memory: usage 12kB, limit 0kB, failcnt 55 [ 120.016154][ T5373] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 120.043106][ T5373] Memory cgroup stats for /syz1: [ 120.043305][ T5373] anon 0 [ 120.043305][ T5373] file 0 [ 120.043305][ T5373] kernel 12288 [ 120.043305][ T5373] kernel_stack 0 [ 120.043305][ T5373] pagetables 0 [ 120.043305][ T5373] sec_pagetables 0 [ 120.043305][ T5373] percpu 0 [ 120.043305][ T5373] sock 0 [ 120.043305][ T5373] vmalloc 0 [ 120.043305][ T5373] shmem 0 [ 120.043305][ T5373] zswap 0 [ 120.043305][ T5373] zswapped 0 [ 120.043305][ T5373] file_mapped 0 [ 120.043305][ T5373] file_dirty 0 [ 120.043305][ T5373] file_writeback 0 [ 120.043305][ T5373] swapcached 0 [ 120.043305][ T5373] anon_thp 0 [ 120.043305][ T5373] file_thp 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5391 attached [pid 5391] chdir("./13" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 15 [pid 5391] <... chdir resumed>) = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5391] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 120.043305][ T5373] shmem_thp 0 [ 120.043305][ T5373] inactive_anon 0 [ 120.043305][ T5373] active_anon 0 [ 120.043305][ T5373] inactive_file 0 [ 120.043305][ T5373] active_file 0 [ 120.043305][ T5373] unevictable 0 [ 120.043305][ T5373] slab_reclaimable 9328 [ 120.043305][ T5373] slab_unreclaimable 0 [ 120.043305][ T5373] slab 9328 [ 120.043305][ T5373] workingset_refault_anon 0 [pid 5391] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] mkdir("./file0", 000) = 0 [pid 5391] open("./file0", O_RDONLY) = 3 [pid 5391] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 120.164536][ T5373] Tasks state (memory values in pages): [ 120.173000][ T5373] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 120.196326][ T5373] Out of memory and no killable processes... [pid 5373] <... write resumed>) = 18 [pid 5391] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5373] close(3) = 0 [pid 5373] close(4) = 0 [pid 5373] close(5) = 0 [pid 5373] close(6) = 0 [pid 5373] close(7) = -1 EBADF (Bad file descriptor) [pid 5373] close(8) = -1 EBADF (Bad file descriptor) [pid 5373] close(9) = -1 EBADF (Bad file descriptor) [pid 5373] close(10) = -1 EBADF (Bad file descriptor) [pid 5373] close(11) = -1 EBADF (Bad file descriptor) [pid 5373] close(12) = -1 EBADF (Bad file descriptor) [pid 5373] close(13) = -1 EBADF (Bad file descriptor) [pid 5373] close(14) = -1 EBADF (Bad file descriptor) [pid 5373] close(15) = -1 EBADF (Bad file descriptor) [pid 5373] close(16) = -1 EBADF (Bad file descriptor) [pid 5373] close(17) = -1 EBADF (Bad file descriptor) [pid 5373] close(18) = -1 EBADF (Bad file descriptor) [pid 5373] close(19) = -1 EBADF (Bad file descriptor) [pid 5373] close(20) = -1 EBADF (Bad file descriptor) [pid 5373] close(21) = -1 EBADF (Bad file descriptor) [pid 5373] close(22) = -1 EBADF (Bad file descriptor) [pid 5373] close(23) = -1 EBADF (Bad file descriptor) [pid 5373] close(24) = -1 EBADF (Bad file descriptor) [pid 5373] close(25) = -1 EBADF (Bad file descriptor) [pid 5373] close(26) = -1 EBADF (Bad file descriptor) [pid 5373] close(27) = -1 EBADF (Bad file descriptor) [pid 5391] <... openat resumed>) = 4 [pid 5373] close(28 [pid 5391] openat(4, "syz1", O_RDWR|O_PATH [pid 5373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5373] close(29) = -1 EBADF (Bad file descriptor) [pid 5373] exit_group(0 [pid 5391] <... openat resumed>) = 5 [pid 5391] openat(5, "memory.max", O_RDWR [pid 5373] <... exit_group resumed>) = ? [pid 5391] <... openat resumed>) = 6 [pid 5373] +++ exited with 0 +++ [pid 5391] write(6, "0x000000000000040e", 18 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./18/binderfs") = 0 [pid 5074] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./18/cgroup") = 0 [pid 5074] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./18/cgroup.net") = 0 [pid 5074] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./18/file0") = 0 [pid 5074] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.217283][ T5377] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 120.263317][ T5377] CPU: 1 PID: 5377 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 120.273812][ T5377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 120.283911][ T5377] Call Trace: [ 120.287231][ T5377] [ 120.290203][ T5377] dump_stack_lvl+0x1e7/0x2d0 [ 120.294938][ T5377] ? nf_tcp_handle_invalid+0x640/0x640 [ 120.300452][ T5377] ? panic+0x770/0x770 [ 120.304587][ T5377] dump_header+0xdc/0x940 [ 120.308973][ T5377] out_of_memory+0xf21/0x12c0 [ 120.313718][ T5377] ? mutex_lock_io_nested+0x60/0x60 [ 120.318973][ T5377] ? mark_lock+0x9a/0x340 [ 120.323357][ T5377] ? unregister_oom_notifier+0x20/0x20 [ 120.328859][ T5377] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 120.334901][ T5377] mem_cgroup_out_of_memory+0x263/0x3b0 [ 120.340505][ T5377] ? mem_cgroup_oom_trylock+0x210/0x210 [ 120.346132][ T5377] ? cgroup_file_notify+0x127/0x190 [ 120.351387][ T5377] memory_max_write+0x355/0x470 [ 120.356324][ T5377] ? memory_max_show+0xa0/0xa0 [ 120.361138][ T5377] ? read_lock_is_recursive+0x20/0x20 [ 120.366565][ T5377] ? memory_max_show+0xa0/0xa0 [ 120.371386][ T5377] cgroup_file_write+0x2b1/0x780 [ 120.376375][ T5377] ? cgroup_seqfile_stop+0xd0/0xd0 [ 120.381529][ T5377] ? __virt_addr_valid+0x22f/0x2e0 [ 120.386705][ T5377] ? cgroup_seqfile_stop+0xd0/0xd0 [ 120.391857][ T5377] kernfs_fop_write_iter+0x3a6/0x4f0 [ 120.397196][ T5377] vfs_write+0x7b2/0xbb0 [ 120.401496][ T5377] ? file_end_write+0x240/0x240 [ 120.406396][ T5377] ? do_raw_spin_unlock+0x13b/0x8b0 [ 120.411646][ T5377] ? lockdep_hardirqs_on+0x98/0x140 [ 120.416900][ T5377] ? __fdget_pos+0x265/0x2f0 [ 120.421541][ T5377] ksys_write+0x1a0/0x2c0 [ 120.425935][ T5377] ? __ia32_sys_read+0x90/0x90 [ 120.430748][ T5377] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 120.436786][ T5377] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 120.442826][ T5377] do_syscall_64+0x41/0xc0 [ 120.447291][ T5377] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.453233][ T5377] RIP: 0033:0x7fd49ce20129 [pid 5074] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./18/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./18") = 0 [pid 5074] mkdir("./19", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5394 attached [pid 5394] chdir("./19") = 0 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 21 [pid 5394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5394] setpgid(0, 0) = 0 [pid 5394] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5394] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5394] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5394] write(3, "1000", 4) = 4 [pid 5394] close(3) = 0 [pid 5394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5394] mkdir("./file0", 000) = 0 [pid 5394] open("./file0", O_RDONLY) = 3 [pid 5394] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5394] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5394] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5394] openat(5, "memory.max", O_RDWR) = 6 [ 120.457690][ T5377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 120.477340][ T5377] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 120.485800][ T5377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 120.493811][ T5377] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 120.501823][ T5377] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 120.509836][ T5377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 120.517843][ T5377] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000012 [ 120.525881][ T5377] [ 120.542852][ T5377] memory: usage 12kB, limit 0kB, failcnt 55 [ 120.556626][ T5377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 120.563538][ T5377] Memory cgroup stats for /syz1: [ 120.563742][ T5377] anon 0 [ 120.563742][ T5377] file 0 [ 120.563742][ T5377] kernel 8192 [ 120.563742][ T5377] kernel_stack 0 [ 120.563742][ T5377] pagetables 0 [ 120.563742][ T5377] sec_pagetables 0 [ 120.563742][ T5377] percpu 0 [ 120.563742][ T5377] sock 0 [ 120.563742][ T5377] vmalloc 0 [ 120.563742][ T5377] shmem 0 [ 120.563742][ T5377] zswap 0 [ 120.563742][ T5377] zswapped 0 [ 120.563742][ T5377] file_mapped 0 [ 120.563742][ T5377] file_dirty 0 [ 120.563742][ T5377] file_writeback 0 [ 120.563742][ T5377] swapcached 0 [ 120.563742][ T5377] anon_thp 0 [ 120.563742][ T5377] file_thp 0 [ 120.563742][ T5377] shmem_thp 0 [ 120.563742][ T5377] inactive_anon 0 [ 120.563742][ T5377] active_anon 0 [ 120.563742][ T5377] inactive_file 0 [ 120.563742][ T5377] active_file 0 [ 120.563742][ T5377] unevictable 0 [ 120.563742][ T5377] slab_reclaimable 9328 [ 120.563742][ T5377] slab_unreclaimable 0 [ 120.563742][ T5377] slab 9328 [ 120.563742][ T5377] workingset_refault_anon 0 [pid 5394] write(6, "0x000000000000040e", 18 [pid 5377] <... write resumed>) = 18 [ 120.665359][ T5377] Tasks state (memory values in pages): [ 120.671319][ T5377] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 120.681099][ T5377] Out of memory and no killable processes... [ 120.687471][ T5384] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 120.698138][ T5384] CPU: 1 PID: 5384 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 120.708600][ T5384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 120.718692][ T5384] Call Trace: [ 120.722003][ T5384] [ 120.724972][ T5384] dump_stack_lvl+0x1e7/0x2d0 [ 120.729709][ T5384] ? nf_tcp_handle_invalid+0x640/0x640 [ 120.735217][ T5384] ? panic+0x770/0x770 [ 120.739346][ T5384] dump_header+0xdc/0x940 [ 120.743721][ T5384] out_of_memory+0xf21/0x12c0 [ 120.748451][ T5384] ? mutex_lock_io_nested+0x60/0x60 [ 120.753713][ T5384] ? preempt_schedule+0xdd/0xf0 [ 120.758613][ T5384] ? unregister_oom_notifier+0x20/0x20 [pid 5377] close(3) = 0 [pid 5377] close(4) = 0 [pid 5377] close(5) = 0 [pid 5377] close(6) = 0 [ 120.764115][ T5384] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 120.770158][ T5384] mem_cgroup_out_of_memory+0x263/0x3b0 [ 120.775752][ T5384] ? preempt_schedule_thunk+0x1a/0x20 [ 120.781183][ T5384] ? mem_cgroup_oom_trylock+0x210/0x210 [ 120.786806][ T5384] ? cgroup_file_notify+0x127/0x190 [ 120.792058][ T5384] memory_max_write+0x355/0x470 [ 120.796965][ T5384] ? memory_max_show+0xa0/0xa0 [ 120.801786][ T5384] ? read_lock_is_recursive+0x20/0x20 [ 120.807215][ T5384] ? memory_max_show+0xa0/0xa0 [ 120.812036][ T5384] cgroup_file_write+0x2b1/0x780 [ 120.817029][ T5384] ? cgroup_seqfile_stop+0xd0/0xd0 [ 120.822196][ T5384] ? __virt_addr_valid+0x22f/0x2e0 [ 120.827387][ T5384] ? cgroup_seqfile_stop+0xd0/0xd0 [ 120.832550][ T5384] kernfs_fop_write_iter+0x3a6/0x4f0 [ 120.837886][ T5384] vfs_write+0x7b2/0xbb0 [ 120.842229][ T5384] ? file_end_write+0x240/0x240 [ 120.847142][ T5384] ? do_raw_spin_unlock+0x13b/0x8b0 [ 120.852397][ T5384] ? lockdep_hardirqs_on+0x98/0x140 [ 120.857648][ T5384] ? __fdget_pos+0x265/0x2f0 [ 120.862287][ T5384] ksys_write+0x1a0/0x2c0 [ 120.866665][ T5384] ? __ia32_sys_read+0x90/0x90 [ 120.871479][ T5384] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 120.877534][ T5384] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 120.883567][ T5384] do_syscall_64+0x41/0xc0 [ 120.888037][ T5384] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.893990][ T5384] RIP: 0033:0x7fd49ce20129 [ 120.898447][ T5384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 120.918104][ T5384] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 120.926576][ T5384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 120.934588][ T5384] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 120.942601][ T5384] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 120.950610][ T5384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 120.958619][ T5384] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000f [pid 5377] close(7) = -1 EBADF (Bad file descriptor) [pid 5377] close(8) = -1 EBADF (Bad file descriptor) [pid 5377] close(9) = -1 EBADF (Bad file descriptor) [pid 5377] close(10) = -1 EBADF (Bad file descriptor) [pid 5377] close(11) = -1 EBADF (Bad file descriptor) [pid 5377] close(12) = -1 EBADF (Bad file descriptor) [pid 5377] close(13) = -1 EBADF (Bad file descriptor) [pid 5377] close(14) = -1 EBADF (Bad file descriptor) [pid 5377] close(15) = -1 EBADF (Bad file descriptor) [pid 5377] close(16) = -1 EBADF (Bad file descriptor) [pid 5377] close(17) = -1 EBADF (Bad file descriptor) [pid 5377] close(18) = -1 EBADF (Bad file descriptor) [pid 5377] close(19) = -1 EBADF (Bad file descriptor) [pid 5377] close(20) = -1 EBADF (Bad file descriptor) [pid 5377] close(21) = -1 EBADF (Bad file descriptor) [pid 5377] close(22) = -1 EBADF (Bad file descriptor) [pid 5377] close(23) = -1 EBADF (Bad file descriptor) [pid 5377] close(24) = -1 EBADF (Bad file descriptor) [pid 5377] close(25) = -1 EBADF (Bad file descriptor) [pid 5377] close(26) = -1 EBADF (Bad file descriptor) [pid 5377] close(27) = -1 EBADF (Bad file descriptor) [pid 5377] close(28) = -1 EBADF (Bad file descriptor) [pid 5377] close(29) = -1 EBADF (Bad file descriptor) [pid 5377] exit_group(0) = ? [pid 5377] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./18/binderfs") = 0 [pid 5075] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./18/cgroup") = 0 [pid 5075] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./18/cgroup.net") = 0 [pid 5075] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./18/file0") = 0 [pid 5075] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./18/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./18") = 0 [pid 5075] mkdir("./19", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5400 attached [pid 5400] chdir("./19" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 21 [pid 5400] <... chdir resumed>) = 0 [pid 5400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5400] setpgid(0, 0) = 0 [ 120.966794][ T5384] [ 120.980919][ T5384] memory: usage 12kB, limit 0kB, failcnt 55 [ 120.994842][ T5384] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 121.010925][ T5384] Memory cgroup stats for /syz1: [pid 5400] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5400] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5400] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5400] write(3, "1000", 4) = 4 [pid 5400] close(3) = 0 [pid 5400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5400] mkdir("./file0", 000) = 0 [pid 5400] open("./file0", O_RDONLY) = 3 [ 121.011142][ T5384] anon 0 [ 121.011142][ T5384] file 0 [ 121.011142][ T5384] kernel 8192 [ 121.011142][ T5384] kernel_stack 0 [ 121.011142][ T5384] pagetables 0 [ 121.011142][ T5384] sec_pagetables 0 [ 121.011142][ T5384] percpu 0 [ 121.011142][ T5384] sock 0 [ 121.011142][ T5384] vmalloc 0 [ 121.011142][ T5384] shmem 0 [ 121.011142][ T5384] zswap 0 [ 121.011142][ T5384] zswapped 0 [ 121.011142][ T5384] file_mapped 0 [ 121.011142][ T5384] file_dirty 0 [ 121.011142][ T5384] file_writeback 0 [ 121.011142][ T5384] swapcached 0 [pid 5400] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5400] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5400] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5400] openat(5, "memory.max", O_RDWR) = 6 [ 121.011142][ T5384] anon_thp 0 [ 121.011142][ T5384] file_thp 0 [ 121.011142][ T5384] shmem_thp 0 [ 121.011142][ T5384] inactive_anon 0 [ 121.011142][ T5384] active_anon 0 [ 121.011142][ T5384] inactive_file 0 [ 121.011142][ T5384] active_file 0 [ 121.011142][ T5384] unevictable 0 [ 121.011142][ T5384] slab_reclaimable 9328 [ 121.011142][ T5384] slab_unreclaimable 0 [ 121.011142][ T5384] slab 9328 [ 121.011142][ T5384] workingset_refault_anon 0 [pid 5400] write(6, "0x000000000000040e", 18 [pid 5384] <... write resumed>) = 18 [pid 5384] close(3) = 0 [pid 5384] close(4) = 0 [ 121.115991][ T5384] Tasks state (memory values in pages): [ 121.123579][ T5384] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 121.144281][ T5384] Out of memory and no killable processes... [ 121.153493][ T5390] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5384] close(5) = 0 [pid 5384] close(6) = 0 [pid 5384] close(7) = -1 EBADF (Bad file descriptor) [pid 5384] close(8) = -1 EBADF (Bad file descriptor) [pid 5384] close(9) = -1 EBADF (Bad file descriptor) [pid 5384] close(10) = -1 EBADF (Bad file descriptor) [pid 5384] close(11) = -1 EBADF (Bad file descriptor) [pid 5384] close(12) = -1 EBADF (Bad file descriptor) [pid 5384] close(13) = -1 EBADF (Bad file descriptor) [pid 5384] close(14) = -1 EBADF (Bad file descriptor) [pid 5384] close(15) = -1 EBADF (Bad file descriptor) [pid 5384] close(16) = -1 EBADF (Bad file descriptor) [pid 5384] close(17) = -1 EBADF (Bad file descriptor) [pid 5384] close(18) = -1 EBADF (Bad file descriptor) [pid 5384] close(19) = -1 EBADF (Bad file descriptor) [ 121.165095][ T5390] CPU: 1 PID: 5390 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 121.175566][ T5390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 121.185669][ T5390] Call Trace: [ 121.188997][ T5390] [ 121.191974][ T5390] dump_stack_lvl+0x1e7/0x2d0 [ 121.196712][ T5390] ? nf_tcp_handle_invalid+0x640/0x640 [ 121.202225][ T5390] ? panic+0x770/0x770 [ 121.206366][ T5390] dump_header+0xdc/0x940 [ 121.210753][ T5390] out_of_memory+0xf21/0x12c0 [ 121.215489][ T5390] ? mutex_lock_io_nested+0x60/0x60 [ 121.220735][ T5390] ? preempt_schedule+0xdd/0xf0 [ 121.225609][ T5390] ? unregister_oom_notifier+0x20/0x20 [ 121.231087][ T5390] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 121.237096][ T5390] mem_cgroup_out_of_memory+0x263/0x3b0 [ 121.242661][ T5390] ? preempt_schedule_thunk+0x1a/0x20 [ 121.248055][ T5390] ? mem_cgroup_oom_trylock+0x210/0x210 [ 121.253629][ T5390] ? cgroup_file_notify+0x127/0x190 [ 121.258849][ T5390] memory_max_write+0x355/0x470 [ 121.263726][ T5390] ? memory_max_show+0xa0/0xa0 [pid 5384] close(20) = -1 EBADF (Bad file descriptor) [pid 5384] close(21) = -1 EBADF (Bad file descriptor) [pid 5384] close(22) = -1 EBADF (Bad file descriptor) [pid 5384] close(23) = -1 EBADF (Bad file descriptor) [pid 5384] close(24) = -1 EBADF (Bad file descriptor) [ 121.268509][ T5390] ? read_lock_is_recursive+0x20/0x20 [ 121.273905][ T5390] ? memory_max_show+0xa0/0xa0 [ 121.278697][ T5390] cgroup_file_write+0x2b1/0x780 [ 121.283654][ T5390] ? cgroup_seqfile_stop+0xd0/0xd0 [ 121.288780][ T5390] ? __virt_addr_valid+0x22f/0x2e0 [ 121.293919][ T5390] ? cgroup_seqfile_stop+0xd0/0xd0 [ 121.299041][ T5390] kernfs_fop_write_iter+0x3a6/0x4f0 [ 121.304355][ T5390] vfs_write+0x7b2/0xbb0 [ 121.308622][ T5390] ? file_end_write+0x240/0x240 [ 121.313493][ T5390] ? do_raw_spin_unlock+0x13b/0x8b0 [ 121.318711][ T5390] ? lockdep_hardirqs_on+0x98/0x140 [ 121.323936][ T5390] ? __fdget_pos+0x265/0x2f0 [ 121.328542][ T5390] ksys_write+0x1a0/0x2c0 [ 121.332890][ T5390] ? __ia32_sys_read+0x90/0x90 [ 121.337669][ T5390] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 121.343671][ T5390] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 121.349675][ T5390] do_syscall_64+0x41/0xc0 [ 121.354111][ T5390] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.360049][ T5390] RIP: 0033:0x7fd49ce20129 [ 121.364475][ T5390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 121.384100][ T5390] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 121.392526][ T5390] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 121.400512][ T5390] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 121.408495][ T5390] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5384] close(25) = -1 EBADF (Bad file descriptor) [pid 5384] close(26) = -1 EBADF (Bad file descriptor) [pid 5384] close(27) = -1 EBADF (Bad file descriptor) [pid 5384] close(28) = -1 EBADF (Bad file descriptor) [pid 5384] close(29) = -1 EBADF (Bad file descriptor) [pid 5384] exit_group(0) = ? [pid 5384] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 121.416477][ T5390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 121.424456][ T5390] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000c [ 121.432454][ T5390] [ 121.446862][ T5390] memory: usage 8kB, limit 0kB, failcnt 55 [ 121.452735][ T5390] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 121.469041][ T5390] Memory cgroup stats for /syz1: [ 121.469335][ T5390] anon 0 [ 121.469335][ T5390] file 0 [ 121.469335][ T5390] kernel 8192 [ 121.469335][ T5390] kernel_stack 0 [ 121.469335][ T5390] pagetables 0 [ 121.469335][ T5390] sec_pagetables 0 [ 121.469335][ T5390] percpu 0 [ 121.469335][ T5390] sock 0 [ 121.469335][ T5390] vmalloc 0 [ 121.469335][ T5390] shmem 0 [ 121.469335][ T5390] zswap 0 [ 121.469335][ T5390] zswapped 0 [ 121.469335][ T5390] file_mapped 0 [ 121.469335][ T5390] file_dirty 0 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 121.469335][ T5390] file_writeback 0 [ 121.469335][ T5390] swapcached 0 [ 121.469335][ T5390] anon_thp 0 [ 121.469335][ T5390] file_thp 0 [ 121.469335][ T5390] shmem_thp 0 [ 121.469335][ T5390] inactive_anon 0 [ 121.469335][ T5390] active_anon 0 [ 121.469335][ T5390] inactive_file 0 [ 121.469335][ T5390] active_file 0 [ 121.469335][ T5390] unevictable 0 [ 121.469335][ T5390] slab_reclaimable 6752 [ 121.469335][ T5390] slab_unreclaimable 0 [ 121.469335][ T5390] slab 6752 [ 121.469335][ T5390] workingset_refault_anon 0 [pid 5073] unlink("./15/binderfs") = 0 [pid 5073] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./15/cgroup") = 0 [pid 5073] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./15/cgroup.net") = 0 [ 121.569967][ T5390] Tasks state (memory values in pages): [ 121.575564][ T5390] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 121.586213][ T5390] Out of memory and no killable processes... [ 121.593296][ T5394] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 121.604007][ T5394] CPU: 0 PID: 5394 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 121.614475][ T5394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 121.624575][ T5394] Call Trace: [ 121.627893][ T5394] [ 121.630862][ T5394] dump_stack_lvl+0x1e7/0x2d0 [ 121.635596][ T5394] ? nf_tcp_handle_invalid+0x640/0x640 [ 121.641105][ T5394] ? panic+0x770/0x770 [ 121.645237][ T5394] dump_header+0xdc/0x940 [ 121.649623][ T5394] out_of_memory+0xf21/0x12c0 [ 121.654357][ T5394] ? mutex_lock_io_nested+0x60/0x60 [ 121.659616][ T5394] ? preempt_schedule+0xdd/0xf0 [ 121.664514][ T5394] ? unregister_oom_notifier+0x20/0x20 [ 121.670020][ T5394] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 121.676067][ T5394] mem_cgroup_out_of_memory+0x263/0x3b0 [ 121.681668][ T5394] ? preempt_schedule_thunk+0x1a/0x20 [ 121.687099][ T5394] ? mem_cgroup_oom_trylock+0x210/0x210 [ 121.692716][ T5394] ? cgroup_file_notify+0x127/0x190 [ 121.697988][ T5394] memory_max_write+0x355/0x470 [ 121.702910][ T5394] ? memory_max_show+0xa0/0xa0 [ 121.707734][ T5394] ? read_lock_is_recursive+0x20/0x20 [ 121.713164][ T5394] ? memory_max_show+0xa0/0xa0 [ 121.718032][ T5394] cgroup_file_write+0x2b1/0x780 [ 121.723042][ T5394] ? cgroup_seqfile_stop+0xd0/0xd0 [ 121.728208][ T5394] ? __virt_addr_valid+0x22f/0x2e0 [ 121.733389][ T5394] ? cgroup_seqfile_stop+0xd0/0xd0 [ 121.738548][ T5394] kernfs_fop_write_iter+0x3a6/0x4f0 [ 121.743897][ T5394] vfs_write+0x7b2/0xbb0 [ 121.748201][ T5394] ? file_end_write+0x240/0x240 [ 121.753109][ T5394] ? do_raw_spin_unlock+0x13b/0x8b0 [ 121.758364][ T5394] ? lockdep_hardirqs_on+0x98/0x140 [ 121.763622][ T5394] ? __fdget_pos+0x265/0x2f0 [ 121.768265][ T5394] ksys_write+0x1a0/0x2c0 [ 121.772656][ T5394] ? __ia32_sys_read+0x90/0x90 [ 121.777474][ T5394] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 121.783520][ T5394] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 121.789559][ T5394] do_syscall_64+0x41/0xc0 [ 121.794030][ T5394] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.799996][ T5394] RIP: 0033:0x7fd49ce20129 [ 121.804456][ T5394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 121.824114][ T5394] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 121.832587][ T5394] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 121.840601][ T5394] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 121.848611][ T5394] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 121.856611][ T5394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5390] <... write resumed>) = 18 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./15/file0") = 0 [pid 5073] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./15/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./15") = 0 [pid 5073] mkdir("./16", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5403 attached [pid 5403] chdir("./16") = 0 [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 18 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5403] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5403] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] mkdir("./file0", 000) = 0 [pid 5403] open("./file0", O_RDONLY) = 3 [pid 5403] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5403] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5403] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5403] openat(5, "memory.max", O_RDWR) = 6 [pid 5403] write(6, "0x000000000000040e", 18 [pid 5390] close(3) = 0 [pid 5390] close(4) = 0 [pid 5390] close(5) = 0 [pid 5390] close(6) = 0 [pid 5390] close(7) = -1 EBADF (Bad file descriptor) [pid 5390] close(8) = -1 EBADF (Bad file descriptor) [pid 5390] close(9) = -1 EBADF (Bad file descriptor) [pid 5390] close(10) = -1 EBADF (Bad file descriptor) [pid 5390] close(11) = -1 EBADF (Bad file descriptor) [pid 5390] close(12) = -1 EBADF (Bad file descriptor) [pid 5390] close(13) = -1 EBADF (Bad file descriptor) [pid 5390] close(14) = -1 EBADF (Bad file descriptor) [pid 5390] close(15) = -1 EBADF (Bad file descriptor) [pid 5390] close(16) = -1 EBADF (Bad file descriptor) [ 121.864611][ T5394] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000013 [ 121.872648][ T5394] [pid 5390] close(17) = -1 EBADF (Bad file descriptor) [pid 5390] close(18) = -1 EBADF (Bad file descriptor) [pid 5390] close(19) = -1 EBADF (Bad file descriptor) [pid 5390] close(20) = -1 EBADF (Bad file descriptor) [pid 5390] close(21) = -1 EBADF (Bad file descriptor) [pid 5390] close(22) = -1 EBADF (Bad file descriptor) [pid 5390] close(23) = -1 EBADF (Bad file descriptor) [ 121.924211][ T5394] memory: usage 8kB, limit 0kB, failcnt 55 [ 121.933674][ T5394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 121.942781][ T5394] Memory cgroup stats for /syz1: [ 121.942990][ T5394] anon 0 [ 121.942990][ T5394] file 0 [ 121.942990][ T5394] kernel 8192 [ 121.942990][ T5394] kernel_stack 0 [ 121.942990][ T5394] pagetables 0 [ 121.942990][ T5394] sec_pagetables 0 [ 121.942990][ T5394] percpu 0 [ 121.942990][ T5394] sock 0 [ 121.942990][ T5394] vmalloc 0 [ 121.942990][ T5394] shmem 0 [ 121.942990][ T5394] zswap 0 [ 121.942990][ T5394] zswapped 0 [ 121.942990][ T5394] file_mapped 0 [ 121.942990][ T5394] file_dirty 0 [ 121.942990][ T5394] file_writeback 0 [ 121.942990][ T5394] swapcached 0 [ 121.942990][ T5394] anon_thp 0 [ 121.942990][ T5394] file_thp 0 [ 121.942990][ T5394] shmem_thp 0 [ 121.942990][ T5394] inactive_anon 0 [ 121.942990][ T5394] active_anon 0 [ 121.942990][ T5394] inactive_file 0 [ 121.942990][ T5394] active_file 0 [ 121.942990][ T5394] unevictable 0 [pid 5390] close(24) = -1 EBADF (Bad file descriptor) [pid 5390] close(25) = -1 EBADF (Bad file descriptor) [pid 5390] close(26) = -1 EBADF (Bad file descriptor) [pid 5390] close(27) = -1 EBADF (Bad file descriptor) [pid 5390] close(28) = -1 EBADF (Bad file descriptor) [pid 5390] close(29) = -1 EBADF (Bad file descriptor) [ 121.942990][ T5394] slab_reclaimable 6752 [ 121.942990][ T5394] slab_unreclaimable 0 [ 121.942990][ T5394] slab 6752 [ 121.942990][ T5394] workingset_refault_anon 0 [ 122.050660][ T5394] Tasks state (memory values in pages): [ 122.058910][ T5394] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5390] exit_group(0 [pid 5394] <... write resumed>) = 18 [pid 5394] close(3) = 0 [pid 5390] <... exit_group resumed>) = ? [pid 5394] close(4) = 0 [pid 5394] close(5) = 0 [pid 5394] close(6) = 0 [pid 5394] close(7) = -1 EBADF (Bad file descriptor) [pid 5394] close(8) = -1 EBADF (Bad file descriptor) [pid 5394] close(9) = -1 EBADF (Bad file descriptor) [pid 5394] close(10) = -1 EBADF (Bad file descriptor) [pid 5394] close(11) = -1 EBADF (Bad file descriptor) [pid 5394] close(12) = -1 EBADF (Bad file descriptor) [pid 5394] close(13) = -1 EBADF (Bad file descriptor) [pid 5394] close(14) = -1 EBADF (Bad file descriptor) [pid 5394] close(15) = -1 EBADF (Bad file descriptor) [pid 5394] close(16) = -1 EBADF (Bad file descriptor) [pid 5394] close(17) = -1 EBADF (Bad file descriptor) [pid 5394] close(18) = -1 EBADF (Bad file descriptor) [pid 5394] close(19) = -1 EBADF (Bad file descriptor) [pid 5394] close(20) = -1 EBADF (Bad file descriptor) [pid 5394] close(21) = -1 EBADF (Bad file descriptor) [pid 5394] close(22) = -1 EBADF (Bad file descriptor) [pid 5394] close(23) = -1 EBADF (Bad file descriptor) [pid 5394] close(24) = -1 EBADF (Bad file descriptor) [pid 5394] close(25) = -1 EBADF (Bad file descriptor) [pid 5394] close(26 [pid 5390] +++ exited with 0 +++ [pid 5394] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5394] close(27) = -1 EBADF (Bad file descriptor) [pid 5394] close(28 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5394] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5394] close(29) = -1 EBADF (Bad file descriptor) [pid 5394] exit_group(0) = ? [pid 5070] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5394] +++ exited with 0 +++ [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5070] <... openat resumed>) = 3 [pid 5074] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] fstat(3, [pid 5074] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./19/binderfs", [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] lstat("./12/binderfs", [pid 5074] unlink("./19/binderfs" [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] <... unlink resumed>) = 0 [pid 5070] unlink("./12/binderfs" [pid 5074] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... unlink resumed>) = 0 [pid 5074] lstat("./19/cgroup", [pid 5070] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./19/cgroup" [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 122.072148][ T5394] Out of memory and no killable processes... [ 122.080378][ T5391] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 122.122495][ T5391] CPU: 0 PID: 5391 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 122.132995][ T5391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 122.143090][ T5391] Call Trace: [ 122.146409][ T5391] [ 122.149379][ T5391] dump_stack_lvl+0x1e7/0x2d0 [ 122.154119][ T5391] ? nf_tcp_handle_invalid+0x640/0x640 [ 122.159636][ T5391] ? panic+0x770/0x770 [ 122.163776][ T5391] dump_header+0xdc/0x940 [ 122.168163][ T5391] out_of_memory+0xf21/0x12c0 [ 122.172894][ T5391] ? mutex_lock_io_nested+0x60/0x60 [ 122.178150][ T5391] ? mark_lock+0x9a/0x340 [ 122.182533][ T5391] ? unregister_oom_notifier+0x20/0x20 [ 122.188042][ T5391] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 122.194087][ T5391] mem_cgroup_out_of_memory+0x263/0x3b0 [ 122.199693][ T5391] ? mem_cgroup_oom_trylock+0x210/0x210 [ 122.205317][ T5391] ? cgroup_file_notify+0x127/0x190 [ 122.210586][ T5391] memory_max_write+0x355/0x470 [ 122.215503][ T5391] ? memory_max_show+0xa0/0xa0 [ 122.220326][ T5391] ? read_lock_is_recursive+0x20/0x20 [ 122.225771][ T5391] ? memory_max_show+0xa0/0xa0 [ 122.230592][ T5391] cgroup_file_write+0x2b1/0x780 [ 122.235586][ T5391] ? cgroup_seqfile_stop+0xd0/0xd0 [ 122.240752][ T5391] ? __virt_addr_valid+0x22f/0x2e0 [ 122.245935][ T5391] ? cgroup_seqfile_stop+0xd0/0xd0 [ 122.251093][ T5391] kernfs_fop_write_iter+0x3a6/0x4f0 [ 122.256443][ T5391] vfs_write+0x7b2/0xbb0 [ 122.260752][ T5391] ? file_end_write+0x240/0x240 [ 122.265658][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [pid 5074] <... unlink resumed>) = 0 [pid 5070] lstat("./12/cgroup", [pid 5074] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./19/cgroup.net") = 0 [pid 5074] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] unlink("./12/cgroup") = 0 [pid 5070] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./12/cgroup.net") = 0 [ 122.270910][ T5391] ? lockdep_hardirqs_on+0x98/0x140 [ 122.276161][ T5391] ? __fdget_pos+0x265/0x2f0 [ 122.280818][ T5391] ksys_write+0x1a0/0x2c0 [ 122.285203][ T5391] ? __ia32_sys_read+0x90/0x90 [ 122.290013][ T5391] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 122.296054][ T5391] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 122.302097][ T5391] do_syscall_64+0x41/0xc0 [ 122.306561][ T5391] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.312513][ T5391] RIP: 0033:0x7fd49ce20129 [ 122.316969][ T5391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 122.336623][ T5391] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.345097][ T5391] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 122.353115][ T5391] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 122.361135][ T5391] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5074] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./19/file0", [pid 5070] lstat("./12/file0", [pid 5074] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 122.369162][ T5391] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 122.377174][ T5391] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000d [ 122.385213][ T5391] [ 122.394406][ T5391] memory: usage 8kB, limit 0kB, failcnt 55 [ 122.400455][ T5391] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 122.407895][ T5391] Memory cgroup stats for /syz1: [ 122.408096][ T5391] anon 0 [ 122.408096][ T5391] file 0 [ 122.408096][ T5391] kernel 8192 [pid 5070] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] <... openat resumed>) = 4 [pid 5070] <... openat resumed>) = 4 [pid 5074] fstat(4, [pid 5070] fstat(4, [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, [pid 5070] getdents64(4, [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, [pid 5070] getdents64(4, [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4 [pid 5070] close(4 [pid 5074] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5074] rmdir("./19/file0" [pid 5070] rmdir("./12/file0" [pid 5074] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5074] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./19/cgroup.cpu", [pid 5070] lstat("./12/cgroup.cpu", [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./19/cgroup.cpu" [pid 5070] unlink("./12/cgroup.cpu" [pid 5074] <... unlink resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5074] getdents64(3, [pid 5070] getdents64(3, [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [ 122.408096][ T5391] kernel_stack 0 [ 122.408096][ T5391] pagetables 0 [ 122.408096][ T5391] sec_pagetables 0 [ 122.408096][ T5391] percpu 0 [ 122.408096][ T5391] sock 0 [ 122.408096][ T5391] vmalloc 0 [ 122.408096][ T5391] shmem 0 [ 122.408096][ T5391] zswap 0 [ 122.408096][ T5391] zswapped 0 [ 122.408096][ T5391] file_mapped 0 [ 122.408096][ T5391] file_dirty 0 [ 122.408096][ T5391] file_writeback 0 [ 122.408096][ T5391] swapcached 0 [ 122.408096][ T5391] anon_thp 0 [ 122.408096][ T5391] file_thp 0 [ 122.408096][ T5391] shmem_thp 0 [pid 5070] close(3 [pid 5074] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5074] rmdir("./19" [pid 5070] rmdir("./12" [pid 5074] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5074] mkdir("./20", 0777 [pid 5070] mkdir("./13", 0777 [pid 5074] <... mkdir resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5411 attached [pid 5411] chdir("./13" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 22 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 15 [pid 5411] <... chdir resumed>) = 0 [pid 5411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5411] setpgid(0, 0) = 0 [pid 5411] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5411] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5411] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5410 attached ) = 3 [pid 5411] write(3, "1000", 4) = 4 [pid 5411] close(3) = 0 [pid 5410] chdir("./20" [pid 5411] symlink("/dev/binderfs", "./binderfs") = 0 [ 122.408096][ T5391] inactive_anon 0 [ 122.408096][ T5391] active_anon 0 [ 122.408096][ T5391] inactive_file 0 [ 122.408096][ T5391] active_file 0 [ 122.408096][ T5391] unevictable 0 [ 122.408096][ T5391] slab_reclaimable 6752 [ 122.408096][ T5391] slab_unreclaimable 0 [ 122.408096][ T5391] slab 6752 [ 122.408096][ T5391] workingset_refault_anon 0 [ 122.508033][ T5391] Tasks state (memory values in pages): [ 122.514217][ T5391] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5411] mkdir("./file0", 000) = 0 [pid 5410] <... chdir resumed>) = 0 [pid 5411] open("./file0", O_RDONLY) = 3 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5411] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5410] <... prctl resumed>) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5411] <... mount resumed>) = 0 [pid 5410] <... symlink resumed>) = 0 [pid 5410] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5411] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5410] <... symlink resumed>) = 0 [pid 5410] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs" [pid 5411] <... openat resumed>) = 4 [pid 5410] <... symlink resumed>) = 0 [pid 5410] mkdir("./file0", 000 [pid 5411] openat(4, "syz1", O_RDWR|O_PATH [pid 5410] <... mkdir resumed>) = 0 [pid 5411] <... openat resumed>) = 5 [pid 5410] open("./file0", O_RDONLY [pid 5411] openat(5, "memory.max", O_RDWR [pid 5410] <... open resumed>) = 3 [pid 5410] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5411] <... openat resumed>) = 6 [pid 5410] <... mount resumed>) = 0 [pid 5391] <... write resumed>) = 18 [pid 5410] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5391] close(3 [pid 5410] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5391] <... close resumed>) = 0 [pid 5410] openat(5, "memory.max", O_RDWR) = 6 [pid 5391] close(4 [pid 5410] write(6, "0x000000000000040e", 18 [pid 5391] <... close resumed>) = 0 [pid 5391] close(5) = 0 [pid 5391] close(6 [pid 5411] write(6, "0x000000000000040e", 18 [pid 5391] <... close resumed>) = 0 [pid 5391] close(7) = -1 EBADF (Bad file descriptor) [pid 5391] close(8) = -1 EBADF (Bad file descriptor) [pid 5391] close(9) = -1 EBADF (Bad file descriptor) [pid 5391] close(10) = -1 EBADF (Bad file descriptor) [pid 5391] close(11) = -1 EBADF (Bad file descriptor) [pid 5391] close(12) = -1 EBADF (Bad file descriptor) [pid 5391] close(13) = -1 EBADF (Bad file descriptor) [pid 5391] close(14) = -1 EBADF (Bad file descriptor) [pid 5391] close(15) = -1 EBADF (Bad file descriptor) [pid 5391] close(16) = -1 EBADF (Bad file descriptor) [pid 5391] close(17) = -1 EBADF (Bad file descriptor) [pid 5391] close(18) = -1 EBADF (Bad file descriptor) [pid 5391] close(19) = -1 EBADF (Bad file descriptor) [pid 5391] close(20) = -1 EBADF (Bad file descriptor) [pid 5391] close(21) = -1 EBADF (Bad file descriptor) [pid 5391] close(22) = -1 EBADF (Bad file descriptor) [pid 5391] close(23) = -1 EBADF (Bad file descriptor) [pid 5391] close(24) = -1 EBADF (Bad file descriptor) [pid 5391] close(25) = -1 EBADF (Bad file descriptor) [pid 5391] close(26) = -1 EBADF (Bad file descriptor) [pid 5391] close(27) = -1 EBADF (Bad file descriptor) [pid 5391] close(28) = -1 EBADF (Bad file descriptor) [pid 5391] close(29) = -1 EBADF (Bad file descriptor) [pid 5391] exit_group(0) = ? [pid 5391] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 122.524173][ T5391] Out of memory and no killable processes... [ 122.552007][ T5400] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5072] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./13/binderfs") = 0 [pid 5072] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./13/cgroup") = 0 [pid 5072] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 122.580351][ T5400] CPU: 0 PID: 5400 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 122.590842][ T5400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 122.600938][ T5400] Call Trace: [ 122.604245][ T5400] [ 122.607211][ T5400] dump_stack_lvl+0x1e7/0x2d0 [ 122.611944][ T5400] ? nf_tcp_handle_invalid+0x640/0x640 [ 122.617456][ T5400] ? panic+0x770/0x770 [ 122.621594][ T5400] dump_header+0xdc/0x940 [ 122.625984][ T5400] out_of_memory+0xf21/0x12c0 [pid 5072] unlink("./13/cgroup.net") = 0 [ 122.630732][ T5400] ? mutex_lock_io_nested+0x60/0x60 [ 122.635996][ T5400] ? mark_lock+0x9a/0x340 [ 122.640360][ T5400] ? unregister_oom_notifier+0x20/0x20 [ 122.645858][ T5400] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 122.651901][ T5400] mem_cgroup_out_of_memory+0x263/0x3b0 [ 122.657510][ T5400] ? mem_cgroup_oom_trylock+0x210/0x210 [ 122.663122][ T5400] ? cgroup_file_notify+0x127/0x190 [ 122.668372][ T5400] memory_max_write+0x355/0x470 [ 122.673272][ T5400] ? memory_max_show+0xa0/0xa0 [ 122.678094][ T5400] ? read_lock_is_recursive+0x20/0x20 [ 122.683518][ T5400] ? memory_max_show+0xa0/0xa0 [ 122.688325][ T5400] cgroup_file_write+0x2b1/0x780 [ 122.693303][ T5400] ? cgroup_seqfile_stop+0xd0/0xd0 [ 122.698465][ T5400] ? __virt_addr_valid+0x22f/0x2e0 [ 122.703641][ T5400] ? cgroup_seqfile_stop+0xd0/0xd0 [ 122.708802][ T5400] kernfs_fop_write_iter+0x3a6/0x4f0 [ 122.714148][ T5400] vfs_write+0x7b2/0xbb0 [ 122.718453][ T5400] ? file_end_write+0x240/0x240 [ 122.723362][ T5400] ? do_raw_spin_unlock+0x13b/0x8b0 [ 122.728611][ T5400] ? lockdep_hardirqs_on+0x98/0x140 [ 122.733873][ T5400] ? __fdget_pos+0x265/0x2f0 [ 122.738523][ T5400] ksys_write+0x1a0/0x2c0 [ 122.742907][ T5400] ? __ia32_sys_read+0x90/0x90 [ 122.747722][ T5400] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 122.753769][ T5400] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 122.759811][ T5400] do_syscall_64+0x41/0xc0 [ 122.764286][ T5400] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.770249][ T5400] RIP: 0033:0x7fd49ce20129 [ 122.774706][ T5400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 122.794378][ T5400] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.802849][ T5400] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 122.810861][ T5400] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 122.818870][ T5400] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./13/file0") = 0 [pid 5072] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./13/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./13") = 0 [pid 5072] mkdir("./14", 0777) = 0 [ 122.826882][ T5400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 122.834903][ T5400] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000013 [ 122.842947][ T5400] [ 122.853484][ T5400] memory: usage 8kB, limit 0kB, failcnt 55 [ 122.859885][ T5400] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 122.874728][ T5400] Memory cgroup stats for /syz1: [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 16 [ 122.874990][ T5400] anon 0 [ 122.874990][ T5400] file 0 [ 122.874990][ T5400] kernel 8192 [ 122.874990][ T5400] kernel_stack 0 [ 122.874990][ T5400] pagetables 0 [ 122.874990][ T5400] sec_pagetables 0 [ 122.874990][ T5400] percpu 0 [ 122.874990][ T5400] sock 0 [ 122.874990][ T5400] vmalloc 0 [ 122.874990][ T5400] shmem 0 [ 122.874990][ T5400] zswap 0 [ 122.874990][ T5400] zswapped 0 [ 122.874990][ T5400] file_mapped 0 [ 122.874990][ T5400] file_dirty 0 [ 122.874990][ T5400] file_writeback 0 [ 122.874990][ T5400] swapcached 0 ./strace-static-x86_64: Process 5417 attached [pid 5417] chdir("./14") = 0 [pid 5417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5417] setpgid(0, 0) = 0 [pid 5417] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5417] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5417] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5417] write(3, "1000", 4) = 4 [pid 5417] close(3) = 0 [pid 5417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5417] mkdir("./file0", 000) = 0 [pid 5417] open("./file0", O_RDONLY) = 3 [pid 5417] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5417] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5417] openat(5, "memory.max", O_RDWR) = 6 [ 122.874990][ T5400] anon_thp 0 [ 122.874990][ T5400] file_thp 0 [ 122.874990][ T5400] shmem_thp 0 [ 122.874990][ T5400] inactive_anon 0 [ 122.874990][ T5400] active_anon 0 [ 122.874990][ T5400] inactive_file 0 [ 122.874990][ T5400] active_file 0 [ 122.874990][ T5400] unevictable 0 [ 122.874990][ T5400] slab_reclaimable 6752 [ 122.874990][ T5400] slab_unreclaimable 0 [ 122.874990][ T5400] slab 6752 [ 122.874990][ T5400] workingset_refault_anon 0 [ 123.058499][ T5400] Tasks state (memory values in pages): [ 123.064335][ T5400] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 123.082007][ T5400] Out of memory and no killable processes... [ 123.092131][ T5403] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 123.103214][ T5403] CPU: 1 PID: 5403 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 123.113681][ T5403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 123.123783][ T5403] Call Trace: [ 123.127106][ T5403] [ 123.130072][ T5403] dump_stack_lvl+0x1e7/0x2d0 [ 123.134813][ T5403] ? nf_tcp_handle_invalid+0x640/0x640 [ 123.140325][ T5403] ? panic+0x770/0x770 [ 123.144457][ T5403] dump_header+0xdc/0x940 [ 123.148844][ T5403] out_of_memory+0xf21/0x12c0 [ 123.153582][ T5403] ? mutex_lock_io_nested+0x60/0x60 [pid 5417] write(6, "0x000000000000040e", 18 [pid 5400] <... write resumed>) = 18 [pid 5400] close(3) = 0 [pid 5400] close(4) = 0 [pid 5400] close(5) = 0 [pid 5400] close(6) = 0 [pid 5400] close(7) = -1 EBADF (Bad file descriptor) [pid 5400] close(8) = -1 EBADF (Bad file descriptor) [pid 5400] close(9) = -1 EBADF (Bad file descriptor) [pid 5400] close(10) = -1 EBADF (Bad file descriptor) [pid 5400] close(11) = -1 EBADF (Bad file descriptor) [ 123.158842][ T5403] ? preempt_schedule+0xdd/0xf0 [ 123.163749][ T5403] ? unregister_oom_notifier+0x20/0x20 [ 123.169264][ T5403] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 123.175301][ T5403] mem_cgroup_out_of_memory+0x263/0x3b0 [ 123.180899][ T5403] ? preempt_schedule_thunk+0x1a/0x20 [ 123.186333][ T5403] ? mem_cgroup_oom_trylock+0x210/0x210 [ 123.191954][ T5403] ? cgroup_file_notify+0x127/0x190 [ 123.197211][ T5403] memory_max_write+0x355/0x470 [ 123.202130][ T5403] ? memory_max_show+0xa0/0xa0 [pid 5400] close(12) = -1 EBADF (Bad file descriptor) [pid 5400] close(13) = -1 EBADF (Bad file descriptor) [pid 5400] close(14) = -1 EBADF (Bad file descriptor) [pid 5400] close(15) = -1 EBADF (Bad file descriptor) [pid 5400] close(16) = -1 EBADF (Bad file descriptor) [pid 5400] close(17) = -1 EBADF (Bad file descriptor) [pid 5400] close(18) = -1 EBADF (Bad file descriptor) [pid 5400] close(19) = -1 EBADF (Bad file descriptor) [ 123.206936][ T5403] ? read_lock_is_recursive+0x20/0x20 [ 123.212336][ T5403] ? memory_max_show+0xa0/0xa0 [ 123.217117][ T5403] cgroup_file_write+0x2b1/0x780 [ 123.222073][ T5403] ? cgroup_seqfile_stop+0xd0/0xd0 [ 123.227197][ T5403] ? __virt_addr_valid+0x22f/0x2e0 [ 123.232340][ T5403] ? cgroup_seqfile_stop+0xd0/0xd0 [ 123.237466][ T5403] kernfs_fop_write_iter+0x3a6/0x4f0 [ 123.242777][ T5403] vfs_write+0x7b2/0xbb0 [ 123.247050][ T5403] ? file_end_write+0x240/0x240 [ 123.251918][ T5403] ? do_raw_spin_unlock+0x13b/0x8b0 [ 123.257243][ T5403] ? lockdep_hardirqs_on+0x98/0x140 [ 123.262464][ T5403] ? __fdget_pos+0x265/0x2f0 [ 123.267073][ T5403] ksys_write+0x1a0/0x2c0 [ 123.271450][ T5403] ? __ia32_sys_read+0x90/0x90 [ 123.276270][ T5403] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 123.282317][ T5403] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 123.288356][ T5403] do_syscall_64+0x41/0xc0 [ 123.292802][ T5403] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.298735][ T5403] RIP: 0033:0x7fd49ce20129 [ 123.303176][ T5403] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 123.322982][ T5403] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.331496][ T5403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 123.339480][ T5403] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 123.347467][ T5403] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5400] close(20) = -1 EBADF (Bad file descriptor) [ 123.355445][ T5403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 123.363430][ T5403] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000010 [ 123.371432][ T5403] [ 123.384927][ T5403] memory: usage 8kB, limit 0kB, failcnt 55 [ 123.391914][ T5403] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 123.399672][ T5403] Memory cgroup stats for /syz1: [ 123.399872][ T5403] anon 0 [ 123.399872][ T5403] file 0 [ 123.399872][ T5403] kernel 8192 [ 123.399872][ T5403] kernel_stack 0 [ 123.399872][ T5403] pagetables 0 [ 123.399872][ T5403] sec_pagetables 0 [ 123.399872][ T5403] percpu 0 [ 123.399872][ T5403] sock 0 [ 123.399872][ T5403] vmalloc 0 [ 123.399872][ T5403] shmem 0 [ 123.399872][ T5403] zswap 0 [ 123.399872][ T5403] zswapped 0 [ 123.399872][ T5403] file_mapped 0 [ 123.399872][ T5403] file_dirty 0 [ 123.399872][ T5403] file_writeback 0 [ 123.399872][ T5403] swapcached 0 [ 123.399872][ T5403] anon_thp 0 [ 123.399872][ T5403] file_thp 0 [pid 5400] close(21) = -1 EBADF (Bad file descriptor) [ 123.399872][ T5403] shmem_thp 0 [ 123.399872][ T5403] inactive_anon 0 [ 123.399872][ T5403] active_anon 0 [ 123.399872][ T5403] inactive_file 0 [ 123.399872][ T5403] active_file 0 [ 123.399872][ T5403] unevictable 0 [ 123.399872][ T5403] slab_reclaimable 6752 [ 123.399872][ T5403] slab_unreclaimable 0 [ 123.399872][ T5403] slab 6752 [ 123.399872][ T5403] workingset_refault_anon 0 [ 123.498888][ T5403] Tasks state (memory values in pages): [pid 5400] close(22) = -1 EBADF (Bad file descriptor) [pid 5400] close(23) = -1 EBADF (Bad file descriptor) [pid 5400] close(24) = -1 EBADF (Bad file descriptor) [pid 5400] close(25) = -1 EBADF (Bad file descriptor) [pid 5400] close(26) = -1 EBADF (Bad file descriptor) [pid 5400] close(27) = -1 EBADF (Bad file descriptor) [pid 5400] close(28) = -1 EBADF (Bad file descriptor) [pid 5400] close(29) = -1 EBADF (Bad file descriptor) [pid 5400] exit_group(0) = ? [pid 5400] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 123.504481][ T5403] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 123.514796][ T5403] Out of memory and no killable processes... [ 123.522458][ T5410] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 123.534648][ T5410] CPU: 0 PID: 5410 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 123.545117][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 123.555211][ T5410] Call Trace: [ 123.558526][ T5410] [ 123.561500][ T5410] dump_stack_lvl+0x1e7/0x2d0 [ 123.566236][ T5410] ? nf_tcp_handle_invalid+0x640/0x640 [ 123.571762][ T5410] ? panic+0x770/0x770 [ 123.575889][ T5410] dump_header+0xdc/0x940 [ 123.580275][ T5410] out_of_memory+0xf21/0x12c0 [ 123.585007][ T5410] ? mutex_lock_io_nested+0x60/0x60 [ 123.590281][ T5410] ? mark_lock+0x9a/0x340 [ 123.594643][ T5410] ? unregister_oom_notifier+0x20/0x20 [ 123.600149][ T5410] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5403] <... write resumed>) = 18 [pid 5075] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./19/binderfs") = 0 [pid 5075] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./19/cgroup") = 0 [pid 5075] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./19/cgroup.net") = 0 [pid 5075] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5403] close(3) = 0 [ 123.606197][ T5410] mem_cgroup_out_of_memory+0x263/0x3b0 [ 123.611802][ T5410] ? mem_cgroup_oom_trylock+0x210/0x210 [ 123.617435][ T5410] ? cgroup_file_notify+0x127/0x190 [ 123.622697][ T5410] memory_max_write+0x355/0x470 [ 123.627607][ T5410] ? memory_max_show+0xa0/0xa0 [ 123.632437][ T5410] ? read_lock_is_recursive+0x20/0x20 [ 123.637864][ T5410] ? memory_max_show+0xa0/0xa0 [ 123.642657][ T5410] cgroup_file_write+0x2b1/0x780 [ 123.647615][ T5410] ? cgroup_seqfile_stop+0xd0/0xd0 [ 123.652734][ T5410] ? __virt_addr_valid+0x22f/0x2e0 [ 123.657876][ T5410] ? cgroup_seqfile_stop+0xd0/0xd0 [ 123.662996][ T5410] kernfs_fop_write_iter+0x3a6/0x4f0 [ 123.668304][ T5410] vfs_write+0x7b2/0xbb0 [ 123.672565][ T5410] ? file_end_write+0x240/0x240 [ 123.677435][ T5410] ? do_raw_spin_unlock+0x13b/0x8b0 [ 123.682650][ T5410] ? lockdep_hardirqs_on+0x98/0x140 [ 123.687869][ T5410] ? __fdget_pos+0x265/0x2f0 [ 123.692475][ T5410] ksys_write+0x1a0/0x2c0 [ 123.696824][ T5410] ? __ia32_sys_read+0x90/0x90 [ 123.701622][ T5410] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 123.707639][ T5410] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 123.713647][ T5410] do_syscall_64+0x41/0xc0 [ 123.718090][ T5410] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.724018][ T5410] RIP: 0033:0x7fd49ce20129 [ 123.728454][ T5410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 123.748078][ T5410] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.756533][ T5410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 123.764525][ T5410] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 123.772511][ T5410] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 123.780504][ T5410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 123.788482][ T5410] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000014 [ 123.796479][ T5410] [pid 5403] close(4) = 0 [pid 5075] <... umount2 resumed>) = 0 [pid 5403] close(5 [pid 5075] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5403] <... close resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5403] close(6 [pid 5075] lstat("./19/file0", [pid 5403] <... close resumed>) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5403] close(7 [pid 5075] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5403] close(8 [pid 5075] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... openat resumed>) = 4 [pid 5403] close(9 [pid 5075] fstat(4, [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5403] close(10 [pid 5075] getdents64(4, [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5403] close(11 [pid 5075] getdents64(4, [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5403] close(12 [pid 5075] close(4 [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... close resumed>) = 0 [pid 5403] close(13 [pid 5075] rmdir("./19/file0" [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [pid 5403] close(14 [pid 5075] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5403] close(15 [pid 5075] lstat("./19/cgroup.cpu", [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5403] close(16 [pid 5075] unlink("./19/cgroup.cpu" [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5403] close(17 [pid 5075] getdents64(3, [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5403] close(18 [pid 5075] close(3 [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... close resumed>) = 0 [pid 5403] close(19 [pid 5075] rmdir("./19" [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [pid 5403] close(20 [pid 5075] mkdir("./20", 0777 [ 123.806679][ T5410] memory: usage 8kB, limit 0kB, failcnt 55 [ 123.812549][ T5410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 123.868239][ T5410] Memory cgroup stats for /syz1: [ 123.868598][ T5410] anon 0 [ 123.868598][ T5410] file 0 [ 123.868598][ T5410] kernel 8192 [ 123.868598][ T5410] kernel_stack 0 [ 123.868598][ T5410] pagetables 0 [ 123.868598][ T5410] sec_pagetables 0 [ 123.868598][ T5410] percpu 0 [ 123.868598][ T5410] sock 0 [ 123.868598][ T5410] vmalloc 0 [ 123.868598][ T5410] shmem 0 [ 123.868598][ T5410] zswap 0 [ 123.868598][ T5410] zswapped 0 [ 123.868598][ T5410] file_mapped 0 [ 123.868598][ T5410] file_dirty 0 [pid 5403] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... mkdir resumed>) = 0 [pid 5403] close(21) = -1 EBADF (Bad file descriptor) [pid 5403] close(22) = -1 EBADF (Bad file descriptor) [pid 5403] close(23) = -1 EBADF (Bad file descriptor) [pid 5403] close(24) = -1 EBADF (Bad file descriptor) [pid 5403] close(25) = -1 EBADF (Bad file descriptor) [pid 5403] close(26) = -1 EBADF (Bad file descriptor) [pid 5403] close(27) = -1 EBADF (Bad file descriptor) [pid 5403] close(28) = -1 EBADF (Bad file descriptor) [pid 5403] close(29) = -1 EBADF (Bad file descriptor) [pid 5403] exit_group(0) = ? [pid 5403] +++ exited with 0 +++ [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5428 attached [pid 5073] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./16/binderfs") = 0 [pid 5073] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 22 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./16/cgroup", [pid 5428] chdir("./20" [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./16/cgroup") = 0 [pid 5073] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./16/cgroup.net") = 0 [pid 5073] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5428] <... chdir resumed>) = 0 [pid 5073] <... umount2 resumed>) = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5428] <... prctl resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5428] setpgid(0, 0 [pid 5073] lstat("./16/file0", [pid 5428] <... setpgid resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5428] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5073] <... openat resumed>) = 4 [ 123.868598][ T5410] file_writeback 0 [ 123.868598][ T5410] swapcached 0 [ 123.868598][ T5410] anon_thp 0 [ 123.868598][ T5410] file_thp 0 [ 123.868598][ T5410] shmem_thp 0 [ 123.868598][ T5410] inactive_anon 0 [ 123.868598][ T5410] active_anon 0 [ 123.868598][ T5410] inactive_file 0 [ 123.868598][ T5410] active_file 0 [ 123.868598][ T5410] unevictable 0 [ 123.868598][ T5410] slab_reclaimable 6752 [ 123.868598][ T5410] slab_unreclaimable 0 [ 123.868598][ T5410] slab 6752 [ 123.868598][ T5410] workingset_refault_anon 0 [pid 5428] <... symlink resumed>) = 0 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./16/file0") = 0 [pid 5073] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./16/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./16") = 0 [pid 5073] mkdir("./17", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5429 attached [pid 5428] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5429] chdir("./17" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 19 [pid 5429] <... chdir resumed>) = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5428] <... symlink resumed>) = 0 [pid 5429] <... prctl resumed>) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5428] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5429] <... symlink resumed>) = 0 [pid 5429] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5428] <... symlink resumed>) = 0 [pid 5429] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5429] <... symlink resumed>) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] <... openat resumed>) = 3 [pid 5429] write(3, "1000", 4 [pid 5428] write(3, "1000", 4 [pid 5429] <... write resumed>) = 4 [pid 5429] close(3 [pid 5428] <... write resumed>) = 4 [pid 5429] <... close resumed>) = 0 [pid 5428] close(3 [pid 5429] symlink("/dev/binderfs", "./binderfs" [pid 5428] <... close resumed>) = 0 [pid 5429] <... symlink resumed>) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs" [pid 5429] mkdir("./file0", 000) = 0 [pid 5428] <... symlink resumed>) = 0 [pid 5429] open("./file0", O_RDONLY) = 3 [pid 5428] mkdir("./file0", 000 [pid 5429] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5429] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5428] <... mkdir resumed>) = 0 [pid 5429] openat(4, "syz1", O_RDWR|O_PATH [pid 5428] open("./file0", O_RDONLY [pid 5429] <... openat resumed>) = 5 [pid 5428] <... open resumed>) = 3 [pid 5429] openat(5, "memory.max", O_RDWR) = 6 [pid 5428] mount(NULL, "./file0", "cgroup2", 0, NULL [ 123.989844][ T5410] Tasks state (memory values in pages): [ 123.995459][ T5410] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5429] write(6, "0x000000000000040e", 18 [pid 5428] <... mount resumed>) = 0 [pid 5428] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5428] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5428] openat(5, "memory.max", O_RDWR) = 6 [pid 5428] write(6, "0x000000000000040e", 18 [pid 5410] <... write resumed>) = 18 [pid 5410] close(3) = 0 [pid 5410] close(4) = 0 [pid 5410] close(5) = 0 [pid 5410] close(6) = 0 [pid 5410] close(7) = -1 EBADF (Bad file descriptor) [pid 5410] close(8) = -1 EBADF (Bad file descriptor) [pid 5410] close(9) = -1 EBADF (Bad file descriptor) [pid 5410] close(10) = -1 EBADF (Bad file descriptor) [pid 5410] close(11) = -1 EBADF (Bad file descriptor) [pid 5410] close(12) = -1 EBADF (Bad file descriptor) [pid 5410] close(13) = -1 EBADF (Bad file descriptor) [pid 5410] close(14) = -1 EBADF (Bad file descriptor) [ 124.032437][ T5410] Out of memory and no killable processes... [ 124.042108][ T5411] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5410] close(15) = -1 EBADF (Bad file descriptor) [pid 5410] close(16) = -1 EBADF (Bad file descriptor) [pid 5410] close(17) = -1 EBADF (Bad file descriptor) [pid 5410] close(18) = -1 EBADF (Bad file descriptor) [pid 5410] close(19) = -1 EBADF (Bad file descriptor) [pid 5410] close(20) = -1 EBADF (Bad file descriptor) [pid 5410] close(21) = -1 EBADF (Bad file descriptor) [pid 5410] close(22) = -1 EBADF (Bad file descriptor) [pid 5410] close(23) = -1 EBADF (Bad file descriptor) [pid 5410] close(24) = -1 EBADF (Bad file descriptor) [pid 5410] close(25) = -1 EBADF (Bad file descriptor) [pid 5410] close(26) = -1 EBADF (Bad file descriptor) [pid 5410] close(27) = -1 EBADF (Bad file descriptor) [pid 5410] close(28) = -1 EBADF (Bad file descriptor) [pid 5410] close(29) = -1 EBADF (Bad file descriptor) [pid 5410] exit_group(0) = ? [pid 5410] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 124.096753][ T5411] CPU: 0 PID: 5411 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 124.107248][ T5411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 124.117341][ T5411] Call Trace: [ 124.120654][ T5411] [ 124.123622][ T5411] dump_stack_lvl+0x1e7/0x2d0 [ 124.131835][ T5411] ? nf_tcp_handle_invalid+0x640/0x640 [ 124.137360][ T5411] ? panic+0x770/0x770 [ 124.141502][ T5411] dump_header+0xdc/0x940 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./20/binderfs") = 0 [pid 5074] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./20/cgroup") = 0 [pid 5074] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./20/cgroup.net") = 0 [ 124.145897][ T5411] out_of_memory+0xf21/0x12c0 [ 124.150639][ T5411] ? mutex_lock_io_nested+0x60/0x60 [ 124.155906][ T5411] ? preempt_schedule+0xdd/0xf0 [ 124.160814][ T5411] ? unregister_oom_notifier+0x20/0x20 [ 124.166326][ T5411] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 124.172386][ T5411] mem_cgroup_out_of_memory+0x263/0x3b0 [ 124.177992][ T5411] ? preempt_schedule_thunk+0x1a/0x20 [ 124.183427][ T5411] ? mem_cgroup_oom_trylock+0x210/0x210 [ 124.189048][ T5411] ? cgroup_file_notify+0x127/0x190 [ 124.194309][ T5411] memory_max_write+0x355/0x470 [ 124.199237][ T5411] ? memory_max_show+0xa0/0xa0 [ 124.204055][ T5411] ? read_lock_is_recursive+0x20/0x20 [ 124.209484][ T5411] ? memory_max_show+0xa0/0xa0 [ 124.214295][ T5411] cgroup_file_write+0x2b1/0x780 [ 124.219284][ T5411] ? cgroup_seqfile_stop+0xd0/0xd0 [ 124.224439][ T5411] ? __virt_addr_valid+0x22f/0x2e0 [ 124.229612][ T5411] ? cgroup_seqfile_stop+0xd0/0xd0 [ 124.234777][ T5411] kernfs_fop_write_iter+0x3a6/0x4f0 [ 124.240215][ T5411] vfs_write+0x7b2/0xbb0 [ 124.244521][ T5411] ? file_end_write+0x240/0x240 [ 124.249436][ T5411] ? do_raw_spin_unlock+0x13b/0x8b0 [ 124.254694][ T5411] ? lockdep_hardirqs_on+0x98/0x140 [ 124.259960][ T5411] ? __fdget_pos+0x265/0x2f0 [ 124.264599][ T5411] ksys_write+0x1a0/0x2c0 [ 124.268984][ T5411] ? __ia32_sys_read+0x90/0x90 [ 124.273794][ T5411] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 124.279838][ T5411] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 124.285881][ T5411] do_syscall_64+0x41/0xc0 [ 124.290347][ T5411] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.296315][ T5411] RIP: 0033:0x7fd49ce20129 [ 124.300772][ T5411] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 124.320427][ T5411] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.328899][ T5411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 124.336914][ T5411] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 124.344925][ T5411] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 124.352937][ T5411] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 124.360949][ T5411] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000d [ 124.369000][ T5411] [ 124.387625][ T5411] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 124.393682][ T5411] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 124.404083][ T5411] Memory cgroup stats for /syz1: [ 124.404291][ T5411] anon 0 [ 124.404291][ T5411] file 0 [ 124.404291][ T5411] kernel 8192 [ 124.404291][ T5411] kernel_stack 0 [ 124.404291][ T5411] pagetables 0 [ 124.404291][ T5411] sec_pagetables 0 [ 124.404291][ T5411] percpu 0 [ 124.404291][ T5411] sock 0 [ 124.404291][ T5411] vmalloc 0 [ 124.404291][ T5411] shmem 0 [ 124.404291][ T5411] zswap 0 [ 124.404291][ T5411] zswapped 0 [ 124.404291][ T5411] file_mapped 0 [ 124.404291][ T5411] file_dirty 0 [ 124.404291][ T5411] file_writeback 0 [ 124.404291][ T5411] swapcached 0 [ 124.404291][ T5411] anon_thp 0 [ 124.404291][ T5411] file_thp 0 [ 124.404291][ T5411] shmem_thp 0 [ 124.404291][ T5411] inactive_anon 0 [ 124.404291][ T5411] active_anon 0 [ 124.404291][ T5411] inactive_file 0 [ 124.404291][ T5411] active_file 0 [ 124.404291][ T5411] unevictable 0 [ 124.404291][ T5411] slab_reclaimable 6752 [ 124.404291][ T5411] slab_unreclaimable 0 [ 124.404291][ T5411] slab 6752 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./20/file0") = 0 [pid 5074] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./20/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./20") = 0 [pid 5074] mkdir("./21", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5435 attached [ 124.404291][ T5411] workingset_refault_anon 0 [pid 5435] chdir("./21" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 23 [pid 5435] <... chdir resumed>) = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5435] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5435] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5435] mkdir("./file0", 000) = 0 [pid 5435] open("./file0", O_RDONLY) = 3 [pid 5435] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5435] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5435] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5435] openat(5, "memory.max", O_RDWR) = 6 [ 124.523596][ T5411] Tasks state (memory values in pages): [ 124.534277][ T5411] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 124.563078][ T5411] Out of memory and no killable processes... [pid 5435] write(6, "0x000000000000040e", 18 [pid 5411] <... write resumed>) = 18 [ 124.569653][ T5417] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 124.587845][ T5417] CPU: 0 PID: 5417 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 124.598325][ T5417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 124.608425][ T5417] Call Trace: [ 124.611738][ T5417] [ 124.614701][ T5417] dump_stack_lvl+0x1e7/0x2d0 [ 124.619453][ T5417] ? nf_tcp_handle_invalid+0x640/0x640 [ 124.624958][ T5417] ? panic+0x770/0x770 [ 124.629085][ T5417] dump_header+0xdc/0x940 [ 124.633470][ T5417] out_of_memory+0xf21/0x12c0 [ 124.638203][ T5417] ? mutex_lock_io_nested+0x60/0x60 [ 124.643461][ T5417] ? preempt_schedule+0xdd/0xf0 [ 124.648359][ T5417] ? unregister_oom_notifier+0x20/0x20 [ 124.653861][ T5417] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 124.659898][ T5417] mem_cgroup_out_of_memory+0x263/0x3b0 [ 124.665488][ T5417] ? preempt_schedule_thunk+0x1a/0x20 [ 124.670917][ T5417] ? mem_cgroup_oom_trylock+0x210/0x210 [ 124.676535][ T5417] ? cgroup_file_notify+0x127/0x190 [ 124.681795][ T5417] memory_max_write+0x355/0x470 [ 124.686704][ T5417] ? memory_max_show+0xa0/0xa0 [ 124.691527][ T5417] ? read_lock_is_recursive+0x20/0x20 [ 124.696960][ T5417] ? memory_max_show+0xa0/0xa0 [ 124.701772][ T5417] cgroup_file_write+0x2b1/0x780 [ 124.706761][ T5417] ? cgroup_seqfile_stop+0xd0/0xd0 [ 124.711916][ T5417] ? __virt_addr_valid+0x22f/0x2e0 [ 124.717090][ T5417] ? cgroup_seqfile_stop+0xd0/0xd0 [ 124.722219][ T5417] kernfs_fop_write_iter+0x3a6/0x4f0 [ 124.727535][ T5417] vfs_write+0x7b2/0xbb0 [ 124.731805][ T5417] ? file_end_write+0x240/0x240 [ 124.736677][ T5417] ? do_raw_spin_unlock+0x13b/0x8b0 [ 124.741901][ T5417] ? lockdep_hardirqs_on+0x98/0x140 [ 124.747126][ T5417] ? __fdget_pos+0x265/0x2f0 [ 124.751738][ T5417] ksys_write+0x1a0/0x2c0 [ 124.756088][ T5417] ? __ia32_sys_read+0x90/0x90 [ 124.760866][ T5417] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 124.766872][ T5417] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 124.772873][ T5417] do_syscall_64+0x41/0xc0 [ 124.777308][ T5417] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.783222][ T5417] RIP: 0033:0x7fd49ce20129 [ 124.787681][ T5417] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 124.807299][ T5417] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.815730][ T5417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 124.823709][ T5417] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 124.831690][ T5417] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 124.839674][ T5417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 124.847660][ T5417] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000e [ 124.855682][ T5417] [ 124.864012][ T5417] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5411] close(3) = 0 [pid 5411] close(4) = 0 [pid 5411] close(5) = 0 [pid 5411] close(6) = 0 [pid 5411] close(7) = -1 EBADF (Bad file descriptor) [pid 5411] close(8) = -1 EBADF (Bad file descriptor) [pid 5411] close(9) = -1 EBADF (Bad file descriptor) [pid 5411] close(10) = -1 EBADF (Bad file descriptor) [pid 5411] close(11) = -1 EBADF (Bad file descriptor) [pid 5411] close(12) = -1 EBADF (Bad file descriptor) [pid 5411] close(13) = -1 EBADF (Bad file descriptor) [pid 5411] close(14) = -1 EBADF (Bad file descriptor) [pid 5411] close(15) = -1 EBADF (Bad file descriptor) [pid 5411] close(16) = -1 EBADF (Bad file descriptor) [pid 5411] close(17) = -1 EBADF (Bad file descriptor) [pid 5411] close(18) = -1 EBADF (Bad file descriptor) [pid 5411] close(19) = -1 EBADF (Bad file descriptor) [pid 5411] close(20) = -1 EBADF (Bad file descriptor) [pid 5411] close(21) = -1 EBADF (Bad file descriptor) [pid 5411] close(22) = -1 EBADF (Bad file descriptor) [ 124.875262][ T5417] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 124.898759][ T5417] Memory cgroup stats for /syz1: [ 124.898970][ T5417] anon 0 [ 124.898970][ T5417] file 0 [ 124.898970][ T5417] kernel 8192 [ 124.898970][ T5417] kernel_stack 0 [ 124.898970][ T5417] pagetables 0 [ 124.898970][ T5417] sec_pagetables 0 [ 124.898970][ T5417] percpu 0 [ 124.898970][ T5417] sock 0 [ 124.898970][ T5417] vmalloc 0 [ 124.898970][ T5417] shmem 0 [ 124.898970][ T5417] zswap 0 [ 124.898970][ T5417] zswapped 0 [ 124.898970][ T5417] file_mapped 0 [ 124.898970][ T5417] file_dirty 0 [ 124.898970][ T5417] file_writeback 0 [ 124.898970][ T5417] swapcached 0 [ 124.898970][ T5417] anon_thp 0 [ 124.898970][ T5417] file_thp 0 [ 124.898970][ T5417] shmem_thp 0 [pid 5411] close(23) = -1 EBADF (Bad file descriptor) [pid 5411] close(24) = -1 EBADF (Bad file descriptor) [pid 5411] close(25) = -1 EBADF (Bad file descriptor) [pid 5411] close(26) = -1 EBADF (Bad file descriptor) [pid 5411] close(27) = -1 EBADF (Bad file descriptor) [pid 5411] close(28) = -1 EBADF (Bad file descriptor) [pid 5411] close(29) = -1 EBADF (Bad file descriptor) [pid 5411] exit_group(0) = ? [pid 5411] +++ exited with 0 +++ [ 124.898970][ T5417] inactive_anon 0 [ 124.898970][ T5417] active_anon 0 [ 124.898970][ T5417] inactive_file 0 [ 124.898970][ T5417] active_file 0 [ 124.898970][ T5417] unevictable 0 [ 124.898970][ T5417] slab_reclaimable 6752 [ 124.898970][ T5417] slab_unreclaimable 0 [ 124.898970][ T5417] slab 6752 [ 124.898970][ T5417] workingset_refault_anon 0 [ 125.016717][ T5417] Tasks state (memory values in pages): [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./13/binderfs") = 0 [pid 5070] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./13/cgroup") = 0 [pid 5070] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./13/cgroup.net") = 0 [pid 5070] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./13/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 125.022337][ T5417] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 125.060171][ T5417] Out of memory and no killable processes... [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./13/file0") = 0 [pid 5070] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./13/cgroup.cpu") = 0 [pid 5417] <... write resumed>) = 18 [pid 5417] close(3 [pid 5070] getdents64(3, [pid 5417] <... close resumed>) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5417] close(4 [pid 5070] close(3 [pid 5417] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5070] rmdir("./13") = 0 [pid 5070] mkdir("./14", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached [pid 5442] chdir("./14" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 16 [pid 5442] <... chdir resumed>) = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5442] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5442] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] mkdir("./file0", 000) = 0 [pid 5442] open("./file0", O_RDONLY) = 3 [ 125.066332][ T5429] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 125.090206][ T5429] CPU: 0 PID: 5429 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 125.100702][ T5429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 125.110816][ T5429] Call Trace: [ 125.114146][ T5429] [ 125.117114][ T5429] dump_stack_lvl+0x1e7/0x2d0 [pid 5442] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5442] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5442] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5442] openat(5, "memory.max", O_RDWR) = 6 [ 125.121853][ T5429] ? nf_tcp_handle_invalid+0x640/0x640 [ 125.127366][ T5429] ? panic+0x770/0x770 [ 125.131511][ T5429] dump_header+0xdc/0x940 [ 125.135909][ T5429] out_of_memory+0xf21/0x12c0 [ 125.140646][ T5429] ? mutex_lock_io_nested+0x60/0x60 [ 125.145910][ T5429] ? preempt_schedule+0xdd/0xf0 [ 125.150828][ T5429] ? unregister_oom_notifier+0x20/0x20 [ 125.156351][ T5429] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 125.162420][ T5429] mem_cgroup_out_of_memory+0x263/0x3b0 [ 125.168042][ T5429] ? preempt_schedule_thunk+0x1a/0x20 [ 125.173477][ T5429] ? mem_cgroup_oom_trylock+0x210/0x210 [ 125.179103][ T5429] ? cgroup_file_notify+0x127/0x190 [ 125.184365][ T5429] memory_max_write+0x355/0x470 [ 125.189280][ T5429] ? memory_max_show+0xa0/0xa0 [ 125.194099][ T5429] ? read_lock_is_recursive+0x20/0x20 [ 125.199537][ T5429] ? memory_max_show+0xa0/0xa0 [ 125.204361][ T5429] cgroup_file_write+0x2b1/0x780 [ 125.209355][ T5429] ? cgroup_seqfile_stop+0xd0/0xd0 [ 125.214523][ T5429] ? __virt_addr_valid+0x22f/0x2e0 [ 125.219713][ T5429] ? cgroup_seqfile_stop+0xd0/0xd0 [ 125.224884][ T5429] kernfs_fop_write_iter+0x3a6/0x4f0 [ 125.230332][ T5429] vfs_write+0x7b2/0xbb0 [ 125.234650][ T5429] ? file_end_write+0x240/0x240 [ 125.239569][ T5429] ? do_raw_spin_unlock+0x13b/0x8b0 [ 125.244832][ T5429] ? lockdep_hardirqs_on+0x98/0x140 [ 125.250106][ T5429] ? __fdget_pos+0x265/0x2f0 [ 125.254757][ T5429] ksys_write+0x1a0/0x2c0 [ 125.259148][ T5429] ? __ia32_sys_read+0x90/0x90 [ 125.263964][ T5429] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 125.270013][ T5429] ? syscall_enter_from_user_mode+0x8c/0x2c0 [pid 5442] write(6, "0x000000000000040e", 18 [pid 5417] close(5) = 0 [pid 5417] close(6) = 0 [ 125.276073][ T5429] do_syscall_64+0x41/0xc0 [ 125.280548][ T5429] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.286512][ T5429] RIP: 0033:0x7fd49ce20129 [ 125.290974][ T5429] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.310639][ T5429] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 125.319117][ T5429] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5417] close(7) = -1 EBADF (Bad file descriptor) [pid 5417] close(8) = -1 EBADF (Bad file descriptor) [pid 5417] close(9) = -1 EBADF (Bad file descriptor) [pid 5417] close(10) = -1 EBADF (Bad file descriptor) [pid 5417] close(11) = -1 EBADF (Bad file descriptor) [pid 5417] close(12) = -1 EBADF (Bad file descriptor) [pid 5417] close(13) = -1 EBADF (Bad file descriptor) [pid 5417] close(14) = -1 EBADF (Bad file descriptor) [pid 5417] close(15) = -1 EBADF (Bad file descriptor) [pid 5417] close(16) = -1 EBADF (Bad file descriptor) [pid 5417] close(17) = -1 EBADF (Bad file descriptor) [pid 5417] close(18) = -1 EBADF (Bad file descriptor) [pid 5417] close(19) = -1 EBADF (Bad file descriptor) [pid 5417] close(20) = -1 EBADF (Bad file descriptor) [pid 5417] close(21) = -1 EBADF (Bad file descriptor) [pid 5417] close(22) = -1 EBADF (Bad file descriptor) [pid 5417] close(23) = -1 EBADF (Bad file descriptor) [pid 5417] close(24) = -1 EBADF (Bad file descriptor) [pid 5417] close(25) = -1 EBADF (Bad file descriptor) [pid 5417] close(26) = -1 EBADF (Bad file descriptor) [pid 5417] close(27) = -1 EBADF (Bad file descriptor) [pid 5417] close(28) = -1 EBADF (Bad file descriptor) [pid 5417] close(29) = -1 EBADF (Bad file descriptor) [pid 5417] exit_group(0) = ? [pid 5417] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./14/binderfs") = 0 [pid 5072] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./14/cgroup") = 0 [pid 5072] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 125.327142][ T5429] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 125.335168][ T5429] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 125.343192][ T5429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 125.351213][ T5429] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000011 [ 125.359268][ T5429] [pid 5072] unlink("./14/cgroup.net") = 0 [pid 5072] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./14/file0") = 0 [pid 5072] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./14/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./14") = 0 [ 125.401723][ T5429] memory: usage 8kB, limit 0kB, failcnt 55 [ 125.413845][ T5429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 125.423848][ T5429] Memory cgroup stats for /syz1: [ 125.424051][ T5429] anon 0 [ 125.424051][ T5429] file 0 [ 125.424051][ T5429] kernel 8192 [ 125.424051][ T5429] kernel_stack 0 [ 125.424051][ T5429] pagetables 0 [ 125.424051][ T5429] sec_pagetables 0 [ 125.424051][ T5429] percpu 0 [pid 5072] mkdir("./15", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 17 [ 125.424051][ T5429] sock 0 [ 125.424051][ T5429] vmalloc 0 [ 125.424051][ T5429] shmem 0 [ 125.424051][ T5429] zswap 0 [ 125.424051][ T5429] zswapped 0 [ 125.424051][ T5429] file_mapped 0 [ 125.424051][ T5429] file_dirty 0 [ 125.424051][ T5429] file_writeback 0 [ 125.424051][ T5429] swapcached 0 [ 125.424051][ T5429] anon_thp 0 [ 125.424051][ T5429] file_thp 0 [ 125.424051][ T5429] shmem_thp 0 [ 125.424051][ T5429] inactive_anon 0 [ 125.424051][ T5429] active_anon 0 [ 125.424051][ T5429] inactive_file 0 [ 125.424051][ T5429] active_file 0 ./strace-static-x86_64: Process 5445 attached [pid 5445] chdir("./15") = 0 [pid 5445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5445] setpgid(0, 0) = 0 [pid 5445] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5445] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5445] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [ 125.424051][ T5429] unevictable 0 [ 125.424051][ T5429] slab_reclaimable 6752 [ 125.424051][ T5429] slab_unreclaimable 0 [ 125.424051][ T5429] slab 6752 [ 125.424051][ T5429] workingset_refault_anon 0 [pid 5445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5445] write(3, "1000", 4) = 4 [pid 5445] close(3) = 0 [pid 5445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5445] mkdir("./file0", 000) = 0 [pid 5445] open("./file0", O_RDONLY) = 3 [pid 5445] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5445] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5445] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 125.546186][ T5429] Tasks state (memory values in pages): [ 125.560041][ T5429] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 125.581431][ T5429] Out of memory and no killable processes... [pid 5445] openat(5, "memory.max", O_RDWR [pid 5429] <... write resumed>) = 18 [pid 5445] <... openat resumed>) = 6 [pid 5445] write(6, "0x000000000000040e", 18 [pid 5429] close(3) = 0 [pid 5429] close(4) = 0 [ 125.593157][ T5428] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 125.614201][ T5428] CPU: 1 PID: 5428 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 125.624706][ T5428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 125.634816][ T5428] Call Trace: [ 125.638137][ T5428] [ 125.641105][ T5428] dump_stack_lvl+0x1e7/0x2d0 [ 125.645837][ T5428] ? nf_tcp_handle_invalid+0x640/0x640 [ 125.651349][ T5428] ? panic+0x770/0x770 [ 125.655453][ T5428] dump_header+0xdc/0x940 [ 125.659814][ T5428] out_of_memory+0xf21/0x12c0 [ 125.664515][ T5428] ? mutex_lock_io_nested+0x60/0x60 [ 125.669740][ T5428] ? preempt_schedule+0xdd/0xf0 [ 125.674615][ T5428] ? unregister_oom_notifier+0x20/0x20 [ 125.680089][ T5428] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 125.686123][ T5428] mem_cgroup_out_of_memory+0x263/0x3b0 [ 125.691705][ T5428] ? preempt_schedule_thunk+0x1a/0x20 [ 125.697101][ T5428] ? mem_cgroup_oom_trylock+0x210/0x210 [ 125.702687][ T5428] ? cgroup_file_notify+0x127/0x190 [ 125.707914][ T5428] memory_max_write+0x355/0x470 [ 125.712788][ T5428] ? memory_max_show+0xa0/0xa0 [ 125.717590][ T5428] ? read_lock_is_recursive+0x20/0x20 [ 125.722984][ T5428] ? memory_max_show+0xa0/0xa0 [ 125.727769][ T5428] cgroup_file_write+0x2b1/0x780 [ 125.732731][ T5428] ? cgroup_seqfile_stop+0xd0/0xd0 [ 125.737859][ T5428] ? __virt_addr_valid+0x22f/0x2e0 [ 125.743005][ T5428] ? cgroup_seqfile_stop+0xd0/0xd0 [ 125.748140][ T5428] kernfs_fop_write_iter+0x3a6/0x4f0 [ 125.753471][ T5428] vfs_write+0x7b2/0xbb0 [ 125.757753][ T5428] ? file_end_write+0x240/0x240 [ 125.763073][ T5428] ? do_raw_spin_unlock+0x13b/0x8b0 [ 125.768327][ T5428] ? lockdep_hardirqs_on+0x98/0x140 [ 125.773553][ T5428] ? __fdget_pos+0x265/0x2f0 [ 125.778162][ T5428] ksys_write+0x1a0/0x2c0 [ 125.782515][ T5428] ? __ia32_sys_read+0x90/0x90 [ 125.787302][ T5428] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 125.793338][ T5428] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 125.799373][ T5428] do_syscall_64+0x41/0xc0 [ 125.803840][ T5428] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.809769][ T5428] RIP: 0033:0x7fd49ce20129 [ 125.814222][ T5428] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.833880][ T5428] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5429] close(5) = 0 [pid 5429] close(6) = 0 [pid 5429] close(7) = -1 EBADF (Bad file descriptor) [pid 5429] close(8) = -1 EBADF (Bad file descriptor) [pid 5429] close(9) = -1 EBADF (Bad file descriptor) [pid 5429] close(10) = -1 EBADF (Bad file descriptor) [pid 5429] close(11) = -1 EBADF (Bad file descriptor) [pid 5429] close(12) = -1 EBADF (Bad file descriptor) [pid 5429] close(13) = -1 EBADF (Bad file descriptor) [pid 5429] close(14) = -1 EBADF (Bad file descriptor) [pid 5429] close(15) = -1 EBADF (Bad file descriptor) [pid 5429] close(16) = -1 EBADF (Bad file descriptor) [pid 5429] close(17) = -1 EBADF (Bad file descriptor) [pid 5429] close(18) = -1 EBADF (Bad file descriptor) [pid 5429] close(19) = -1 EBADF (Bad file descriptor) [pid 5429] close(20) = -1 EBADF (Bad file descriptor) [pid 5429] close(21) = -1 EBADF (Bad file descriptor) [pid 5429] close(22) = -1 EBADF (Bad file descriptor) [pid 5429] close(23) = -1 EBADF (Bad file descriptor) [pid 5429] close(24) = -1 EBADF (Bad file descriptor) [pid 5429] close(25) = -1 EBADF (Bad file descriptor) [pid 5429] close(26) = -1 EBADF (Bad file descriptor) [pid 5429] close(27) = -1 EBADF (Bad file descriptor) [pid 5429] close(28) = -1 EBADF (Bad file descriptor) [pid 5429] close(29) = -1 EBADF (Bad file descriptor) [pid 5429] exit_group(0) = ? [pid 5429] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./17/binderfs") = 0 [pid 5073] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./17/cgroup") = 0 [pid 5073] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./17/cgroup.net") = 0 [pid 5073] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./17/file0") = 0 [pid 5073] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./17/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./17") = 0 [pid 5073] mkdir("./18", 0777) = 0 [ 125.842317][ T5428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 125.850304][ T5428] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 125.858287][ T5428] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 125.866274][ T5428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 125.874423][ T5428] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000014 [ 125.882446][ T5428] [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5447 attached , child_tidptr=0x5555574ac5d0) = 20 [pid 5447] chdir("./18") = 0 [pid 5447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5447] setpgid(0, 0) = 0 [pid 5447] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5447] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5447] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5447] write(3, "1000", 4) = 4 [pid 5447] close(3) = 0 [pid 5447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5447] mkdir("./file0", 000) = 0 [pid 5447] open("./file0", O_RDONLY) = 3 [pid 5447] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5447] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5447] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5447] openat(5, "memory.max", O_RDWR) = 6 [ 125.949391][ T5428] memory: usage 8kB, limit 0kB, failcnt 55 [ 125.955563][ T5428] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 125.986898][ T5428] Memory cgroup stats for /syz1: [ 125.987466][ T5428] anon 0 [ 125.987466][ T5428] file 0 [ 125.987466][ T5428] kernel 8192 [ 125.987466][ T5428] kernel_stack 0 [ 125.987466][ T5428] pagetables 0 [ 125.987466][ T5428] sec_pagetables 0 [ 125.987466][ T5428] percpu 0 [ 125.987466][ T5428] sock 0 [ 125.987466][ T5428] vmalloc 0 [ 125.987466][ T5428] shmem 0 [ 125.987466][ T5428] zswap 0 [ 125.987466][ T5428] zswapped 0 [ 125.987466][ T5428] file_mapped 0 [ 125.987466][ T5428] file_dirty 0 [ 125.987466][ T5428] file_writeback 0 [ 125.987466][ T5428] swapcached 0 [ 125.987466][ T5428] anon_thp 0 [ 125.987466][ T5428] file_thp 0 [ 125.987466][ T5428] shmem_thp 0 [ 125.987466][ T5428] inactive_anon 0 [ 125.987466][ T5428] active_anon 0 [ 125.987466][ T5428] inactive_file 0 [ 125.987466][ T5428] active_file 0 [ 125.987466][ T5428] unevictable 0 [ 125.987466][ T5428] slab_reclaimable 6752 [ 125.987466][ T5428] slab_unreclaimable 0 [ 125.987466][ T5428] slab 6752 [ 125.987466][ T5428] workingset_refault_anon 0 [ 126.086197][ T5428] Tasks state (memory values in pages): [pid 5447] write(6, "0x000000000000040e", 18 [pid 5428] <... write resumed>) = 18 [ 126.092197][ T5428] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 126.102075][ T5428] Out of memory and no killable processes... [ 126.108559][ T5435] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 126.121610][ T5435] CPU: 1 PID: 5435 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 126.132085][ T5435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 126.142184][ T5435] Call Trace: [ 126.145496][ T5435] [ 126.148464][ T5435] dump_stack_lvl+0x1e7/0x2d0 [ 126.153205][ T5435] ? nf_tcp_handle_invalid+0x640/0x640 [ 126.158720][ T5435] ? panic+0x770/0x770 [ 126.162853][ T5435] dump_header+0xdc/0x940 [ 126.167242][ T5435] out_of_memory+0xf21/0x12c0 [ 126.171969][ T5435] ? mutex_lock_io_nested+0x60/0x60 [ 126.177226][ T5435] ? preempt_schedule+0xdd/0xf0 [ 126.182136][ T5435] ? unregister_oom_notifier+0x20/0x20 [ 126.187653][ T5435] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 126.193713][ T5435] mem_cgroup_out_of_memory+0x263/0x3b0 [ 126.199313][ T5435] ? preempt_schedule_thunk+0x1a/0x20 [ 126.204746][ T5435] ? mem_cgroup_oom_trylock+0x210/0x210 [ 126.210367][ T5435] ? cgroup_file_notify+0x127/0x190 [ 126.215641][ T5435] memory_max_write+0x355/0x470 [ 126.220557][ T5435] ? memory_max_show+0xa0/0xa0 [ 126.225376][ T5435] ? read_lock_is_recursive+0x20/0x20 [ 126.230808][ T5435] ? memory_max_show+0xa0/0xa0 [ 126.235623][ T5435] cgroup_file_write+0x2b1/0x780 [ 126.240612][ T5435] ? cgroup_seqfile_stop+0xd0/0xd0 [ 126.245767][ T5435] ? __virt_addr_valid+0x22f/0x2e0 [ 126.250942][ T5435] ? cgroup_seqfile_stop+0xd0/0xd0 [ 126.256098][ T5435] kernfs_fop_write_iter+0x3a6/0x4f0 [ 126.261445][ T5435] vfs_write+0x7b2/0xbb0 [ 126.265751][ T5435] ? file_end_write+0x240/0x240 [ 126.270653][ T5435] ? do_raw_spin_unlock+0x13b/0x8b0 [ 126.275904][ T5435] ? lockdep_hardirqs_on+0x98/0x140 [ 126.281159][ T5435] ? __fdget_pos+0x265/0x2f0 [ 126.285799][ T5435] ksys_write+0x1a0/0x2c0 [ 126.290187][ T5435] ? __ia32_sys_read+0x90/0x90 [ 126.294995][ T5435] ? syscall_enter_from_user_mode+0x32/0x2c0 [pid 5428] close(3) = 0 [pid 5428] close(4) = 0 [pid 5428] close(5) = 0 [pid 5428] close(6) = 0 [pid 5428] close(7) = -1 EBADF (Bad file descriptor) [pid 5428] close(8) = -1 EBADF (Bad file descriptor) [pid 5428] close(9) = -1 EBADF (Bad file descriptor) [pid 5428] close(10) = -1 EBADF (Bad file descriptor) [pid 5428] close(11) = -1 EBADF (Bad file descriptor) [pid 5428] close(12) = -1 EBADF (Bad file descriptor) [pid 5428] close(13) = -1 EBADF (Bad file descriptor) [pid 5428] close(14) = -1 EBADF (Bad file descriptor) [pid 5428] close(15) = -1 EBADF (Bad file descriptor) [pid 5428] close(16) = -1 EBADF (Bad file descriptor) [pid 5428] close(17) = -1 EBADF (Bad file descriptor) [pid 5428] close(18) = -1 EBADF (Bad file descriptor) [pid 5428] close(19) = -1 EBADF (Bad file descriptor) [pid 5428] close(20) = -1 EBADF (Bad file descriptor) [pid 5428] close(21) = -1 EBADF (Bad file descriptor) [pid 5428] close(22) = -1 EBADF (Bad file descriptor) [pid 5428] close(23) = -1 EBADF (Bad file descriptor) [pid 5428] close(24) = -1 EBADF (Bad file descriptor) [pid 5428] close(25) = -1 EBADF (Bad file descriptor) [pid 5428] close(26) = -1 EBADF (Bad file descriptor) [pid 5428] close(27) = -1 EBADF (Bad file descriptor) [pid 5428] close(28) = -1 EBADF (Bad file descriptor) [pid 5428] close(29) = -1 EBADF (Bad file descriptor) [pid 5428] exit_group(0) = ? [pid 5428] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./20/binderfs") = 0 [pid 5075] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./20/cgroup") = 0 [pid 5075] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./20/cgroup.net") = 0 [ 126.301040][ T5435] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 126.307079][ T5435] do_syscall_64+0x41/0xc0 [ 126.311549][ T5435] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.317488][ T5435] RIP: 0033:0x7fd49ce20129 [ 126.321937][ T5435] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 126.341582][ T5435] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.350053][ T5435] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 126.358068][ T5435] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 126.366431][ T5435] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 126.374702][ T5435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 126.382712][ T5435] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000015 [ 126.390752][ T5435] [pid 5075] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.397752][ T5435] memory: usage 8kB, limit 0kB, failcnt 55 [ 126.403616][ T5435] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 126.416634][ T5435] Memory cgroup stats for /syz1: [ 126.416847][ T5435] anon 0 [ 126.416847][ T5435] file 0 [ 126.416847][ T5435] kernel 8192 [ 126.416847][ T5435] kernel_stack 0 [ 126.416847][ T5435] pagetables 0 [ 126.416847][ T5435] sec_pagetables 0 [ 126.416847][ T5435] percpu 0 [ 126.416847][ T5435] sock 0 [ 126.416847][ T5435] vmalloc 0 [ 126.416847][ T5435] shmem 0 [ 126.416847][ T5435] zswap 0 [ 126.416847][ T5435] zswapped 0 [ 126.416847][ T5435] file_mapped 0 [ 126.416847][ T5435] file_dirty 0 [ 126.416847][ T5435] file_writeback 0 [ 126.416847][ T5435] swapcached 0 [ 126.416847][ T5435] anon_thp 0 [ 126.416847][ T5435] file_thp 0 [ 126.416847][ T5435] shmem_thp 0 [ 126.416847][ T5435] inactive_anon 0 [ 126.416847][ T5435] active_anon 0 [ 126.416847][ T5435] inactive_file 0 [ 126.416847][ T5435] active_file 0 [ 126.416847][ T5435] unevictable 0 [ 126.416847][ T5435] slab_reclaimable 6752 [pid 5075] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 126.416847][ T5435] slab_unreclaimable 0 [ 126.416847][ T5435] slab 6752 [ 126.416847][ T5435] workingset_refault_anon 0 [ 126.516707][ T5435] Tasks state (memory values in pages): [ 126.522545][ T5435] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 126.533664][ T5435] Out of memory and no killable processes... [ 126.542246][ T5442] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5435] <... write resumed>) = 18 [pid 5075] getdents64(4, [pid 5435] close(3) = 0 [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4 [pid 5435] close(4) = 0 [pid 5435] close(5) = 0 [pid 5075] <... close resumed>) = 0 [pid 5075] rmdir("./20/file0") = 0 [pid 5435] close(6 [pid 5075] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5435] <... close resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5435] close(7 [pid 5075] lstat("./20/cgroup.cpu", [pid 5435] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./20/cgroup.cpu" [pid 5435] close(8) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5075] getdents64(3, [pid 5435] close(9 [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5435] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] rmdir("./20" [pid 5435] close(10) = -1 EBADF (Bad file descriptor) [pid 5435] close(11) = -1 EBADF (Bad file descriptor) [pid 5435] close(12) = -1 EBADF (Bad file descriptor) [pid 5435] close(13) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [pid 5075] mkdir("./21", 0777 [pid 5435] close(14) = -1 EBADF (Bad file descriptor) [pid 5435] close(15) = -1 EBADF (Bad file descriptor) [pid 5435] close(16) = -1 EBADF (Bad file descriptor) [pid 5435] close(17 [pid 5075] <... mkdir resumed>) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5435] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 126.568280][ T5442] CPU: 1 PID: 5442 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 126.578765][ T5442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 126.588873][ T5442] Call Trace: [ 126.592179][ T5442] [ 126.595146][ T5442] dump_stack_lvl+0x1e7/0x2d0 [ 126.599879][ T5442] ? nf_tcp_handle_invalid+0x640/0x640 [ 126.605389][ T5442] ? panic+0x770/0x770 [ 126.609527][ T5442] dump_header+0xdc/0x940 [ 126.613908][ T5442] out_of_memory+0xf21/0x12c0 [ 126.618639][ T5442] ? mutex_lock_io_nested+0x60/0x60 [ 126.623898][ T5442] ? preempt_schedule+0xdd/0xf0 [ 126.628802][ T5442] ? unregister_oom_notifier+0x20/0x20 [ 126.634314][ T5442] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 126.640359][ T5442] mem_cgroup_out_of_memory+0x263/0x3b0 [ 126.645954][ T5442] ? preempt_schedule_thunk+0x1a/0x20 [ 126.651379][ T5442] ? mem_cgroup_oom_trylock+0x210/0x210 [ 126.657001][ T5442] ? cgroup_file_notify+0x127/0x190 [ 126.662259][ T5442] memory_max_write+0x355/0x470 [ 126.667174][ T5442] ? memory_max_show+0xa0/0xa0 [ 126.671981][ T5442] ? read_lock_is_recursive+0x20/0x20 [ 126.677401][ T5442] ? memory_max_show+0xa0/0xa0 [ 126.682209][ T5442] cgroup_file_write+0x2b1/0x780 [ 126.687198][ T5442] ? cgroup_seqfile_stop+0xd0/0xd0 [ 126.692345][ T5442] ? __virt_addr_valid+0x22f/0x2e0 [ 126.697517][ T5442] ? cgroup_seqfile_stop+0xd0/0xd0 [ 126.702664][ T5442] kernfs_fop_write_iter+0x3a6/0x4f0 [ 126.708008][ T5442] vfs_write+0x7b2/0xbb0 [ 126.712304][ T5442] ? file_end_write+0x240/0x240 [ 126.717215][ T5442] ? do_raw_spin_unlock+0x13b/0x8b0 [ 126.722476][ T5442] ? lockdep_hardirqs_on+0x98/0x140 [ 126.727746][ T5442] ? __fdget_pos+0x265/0x2f0 [ 126.732391][ T5442] ksys_write+0x1a0/0x2c0 [ 126.736771][ T5442] ? __ia32_sys_read+0x90/0x90 [ 126.741577][ T5442] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 126.747615][ T5442] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 126.753645][ T5442] do_syscall_64+0x41/0xc0 [ 126.758099][ T5442] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.764016][ T5442] RIP: 0033:0x7fd49ce20129 [ 126.768483][ T5442] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 126.788126][ T5442] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.796564][ T5442] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 126.804555][ T5442] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5435] close(18./strace-static-x86_64: Process 5453 attached ) = -1 EBADF (Bad file descriptor) [pid 5435] close(19) = -1 EBADF (Bad file descriptor) [pid 5435] close(20) = -1 EBADF (Bad file descriptor) [pid 5435] close(21) = -1 EBADF (Bad file descriptor) [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 23 [pid 5453] chdir("./21" [pid 5435] close(22) = -1 EBADF (Bad file descriptor) [pid 5435] close(23) = -1 EBADF (Bad file descriptor) [pid 5435] close(24) = -1 EBADF (Bad file descriptor) [pid 5435] close(25) = -1 EBADF (Bad file descriptor) [pid 5435] close(26) = -1 EBADF (Bad file descriptor) [pid 5435] close(27) = -1 EBADF (Bad file descriptor) [pid 5435] close(28) = -1 EBADF (Bad file descriptor) [pid 5435] close(29 [pid 5453] <... chdir resumed>) = 0 [pid 5435] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5435] exit_group(0) = ? [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5435] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5453] <... prctl resumed>) = 0 [pid 5074] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5453] setpgid(0, 0 [pid 5074] <... openat resumed>) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5453] <... setpgid resumed>) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5453] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./21/binderfs" [pid 5453] <... symlink resumed>) = 0 [pid 5074] <... unlink resumed>) = 0 [pid 5074] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./21/cgroup", [pid 5453] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./21/cgroup" [pid 5453] <... symlink resumed>) = 0 [pid 5074] <... unlink resumed>) = 0 [pid 5453] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5074] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./21/cgroup.net", [pid 5453] <... symlink resumed>) = 0 [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] unlink("./21/cgroup.net" [pid 5453] <... openat resumed>) = 3 [pid 5074] <... unlink resumed>) = 0 [pid 5453] write(3, "1000", 4 [pid 5074] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5453] <... write resumed>) = 4 [pid 5074] <... umount2 resumed>) = 0 [pid 5453] close(3 [pid 5074] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5453] <... close resumed>) = 0 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5453] symlink("/dev/binderfs", "./binderfs" [pid 5074] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5453] <... symlink resumed>) = 0 [pid 5074] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5453] mkdir("./file0", 000 [pid 5074] <... openat resumed>) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./21/file0" [pid 5453] <... mkdir resumed>) = 0 [pid 5074] <... rmdir resumed>) = 0 [pid 5074] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5453] open("./file0", O_RDONLY [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./21/cgroup.cpu", [pid 5453] <... open resumed>) = 3 [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./21/cgroup.cpu" [pid 5453] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5074] <... unlink resumed>) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [pid 5453] <... mount resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5074] rmdir("./21" [pid 5453] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5074] <... rmdir resumed>) = 0 [pid 5074] mkdir("./22", 0777 [pid 5453] <... openat resumed>) = 4 [pid 5074] <... mkdir resumed>) = 0 [pid 5453] openat(4, "syz1", O_RDWR|O_PATH [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5457 attached [ 126.812542][ T5442] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 126.820532][ T5442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 126.828542][ T5442] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000e [ 126.836662][ T5442] [ 126.855360][ T5442] memory: usage 8kB, limit 0kB, failcnt 55 [ 126.861713][ T5442] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5453] <... openat resumed>) = 5 [pid 5457] chdir("./22" [pid 5453] openat(5, "memory.max", O_RDWR [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 24 [pid 5457] <... chdir resumed>) = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5453] <... openat resumed>) = 6 [pid 5457] <... prctl resumed>) = 0 [ 126.903109][ T5442] Memory cgroup stats for /syz1: [ 126.903329][ T5442] anon 0 [ 126.903329][ T5442] file 0 [ 126.903329][ T5442] kernel 8192 [ 126.903329][ T5442] kernel_stack 0 [ 126.903329][ T5442] pagetables 0 [ 126.903329][ T5442] sec_pagetables 0 [ 126.903329][ T5442] percpu 0 [ 126.903329][ T5442] sock 0 [ 126.903329][ T5442] vmalloc 0 [ 126.903329][ T5442] shmem 0 [ 126.903329][ T5442] zswap 0 [ 126.903329][ T5442] zswapped 0 [ 126.903329][ T5442] file_mapped 0 [ 126.903329][ T5442] file_dirty 0 [pid 5453] write(6, "0x000000000000040e", 18 [pid 5457] setpgid(0, 0) = 0 [pid 5457] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5457] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5457] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] mkdir("./file0", 000) = 0 [pid 5457] open("./file0", O_RDONLY) = 3 [pid 5457] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5457] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5457] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5457] openat(5, "memory.max", O_RDWR) = 6 [ 126.903329][ T5442] file_writeback 0 [ 126.903329][ T5442] swapcached 0 [ 126.903329][ T5442] anon_thp 0 [ 126.903329][ T5442] file_thp 0 [ 126.903329][ T5442] shmem_thp 0 [ 126.903329][ T5442] inactive_anon 0 [ 126.903329][ T5442] active_anon 0 [ 126.903329][ T5442] inactive_file 0 [ 126.903329][ T5442] active_file 0 [ 126.903329][ T5442] unevictable 0 [ 126.903329][ T5442] slab_reclaimable 6752 [ 126.903329][ T5442] slab_unreclaimable 0 [ 126.903329][ T5442] slab 6752 [ 126.903329][ T5442] workingset_refault_anon 0 [ 127.003946][ T5442] Tasks state (memory values in pages): [ 127.028268][ T5442] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5457] write(6, "0x000000000000040e", 18 [pid 5442] <... write resumed>) = 18 [pid 5442] close(3) = 0 [pid 5442] close(4) = 0 [pid 5442] close(5) = 0 [pid 5442] close(6) = 0 [pid 5442] close(7) = -1 EBADF (Bad file descriptor) [pid 5442] close(8) = -1 EBADF (Bad file descriptor) [pid 5442] close(9) = -1 EBADF (Bad file descriptor) [ 127.055396][ T5442] Out of memory and no killable processes... [ 127.071428][ T5445] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5442] close(10) = -1 EBADF (Bad file descriptor) [pid 5442] close(11) = -1 EBADF (Bad file descriptor) [pid 5442] close(12) = -1 EBADF (Bad file descriptor) [pid 5442] close(13) = -1 EBADF (Bad file descriptor) [pid 5442] close(14) = -1 EBADF (Bad file descriptor) [pid 5442] close(15) = -1 EBADF (Bad file descriptor) [pid 5442] close(16) = -1 EBADF (Bad file descriptor) [pid 5442] close(17) = -1 EBADF (Bad file descriptor) [pid 5442] close(18) = -1 EBADF (Bad file descriptor) [pid 5442] close(19) = -1 EBADF (Bad file descriptor) [pid 5442] close(20) = -1 EBADF (Bad file descriptor) [pid 5442] close(21) = -1 EBADF (Bad file descriptor) [pid 5442] close(22) = -1 EBADF (Bad file descriptor) [pid 5442] close(23) = -1 EBADF (Bad file descriptor) [pid 5442] close(24) = -1 EBADF (Bad file descriptor) [pid 5442] close(25) = -1 EBADF (Bad file descriptor) [pid 5442] close(26) = -1 EBADF (Bad file descriptor) [pid 5442] close(27) = -1 EBADF (Bad file descriptor) [pid 5442] close(28) = -1 EBADF (Bad file descriptor) [pid 5442] close(29) = -1 EBADF (Bad file descriptor) [pid 5442] exit_group(0) = ? [pid 5442] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./14/binderfs") = 0 [pid 5070] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./14/cgroup") = 0 [pid 5070] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.096125][ T5445] CPU: 0 PID: 5445 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 127.106628][ T5445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 127.116733][ T5445] Call Trace: [ 127.120059][ T5445] [ 127.123035][ T5445] dump_stack_lvl+0x1e7/0x2d0 [ 127.127778][ T5445] ? nf_tcp_handle_invalid+0x640/0x640 [ 127.133316][ T5445] ? panic+0x770/0x770 [ 127.137455][ T5445] dump_header+0xdc/0x940 [ 127.141851][ T5445] out_of_memory+0xf21/0x12c0 [ 127.146591][ T5445] ? mutex_lock_io_nested+0x60/0x60 [ 127.151841][ T5445] ? preempt_schedule+0xdd/0xf0 [ 127.156717][ T5445] ? unregister_oom_notifier+0x20/0x20 [ 127.162212][ T5445] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 127.168225][ T5445] mem_cgroup_out_of_memory+0x263/0x3b0 [ 127.173796][ T5445] ? preempt_schedule_thunk+0x1a/0x20 [ 127.179189][ T5445] ? mem_cgroup_oom_trylock+0x210/0x210 [ 127.184763][ T5445] ? cgroup_file_notify+0x127/0x190 [ 127.189987][ T5445] memory_max_write+0x355/0x470 [ 127.194865][ T5445] ? memory_max_show+0xa0/0xa0 [ 127.199646][ T5445] ? read_lock_is_recursive+0x20/0x20 [ 127.205039][ T5445] ? memory_max_show+0xa0/0xa0 [ 127.209817][ T5445] cgroup_file_write+0x2b1/0x780 [ 127.214773][ T5445] ? cgroup_seqfile_stop+0xd0/0xd0 [ 127.219895][ T5445] ? __virt_addr_valid+0x22f/0x2e0 [ 127.225033][ T5445] ? cgroup_seqfile_stop+0xd0/0xd0 [ 127.230152][ T5445] kernfs_fop_write_iter+0x3a6/0x4f0 [ 127.235459][ T5445] vfs_write+0x7b2/0xbb0 [ 127.239738][ T5445] ? file_end_write+0x240/0x240 [ 127.244611][ T5445] ? do_raw_spin_unlock+0x13b/0x8b0 [ 127.249826][ T5445] ? lockdep_hardirqs_on+0x98/0x140 [ 127.255050][ T5445] ? __fdget_pos+0x265/0x2f0 [ 127.259659][ T5445] ksys_write+0x1a0/0x2c0 [ 127.264007][ T5445] ? __ia32_sys_read+0x90/0x90 [ 127.268785][ T5445] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 127.274819][ T5445] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 127.280830][ T5445] do_syscall_64+0x41/0xc0 [ 127.285270][ T5445] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.291182][ T5445] RIP: 0033:0x7fd49ce20129 [ 127.295613][ T5445] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.315228][ T5445] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.323664][ T5445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 127.331643][ T5445] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 127.339633][ T5445] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 127.347629][ T5445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./14/cgroup.net") = 0 [pid 5070] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./14/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./14/file0") = 0 [pid 5070] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./14/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./14") = 0 [pid 5070] mkdir("./15", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5459 attached , child_tidptr=0x5555574ac5d0) = 17 [pid 5459] chdir("./15") = 0 [ 127.355611][ T5445] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000f [ 127.363971][ T5445] [pid 5459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5459] setpgid(0, 0) = 0 [pid 5459] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5459] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 127.412712][ T5445] memory: usage 8kB, limit 0kB, failcnt 55 [ 127.421314][ T5445] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 127.432532][ T5445] Memory cgroup stats for /syz1: [ 127.434609][ T5445] anon 0 [ 127.434609][ T5445] file 0 [ 127.434609][ T5445] kernel 8192 [ 127.434609][ T5445] kernel_stack 0 [ 127.434609][ T5445] pagetables 0 [ 127.434609][ T5445] sec_pagetables 0 [ 127.434609][ T5445] percpu 0 [ 127.434609][ T5445] sock 0 [ 127.434609][ T5445] vmalloc 0 [ 127.434609][ T5445] shmem 0 [ 127.434609][ T5445] zswap 0 [ 127.434609][ T5445] zswapped 0 [ 127.434609][ T5445] file_mapped 0 [ 127.434609][ T5445] file_dirty 0 [ 127.434609][ T5445] file_writeback 0 [ 127.434609][ T5445] swapcached 0 [ 127.434609][ T5445] anon_thp 0 [ 127.434609][ T5445] file_thp 0 [ 127.434609][ T5445] shmem_thp 0 [ 127.434609][ T5445] inactive_anon 0 [ 127.434609][ T5445] active_anon 0 [ 127.434609][ T5445] inactive_file 0 [ 127.434609][ T5445] active_file 0 [pid 5459] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5459] write(3, "1000", 4) = 4 [ 127.434609][ T5445] unevictable 0 [ 127.434609][ T5445] slab_reclaimable 6752 [ 127.434609][ T5445] slab_unreclaimable 0 [ 127.434609][ T5445] slab 6752 [ 127.434609][ T5445] workingset_refault_anon 0 [ 127.536977][ T5445] Tasks state (memory values in pages): [ 127.543086][ T5445] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 127.554603][ T5445] Out of memory and no killable processes... [ 127.562443][ T5447] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 127.573877][ T5447] CPU: 1 PID: 5447 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 127.584358][ T5447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 127.594468][ T5447] Call Trace: [ 127.597796][ T5447] [ 127.600768][ T5447] dump_stack_lvl+0x1e7/0x2d0 [ 127.605545][ T5447] ? nf_tcp_handle_invalid+0x640/0x640 [ 127.611074][ T5447] ? panic+0x770/0x770 [ 127.615210][ T5447] dump_header+0xdc/0x940 [ 127.619613][ T5447] out_of_memory+0xf21/0x12c0 [ 127.624350][ T5447] ? mutex_lock_io_nested+0x60/0x60 [ 127.629620][ T5447] ? preempt_schedule+0xdd/0xf0 [ 127.634534][ T5447] ? unregister_oom_notifier+0x20/0x20 [ 127.640045][ T5447] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 127.646073][ T5447] mem_cgroup_out_of_memory+0x263/0x3b0 [ 127.651858][ T5447] ? preempt_schedule_thunk+0x1a/0x20 [ 127.657296][ T5447] ? mem_cgroup_oom_trylock+0x210/0x210 [ 127.662944][ T5447] ? cgroup_file_notify+0x127/0x190 [ 127.668169][ T5447] memory_max_write+0x355/0x470 [ 127.673050][ T5447] ? memory_max_show+0xa0/0xa0 [ 127.677856][ T5447] ? read_lock_is_recursive+0x20/0x20 [ 127.683353][ T5447] ? memory_max_show+0xa0/0xa0 [ 127.688137][ T5447] cgroup_file_write+0x2b1/0x780 [ 127.693094][ T5447] ? cgroup_seqfile_stop+0xd0/0xd0 [ 127.698217][ T5447] ? __virt_addr_valid+0x22f/0x2e0 [ 127.703376][ T5447] ? cgroup_seqfile_stop+0xd0/0xd0 [ 127.708499][ T5447] kernfs_fop_write_iter+0x3a6/0x4f0 [ 127.713829][ T5447] vfs_write+0x7b2/0xbb0 [ 127.718097][ T5447] ? file_end_write+0x240/0x240 [ 127.722967][ T5447] ? do_raw_spin_unlock+0x13b/0x8b0 [ 127.728203][ T5447] ? lockdep_hardirqs_on+0x98/0x140 [ 127.733425][ T5447] ? __fdget_pos+0x265/0x2f0 [ 127.738037][ T5447] ksys_write+0x1a0/0x2c0 [ 127.742400][ T5447] ? __ia32_sys_read+0x90/0x90 [ 127.747195][ T5447] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 127.753198][ T5447] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 127.759201][ T5447] do_syscall_64+0x41/0xc0 [ 127.763637][ T5447] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.769559][ T5447] RIP: 0033:0x7fd49ce20129 [ 127.773987][ T5447] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.793622][ T5447] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.802054][ T5447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5459] close(3) = 0 [pid 5445] <... write resumed>) = 18 [pid 5459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5459] mkdir("./file0", 000) = 0 [pid 5459] open("./file0", O_RDONLY) = 3 [pid 5459] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5459] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5459] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5459] openat(5, "memory.max", O_RDWR) = 6 [pid 5459] write(6, "0x000000000000040e", 18 [pid 5445] close(3) = 0 [pid 5445] close(4) = 0 [pid 5445] close(5) = 0 [pid 5445] close(6) = 0 [pid 5445] close(7) = -1 EBADF (Bad file descriptor) [pid 5445] close(8) = -1 EBADF (Bad file descriptor) [pid 5445] close(9) = -1 EBADF (Bad file descriptor) [pid 5445] close(10) = -1 EBADF (Bad file descriptor) [pid 5445] close(11) = -1 EBADF (Bad file descriptor) [pid 5445] close(12) = -1 EBADF (Bad file descriptor) [pid 5445] close(13) = -1 EBADF (Bad file descriptor) [pid 5445] close(14) = -1 EBADF (Bad file descriptor) [pid 5445] close(15) = -1 EBADF (Bad file descriptor) [pid 5445] close(16) = -1 EBADF (Bad file descriptor) [pid 5445] close(17) = -1 EBADF (Bad file descriptor) [pid 5445] close(18) = -1 EBADF (Bad file descriptor) [pid 5445] close(19) = -1 EBADF (Bad file descriptor) [pid 5445] close(20) = -1 EBADF (Bad file descriptor) [pid 5445] close(21) = -1 EBADF (Bad file descriptor) [pid 5445] close(22) = -1 EBADF (Bad file descriptor) [pid 5445] close(23) = -1 EBADF (Bad file descriptor) [pid 5445] close(24) = -1 EBADF (Bad file descriptor) [pid 5445] close(25) = -1 EBADF (Bad file descriptor) [pid 5445] close(26) = -1 EBADF (Bad file descriptor) [pid 5445] close(27) = -1 EBADF (Bad file descriptor) [pid 5445] close(28) = -1 EBADF (Bad file descriptor) [pid 5445] close(29) = -1 EBADF (Bad file descriptor) [pid 5445] exit_group(0) = ? [pid 5445] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 127.810037][ T5447] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 127.818018][ T5447] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 127.825998][ T5447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 127.833978][ T5447] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000012 [ 127.841979][ T5447] [ 127.848851][ T5447] memory: usage 8kB, limit 0kB, failcnt 55 [ 127.854725][ T5447] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./15/binderfs") = 0 [pid 5072] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.899117][ T5447] Memory cgroup stats for /syz1: [ 127.899591][ T5447] anon 0 [ 127.899591][ T5447] file 0 [ 127.899591][ T5447] kernel 8192 [ 127.899591][ T5447] kernel_stack 0 [ 127.899591][ T5447] pagetables 0 [ 127.899591][ T5447] sec_pagetables 0 [ 127.899591][ T5447] percpu 0 [ 127.899591][ T5447] sock 0 [ 127.899591][ T5447] vmalloc 0 [ 127.899591][ T5447] shmem 0 [ 127.899591][ T5447] zswap 0 [ 127.899591][ T5447] zswapped 0 [ 127.899591][ T5447] file_mapped 0 [ 127.899591][ T5447] file_dirty 0 [pid 5072] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 127.899591][ T5447] file_writeback 0 [ 127.899591][ T5447] swapcached 0 [ 127.899591][ T5447] anon_thp 0 [ 127.899591][ T5447] file_thp 0 [ 127.899591][ T5447] shmem_thp 0 [ 127.899591][ T5447] inactive_anon 0 [ 127.899591][ T5447] active_anon 0 [ 127.899591][ T5447] inactive_file 0 [ 127.899591][ T5447] active_file 0 [ 127.899591][ T5447] unevictable 0 [ 127.899591][ T5447] slab_reclaimable 6752 [ 127.899591][ T5447] slab_unreclaimable 0 [ 127.899591][ T5447] slab 6752 [ 127.899591][ T5447] workingset_refault_anon 0 [pid 5072] unlink("./15/cgroup") = 0 [pid 5072] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./15/cgroup.net") = 0 [pid 5447] <... write resumed>) = 18 [pid 5447] close(3) = 0 [pid 5447] close(4) = 0 [pid 5447] close(5) = 0 [pid 5447] close(6) = 0 [pid 5447] close(7) = -1 EBADF (Bad file descriptor) [pid 5447] close(8) = -1 EBADF (Bad file descriptor) [pid 5447] close(9) = -1 EBADF (Bad file descriptor) [pid 5447] close(10 [pid 5072] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5447] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5447] close(11) = -1 EBADF (Bad file descriptor) [pid 5447] close(12) = -1 EBADF (Bad file descriptor) [pid 5447] close(13) = -1 EBADF (Bad file descriptor) [pid 5447] close(14) = -1 EBADF (Bad file descriptor) [pid 5447] close(15) = -1 EBADF (Bad file descriptor) [pid 5447] close(16) = -1 EBADF (Bad file descriptor) [pid 5447] close(17) = -1 EBADF (Bad file descriptor) [pid 5447] close(18) = -1 EBADF (Bad file descriptor) [pid 5447] close(19) = -1 EBADF (Bad file descriptor) [pid 5447] close(20) = -1 EBADF (Bad file descriptor) [pid 5447] close(21) = -1 EBADF (Bad file descriptor) [pid 5447] close(22) = -1 EBADF (Bad file descriptor) [pid 5447] close(23) = -1 EBADF (Bad file descriptor) [pid 5447] close(24) = -1 EBADF (Bad file descriptor) [pid 5447] close(25) = -1 EBADF (Bad file descriptor) [pid 5447] close(26) = -1 EBADF (Bad file descriptor) [pid 5447] close(27) = -1 EBADF (Bad file descriptor) [pid 5447] close(28) = -1 EBADF (Bad file descriptor) [pid 5447] close(29) = -1 EBADF (Bad file descriptor) [pid 5447] exit_group(0) = ? [pid 5072] <... umount2 resumed>) = 0 [ 128.002963][ T5447] Tasks state (memory values in pages): [ 128.010453][ T5447] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 128.021780][ T5447] Out of memory and no killable processes... [ 128.033410][ T5457] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 128.056771][ T5457] CPU: 0 PID: 5457 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 128.067263][ T5457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 128.077432][ T5457] Call Trace: [ 128.080759][ T5457] [ 128.083728][ T5457] dump_stack_lvl+0x1e7/0x2d0 [ 128.088446][ T5457] ? nf_tcp_handle_invalid+0x640/0x640 [ 128.093938][ T5457] ? panic+0x770/0x770 [ 128.098041][ T5457] dump_header+0xdc/0x940 [ 128.102397][ T5457] out_of_memory+0xf21/0x12c0 [ 128.107096][ T5457] ? mutex_lock_io_nested+0x60/0x60 [ 128.112321][ T5457] ? preempt_schedule+0xdd/0xf0 [ 128.117200][ T5457] ? unregister_oom_notifier+0x20/0x20 [ 128.122682][ T5457] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 128.128691][ T5457] mem_cgroup_out_of_memory+0x263/0x3b0 [ 128.134256][ T5457] ? preempt_schedule_thunk+0x1a/0x20 [ 128.139652][ T5457] ? mem_cgroup_oom_trylock+0x210/0x210 [ 128.145234][ T5457] ? cgroup_file_notify+0x127/0x190 [ 128.150460][ T5457] memory_max_write+0x355/0x470 [ 128.155336][ T5457] ? memory_max_show+0xa0/0xa0 [ 128.160119][ T5457] ? read_lock_is_recursive+0x20/0x20 [ 128.165512][ T5457] ? memory_max_show+0xa0/0xa0 [ 128.170291][ T5457] cgroup_file_write+0x2b1/0x780 [ 128.175251][ T5457] ? cgroup_seqfile_stop+0xd0/0xd0 [ 128.180375][ T5457] ? __virt_addr_valid+0x22f/0x2e0 [ 128.185518][ T5457] ? cgroup_seqfile_stop+0xd0/0xd0 [ 128.190639][ T5457] kernfs_fop_write_iter+0x3a6/0x4f0 [ 128.195967][ T5457] vfs_write+0x7b2/0xbb0 [ 128.200238][ T5457] ? file_end_write+0x240/0x240 [ 128.205108][ T5457] ? do_raw_spin_unlock+0x13b/0x8b0 [ 128.210327][ T5457] ? lockdep_hardirqs_on+0x98/0x140 [ 128.215547][ T5457] ? __fdget_pos+0x265/0x2f0 [ 128.220158][ T5457] ksys_write+0x1a0/0x2c0 [ 128.224510][ T5457] ? __ia32_sys_read+0x90/0x90 [ 128.229288][ T5457] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 128.235295][ T5457] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 128.241304][ T5457] do_syscall_64+0x41/0xc0 [ 128.245742][ T5457] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.251661][ T5457] RIP: 0033:0x7fd49ce20129 [ 128.256087][ T5457] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.275723][ T5457] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.284162][ T5457] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 128.292153][ T5457] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 128.300136][ T5457] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5447] +++ exited with 0 +++ [pid 5072] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./15/file0" [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5073] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] <... rmdir resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./18/binderfs") = 0 [pid 5073] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 128.308115][ T5457] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 128.316097][ T5457] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000016 [ 128.324104][ T5457] [ 128.340282][ T5457] memory: usage 8kB, limit 0kB, failcnt 55 [ 128.348055][ T5457] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5073] unlink("./18/cgroup") = 0 [pid 5072] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./18/cgroup.net") = 0 [ 128.356367][ T5457] Memory cgroup stats for /syz1: [ 128.368964][ T5457] anon 0 [ 128.368964][ T5457] file 0 [ 128.368964][ T5457] kernel 8192 [ 128.368964][ T5457] kernel_stack 0 [ 128.368964][ T5457] pagetables 0 [ 128.368964][ T5457] sec_pagetables 0 [ 128.368964][ T5457] percpu 0 [ 128.368964][ T5457] sock 0 [ 128.368964][ T5457] vmalloc 0 [ 128.368964][ T5457] shmem 0 [ 128.368964][ T5457] zswap 0 [ 128.368964][ T5457] zswapped 0 [ 128.368964][ T5457] file_mapped 0 [ 128.368964][ T5457] file_dirty 0 [pid 5073] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] lstat("./15/cgroup.cpu", [pid 5073] <... umount2 resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] unlink("./15/cgroup.cpu" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... unlink resumed>) = 0 [pid 5073] lstat("./18/file0", [pid 5072] getdents64(3, [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] close(3 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... close resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] rmdir("./15" [pid 5073] <... openat resumed>) = 4 [pid 5072] <... rmdir resumed>) = 0 [pid 5073] fstat(4, [pid 5072] mkdir("./16", 0777 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5073] getdents64(4, [ 128.368964][ T5457] file_writeback 0 [ 128.368964][ T5457] swapcached 0 [ 128.368964][ T5457] anon_thp 0 [ 128.368964][ T5457] file_thp 0 [ 128.368964][ T5457] shmem_thp 0 [ 128.368964][ T5457] inactive_anon 0 [ 128.368964][ T5457] active_anon 0 [ 128.368964][ T5457] inactive_file 0 [ 128.368964][ T5457] active_file 0 [ 128.368964][ T5457] unevictable 0 [ 128.368964][ T5457] slab_reclaimable 6752 [ 128.368964][ T5457] slab_unreclaimable 0 [ 128.368964][ T5457] slab 6752 [ 128.368964][ T5457] workingset_refault_anon 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5466] chdir("./16" [pid 5073] getdents64(4, [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 18 [pid 5466] <... chdir resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] close(4 [pid 5466] <... prctl resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5466] setpgid(0, 0 [pid 5073] rmdir("./18/file0" [pid 5466] <... setpgid resumed>) = 0 [pid 5466] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5073] <... rmdir resumed>) = 0 [pid 5466] <... symlink resumed>) = 0 [pid 5073] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5466] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5466] <... symlink resumed>) = 0 [pid 5073] lstat("./18/cgroup.cpu", [pid 5466] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5466] <... symlink resumed>) = 0 [pid 5073] unlink("./18/cgroup.cpu" [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] <... unlink resumed>) = 0 [pid 5466] write(3, "1000", 4 [pid 5073] getdents64(3, [pid 5466] <... write resumed>) = 4 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5466] close(3 [pid 5073] close(3 [pid 5466] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs" [pid 5073] rmdir("./18" [pid 5466] <... symlink resumed>) = 0 [pid 5466] mkdir("./file0", 000) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5466] open("./file0", O_RDONLY) = 3 [pid 5466] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5466] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5466] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5073] mkdir("./19", 0777 [pid 5466] openat(5, "memory.max", O_RDWR) = 6 [pid 5073] <... mkdir resumed>) = 0 [pid 5466] write(6, "0x000000000000040e", 18 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5469 attached [pid 5469] chdir("./19" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 21 [pid 5469] <... chdir resumed>) = 0 [pid 5469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5469] setpgid(0, 0) = 0 [ 128.530025][ T5457] Tasks state (memory values in pages): [ 128.542765][ T5457] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 128.563483][ T5457] Out of memory and no killable processes... [pid 5469] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5469] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5457] <... write resumed>) = 18 [pid 5469] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5457] close(3 [pid 5469] <... symlink resumed>) = 0 [pid 5469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5469] write(3, "1000", 4) = 4 [pid 5469] close(3) = 0 [pid 5469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5469] mkdir("./file0", 000) = 0 [pid 5469] open("./file0", O_RDONLY) = 3 [pid 5469] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5469] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5469] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5469] openat(5, "memory.max", O_RDWR) = 6 [ 128.581122][ T5453] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 128.593974][ T5453] CPU: 0 PID: 5453 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 128.604454][ T5453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 128.614559][ T5453] Call Trace: [ 128.617884][ T5453] [ 128.620846][ T5453] dump_stack_lvl+0x1e7/0x2d0 [ 128.625579][ T5453] ? nf_tcp_handle_invalid+0x640/0x640 [ 128.631089][ T5453] ? panic+0x770/0x770 [ 128.635220][ T5453] dump_header+0xdc/0x940 [ 128.639607][ T5453] out_of_memory+0xf21/0x12c0 [ 128.644340][ T5453] ? mutex_lock_io_nested+0x60/0x60 [ 128.649616][ T5453] ? mark_lock+0x9a/0x340 [ 128.653986][ T5453] ? unregister_oom_notifier+0x20/0x20 [ 128.659496][ T5453] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 128.665546][ T5453] mem_cgroup_out_of_memory+0x263/0x3b0 [ 128.671159][ T5453] ? mem_cgroup_oom_trylock+0x210/0x210 [ 128.676785][ T5453] ? cgroup_file_notify+0x127/0x190 [ 128.682046][ T5453] memory_max_write+0x355/0x470 [ 128.686962][ T5453] ? memory_max_show+0xa0/0xa0 [ 128.691782][ T5453] ? read_lock_is_recursive+0x20/0x20 [ 128.697219][ T5453] ? memory_max_show+0xa0/0xa0 [ 128.702030][ T5453] cgroup_file_write+0x2b1/0x780 [ 128.707022][ T5453] ? cgroup_seqfile_stop+0xd0/0xd0 [ 128.712181][ T5453] ? __virt_addr_valid+0x22f/0x2e0 [ 128.717365][ T5453] ? cgroup_seqfile_stop+0xd0/0xd0 [ 128.722522][ T5453] kernfs_fop_write_iter+0x3a6/0x4f0 [ 128.727873][ T5453] vfs_write+0x7b2/0xbb0 [ 128.732180][ T5453] ? file_end_write+0x240/0x240 [ 128.737094][ T5453] ? do_raw_spin_unlock+0x13b/0x8b0 [ 128.742349][ T5453] ? lockdep_hardirqs_on+0x98/0x140 [ 128.747609][ T5453] ? __fdget_pos+0x265/0x2f0 [ 128.752249][ T5453] ksys_write+0x1a0/0x2c0 [ 128.756631][ T5453] ? __ia32_sys_read+0x90/0x90 [ 128.761445][ T5453] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 128.767494][ T5453] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 128.773533][ T5453] do_syscall_64+0x41/0xc0 [ 128.778001][ T5453] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.783947][ T5453] RIP: 0033:0x7fd49ce20129 [ 128.788402][ T5453] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.808054][ T5453] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.816529][ T5453] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 128.824552][ T5453] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5469] write(6, "0x000000000000040e", 18 [pid 5457] <... close resumed>) = 0 [pid 5457] close(4) = 0 [pid 5457] close(5) = 0 [pid 5457] close(6) = 0 [pid 5457] close(7) = -1 EBADF (Bad file descriptor) [pid 5457] close(8) = -1 EBADF (Bad file descriptor) [pid 5457] close(9) = -1 EBADF (Bad file descriptor) [pid 5457] close(10) = -1 EBADF (Bad file descriptor) [pid 5457] close(11) = -1 EBADF (Bad file descriptor) [pid 5457] close(12) = -1 EBADF (Bad file descriptor) [pid 5457] close(13) = -1 EBADF (Bad file descriptor) [pid 5457] close(14) = -1 EBADF (Bad file descriptor) [pid 5457] close(15) = -1 EBADF (Bad file descriptor) [pid 5457] close(16) = -1 EBADF (Bad file descriptor) [pid 5457] close(17) = -1 EBADF (Bad file descriptor) [pid 5457] close(18) = -1 EBADF (Bad file descriptor) [pid 5457] close(19) = -1 EBADF (Bad file descriptor) [pid 5457] close(20) = -1 EBADF (Bad file descriptor) [ 128.832571][ T5453] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 128.840608][ T5453] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 128.848622][ T5453] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000015 [ 128.856664][ T5453] [pid 5457] close(21) = -1 EBADF (Bad file descriptor) [pid 5457] close(22) = -1 EBADF (Bad file descriptor) [pid 5457] close(23) = -1 EBADF (Bad file descriptor) [pid 5457] close(24) = -1 EBADF (Bad file descriptor) [pid 5457] close(25) = -1 EBADF (Bad file descriptor) [pid 5457] close(26) = -1 EBADF (Bad file descriptor) [pid 5457] close(27) = -1 EBADF (Bad file descriptor) [pid 5457] close(28) = -1 EBADF (Bad file descriptor) [pid 5457] close(29) = -1 EBADF (Bad file descriptor) [pid 5457] exit_group(0) = ? [pid 5457] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 128.884975][ T5453] memory: usage 8kB, limit 0kB, failcnt 55 [ 128.891010][ T5453] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 128.912473][ T5453] Memory cgroup stats for /syz1: [ 128.912682][ T5453] anon 0 [ 128.912682][ T5453] file 0 [ 128.912682][ T5453] kernel 8192 [ 128.912682][ T5453] kernel_stack 0 [ 128.912682][ T5453] pagetables 0 [pid 5074] unlink("./22/binderfs") = 0 [pid 5074] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./22/cgroup") = 0 [pid 5074] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./22/cgroup.net") = 0 [ 128.912682][ T5453] sec_pagetables 0 [ 128.912682][ T5453] percpu 0 [ 128.912682][ T5453] sock 0 [ 128.912682][ T5453] vmalloc 0 [ 128.912682][ T5453] shmem 0 [ 128.912682][ T5453] zswap 0 [ 128.912682][ T5453] zswapped 0 [ 128.912682][ T5453] file_mapped 0 [ 128.912682][ T5453] file_dirty 0 [ 128.912682][ T5453] file_writeback 0 [ 128.912682][ T5453] swapcached 0 [ 128.912682][ T5453] anon_thp 0 [ 128.912682][ T5453] file_thp 0 [ 128.912682][ T5453] shmem_thp 0 [ 128.912682][ T5453] inactive_anon 0 [ 128.912682][ T5453] active_anon 0 [pid 5074] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./22/file0") = 0 [pid 5074] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 128.912682][ T5453] inactive_file 0 [ 128.912682][ T5453] active_file 0 [ 128.912682][ T5453] unevictable 0 [ 128.912682][ T5453] slab_reclaimable 6752 [ 128.912682][ T5453] slab_unreclaimable 0 [ 128.912682][ T5453] slab 6752 [ 128.912682][ T5453] workingset_refault_anon 0 [pid 5074] unlink("./22/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./22") = 0 [pid 5074] mkdir("./23", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5473 attached [pid 5473] chdir("./23" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 25 [pid 5473] <... chdir resumed>) = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5473] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5473] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3 [pid 5453] <... write resumed>) = 18 [pid 5473] <... close resumed>) = 0 [ 129.030733][ T5453] Tasks state (memory values in pages): [ 129.036423][ T5453] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 129.054041][ T5453] Out of memory and no killable processes... [ 129.060534][ T5459] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] mkdir("./file0", 000) = 0 [pid 5473] open("./file0", O_RDONLY) = 3 [pid 5473] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5473] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5473] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5473] openat(5, "memory.max", O_RDWR) = 6 [ 129.078674][ T5459] CPU: 0 PID: 5459 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 129.089147][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 129.099251][ T5459] Call Trace: [ 129.102565][ T5459] [ 129.105542][ T5459] dump_stack_lvl+0x1e7/0x2d0 [ 129.110276][ T5459] ? nf_tcp_handle_invalid+0x640/0x640 [ 129.115791][ T5459] ? panic+0x770/0x770 [ 129.119932][ T5459] dump_header+0xdc/0x940 [ 129.124334][ T5459] out_of_memory+0xf21/0x12c0 [pid 5473] write(6, "0x000000000000040e", 18 [pid 5453] close(3) = 0 [pid 5453] close(4) = 0 [pid 5453] close(5) = 0 [pid 5453] close(6) = 0 [pid 5453] close(7) = -1 EBADF (Bad file descriptor) [pid 5453] close(8) = -1 EBADF (Bad file descriptor) [pid 5453] close(9) = -1 EBADF (Bad file descriptor) [pid 5453] close(10) = -1 EBADF (Bad file descriptor) [pid 5453] close(11) = -1 EBADF (Bad file descriptor) [pid 5453] close(12) = -1 EBADF (Bad file descriptor) [pid 5453] close(13) = -1 EBADF (Bad file descriptor) [pid 5453] close(14) = -1 EBADF (Bad file descriptor) [pid 5453] close(15) = -1 EBADF (Bad file descriptor) [pid 5453] close(16) = -1 EBADF (Bad file descriptor) [pid 5453] close(17) = -1 EBADF (Bad file descriptor) [pid 5453] close(18) = -1 EBADF (Bad file descriptor) [pid 5453] close(19) = -1 EBADF (Bad file descriptor) [ 129.129066][ T5459] ? mutex_lock_io_nested+0x60/0x60 [ 129.134333][ T5459] ? preempt_schedule+0xdd/0xf0 [ 129.139235][ T5459] ? unregister_oom_notifier+0x20/0x20 [ 129.144744][ T5459] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 129.150792][ T5459] mem_cgroup_out_of_memory+0x263/0x3b0 [ 129.156390][ T5459] ? preempt_schedule_thunk+0x1a/0x20 [ 129.161822][ T5459] ? mem_cgroup_oom_trylock+0x210/0x210 [ 129.167490][ T5459] ? cgroup_file_notify+0x127/0x190 [ 129.172748][ T5459] memory_max_write+0x355/0x470 [pid 5453] close(20) = -1 EBADF (Bad file descriptor) [pid 5453] close(21) = -1 EBADF (Bad file descriptor) [pid 5453] close(22) = -1 EBADF (Bad file descriptor) [pid 5453] close(23) = -1 EBADF (Bad file descriptor) [pid 5453] close(24) = -1 EBADF (Bad file descriptor) [pid 5453] close(25) = -1 EBADF (Bad file descriptor) [pid 5453] close(26) = -1 EBADF (Bad file descriptor) [pid 5453] close(27) = -1 EBADF (Bad file descriptor) [pid 5453] close(28) = -1 EBADF (Bad file descriptor) [pid 5453] close(29) = -1 EBADF (Bad file descriptor) [pid 5453] exit_group(0) = ? [pid 5453] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./21/binderfs") = 0 [ 129.177660][ T5459] ? memory_max_show+0xa0/0xa0 [ 129.182478][ T5459] ? read_lock_is_recursive+0x20/0x20 [ 129.187919][ T5459] ? memory_max_show+0xa0/0xa0 [ 129.192730][ T5459] cgroup_file_write+0x2b1/0x780 [ 129.197725][ T5459] ? cgroup_seqfile_stop+0xd0/0xd0 [ 129.202884][ T5459] ? __virt_addr_valid+0x22f/0x2e0 [ 129.208067][ T5459] ? cgroup_seqfile_stop+0xd0/0xd0 [ 129.213220][ T5459] kernfs_fop_write_iter+0x3a6/0x4f0 [ 129.218554][ T5459] vfs_write+0x7b2/0xbb0 [ 129.222858][ T5459] ? file_end_write+0x240/0x240 [pid 5075] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./21/cgroup") = 0 [pid 5075] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./21/cgroup.net") = 0 [ 129.227775][ T5459] ? do_raw_spin_unlock+0x13b/0x8b0 [ 129.233035][ T5459] ? lockdep_hardirqs_on+0x98/0x140 [ 129.238314][ T5459] ? __fdget_pos+0x265/0x2f0 [ 129.242973][ T5459] ksys_write+0x1a0/0x2c0 [ 129.247379][ T5459] ? __ia32_sys_read+0x90/0x90 [ 129.252200][ T5459] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 129.258245][ T5459] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 129.264288][ T5459] do_syscall_64+0x41/0xc0 [ 129.268753][ T5459] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.274696][ T5459] RIP: 0033:0x7fd49ce20129 [ 129.279150][ T5459] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 129.298806][ T5459] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.307279][ T5459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 129.315298][ T5459] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 129.323321][ T5459] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 129.331341][ T5459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 129.339367][ T5459] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000000f [ 129.347417][ T5459] [ 129.359627][ T5459] memory: usage 8kB, limit 0kB, failcnt 55 [ 129.365889][ T5459] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 129.373654][ T5459] Memory cgroup stats for /syz1: [ 129.374121][ T5459] anon 0 [ 129.374121][ T5459] file 0 [ 129.374121][ T5459] kernel 8192 [ 129.374121][ T5459] kernel_stack 0 [ 129.374121][ T5459] pagetables 0 [ 129.374121][ T5459] sec_pagetables 0 [ 129.374121][ T5459] percpu 0 [ 129.374121][ T5459] sock 0 [ 129.374121][ T5459] vmalloc 0 [ 129.374121][ T5459] shmem 0 [ 129.374121][ T5459] zswap 0 [ 129.374121][ T5459] zswapped 0 [ 129.374121][ T5459] file_mapped 0 [ 129.374121][ T5459] file_dirty 0 [ 129.374121][ T5459] file_writeback 0 [ 129.374121][ T5459] swapcached 0 [ 129.374121][ T5459] anon_thp 0 [pid 5075] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./21/file0") = 0 [pid 5075] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./21/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [ 129.374121][ T5459] file_thp 0 [ 129.374121][ T5459] shmem_thp 0 [ 129.374121][ T5459] inactive_anon 0 [ 129.374121][ T5459] active_anon 0 [ 129.374121][ T5459] inactive_file 0 [ 129.374121][ T5459] active_file 0 [ 129.374121][ T5459] unevictable 0 [ 129.374121][ T5459] slab_reclaimable 6752 [ 129.374121][ T5459] slab_unreclaimable 0 [ 129.374121][ T5459] slab 6752 [ 129.374121][ T5459] workingset_refault_anon 0 [pid 5075] rmdir("./21") = 0 [pid 5075] mkdir("./22", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5459] <... write resumed>) = 18 [pid 5459] close(3) = 0 [pid 5459] close(4) = 0 [pid 5459] close(5) = 0 [pid 5459] close(6) = 0 [pid 5459] close(7) = -1 EBADF (Bad file descriptor) [pid 5459] close(8) = -1 EBADF (Bad file descriptor) [pid 5459] close(9) = -1 EBADF (Bad file descriptor) [pid 5459] close(10) = -1 EBADF (Bad file descriptor) [pid 5459] close(11) = -1 EBADF (Bad file descriptor) [pid 5459] close(12) = -1 EBADF (Bad file descriptor) [pid 5459] close(13) = -1 EBADF (Bad file descriptor) [pid 5459] close(14) = -1 EBADF (Bad file descriptor) [pid 5459] close(15) = -1 EBADF (Bad file descriptor) [pid 5459] close(16) = -1 EBADF (Bad file descriptor) [pid 5459] close(17) = -1 EBADF (Bad file descriptor) [pid 5459] close(18) = -1 EBADF (Bad file descriptor) [pid 5459] close(19) = -1 EBADF (Bad file descriptor) [pid 5459] close(20) = -1 EBADF (Bad file descriptor) [pid 5459] close(21) = -1 EBADF (Bad file descriptor) [pid 5459] close(22) = -1 EBADF (Bad file descriptor) [pid 5459] close(23) = -1 EBADF (Bad file descriptor) [pid 5459] close(24) = -1 EBADF (Bad file descriptor) [pid 5459] close(25) = -1 EBADF (Bad file descriptor) [pid 5459] close(26) = -1 EBADF (Bad file descriptor) [pid 5459] close(27) = -1 EBADF (Bad file descriptor) [pid 5459] close(28) = -1 EBADF (Bad file descriptor) [pid 5459] close(29) = -1 EBADF (Bad file descriptor) [pid 5459] exit_group(0) = ? [pid 5459] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- ./strace-static-x86_64: Process 5478 attached [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 24 [pid 5478] chdir("./22" [pid 5070] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5478] <... chdir resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] <... openat resumed>) = 3 [pid 5070] fstat(3, [pid 5478] <... prctl resumed>) = 0 [ 129.508516][ T5459] Tasks state (memory values in pages): [ 129.514454][ T5459] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 129.524950][ T5459] Out of memory and no killable processes... [ 129.531908][ T5466] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 129.556790][ T5466] CPU: 0 PID: 5466 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 129.567279][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 129.577380][ T5466] Call Trace: [ 129.580695][ T5466] [ 129.583664][ T5466] dump_stack_lvl+0x1e7/0x2d0 [ 129.588409][ T5466] ? nf_tcp_handle_invalid+0x640/0x640 [ 129.593923][ T5466] ? panic+0x770/0x770 [ 129.598057][ T5466] dump_header+0xdc/0x940 [ 129.602450][ T5466] out_of_memory+0xf21/0x12c0 [ 129.607196][ T5466] ? mutex_lock_io_nested+0x60/0x60 [ 129.612457][ T5466] ? mark_lock+0x9a/0x340 [ 129.616839][ T5466] ? unregister_oom_notifier+0x20/0x20 [ 129.622345][ T5466] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 129.628366][ T5466] mem_cgroup_out_of_memory+0x263/0x3b0 [ 129.633944][ T5466] ? mem_cgroup_oom_trylock+0x210/0x210 [ 129.639526][ T5466] ? cgroup_file_notify+0x127/0x190 [ 129.644767][ T5466] memory_max_write+0x355/0x470 [ 129.649648][ T5466] ? memory_max_show+0xa0/0xa0 [ 129.654432][ T5466] ? read_lock_is_recursive+0x20/0x20 [ 129.659829][ T5466] ? memory_max_show+0xa0/0xa0 [ 129.664661][ T5466] cgroup_file_write+0x2b1/0x780 [ 129.669668][ T5466] ? cgroup_seqfile_stop+0xd0/0xd0 [ 129.674802][ T5466] ? __virt_addr_valid+0x22f/0x2e0 [ 129.679965][ T5466] ? cgroup_seqfile_stop+0xd0/0xd0 [ 129.685091][ T5466] kernfs_fop_write_iter+0x3a6/0x4f0 [ 129.690399][ T5466] vfs_write+0x7b2/0xbb0 [ 129.694666][ T5466] ? file_end_write+0x240/0x240 [ 129.699625][ T5466] ? do_raw_spin_unlock+0x13b/0x8b0 [ 129.704840][ T5466] ? lockdep_hardirqs_on+0x98/0x140 [ 129.710062][ T5466] ? __fdget_pos+0x265/0x2f0 [ 129.714700][ T5466] ksys_write+0x1a0/0x2c0 [ 129.719070][ T5466] ? __ia32_sys_read+0x90/0x90 [ 129.723866][ T5466] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 129.729886][ T5466] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 129.735899][ T5466] do_syscall_64+0x41/0xc0 [ 129.740335][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.746256][ T5466] RIP: 0033:0x7fd49ce20129 [ 129.750687][ T5466] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 129.770656][ T5466] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.779085][ T5466] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 129.787082][ T5466] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 129.795060][ T5466] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5478] setpgid(0, 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5478] <... setpgid resumed>) = 0 [pid 5070] getdents64(3, [pid 5478] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5478] <... symlink resumed>) = 0 [pid 5070] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5478] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5070] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./15/binderfs" [pid 5478] <... symlink resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5070] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5478] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5070] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./15/cgroup") = 0 [pid 5070] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./15/cgroup.net" [pid 5478] <... symlink resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5070] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5478] <... openat resumed>) = 3 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./15/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5478] write(3, "1000", 4 [ 129.803041][ T5466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 129.811025][ T5466] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000010 [ 129.819033][ T5466] [ 129.847340][ T5466] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5478] <... write resumed>) = 4 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5478] close(3 [pid 5070] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5478] <... close resumed>) = 0 [pid 5070] <... openat resumed>) = 4 [pid 5478] symlink("/dev/binderfs", "./binderfs" [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5478] <... symlink resumed>) = 0 [pid 5070] getdents64(4, [pid 5478] mkdir("./file0", 000 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, [pid 5478] <... mkdir resumed>) = 0 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5478] open("./file0", O_RDONLY [pid 5070] close(4 [pid 5478] <... open resumed>) = 3 [pid 5070] <... close resumed>) = 0 [pid 5478] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5070] rmdir("./15/file0" [pid 5478] <... mount resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5478] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5070] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5478] openat(4, "syz1", O_RDWR|O_PATH [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5478] <... openat resumed>) = 5 [pid 5070] lstat("./15/cgroup.cpu", [pid 5478] openat(5, "memory.max", O_RDWR [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5478] <... openat resumed>) = 6 [pid 5070] unlink("./15/cgroup.cpu" [pid 5478] write(6, "0x000000000000040e", 18 [pid 5070] <... unlink resumed>) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./15") = 0 [ 129.858173][ T5466] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 129.872634][ T5466] Memory cgroup stats for /syz1: [ 129.872846][ T5466] anon 0 [ 129.872846][ T5466] file 0 [ 129.872846][ T5466] kernel 8192 [ 129.872846][ T5466] kernel_stack 0 [ 129.872846][ T5466] pagetables 0 [ 129.872846][ T5466] sec_pagetables 0 [ 129.872846][ T5466] percpu 0 [ 129.872846][ T5466] sock 0 [ 129.872846][ T5466] vmalloc 0 [ 129.872846][ T5466] shmem 0 [pid 5070] mkdir("./16", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 18 [ 129.872846][ T5466] zswap 0 [ 129.872846][ T5466] zswapped 0 [ 129.872846][ T5466] file_mapped 0 [ 129.872846][ T5466] file_dirty 0 [ 129.872846][ T5466] file_writeback 0 [ 129.872846][ T5466] swapcached 0 [ 129.872846][ T5466] anon_thp 0 [ 129.872846][ T5466] file_thp 0 [ 129.872846][ T5466] shmem_thp 0 [ 129.872846][ T5466] inactive_anon 0 [ 129.872846][ T5466] active_anon 0 [ 129.872846][ T5466] inactive_file 0 [ 129.872846][ T5466] active_file 0 [ 129.872846][ T5466] unevictable 0 [ 129.872846][ T5466] slab_reclaimable 6752 ./strace-static-x86_64: Process 5482 attached [pid 5482] chdir("./16") = 0 [pid 5482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5482] setpgid(0, 0) = 0 [pid 5482] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5482] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5482] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5482] write(3, "1000", 4) = 4 [pid 5482] close(3) = 0 [pid 5482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5482] mkdir("./file0", 000) = 0 [pid 5482] open("./file0", O_RDONLY) = 3 [pid 5482] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5482] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5482] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5482] openat(5, "memory.max", O_RDWR) = 6 [ 129.872846][ T5466] slab_unreclaimable 0 [ 129.872846][ T5466] slab 6752 [ 129.872846][ T5466] workingset_refault_anon 0 [ 129.972901][ T5466] Tasks state (memory values in pages): [ 129.980892][ T5466] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5482] write(6, "0x000000000000040e", 18 [pid 5466] <... write resumed>) = 18 [pid 5466] close(3) = 0 [pid 5466] close(4) = 0 [pid 5466] close(5) = 0 [pid 5466] close(6) = 0 [pid 5466] close(7) = -1 EBADF (Bad file descriptor) [pid 5466] close(8) = -1 EBADF (Bad file descriptor) [ 130.012958][ T5466] Out of memory and no killable processes... [ 130.021433][ T5469] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5466] close(9) = -1 EBADF (Bad file descriptor) [pid 5466] close(10) = -1 EBADF (Bad file descriptor) [pid 5466] close(11) = -1 EBADF (Bad file descriptor) [pid 5466] close(12) = -1 EBADF (Bad file descriptor) [ 130.058728][ T5469] CPU: 1 PID: 5469 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 130.069230][ T5469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 130.079329][ T5469] Call Trace: [ 130.082641][ T5469] [ 130.085621][ T5469] dump_stack_lvl+0x1e7/0x2d0 [ 130.090372][ T5469] ? nf_tcp_handle_invalid+0x640/0x640 [ 130.095885][ T5469] ? panic+0x770/0x770 [ 130.100021][ T5469] dump_header+0xdc/0x940 [ 130.104420][ T5469] out_of_memory+0xf21/0x12c0 [ 130.109158][ T5469] ? mutex_lock_io_nested+0x60/0x60 [ 130.114417][ T5469] ? preempt_schedule+0xdd/0xf0 [ 130.119331][ T5469] ? unregister_oom_notifier+0x20/0x20 [ 130.124850][ T5469] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 130.130909][ T5469] mem_cgroup_out_of_memory+0x263/0x3b0 [ 130.136515][ T5469] ? preempt_schedule_thunk+0x1a/0x20 [ 130.141943][ T5469] ? mem_cgroup_oom_trylock+0x210/0x210 [ 130.147570][ T5469] ? cgroup_file_notify+0x127/0x190 [ 130.152825][ T5469] memory_max_write+0x355/0x470 [ 130.157732][ T5469] ? memory_max_show+0xa0/0xa0 [ 130.162567][ T5469] ? read_lock_is_recursive+0x20/0x20 [ 130.168021][ T5469] ? memory_max_show+0xa0/0xa0 [ 130.172830][ T5469] cgroup_file_write+0x2b1/0x780 [ 130.177826][ T5469] ? cgroup_seqfile_stop+0xd0/0xd0 [ 130.182987][ T5469] ? __virt_addr_valid+0x22f/0x2e0 [ 130.188169][ T5469] ? cgroup_seqfile_stop+0xd0/0xd0 [ 130.193326][ T5469] kernfs_fop_write_iter+0x3a6/0x4f0 [ 130.198676][ T5469] vfs_write+0x7b2/0xbb0 [ 130.202986][ T5469] ? file_end_write+0x240/0x240 [ 130.207898][ T5469] ? do_raw_spin_unlock+0x13b/0x8b0 [ 130.213143][ T5469] ? lockdep_hardirqs_on+0x98/0x140 [ 130.218404][ T5469] ? __fdget_pos+0x265/0x2f0 [ 130.223052][ T5469] ksys_write+0x1a0/0x2c0 [ 130.227442][ T5469] ? __ia32_sys_read+0x90/0x90 [ 130.232253][ T5469] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 130.238300][ T5469] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 130.244353][ T5469] do_syscall_64+0x41/0xc0 [ 130.248826][ T5469] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.254781][ T5469] RIP: 0033:0x7fd49ce20129 [ 130.259237][ T5469] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 130.278894][ T5469] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.287372][ T5469] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 130.295394][ T5469] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5466] close(13) = -1 EBADF (Bad file descriptor) [pid 5466] close(14) = -1 EBADF (Bad file descriptor) [pid 5466] close(15) = -1 EBADF (Bad file descriptor) [pid 5466] close(16) = -1 EBADF (Bad file descriptor) [pid 5466] close(17) = -1 EBADF (Bad file descriptor) [pid 5466] close(18) = -1 EBADF (Bad file descriptor) [pid 5466] close(19) = -1 EBADF (Bad file descriptor) [pid 5466] close(20) = -1 EBADF (Bad file descriptor) [pid 5466] close(21) = -1 EBADF (Bad file descriptor) [pid 5466] close(22) = -1 EBADF (Bad file descriptor) [pid 5466] close(23) = -1 EBADF (Bad file descriptor) [pid 5466] close(24) = -1 EBADF (Bad file descriptor) [pid 5466] close(25) = -1 EBADF (Bad file descriptor) [pid 5466] close(26) = -1 EBADF (Bad file descriptor) [pid 5466] close(27) = -1 EBADF (Bad file descriptor) [pid 5466] close(28) = -1 EBADF (Bad file descriptor) [pid 5466] close(29) = -1 EBADF (Bad file descriptor) [pid 5466] exit_group(0) = ? [pid 5466] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 130.303421][ T5469] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 130.311447][ T5469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 130.319470][ T5469] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000013 [ 130.327519][ T5469] [pid 5072] unlink("./16/binderfs") = 0 [pid 5072] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./16/cgroup") = 0 [pid 5072] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./16/cgroup.net") = 0 [pid 5072] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 130.376278][ T5469] memory: usage 8kB, limit 0kB, failcnt 55 [ 130.388088][ T5469] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 130.396347][ T5469] Memory cgroup stats for /syz1: [ 130.403208][ T5469] anon 0 [ 130.403208][ T5469] file 0 [ 130.403208][ T5469] kernel 8192 [ 130.403208][ T5469] kernel_stack 0 [ 130.403208][ T5469] pagetables 0 [ 130.403208][ T5469] sec_pagetables 0 [ 130.403208][ T5469] percpu 0 [ 130.403208][ T5469] sock 0 [ 130.403208][ T5469] vmalloc 0 [ 130.403208][ T5469] shmem 0 [ 130.403208][ T5469] zswap 0 [ 130.403208][ T5469] zswapped 0 [ 130.403208][ T5469] file_mapped 0 [ 130.403208][ T5469] file_dirty 0 [ 130.403208][ T5469] file_writeback 0 [ 130.403208][ T5469] swapcached 0 [ 130.403208][ T5469] anon_thp 0 [ 130.403208][ T5469] file_thp 0 [ 130.403208][ T5469] shmem_thp 0 [ 130.403208][ T5469] inactive_anon 0 [ 130.403208][ T5469] active_anon 0 [pid 5072] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./16/file0") = 0 [pid 5072] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./16/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./16") = 0 [pid 5072] mkdir("./17", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5488 attached [pid 5488] chdir("./17") = 0 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 19 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [ 130.403208][ T5469] inactive_file 0 [ 130.403208][ T5469] active_file 0 [ 130.403208][ T5469] unevictable 0 [ 130.403208][ T5469] slab_reclaimable 6752 [ 130.403208][ T5469] slab_unreclaimable 0 [ 130.403208][ T5469] slab 6752 [ 130.403208][ T5469] workingset_refault_anon 0 [ 130.513345][ T5469] Tasks state (memory values in pages): [pid 5488] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5488] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5488] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5488] mkdir("./file0", 000) = 0 [pid 5488] open("./file0", O_RDONLY) = 3 [pid 5488] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5488] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5488] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5488] openat(5, "memory.max", O_RDWR) = 6 [ 130.522961][ T5469] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 130.543226][ T5469] Out of memory and no killable processes... [ 130.553665][ T5473] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 130.566693][ T5473] CPU: 0 PID: 5473 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5488] write(6, "0x000000000000040e", 18 [pid 5469] <... write resumed>) = 18 [pid 5469] close(3) = 0 [pid 5469] close(4) = 0 [pid 5469] close(5) = 0 [pid 5469] close(6) = 0 [pid 5469] close(7) = -1 EBADF (Bad file descriptor) [pid 5469] close(8) = -1 EBADF (Bad file descriptor) [pid 5469] close(9) = -1 EBADF (Bad file descriptor) [pid 5469] close(10) = -1 EBADF (Bad file descriptor) [pid 5469] close(11) = -1 EBADF (Bad file descriptor) [pid 5469] close(12) = -1 EBADF (Bad file descriptor) [pid 5469] close(13) = -1 EBADF (Bad file descriptor) [pid 5469] close(14) = -1 EBADF (Bad file descriptor) [pid 5469] close(15) = -1 EBADF (Bad file descriptor) [pid 5469] close(16) = -1 EBADF (Bad file descriptor) [pid 5469] close(17) = -1 EBADF (Bad file descriptor) [pid 5469] close(18) = -1 EBADF (Bad file descriptor) [pid 5469] close(19) = -1 EBADF (Bad file descriptor) [pid 5469] close(20) = -1 EBADF (Bad file descriptor) [pid 5469] close(21) = -1 EBADF (Bad file descriptor) [pid 5469] close(22) = -1 EBADF (Bad file descriptor) [pid 5469] close(23) = -1 EBADF (Bad file descriptor) [pid 5469] close(24) = -1 EBADF (Bad file descriptor) [pid 5469] close(25) = -1 EBADF (Bad file descriptor) [pid 5469] close(26) = -1 EBADF (Bad file descriptor) [pid 5469] close(27) = -1 EBADF (Bad file descriptor) [pid 5469] close(28) = -1 EBADF (Bad file descriptor) [pid 5469] close(29) = -1 EBADF (Bad file descriptor) [pid 5469] exit_group(0) = ? [pid 5469] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 130.577172][ T5473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 130.587271][ T5473] Call Trace: [ 130.590589][ T5473] [ 130.593563][ T5473] dump_stack_lvl+0x1e7/0x2d0 [ 130.598303][ T5473] ? nf_tcp_handle_invalid+0x640/0x640 [ 130.603825][ T5473] ? panic+0x770/0x770 [ 130.607967][ T5473] dump_header+0xdc/0x940 [ 130.612358][ T5473] out_of_memory+0xf21/0x12c0 [ 130.617106][ T5473] ? mutex_lock_io_nested+0x60/0x60 [ 130.622384][ T5473] ? preempt_schedule+0xdd/0xf0 [ 130.627299][ T5473] ? unregister_oom_notifier+0x20/0x20 [ 130.632797][ T5473] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 130.638811][ T5473] mem_cgroup_out_of_memory+0x263/0x3b0 [ 130.644379][ T5473] ? preempt_schedule_thunk+0x1a/0x20 [ 130.649776][ T5473] ? mem_cgroup_oom_trylock+0x210/0x210 [ 130.655360][ T5473] ? cgroup_file_notify+0x127/0x190 [ 130.660592][ T5473] memory_max_write+0x355/0x470 [ 130.665469][ T5473] ? memory_max_show+0xa0/0xa0 [ 130.670250][ T5473] ? read_lock_is_recursive+0x20/0x20 [ 130.675668][ T5473] ? memory_max_show+0xa0/0xa0 [ 130.680470][ T5473] cgroup_file_write+0x2b1/0x780 [ 130.685444][ T5473] ? cgroup_seqfile_stop+0xd0/0xd0 [ 130.690583][ T5473] ? __virt_addr_valid+0x22f/0x2e0 [ 130.695745][ T5473] ? cgroup_seqfile_stop+0xd0/0xd0 [ 130.700873][ T5473] kernfs_fop_write_iter+0x3a6/0x4f0 [ 130.706183][ T5473] vfs_write+0x7b2/0xbb0 [ 130.710448][ T5473] ? file_end_write+0x240/0x240 [ 130.715321][ T5473] ? do_raw_spin_unlock+0x13b/0x8b0 [ 130.720541][ T5473] ? lockdep_hardirqs_on+0x98/0x140 [ 130.725762][ T5473] ? __fdget_pos+0x265/0x2f0 [ 130.730371][ T5473] ksys_write+0x1a0/0x2c0 [ 130.734720][ T5473] ? __ia32_sys_read+0x90/0x90 [ 130.739515][ T5473] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 130.745544][ T5473] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 130.751562][ T5473] do_syscall_64+0x41/0xc0 [ 130.756010][ T5473] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.761934][ T5473] RIP: 0033:0x7fd49ce20129 [ 130.766383][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 130.786002][ T5473] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.794456][ T5473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 130.802444][ T5473] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 130.810445][ T5473] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 130.818426][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./19/binderfs") = 0 [pid 5073] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./19/cgroup") = 0 [pid 5073] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.826409][ T5473] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000017 [ 130.834412][ T5473] [ 130.840371][ T5473] memory: usage 8kB, limit 0kB, failcnt 55 [ 130.846261][ T5473] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 130.855319][ T5473] Memory cgroup stats for /syz1: [ 130.855541][ T5473] anon 0 [ 130.855541][ T5473] file 0 [ 130.855541][ T5473] kernel 8192 [ 130.855541][ T5473] kernel_stack 0 [ 130.855541][ T5473] pagetables 0 [pid 5073] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./19/cgroup.net") = 0 [ 130.855541][ T5473] sec_pagetables 0 [ 130.855541][ T5473] percpu 0 [ 130.855541][ T5473] sock 0 [ 130.855541][ T5473] vmalloc 0 [ 130.855541][ T5473] shmem 0 [ 130.855541][ T5473] zswap 0 [ 130.855541][ T5473] zswapped 0 [ 130.855541][ T5473] file_mapped 0 [ 130.855541][ T5473] file_dirty 0 [ 130.855541][ T5473] file_writeback 0 [ 130.855541][ T5473] swapcached 0 [ 130.855541][ T5473] anon_thp 0 [ 130.855541][ T5473] file_thp 0 [ 130.855541][ T5473] shmem_thp 0 [ 130.855541][ T5473] inactive_anon 0 [ 130.855541][ T5473] active_anon 0 [pid 5073] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./19/file0") = 0 [ 130.855541][ T5473] inactive_file 0 [ 130.855541][ T5473] active_file 0 [ 130.855541][ T5473] unevictable 0 [ 130.855541][ T5473] slab_reclaimable 6752 [ 130.855541][ T5473] slab_unreclaimable 0 [ 130.855541][ T5473] slab 6752 [ 130.855541][ T5473] workingset_refault_anon 0 [ 130.955270][ T5473] Tasks state (memory values in pages): [ 130.961857][ T5473] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5073] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./19/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./19") = 0 [pid 5073] mkdir("./20", 0777 [pid 5473] <... write resumed>) = 18 [pid 5073] <... mkdir resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 22 [ 130.978924][ T5473] Out of memory and no killable processes... [ 130.985318][ T5478] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 130.996716][ T5478] CPU: 1 PID: 5478 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 131.007194][ T5478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 131.017294][ T5478] Call Trace: [ 131.020610][ T5478] [ 131.023577][ T5478] dump_stack_lvl+0x1e7/0x2d0 [ 131.028329][ T5478] ? nf_tcp_handle_invalid+0x640/0x640 [ 131.033853][ T5478] ? panic+0x770/0x770 [ 131.037996][ T5478] dump_header+0xdc/0x940 [ 131.042383][ T5478] out_of_memory+0xf21/0x12c0 [ 131.047118][ T5478] ? mutex_lock_io_nested+0x60/0x60 [ 131.052378][ T5478] ? preempt_schedule+0xdd/0xf0 [ 131.057284][ T5478] ? unregister_oom_notifier+0x20/0x20 [ 131.062788][ T5478] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 131.068840][ T5478] mem_cgroup_out_of_memory+0x263/0x3b0 [ 131.074448][ T5478] ? preempt_schedule_thunk+0x1a/0x20 [ 131.079882][ T5478] ? mem_cgroup_oom_trylock+0x210/0x210 [ 131.085497][ T5478] ? cgroup_file_notify+0x127/0x190 [ 131.090757][ T5478] memory_max_write+0x355/0x470 [ 131.095666][ T5478] ? memory_max_show+0xa0/0xa0 [ 131.100479][ T5478] ? read_lock_is_recursive+0x20/0x20 [ 131.105908][ T5478] ? memory_max_show+0xa0/0xa0 [ 131.110720][ T5478] cgroup_file_write+0x2b1/0x780 [ 131.115711][ T5478] ? cgroup_seqfile_stop+0xd0/0xd0 [ 131.120864][ T5478] ? __virt_addr_valid+0x22f/0x2e0 [ 131.126043][ T5478] ? cgroup_seqfile_stop+0xd0/0xd0 [ 131.131200][ T5478] kernfs_fop_write_iter+0x3a6/0x4f0 [ 131.136538][ T5478] vfs_write+0x7b2/0xbb0 [ 131.140841][ T5478] ? file_end_write+0x240/0x240 [ 131.145764][ T5478] ? do_raw_spin_unlock+0x13b/0x8b0 [ 131.151013][ T5478] ? lockdep_hardirqs_on+0x98/0x140 [ 131.156288][ T5478] ? __fdget_pos+0x265/0x2f0 [ 131.160937][ T5478] ksys_write+0x1a0/0x2c0 [ 131.165323][ T5478] ? __ia32_sys_read+0x90/0x90 [ 131.170144][ T5478] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 131.176192][ T5478] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 131.182240][ T5478] do_syscall_64+0x41/0xc0 [ 131.186715][ T5478] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.192670][ T5478] RIP: 0033:0x7fd49ce20129 [ 131.197128][ T5478] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 131.216781][ T5478] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 ./strace-static-x86_64: Process 5492 attached [pid 5473] close(3 [pid 5492] chdir("./20" [pid 5473] <... close resumed>) = 0 [ 131.225250][ T5478] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 131.233270][ T5478] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 131.241286][ T5478] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 131.249296][ T5478] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 131.257309][ T5478] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000016 [ 131.265352][ T5478] [pid 5492] <... chdir resumed>) = 0 [pid 5473] close(4 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5473] <... close resumed>) = 0 [pid 5492] <... prctl resumed>) = 0 [pid 5492] setpgid(0, 0 [pid 5473] close(5 [pid 5492] <... setpgid resumed>) = 0 [pid 5492] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5473] <... close resumed>) = 0 [pid 5492] <... symlink resumed>) = 0 [pid 5473] close(6 [pid 5492] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5473] <... close resumed>) = 0 [pid 5492] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5473] close(7 [pid 5492] <... symlink resumed>) = 0 [pid 5473] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] mkdir("./file0", 000) = 0 [ 131.278766][ T5478] memory: usage 8kB, limit 0kB, failcnt 55 [ 131.291415][ T5478] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 131.304814][ T5478] Memory cgroup stats for /syz1: [ 131.305863][ T5478] anon 0 [ 131.305863][ T5478] file 0 [ 131.305863][ T5478] kernel 8192 [ 131.305863][ T5478] kernel_stack 0 [ 131.305863][ T5478] pagetables 0 [ 131.305863][ T5478] sec_pagetables 0 [pid 5492] open("./file0", O_RDONLY) = 3 [pid 5492] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5492] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5492] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5492] openat(5, "memory.max", O_RDWR) = 6 [ 131.305863][ T5478] percpu 0 [ 131.305863][ T5478] sock 0 [ 131.305863][ T5478] vmalloc 0 [ 131.305863][ T5478] shmem 0 [ 131.305863][ T5478] zswap 0 [ 131.305863][ T5478] zswapped 0 [ 131.305863][ T5478] file_mapped 0 [ 131.305863][ T5478] file_dirty 0 [ 131.305863][ T5478] file_writeback 0 [ 131.305863][ T5478] swapcached 0 [ 131.305863][ T5478] anon_thp 0 [ 131.305863][ T5478] file_thp 0 [ 131.305863][ T5478] shmem_thp 0 [ 131.305863][ T5478] inactive_anon 0 [ 131.305863][ T5478] active_anon 0 [ 131.305863][ T5478] inactive_file 0 [pid 5492] write(6, "0x000000000000040e", 18 [pid 5473] close(8) = -1 EBADF (Bad file descriptor) [pid 5473] close(9) = -1 EBADF (Bad file descriptor) [pid 5473] close(10) = -1 EBADF (Bad file descriptor) [pid 5473] close(11) = -1 EBADF (Bad file descriptor) [pid 5473] close(12) = -1 EBADF (Bad file descriptor) [pid 5473] close(13) = -1 EBADF (Bad file descriptor) [pid 5473] close(14) = -1 EBADF (Bad file descriptor) [pid 5473] close(15) = -1 EBADF (Bad file descriptor) [pid 5473] close(16) = -1 EBADF (Bad file descriptor) [pid 5473] close(17) = -1 EBADF (Bad file descriptor) [pid 5473] close(18) = -1 EBADF (Bad file descriptor) [pid 5473] close(19) = -1 EBADF (Bad file descriptor) [pid 5473] close(20) = -1 EBADF (Bad file descriptor) [pid 5473] close(21) = -1 EBADF (Bad file descriptor) [pid 5473] close(22) = -1 EBADF (Bad file descriptor) [pid 5473] close(23) = -1 EBADF (Bad file descriptor) [pid 5473] close(24) = -1 EBADF (Bad file descriptor) [pid 5473] close(25) = -1 EBADF (Bad file descriptor) [pid 5473] close(26) = -1 EBADF (Bad file descriptor) [pid 5473] close(27) = -1 EBADF (Bad file descriptor) [pid 5473] close(28) = -1 EBADF (Bad file descriptor) [ 131.305863][ T5478] active_file 0 [ 131.305863][ T5478] unevictable 0 [ 131.305863][ T5478] slab_reclaimable 6752 [ 131.305863][ T5478] slab_unreclaimable 0 [ 131.305863][ T5478] slab 6752 [ 131.305863][ T5478] workingset_refault_anon 0 [ 131.406492][ T5478] Tasks state (memory values in pages): [ 131.412362][ T5478] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5473] close(29 [pid 5478] <... write resumed>) = 18 [pid 5478] close(3) = 0 [pid 5478] close(4) = 0 [pid 5478] close(5) = 0 [pid 5478] close(6 [pid 5473] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5473] exit_group(0) = ? [pid 5473] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 131.447456][ T5478] Out of memory and no killable processes... [ 131.454045][ T5482] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 131.468121][ T5482] CPU: 1 PID: 5482 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 131.478604][ T5482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 131.488701][ T5482] Call Trace: [ 131.492026][ T5482] [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./23/binderfs") = 0 [pid 5074] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./23/cgroup") = 0 [pid 5074] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./23/cgroup.net") = 0 [ 131.494994][ T5482] dump_stack_lvl+0x1e7/0x2d0 [ 131.499744][ T5482] ? nf_tcp_handle_invalid+0x640/0x640 [ 131.505351][ T5482] ? panic+0x770/0x770 [ 131.509482][ T5482] dump_header+0xdc/0x940 [ 131.513866][ T5482] out_of_memory+0xf21/0x12c0 [ 131.518604][ T5482] ? mutex_lock_io_nested+0x60/0x60 [ 131.523872][ T5482] ? mark_lock+0x9a/0x340 [ 131.528256][ T5482] ? unregister_oom_notifier+0x20/0x20 [ 131.533761][ T5482] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 131.539811][ T5482] mem_cgroup_out_of_memory+0x263/0x3b0 [ 131.545432][ T5482] ? mem_cgroup_oom_trylock+0x210/0x210 [ 131.551054][ T5482] ? cgroup_file_notify+0x127/0x190 [ 131.556319][ T5482] memory_max_write+0x355/0x470 [ 131.561229][ T5482] ? memory_max_show+0xa0/0xa0 [ 131.566055][ T5482] ? read_lock_is_recursive+0x20/0x20 [ 131.571484][ T5482] ? memory_max_show+0xa0/0xa0 [ 131.576293][ T5482] cgroup_file_write+0x2b1/0x780 [ 131.581277][ T5482] ? cgroup_seqfile_stop+0xd0/0xd0 [ 131.586514][ T5482] ? __virt_addr_valid+0x22f/0x2e0 [ 131.591696][ T5482] ? cgroup_seqfile_stop+0xd0/0xd0 [ 131.596849][ T5482] kernfs_fop_write_iter+0x3a6/0x4f0 [ 131.602195][ T5482] vfs_write+0x7b2/0xbb0 [ 131.606500][ T5482] ? file_end_write+0x240/0x240 [ 131.611400][ T5482] ? do_raw_spin_unlock+0x13b/0x8b0 [ 131.616644][ T5482] ? lockdep_hardirqs_on+0x98/0x140 [ 131.621905][ T5482] ? __fdget_pos+0x265/0x2f0 [ 131.626546][ T5482] ksys_write+0x1a0/0x2c0 [ 131.630928][ T5482] ? __ia32_sys_read+0x90/0x90 [ 131.635736][ T5482] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 131.641782][ T5482] ? syscall_enter_from_user_mode+0x8c/0x2c0 [pid 5074] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5478] <... close resumed>) = 0 [pid 5478] close(7) = -1 EBADF (Bad file descriptor) [ 131.647831][ T5482] do_syscall_64+0x41/0xc0 [ 131.652292][ T5482] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 131.658244][ T5482] RIP: 0033:0x7fd49ce20129 [ 131.662699][ T5482] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 131.682445][ T5482] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5478] close(8) = -1 EBADF (Bad file descriptor) [pid 5478] close(9) = -1 EBADF (Bad file descriptor) [pid 5478] close(10) = -1 EBADF (Bad file descriptor) [pid 5478] close(11) = -1 EBADF (Bad file descriptor) [pid 5478] close(12) = -1 EBADF (Bad file descriptor) [pid 5478] close(13) = -1 EBADF (Bad file descriptor) [pid 5478] close(14) = -1 EBADF (Bad file descriptor) [pid 5478] close(15) = -1 EBADF (Bad file descriptor) [pid 5478] close(16) = -1 EBADF (Bad file descriptor) [pid 5478] close(17) = -1 EBADF (Bad file descriptor) [pid 5478] close(18) = -1 EBADF (Bad file descriptor) [pid 5478] close(19) = -1 EBADF (Bad file descriptor) [pid 5478] close(20) = -1 EBADF (Bad file descriptor) [pid 5478] close(21) = -1 EBADF (Bad file descriptor) [pid 5478] close(22) = -1 EBADF (Bad file descriptor) [pid 5478] close(23) = -1 EBADF (Bad file descriptor) [pid 5478] close(24) = -1 EBADF (Bad file descriptor) [pid 5478] close(25) = -1 EBADF (Bad file descriptor) [pid 5478] close(26) = -1 EBADF (Bad file descriptor) [pid 5478] close(27) = -1 EBADF (Bad file descriptor) [pid 5478] close(28) = -1 EBADF (Bad file descriptor) [pid 5478] close(29) = -1 EBADF (Bad file descriptor) [pid 5478] exit_group(0) = ? [pid 5478] +++ exited with 0 +++ [pid 5074] <... umount2 resumed>) = 0 [pid 5074] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 131.690917][ T5482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 131.698936][ T5482] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 131.706957][ T5482] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 131.714982][ T5482] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 131.723014][ T5482] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000010 [ 131.731048][ T5482] [pid 5074] rmdir("./23/file0") = 0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./23/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./23") = 0 [pid 5074] mkdir("./24", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 26 [ 131.743752][ T5482] memory: usage 8kB, limit 0kB, failcnt 55 [ 131.750317][ T5482] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 131.758163][ T5482] Memory cgroup stats for /syz1: [ 131.758363][ T5482] anon 0 [ 131.758363][ T5482] file 0 [ 131.758363][ T5482] kernel 8192 [ 131.758363][ T5482] kernel_stack 0 [ 131.758363][ T5482] pagetables 0 [ 131.758363][ T5482] sec_pagetables 0 [ 131.758363][ T5482] percpu 0 [ 131.758363][ T5482] sock 0 [ 131.758363][ T5482] vmalloc 0 [ 131.758363][ T5482] shmem 0 [ 131.758363][ T5482] zswap 0 [ 131.758363][ T5482] zswapped 0 [ 131.758363][ T5482] file_mapped 0 [ 131.758363][ T5482] file_dirty 0 [ 131.758363][ T5482] file_writeback 0 [ 131.758363][ T5482] swapcached 0 [ 131.758363][ T5482] anon_thp 0 [ 131.758363][ T5482] file_thp 0 [ 131.758363][ T5482] shmem_thp 0 [ 131.758363][ T5482] inactive_anon 0 [ 131.758363][ T5482] active_anon 0 [ 131.758363][ T5482] inactive_file 0 [ 131.758363][ T5482] active_file 0 [ 131.758363][ T5482] unevictable 0 [ 131.758363][ T5482] slab_reclaimable 6752 [ 131.758363][ T5482] slab_unreclaimable 0 ./strace-static-x86_64: Process 5500 attached [pid 5075] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] chdir("./24" [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5500] <... chdir resumed>) = 0 [pid 5075] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5500] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] <... openat resumed>) = 3 [pid 5500] <... prctl resumed>) = 0 [pid 5075] fstat(3, [pid 5500] setpgid(0, 0 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5482] <... write resumed>) = 18 [ 131.758363][ T5482] slab 6752 [ 131.758363][ T5482] workingset_refault_anon 0 [ 131.861194][ T5482] Tasks state (memory values in pages): [ 131.867172][ T5482] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 131.878002][ T5482] Out of memory and no killable processes... [ 131.884483][ T5488] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 131.895905][ T5488] CPU: 1 PID: 5488 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 131.906382][ T5488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 131.916482][ T5488] Call Trace: [ 131.919806][ T5488] [ 131.922774][ T5488] dump_stack_lvl+0x1e7/0x2d0 [ 131.927509][ T5488] ? nf_tcp_handle_invalid+0x640/0x640 [ 131.933023][ T5488] ? panic+0x770/0x770 [ 131.937162][ T5488] dump_header+0xdc/0x940 [ 131.941552][ T5488] out_of_memory+0xf21/0x12c0 [ 131.946287][ T5488] ? mutex_lock_io_nested+0x60/0x60 [ 131.951558][ T5488] ? mark_lock+0x9a/0x340 [ 131.955946][ T5488] ? unregister_oom_notifier+0x20/0x20 [ 131.961459][ T5488] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 131.967552][ T5488] mem_cgroup_out_of_memory+0x263/0x3b0 [ 131.973182][ T5488] ? mem_cgroup_oom_trylock+0x210/0x210 [ 131.978812][ T5488] ? cgroup_file_notify+0x127/0x190 [ 131.984078][ T5488] memory_max_write+0x355/0x470 [ 131.988996][ T5488] ? memory_max_show+0xa0/0xa0 [ 131.993816][ T5488] ? read_lock_is_recursive+0x20/0x20 [ 131.999251][ T5488] ? memory_max_show+0xa0/0xa0 [ 132.004074][ T5488] cgroup_file_write+0x2b1/0x780 [ 132.009074][ T5488] ? cgroup_seqfile_stop+0xd0/0xd0 [ 132.014239][ T5488] ? __virt_addr_valid+0x22f/0x2e0 [ 132.019445][ T5488] ? cgroup_seqfile_stop+0xd0/0xd0 [ 132.024601][ T5488] kernfs_fop_write_iter+0x3a6/0x4f0 [ 132.029939][ T5488] vfs_write+0x7b2/0xbb0 [ 132.034214][ T5488] ? file_end_write+0x240/0x240 [ 132.039089][ T5488] ? do_raw_spin_unlock+0x13b/0x8b0 [ 132.044311][ T5488] ? lockdep_hardirqs_on+0x98/0x140 [ 132.049536][ T5488] ? __fdget_pos+0x265/0x2f0 [ 132.054667][ T5488] ksys_write+0x1a0/0x2c0 [ 132.059021][ T5488] ? __ia32_sys_read+0x90/0x90 [ 132.063801][ T5488] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 132.069818][ T5488] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 132.075851][ T5488] do_syscall_64+0x41/0xc0 [ 132.080328][ T5488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.086265][ T5488] RIP: 0033:0x7fd49ce20129 [ 132.090707][ T5488] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 132.110337][ T5488] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 132.118932][ T5488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 132.126931][ T5488] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 132.134929][ T5488] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5500] <... setpgid resumed>) = 0 [pid 5482] close(3 [pid 5075] getdents64(3, [pid 5500] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5482] <... close resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5500] <... symlink resumed>) = 0 [pid 5482] close(4 [pid 5075] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5482] <... close resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5500] <... symlink resumed>) = 0 [pid 5482] close(5 [pid 5075] lstat("./22/binderfs", [pid 5500] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5482] <... close resumed>) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5500] <... symlink resumed>) = 0 [pid 5482] close(6 [pid 5075] unlink("./22/binderfs" [pid 5500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5482] <... close resumed>) = 0 [pid 5075] <... unlink resumed>) = 0 [pid 5500] <... openat resumed>) = 3 [pid 5482] close(7 [pid 5075] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] write(3, "1000", 4 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5500] <... write resumed>) = 4 [pid 5482] close(8 [pid 5075] lstat("./22/cgroup", [pid 5500] close(3 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5500] <... close resumed>) = 0 [pid 5482] close(9 [pid 5075] unlink("./22/cgroup" [pid 5500] symlink("/dev/binderfs", "./binderfs" [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5500] <... symlink resumed>) = 0 [pid 5482] close(10 [pid 5075] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] mkdir("./file0", 000 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5500] <... mkdir resumed>) = 0 [pid 5482] close(11 [pid 5075] lstat("./22/cgroup.net", [pid 5500] open("./file0", O_RDONLY [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5500] <... open resumed>) = 3 [pid 5482] close(12 [pid 5075] unlink("./22/cgroup.net" [pid 5500] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5500] <... mount resumed>) = 0 [pid 5482] close(13 [pid 5075] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = 0 [pid 5500] <... openat resumed>) = 4 [pid 5482] close(14 [pid 5075] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] openat(4, "syz1", O_RDWR|O_PATH [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5500] <... openat resumed>) = 5 [pid 5482] close(15 [pid 5075] lstat("./22/file0", [pid 5500] openat(5, "memory.max", O_RDWR [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5500] <... openat resumed>) = 6 [pid 5482] close(16 [pid 5075] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5500] write(6, "0x000000000000040e", 18 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5482] close(17 [pid 5075] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... openat resumed>) = 4 [pid 5482] close(18 [pid 5075] fstat(4, [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5482] close(19 [pid 5075] getdents64(4, [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5482] close(20 [pid 5075] getdents64(4, [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5482] close(21 [pid 5075] close(4 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... close resumed>) = 0 [pid 5482] close(22 [pid 5075] rmdir("./22/file0" [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [pid 5482] close(23 [pid 5075] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5482] close(24 [ 132.142916][ T5488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 132.150903][ T5488] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000011 [ 132.158923][ T5488] [pid 5075] lstat("./22/cgroup.cpu", [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5482] close(25 [pid 5075] unlink("./22/cgroup.cpu" [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... unlink resumed>) = 0 [pid 5482] close(26 [pid 5075] getdents64(3, [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5482] close(27 [pid 5075] close(3 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... close resumed>) = 0 [pid 5482] close(28 [pid 5075] rmdir("./22" [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... rmdir resumed>) = 0 [pid 5482] close(29 [pid 5075] mkdir("./23", 0777 [pid 5482] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... mkdir resumed>) = 0 [pid 5482] exit_group(0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5502 attached [pid 5482] <... exit_group resumed>) = ? [pid 5502] chdir("./23" [pid 5482] +++ exited with 0 +++ [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 25 [pid 5502] <... chdir resumed>) = 0 [pid 5502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5502] setpgid(0, 0) = 0 [pid 5070] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5502] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5502] <... symlink resumed>) = 0 [pid 5070] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5502] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5070] <... openat resumed>) = 3 [pid 5502] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5070] fstat(3, [pid 5502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5502] write(3, "1000", 4 [pid 5070] getdents64(3, [pid 5502] <... write resumed>) = 4 [pid 5502] close(3) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5502] symlink("/dev/binderfs", "./binderfs" [pid 5070] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5502] <... symlink resumed>) = 0 [pid 5502] mkdir("./file0", 000 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5502] <... mkdir resumed>) = 0 [pid 5070] lstat("./16/binderfs", [pid 5502] open("./file0", O_RDONLY) = 3 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5502] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5070] unlink("./16/binderfs" [pid 5502] <... mount resumed>) = 0 [pid 5502] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5070] <... unlink resumed>) = 0 [pid 5502] <... openat resumed>) = 4 [pid 5070] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5502] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5502] openat(5, "memory.max", O_RDWR [pid 5070] lstat("./16/cgroup", [pid 5502] <... openat resumed>) = 6 [pid 5502] write(6, "0x000000000000040e", 18 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./16/cgroup") = 0 [pid 5070] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./16/cgroup.net") = 0 [pid 5070] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./16/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 132.258569][ T5488] memory: usage 8kB, limit 0kB, failcnt 55 [ 132.270833][ T5488] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 132.280717][ T5488] Memory cgroup stats for /syz1: [ 132.286139][ T5488] anon 0 [ 132.286139][ T5488] file 0 [ 132.286139][ T5488] kernel 8192 [ 132.286139][ T5488] kernel_stack 0 [ 132.286139][ T5488] pagetables 0 [ 132.286139][ T5488] sec_pagetables 0 [ 132.286139][ T5488] percpu 0 [ 132.286139][ T5488] sock 0 [ 132.286139][ T5488] vmalloc 0 [ 132.286139][ T5488] shmem 0 [ 132.286139][ T5488] zswap 0 [ 132.286139][ T5488] zswapped 0 [ 132.286139][ T5488] file_mapped 0 [ 132.286139][ T5488] file_dirty 0 [ 132.286139][ T5488] file_writeback 0 [ 132.286139][ T5488] swapcached 0 [ 132.286139][ T5488] anon_thp 0 [ 132.286139][ T5488] file_thp 0 [ 132.286139][ T5488] shmem_thp 0 [ 132.286139][ T5488] inactive_anon 0 [ 132.286139][ T5488] active_anon 0 [pid 5070] rmdir("./16/file0") = 0 [pid 5070] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./16/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./16") = 0 [pid 5070] mkdir("./17", 0777) = 0 [ 132.286139][ T5488] inactive_file 0 [ 132.286139][ T5488] active_file 0 [ 132.286139][ T5488] unevictable 0 [ 132.286139][ T5488] slab_reclaimable 6752 [ 132.286139][ T5488] slab_unreclaimable 0 [ 132.286139][ T5488] slab 6752 [ 132.286139][ T5488] workingset_refault_anon 0 [ 132.389146][ T5488] Tasks state (memory values in pages): [ 132.397018][ T5488] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5503 attached [pid 5503] chdir("./17" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 19 [pid 5503] <... chdir resumed>) = 0 [pid 5503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5503] setpgid(0, 0) = 0 [pid 5503] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5503] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5503] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5503] write(3, "1000", 4) = 4 [pid 5503] close(3) = 0 [pid 5503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5503] mkdir("./file0", 000) = 0 [pid 5503] open("./file0", O_RDONLY) = 3 [pid 5503] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5503] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5503] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5503] openat(5, "memory.max", O_RDWR) = 6 [pid 5503] write(6, "0x000000000000040e", 18 [pid 5488] <... write resumed>) = 18 [pid 5488] close(3) = 0 [pid 5488] close(4) = 0 [pid 5488] close(5) = 0 [pid 5488] close(6) = 0 [pid 5488] close(7) = -1 EBADF (Bad file descriptor) [pid 5488] close(8) = -1 EBADF (Bad file descriptor) [pid 5488] close(9) = -1 EBADF (Bad file descriptor) [pid 5488] close(10) = -1 EBADF (Bad file descriptor) [pid 5488] close(11) = -1 EBADF (Bad file descriptor) [pid 5488] close(12) = -1 EBADF (Bad file descriptor) [pid 5488] close(13) = -1 EBADF (Bad file descriptor) [ 132.408763][ T5488] Out of memory and no killable processes... [ 132.444813][ T5492] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 132.469916][ T5492] CPU: 1 PID: 5492 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 132.480423][ T5492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 132.490520][ T5492] Call Trace: [ 132.493830][ T5492] [ 132.496790][ T5492] dump_stack_lvl+0x1e7/0x2d0 [ 132.501531][ T5492] ? nf_tcp_handle_invalid+0x640/0x640 [ 132.507041][ T5492] ? panic+0x770/0x770 [ 132.511169][ T5492] dump_header+0xdc/0x940 [ 132.515548][ T5492] out_of_memory+0xf21/0x12c0 [ 132.520296][ T5492] ? mutex_lock_io_nested+0x60/0x60 [ 132.525560][ T5492] ? preempt_schedule+0xdd/0xf0 [ 132.530456][ T5492] ? unregister_oom_notifier+0x20/0x20 [ 132.535959][ T5492] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 132.542002][ T5492] mem_cgroup_out_of_memory+0x263/0x3b0 [ 132.547598][ T5492] ? preempt_schedule_thunk+0x1a/0x20 [ 132.553016][ T5492] ? mem_cgroup_oom_trylock+0x210/0x210 [ 132.558628][ T5492] ? cgroup_file_notify+0x127/0x190 [ 132.563879][ T5492] memory_max_write+0x355/0x470 [ 132.568790][ T5492] ? memory_max_show+0xa0/0xa0 [ 132.573608][ T5492] ? read_lock_is_recursive+0x20/0x20 [ 132.579017][ T5492] ? memory_max_show+0xa0/0xa0 [ 132.583799][ T5492] cgroup_file_write+0x2b1/0x780 [ 132.588760][ T5492] ? cgroup_seqfile_stop+0xd0/0xd0 [ 132.593886][ T5492] ? __virt_addr_valid+0x22f/0x2e0 [ 132.599030][ T5492] ? cgroup_seqfile_stop+0xd0/0xd0 [ 132.604152][ T5492] kernfs_fop_write_iter+0x3a6/0x4f0 [ 132.609461][ T5492] vfs_write+0x7b2/0xbb0 [ 132.613731][ T5492] ? file_end_write+0x240/0x240 [ 132.618600][ T5492] ? do_raw_spin_unlock+0x13b/0x8b0 [ 132.623815][ T5492] ? lockdep_hardirqs_on+0x98/0x140 [ 132.629038][ T5492] ? __fdget_pos+0x265/0x2f0 [ 132.633646][ T5492] ksys_write+0x1a0/0x2c0 [ 132.637996][ T5492] ? __ia32_sys_read+0x90/0x90 [ 132.642774][ T5492] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 132.648778][ T5492] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 132.654783][ T5492] do_syscall_64+0x41/0xc0 [ 132.659220][ T5492] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.665135][ T5492] RIP: 0033:0x7fd49ce20129 [ 132.669566][ T5492] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 132.689182][ T5492] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 132.697613][ T5492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 132.705596][ T5492] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5488] close(14) = -1 EBADF (Bad file descriptor) [pid 5488] close(15) = -1 EBADF (Bad file descriptor) [pid 5488] close(16) = -1 EBADF (Bad file descriptor) [pid 5488] close(17) = -1 EBADF (Bad file descriptor) [pid 5488] close(18) = -1 EBADF (Bad file descriptor) [pid 5488] close(19) = -1 EBADF (Bad file descriptor) [pid 5488] close(20) = -1 EBADF (Bad file descriptor) [pid 5488] close(21) = -1 EBADF (Bad file descriptor) [pid 5488] close(22) = -1 EBADF (Bad file descriptor) [pid 5488] close(23) = -1 EBADF (Bad file descriptor) [pid 5488] close(24) = -1 EBADF (Bad file descriptor) [pid 5488] close(25) = -1 EBADF (Bad file descriptor) [pid 5488] close(26) = -1 EBADF (Bad file descriptor) [pid 5488] close(27) = -1 EBADF (Bad file descriptor) [pid 5488] close(28) = -1 EBADF (Bad file descriptor) [pid 5488] close(29) = -1 EBADF (Bad file descriptor) [pid 5488] exit_group(0) = ? [pid 5488] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 132.713578][ T5492] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 132.721575][ T5492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 132.729570][ T5492] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000014 [ 132.737592][ T5492] [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./17/binderfs") = 0 [pid 5072] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./17/cgroup") = 0 [pid 5072] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./17/cgroup.net") = 0 [pid 5072] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./17/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./17/file0") = 0 [pid 5072] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./17/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 132.774011][ T5492] memory: usage 8kB, limit 0kB, failcnt 55 [ 132.780757][ T5492] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 132.812524][ T5492] Memory cgroup stats for /syz1: [ 132.812734][ T5492] anon 0 [ 132.812734][ T5492] file 0 [ 132.812734][ T5492] kernel 8192 [ 132.812734][ T5492] kernel_stack 0 [ 132.812734][ T5492] pagetables 0 [ 132.812734][ T5492] sec_pagetables 0 [ 132.812734][ T5492] percpu 0 [ 132.812734][ T5492] sock 0 [ 132.812734][ T5492] vmalloc 0 [ 132.812734][ T5492] shmem 0 [ 132.812734][ T5492] zswap 0 [ 132.812734][ T5492] zswapped 0 [ 132.812734][ T5492] file_mapped 0 [ 132.812734][ T5492] file_dirty 0 [ 132.812734][ T5492] file_writeback 0 [ 132.812734][ T5492] swapcached 0 [ 132.812734][ T5492] anon_thp 0 [ 132.812734][ T5492] file_thp 0 [pid 5072] rmdir("./17") = 0 [pid 5072] mkdir("./18", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5509 attached , child_tidptr=0x5555574ac5d0) = 20 [pid 5509] chdir("./18") = 0 [ 132.812734][ T5492] shmem_thp 0 [ 132.812734][ T5492] inactive_anon 0 [ 132.812734][ T5492] active_anon 0 [ 132.812734][ T5492] inactive_file 0 [ 132.812734][ T5492] active_file 0 [ 132.812734][ T5492] unevictable 0 [ 132.812734][ T5492] slab_reclaimable 6752 [ 132.812734][ T5492] slab_unreclaimable 0 [ 132.812734][ T5492] slab 6752 [ 132.812734][ T5492] workingset_refault_anon 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5509] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5509] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5492] <... write resumed>) = 18 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] close(3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs" [pid 5492] <... close resumed>) = 0 [pid 5509] <... symlink resumed>) = 0 [pid 5492] close(4 [pid 5509] mkdir("./file0", 000 [pid 5492] <... close resumed>) = 0 [pid 5492] close(5) = 0 [pid 5492] close(6) = 0 [pid 5509] <... mkdir resumed>) = 0 [pid 5492] close(7 [pid 5509] open("./file0", O_RDONLY [pid 5492] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... open resumed>) = 3 [pid 5492] close(8 [pid 5509] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5492] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5492] close(9) = -1 EBADF (Bad file descriptor) [pid 5509] <... mount resumed>) = 0 [pid 5492] close(10 [pid 5509] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5492] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... openat resumed>) = 4 [pid 5492] close(11) = -1 EBADF (Bad file descriptor) [pid 5509] openat(4, "syz1", O_RDWR|O_PATH [pid 5492] close(12) = -1 EBADF (Bad file descriptor) [pid 5492] close(13) = -1 EBADF (Bad file descriptor) [pid 5509] <... openat resumed>) = 5 [pid 5492] close(14 [pid 5509] openat(5, "memory.max", O_RDWR [pid 5492] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 132.922317][ T5492] Tasks state (memory values in pages): [ 132.929722][ T5492] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 132.942493][ T5492] Out of memory and no killable processes... [ 132.951313][ T5500] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5509] <... openat resumed>) = 6 [pid 5492] close(15 [ 132.981796][ T5500] CPU: 1 PID: 5500 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 132.992290][ T5500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 133.002388][ T5500] Call Trace: [ 133.005699][ T5500] [ 133.008665][ T5500] dump_stack_lvl+0x1e7/0x2d0 [ 133.013400][ T5500] ? nf_tcp_handle_invalid+0x640/0x640 [ 133.018907][ T5500] ? panic+0x770/0x770 [ 133.023041][ T5500] dump_header+0xdc/0x940 [ 133.027421][ T5500] out_of_memory+0xf21/0x12c0 [pid 5509] write(6, "0x000000000000040e", 18 [pid 5492] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5492] close(16) = -1 EBADF (Bad file descriptor) [pid 5492] close(17) = -1 EBADF (Bad file descriptor) [pid 5492] close(18) = -1 EBADF (Bad file descriptor) [pid 5492] close(19) = -1 EBADF (Bad file descriptor) [pid 5492] close(20) = -1 EBADF (Bad file descriptor) [pid 5492] close(21) = -1 EBADF (Bad file descriptor) [pid 5492] close(22) = -1 EBADF (Bad file descriptor) [pid 5492] close(23) = -1 EBADF (Bad file descriptor) [pid 5492] close(24) = -1 EBADF (Bad file descriptor) [pid 5492] close(25) = -1 EBADF (Bad file descriptor) [pid 5492] close(26) = -1 EBADF (Bad file descriptor) [pid 5492] close(27) = -1 EBADF (Bad file descriptor) [ 133.032151][ T5500] ? mutex_lock_io_nested+0x60/0x60 [ 133.037407][ T5500] ? mark_lock+0x9a/0x340 [ 133.041787][ T5500] ? unregister_oom_notifier+0x20/0x20 [ 133.047294][ T5500] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 133.053341][ T5500] mem_cgroup_out_of_memory+0x263/0x3b0 [ 133.058951][ T5500] ? mem_cgroup_oom_trylock+0x210/0x210 [ 133.064575][ T5500] ? cgroup_file_notify+0x127/0x190 [ 133.069837][ T5500] memory_max_write+0x355/0x470 [ 133.074773][ T5500] ? memory_max_show+0xa0/0xa0 [pid 5492] close(28) = -1 EBADF (Bad file descriptor) [pid 5492] close(29) = -1 EBADF (Bad file descriptor) [pid 5492] exit_group(0) = ? [pid 5492] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 133.079588][ T5500] ? read_lock_is_recursive+0x20/0x20 [ 133.085018][ T5500] ? memory_max_show+0xa0/0xa0 [ 133.089821][ T5500] cgroup_file_write+0x2b1/0x780 [ 133.094806][ T5500] ? cgroup_seqfile_stop+0xd0/0xd0 [ 133.099966][ T5500] ? __virt_addr_valid+0x22f/0x2e0 [ 133.105149][ T5500] ? cgroup_seqfile_stop+0xd0/0xd0 [ 133.110313][ T5500] kernfs_fop_write_iter+0x3a6/0x4f0 [ 133.115660][ T5500] vfs_write+0x7b2/0xbb0 [ 133.119969][ T5500] ? file_end_write+0x240/0x240 [ 133.124873][ T5500] ? do_raw_spin_unlock+0x13b/0x8b0 [ 133.130103][ T5500] ? lockdep_hardirqs_on+0x98/0x140 [ 133.135328][ T5500] ? __fdget_pos+0x265/0x2f0 [ 133.139940][ T5500] ksys_write+0x1a0/0x2c0 [ 133.144296][ T5500] ? __ia32_sys_read+0x90/0x90 [ 133.149075][ T5500] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 133.155079][ T5500] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 133.161087][ T5500] do_syscall_64+0x41/0xc0 [ 133.165523][ T5500] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.171459][ T5500] RIP: 0033:0x7fd49ce20129 [ 133.175893][ T5500] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.195531][ T5500] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.203970][ T5500] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 133.211953][ T5500] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 133.219936][ T5500] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./20/binderfs") = 0 [pid 5073] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./20/cgroup") = 0 [pid 5073] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./20/cgroup.net") = 0 [pid 5073] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./20/file0") = 0 [pid 5073] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./20/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./20") = 0 [pid 5073] mkdir("./21", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5512 attached , child_tidptr=0x5555574ac5d0) = 23 [pid 5512] chdir("./21") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [ 133.227943][ T5500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 133.235955][ T5500] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000018 [ 133.243967][ T5500] [pid 5512] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5512] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5512] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] mkdir("./file0", 000) = 0 [pid 5512] open("./file0", O_RDONLY) = 3 [pid 5512] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5512] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5512] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5512] openat(5, "memory.max", O_RDWR) = 6 [ 133.346636][ T5500] memory: usage 8kB, limit 0kB, failcnt 55 [ 133.352543][ T5500] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 133.372043][ T5500] Memory cgroup stats for /syz1: [ 133.372222][ T5500] anon 0 [ 133.372222][ T5500] file 0 [ 133.372222][ T5500] kernel 8192 [ 133.372222][ T5500] kernel_stack 0 [ 133.372222][ T5500] pagetables 0 [ 133.372222][ T5500] sec_pagetables 0 [ 133.372222][ T5500] percpu 0 [ 133.372222][ T5500] sock 0 [ 133.372222][ T5500] vmalloc 0 [ 133.372222][ T5500] shmem 0 [ 133.372222][ T5500] zswap 0 [ 133.372222][ T5500] zswapped 0 [ 133.372222][ T5500] file_mapped 0 [ 133.372222][ T5500] file_dirty 0 [ 133.372222][ T5500] file_writeback 0 [ 133.372222][ T5500] swapcached 0 [ 133.372222][ T5500] anon_thp 0 [ 133.372222][ T5500] file_thp 0 [ 133.372222][ T5500] shmem_thp 0 [ 133.372222][ T5500] inactive_anon 0 [ 133.372222][ T5500] active_anon 0 [ 133.372222][ T5500] inactive_file 0 [ 133.372222][ T5500] active_file 0 [ 133.372222][ T5500] unevictable 0 [ 133.372222][ T5500] slab_reclaimable 6752 [ 133.372222][ T5500] slab_unreclaimable 0 [ 133.372222][ T5500] slab 6752 [ 133.372222][ T5500] workingset_refault_anon 0 [ 133.481779][ T5500] Tasks state (memory values in pages): [pid 5512] write(6, "0x000000000000040e", 18 [pid 5500] <... write resumed>) = 18 [pid 5500] close(3) = 0 [ 133.497110][ T5500] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 133.516439][ T5500] Out of memory and no killable processes... [ 133.522885][ T5502] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 133.537221][ T5502] CPU: 0 PID: 5502 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 133.547714][ T5502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 133.557810][ T5502] Call Trace: [ 133.561123][ T5502] [ 133.564087][ T5502] dump_stack_lvl+0x1e7/0x2d0 [ 133.568817][ T5502] ? nf_tcp_handle_invalid+0x640/0x640 [ 133.574326][ T5502] ? panic+0x770/0x770 [ 133.578467][ T5502] dump_header+0xdc/0x940 [ 133.582851][ T5502] out_of_memory+0xf21/0x12c0 [ 133.587586][ T5502] ? mutex_lock_io_nested+0x60/0x60 [ 133.592942][ T5502] ? mark_lock+0x9a/0x340 [pid 5500] close(4) = 0 [pid 5500] close(5) = 0 [pid 5500] close(6) = 0 [pid 5500] close(7) = -1 EBADF (Bad file descriptor) [pid 5500] close(8) = -1 EBADF (Bad file descriptor) [pid 5500] close(9) = -1 EBADF (Bad file descriptor) [pid 5500] close(10) = -1 EBADF (Bad file descriptor) [pid 5500] close(11) = -1 EBADF (Bad file descriptor) [pid 5500] close(12) = -1 EBADF (Bad file descriptor) [pid 5500] close(13) = -1 EBADF (Bad file descriptor) [pid 5500] close(14) = -1 EBADF (Bad file descriptor) [pid 5500] close(15) = -1 EBADF (Bad file descriptor) [pid 5500] close(16) = -1 EBADF (Bad file descriptor) [pid 5500] close(17) = -1 EBADF (Bad file descriptor) [pid 5500] close(18) = -1 EBADF (Bad file descriptor) [pid 5500] close(19) = -1 EBADF (Bad file descriptor) [pid 5500] close(20) = -1 EBADF (Bad file descriptor) [pid 5500] close(21) = -1 EBADF (Bad file descriptor) [pid 5500] close(22) = -1 EBADF (Bad file descriptor) [pid 5500] close(23) = -1 EBADF (Bad file descriptor) [pid 5500] close(24) = -1 EBADF (Bad file descriptor) [pid 5500] close(25) = -1 EBADF (Bad file descriptor) [pid 5500] close(26) = -1 EBADF (Bad file descriptor) [pid 5500] close(27) = -1 EBADF (Bad file descriptor) [pid 5500] close(28) = -1 EBADF (Bad file descriptor) [pid 5500] close(29) = -1 EBADF (Bad file descriptor) [pid 5500] exit_group(0) = ? [pid 5500] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./24/binderfs") = 0 [pid 5074] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./24/cgroup") = 0 [pid 5074] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./24/cgroup.net") = 0 [ 133.597320][ T5502] ? unregister_oom_notifier+0x20/0x20 [ 133.602835][ T5502] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 133.608895][ T5502] mem_cgroup_out_of_memory+0x263/0x3b0 [ 133.614516][ T5502] ? mem_cgroup_oom_trylock+0x210/0x210 [ 133.620133][ T5502] ? cgroup_file_notify+0x127/0x190 [ 133.625406][ T5502] memory_max_write+0x355/0x470 [ 133.630331][ T5502] ? memory_max_show+0xa0/0xa0 [ 133.635152][ T5502] ? read_lock_is_recursive+0x20/0x20 [ 133.640579][ T5502] ? memory_max_show+0xa0/0xa0 [ 133.645398][ T5502] cgroup_file_write+0x2b1/0x780 [ 133.650398][ T5502] ? cgroup_seqfile_stop+0xd0/0xd0 [ 133.655557][ T5502] ? __virt_addr_valid+0x22f/0x2e0 [ 133.660739][ T5502] ? cgroup_seqfile_stop+0xd0/0xd0 [ 133.665897][ T5502] kernfs_fop_write_iter+0x3a6/0x4f0 [ 133.671270][ T5502] vfs_write+0x7b2/0xbb0 [ 133.675573][ T5502] ? file_end_write+0x240/0x240 [ 133.680693][ T5502] ? do_raw_spin_unlock+0x13b/0x8b0 [ 133.685965][ T5502] ? lockdep_hardirqs_on+0x98/0x140 [ 133.691236][ T5502] ? __fdget_pos+0x265/0x2f0 [ 133.695891][ T5502] ksys_write+0x1a0/0x2c0 [ 133.700289][ T5502] ? __ia32_sys_read+0x90/0x90 [ 133.705104][ T5502] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 133.711145][ T5502] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 133.717186][ T5502] do_syscall_64+0x41/0xc0 [ 133.721662][ T5502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.727616][ T5502] RIP: 0033:0x7fd49ce20129 [ 133.732173][ T5502] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.751831][ T5502] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.760307][ T5502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 133.768330][ T5502] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 133.776339][ T5502] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 133.784334][ T5502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5074] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./24/file0") = 0 [pid 5074] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./24/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./24") = 0 [pid 5074] mkdir("./25", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5518 attached [pid 5518] chdir("./25" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 27 [pid 5518] <... chdir resumed>) = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 133.792321][ T5502] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000017 [ 133.800331][ T5502] [pid 5518] setpgid(0, 0) = 0 [pid 5518] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5518] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5518] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] mkdir("./file0", 000) = 0 [pid 5518] open("./file0", O_RDONLY) = 3 [pid 5518] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5518] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5518] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5518] openat(5, "memory.max", O_RDWR) = 6 [ 133.899684][ T5502] memory: usage 8kB, limit 0kB, failcnt 55 [ 133.906843][ T5502] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 133.915363][ T5502] Memory cgroup stats for /syz1: [ 133.915527][ T5502] anon 0 [ 133.915527][ T5502] file 0 [ 133.915527][ T5502] kernel 8192 [ 133.915527][ T5502] kernel_stack 0 [ 133.915527][ T5502] pagetables 0 [ 133.915527][ T5502] sec_pagetables 0 [ 133.915527][ T5502] percpu 0 [ 133.915527][ T5502] sock 0 [ 133.915527][ T5502] vmalloc 0 [ 133.915527][ T5502] shmem 0 [ 133.915527][ T5502] zswap 0 [ 133.915527][ T5502] zswapped 0 [ 133.915527][ T5502] file_mapped 0 [ 133.915527][ T5502] file_dirty 0 [ 133.915527][ T5502] file_writeback 0 [ 133.915527][ T5502] swapcached 0 [ 133.915527][ T5502] anon_thp 0 [ 133.915527][ T5502] file_thp 0 [ 133.915527][ T5502] shmem_thp 0 [ 133.915527][ T5502] inactive_anon 0 [ 133.915527][ T5502] active_anon 0 [ 133.915527][ T5502] inactive_file 0 [ 133.915527][ T5502] active_file 0 [ 133.915527][ T5502] unevictable 0 [ 133.915527][ T5502] slab_reclaimable 6752 [ 133.915527][ T5502] slab_unreclaimable 0 [ 133.915527][ T5502] slab 6752 [ 133.915527][ T5502] workingset_refault_anon 0 [ 134.021766][ T5502] Tasks state (memory values in pages): [ 134.030565][ T5502] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5518] write(6, "0x000000000000040e", 18 [pid 5502] <... write resumed>) = 18 [pid 5502] close(3) = 0 [pid 5502] close(4) = 0 [pid 5502] close(5) = 0 [pid 5502] close(6) = 0 [pid 5502] close(7) = -1 EBADF (Bad file descriptor) [pid 5502] close(8) = -1 EBADF (Bad file descriptor) [pid 5502] close(9) = -1 EBADF (Bad file descriptor) [pid 5502] close(10) = -1 EBADF (Bad file descriptor) [pid 5502] close(11) = -1 EBADF (Bad file descriptor) [pid 5502] close(12) = -1 EBADF (Bad file descriptor) [pid 5502] close(13) = -1 EBADF (Bad file descriptor) [pid 5502] close(14) = -1 EBADF (Bad file descriptor) [pid 5502] close(15) = -1 EBADF (Bad file descriptor) [pid 5502] close(16) = -1 EBADF (Bad file descriptor) [pid 5502] close(17) = -1 EBADF (Bad file descriptor) [pid 5502] close(18) = -1 EBADF (Bad file descriptor) [pid 5502] close(19) = -1 EBADF (Bad file descriptor) [pid 5502] close(20) = -1 EBADF (Bad file descriptor) [pid 5502] close(21) = -1 EBADF (Bad file descriptor) [pid 5502] close(22) = -1 EBADF (Bad file descriptor) [pid 5502] close(23) = -1 EBADF (Bad file descriptor) [pid 5502] close(24) = -1 EBADF (Bad file descriptor) [pid 5502] close(25) = -1 EBADF (Bad file descriptor) [pid 5502] close(26) = -1 EBADF (Bad file descriptor) [pid 5502] close(27) = -1 EBADF (Bad file descriptor) [pid 5502] close(28) = -1 EBADF (Bad file descriptor) [pid 5502] close(29) = -1 EBADF (Bad file descriptor) [ 134.044795][ T5502] Out of memory and no killable processes... [ 134.054162][ T5503] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5502] exit_group(0) = ? [pid 5502] +++ exited with 0 +++ [ 134.090989][ T5503] CPU: 0 PID: 5503 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 134.101490][ T5503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 134.111592][ T5503] Call Trace: [ 134.114911][ T5503] [ 134.117882][ T5503] dump_stack_lvl+0x1e7/0x2d0 [ 134.122613][ T5503] ? nf_tcp_handle_invalid+0x640/0x640 [ 134.128120][ T5503] ? panic+0x770/0x770 [ 134.132258][ T5503] dump_header+0xdc/0x940 [ 134.136648][ T5503] out_of_memory+0xf21/0x12c0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 134.141388][ T5503] ? mutex_lock_io_nested+0x60/0x60 [ 134.146643][ T5503] ? preempt_schedule+0xdd/0xf0 [ 134.151543][ T5503] ? unregister_oom_notifier+0x20/0x20 [ 134.157022][ T5503] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 134.163034][ T5503] mem_cgroup_out_of_memory+0x263/0x3b0 [ 134.168600][ T5503] ? preempt_schedule_thunk+0x1a/0x20 [ 134.173994][ T5503] ? mem_cgroup_oom_trylock+0x210/0x210 [ 134.179571][ T5503] ? cgroup_file_notify+0x127/0x190 [ 134.184797][ T5503] memory_max_write+0x355/0x470 [ 134.189671][ T5503] ? memory_max_show+0xa0/0xa0 [ 134.194455][ T5503] ? read_lock_is_recursive+0x20/0x20 [ 134.199849][ T5503] ? memory_max_show+0xa0/0xa0 [ 134.204629][ T5503] cgroup_file_write+0x2b1/0x780 [ 134.209584][ T5503] ? cgroup_seqfile_stop+0xd0/0xd0 [ 134.214709][ T5503] ? __virt_addr_valid+0x22f/0x2e0 [ 134.219850][ T5503] ? cgroup_seqfile_stop+0xd0/0xd0 [ 134.224973][ T5503] kernfs_fop_write_iter+0x3a6/0x4f0 [ 134.230279][ T5503] vfs_write+0x7b2/0xbb0 [ 134.234546][ T5503] ? file_end_write+0x240/0x240 [ 134.239438][ T5503] ? do_raw_spin_unlock+0x13b/0x8b0 [ 134.244768][ T5503] ? lockdep_hardirqs_on+0x98/0x140 [ 134.250157][ T5503] ? __fdget_pos+0x265/0x2f0 [ 134.254808][ T5503] ksys_write+0x1a0/0x2c0 [ 134.259173][ T5503] ? __ia32_sys_read+0x90/0x90 [ 134.264151][ T5503] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 134.270181][ T5503] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 134.276195][ T5503] do_syscall_64+0x41/0xc0 [ 134.280640][ T5503] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.286563][ T5503] RIP: 0033:0x7fd49ce20129 [ 134.290997][ T5503] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 134.310619][ T5503] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.319057][ T5503] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 134.327040][ T5503] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./23/binderfs") = 0 [pid 5075] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./23/cgroup") = 0 [pid 5075] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.335018][ T5503] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 134.342996][ T5503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 134.350976][ T5503] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000011 [ 134.358985][ T5503] [ 134.366170][ T5503] memory: usage 8kB, limit 0kB, failcnt 55 [ 134.373074][ T5503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 134.397272][ T5503] Memory cgroup stats for /syz1: [ 134.397487][ T5503] anon 0 [ 134.397487][ T5503] file 0 [ 134.397487][ T5503] kernel 8192 [ 134.397487][ T5503] kernel_stack 0 [ 134.397487][ T5503] pagetables 0 [ 134.397487][ T5503] sec_pagetables 0 [ 134.397487][ T5503] percpu 0 [ 134.397487][ T5503] sock 0 [ 134.397487][ T5503] vmalloc 0 [ 134.397487][ T5503] shmem 0 [ 134.397487][ T5503] zswap 0 [ 134.397487][ T5503] zswapped 0 [ 134.397487][ T5503] file_mapped 0 [ 134.397487][ T5503] file_dirty 0 [pid 5075] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./23/cgroup.net") = 0 [pid 5075] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.397487][ T5503] file_writeback 0 [ 134.397487][ T5503] swapcached 0 [ 134.397487][ T5503] anon_thp 0 [ 134.397487][ T5503] file_thp 0 [ 134.397487][ T5503] shmem_thp 0 [ 134.397487][ T5503] inactive_anon 0 [ 134.397487][ T5503] active_anon 0 [ 134.397487][ T5503] inactive_file 0 [ 134.397487][ T5503] active_file 0 [ 134.397487][ T5503] unevictable 0 [ 134.397487][ T5503] slab_reclaimable 6752 [ 134.397487][ T5503] slab_unreclaimable 0 [ 134.397487][ T5503] slab 6752 [ 134.397487][ T5503] workingset_refault_anon 0 [pid 5075] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./23/file0") = 0 [pid 5075] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./23/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./23") = 0 [pid 5075] mkdir("./24", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 26 ./strace-static-x86_64: Process 5525 attached [pid 5503] <... write resumed>) = 18 [ 134.498455][ T5503] Tasks state (memory values in pages): [ 134.504377][ T5503] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 134.515120][ T5503] Out of memory and no killable processes... [ 134.522068][ T5509] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 134.533874][ T5509] CPU: 1 PID: 5509 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 134.544337][ T5509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 134.554428][ T5509] Call Trace: [ 134.557742][ T5509] [ 134.560708][ T5509] dump_stack_lvl+0x1e7/0x2d0 [ 134.565438][ T5509] ? nf_tcp_handle_invalid+0x640/0x640 [ 134.570946][ T5509] ? panic+0x770/0x770 [ 134.575075][ T5509] dump_header+0xdc/0x940 [ 134.579544][ T5509] out_of_memory+0xf21/0x12c0 [ 134.584274][ T5509] ? mutex_lock_io_nested+0x60/0x60 [ 134.589523][ T5509] ? mark_lock+0x9a/0x340 [pid 5525] chdir("./24") = 0 [pid 5525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5525] setpgid(0, 0) = 0 [pid 5525] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5525] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5525] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 134.593887][ T5509] ? unregister_oom_notifier+0x20/0x20 [ 134.599388][ T5509] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 134.605428][ T5509] mem_cgroup_out_of_memory+0x263/0x3b0 [ 134.611031][ T5509] ? mem_cgroup_oom_trylock+0x210/0x210 [ 134.616646][ T5509] ? cgroup_file_notify+0x127/0x190 [ 134.621901][ T5509] memory_max_write+0x355/0x470 [ 134.626811][ T5509] ? memory_max_show+0xa0/0xa0 [ 134.631626][ T5509] ? read_lock_is_recursive+0x20/0x20 [ 134.637050][ T5509] ? memory_max_show+0xa0/0xa0 [ 134.641863][ T5509] cgroup_file_write+0x2b1/0x780 [pid 5525] write(3, "1000", 4) = 4 [pid 5525] close(3) = 0 [pid 5525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5525] mkdir("./file0", 000) = 0 [pid 5525] open("./file0", O_RDONLY) = 3 [ 134.646847][ T5509] ? cgroup_seqfile_stop+0xd0/0xd0 [ 134.652008][ T5509] ? __virt_addr_valid+0x22f/0x2e0 [ 134.657188][ T5509] ? cgroup_seqfile_stop+0xd0/0xd0 [ 134.662344][ T5509] kernfs_fop_write_iter+0x3a6/0x4f0 [ 134.667698][ T5509] vfs_write+0x7b2/0xbb0 [ 134.672005][ T5509] ? file_end_write+0x240/0x240 [ 134.676906][ T5509] ? do_raw_spin_unlock+0x13b/0x8b0 [ 134.682158][ T5509] ? lockdep_hardirqs_on+0x98/0x140 [ 134.687409][ T5509] ? __fdget_pos+0x265/0x2f0 [ 134.692048][ T5509] ksys_write+0x1a0/0x2c0 [pid 5525] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5525] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5525] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5525] openat(5, "memory.max", O_RDWR) = 6 [ 134.696434][ T5509] ? __ia32_sys_read+0x90/0x90 [ 134.701250][ T5509] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 134.707389][ T5509] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 134.713431][ T5509] do_syscall_64+0x41/0xc0 [ 134.717912][ T5509] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.723857][ T5509] RIP: 0033:0x7fd49ce20129 [ 134.728308][ T5509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 134.747957][ T5509] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.756419][ T5509] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 134.764431][ T5509] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 134.772444][ T5509] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 134.780457][ T5509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 134.788472][ T5509] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000012 [ 134.796512][ T5509] [ 134.807292][ T5509] memory: usage 8kB, limit 0kB, failcnt 55 [ 134.813296][ T5509] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 134.820667][ T5509] Memory cgroup stats for /syz1: [ 134.820867][ T5509] anon 0 [ 134.820867][ T5509] file 0 [ 134.820867][ T5509] kernel 8192 [ 134.820867][ T5509] kernel_stack 0 [ 134.820867][ T5509] pagetables 0 [ 134.820867][ T5509] sec_pagetables 0 [ 134.820867][ T5509] percpu 0 [ 134.820867][ T5509] sock 0 [ 134.820867][ T5509] vmalloc 0 [ 134.820867][ T5509] shmem 0 [ 134.820867][ T5509] zswap 0 [ 134.820867][ T5509] zswapped 0 [ 134.820867][ T5509] file_mapped 0 [ 134.820867][ T5509] file_dirty 0 [ 134.820867][ T5509] file_writeback 0 [ 134.820867][ T5509] swapcached 0 [ 134.820867][ T5509] anon_thp 0 [ 134.820867][ T5509] file_thp 0 [ 134.820867][ T5509] shmem_thp 0 [ 134.820867][ T5509] inactive_anon 0 [ 134.820867][ T5509] active_anon 0 [ 134.820867][ T5509] inactive_file 0 [ 134.820867][ T5509] active_file 0 [ 134.820867][ T5509] unevictable 0 [ 134.820867][ T5509] slab_reclaimable 6752 [pid 5525] write(6, "0x000000000000040e", 18 [pid 5509] <... write resumed>) = 18 [pid 5503] close(3 [pid 5509] close(3 [pid 5503] <... close resumed>) = 0 [pid 5509] <... close resumed>) = 0 [pid 5503] close(4 [pid 5509] close(4) = 0 [pid 5503] <... close resumed>) = 0 [pid 5509] close(5 [pid 5503] close(5 [pid 5509] <... close resumed>) = 0 [pid 5503] <... close resumed>) = 0 [pid 5509] close(6 [pid 5503] close(6 [pid 5509] <... close resumed>) = 0 [pid 5503] <... close resumed>) = 0 [pid 5509] close(7 [pid 5503] close(7 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] close(8 [pid 5503] close(8 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] close(9 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(9 [pid 5509] close(10 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(10 [pid 5509] close(11 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(11 [pid 5509] close(12 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 134.820867][ T5509] slab_unreclaimable 0 [ 134.820867][ T5509] slab 6752 [ 134.820867][ T5509] workingset_refault_anon 0 [ 134.921971][ T5509] Tasks state (memory values in pages): [ 134.928149][ T5509] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 134.938109][ T5509] Out of memory and no killable processes... [ 134.944665][ T5512] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 134.977853][ T5512] CPU: 0 PID: 5512 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 134.988343][ T5512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 134.998528][ T5512] Call Trace: [ 135.001850][ T5512] [ 135.004819][ T5512] dump_stack_lvl+0x1e7/0x2d0 [ 135.009550][ T5512] ? nf_tcp_handle_invalid+0x640/0x640 [ 135.015068][ T5512] ? panic+0x770/0x770 [ 135.019205][ T5512] dump_header+0xdc/0x940 [ 135.023599][ T5512] out_of_memory+0xf21/0x12c0 [ 135.028342][ T5512] ? mutex_lock_io_nested+0x60/0x60 [ 135.033604][ T5512] ? preempt_schedule+0xdd/0xf0 [ 135.038517][ T5512] ? unregister_oom_notifier+0x20/0x20 [ 135.044013][ T5512] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 135.050379][ T5512] mem_cgroup_out_of_memory+0x263/0x3b0 [ 135.055953][ T5512] ? preempt_schedule_thunk+0x1a/0x20 [ 135.061366][ T5512] ? mem_cgroup_oom_trylock+0x210/0x210 [ 135.066947][ T5512] ? cgroup_file_notify+0x127/0x190 [ 135.072168][ T5512] memory_max_write+0x355/0x470 [ 135.077052][ T5512] ? memory_max_show+0xa0/0xa0 [ 135.081831][ T5512] ? read_lock_is_recursive+0x20/0x20 [ 135.087228][ T5512] ? memory_max_show+0xa0/0xa0 [ 135.092013][ T5512] cgroup_file_write+0x2b1/0x780 [ 135.096982][ T5512] ? cgroup_seqfile_stop+0xd0/0xd0 [ 135.102105][ T5512] ? __virt_addr_valid+0x22f/0x2e0 [ 135.107244][ T5512] ? cgroup_seqfile_stop+0xd0/0xd0 [ 135.112378][ T5512] kernfs_fop_write_iter+0x3a6/0x4f0 [ 135.117686][ T5512] vfs_write+0x7b2/0xbb0 [ 135.122036][ T5512] ? file_end_write+0x240/0x240 [ 135.126920][ T5512] ? do_raw_spin_unlock+0x13b/0x8b0 [ 135.132136][ T5512] ? lockdep_hardirqs_on+0x98/0x140 [ 135.137532][ T5512] ? __fdget_pos+0x265/0x2f0 [ 135.142147][ T5512] ksys_write+0x1a0/0x2c0 [ 135.146499][ T5512] ? __ia32_sys_read+0x90/0x90 [ 135.151285][ T5512] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 135.157292][ T5512] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 135.163313][ T5512] do_syscall_64+0x41/0xc0 [ 135.167747][ T5512] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.173752][ T5512] RIP: 0033:0x7fd49ce20129 [ 135.178183][ T5512] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.197804][ T5512] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.206235][ T5512] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 135.214217][ T5512] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5503] close(12 [pid 5509] close(13 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(13 [pid 5509] close(14 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(14 [pid 5509] close(15 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(15 [pid 5509] close(16 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(16 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(17 [pid 5509] close(17) = -1 EBADF (Bad file descriptor) [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] close(18 [pid 5503] close(18) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(19 [pid 5509] close(19 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(20) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(21) = -1 EBADF (Bad file descriptor) [pid 5509] close(20) = -1 EBADF (Bad file descriptor) [pid 5503] close(22 [pid 5509] close(21 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(23 [pid 5509] close(22 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(24 [pid 5509] close(23 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(25 [pid 5509] close(24 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(26 [pid 5509] close(25 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 135.222199][ T5512] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 135.230177][ T5512] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 135.238156][ T5512] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000015 [ 135.246168][ T5512] [ 135.252234][ T5512] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(27 [pid 5509] close(26 [pid 5503] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 135.286159][ T5512] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 135.297480][ T5512] Memory cgroup stats for /syz1: [ 135.298288][ T5512] anon 0 [ 135.298288][ T5512] file 0 [ 135.298288][ T5512] kernel 8192 [ 135.298288][ T5512] kernel_stack 0 [ 135.298288][ T5512] pagetables 0 [ 135.298288][ T5512] sec_pagetables 0 [ 135.298288][ T5512] percpu 0 [ 135.298288][ T5512] sock 0 [ 135.298288][ T5512] vmalloc 0 [ 135.298288][ T5512] shmem 0 [ 135.298288][ T5512] zswap 0 [ 135.298288][ T5512] zswapped 0 [ 135.298288][ T5512] file_mapped 0 [ 135.298288][ T5512] file_dirty 0 [ 135.298288][ T5512] file_writeback 0 [ 135.298288][ T5512] swapcached 0 [ 135.298288][ T5512] anon_thp 0 [ 135.298288][ T5512] file_thp 0 [ 135.298288][ T5512] shmem_thp 0 [ 135.298288][ T5512] inactive_anon 0 [ 135.298288][ T5512] active_anon 0 [ 135.298288][ T5512] inactive_file 0 [ 135.298288][ T5512] active_file 0 [ 135.298288][ T5512] unevictable 0 [ 135.298288][ T5512] slab_reclaimable 6752 [ 135.298288][ T5512] slab_unreclaimable 0 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5503] close(28) = -1 EBADF (Bad file descriptor) [pid 5503] close(29) = -1 EBADF (Bad file descriptor) [pid 5503] exit_group(0) = ? [pid 5503] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./17/binderfs") = 0 [pid 5070] umount2("./17/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./17/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./17/cgroup") = 0 [pid 5070] umount2("./17/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./17/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./17/cgroup.net") = 0 [pid 5070] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5509] close(27 [pid 5070] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./17/file0", [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, [pid 5509] close(28 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] close(4 [pid 5509] close(29 [pid 5070] <... close resumed>) = 0 [pid 5070] rmdir("./17/file0" [pid 5509] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] <... rmdir resumed>) = 0 [pid 5070] umount2("./17/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./17/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./17/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./17") = 0 [pid 5509] exit_group(0 [pid 5070] mkdir("./18", 0777 [pid 5509] <... exit_group resumed>) = ? [pid 5070] <... mkdir resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5530 attached [pid 5509] +++ exited with 0 +++ [pid 5530] chdir("./18" [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5530] <... chdir resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 20 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] setpgid(0, 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5530] <... setpgid resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 135.298288][ T5512] slab 6752 [ 135.298288][ T5512] workingset_refault_anon 0 [ 135.397627][ T5512] Tasks state (memory values in pages): [pid 5530] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5072] <... openat resumed>) = 3 [pid 5530] <... symlink resumed>) = 0 [pid 5072] fstat(3, [pid 5530] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5530] <... symlink resumed>) = 0 [pid 5072] getdents64(3, [pid 5530] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5530] <... symlink resumed>) = 0 [pid 5072] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5530] <... openat resumed>) = 3 [pid 5072] lstat("./18/binderfs", [pid 5530] write(3, "1000", 4 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5530] <... write resumed>) = 4 [pid 5072] unlink("./18/binderfs" [pid 5530] close(3 [pid 5072] <... unlink resumed>) = 0 [pid 5530] <... close resumed>) = 0 [pid 5072] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5530] <... symlink resumed>) = 0 [pid 5072] lstat("./18/cgroup", [pid 5530] mkdir("./file0", 000 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5530] <... mkdir resumed>) = 0 [pid 5072] unlink("./18/cgroup" [pid 5530] open("./file0", O_RDONLY [pid 5072] <... unlink resumed>) = 0 [pid 5530] <... open resumed>) = 3 [pid 5072] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5530] <... mount resumed>) = 0 [pid 5072] lstat("./18/cgroup.net", [pid 5530] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5530] <... openat resumed>) = 4 [pid 5072] unlink("./18/cgroup.net" [pid 5530] openat(4, "syz1", O_RDWR|O_PATH [pid 5072] <... unlink resumed>) = 0 [pid 5530] <... openat resumed>) = 5 [pid 5072] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] openat(5, "memory.max", O_RDWR [pid 5072] <... umount2 resumed>) = 0 [pid 5530] <... openat resumed>) = 6 [pid 5072] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5530] write(6, "0x000000000000040e", 18 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 135.438872][ T5512] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5072] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./18/file0") = 0 [pid 5072] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./18/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./18") = 0 [pid 5072] mkdir("./19", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5533 attached [pid 5533] chdir("./19" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 21 [pid 5533] <... chdir resumed>) = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5512] <... write resumed>) = 18 [pid 5533] <... prctl resumed>) = 0 [pid 5512] close(3 [pid 5533] setpgid(0, 0 [pid 5512] <... close resumed>) = 0 [pid 5512] close(4 [pid 5533] <... setpgid resumed>) = 0 [pid 5512] <... close resumed>) = 0 [pid 5512] close(5) = 0 [pid 5533] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5512] close(6) = 0 [pid 5533] <... symlink resumed>) = 0 [pid 5512] close(7) = -1 EBADF (Bad file descriptor) [pid 5533] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [ 135.481123][ T5512] Out of memory and no killable processes... [ 135.510074][ T5518] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5512] close(8) = -1 EBADF (Bad file descriptor) [pid 5533] <... symlink resumed>) = 0 [pid 5512] close(9) = -1 EBADF (Bad file descriptor) [ 135.533143][ T5518] CPU: 1 PID: 5518 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 135.543636][ T5518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 135.553730][ T5518] Call Trace: [ 135.557070][ T5518] [ 135.560049][ T5518] dump_stack_lvl+0x1e7/0x2d0 [ 135.564778][ T5518] ? nf_tcp_handle_invalid+0x640/0x640 [ 135.570279][ T5518] ? panic+0x770/0x770 [ 135.574402][ T5518] dump_header+0xdc/0x940 [ 135.578778][ T5518] out_of_memory+0xf21/0x12c0 [ 135.583518][ T5518] ? mutex_lock_io_nested+0x60/0x60 [ 135.588775][ T5518] ? preempt_schedule+0xdd/0xf0 [ 135.593669][ T5518] ? unregister_oom_notifier+0x20/0x20 [ 135.599198][ T5518] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 135.605242][ T5518] mem_cgroup_out_of_memory+0x263/0x3b0 [ 135.610836][ T5518] ? preempt_schedule_thunk+0x1a/0x20 [ 135.616263][ T5518] ? mem_cgroup_oom_trylock+0x210/0x210 [ 135.621872][ T5518] ? cgroup_file_notify+0x127/0x190 [ 135.627126][ T5518] memory_max_write+0x355/0x470 [ 135.632019][ T5518] ? memory_max_show+0xa0/0xa0 [ 135.636799][ T5518] ? read_lock_is_recursive+0x20/0x20 [ 135.642191][ T5518] ? memory_max_show+0xa0/0xa0 [ 135.646972][ T5518] cgroup_file_write+0x2b1/0x780 [ 135.651931][ T5518] ? cgroup_seqfile_stop+0xd0/0xd0 [ 135.657055][ T5518] ? __virt_addr_valid+0x22f/0x2e0 [ 135.662195][ T5518] ? cgroup_seqfile_stop+0xd0/0xd0 [ 135.667317][ T5518] kernfs_fop_write_iter+0x3a6/0x4f0 [ 135.672622][ T5518] vfs_write+0x7b2/0xbb0 [ 135.676889][ T5518] ? file_end_write+0x240/0x240 [ 135.681758][ T5518] ? do_raw_spin_unlock+0x13b/0x8b0 [ 135.686977][ T5518] ? lockdep_hardirqs_on+0x98/0x140 [ 135.692201][ T5518] ? __fdget_pos+0x265/0x2f0 [ 135.696809][ T5518] ksys_write+0x1a0/0x2c0 [ 135.701161][ T5518] ? __ia32_sys_read+0x90/0x90 [ 135.705937][ T5518] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 135.711941][ T5518] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 135.717961][ T5518] do_syscall_64+0x41/0xc0 [ 135.722406][ T5518] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.728344][ T5518] RIP: 0033:0x7fd49ce20129 [ 135.732780][ T5518] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.752413][ T5518] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.760849][ T5518] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 135.768844][ T5518] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5533] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5512] close(10) = -1 EBADF (Bad file descriptor) [pid 5512] close(11 [pid 5533] <... symlink resumed>) = 0 [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5512] close(12) = -1 EBADF (Bad file descriptor) [pid 5533] <... openat resumed>) = 3 [pid 5533] write(3, "1000", 4 [pid 5512] close(13) = -1 EBADF (Bad file descriptor) [pid 5533] <... write resumed>) = 4 [pid 5512] close(14 [pid 5533] close(3 [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5512] close(15 [pid 5533] <... close resumed>) = 0 [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5533] symlink("/dev/binderfs", "./binderfs" [pid 5512] close(16) = -1 EBADF (Bad file descriptor) [pid 5512] close(17 [pid 5533] <... symlink resumed>) = 0 [pid 5533] mkdir("./file0", 000 [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5512] close(18) = -1 EBADF (Bad file descriptor) [pid 5533] <... mkdir resumed>) = 0 [pid 5512] close(19 [pid 5533] open("./file0", O_RDONLY [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5512] close(20) = -1 EBADF (Bad file descriptor) [ 135.776824][ T5518] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 135.784815][ T5518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 135.792878][ T5518] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000019 [ 135.800985][ T5518] [pid 5533] <... open resumed>) = 3 [pid 5512] close(21 [pid 5533] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5512] close(22 [pid 5533] <... mount resumed>) = 0 [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5512] close(23) = -1 EBADF (Bad file descriptor) [pid 5512] close(24 [pid 5533] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5512] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5533] <... openat resumed>) = 4 [pid 5512] close(25) = -1 EBADF (Bad file descriptor) [pid 5512] close(26) = -1 EBADF (Bad file descriptor) [pid 5512] close(27) = -1 EBADF (Bad file descriptor) [pid 5512] close(28) = -1 EBADF (Bad file descriptor) [pid 5512] close(29) = -1 EBADF (Bad file descriptor) [pid 5512] exit_group(0) = ? [pid 5512] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5533] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5533] openat(5, "memory.max", O_RDWR) = 6 [pid 5073] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5533] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./21/binderfs") = 0 [pid 5073] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./21/cgroup") = 0 [pid 5073] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./21/cgroup.net") = 0 [pid 5073] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./21/file0") = 0 [pid 5073] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./21/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./21") = 0 [pid 5073] mkdir("./22", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5537 attached , child_tidptr=0x5555574ac5d0) = 24 [pid 5537] chdir("./22") = 0 [pid 5537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5537] setpgid(0, 0) = 0 [ 135.851269][ T5518] memory: usage 8kB, limit 0kB, failcnt 55 [ 135.886493][ T5518] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5537] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 135.921624][ T5518] Memory cgroup stats for /syz1: [ 135.921840][ T5518] anon 0 [ 135.921840][ T5518] file 0 [ 135.921840][ T5518] kernel 8192 [ 135.921840][ T5518] kernel_stack 0 [ 135.921840][ T5518] pagetables 0 [ 135.921840][ T5518] sec_pagetables 0 [ 135.921840][ T5518] percpu 0 [ 135.921840][ T5518] sock 0 [ 135.921840][ T5518] vmalloc 0 [ 135.921840][ T5518] shmem 0 [ 135.921840][ T5518] zswap 0 [ 135.921840][ T5518] zswapped 0 [ 135.921840][ T5518] file_mapped 0 [ 135.921840][ T5518] file_dirty 0 [pid 5537] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5537] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5537] write(3, "1000", 4) = 4 [pid 5537] close(3) = 0 [pid 5537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5537] mkdir("./file0", 000) = 0 [pid 5537] open("./file0", O_RDONLY) = 3 [ 135.921840][ T5518] file_writeback 0 [ 135.921840][ T5518] swapcached 0 [ 135.921840][ T5518] anon_thp 0 [ 135.921840][ T5518] file_thp 0 [ 135.921840][ T5518] shmem_thp 0 [ 135.921840][ T5518] inactive_anon 0 [ 135.921840][ T5518] active_anon 0 [ 135.921840][ T5518] inactive_file 0 [ 135.921840][ T5518] active_file 0 [ 135.921840][ T5518] unevictable 0 [ 135.921840][ T5518] slab_reclaimable 6752 [ 135.921840][ T5518] slab_unreclaimable 0 [ 135.921840][ T5518] slab 6752 [ 135.921840][ T5518] workingset_refault_anon 0 [pid 5537] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5537] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5537] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5537] openat(5, "memory.max", O_RDWR) = 6 [ 136.034422][ T5518] Tasks state (memory values in pages): [ 136.043194][ T5518] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 136.060523][ T5518] Out of memory and no killable processes... [pid 5537] write(6, "0x000000000000040e", 18 [pid 5518] <... write resumed>) = 18 [ 136.081699][ T5525] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 136.093769][ T5525] CPU: 0 PID: 5525 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 136.104339][ T5525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 136.114443][ T5525] Call Trace: [ 136.117759][ T5525] [ 136.120737][ T5525] dump_stack_lvl+0x1e7/0x2d0 [ 136.125471][ T5525] ? nf_tcp_handle_invalid+0x640/0x640 [ 136.130990][ T5525] ? panic+0x770/0x770 [ 136.135130][ T5525] dump_header+0xdc/0x940 [ 136.139537][ T5525] out_of_memory+0xf21/0x12c0 [ 136.144278][ T5525] ? mutex_lock_io_nested+0x60/0x60 [ 136.149713][ T5525] ? preempt_schedule+0xdd/0xf0 [ 136.154621][ T5525] ? unregister_oom_notifier+0x20/0x20 [ 136.160134][ T5525] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 136.166189][ T5525] mem_cgroup_out_of_memory+0x263/0x3b0 [ 136.171796][ T5525] ? preempt_schedule_thunk+0x1a/0x20 [ 136.177227][ T5525] ? mem_cgroup_oom_trylock+0x210/0x210 [ 136.182844][ T5525] ? cgroup_file_notify+0x127/0x190 [ 136.188110][ T5525] memory_max_write+0x355/0x470 [ 136.195024][ T5525] ? memory_max_show+0xa0/0xa0 [ 136.199853][ T5525] ? read_lock_is_recursive+0x20/0x20 [ 136.205314][ T5525] ? memory_max_show+0xa0/0xa0 [ 136.210130][ T5525] cgroup_file_write+0x2b1/0x780 [ 136.215124][ T5525] ? cgroup_seqfile_stop+0xd0/0xd0 [ 136.220281][ T5525] ? __virt_addr_valid+0x22f/0x2e0 [ 136.225460][ T5525] ? cgroup_seqfile_stop+0xd0/0xd0 [pid 5518] close(3) = 0 [pid 5518] close(4) = 0 [pid 5518] close(5) = 0 [pid 5518] close(6) = 0 [pid 5518] close(7) = -1 EBADF (Bad file descriptor) [ 136.230614][ T5525] kernfs_fop_write_iter+0x3a6/0x4f0 [ 136.235960][ T5525] vfs_write+0x7b2/0xbb0 [ 136.240267][ T5525] ? file_end_write+0x240/0x240 [ 136.245176][ T5525] ? do_raw_spin_unlock+0x13b/0x8b0 [ 136.250428][ T5525] ? lockdep_hardirqs_on+0x98/0x140 [ 136.255686][ T5525] ? __fdget_pos+0x265/0x2f0 [ 136.260330][ T5525] ksys_write+0x1a0/0x2c0 [ 136.264711][ T5525] ? __ia32_sys_read+0x90/0x90 [ 136.269521][ T5525] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 136.275564][ T5525] ? syscall_enter_from_user_mode+0x8c/0x2c0 [pid 5518] close(8) = -1 EBADF (Bad file descriptor) [pid 5518] close(9) = -1 EBADF (Bad file descriptor) [pid 5518] close(10) = -1 EBADF (Bad file descriptor) [pid 5518] close(11) = -1 EBADF (Bad file descriptor) [pid 5518] close(12) = -1 EBADF (Bad file descriptor) [pid 5518] close(13) = -1 EBADF (Bad file descriptor) [pid 5518] close(14) = -1 EBADF (Bad file descriptor) [pid 5518] close(15) = -1 EBADF (Bad file descriptor) [pid 5518] close(16) = -1 EBADF (Bad file descriptor) [pid 5518] close(17) = -1 EBADF (Bad file descriptor) [pid 5518] close(18) = -1 EBADF (Bad file descriptor) [pid 5518] close(19) = -1 EBADF (Bad file descriptor) [pid 5518] close(20) = -1 EBADF (Bad file descriptor) [pid 5518] close(21) = -1 EBADF (Bad file descriptor) [pid 5518] close(22) = -1 EBADF (Bad file descriptor) [pid 5518] close(23) = -1 EBADF (Bad file descriptor) [pid 5518] close(24) = -1 EBADF (Bad file descriptor) [pid 5518] close(25) = -1 EBADF (Bad file descriptor) [pid 5518] close(26) = -1 EBADF (Bad file descriptor) [pid 5518] close(27) = -1 EBADF (Bad file descriptor) [pid 5518] close(28) = -1 EBADF (Bad file descriptor) [pid 5518] close(29) = -1 EBADF (Bad file descriptor) [pid 5518] exit_group(0) = ? [pid 5518] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 136.281608][ T5525] do_syscall_64+0x41/0xc0 [ 136.286083][ T5525] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 136.292045][ T5525] RIP: 0033:0x7fd49ce20129 [ 136.296514][ T5525] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.316181][ T5525] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.324672][ T5525] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5074] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./25/binderfs") = 0 [pid 5074] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./25/cgroup") = 0 [pid 5074] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./25/cgroup.net") = 0 [pid 5074] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./25/file0") = 0 [pid 5074] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./25/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./25") = 0 [pid 5074] mkdir("./26", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5541 attached [pid 5541] chdir("./26" [ 136.332694][ T5525] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 136.340711][ T5525] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 136.348726][ T5525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 136.356742][ T5525] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000018 [ 136.364793][ T5525] [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 28 [pid 5541] <... chdir resumed>) = 0 [pid 5541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5541] setpgid(0, 0) = 0 [pid 5541] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5541] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5541] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5541] write(3, "1000", 4) = 4 [pid 5541] close(3) = 0 [pid 5541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5541] mkdir("./file0", 000) = 0 [pid 5541] open("./file0", O_RDONLY) = 3 [pid 5541] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5541] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5541] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5541] openat(5, "memory.max", O_RDWR) = 6 [ 136.433832][ T5525] memory: usage 8kB, limit 0kB, failcnt 55 [ 136.456656][ T5525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 136.463574][ T5525] Memory cgroup stats for /syz1: [ 136.463737][ T5525] anon 0 [ 136.463737][ T5525] file 0 [ 136.463737][ T5525] kernel 8192 [ 136.463737][ T5525] kernel_stack 0 [ 136.463737][ T5525] pagetables 0 [ 136.463737][ T5525] sec_pagetables 0 [ 136.463737][ T5525] percpu 0 [ 136.463737][ T5525] sock 0 [ 136.463737][ T5525] vmalloc 0 [ 136.463737][ T5525] shmem 0 [ 136.463737][ T5525] zswap 0 [ 136.463737][ T5525] zswapped 0 [ 136.463737][ T5525] file_mapped 0 [ 136.463737][ T5525] file_dirty 0 [ 136.463737][ T5525] file_writeback 0 [ 136.463737][ T5525] swapcached 0 [ 136.463737][ T5525] anon_thp 0 [ 136.463737][ T5525] file_thp 0 [ 136.463737][ T5525] shmem_thp 0 [ 136.463737][ T5525] inactive_anon 0 [ 136.463737][ T5525] active_anon 0 [ 136.463737][ T5525] inactive_file 0 [ 136.463737][ T5525] active_file 0 [ 136.463737][ T5525] unevictable 0 [ 136.463737][ T5525] slab_reclaimable 6752 [ 136.463737][ T5525] slab_unreclaimable 0 [ 136.463737][ T5525] slab 6752 [ 136.463737][ T5525] workingset_refault_anon 0 [ 136.573019][ T5525] Tasks state (memory values in pages): [pid 5541] write(6, "0x000000000000040e", 18 [pid 5525] <... write resumed>) = 18 [pid 5525] close(3) = 0 [pid 5525] close(4) = 0 [pid 5525] close(5) = 0 [pid 5525] close(6) = 0 [pid 5525] close(7) = -1 EBADF (Bad file descriptor) [pid 5525] close(8) = -1 EBADF (Bad file descriptor) [pid 5525] close(9) = -1 EBADF (Bad file descriptor) [pid 5525] close(10) = -1 EBADF (Bad file descriptor) [pid 5525] close(11) = -1 EBADF (Bad file descriptor) [pid 5525] close(12) = -1 EBADF (Bad file descriptor) [pid 5525] close(13) = -1 EBADF (Bad file descriptor) [pid 5525] close(14) = -1 EBADF (Bad file descriptor) [pid 5525] close(15) = -1 EBADF (Bad file descriptor) [pid 5525] close(16) = -1 EBADF (Bad file descriptor) [pid 5525] close(17) = -1 EBADF (Bad file descriptor) [pid 5525] close(18) = -1 EBADF (Bad file descriptor) [pid 5525] close(19) = -1 EBADF (Bad file descriptor) [pid 5525] close(20) = -1 EBADF (Bad file descriptor) [pid 5525] close(21) = -1 EBADF (Bad file descriptor) [pid 5525] close(22) = -1 EBADF (Bad file descriptor) [pid 5525] close(23) = -1 EBADF (Bad file descriptor) [pid 5525] close(24) = -1 EBADF (Bad file descriptor) [pid 5525] close(25) = -1 EBADF (Bad file descriptor) [pid 5525] close(26) = -1 EBADF (Bad file descriptor) [pid 5525] close(27) = -1 EBADF (Bad file descriptor) [pid 5525] close(28) = -1 EBADF (Bad file descriptor) [pid 5525] close(29) = -1 EBADF (Bad file descriptor) [pid 5525] exit_group(0) = ? [ 136.595836][ T5525] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 136.616794][ T5525] Out of memory and no killable processes... [ 136.622912][ T5530] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 136.641465][ T5530] CPU: 1 PID: 5530 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 136.651946][ T5530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 136.662040][ T5530] Call Trace: [ 136.665351][ T5530] [ 136.668313][ T5530] dump_stack_lvl+0x1e7/0x2d0 [ 136.673021][ T5530] ? nf_tcp_handle_invalid+0x640/0x640 [ 136.678586][ T5530] ? panic+0x770/0x770 [ 136.682683][ T5530] dump_header+0xdc/0x940 [ 136.687033][ T5530] out_of_memory+0xf21/0x12c0 [ 136.691751][ T5530] ? mutex_lock_io_nested+0x60/0x60 [ 136.696996][ T5530] ? preempt_schedule+0xdd/0xf0 [ 136.701873][ T5530] ? unregister_oom_notifier+0x20/0x20 [ 136.707386][ T5530] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 136.713403][ T5530] mem_cgroup_out_of_memory+0x263/0x3b0 [ 136.718983][ T5530] ? preempt_schedule_thunk+0x1a/0x20 [ 136.724381][ T5530] ? mem_cgroup_oom_trylock+0x210/0x210 [ 136.729978][ T5530] ? cgroup_file_notify+0x127/0x190 [ 136.735226][ T5530] memory_max_write+0x355/0x470 [ 136.740100][ T5530] ? memory_max_show+0xa0/0xa0 [ 136.744893][ T5530] ? read_lock_is_recursive+0x20/0x20 [ 136.750290][ T5530] ? memory_max_show+0xa0/0xa0 [ 136.755069][ T5530] cgroup_file_write+0x2b1/0x780 [ 136.760025][ T5530] ? cgroup_seqfile_stop+0xd0/0xd0 [ 136.765147][ T5530] ? __virt_addr_valid+0x22f/0x2e0 [ 136.770287][ T5530] ? cgroup_seqfile_stop+0xd0/0xd0 [ 136.775413][ T5530] kernfs_fop_write_iter+0x3a6/0x4f0 [ 136.780725][ T5530] vfs_write+0x7b2/0xbb0 [ 136.784996][ T5530] ? file_end_write+0x240/0x240 [ 136.789868][ T5530] ? do_raw_spin_unlock+0x13b/0x8b0 [ 136.795086][ T5530] ? lockdep_hardirqs_on+0x98/0x140 [ 136.800308][ T5530] ? __fdget_pos+0x265/0x2f0 [ 136.804916][ T5530] ksys_write+0x1a0/0x2c0 [ 136.809270][ T5530] ? __ia32_sys_read+0x90/0x90 [ 136.814069][ T5530] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 136.820078][ T5530] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 136.826140][ T5530] do_syscall_64+0x41/0xc0 [ 136.830591][ T5530] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 136.836514][ T5530] RIP: 0033:0x7fd49ce20129 [ 136.840956][ T5530] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.860586][ T5530] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.869020][ T5530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 136.877011][ T5530] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 136.885026][ T5530] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5525] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./24/binderfs") = 0 [pid 5075] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./24/cgroup") = 0 [pid 5075] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.893016][ T5530] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 136.901038][ T5530] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000012 [ 136.909052][ T5530] [ 136.929109][ T5530] memory: usage 8kB, limit 0kB, failcnt 55 [ 136.935214][ T5530] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 136.944959][ T5530] Memory cgroup stats for /syz1: [ 136.952367][ T5530] anon 0 [ 136.952367][ T5530] file 0 [ 136.952367][ T5530] kernel 8192 [ 136.952367][ T5530] kernel_stack 0 [ 136.952367][ T5530] pagetables 0 [ 136.952367][ T5530] sec_pagetables 0 [ 136.952367][ T5530] percpu 0 [ 136.952367][ T5530] sock 0 [ 136.952367][ T5530] vmalloc 0 [ 136.952367][ T5530] shmem 0 [ 136.952367][ T5530] zswap 0 [ 136.952367][ T5530] zswapped 0 [ 136.952367][ T5530] file_mapped 0 [ 136.952367][ T5530] file_dirty 0 [pid 5075] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./24/cgroup.net") = 0 [pid 5075] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 136.952367][ T5530] file_writeback 0 [ 136.952367][ T5530] swapcached 0 [ 136.952367][ T5530] anon_thp 0 [ 136.952367][ T5530] file_thp 0 [ 136.952367][ T5530] shmem_thp 0 [ 136.952367][ T5530] inactive_anon 0 [ 136.952367][ T5530] active_anon 0 [ 136.952367][ T5530] inactive_file 0 [ 136.952367][ T5530] active_file 0 [ 136.952367][ T5530] unevictable 0 [ 136.952367][ T5530] slab_reclaimable 6752 [ 136.952367][ T5530] slab_unreclaimable 0 [ 136.952367][ T5530] slab 6752 [ 136.952367][ T5530] workingset_refault_anon 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./24/file0") = 0 [pid 5075] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./24/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./24") = 0 [pid 5075] mkdir("./25", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5545 attached [pid 5545] chdir("./25" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 27 [pid 5545] <... chdir resumed>) = 0 [pid 5545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5545] setpgid(0, 0) = 0 [pid 5530] <... write resumed>) = 18 [pid 5545] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5545] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5545] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5545] write(3, "1000", 4) = 4 [pid 5545] close(3) = 0 [pid 5545] symlink("/dev/binderfs", "./binderfs") = 0 [ 137.077252][ T5530] Tasks state (memory values in pages): [ 137.083059][ T5530] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 137.104671][ T5530] Out of memory and no killable processes... [ 137.114309][ T5533] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5530] close(3 [pid 5545] mkdir("./file0", 000 [pid 5530] <... close resumed>) = 0 [pid 5545] <... mkdir resumed>) = 0 [pid 5530] close(4 [pid 5545] open("./file0", O_RDONLY [pid 5530] <... close resumed>) = 0 [pid 5545] <... open resumed>) = 3 [pid 5530] close(5 [pid 5545] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5530] <... close resumed>) = 0 [ 137.142119][ T5533] CPU: 0 PID: 5533 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 137.152611][ T5533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 137.162704][ T5533] Call Trace: [ 137.166022][ T5533] [ 137.168992][ T5533] dump_stack_lvl+0x1e7/0x2d0 [ 137.173732][ T5533] ? nf_tcp_handle_invalid+0x640/0x640 [ 137.179249][ T5533] ? panic+0x770/0x770 [ 137.183392][ T5533] dump_header+0xdc/0x940 [ 137.187776][ T5533] out_of_memory+0xf21/0x12c0 [ 137.192509][ T5533] ? mutex_lock_io_nested+0x60/0x60 [ 137.197767][ T5533] ? preempt_schedule+0xdd/0xf0 [ 137.202653][ T5533] ? unregister_oom_notifier+0x20/0x20 [ 137.208133][ T5533] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 137.214145][ T5533] mem_cgroup_out_of_memory+0x263/0x3b0 [ 137.219726][ T5533] ? preempt_schedule_thunk+0x1a/0x20 [ 137.225118][ T5533] ? mem_cgroup_oom_trylock+0x210/0x210 [ 137.230692][ T5533] ? cgroup_file_notify+0x127/0x190 [ 137.235914][ T5533] memory_max_write+0x355/0x470 [ 137.240790][ T5533] ? memory_max_show+0xa0/0xa0 [ 137.245568][ T5533] ? read_lock_is_recursive+0x20/0x20 [ 137.250965][ T5533] ? memory_max_show+0xa0/0xa0 [ 137.255742][ T5533] cgroup_file_write+0x2b1/0x780 [ 137.260698][ T5533] ? cgroup_seqfile_stop+0xd0/0xd0 [ 137.265835][ T5533] ? __virt_addr_valid+0x22f/0x2e0 [ 137.270976][ T5533] ? cgroup_seqfile_stop+0xd0/0xd0 [ 137.276094][ T5533] kernfs_fop_write_iter+0x3a6/0x4f0 [ 137.281403][ T5533] vfs_write+0x7b2/0xbb0 [ 137.285673][ T5533] ? file_end_write+0x240/0x240 [ 137.290560][ T5533] ? do_raw_spin_unlock+0x13b/0x8b0 [ 137.295771][ T5533] ? lockdep_hardirqs_on+0x98/0x140 [ 137.300994][ T5533] ? __fdget_pos+0x265/0x2f0 [ 137.305621][ T5533] ksys_write+0x1a0/0x2c0 [ 137.309988][ T5533] ? __ia32_sys_read+0x90/0x90 [ 137.314960][ T5533] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 137.321089][ T5533] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 137.327117][ T5533] do_syscall_64+0x41/0xc0 [ 137.331569][ T5533] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.337492][ T5533] RIP: 0033:0x7fd49ce20129 [ 137.341928][ T5533] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 137.361551][ T5533] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.369983][ T5533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 137.377964][ T5533] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5545] <... mount resumed>) = 0 [pid 5530] close(6) = 0 [pid 5530] close(7) = -1 EBADF (Bad file descriptor) [pid 5530] close(8) = -1 EBADF (Bad file descriptor) [pid 5545] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5530] close(9 [pid 5545] <... openat resumed>) = 4 [pid 5530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] openat(4, "syz1", O_RDWR|O_PATH [pid 5530] close(10 [pid 5545] <... openat resumed>) = 5 [pid 5530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] openat(5, "memory.max", O_RDWR [pid 5530] close(11 [pid 5545] <... openat resumed>) = 6 [pid 5530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] write(6, "0x000000000000040e", 18 [pid 5530] close(12) = -1 EBADF (Bad file descriptor) [pid 5530] close(13) = -1 EBADF (Bad file descriptor) [pid 5530] close(14) = -1 EBADF (Bad file descriptor) [pid 5530] close(15) = -1 EBADF (Bad file descriptor) [pid 5530] close(16) = -1 EBADF (Bad file descriptor) [pid 5530] close(17) = -1 EBADF (Bad file descriptor) [pid 5530] close(18) = -1 EBADF (Bad file descriptor) [pid 5530] close(19) = -1 EBADF (Bad file descriptor) [pid 5530] close(20) = -1 EBADF (Bad file descriptor) [ 137.385944][ T5533] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 137.393924][ T5533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 137.401904][ T5533] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000013 [ 137.409919][ T5533] [pid 5530] close(21) = -1 EBADF (Bad file descriptor) [pid 5530] close(22) = -1 EBADF (Bad file descriptor) [pid 5530] close(23) = -1 EBADF (Bad file descriptor) [pid 5530] close(24) = -1 EBADF (Bad file descriptor) [pid 5530] close(25) = -1 EBADF (Bad file descriptor) [pid 5530] close(26) = -1 EBADF (Bad file descriptor) [pid 5530] close(27) = -1 EBADF (Bad file descriptor) [pid 5530] close(28) = -1 EBADF (Bad file descriptor) [pid 5530] close(29) = -1 EBADF (Bad file descriptor) [pid 5530] exit_group(0) = ? [pid 5530] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5070] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./18/binderfs") = 0 [pid 5070] umount2("./18/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./18/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./18/cgroup") = 0 [pid 5070] umount2("./18/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./18/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./18/cgroup.net") = 0 [pid 5070] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./18/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./18/file0") = 0 [pid 5070] umount2("./18/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./18/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./18/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./18") = 0 [pid 5070] mkdir("./19", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5549 attached [pid 5549] chdir("./19" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 21 [pid 5549] <... chdir resumed>) = 0 [pid 5549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5549] setpgid(0, 0) = 0 [pid 5549] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5549] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5549] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5549] write(3, "1000", 4) = 4 [pid 5549] close(3) = 0 [pid 5549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5549] mkdir("./file0", 000) = 0 [pid 5549] open("./file0", O_RDONLY) = 3 [pid 5549] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5549] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5549] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5549] openat(5, "memory.max", O_RDWR) = 6 [ 137.592254][ T5533] memory: usage 8kB, limit 0kB, failcnt 55 [ 137.600292][ T5533] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 137.609328][ T5533] Memory cgroup stats for /syz1: [ 137.609480][ T5533] anon 0 [ 137.609480][ T5533] file 0 [ 137.609480][ T5533] kernel 8192 [ 137.609480][ T5533] kernel_stack 0 [ 137.609480][ T5533] pagetables 0 [ 137.609480][ T5533] sec_pagetables 0 [ 137.609480][ T5533] percpu 0 [ 137.609480][ T5533] sock 0 [ 137.609480][ T5533] vmalloc 0 [ 137.609480][ T5533] shmem 0 [ 137.609480][ T5533] zswap 0 [ 137.609480][ T5533] zswapped 0 [ 137.609480][ T5533] file_mapped 0 [ 137.609480][ T5533] file_dirty 0 [ 137.609480][ T5533] file_writeback 0 [ 137.609480][ T5533] swapcached 0 [ 137.609480][ T5533] anon_thp 0 [ 137.609480][ T5533] file_thp 0 [ 137.609480][ T5533] shmem_thp 0 [ 137.609480][ T5533] inactive_anon 0 [ 137.609480][ T5533] active_anon 0 [ 137.609480][ T5533] inactive_file 0 [ 137.609480][ T5533] active_file 0 [ 137.609480][ T5533] unevictable 0 [ 137.609480][ T5533] slab_reclaimable 6752 [ 137.609480][ T5533] slab_unreclaimable 0 [ 137.609480][ T5533] slab 6752 [ 137.609480][ T5533] workingset_refault_anon 0 [pid 5549] write(6, "0x000000000000040e", 18 [pid 5533] <... write resumed>) = 18 [ 137.823116][ T5533] Tasks state (memory values in pages): [ 137.832846][ T5533] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 137.856643][ T5533] Out of memory and no killable processes... [pid 5533] close(3) = 0 [ 137.874424][ T5537] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 137.887018][ T5537] CPU: 1 PID: 5537 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 137.897502][ T5537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 137.907603][ T5537] Call Trace: [ 137.910922][ T5537] [ 137.913901][ T5537] dump_stack_lvl+0x1e7/0x2d0 [ 137.918644][ T5537] ? nf_tcp_handle_invalid+0x640/0x640 [ 137.924164][ T5537] ? panic+0x770/0x770 [ 137.928306][ T5537] dump_header+0xdc/0x940 [ 137.932706][ T5537] out_of_memory+0xf21/0x12c0 [ 137.937450][ T5537] ? mutex_lock_io_nested+0x60/0x60 [ 137.942712][ T5537] ? mark_lock+0x9a/0x340 [ 137.947092][ T5537] ? unregister_oom_notifier+0x20/0x20 [ 137.952606][ T5537] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 137.958658][ T5537] mem_cgroup_out_of_memory+0x263/0x3b0 [ 137.964270][ T5537] ? mem_cgroup_oom_trylock+0x210/0x210 [ 137.969897][ T5537] ? cgroup_file_notify+0x127/0x190 [ 137.975147][ T5537] memory_max_write+0x355/0x470 [ 137.980054][ T5537] ? memory_max_show+0xa0/0xa0 [ 137.984869][ T5537] ? read_lock_is_recursive+0x20/0x20 [ 137.990297][ T5537] ? memory_max_show+0xa0/0xa0 [ 137.995121][ T5537] cgroup_file_write+0x2b1/0x780 [ 138.000120][ T5537] ? cgroup_seqfile_stop+0xd0/0xd0 [ 138.005274][ T5537] ? __virt_addr_valid+0x22f/0x2e0 [ 138.010455][ T5537] ? cgroup_seqfile_stop+0xd0/0xd0 [ 138.015611][ T5537] kernfs_fop_write_iter+0x3a6/0x4f0 [ 138.020957][ T5537] vfs_write+0x7b2/0xbb0 [ 138.025260][ T5537] ? file_end_write+0x240/0x240 [ 138.030171][ T5537] ? do_raw_spin_unlock+0x13b/0x8b0 [ 138.035426][ T5537] ? lockdep_hardirqs_on+0x98/0x140 [ 138.040682][ T5537] ? __fdget_pos+0x265/0x2f0 [ 138.045332][ T5537] ksys_write+0x1a0/0x2c0 [ 138.049724][ T5537] ? __ia32_sys_read+0x90/0x90 [ 138.054537][ T5537] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 138.060583][ T5537] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 138.066629][ T5537] do_syscall_64+0x41/0xc0 [ 138.071097][ T5537] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.077046][ T5537] RIP: 0033:0x7fd49ce20129 [ 138.081511][ T5537] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 138.101165][ T5537] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.109640][ T5537] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 138.117660][ T5537] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5533] close(4) = 0 [pid 5533] close(5) = 0 [pid 5533] close(6) = 0 [pid 5533] close(7) = -1 EBADF (Bad file descriptor) [pid 5533] close(8) = -1 EBADF (Bad file descriptor) [pid 5533] close(9) = -1 EBADF (Bad file descriptor) [pid 5533] close(10) = -1 EBADF (Bad file descriptor) [pid 5533] close(11) = -1 EBADF (Bad file descriptor) [pid 5533] close(12) = -1 EBADF (Bad file descriptor) [pid 5533] close(13) = -1 EBADF (Bad file descriptor) [pid 5533] close(14) = -1 EBADF (Bad file descriptor) [pid 5533] close(15) = -1 EBADF (Bad file descriptor) [pid 5533] close(16) = -1 EBADF (Bad file descriptor) [pid 5533] close(17) = -1 EBADF (Bad file descriptor) [pid 5533] close(18) = -1 EBADF (Bad file descriptor) [pid 5533] close(19) = -1 EBADF (Bad file descriptor) [pid 5533] close(20) = -1 EBADF (Bad file descriptor) [pid 5533] close(21) = -1 EBADF (Bad file descriptor) [pid 5533] close(22) = -1 EBADF (Bad file descriptor) [pid 5533] close(23) = -1 EBADF (Bad file descriptor) [pid 5533] close(24) = -1 EBADF (Bad file descriptor) [pid 5533] close(25) = -1 EBADF (Bad file descriptor) [pid 5533] close(26) = -1 EBADF (Bad file descriptor) [pid 5533] close(27) = -1 EBADF (Bad file descriptor) [pid 5533] close(28) = -1 EBADF (Bad file descriptor) [pid 5533] close(29) = -1 EBADF (Bad file descriptor) [pid 5533] exit_group(0) = ? [pid 5533] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./19/binderfs") = 0 [pid 5072] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./19/cgroup") = 0 [pid 5072] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./19/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./19/cgroup.net") = 0 [pid 5072] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.125687][ T5537] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 138.133712][ T5537] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 138.141732][ T5537] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000016 [ 138.149776][ T5537] [pid 5072] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./19/file0") = 0 [pid 5072] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./19/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./19") = 0 [pid 5072] mkdir("./20", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5559 attached [pid 5559] chdir("./20" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 22 [pid 5559] <... chdir resumed>) = 0 [pid 5559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5559] setpgid(0, 0) = 0 [pid 5559] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5559] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 138.216729][ T5537] memory: usage 8kB, limit 0kB, failcnt 55 [ 138.222928][ T5537] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5559] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5559] write(3, "1000", 4) = 4 [ 138.260153][ T5537] Memory cgroup stats for /syz1: [ 138.260367][ T5537] anon 0 [ 138.260367][ T5537] file 0 [ 138.260367][ T5537] kernel 8192 [ 138.260367][ T5537] kernel_stack 0 [ 138.260367][ T5537] pagetables 0 [ 138.260367][ T5537] sec_pagetables 0 [ 138.260367][ T5537] percpu 0 [ 138.260367][ T5537] sock 0 [ 138.260367][ T5537] vmalloc 0 [ 138.260367][ T5537] shmem 0 [ 138.260367][ T5537] zswap 0 [ 138.260367][ T5537] zswapped 0 [ 138.260367][ T5537] file_mapped 0 [ 138.260367][ T5537] file_dirty 0 [ 138.260367][ T5537] file_writeback 0 [ 138.260367][ T5537] swapcached 0 [ 138.260367][ T5537] anon_thp 0 [ 138.260367][ T5537] file_thp 0 [ 138.260367][ T5537] shmem_thp 0 [ 138.260367][ T5537] inactive_anon 0 [ 138.260367][ T5537] active_anon 0 [ 138.260367][ T5537] inactive_file 0 [ 138.260367][ T5537] active_file 0 [ 138.260367][ T5537] unevictable 0 [ 138.260367][ T5537] slab_reclaimable 6752 [ 138.260367][ T5537] slab_unreclaimable 0 [ 138.260367][ T5537] slab 6752 [ 138.260367][ T5537] workingset_refault_anon 0 [pid 5559] close(3) = 0 [pid 5559] symlink("/dev/binderfs", "./binderfs" [pid 5537] <... write resumed>) = 18 [pid 5559] <... symlink resumed>) = 0 [pid 5537] close(3 [pid 5559] mkdir("./file0", 000 [pid 5537] <... close resumed>) = 0 [pid 5559] <... mkdir resumed>) = 0 [ 138.363477][ T5537] Tasks state (memory values in pages): [ 138.376634][ T5537] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 138.386359][ T5537] Out of memory and no killable processes... [ 138.400357][ T5541] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 138.416686][ T5541] CPU: 0 PID: 5541 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 138.427176][ T5541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 138.437316][ T5541] Call Trace: [ 138.440631][ T5541] [ 138.443595][ T5541] dump_stack_lvl+0x1e7/0x2d0 [ 138.448330][ T5541] ? nf_tcp_handle_invalid+0x640/0x640 [ 138.453839][ T5541] ? panic+0x770/0x770 [ 138.457970][ T5541] dump_header+0xdc/0x940 [ 138.462364][ T5541] out_of_memory+0xf21/0x12c0 [ 138.467097][ T5541] ? mutex_lock_io_nested+0x60/0x60 [ 138.472358][ T5541] ? preempt_schedule+0xdd/0xf0 [ 138.477251][ T5541] ? unregister_oom_notifier+0x20/0x20 [ 138.482739][ T5541] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 138.488762][ T5541] mem_cgroup_out_of_memory+0x263/0x3b0 [ 138.494327][ T5541] ? preempt_schedule_thunk+0x1a/0x20 [ 138.499738][ T5541] ? mem_cgroup_oom_trylock+0x210/0x210 [ 138.505314][ T5541] ? cgroup_file_notify+0x127/0x190 [ 138.510534][ T5541] memory_max_write+0x355/0x470 [ 138.515407][ T5541] ? memory_max_show+0xa0/0xa0 [ 138.520190][ T5541] ? read_lock_is_recursive+0x20/0x20 [ 138.525582][ T5541] ? memory_max_show+0xa0/0xa0 [ 138.530368][ T5541] cgroup_file_write+0x2b1/0x780 [ 138.535323][ T5541] ? cgroup_seqfile_stop+0xd0/0xd0 [ 138.540445][ T5541] ? __virt_addr_valid+0x22f/0x2e0 [ 138.545582][ T5541] ? cgroup_seqfile_stop+0xd0/0xd0 [ 138.550711][ T5541] kernfs_fop_write_iter+0x3a6/0x4f0 [ 138.556031][ T5541] vfs_write+0x7b2/0xbb0 [ 138.560303][ T5541] ? file_end_write+0x240/0x240 [ 138.565174][ T5541] ? do_raw_spin_unlock+0x13b/0x8b0 [ 138.570389][ T5541] ? lockdep_hardirqs_on+0x98/0x140 [ 138.575615][ T5541] ? __fdget_pos+0x265/0x2f0 [ 138.580223][ T5541] ksys_write+0x1a0/0x2c0 [ 138.584579][ T5541] ? __ia32_sys_read+0x90/0x90 [ 138.589359][ T5541] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 138.595363][ T5541] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 138.601369][ T5541] do_syscall_64+0x41/0xc0 [ 138.605804][ T5541] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.611721][ T5541] RIP: 0033:0x7fd49ce20129 [ 138.616157][ T5541] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 138.635779][ T5541] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.644214][ T5541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 138.652221][ T5541] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 138.660218][ T5541] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5537] close(4 [pid 5559] open("./file0", O_RDONLY) = 3 [pid 5537] <... close resumed>) = 0 [pid 5559] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5537] close(5 [pid 5559] <... mount resumed>) = 0 [pid 5537] <... close resumed>) = 0 [pid 5559] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5537] close(6 [pid 5559] <... openat resumed>) = 4 [pid 5537] <... close resumed>) = 0 [pid 5559] openat(4, "syz1", O_RDWR|O_PATH [pid 5537] close(7 [pid 5559] <... openat resumed>) = 5 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5559] openat(5, "memory.max", O_RDWR [pid 5537] close(8 [pid 5559] <... openat resumed>) = 6 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 138.668204][ T5541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 138.676202][ T5541] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001a [ 138.684217][ T5541] [pid 5559] write(6, "0x000000000000040e", 18 [pid 5537] close(9) = -1 EBADF (Bad file descriptor) [pid 5537] close(10) = -1 EBADF (Bad file descriptor) [ 138.726693][ T5541] memory: usage 8kB, limit 0kB, failcnt 55 [ 138.732736][ T5541] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 138.746225][ T5541] Memory cgroup stats for /syz1: [ 138.746398][ T5541] anon 0 [ 138.746398][ T5541] file 0 [ 138.746398][ T5541] kernel 8192 [ 138.746398][ T5541] kernel_stack 0 [ 138.746398][ T5541] pagetables 0 [ 138.746398][ T5541] sec_pagetables 0 [ 138.746398][ T5541] percpu 0 [ 138.746398][ T5541] sock 0 [ 138.746398][ T5541] vmalloc 0 [ 138.746398][ T5541] shmem 0 [ 138.746398][ T5541] zswap 0 [ 138.746398][ T5541] zswapped 0 [ 138.746398][ T5541] file_mapped 0 [ 138.746398][ T5541] file_dirty 0 [ 138.746398][ T5541] file_writeback 0 [ 138.746398][ T5541] swapcached 0 [ 138.746398][ T5541] anon_thp 0 [ 138.746398][ T5541] file_thp 0 [ 138.746398][ T5541] shmem_thp 0 [ 138.746398][ T5541] inactive_anon 0 [ 138.746398][ T5541] active_anon 0 [ 138.746398][ T5541] inactive_file 0 [ 138.746398][ T5541] active_file 0 [ 138.746398][ T5541] unevictable 0 [ 138.746398][ T5541] slab_reclaimable 6752 [ 138.746398][ T5541] slab_unreclaimable 0 [ 138.746398][ T5541] slab 6752 [ 138.746398][ T5541] workingset_refault_anon 0 [ 138.853543][ T5541] Tasks state (memory values in pages): [ 138.859324][ T5541] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5541] <... write resumed>) = 18 [pid 5537] close(11 [pid 5541] close(3 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5541] <... close resumed>) = 0 [ 138.876503][ T5541] Out of memory and no killable processes... [ 138.886966][ T5545] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 138.901397][ T5545] CPU: 0 PID: 5545 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 138.911893][ T5545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 138.921993][ T5545] Call Trace: [ 138.925307][ T5545] [ 138.928285][ T5545] dump_stack_lvl+0x1e7/0x2d0 [ 138.933029][ T5545] ? nf_tcp_handle_invalid+0x640/0x640 [ 138.938546][ T5545] ? panic+0x770/0x770 [ 138.942688][ T5545] dump_header+0xdc/0x940 [ 138.947073][ T5545] out_of_memory+0xf21/0x12c0 [ 138.951813][ T5545] ? mutex_lock_io_nested+0x60/0x60 [ 138.957073][ T5545] ? mark_lock+0x9a/0x340 [ 138.961448][ T5545] ? unregister_oom_notifier+0x20/0x20 [ 138.966961][ T5545] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 138.973015][ T5545] mem_cgroup_out_of_memory+0x263/0x3b0 [ 138.978625][ T5545] ? mem_cgroup_oom_trylock+0x210/0x210 [ 138.984251][ T5545] ? cgroup_file_notify+0x127/0x190 [ 138.989515][ T5545] memory_max_write+0x355/0x470 [ 138.994431][ T5545] ? memory_max_show+0xa0/0xa0 [ 138.999337][ T5545] ? read_lock_is_recursive+0x20/0x20 [ 139.004769][ T5545] ? memory_max_show+0xa0/0xa0 [ 139.009587][ T5545] cgroup_file_write+0x2b1/0x780 [ 139.014673][ T5545] ? cgroup_seqfile_stop+0xd0/0xd0 [ 139.019837][ T5545] ? __virt_addr_valid+0x22f/0x2e0 [ 139.025014][ T5545] ? cgroup_seqfile_stop+0xd0/0xd0 [ 139.030165][ T5545] kernfs_fop_write_iter+0x3a6/0x4f0 [ 139.035511][ T5545] vfs_write+0x7b2/0xbb0 [ 139.039817][ T5545] ? file_end_write+0x240/0x240 [ 139.044734][ T5545] ? do_raw_spin_unlock+0x13b/0x8b0 [ 139.049982][ T5545] ? lockdep_hardirqs_on+0x98/0x140 [ 139.055238][ T5545] ? __fdget_pos+0x265/0x2f0 [ 139.059878][ T5545] ksys_write+0x1a0/0x2c0 [ 139.064261][ T5545] ? __ia32_sys_read+0x90/0x90 [ 139.069073][ T5545] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 139.075106][ T5545] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 139.081140][ T5545] do_syscall_64+0x41/0xc0 [ 139.085609][ T5545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 139.091554][ T5545] RIP: 0033:0x7fd49ce20129 [ 139.096006][ T5545] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.115660][ T5545] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5541] close(4) = 0 [pid 5541] close(5) = 0 [pid 5541] close(6) = 0 [pid 5541] close(7) = -1 EBADF (Bad file descriptor) [pid 5541] close(8) = -1 EBADF (Bad file descriptor) [pid 5541] close(9) = -1 EBADF (Bad file descriptor) [pid 5541] close(10) = -1 EBADF (Bad file descriptor) [pid 5541] close(11) = -1 EBADF (Bad file descriptor) [pid 5541] close(12) = -1 EBADF (Bad file descriptor) [pid 5541] close(13) = -1 EBADF (Bad file descriptor) [pid 5541] close(14) = -1 EBADF (Bad file descriptor) [pid 5541] close(15) = -1 EBADF (Bad file descriptor) [pid 5541] close(16) = -1 EBADF (Bad file descriptor) [pid 5541] close(17) = -1 EBADF (Bad file descriptor) [pid 5541] close(18) = -1 EBADF (Bad file descriptor) [pid 5541] close(19) = -1 EBADF (Bad file descriptor) [ 139.124140][ T5545] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 139.132266][ T5545] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 139.140272][ T5545] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 139.148276][ T5545] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 139.156300][ T5545] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000019 [ 139.164344][ T5545] [pid 5541] close(20) = -1 EBADF (Bad file descriptor) [pid 5541] close(21) = -1 EBADF (Bad file descriptor) [pid 5541] close(22) = -1 EBADF (Bad file descriptor) [pid 5541] close(23) = -1 EBADF (Bad file descriptor) [pid 5541] close(24) = -1 EBADF (Bad file descriptor) [pid 5541] close(25) = -1 EBADF (Bad file descriptor) [pid 5541] close(26) = -1 EBADF (Bad file descriptor) [pid 5541] close(27) = -1 EBADF (Bad file descriptor) [pid 5541] close(28) = -1 EBADF (Bad file descriptor) [pid 5541] close(29) = -1 EBADF (Bad file descriptor) [pid 5541] exit_group(0) = ? [pid 5541] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5537] close(12 [pid 5074] getdents64(3, [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5537] close(13 [pid 5074] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5537] close(14 [pid 5074] lstat("./26/binderfs", [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5537] close(15 [pid 5074] unlink("./26/binderfs" [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... unlink resumed>) = 0 [pid 5537] close(16 [pid 5074] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5537] close(17 [pid 5074] lstat("./26/cgroup", [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5537] close(18 [pid 5074] unlink("./26/cgroup" [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... unlink resumed>) = 0 [pid 5537] close(19 [pid 5074] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./26/cgroup.net", [pid 5537] close(20 [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] unlink("./26/cgroup.net" [pid 5537] close(21 [pid 5074] <... unlink resumed>) = 0 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5537] close(22 [pid 5074] <... umount2 resumed>) = 0 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5537] close(23 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5537] close(24 [pid 5074] fstat(4, [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5537] close(25 [pid 5074] getdents64(4, [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5537] close(26 [pid 5074] getdents64(4, [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5537] close(27 [pid 5074] close(4 [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... close resumed>) = 0 [pid 5537] close(28 [pid 5074] rmdir("./26/file0" [pid 5537] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] <... rmdir resumed>) = 0 [ 139.300819][ T5545] memory: usage 8kB, limit 0kB, failcnt 55 [ 139.320213][ T5545] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 139.344458][ T5545] Memory cgroup stats for /syz1: [pid 5074] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./26/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./26") = 0 [pid 5074] mkdir("./27", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 29 [ 139.344735][ T5545] anon 0 [ 139.344735][ T5545] file 0 [ 139.344735][ T5545] kernel 8192 [ 139.344735][ T5545] kernel_stack 0 [ 139.344735][ T5545] pagetables 0 [ 139.344735][ T5545] sec_pagetables 0 [ 139.344735][ T5545] percpu 0 [ 139.344735][ T5545] sock 0 [ 139.344735][ T5545] vmalloc 0 [ 139.344735][ T5545] shmem 0 [ 139.344735][ T5545] zswap 0 [ 139.344735][ T5545] zswapped 0 [ 139.344735][ T5545] file_mapped 0 [ 139.344735][ T5545] file_dirty 0 [ 139.344735][ T5545] file_writeback 0 [ 139.344735][ T5545] swapcached 0 [pid 5537] close(29) = -1 EBADF (Bad file descriptor) [pid 5537] exit_group(0) = ? [pid 5537] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5073] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./22/binderfs") = 0 [pid 5073] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5566 attached ) = -1 EINVAL (Invalid argument) [pid 5566] chdir("./27" [pid 5073] lstat("./22/cgroup", [pid 5566] <... chdir resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] unlink("./22/cgroup" [pid 5566] <... prctl resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5566] setpgid(0, 0 [pid 5073] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5566] <... setpgid resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5566] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5073] lstat("./22/cgroup.net", [pid 5566] <... symlink resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5566] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5073] unlink("./22/cgroup.net" [pid 5566] <... symlink resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5566] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5073] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5566] <... symlink resumed>) = 0 [pid 5566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 139.344735][ T5545] anon_thp 0 [ 139.344735][ T5545] file_thp 0 [ 139.344735][ T5545] shmem_thp 0 [ 139.344735][ T5545] inactive_anon 0 [ 139.344735][ T5545] active_anon 0 [ 139.344735][ T5545] inactive_file 0 [ 139.344735][ T5545] active_file 0 [ 139.344735][ T5545] unevictable 0 [ 139.344735][ T5545] slab_reclaimable 6752 [ 139.344735][ T5545] slab_unreclaimable 0 [ 139.344735][ T5545] slab 6752 [ 139.344735][ T5545] workingset_refault_anon 0 [pid 5566] write(3, "1000", 4) = 4 [pid 5566] close(3) = 0 [pid 5566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5566] mkdir("./file0", 000) = 0 [pid 5566] open("./file0", O_RDONLY) = 3 [pid 5566] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5566] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5566] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5566] openat(5, "memory.max", O_RDWR [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5566] <... openat resumed>) = 6 [pid 5073] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5566] write(6, "0x000000000000040e", 18 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./22/file0") = 0 [pid 5073] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./22/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./22") = 0 [pid 5073] mkdir("./23", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5567 attached [pid 5567] chdir("./23" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 25 [pid 5567] <... chdir resumed>) = 0 [pid 5567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5567] setpgid(0, 0) = 0 [pid 5567] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5567] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5567] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5567] write(3, "1000", 4) = 4 [pid 5567] close(3) = 0 [pid 5567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5567] mkdir("./file0", 000) = 0 [pid 5567] open("./file0", O_RDONLY) = 3 [pid 5567] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5567] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5567] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5567] openat(5, "memory.max", O_RDWR) = 6 [ 139.649546][ T5545] Tasks state (memory values in pages): [ 139.655168][ T5545] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5567] write(6, "0x000000000000040e", 18 [pid 5545] <... write resumed>) = 18 [ 139.701105][ T5545] Out of memory and no killable processes... [ 139.715341][ T5549] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 139.725860][ T5549] CPU: 0 PID: 5549 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 139.736328][ T5549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 139.746415][ T5549] Call Trace: [ 139.749735][ T5549] [ 139.752703][ T5549] dump_stack_lvl+0x1e7/0x2d0 [ 139.757435][ T5549] ? nf_tcp_handle_invalid+0x640/0x640 [ 139.762958][ T5549] ? panic+0x770/0x770 [ 139.767096][ T5549] dump_header+0xdc/0x940 [ 139.771488][ T5549] out_of_memory+0xf21/0x12c0 [ 139.776223][ T5549] ? mutex_lock_io_nested+0x60/0x60 [ 139.781480][ T5549] ? mark_lock+0x9a/0x340 [ 139.785860][ T5549] ? unregister_oom_notifier+0x20/0x20 [ 139.791364][ T5549] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 139.797413][ T5549] mem_cgroup_out_of_memory+0x263/0x3b0 [ 139.803027][ T5549] ? mem_cgroup_oom_trylock+0x210/0x210 [ 139.808649][ T5549] ? cgroup_file_notify+0x127/0x190 [ 139.813916][ T5549] memory_max_write+0x355/0x470 [ 139.818824][ T5549] ? memory_max_show+0xa0/0xa0 [ 139.823641][ T5549] ? read_lock_is_recursive+0x20/0x20 [ 139.829082][ T5549] ? memory_max_show+0xa0/0xa0 [ 139.833904][ T5549] cgroup_file_write+0x2b1/0x780 [ 139.838897][ T5549] ? cgroup_seqfile_stop+0xd0/0xd0 [ 139.844056][ T5549] ? __virt_addr_valid+0x22f/0x2e0 [ 139.849235][ T5549] ? cgroup_seqfile_stop+0xd0/0xd0 [ 139.854386][ T5549] kernfs_fop_write_iter+0x3a6/0x4f0 [ 139.859728][ T5549] vfs_write+0x7b2/0xbb0 [ 139.864032][ T5549] ? file_end_write+0x240/0x240 [ 139.868936][ T5549] ? do_raw_spin_unlock+0x13b/0x8b0 [ 139.874187][ T5549] ? lockdep_hardirqs_on+0x98/0x140 [ 139.879440][ T5549] ? __fdget_pos+0x265/0x2f0 [ 139.884082][ T5549] ksys_write+0x1a0/0x2c0 [ 139.888473][ T5549] ? __ia32_sys_read+0x90/0x90 [ 139.893282][ T5549] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 139.899325][ T5549] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 139.905374][ T5549] do_syscall_64+0x41/0xc0 [ 139.909865][ T5549] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 139.915811][ T5549] RIP: 0033:0x7fd49ce20129 [ 139.920283][ T5549] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.939941][ T5549] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5545] close(3) = 0 [pid 5545] close(4) = 0 [pid 5545] close(5) = 0 [pid 5545] close(6) = 0 [pid 5545] close(7) = -1 EBADF (Bad file descriptor) [pid 5545] close(8) = -1 EBADF (Bad file descriptor) [pid 5545] close(9) = -1 EBADF (Bad file descriptor) [ 139.948414][ T5549] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 139.956460][ T5549] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 139.964470][ T5549] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 139.972482][ T5549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 139.980505][ T5549] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000013 [ 139.988507][ T5549] [pid 5545] close(10) = -1 EBADF (Bad file descriptor) [pid 5545] close(11) = -1 EBADF (Bad file descriptor) [pid 5545] close(12) = -1 EBADF (Bad file descriptor) [pid 5545] close(13) = -1 EBADF (Bad file descriptor) [pid 5545] close(14) = -1 EBADF (Bad file descriptor) [ 140.030683][ T5549] memory: usage 8kB, limit 0kB, failcnt 55 [ 140.039628][ T5549] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 140.055079][ T5549] Memory cgroup stats for /syz1: [ 140.055294][ T5549] anon 0 [ 140.055294][ T5549] file 0 [ 140.055294][ T5549] kernel 8192 [ 140.055294][ T5549] kernel_stack 0 [ 140.055294][ T5549] pagetables 0 [ 140.055294][ T5549] sec_pagetables 0 [ 140.055294][ T5549] percpu 0 [ 140.055294][ T5549] sock 0 [ 140.055294][ T5549] vmalloc 0 [ 140.055294][ T5549] shmem 0 [ 140.055294][ T5549] zswap 0 [ 140.055294][ T5549] zswapped 0 [ 140.055294][ T5549] file_mapped 0 [ 140.055294][ T5549] file_dirty 0 [ 140.055294][ T5549] file_writeback 0 [ 140.055294][ T5549] swapcached 0 [ 140.055294][ T5549] anon_thp 0 [ 140.055294][ T5549] file_thp 0 [ 140.055294][ T5549] shmem_thp 0 [ 140.055294][ T5549] inactive_anon 0 [ 140.055294][ T5549] active_anon 0 [ 140.055294][ T5549] inactive_file 0 [pid 5545] close(15) = -1 EBADF (Bad file descriptor) [ 140.055294][ T5549] active_file 0 [ 140.055294][ T5549] unevictable 0 [ 140.055294][ T5549] slab_reclaimable 6752 [ 140.055294][ T5549] slab_unreclaimable 0 [ 140.055294][ T5549] slab 6752 [ 140.055294][ T5549] workingset_refault_anon 0 [ 140.161666][ T5549] Tasks state (memory values in pages): [ 140.168886][ T5549] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5545] close(16) = -1 EBADF (Bad file descriptor) [pid 5549] <... write resumed>) = 18 [pid 5545] close(17 [pid 5549] close(3 [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] <... close resumed>) = 0 [ 140.184367][ T5549] Out of memory and no killable processes... [ 140.192576][ T5559] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 140.208854][ T5559] CPU: 1 PID: 5559 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 140.219351][ T5559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 140.229453][ T5559] Call Trace: [ 140.232767][ T5559] [ 140.235739][ T5559] dump_stack_lvl+0x1e7/0x2d0 [ 140.240473][ T5559] ? nf_tcp_handle_invalid+0x640/0x640 [ 140.245993][ T5559] ? panic+0x770/0x770 [ 140.250127][ T5559] dump_header+0xdc/0x940 [ 140.254511][ T5559] out_of_memory+0xf21/0x12c0 [ 140.259243][ T5559] ? mutex_lock_io_nested+0x60/0x60 [ 140.264494][ T5559] ? mark_lock+0x9a/0x340 [ 140.268866][ T5559] ? unregister_oom_notifier+0x20/0x20 [ 140.274363][ T5559] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 140.280378][ T5559] mem_cgroup_out_of_memory+0x263/0x3b0 [ 140.285952][ T5559] ? mem_cgroup_oom_trylock+0x210/0x210 [ 140.291531][ T5559] ? cgroup_file_notify+0x127/0x190 [ 140.296752][ T5559] memory_max_write+0x355/0x470 [ 140.301635][ T5559] ? memory_max_show+0xa0/0xa0 [ 140.306516][ T5559] ? read_lock_is_recursive+0x20/0x20 [ 140.311944][ T5559] ? memory_max_show+0xa0/0xa0 [ 140.316726][ T5559] cgroup_file_write+0x2b1/0x780 [ 140.321686][ T5559] ? cgroup_seqfile_stop+0xd0/0xd0 [ 140.326811][ T5559] ? __virt_addr_valid+0x22f/0x2e0 [ 140.331959][ T5559] ? cgroup_seqfile_stop+0xd0/0xd0 [ 140.337084][ T5559] kernfs_fop_write_iter+0x3a6/0x4f0 [ 140.342391][ T5559] vfs_write+0x7b2/0xbb0 [ 140.346661][ T5559] ? file_end_write+0x240/0x240 [ 140.351534][ T5559] ? do_raw_spin_unlock+0x13b/0x8b0 [ 140.356752][ T5559] ? lockdep_hardirqs_on+0x98/0x140 [ 140.361979][ T5559] ? __fdget_pos+0x265/0x2f0 [ 140.366615][ T5559] ksys_write+0x1a0/0x2c0 [ 140.370996][ T5559] ? __ia32_sys_read+0x90/0x90 [ 140.375787][ T5559] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 140.381805][ T5559] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 140.387818][ T5559] do_syscall_64+0x41/0xc0 [ 140.392291][ T5559] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.398209][ T5559] RIP: 0033:0x7fd49ce20129 [ 140.402638][ T5559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.422258][ T5559] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5549] close(4 [pid 5545] close(18 [pid 5549] <... close resumed>) = 0 [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(5 [pid 5545] close(19 [pid 5549] <... close resumed>) = 0 [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(6 [pid 5545] close(20 [pid 5549] <... close resumed>) = 0 [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(7 [pid 5545] close(21 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(8 [pid 5545] close(22 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(9 [pid 5545] close(23 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(10 [pid 5545] close(24 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(11 [pid 5545] close(25 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(12 [pid 5545] close(26 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(13 [pid 5545] close(27 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(14 [pid 5545] close(28 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(15 [pid 5545] close(29 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(16 [pid 5545] exit_group(0 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5545] <... exit_group resumed>) = ? [pid 5549] close(17 [pid 5545] +++ exited with 0 +++ [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(18) = -1 EBADF (Bad file descriptor) [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5549] close(19) = -1 EBADF (Bad file descriptor) [pid 5549] close(20) = -1 EBADF (Bad file descriptor) [pid 5075] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5549] close(21) = -1 EBADF (Bad file descriptor) [pid 5549] close(22) = -1 EBADF (Bad file descriptor) [pid 5549] close(23 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(24) = -1 EBADF (Bad file descriptor) [pid 5549] close(25) = -1 EBADF (Bad file descriptor) [pid 5075] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5549] close(26) = -1 EBADF (Bad file descriptor) [pid 5549] close(27 [pid 5075] <... openat resumed>) = 3 [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5549] close(28 [pid 5075] fstat(3, [pid 5549] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5549] close(29) = -1 EBADF (Bad file descriptor) [pid 5075] getdents64(3, [pid 5549] exit_group(0) = ? [pid 5549] +++ exited with 0 +++ [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 140.430700][ T5559] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 140.438687][ T5559] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 140.446672][ T5559] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 140.454655][ T5559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 140.462637][ T5559] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000014 [ 140.470640][ T5559] [pid 5075] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] unlink("./25/binderfs" [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] <... unlink resumed>) = 0 [pid 5075] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] fstat(3, [pid 5075] lstat("./25/cgroup", [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] unlink("./25/cgroup" [pid 5070] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... unlink resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] lstat("./19/binderfs", [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] lstat("./25/cgroup.net", [pid 5070] unlink("./19/binderfs" [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5075] unlink("./25/cgroup.net" [pid 5070] umount2("./19/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... unlink resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] lstat("./19/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./19/cgroup" [pid 5075] <... umount2 resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5075] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./19/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./25/file0", [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./19/cgroup.net", [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] unlink("./19/cgroup.net" [pid 5075] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... unlink resumed>) = 0 [pid 5075] <... openat resumed>) = 4 [pid 5075] fstat(4, [pid 5070] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 140.504288][ T5559] memory: usage 8kB, limit 0kB, failcnt 55 [ 140.527717][ T5559] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 140.540670][ T5559] Memory cgroup stats for /syz1: [ 140.540889][ T5559] anon 0 [ 140.540889][ T5559] file 0 [ 140.540889][ T5559] kernel 8192 [ 140.540889][ T5559] kernel_stack 0 [ 140.540889][ T5559] pagetables 0 [ 140.540889][ T5559] sec_pagetables 0 [ 140.540889][ T5559] percpu 0 [ 140.540889][ T5559] sock 0 [ 140.540889][ T5559] vmalloc 0 [ 140.540889][ T5559] shmem 0 [ 140.540889][ T5559] zswap 0 [ 140.540889][ T5559] zswapped 0 [ 140.540889][ T5559] file_mapped 0 [ 140.540889][ T5559] file_dirty 0 [ 140.540889][ T5559] file_writeback 0 [ 140.540889][ T5559] swapcached 0 [ 140.540889][ T5559] anon_thp 0 [ 140.540889][ T5559] file_thp 0 [ 140.540889][ T5559] shmem_thp 0 [ 140.540889][ T5559] inactive_anon 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] <... umount2 resumed>) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./25/file0") = 0 [pid 5075] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./25/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./25") = 0 [pid 5075] mkdir("./26", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5575 attached , child_tidptr=0x5555574ac5d0) = 28 [pid 5575] chdir("./26") = 0 [pid 5575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5575] setpgid(0, 0) = 0 [pid 5575] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5575] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5575] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5575] write(3, "1000", 4) = 4 [pid 5575] close(3) = 0 [pid 5575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5575] mkdir("./file0", 000) = 0 [pid 5575] open("./file0", O_RDONLY) = 3 [pid 5575] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5575] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5575] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5575] openat(5, "memory.max", O_RDWR) = 6 [pid 5575] write(6, "0x000000000000040e", 18 [pid 5070] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./19/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 140.540889][ T5559] active_anon 0 [ 140.540889][ T5559] inactive_file 0 [ 140.540889][ T5559] active_file 0 [ 140.540889][ T5559] unevictable 0 [ 140.540889][ T5559] slab_reclaimable 6752 [ 140.540889][ T5559] slab_unreclaimable 0 [ 140.540889][ T5559] slab 6752 [ 140.540889][ T5559] workingset_refault_anon 0 [ 140.644605][ T5559] Tasks state (memory values in pages): [pid 5070] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5559] <... write resumed>) = 18 [pid 5070] getdents64(4, [ 140.651593][ T5559] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 140.663549][ T5559] Out of memory and no killable processes... [ 140.671071][ T5566] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 140.688872][ T5566] CPU: 1 PID: 5566 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5559] close(3) = 0 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5559] close(4) = 0 [pid 5559] close(5) = 0 [pid 5559] close(6) = 0 [pid 5559] close(7) = -1 EBADF (Bad file descriptor) [pid 5559] close(8) = -1 EBADF (Bad file descriptor) [pid 5559] close(9) = -1 EBADF (Bad file descriptor) [pid 5559] close(10) = -1 EBADF (Bad file descriptor) [pid 5559] close(11) = -1 EBADF (Bad file descriptor) [pid 5559] close(12) = -1 EBADF (Bad file descriptor) [pid 5559] close(13) = -1 EBADF (Bad file descriptor) [pid 5559] close(14) = -1 EBADF (Bad file descriptor) [pid 5559] close(15) = -1 EBADF (Bad file descriptor) [pid 5559] close(16) = -1 EBADF (Bad file descriptor) [pid 5559] close(17) = -1 EBADF (Bad file descriptor) [ 140.699345][ T5566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 140.709439][ T5566] Call Trace: [ 140.712755][ T5566] [ 140.715727][ T5566] dump_stack_lvl+0x1e7/0x2d0 [ 140.720467][ T5566] ? nf_tcp_handle_invalid+0x640/0x640 [ 140.725994][ T5566] ? panic+0x770/0x770 [ 140.730127][ T5566] dump_header+0xdc/0x940 [ 140.734530][ T5566] out_of_memory+0xf21/0x12c0 [ 140.739265][ T5566] ? mutex_lock_io_nested+0x60/0x60 [ 140.744530][ T5566] ? mark_lock+0x9a/0x340 [ 140.748912][ T5566] ? unregister_oom_notifier+0x20/0x20 [ 140.754427][ T5566] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 140.760485][ T5566] mem_cgroup_out_of_memory+0x263/0x3b0 [ 140.766105][ T5566] ? mem_cgroup_oom_trylock+0x210/0x210 [ 140.771739][ T5566] ? cgroup_file_notify+0x127/0x190 [ 140.776999][ T5566] memory_max_write+0x355/0x470 [ 140.781923][ T5566] ? memory_max_show+0xa0/0xa0 [ 140.786742][ T5566] ? read_lock_is_recursive+0x20/0x20 [ 140.792185][ T5566] ? memory_max_show+0xa0/0xa0 [ 140.796998][ T5566] cgroup_file_write+0x2b1/0x780 [ 140.801977][ T5566] ? cgroup_seqfile_stop+0xd0/0xd0 [ 140.807108][ T5566] ? __virt_addr_valid+0x22f/0x2e0 [ 140.812251][ T5566] ? cgroup_seqfile_stop+0xd0/0xd0 [ 140.817407][ T5566] kernfs_fop_write_iter+0x3a6/0x4f0 [ 140.822708][ T5566] vfs_write+0x7b2/0xbb0 [ 140.826970][ T5566] ? file_end_write+0x240/0x240 [ 140.831848][ T5566] ? do_raw_spin_unlock+0x13b/0x8b0 [ 140.837069][ T5566] ? lockdep_hardirqs_on+0x98/0x140 [ 140.842292][ T5566] ? __fdget_pos+0x265/0x2f0 [ 140.846921][ T5566] ksys_write+0x1a0/0x2c0 [ 140.851302][ T5566] ? __ia32_sys_read+0x90/0x90 [ 140.856080][ T5566] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 140.862079][ T5566] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 140.868083][ T5566] do_syscall_64+0x41/0xc0 [ 140.872516][ T5566] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.878429][ T5566] RIP: 0033:0x7fd49ce20129 [ 140.882856][ T5566] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5559] close(18) = -1 EBADF (Bad file descriptor) [pid 5559] close(19) = -1 EBADF (Bad file descriptor) [pid 5559] close(20) = -1 EBADF (Bad file descriptor) [pid 5559] close(21) = -1 EBADF (Bad file descriptor) [pid 5559] close(22) = -1 EBADF (Bad file descriptor) [pid 5559] close(23) = -1 EBADF (Bad file descriptor) [pid 5559] close(24) = -1 EBADF (Bad file descriptor) [pid 5559] close(25) = -1 EBADF (Bad file descriptor) [pid 5559] close(26) = -1 EBADF (Bad file descriptor) [pid 5559] close(27) = -1 EBADF (Bad file descriptor) [pid 5559] close(28) = -1 EBADF (Bad file descriptor) [pid 5559] close(29) = -1 EBADF (Bad file descriptor) [pid 5559] exit_group(0) = ? [pid 5559] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./20/binderfs") = 0 [pid 5072] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./20/cgroup") = 0 [pid 5072] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./20/cgroup.net") = 0 [pid 5072] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./19/file0") = 0 [pid 5070] umount2("./19/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./19/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./19/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./19") = 0 [pid 5070] mkdir("./20", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 22 ./strace-static-x86_64: Process 5576 attached [pid 5072] <... umount2 resumed>) = 0 [pid 5576] chdir("./20") = 0 [pid 5072] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5576] <... prctl resumed>) = 0 [pid 5072] lstat("./20/file0", [pid 5576] setpgid(0, 0) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5576] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5072] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5576] <... symlink resumed>) = 0 [pid 5576] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5576] <... symlink resumed>) = 0 [ 140.902498][ T5566] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.910922][ T5566] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 140.918915][ T5566] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 140.926921][ T5566] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 140.934907][ T5566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 140.942901][ T5566] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001b [ 140.951002][ T5566] [pid 5576] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5072] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] <... openat resumed>) = 4 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] fstat(4, [pid 5576] mkdir("./file0", 000) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5576] open("./file0", O_RDONLY) = 3 [pid 5576] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5072] getdents64(4, [pid 5576] <... mount resumed>) = 0 [pid 5576] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5576] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5576] openat(5, "memory.max", O_RDWR) = 6 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5576] write(6, "0x000000000000040e", 18 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./20/file0") = 0 [pid 5072] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./20/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./20") = 0 [pid 5072] mkdir("./21", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5579 attached , child_tidptr=0x5555574ac5d0) = 23 [pid 5579] chdir("./21") = 0 [pid 5579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5579] setpgid(0, 0) = 0 [ 141.043413][ T5566] memory: usage 8kB, limit 0kB, failcnt 55 [ 141.055988][ T5566] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 141.067990][ T5566] Memory cgroup stats for /syz1: [ 141.068199][ T5566] anon 0 [ 141.068199][ T5566] file 0 [ 141.068199][ T5566] kernel 8192 [ 141.068199][ T5566] kernel_stack 0 [ 141.068199][ T5566] pagetables 0 [ 141.068199][ T5566] sec_pagetables 0 [ 141.068199][ T5566] percpu 0 [ 141.068199][ T5566] sock 0 [ 141.068199][ T5566] vmalloc 0 [ 141.068199][ T5566] shmem 0 [ 141.068199][ T5566] zswap 0 [ 141.068199][ T5566] zswapped 0 [ 141.068199][ T5566] file_mapped 0 [ 141.068199][ T5566] file_dirty 0 [ 141.068199][ T5566] file_writeback 0 [ 141.068199][ T5566] swapcached 0 [ 141.068199][ T5566] anon_thp 0 [ 141.068199][ T5566] file_thp 0 [ 141.068199][ T5566] shmem_thp 0 [ 141.068199][ T5566] inactive_anon 0 [ 141.068199][ T5566] active_anon 0 [ 141.068199][ T5566] inactive_file 0 [pid 5579] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5579] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5579] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 141.068199][ T5566] active_file 0 [ 141.068199][ T5566] unevictable 0 [ 141.068199][ T5566] slab_reclaimable 6752 [ 141.068199][ T5566] slab_unreclaimable 0 [ 141.068199][ T5566] slab 6752 [ 141.068199][ T5566] workingset_refault_anon 0 [ 141.168917][ T5566] Tasks state (memory values in pages): [ 141.174534][ T5566] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5579] write(3, "1000", 4) = 4 [pid 5579] close(3) = 0 [pid 5579] symlink("/dev/binderfs", "./binderfs" [pid 5566] <... write resumed>) = 18 [ 141.198625][ T5566] Out of memory and no killable processes... [ 141.205404][ T5567] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 141.224518][ T5567] CPU: 1 PID: 5567 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 141.235006][ T5567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 141.245116][ T5567] Call Trace: [pid 5579] <... symlink resumed>) = 0 [pid 5566] close(3 [pid 5579] mkdir("./file0", 000 [pid 5566] <... close resumed>) = 0 [pid 5579] <... mkdir resumed>) = 0 [pid 5566] close(4 [pid 5579] open("./file0", O_RDONLY [pid 5566] <... close resumed>) = 0 [pid 5579] <... open resumed>) = 3 [pid 5566] close(5 [pid 5579] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5566] <... close resumed>) = 0 [pid 5579] <... mount resumed>) = 0 [pid 5566] close(6 [pid 5579] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5566] <... close resumed>) = 0 [pid 5579] <... openat resumed>) = 4 [pid 5566] close(7 [pid 5579] openat(4, "syz1", O_RDWR|O_PATH [pid 5566] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5579] <... openat resumed>) = 5 [pid 5566] close(8 [pid 5579] openat(5, "memory.max", O_RDWR [pid 5566] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5579] <... openat resumed>) = 6 [pid 5566] close(9 [pid 5579] write(6, "0x000000000000040e", 18 [pid 5566] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5566] close(10) = -1 EBADF (Bad file descriptor) [ 141.248430][ T5567] [ 141.251388][ T5567] dump_stack_lvl+0x1e7/0x2d0 [ 141.256109][ T5567] ? nf_tcp_handle_invalid+0x640/0x640 [ 141.261619][ T5567] ? panic+0x770/0x770 [ 141.265769][ T5567] dump_header+0xdc/0x940 [ 141.270149][ T5567] out_of_memory+0xf21/0x12c0 [ 141.274891][ T5567] ? mutex_lock_io_nested+0x60/0x60 [ 141.280144][ T5567] ? mark_lock+0x9a/0x340 [ 141.284521][ T5567] ? unregister_oom_notifier+0x20/0x20 [ 141.290029][ T5567] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5566] close(11) = -1 EBADF (Bad file descriptor) [pid 5566] close(12) = -1 EBADF (Bad file descriptor) [pid 5566] close(13) = -1 EBADF (Bad file descriptor) [pid 5566] close(14) = -1 EBADF (Bad file descriptor) [pid 5566] close(15) = -1 EBADF (Bad file descriptor) [pid 5566] close(16) = -1 EBADF (Bad file descriptor) [pid 5566] close(17) = -1 EBADF (Bad file descriptor) [pid 5566] close(18) = -1 EBADF (Bad file descriptor) [pid 5566] close(19) = -1 EBADF (Bad file descriptor) [pid 5566] close(20) = -1 EBADF (Bad file descriptor) [pid 5566] close(21) = -1 EBADF (Bad file descriptor) [pid 5566] close(22) = -1 EBADF (Bad file descriptor) [pid 5566] close(23) = -1 EBADF (Bad file descriptor) [ 141.296073][ T5567] mem_cgroup_out_of_memory+0x263/0x3b0 [ 141.301674][ T5567] ? mem_cgroup_oom_trylock+0x210/0x210 [ 141.307293][ T5567] ? cgroup_file_notify+0x127/0x190 [ 141.312568][ T5567] memory_max_write+0x355/0x470 [ 141.317487][ T5567] ? memory_max_show+0xa0/0xa0 [ 141.322317][ T5567] ? read_lock_is_recursive+0x20/0x20 [ 141.327747][ T5567] ? memory_max_show+0xa0/0xa0 [ 141.332571][ T5567] cgroup_file_write+0x2b1/0x780 [ 141.337573][ T5567] ? cgroup_seqfile_stop+0xd0/0xd0 [ 141.342733][ T5567] ? __virt_addr_valid+0x22f/0x2e0 [ 141.347916][ T5567] ? cgroup_seqfile_stop+0xd0/0xd0 [ 141.353073][ T5567] kernfs_fop_write_iter+0x3a6/0x4f0 [ 141.358421][ T5567] vfs_write+0x7b2/0xbb0 [ 141.362729][ T5567] ? file_end_write+0x240/0x240 [ 141.367649][ T5567] ? do_raw_spin_unlock+0x13b/0x8b0 [ 141.372905][ T5567] ? lockdep_hardirqs_on+0x98/0x140 [ 141.378169][ T5567] ? __fdget_pos+0x265/0x2f0 [ 141.382824][ T5567] ksys_write+0x1a0/0x2c0 [ 141.387217][ T5567] ? __ia32_sys_read+0x90/0x90 [ 141.392033][ T5567] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 141.398078][ T5567] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 141.404124][ T5567] do_syscall_64+0x41/0xc0 [ 141.408619][ T5567] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 141.414571][ T5567] RIP: 0033:0x7fd49ce20129 [ 141.419028][ T5567] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.438678][ T5567] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5566] close(24) = -1 EBADF (Bad file descriptor) [pid 5566] close(25) = -1 EBADF (Bad file descriptor) [pid 5566] close(26) = -1 EBADF (Bad file descriptor) [pid 5566] close(27) = -1 EBADF (Bad file descriptor) [pid 5566] close(28) = -1 EBADF (Bad file descriptor) [pid 5566] close(29) = -1 EBADF (Bad file descriptor) [pid 5566] exit_group(0) = ? [pid 5566] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./27/binderfs") = 0 [pid 5074] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./27/cgroup") = 0 [pid 5074] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./27/cgroup.net") = 0 [pid 5074] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./27/file0") = 0 [pid 5074] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./27/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./27") = 0 [pid 5074] mkdir("./28", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5586 attached [pid 5586] chdir("./28" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 30 [ 141.447144][ T5567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 141.455160][ T5567] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 141.463175][ T5567] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 141.471191][ T5567] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 141.479214][ T5567] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000017 [ 141.487255][ T5567] [pid 5586] <... chdir resumed>) = 0 [pid 5586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5586] setpgid(0, 0) = 0 [pid 5586] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5586] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5586] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5586] write(3, "1000", 4) = 4 [pid 5586] close(3) = 0 [pid 5586] symlink("/dev/binderfs", "./binderfs") = 0 [ 141.523273][ T5567] memory: usage 8kB, limit 0kB, failcnt 55 [ 141.530881][ T5567] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 141.546747][ T5567] Memory cgroup stats for /syz1: [ 141.546965][ T5567] anon 0 [ 141.546965][ T5567] file 0 [ 141.546965][ T5567] kernel 8192 [ 141.546965][ T5567] kernel_stack 0 [ 141.546965][ T5567] pagetables 0 [ 141.546965][ T5567] sec_pagetables 0 [ 141.546965][ T5567] percpu 0 [ 141.546965][ T5567] sock 0 [ 141.546965][ T5567] vmalloc 0 [ 141.546965][ T5567] shmem 0 [ 141.546965][ T5567] zswap 0 [ 141.546965][ T5567] zswapped 0 [ 141.546965][ T5567] file_mapped 0 [ 141.546965][ T5567] file_dirty 0 [ 141.546965][ T5567] file_writeback 0 [ 141.546965][ T5567] swapcached 0 [ 141.546965][ T5567] anon_thp 0 [ 141.546965][ T5567] file_thp 0 [ 141.546965][ T5567] shmem_thp 0 [ 141.546965][ T5567] inactive_anon 0 [ 141.546965][ T5567] active_anon 0 [ 141.546965][ T5567] inactive_file 0 [ 141.546965][ T5567] active_file 0 [pid 5586] mkdir("./file0", 000) = 0 [pid 5586] open("./file0", O_RDONLY) = 3 [pid 5586] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5586] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5586] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5586] openat(5, "memory.max", O_RDWR) = 6 [ 141.546965][ T5567] unevictable 0 [ 141.546965][ T5567] slab_reclaimable 6752 [ 141.546965][ T5567] slab_unreclaimable 0 [ 141.546965][ T5567] slab 6752 [ 141.546965][ T5567] workingset_refault_anon 0 [ 141.660967][ T5567] Tasks state (memory values in pages): [pid 5586] write(6, "0x000000000000040e", 18 [pid 5567] <... write resumed>) = 18 [ 141.670088][ T5567] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 141.684474][ T5567] Out of memory and no killable processes... [ 141.694088][ T5575] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 141.713161][ T5575] CPU: 0 PID: 5575 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 141.723638][ T5575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 141.733734][ T5575] Call Trace: [ 141.737049][ T5575] [ 141.740017][ T5575] dump_stack_lvl+0x1e7/0x2d0 [ 141.744754][ T5575] ? nf_tcp_handle_invalid+0x640/0x640 [ 141.750282][ T5575] ? panic+0x770/0x770 [ 141.754426][ T5575] dump_header+0xdc/0x940 [ 141.758813][ T5575] out_of_memory+0xf21/0x12c0 [ 141.763545][ T5575] ? mutex_lock_io_nested+0x60/0x60 [ 141.768814][ T5575] ? preempt_schedule+0xdd/0xf0 [ 141.773717][ T5575] ? unregister_oom_notifier+0x20/0x20 [ 141.779222][ T5575] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 141.785264][ T5575] mem_cgroup_out_of_memory+0x263/0x3b0 [ 141.790861][ T5575] ? preempt_schedule_thunk+0x1a/0x20 [ 141.796288][ T5575] ? mem_cgroup_oom_trylock+0x210/0x210 [ 141.801904][ T5575] ? cgroup_file_notify+0x127/0x190 [ 141.807160][ T5575] memory_max_write+0x355/0x470 [ 141.812072][ T5575] ? memory_max_show+0xa0/0xa0 [ 141.816885][ T5575] ? read_lock_is_recursive+0x20/0x20 [ 141.822312][ T5575] ? memory_max_show+0xa0/0xa0 [ 141.827130][ T5575] cgroup_file_write+0x2b1/0x780 [ 141.832126][ T5575] ? cgroup_seqfile_stop+0xd0/0xd0 [ 141.837281][ T5575] ? __virt_addr_valid+0x22f/0x2e0 [ 141.842470][ T5575] ? cgroup_seqfile_stop+0xd0/0xd0 [ 141.847616][ T5575] kernfs_fop_write_iter+0x3a6/0x4f0 [ 141.852958][ T5575] vfs_write+0x7b2/0xbb0 [ 141.857262][ T5575] ? file_end_write+0x240/0x240 [ 141.862169][ T5575] ? do_raw_spin_unlock+0x13b/0x8b0 [ 141.867428][ T5575] ? lockdep_hardirqs_on+0x98/0x140 [ 141.872731][ T5575] ? __fdget_pos+0x265/0x2f0 [ 141.877382][ T5575] ksys_write+0x1a0/0x2c0 [ 141.881771][ T5575] ? __ia32_sys_read+0x90/0x90 [ 141.886584][ T5575] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 141.892643][ T5575] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 141.898679][ T5575] do_syscall_64+0x41/0xc0 [ 141.903146][ T5575] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 141.909096][ T5575] RIP: 0033:0x7fd49ce20129 [ 141.913554][ T5575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.933205][ T5575] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 141.941677][ T5575] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 141.949696][ T5575] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 141.957727][ T5575] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 141.965747][ T5575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5567] close(3) = 0 [pid 5567] close(4) = 0 [ 141.973761][ T5575] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001a [ 141.981805][ T5575] [ 141.988046][ T5575] memory: usage 8kB, limit 0kB, failcnt 55 [ 141.994010][ T5575] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 142.001161][ T5575] Memory cgroup stats for /syz1: [ 142.001368][ T5575] anon 0 [ 142.001368][ T5575] file 0 [ 142.001368][ T5575] kernel 8192 [ 142.001368][ T5575] kernel_stack 0 [ 142.001368][ T5575] pagetables 0 [ 142.001368][ T5575] sec_pagetables 0 [ 142.001368][ T5575] percpu 0 [ 142.001368][ T5575] sock 0 [ 142.001368][ T5575] vmalloc 0 [ 142.001368][ T5575] shmem 0 [ 142.001368][ T5575] zswap 0 [ 142.001368][ T5575] zswapped 0 [ 142.001368][ T5575] file_mapped 0 [ 142.001368][ T5575] file_dirty 0 [ 142.001368][ T5575] file_writeback 0 [ 142.001368][ T5575] swapcached 0 [ 142.001368][ T5575] anon_thp 0 [ 142.001368][ T5575] file_thp 0 [ 142.001368][ T5575] shmem_thp 0 [ 142.001368][ T5575] inactive_anon 0 [ 142.001368][ T5575] active_anon 0 [ 142.001368][ T5575] inactive_file 0 [pid 5567] close(5) = 0 [pid 5567] close(6) = 0 [pid 5567] close(7) = -1 EBADF (Bad file descriptor) [pid 5567] close(8) = -1 EBADF (Bad file descriptor) [pid 5567] close(9) = -1 EBADF (Bad file descriptor) [pid 5567] close(10) = -1 EBADF (Bad file descriptor) [pid 5567] close(11) = -1 EBADF (Bad file descriptor) [pid 5567] close(12) = -1 EBADF (Bad file descriptor) [pid 5567] close(13) = -1 EBADF (Bad file descriptor) [pid 5567] close(14) = -1 EBADF (Bad file descriptor) [pid 5567] close(15) = -1 EBADF (Bad file descriptor) [pid 5567] close(16) = -1 EBADF (Bad file descriptor) [pid 5567] close(17) = -1 EBADF (Bad file descriptor) [pid 5567] close(18) = -1 EBADF (Bad file descriptor) [pid 5567] close(19) = -1 EBADF (Bad file descriptor) [pid 5567] close(20) = -1 EBADF (Bad file descriptor) [pid 5567] close(21) = -1 EBADF (Bad file descriptor) [ 142.001368][ T5575] active_file 0 [ 142.001368][ T5575] unevictable 0 [ 142.001368][ T5575] slab_reclaimable 6752 [ 142.001368][ T5575] slab_unreclaimable 0 [ 142.001368][ T5575] slab 6752 [ 142.001368][ T5575] workingset_refault_anon 0 [pid 5567] close(22) = -1 EBADF (Bad file descriptor) [pid 5567] close(23) = -1 EBADF (Bad file descriptor) [pid 5567] close(24) = -1 EBADF (Bad file descriptor) [pid 5567] close(25) = -1 EBADF (Bad file descriptor) [pid 5567] close(26) = -1 EBADF (Bad file descriptor) [pid 5567] close(27) = -1 EBADF (Bad file descriptor) [pid 5567] close(28) = -1 EBADF (Bad file descriptor) [pid 5567] close(29) = -1 EBADF (Bad file descriptor) [pid 5567] exit_group(0) = ? [pid 5567] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 142.116688][ T5575] Tasks state (memory values in pages): [ 142.122305][ T5575] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 142.140791][ T5575] Out of memory and no killable processes... [ 142.148099][ T5576] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5073] fstat(3, [pid 5575] <... write resumed>) = 18 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 142.160906][ T5576] CPU: 1 PID: 5576 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 142.171377][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 142.181476][ T5576] Call Trace: [ 142.184787][ T5576] [ 142.187755][ T5576] dump_stack_lvl+0x1e7/0x2d0 [ 142.192492][ T5576] ? nf_tcp_handle_invalid+0x640/0x640 [ 142.198005][ T5576] ? panic+0x770/0x770 [ 142.202142][ T5576] dump_header+0xdc/0x940 [ 142.206525][ T5576] out_of_memory+0xf21/0x12c0 [ 142.211259][ T5576] ? mutex_lock_io_nested+0x60/0x60 [pid 5575] close(3) = 0 [pid 5575] close(4) = 0 [pid 5575] close(5) = 0 [pid 5575] close(6) = 0 [pid 5575] close(7) = -1 EBADF (Bad file descriptor) [pid 5575] close(8) = -1 EBADF (Bad file descriptor) [pid 5575] close(9) = -1 EBADF (Bad file descriptor) [pid 5575] close(10) = -1 EBADF (Bad file descriptor) [pid 5575] close(11) = -1 EBADF (Bad file descriptor) [pid 5575] close(12) = -1 EBADF (Bad file descriptor) [pid 5575] close(13) = -1 EBADF (Bad file descriptor) [pid 5575] close(14) = -1 EBADF (Bad file descriptor) [pid 5575] close(15) = -1 EBADF (Bad file descriptor) [pid 5575] close(16) = -1 EBADF (Bad file descriptor) [pid 5575] close(17) = -1 EBADF (Bad file descriptor) [pid 5575] close(18) = -1 EBADF (Bad file descriptor) [pid 5575] close(19) = -1 EBADF (Bad file descriptor) [pid 5575] close(20) = -1 EBADF (Bad file descriptor) [pid 5575] close(21) = -1 EBADF (Bad file descriptor) [pid 5575] close(22) = -1 EBADF (Bad file descriptor) [pid 5575] close(23) = -1 EBADF (Bad file descriptor) [pid 5575] close(24) = -1 EBADF (Bad file descriptor) [pid 5575] close(25) = -1 EBADF (Bad file descriptor) [pid 5575] close(26) = -1 EBADF (Bad file descriptor) [pid 5575] close(27) = -1 EBADF (Bad file descriptor) [pid 5575] close(28) = -1 EBADF (Bad file descriptor) [pid 5575] close(29) = -1 EBADF (Bad file descriptor) [pid 5575] exit_group(0) = ? [pid 5575] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.216519][ T5576] ? preempt_schedule+0xdd/0xf0 [ 142.221422][ T5576] ? unregister_oom_notifier+0x20/0x20 [ 142.226933][ T5576] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 142.232985][ T5576] mem_cgroup_out_of_memory+0x263/0x3b0 [ 142.238590][ T5576] ? preempt_schedule_thunk+0x1a/0x20 [ 142.244024][ T5576] ? mem_cgroup_oom_trylock+0x210/0x210 [ 142.249645][ T5576] ? cgroup_file_notify+0x127/0x190 [ 142.254903][ T5576] memory_max_write+0x355/0x470 [ 142.259821][ T5576] ? memory_max_show+0xa0/0xa0 [pid 5075] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./26/binderfs") = 0 [pid 5075] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./26/cgroup") = 0 [pid 5075] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./26/cgroup.net") = 0 [ 142.264641][ T5576] ? read_lock_is_recursive+0x20/0x20 [ 142.270067][ T5576] ? memory_max_show+0xa0/0xa0 [ 142.274884][ T5576] cgroup_file_write+0x2b1/0x780 [ 142.279874][ T5576] ? cgroup_seqfile_stop+0xd0/0xd0 [ 142.285029][ T5576] ? __virt_addr_valid+0x22f/0x2e0 [ 142.290207][ T5576] ? cgroup_seqfile_stop+0xd0/0xd0 [ 142.295361][ T5576] kernfs_fop_write_iter+0x3a6/0x4f0 [ 142.300752][ T5576] vfs_write+0x7b2/0xbb0 [ 142.305062][ T5576] ? file_end_write+0x240/0x240 [ 142.309970][ T5576] ? do_raw_spin_unlock+0x13b/0x8b0 [ 142.315250][ T5576] ? lockdep_hardirqs_on+0x98/0x140 [ 142.320584][ T5576] ? __fdget_pos+0x265/0x2f0 [ 142.325235][ T5576] ksys_write+0x1a0/0x2c0 [ 142.329622][ T5576] ? __ia32_sys_read+0x90/0x90 [ 142.334433][ T5576] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 142.340479][ T5576] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 142.346711][ T5576] do_syscall_64+0x41/0xc0 [ 142.351186][ T5576] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.357135][ T5576] RIP: 0033:0x7fd49ce20129 [ 142.361595][ T5576] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 142.381349][ T5576] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.389833][ T5576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 142.397855][ T5576] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 142.405876][ T5576] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./23/binderfs") = 0 [pid 5073] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./23/cgroup") = 0 [pid 5073] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./23/cgroup.net") = 0 [pid 5073] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = 0 [pid 5075] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] <... umount2 resumed>) = 0 [pid 5075] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] lstat("./23/file0", [pid 5075] <... openat resumed>) = 4 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] fstat(4, [pid 5073] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] getdents64(4, [pid 5073] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [ 142.413892][ T5576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 142.421911][ T5576] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000014 [ 142.429988][ T5576] [ 142.444018][ T5576] memory: usage 8kB, limit 0kB, failcnt 55 [ 142.450154][ T5576] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 142.457637][ T5576] Memory cgroup stats for /syz1: [ 142.458051][ T5576] anon 0 [pid 5073] <... openat resumed>) = 4 [pid 5075] getdents64(4, [pid 5073] fstat(4, [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] close(4 [pid 5073] getdents64(4, [pid 5075] <... close resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] rmdir("./26/file0" [pid 5073] getdents64(4, [pid 5075] <... rmdir resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] close(4 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... close resumed>) = 0 [pid 5075] lstat("./26/cgroup.cpu", [pid 5073] rmdir("./23/file0" [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5075] unlink("./26/cgroup.cpu" [pid 5073] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... unlink resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] getdents64(3, [pid 5073] lstat("./23/cgroup.cpu", [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] close(3 [pid 5073] unlink("./23/cgroup.cpu" [pid 5075] <... close resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5075] rmdir("./26" [pid 5073] getdents64(3, [pid 5075] <... rmdir resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] mkdir("./27", 0777 [pid 5073] close(3 [pid 5075] <... mkdir resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] rmdir("./23"./strace-static-x86_64: Process 5596 attached ) = 0 [pid 5596] chdir("./27" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 29 [pid 5073] mkdir("./24", 0777 [pid 5596] <... chdir resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [ 142.458051][ T5576] file 0 [ 142.458051][ T5576] kernel 8192 [ 142.458051][ T5576] kernel_stack 0 [ 142.458051][ T5576] pagetables 0 [ 142.458051][ T5576] sec_pagetables 0 [ 142.458051][ T5576] percpu 0 [ 142.458051][ T5576] sock 0 [ 142.458051][ T5576] vmalloc 0 [ 142.458051][ T5576] shmem 0 [ 142.458051][ T5576] zswap 0 [ 142.458051][ T5576] zswapped 0 [ 142.458051][ T5576] file_mapped 0 [ 142.458051][ T5576] file_dirty 0 [ 142.458051][ T5576] file_writeback 0 [ 142.458051][ T5576] swapcached 0 [ 142.458051][ T5576] anon_thp 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5596] <... prctl resumed>) = 0 [pid 5596] setpgid(0, 0 [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 26 [pid 5596] <... setpgid resumed>) = 0 [pid 5596] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5596] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5596] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] mkdir("./file0", 000) = 0 [pid 5596] open("./file0", O_RDONLY./strace-static-x86_64: Process 5597 attached ) = 3 [pid 5596] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5597] chdir("./24" [pid 5596] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5597] <... chdir resumed>) = 0 [pid 5596] <... openat resumed>) = 4 [pid 5597] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5596] openat(4, "syz1", O_RDWR|O_PATH [pid 5597] <... prctl resumed>) = 0 [pid 5596] <... openat resumed>) = 5 [pid 5597] setpgid(0, 0 [pid 5596] openat(5, "memory.max", O_RDWR [pid 5597] <... setpgid resumed>) = 0 [pid 5596] <... openat resumed>) = 6 [pid 5596] write(6, "0x000000000000040e", 18 [pid 5597] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5597] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5597] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5597] write(3, "1000", 4) = 4 [ 142.458051][ T5576] file_thp 0 [ 142.458051][ T5576] shmem_thp 0 [ 142.458051][ T5576] inactive_anon 0 [ 142.458051][ T5576] active_anon 0 [ 142.458051][ T5576] inactive_file 0 [ 142.458051][ T5576] active_file 0 [ 142.458051][ T5576] unevictable 0 [ 142.458051][ T5576] slab_reclaimable 6752 [ 142.458051][ T5576] slab_unreclaimable 0 [ 142.458051][ T5576] slab 6752 [ 142.458051][ T5576] workingset_refault_anon 0 [pid 5597] close(3) = 0 [pid 5597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5597] mkdir("./file0", 000) = 0 [pid 5597] open("./file0", O_RDONLY) = 3 [pid 5597] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5597] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5597] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5597] openat(5, "memory.max", O_RDWR) = 6 [pid 5597] write(6, "0x000000000000040e", 18 [pid 5576] <... write resumed>) = 18 [ 142.601073][ T5576] Tasks state (memory values in pages): [ 142.607390][ T5576] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 142.619644][ T5576] Out of memory and no killable processes... [ 142.632693][ T5579] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5576] close(3) = 0 [pid 5576] close(4) = 0 [pid 5576] close(5) = 0 [pid 5576] close(6) = 0 [pid 5576] close(7) = -1 EBADF (Bad file descriptor) [pid 5576] close(8) = -1 EBADF (Bad file descriptor) [pid 5576] close(9) = -1 EBADF (Bad file descriptor) [pid 5576] close(10) = -1 EBADF (Bad file descriptor) [pid 5576] close(11) = -1 EBADF (Bad file descriptor) [pid 5576] close(12) = -1 EBADF (Bad file descriptor) [pid 5576] close(13) = -1 EBADF (Bad file descriptor) [pid 5576] close(14) = -1 EBADF (Bad file descriptor) [pid 5576] close(15) = -1 EBADF (Bad file descriptor) [pid 5576] close(16) = -1 EBADF (Bad file descriptor) [pid 5576] close(17) = -1 EBADF (Bad file descriptor) [pid 5576] close(18) = -1 EBADF (Bad file descriptor) [pid 5576] close(19) = -1 EBADF (Bad file descriptor) [pid 5576] close(20) = -1 EBADF (Bad file descriptor) [pid 5576] close(21) = -1 EBADF (Bad file descriptor) [pid 5576] close(22) = -1 EBADF (Bad file descriptor) [pid 5576] close(23) = -1 EBADF (Bad file descriptor) [pid 5576] close(24) = -1 EBADF (Bad file descriptor) [pid 5576] close(25) = -1 EBADF (Bad file descriptor) [pid 5576] close(26) = -1 EBADF (Bad file descriptor) [pid 5576] close(27) = -1 EBADF (Bad file descriptor) [pid 5576] close(28) = -1 EBADF (Bad file descriptor) [pid 5576] close(29) = -1 EBADF (Bad file descriptor) [pid 5576] exit_group(0) = ? [pid 5576] +++ exited with 0 +++ [ 142.643568][ T5579] CPU: 1 PID: 5579 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 142.654042][ T5579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 142.664145][ T5579] Call Trace: [ 142.667466][ T5579] [ 142.670435][ T5579] dump_stack_lvl+0x1e7/0x2d0 [ 142.675172][ T5579] ? nf_tcp_handle_invalid+0x640/0x640 [ 142.680686][ T5579] ? panic+0x770/0x770 [ 142.684813][ T5579] dump_header+0xdc/0x940 [ 142.689201][ T5579] out_of_memory+0xf21/0x12c0 [ 142.693938][ T5579] ? mutex_lock_io_nested+0x60/0x60 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=22, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5070] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.699309][ T5579] ? preempt_schedule+0xdd/0xf0 [ 142.704227][ T5579] ? unregister_oom_notifier+0x20/0x20 [ 142.709737][ T5579] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 142.715779][ T5579] mem_cgroup_out_of_memory+0x263/0x3b0 [ 142.721380][ T5579] ? preempt_schedule_thunk+0x1a/0x20 [ 142.726837][ T5579] ? mem_cgroup_oom_trylock+0x210/0x210 [ 142.732465][ T5579] ? cgroup_file_notify+0x127/0x190 [ 142.737731][ T5579] memory_max_write+0x355/0x470 [ 142.742649][ T5579] ? memory_max_show+0xa0/0xa0 [ 142.747468][ T5579] ? read_lock_is_recursive+0x20/0x20 [ 142.752913][ T5579] ? memory_max_show+0xa0/0xa0 [ 142.757747][ T5579] cgroup_file_write+0x2b1/0x780 [ 142.762751][ T5579] ? cgroup_seqfile_stop+0xd0/0xd0 [ 142.767914][ T5579] ? __virt_addr_valid+0x22f/0x2e0 [ 142.773096][ T5579] ? cgroup_seqfile_stop+0xd0/0xd0 [ 142.778261][ T5579] kernfs_fop_write_iter+0x3a6/0x4f0 [ 142.783632][ T5579] vfs_write+0x7b2/0xbb0 [ 142.787937][ T5579] ? file_end_write+0x240/0x240 [ 142.792845][ T5579] ? do_raw_spin_unlock+0x13b/0x8b0 [ 142.798107][ T5579] ? lockdep_hardirqs_on+0x98/0x140 [ 142.803376][ T5579] ? __fdget_pos+0x265/0x2f0 [ 142.808031][ T5579] ksys_write+0x1a0/0x2c0 [ 142.812431][ T5579] ? __ia32_sys_read+0x90/0x90 [ 142.817247][ T5579] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 142.823288][ T5579] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 142.829326][ T5579] do_syscall_64+0x41/0xc0 [ 142.833810][ T5579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.839768][ T5579] RIP: 0033:0x7fd49ce20129 [ 142.844236][ T5579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 142.863891][ T5579] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.872532][ T5579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 142.880630][ T5579] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 142.888638][ T5579] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./20/binderfs") = 0 [pid 5070] umount2("./20/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./20/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./20/cgroup") = 0 [pid 5070] umount2("./20/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./20/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./20/cgroup.net") = 0 [pid 5070] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./20/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./20/file0") = 0 [pid 5070] umount2("./20/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./20/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./20/cgroup.cpu") = 0 [ 142.896653][ T5579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 142.904669][ T5579] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000015 [ 142.912727][ T5579] [ 142.929038][ T5579] memory: usage 8kB, limit 0kB, failcnt 55 [ 142.935571][ T5579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./20") = 0 [pid 5070] mkdir("./21", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached [pid 5600] chdir("./21" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 23 [pid 5600] <... chdir resumed>) = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5600] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5600] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4) = 4 [pid 5600] close(3) = 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [ 142.963343][ T5579] Memory cgroup stats for /syz1: [ 142.963555][ T5579] anon 0 [ 142.963555][ T5579] file 0 [ 142.963555][ T5579] kernel 8192 [ 142.963555][ T5579] kernel_stack 0 [ 142.963555][ T5579] pagetables 0 [ 142.963555][ T5579] sec_pagetables 0 [ 142.963555][ T5579] percpu 0 [ 142.963555][ T5579] sock 0 [ 142.963555][ T5579] vmalloc 0 [ 142.963555][ T5579] shmem 0 [ 142.963555][ T5579] zswap 0 [ 142.963555][ T5579] zswapped 0 [ 142.963555][ T5579] file_mapped 0 [ 142.963555][ T5579] file_dirty 0 [pid 5600] mkdir("./file0", 000) = 0 [pid 5600] open("./file0", O_RDONLY) = 3 [pid 5600] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5600] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5600] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5600] openat(5, "memory.max", O_RDWR) = 6 [ 142.963555][ T5579] file_writeback 0 [ 142.963555][ T5579] swapcached 0 [ 142.963555][ T5579] anon_thp 0 [ 142.963555][ T5579] file_thp 0 [ 142.963555][ T5579] shmem_thp 0 [ 142.963555][ T5579] inactive_anon 0 [ 142.963555][ T5579] active_anon 0 [ 142.963555][ T5579] inactive_file 0 [ 142.963555][ T5579] active_file 0 [ 142.963555][ T5579] unevictable 0 [ 142.963555][ T5579] slab_reclaimable 6752 [ 142.963555][ T5579] slab_unreclaimable 0 [ 142.963555][ T5579] slab 6752 [ 142.963555][ T5579] workingset_refault_anon 0 [pid 5600] write(6, "0x000000000000040e", 18 [pid 5579] <... write resumed>) = 18 [ 143.070091][ T5579] Tasks state (memory values in pages): [ 143.078254][ T5579] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 143.095823][ T5579] Out of memory and no killable processes... [ 143.102792][ T5586] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5579] close(3) = 0 [pid 5579] close(4) = 0 [pid 5579] close(5) = 0 [pid 5579] close(6) = 0 [pid 5579] close(7) = -1 EBADF (Bad file descriptor) [pid 5579] close(8) = -1 EBADF (Bad file descriptor) [pid 5579] close(9) = -1 EBADF (Bad file descriptor) [pid 5579] close(10) = -1 EBADF (Bad file descriptor) [pid 5579] close(11) = -1 EBADF (Bad file descriptor) [pid 5579] close(12) = -1 EBADF (Bad file descriptor) [pid 5579] close(13) = -1 EBADF (Bad file descriptor) [pid 5579] close(14) = -1 EBADF (Bad file descriptor) [pid 5579] close(15) = -1 EBADF (Bad file descriptor) [pid 5579] close(16) = -1 EBADF (Bad file descriptor) [pid 5579] close(17) = -1 EBADF (Bad file descriptor) [pid 5579] close(18) = -1 EBADF (Bad file descriptor) [pid 5579] close(19) = -1 EBADF (Bad file descriptor) [pid 5579] close(20) = -1 EBADF (Bad file descriptor) [ 143.113416][ T5586] CPU: 1 PID: 5586 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 143.123879][ T5586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 143.133972][ T5586] Call Trace: [ 143.137297][ T5586] [ 143.140267][ T5586] dump_stack_lvl+0x1e7/0x2d0 [ 143.144993][ T5586] ? nf_tcp_handle_invalid+0x640/0x640 [ 143.150496][ T5586] ? panic+0x770/0x770 [ 143.154630][ T5586] dump_header+0xdc/0x940 [ 143.159026][ T5586] out_of_memory+0xf21/0x12c0 [ 143.163756][ T5586] ? mutex_lock_io_nested+0x60/0x60 [ 143.169008][ T5586] ? mark_lock+0x9a/0x340 [ 143.173369][ T5586] ? unregister_oom_notifier+0x20/0x20 [ 143.178893][ T5586] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 143.184934][ T5586] mem_cgroup_out_of_memory+0x263/0x3b0 [ 143.190532][ T5586] ? mem_cgroup_oom_trylock+0x210/0x210 [ 143.196144][ T5586] ? cgroup_file_notify+0x127/0x190 [ 143.201383][ T5586] memory_max_write+0x355/0x470 [ 143.206266][ T5586] ? memory_max_show+0xa0/0xa0 [ 143.211060][ T5586] ? read_lock_is_recursive+0x20/0x20 [ 143.216460][ T5586] ? memory_max_show+0xa0/0xa0 [ 143.221252][ T5586] cgroup_file_write+0x2b1/0x780 [ 143.226217][ T5586] ? cgroup_seqfile_stop+0xd0/0xd0 [ 143.231352][ T5586] ? __virt_addr_valid+0x22f/0x2e0 [ 143.236506][ T5586] ? cgroup_seqfile_stop+0xd0/0xd0 [ 143.241639][ T5586] kernfs_fop_write_iter+0x3a6/0x4f0 [ 143.246953][ T5586] vfs_write+0x7b2/0xbb0 [ 143.251240][ T5586] ? file_end_write+0x240/0x240 [ 143.256139][ T5586] ? do_raw_spin_unlock+0x13b/0x8b0 [ 143.261377][ T5586] ? lockdep_hardirqs_on+0x98/0x140 [ 143.266637][ T5586] ? __fdget_pos+0x265/0x2f0 [pid 5579] close(21) = -1 EBADF (Bad file descriptor) [pid 5579] close(22) = -1 EBADF (Bad file descriptor) [pid 5579] close(23) = -1 EBADF (Bad file descriptor) [pid 5579] close(24) = -1 EBADF (Bad file descriptor) [pid 5579] close(25) = -1 EBADF (Bad file descriptor) [pid 5579] close(26) = -1 EBADF (Bad file descriptor) [pid 5579] close(27) = -1 EBADF (Bad file descriptor) [pid 5579] close(28) = -1 EBADF (Bad file descriptor) [pid 5579] close(29) = -1 EBADF (Bad file descriptor) [ 143.271289][ T5586] ksys_write+0x1a0/0x2c0 [ 143.275741][ T5586] ? __ia32_sys_read+0x90/0x90 [ 143.280539][ T5586] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 143.286552][ T5586] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 143.292567][ T5586] do_syscall_64+0x41/0xc0 [ 143.297009][ T5586] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 143.302924][ T5586] RIP: 0033:0x7fd49ce20129 [ 143.307358][ T5586] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.326976][ T5586] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.335406][ T5586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 143.343390][ T5586] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 143.351400][ T5586] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 143.359396][ T5586] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5579] exit_group(0) = ? [pid 5579] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5072] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 143.367393][ T5586] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001c [ 143.375403][ T5586] [ 143.390945][ T5586] memory: usage 8kB, limit 0kB, failcnt 55 [ 143.397901][ T5586] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 143.405734][ T5586] Memory cgroup stats for /syz1: [ 143.405934][ T5586] anon 0 [ 143.405934][ T5586] file 0 [ 143.405934][ T5586] kernel 8192 [pid 5072] unlink("./21/binderfs") = 0 [pid 5072] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./21/cgroup") = 0 [pid 5072] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./21/cgroup.net") = 0 [ 143.405934][ T5586] kernel_stack 0 [ 143.405934][ T5586] pagetables 0 [ 143.405934][ T5586] sec_pagetables 0 [ 143.405934][ T5586] percpu 0 [ 143.405934][ T5586] sock 0 [ 143.405934][ T5586] vmalloc 0 [ 143.405934][ T5586] shmem 0 [ 143.405934][ T5586] zswap 0 [ 143.405934][ T5586] zswapped 0 [ 143.405934][ T5586] file_mapped 0 [ 143.405934][ T5586] file_dirty 0 [ 143.405934][ T5586] file_writeback 0 [ 143.405934][ T5586] swapcached 0 [ 143.405934][ T5586] anon_thp 0 [ 143.405934][ T5586] file_thp 0 [ 143.405934][ T5586] shmem_thp 0 [pid 5072] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./21/file0") = 0 [ 143.405934][ T5586] inactive_anon 0 [ 143.405934][ T5586] active_anon 0 [ 143.405934][ T5586] inactive_file 0 [ 143.405934][ T5586] active_file 0 [ 143.405934][ T5586] unevictable 0 [ 143.405934][ T5586] slab_reclaimable 6752 [ 143.405934][ T5586] slab_unreclaimable 0 [ 143.405934][ T5586] slab 6752 [ 143.405934][ T5586] workingset_refault_anon 0 [ 143.514532][ T5586] Tasks state (memory values in pages): [pid 5072] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./21/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./21") = 0 [pid 5072] mkdir("./22", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 24 ./strace-static-x86_64: Process 5601 attached [pid 5601] chdir("./22") = 0 [pid 5586] <... write resumed>) = 18 [pid 5586] close(3) = 0 [pid 5586] close(4) = 0 [pid 5586] close(5) = 0 [pid 5586] close(6) = 0 [pid 5586] close(7) = -1 EBADF (Bad file descriptor) [pid 5586] close(8) = -1 EBADF (Bad file descriptor) [pid 5586] close(9) = -1 EBADF (Bad file descriptor) [pid 5586] close(10) = -1 EBADF (Bad file descriptor) [pid 5586] close(11) = -1 EBADF (Bad file descriptor) [pid 5586] close(12) = -1 EBADF (Bad file descriptor) [pid 5586] close(13) = -1 EBADF (Bad file descriptor) [pid 5586] close(14) = -1 EBADF (Bad file descriptor) [pid 5586] close(15) = -1 EBADF (Bad file descriptor) [pid 5586] close(16) = -1 EBADF (Bad file descriptor) [pid 5586] close(17) = -1 EBADF (Bad file descriptor) [pid 5586] close(18) = -1 EBADF (Bad file descriptor) [pid 5586] close(19) = -1 EBADF (Bad file descriptor) [pid 5586] close(20) = -1 EBADF (Bad file descriptor) [pid 5586] close(21) = -1 EBADF (Bad file descriptor) [pid 5586] close(22) = -1 EBADF (Bad file descriptor) [pid 5586] close(23) = -1 EBADF (Bad file descriptor) [pid 5586] close(24) = -1 EBADF (Bad file descriptor) [pid 5586] close(25) = -1 EBADF (Bad file descriptor) [pid 5586] close(26) = -1 EBADF (Bad file descriptor) [pid 5586] close(27) = -1 EBADF (Bad file descriptor) [pid 5586] close(28) = -1 EBADF (Bad file descriptor) [pid 5586] close(29) = -1 EBADF (Bad file descriptor) [pid 5586] exit_group(0) = ? [pid 5586] +++ exited with 0 +++ [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 143.521293][ T5586] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 143.539589][ T5586] Out of memory and no killable processes... [ 143.545994][ T5596] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 143.557923][ T5596] CPU: 0 PID: 5596 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5601] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5601] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5601] mkdir("./file0", 000) = 0 [pid 5601] open("./file0", O_RDONLY) = 3 [pid 5601] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5601] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5601] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5601] openat(5, "memory.max", O_RDWR) = 6 [pid 5601] write(6, "0x000000000000040e", 18 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./28/binderfs") = 0 [pid 5074] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./28/cgroup") = 0 [pid 5074] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./28/cgroup.net") = 0 [ 143.568390][ T5596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 143.578493][ T5596] Call Trace: [ 143.581800][ T5596] [ 143.584765][ T5596] dump_stack_lvl+0x1e7/0x2d0 [ 143.589503][ T5596] ? nf_tcp_handle_invalid+0x640/0x640 [ 143.595016][ T5596] ? panic+0x770/0x770 [ 143.599151][ T5596] dump_header+0xdc/0x940 [ 143.603557][ T5596] out_of_memory+0xf21/0x12c0 [ 143.608293][ T5596] ? mutex_lock_io_nested+0x60/0x60 [ 143.613547][ T5596] ? preempt_schedule+0xdd/0xf0 [ 143.618445][ T5596] ? unregister_oom_notifier+0x20/0x20 [ 143.623948][ T5596] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 143.629999][ T5596] mem_cgroup_out_of_memory+0x263/0x3b0 [ 143.635598][ T5596] ? preempt_schedule_thunk+0x1a/0x20 [ 143.641022][ T5596] ? mem_cgroup_oom_trylock+0x210/0x210 [ 143.646637][ T5596] ? cgroup_file_notify+0x127/0x190 [ 143.651895][ T5596] memory_max_write+0x355/0x470 [ 143.656800][ T5596] ? memory_max_show+0xa0/0xa0 [ 143.661606][ T5596] ? read_lock_is_recursive+0x20/0x20 [ 143.667022][ T5596] ? memory_max_show+0xa0/0xa0 [ 143.671830][ T5596] cgroup_file_write+0x2b1/0x780 [ 143.676806][ T5596] ? cgroup_seqfile_stop+0xd0/0xd0 [ 143.681943][ T5596] ? __virt_addr_valid+0x22f/0x2e0 [ 143.687122][ T5596] ? cgroup_seqfile_stop+0xd0/0xd0 [ 143.692275][ T5596] kernfs_fop_write_iter+0x3a6/0x4f0 [ 143.697621][ T5596] vfs_write+0x7b2/0xbb0 [ 143.701922][ T5596] ? file_end_write+0x240/0x240 [ 143.706825][ T5596] ? do_raw_spin_unlock+0x13b/0x8b0 [ 143.712065][ T5596] ? lockdep_hardirqs_on+0x98/0x140 [ 143.717320][ T5596] ? __fdget_pos+0x265/0x2f0 [ 143.721960][ T5596] ksys_write+0x1a0/0x2c0 [ 143.726348][ T5596] ? __ia32_sys_read+0x90/0x90 [ 143.731166][ T5596] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 143.737216][ T5596] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 143.743261][ T5596] do_syscall_64+0x41/0xc0 [ 143.747716][ T5596] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 143.753660][ T5596] RIP: 0033:0x7fd49ce20129 [ 143.758111][ T5596] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.777747][ T5596] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.786188][ T5596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 143.794197][ T5596] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 143.802180][ T5596] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 143.810191][ T5596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5074] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./28/file0") = 0 [pid 5074] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./28/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 143.818184][ T5596] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001b [ 143.826192][ T5596] [ 143.841538][ T5596] memory: usage 8kB, limit 0kB, failcnt 55 [ 143.847581][ T5596] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 143.854462][ T5596] Memory cgroup stats for /syz1: [ 143.854662][ T5596] anon 0 [ 143.854662][ T5596] file 0 [ 143.854662][ T5596] kernel 8192 [ 143.854662][ T5596] kernel_stack 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./28") = 0 [pid 5074] mkdir("./29", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 31 [ 143.854662][ T5596] pagetables 0 [ 143.854662][ T5596] sec_pagetables 0 [ 143.854662][ T5596] percpu 0 [ 143.854662][ T5596] sock 0 [ 143.854662][ T5596] vmalloc 0 [ 143.854662][ T5596] shmem 0 [ 143.854662][ T5596] zswap 0 [ 143.854662][ T5596] zswapped 0 [ 143.854662][ T5596] file_mapped 0 [ 143.854662][ T5596] file_dirty 0 [ 143.854662][ T5596] file_writeback 0 [ 143.854662][ T5596] swapcached 0 [ 143.854662][ T5596] anon_thp 0 [ 143.854662][ T5596] file_thp 0 [ 143.854662][ T5596] shmem_thp 0 [ 143.854662][ T5596] inactive_anon 0 ./strace-static-x86_64: Process 5602 attached [pid 5602] chdir("./29") = 0 [ 143.854662][ T5596] active_anon 0 [ 143.854662][ T5596] inactive_file 0 [ 143.854662][ T5596] active_file 0 [ 143.854662][ T5596] unevictable 0 [ 143.854662][ T5596] slab_reclaimable 6752 [ 143.854662][ T5596] slab_unreclaimable 0 [ 143.854662][ T5596] slab 6752 [ 143.854662][ T5596] workingset_refault_anon 0 [ 143.954276][ T5596] Tasks state (memory values in pages): [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5602] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5596] <... write resumed>) = 18 [pid 5602] <... symlink resumed>) = 0 [pid 5602] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5596] close(3 [pid 5602] <... symlink resumed>) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5596] <... close resumed>) = 0 [pid 5602] <... openat resumed>) = 3 [pid 5602] write(3, "1000", 4 [pid 5596] close(4 [pid 5602] <... write resumed>) = 4 [pid 5602] close(3 [pid 5596] <... close resumed>) = 0 [pid 5602] <... close resumed>) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs" [pid 5596] close(5 [pid 5602] <... symlink resumed>) = 0 [pid 5602] mkdir("./file0", 000 [pid 5596] <... close resumed>) = 0 [pid 5602] <... mkdir resumed>) = 0 [pid 5602] open("./file0", O_RDONLY [pid 5596] close(6 [pid 5602] <... open resumed>) = 3 [pid 5602] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5596] <... close resumed>) = 0 [pid 5602] <... mount resumed>) = 0 [pid 5602] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5596] close(7 [pid 5602] <... openat resumed>) = 4 [pid 5596] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5602] openat(4, "syz1", O_RDWR|O_PATH [pid 5596] close(8 [pid 5602] <... openat resumed>) = 5 [pid 5596] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5602] openat(5, "memory.max", O_RDWR [pid 5596] close(9 [pid 5602] <... openat resumed>) = 6 [pid 5596] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 143.965584][ T5596] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 143.975262][ T5596] Out of memory and no killable processes... [ 143.989922][ T5597] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 144.005234][ T5597] CPU: 1 PID: 5597 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5602] write(6, "0x000000000000040e", 18 [pid 5596] close(10) = -1 EBADF (Bad file descriptor) [pid 5596] close(11) = -1 EBADF (Bad file descriptor) [pid 5596] close(12) = -1 EBADF (Bad file descriptor) [pid 5596] close(13) = -1 EBADF (Bad file descriptor) [pid 5596] close(14) = -1 EBADF (Bad file descriptor) [pid 5596] close(15) = -1 EBADF (Bad file descriptor) [pid 5596] close(16) = -1 EBADF (Bad file descriptor) [pid 5596] close(17) = -1 EBADF (Bad file descriptor) [pid 5596] close(18) = -1 EBADF (Bad file descriptor) [pid 5596] close(19) = -1 EBADF (Bad file descriptor) [pid 5596] close(20) = -1 EBADF (Bad file descriptor) [pid 5596] close(21) = -1 EBADF (Bad file descriptor) [pid 5596] close(22) = -1 EBADF (Bad file descriptor) [pid 5596] close(23) = -1 EBADF (Bad file descriptor) [pid 5596] close(24) = -1 EBADF (Bad file descriptor) [pid 5596] close(25) = -1 EBADF (Bad file descriptor) [pid 5596] close(26) = -1 EBADF (Bad file descriptor) [pid 5596] close(27) = -1 EBADF (Bad file descriptor) [pid 5596] close(28) = -1 EBADF (Bad file descriptor) [pid 5596] close(29) = -1 EBADF (Bad file descriptor) [pid 5596] exit_group(0) = ? [pid 5596] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./27/binderfs") = 0 [pid 5075] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.015705][ T5597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 144.025797][ T5597] Call Trace: [ 144.029109][ T5597] [ 144.032070][ T5597] dump_stack_lvl+0x1e7/0x2d0 [ 144.036802][ T5597] ? nf_tcp_handle_invalid+0x640/0x640 [ 144.042320][ T5597] ? panic+0x770/0x770 [ 144.046461][ T5597] dump_header+0xdc/0x940 [ 144.050849][ T5597] out_of_memory+0xf21/0x12c0 [ 144.055583][ T5597] ? mutex_lock_io_nested+0x60/0x60 [ 144.060846][ T5597] ? preempt_schedule+0xdd/0xf0 [ 144.065744][ T5597] ? unregister_oom_notifier+0x20/0x20 [pid 5075] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./27/cgroup") = 0 [pid 5075] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./27/cgroup.net") = 0 [ 144.071244][ T5597] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 144.077278][ T5597] mem_cgroup_out_of_memory+0x263/0x3b0 [ 144.082869][ T5597] ? preempt_schedule_thunk+0x1a/0x20 [ 144.088288][ T5597] ? mem_cgroup_oom_trylock+0x210/0x210 [ 144.093889][ T5597] ? cgroup_file_notify+0x127/0x190 [ 144.099128][ T5597] memory_max_write+0x355/0x470 [ 144.104060][ T5597] ? memory_max_show+0xa0/0xa0 [ 144.108861][ T5597] ? read_lock_is_recursive+0x20/0x20 [ 144.114257][ T5597] ? memory_max_show+0xa0/0xa0 [ 144.119051][ T5597] cgroup_file_write+0x2b1/0x780 [ 144.124038][ T5597] ? cgroup_seqfile_stop+0xd0/0xd0 [ 144.129178][ T5597] ? __virt_addr_valid+0x22f/0x2e0 [ 144.134323][ T5597] ? cgroup_seqfile_stop+0xd0/0xd0 [ 144.139480][ T5597] kernfs_fop_write_iter+0x3a6/0x4f0 [ 144.144819][ T5597] vfs_write+0x7b2/0xbb0 [ 144.149117][ T5597] ? file_end_write+0x240/0x240 [ 144.153991][ T5597] ? do_raw_spin_unlock+0x13b/0x8b0 [ 144.159234][ T5597] ? lockdep_hardirqs_on+0x98/0x140 [ 144.164492][ T5597] ? __fdget_pos+0x265/0x2f0 [ 144.169135][ T5597] ksys_write+0x1a0/0x2c0 [ 144.173506][ T5597] ? __ia32_sys_read+0x90/0x90 [ 144.178301][ T5597] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 144.184341][ T5597] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 144.190365][ T5597] do_syscall_64+0x41/0xc0 [ 144.194800][ T5597] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 144.200721][ T5597] RIP: 0033:0x7fd49ce20129 [ 144.205170][ T5597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.224827][ T5597] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.233281][ T5597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 144.241280][ T5597] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 144.249279][ T5597] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 144.257277][ T5597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 144.265299][ T5597] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000018 [pid 5075] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./27/file0") = 0 [pid 5075] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./27/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./27") = 0 [pid 5075] mkdir("./28", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5603 attached [pid 5603] chdir("./28" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 30 [pid 5603] <... chdir resumed>) = 0 [pid 5603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5603] setpgid(0, 0) = 0 [pid 5603] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5603] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5603] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 144.273354][ T5597] [ 144.285558][ T5597] memory: usage 8kB, limit 0kB, failcnt 55 [ 144.292120][ T5597] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 144.300518][ T5597] Memory cgroup stats for /syz1: [ 144.300724][ T5597] anon 0 [ 144.300724][ T5597] file 0 [ 144.300724][ T5597] kernel 8192 [ 144.300724][ T5597] kernel_stack 0 [ 144.300724][ T5597] pagetables 0 [ 144.300724][ T5597] sec_pagetables 0 [pid 5603] write(3, "1000", 4) = 4 [pid 5603] close(3) = 0 [pid 5603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5603] mkdir("./file0", 000) = 0 [pid 5603] open("./file0", O_RDONLY) = 3 [pid 5603] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 144.300724][ T5597] percpu 0 [ 144.300724][ T5597] sock 0 [ 144.300724][ T5597] vmalloc 0 [ 144.300724][ T5597] shmem 0 [ 144.300724][ T5597] zswap 0 [ 144.300724][ T5597] zswapped 0 [ 144.300724][ T5597] file_mapped 0 [ 144.300724][ T5597] file_dirty 0 [ 144.300724][ T5597] file_writeback 0 [ 144.300724][ T5597] swapcached 0 [ 144.300724][ T5597] anon_thp 0 [ 144.300724][ T5597] file_thp 0 [ 144.300724][ T5597] shmem_thp 0 [ 144.300724][ T5597] inactive_anon 0 [ 144.300724][ T5597] active_anon 0 [ 144.300724][ T5597] inactive_file 0 [pid 5603] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5603] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5603] openat(5, "memory.max", O_RDWR) = 6 [ 144.300724][ T5597] active_file 0 [ 144.300724][ T5597] unevictable 0 [ 144.300724][ T5597] slab_reclaimable 6752 [ 144.300724][ T5597] slab_unreclaimable 0 [ 144.300724][ T5597] slab 6752 [ 144.300724][ T5597] workingset_refault_anon 0 [ 144.403956][ T5597] Tasks state (memory values in pages): [ 144.409841][ T5597] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 144.419459][ T5597] Out of memory and no killable processes... [pid 5603] write(6, "0x000000000000040e", 18 [pid 5597] <... write resumed>) = 18 [ 144.425815][ T5600] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 144.436514][ T5600] CPU: 1 PID: 5600 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 144.446973][ T5600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 144.457062][ T5600] Call Trace: [ 144.460348][ T5600] [ 144.463287][ T5600] dump_stack_lvl+0x1e7/0x2d0 [ 144.467991][ T5600] ? nf_tcp_handle_invalid+0x640/0x640 [ 144.473467][ T5600] ? panic+0x770/0x770 [ 144.477562][ T5600] dump_header+0xdc/0x940 [ 144.481912][ T5600] out_of_memory+0xf21/0x12c0 [ 144.486620][ T5600] ? mutex_lock_io_nested+0x60/0x60 [ 144.491847][ T5600] ? mark_lock+0x9a/0x340 [ 144.496186][ T5600] ? unregister_oom_notifier+0x20/0x20 [ 144.501663][ T5600] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 144.507693][ T5600] mem_cgroup_out_of_memory+0x263/0x3b0 [ 144.513274][ T5600] ? mem_cgroup_oom_trylock+0x210/0x210 [ 144.518851][ T5600] ? cgroup_file_notify+0x127/0x190 [ 144.524071][ T5600] memory_max_write+0x355/0x470 [ 144.528947][ T5600] ? memory_max_show+0xa0/0xa0 [ 144.533748][ T5600] ? read_lock_is_recursive+0x20/0x20 [ 144.539170][ T5600] ? memory_max_show+0xa0/0xa0 [ 144.543972][ T5600] cgroup_file_write+0x2b1/0x780 [ 144.548945][ T5600] ? cgroup_seqfile_stop+0xd0/0xd0 [ 144.554078][ T5600] ? __virt_addr_valid+0x22f/0x2e0 [ 144.559229][ T5600] ? cgroup_seqfile_stop+0xd0/0xd0 [ 144.564354][ T5600] kernfs_fop_write_iter+0x3a6/0x4f0 [ 144.569669][ T5600] vfs_write+0x7b2/0xbb0 [ 144.573942][ T5600] ? file_end_write+0x240/0x240 [ 144.578827][ T5600] ? do_raw_spin_unlock+0x13b/0x8b0 [ 144.584047][ T5600] ? lockdep_hardirqs_on+0x98/0x140 [ 144.589282][ T5600] ? __fdget_pos+0x265/0x2f0 [ 144.593895][ T5600] ksys_write+0x1a0/0x2c0 [ 144.598255][ T5600] ? __ia32_sys_read+0x90/0x90 [ 144.603043][ T5600] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 144.609049][ T5600] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 144.615053][ T5600] do_syscall_64+0x41/0xc0 [ 144.619487][ T5600] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 144.625402][ T5600] RIP: 0033:0x7fd49ce20129 [ 144.629834][ T5600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.649483][ T5600] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.657917][ T5600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 144.665900][ T5600] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5597] close(3) = 0 [pid 5597] close(4) = 0 [pid 5597] close(5) = 0 [pid 5597] close(6) = 0 [pid 5597] close(7) = -1 EBADF (Bad file descriptor) [pid 5597] close(8) = -1 EBADF (Bad file descriptor) [pid 5597] close(9) = -1 EBADF (Bad file descriptor) [pid 5597] close(10) = -1 EBADF (Bad file descriptor) [pid 5597] close(11) = -1 EBADF (Bad file descriptor) [pid 5597] close(12) = -1 EBADF (Bad file descriptor) [pid 5597] close(13) = -1 EBADF (Bad file descriptor) [pid 5597] close(14) = -1 EBADF (Bad file descriptor) [pid 5597] close(15) = -1 EBADF (Bad file descriptor) [pid 5597] close(16) = -1 EBADF (Bad file descriptor) [pid 5597] close(17) = -1 EBADF (Bad file descriptor) [pid 5597] close(18) = -1 EBADF (Bad file descriptor) [pid 5597] close(19) = -1 EBADF (Bad file descriptor) [pid 5597] close(20) = -1 EBADF (Bad file descriptor) [pid 5597] close(21) = -1 EBADF (Bad file descriptor) [pid 5597] close(22) = -1 EBADF (Bad file descriptor) [pid 5597] close(23) = -1 EBADF (Bad file descriptor) [pid 5597] close(24) = -1 EBADF (Bad file descriptor) [pid 5597] close(25) = -1 EBADF (Bad file descriptor) [pid 5597] close(26) = -1 EBADF (Bad file descriptor) [pid 5597] close(27) = -1 EBADF (Bad file descriptor) [pid 5597] close(28) = -1 EBADF (Bad file descriptor) [pid 5597] close(29) = -1 EBADF (Bad file descriptor) [pid 5597] exit_group(0) = ? [pid 5597] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 144.673883][ T5600] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 144.681865][ T5600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 144.689866][ T5600] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000015 [ 144.697887][ T5600] [pid 5073] unlink("./24/binderfs") = 0 [pid 5073] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./24/cgroup") = 0 [pid 5073] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./24/cgroup.net") = 0 [pid 5073] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./24/file0") = 0 [pid 5073] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./24/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./24") = 0 [pid 5073] mkdir("./25", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 27 [ 144.745759][ T5600] memory: usage 8kB, limit 0kB, failcnt 55 [ 144.759769][ T5600] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 144.769983][ T5600] Memory cgroup stats for /syz1: [ 144.770187][ T5600] anon 0 [ 144.770187][ T5600] file 0 [ 144.770187][ T5600] kernel 8192 [ 144.770187][ T5600] kernel_stack 0 [ 144.770187][ T5600] pagetables 0 [ 144.770187][ T5600] sec_pagetables 0 [ 144.770187][ T5600] percpu 0 [ 144.770187][ T5600] sock 0 [ 144.770187][ T5600] vmalloc 0 [ 144.770187][ T5600] shmem 0 [ 144.770187][ T5600] zswap 0 [ 144.770187][ T5600] zswapped 0 [ 144.770187][ T5600] file_mapped 0 [ 144.770187][ T5600] file_dirty 0 [ 144.770187][ T5600] file_writeback 0 [ 144.770187][ T5600] swapcached 0 [ 144.770187][ T5600] anon_thp 0 [ 144.770187][ T5600] file_thp 0 [ 144.770187][ T5600] shmem_thp 0 [ 144.770187][ T5600] inactive_anon 0 [ 144.770187][ T5600] active_anon 0 [ 144.770187][ T5600] inactive_file 0 ./strace-static-x86_64: Process 5605 attached [pid 5605] chdir("./25") = 0 [ 144.770187][ T5600] active_file 0 [ 144.770187][ T5600] unevictable 0 [ 144.770187][ T5600] slab_reclaimable 6752 [ 144.770187][ T5600] slab_unreclaimable 0 [ 144.770187][ T5600] slab 6752 [ 144.770187][ T5600] workingset_refault_anon 0 [ 144.867030][ T5600] Tasks state (memory values in pages): [ 144.872897][ T5600] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 144.887807][ T5600] Out of memory and no killable processes... [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] <... write resumed>) = 18 [ 144.893860][ T5601] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 144.904535][ T5601] CPU: 0 PID: 5601 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 144.915019][ T5601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 144.925108][ T5601] Call Trace: [ 144.928423][ T5601] [ 144.931386][ T5601] dump_stack_lvl+0x1e7/0x2d0 [ 144.936117][ T5601] ? nf_tcp_handle_invalid+0x640/0x640 [ 144.941620][ T5601] ? panic+0x770/0x770 [ 144.945736][ T5601] dump_header+0xdc/0x940 [ 144.950094][ T5601] out_of_memory+0xf21/0x12c0 [ 144.954824][ T5601] ? mutex_lock_io_nested+0x60/0x60 [ 144.960083][ T5601] ? preempt_schedule+0xdd/0xf0 [ 144.964985][ T5601] ? unregister_oom_notifier+0x20/0x20 [ 144.970493][ T5601] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 144.976540][ T5601] mem_cgroup_out_of_memory+0x263/0x3b0 [ 144.982138][ T5601] ? preempt_schedule_thunk+0x1a/0x20 [ 144.987570][ T5601] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5605] setpgid(0, 0) = 0 [pid 5605] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5605] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5605] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] mkdir("./file0", 000) = 0 [pid 5605] open("./file0", O_RDONLY) = 3 [pid 5605] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5605] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5605] openat(5, "memory.max", O_RDWR) = 6 [ 144.993174][ T5601] ? cgroup_file_notify+0x127/0x190 [ 144.998419][ T5601] memory_max_write+0x355/0x470 [ 145.003354][ T5601] ? memory_max_show+0xa0/0xa0 [ 145.008182][ T5601] ? read_lock_is_recursive+0x20/0x20 [ 145.013613][ T5601] ? memory_max_show+0xa0/0xa0 [ 145.018436][ T5601] cgroup_file_write+0x2b1/0x780 [ 145.023435][ T5601] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.028598][ T5601] ? __virt_addr_valid+0x22f/0x2e0 [ 145.033779][ T5601] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.038917][ T5601] kernfs_fop_write_iter+0x3a6/0x4f0 [ 145.044243][ T5601] vfs_write+0x7b2/0xbb0 [ 145.048534][ T5601] ? file_end_write+0x240/0x240 [ 145.053414][ T5601] ? do_raw_spin_unlock+0x13b/0x8b0 [ 145.058662][ T5601] ? lockdep_hardirqs_on+0x98/0x140 [ 145.063922][ T5601] ? __fdget_pos+0x265/0x2f0 [ 145.068570][ T5601] ksys_write+0x1a0/0x2c0 [ 145.072938][ T5601] ? __ia32_sys_read+0x90/0x90 [ 145.077733][ T5601] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 145.083758][ T5601] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 145.089788][ T5601] do_syscall_64+0x41/0xc0 [pid 5605] write(6, "0x000000000000040e", 18 [pid 5600] close(3) = 0 [pid 5600] close(4) = 0 [pid 5600] close(5) = 0 [pid 5600] close(6) = 0 [pid 5600] close(7) = -1 EBADF (Bad file descriptor) [pid 5600] close(8) = -1 EBADF (Bad file descriptor) [pid 5600] close(9) = -1 EBADF (Bad file descriptor) [pid 5600] close(10) = -1 EBADF (Bad file descriptor) [pid 5600] close(11) = -1 EBADF (Bad file descriptor) [pid 5600] close(12) = -1 EBADF (Bad file descriptor) [pid 5600] close(13) = -1 EBADF (Bad file descriptor) [pid 5600] close(14) = -1 EBADF (Bad file descriptor) [pid 5600] close(15) = -1 EBADF (Bad file descriptor) [pid 5600] close(16) = -1 EBADF (Bad file descriptor) [pid 5600] close(17) = -1 EBADF (Bad file descriptor) [pid 5600] close(18) = -1 EBADF (Bad file descriptor) [pid 5600] close(19) = -1 EBADF (Bad file descriptor) [pid 5600] close(20) = -1 EBADF (Bad file descriptor) [pid 5600] close(21) = -1 EBADF (Bad file descriptor) [pid 5600] close(22) = -1 EBADF (Bad file descriptor) [pid 5600] close(23) = -1 EBADF (Bad file descriptor) [pid 5600] close(24) = -1 EBADF (Bad file descriptor) [pid 5600] close(25) = -1 EBADF (Bad file descriptor) [pid 5600] close(26) = -1 EBADF (Bad file descriptor) [pid 5600] close(27) = -1 EBADF (Bad file descriptor) [pid 5600] close(28) = -1 EBADF (Bad file descriptor) [pid 5600] close(29) = -1 EBADF (Bad file descriptor) [pid 5600] exit_group(0) = ? [ 145.094236][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.100189][ T5601] RIP: 0033:0x7fd49ce20129 [ 145.104651][ T5601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.124321][ T5601] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.132803][ T5601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5600] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./21/binderfs") = 0 [pid 5070] umount2("./21/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./21/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./21/cgroup") = 0 [pid 5070] umount2("./21/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./21/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./21/cgroup.net") = 0 [pid 5070] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./21/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.140833][ T5601] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 145.148857][ T5601] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 145.156891][ T5601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 145.164919][ T5601] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000016 [ 145.172973][ T5601] [ 145.184400][ T5601] memory: usage 8kB, limit 0kB, failcnt 55 [ 145.190694][ T5601] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./21/file0") = 0 [pid 5070] umount2("./21/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./21/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./21/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./21") = 0 [pid 5070] mkdir("./22", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 24 [ 145.201394][ T5601] Memory cgroup stats for /syz1: [ 145.203823][ T5601] anon 0 [ 145.203823][ T5601] file 0 [ 145.203823][ T5601] kernel 8192 [ 145.203823][ T5601] kernel_stack 0 [ 145.203823][ T5601] pagetables 0 [ 145.203823][ T5601] sec_pagetables 0 [ 145.203823][ T5601] percpu 0 [ 145.203823][ T5601] sock 0 [ 145.203823][ T5601] vmalloc 0 [ 145.203823][ T5601] shmem 0 [ 145.203823][ T5601] zswap 0 [ 145.203823][ T5601] zswapped 0 [ 145.203823][ T5601] file_mapped 0 [ 145.203823][ T5601] file_dirty 0 ./strace-static-x86_64: Process 5607 attached [ 145.203823][ T5601] file_writeback 0 [ 145.203823][ T5601] swapcached 0 [ 145.203823][ T5601] anon_thp 0 [ 145.203823][ T5601] file_thp 0 [ 145.203823][ T5601] shmem_thp 0 [ 145.203823][ T5601] inactive_anon 0 [ 145.203823][ T5601] active_anon 0 [ 145.203823][ T5601] inactive_file 0 [ 145.203823][ T5601] active_file 0 [ 145.203823][ T5601] unevictable 0 [ 145.203823][ T5601] slab_reclaimable 6752 [ 145.203823][ T5601] slab_unreclaimable 0 [ 145.203823][ T5601] slab 6752 [ 145.203823][ T5601] workingset_refault_anon 0 [pid 5607] chdir("./22") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0 [pid 5601] <... write resumed>) = 18 [pid 5607] <... setpgid resumed>) = 0 [pid 5607] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5607] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5607] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 145.306642][ T5601] Tasks state (memory values in pages): [ 145.312331][ T5601] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 145.322460][ T5601] Out of memory and no killable processes... [ 145.330033][ T5602] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 145.340850][ T5602] CPU: 0 PID: 5602 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] mkdir("./file0", 000) = 0 [pid 5607] open("./file0", O_RDONLY) = 3 [pid 5607] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5607] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5607] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5607] openat(5, "memory.max", O_RDWR) = 6 [ 145.351320][ T5602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 145.361415][ T5602] Call Trace: [ 145.364745][ T5602] [ 145.367717][ T5602] dump_stack_lvl+0x1e7/0x2d0 [ 145.372456][ T5602] ? nf_tcp_handle_invalid+0x640/0x640 [ 145.377967][ T5602] ? panic+0x770/0x770 [ 145.382103][ T5602] dump_header+0xdc/0x940 [ 145.386490][ T5602] out_of_memory+0xf21/0x12c0 [ 145.391226][ T5602] ? mutex_lock_io_nested+0x60/0x60 [ 145.396476][ T5602] ? preempt_schedule+0xdd/0xf0 [ 145.401358][ T5602] ? unregister_oom_notifier+0x20/0x20 [ 145.406860][ T5602] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 145.412900][ T5602] mem_cgroup_out_of_memory+0x263/0x3b0 [ 145.418498][ T5602] ? preempt_schedule_thunk+0x1a/0x20 [ 145.423887][ T5602] ? mem_cgroup_oom_trylock+0x210/0x210 [ 145.429477][ T5602] ? cgroup_file_notify+0x127/0x190 [ 145.434725][ T5602] memory_max_write+0x355/0x470 [ 145.439637][ T5602] ? memory_max_show+0xa0/0xa0 [ 145.444443][ T5602] ? read_lock_is_recursive+0x20/0x20 [ 145.449848][ T5602] ? memory_max_show+0xa0/0xa0 [ 145.454632][ T5602] cgroup_file_write+0x2b1/0x780 [ 145.459588][ T5602] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.464713][ T5602] ? __virt_addr_valid+0x22f/0x2e0 [ 145.469849][ T5602] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.474968][ T5602] kernfs_fop_write_iter+0x3a6/0x4f0 [ 145.480280][ T5602] vfs_write+0x7b2/0xbb0 [ 145.484542][ T5602] ? file_end_write+0x240/0x240 [ 145.489409][ T5602] ? do_raw_spin_unlock+0x13b/0x8b0 [ 145.494625][ T5602] ? lockdep_hardirqs_on+0x98/0x140 [ 145.499850][ T5602] ? __fdget_pos+0x265/0x2f0 [ 145.504459][ T5602] ksys_write+0x1a0/0x2c0 [ 145.508805][ T5602] ? __ia32_sys_read+0x90/0x90 [ 145.513581][ T5602] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 145.519601][ T5602] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 145.525628][ T5602] do_syscall_64+0x41/0xc0 [ 145.530064][ T5602] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.535976][ T5602] RIP: 0033:0x7fd49ce20129 [ 145.540406][ T5602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.560020][ T5602] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.568453][ T5602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 145.576438][ T5602] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 145.584420][ T5602] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 145.592413][ T5602] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5607] write(6, "0x000000000000040e", 18 [pid 5601] close(3) = 0 [pid 5601] close(4) = 0 [pid 5601] close(5) = 0 [pid 5601] close(6) = 0 [pid 5601] close(7) = -1 EBADF (Bad file descriptor) [pid 5601] close(8) = -1 EBADF (Bad file descriptor) [pid 5601] close(9) = -1 EBADF (Bad file descriptor) [pid 5601] close(10) = -1 EBADF (Bad file descriptor) [pid 5601] close(11) = -1 EBADF (Bad file descriptor) [pid 5601] close(12) = -1 EBADF (Bad file descriptor) [pid 5601] close(13) = -1 EBADF (Bad file descriptor) [pid 5601] close(14) = -1 EBADF (Bad file descriptor) [pid 5601] close(15) = -1 EBADF (Bad file descriptor) [pid 5601] close(16) = -1 EBADF (Bad file descriptor) [pid 5601] close(17) = -1 EBADF (Bad file descriptor) [pid 5601] close(18) = -1 EBADF (Bad file descriptor) [pid 5601] close(19) = -1 EBADF (Bad file descriptor) [pid 5601] close(20) = -1 EBADF (Bad file descriptor) [pid 5601] close(21) = -1 EBADF (Bad file descriptor) [pid 5601] close(22) = -1 EBADF (Bad file descriptor) [pid 5601] close(23) = -1 EBADF (Bad file descriptor) [pid 5601] close(24) = -1 EBADF (Bad file descriptor) [pid 5601] close(25) = -1 EBADF (Bad file descriptor) [pid 5601] close(26) = -1 EBADF (Bad file descriptor) [pid 5601] close(27) = -1 EBADF (Bad file descriptor) [pid 5601] close(28) = -1 EBADF (Bad file descriptor) [pid 5601] close(29) = -1 EBADF (Bad file descriptor) [pid 5601] exit_group(0) = ? [pid 5601] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 145.600409][ T5602] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001d [ 145.608419][ T5602] [pid 5072] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 145.634382][ T5602] memory: usage 8kB, limit 0kB, failcnt 55 [ 145.641977][ T5602] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 145.650515][ T5602] Memory cgroup stats for /syz1: [ 145.650940][ T5602] anon 0 [ 145.650940][ T5602] file 0 [ 145.650940][ T5602] kernel 8192 [ 145.650940][ T5602] kernel_stack 0 [ 145.650940][ T5602] pagetables 0 [ 145.650940][ T5602] sec_pagetables 0 [ 145.650940][ T5602] percpu 0 [ 145.650940][ T5602] sock 0 [ 145.650940][ T5602] vmalloc 0 [pid 5072] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./22/binderfs") = 0 [pid 5072] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./22/cgroup") = 0 [pid 5072] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./22/cgroup.net") = 0 [ 145.650940][ T5602] shmem 0 [ 145.650940][ T5602] zswap 0 [ 145.650940][ T5602] zswapped 0 [ 145.650940][ T5602] file_mapped 0 [ 145.650940][ T5602] file_dirty 0 [ 145.650940][ T5602] file_writeback 0 [ 145.650940][ T5602] swapcached 0 [ 145.650940][ T5602] anon_thp 0 [ 145.650940][ T5602] file_thp 0 [ 145.650940][ T5602] shmem_thp 0 [ 145.650940][ T5602] inactive_anon 0 [ 145.650940][ T5602] active_anon 0 [ 145.650940][ T5602] inactive_file 0 [ 145.650940][ T5602] active_file 0 [ 145.650940][ T5602] unevictable 0 [ 145.650940][ T5602] slab_reclaimable 6752 [pid 5072] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./22/file0") = 0 [pid 5072] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./22/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./22") = 0 [pid 5072] mkdir("./23", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5608 attached [pid 5608] chdir("./23" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 25 [pid 5608] <... chdir resumed>) = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [ 145.650940][ T5602] slab_unreclaimable 0 [ 145.650940][ T5602] slab 6752 [ 145.650940][ T5602] workingset_refault_anon 0 [ 145.766111][ T5602] Tasks state (memory values in pages): [ 145.774949][ T5602] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5608] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5608] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5608] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] mkdir("./file0", 000) = 0 [pid 5608] open("./file0", O_RDONLY) = 3 [pid 5608] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5608] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5608] openat(4, "syz1", O_RDWR|O_PATH [pid 5602] <... write resumed>) = 18 [pid 5608] <... openat resumed>) = 5 [pid 5602] close(3 [pid 5608] openat(5, "memory.max", O_RDWR [pid 5602] <... close resumed>) = 0 [pid 5608] <... openat resumed>) = 6 [pid 5602] close(4 [ 145.792538][ T5602] Out of memory and no killable processes... [ 145.800615][ T5603] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 145.826343][ T5603] CPU: 0 PID: 5603 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 145.836915][ T5603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 145.847024][ T5603] Call Trace: [ 145.850341][ T5603] [ 145.853295][ T5603] dump_stack_lvl+0x1e7/0x2d0 [ 145.858001][ T5603] ? nf_tcp_handle_invalid+0x640/0x640 [ 145.863480][ T5603] ? panic+0x770/0x770 [ 145.867595][ T5603] dump_header+0xdc/0x940 [ 145.871980][ T5603] out_of_memory+0xf21/0x12c0 [ 145.876715][ T5603] ? mutex_lock_io_nested+0x60/0x60 [ 145.881976][ T5603] ? preempt_schedule+0xdd/0xf0 [ 145.886878][ T5603] ? unregister_oom_notifier+0x20/0x20 [pid 5608] write(6, "0x000000000000040e", 18 [pid 5602] <... close resumed>) = 0 [pid 5602] close(5) = 0 [pid 5602] close(6) = 0 [pid 5602] close(7) = -1 EBADF (Bad file descriptor) [pid 5602] close(8) = -1 EBADF (Bad file descriptor) [pid 5602] close(9) = -1 EBADF (Bad file descriptor) [pid 5602] close(10) = -1 EBADF (Bad file descriptor) [pid 5602] close(11) = -1 EBADF (Bad file descriptor) [pid 5602] close(12) = -1 EBADF (Bad file descriptor) [pid 5602] close(13) = -1 EBADF (Bad file descriptor) [ 145.892387][ T5603] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 145.898443][ T5603] mem_cgroup_out_of_memory+0x263/0x3b0 [ 145.904055][ T5603] ? preempt_schedule_thunk+0x1a/0x20 [ 145.909482][ T5603] ? mem_cgroup_oom_trylock+0x210/0x210 [ 145.915087][ T5603] ? cgroup_file_notify+0x127/0x190 [ 145.920338][ T5603] memory_max_write+0x355/0x470 [ 145.925246][ T5603] ? memory_max_show+0xa0/0xa0 [ 145.930064][ T5603] ? read_lock_is_recursive+0x20/0x20 [ 145.935493][ T5603] ? memory_max_show+0xa0/0xa0 [pid 5602] close(14) = -1 EBADF (Bad file descriptor) [pid 5602] close(15) = -1 EBADF (Bad file descriptor) [pid 5602] close(16) = -1 EBADF (Bad file descriptor) [pid 5602] close(17) = -1 EBADF (Bad file descriptor) [pid 5602] close(18) = -1 EBADF (Bad file descriptor) [pid 5602] close(19) = -1 EBADF (Bad file descriptor) [pid 5602] close(20) = -1 EBADF (Bad file descriptor) [pid 5602] close(21) = -1 EBADF (Bad file descriptor) [pid 5602] close(22) = -1 EBADF (Bad file descriptor) [pid 5602] close(23) = -1 EBADF (Bad file descriptor) [pid 5602] close(24) = -1 EBADF (Bad file descriptor) [pid 5602] close(25) = -1 EBADF (Bad file descriptor) [pid 5602] close(26) = -1 EBADF (Bad file descriptor) [pid 5602] close(27) = -1 EBADF (Bad file descriptor) [pid 5602] close(28) = -1 EBADF (Bad file descriptor) [pid 5602] close(29) = -1 EBADF (Bad file descriptor) [pid 5602] exit_group(0) = ? [pid 5602] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 145.940312][ T5603] cgroup_file_write+0x2b1/0x780 [ 145.945300][ T5603] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.950463][ T5603] ? __virt_addr_valid+0x22f/0x2e0 [ 145.955639][ T5603] ? cgroup_seqfile_stop+0xd0/0xd0 [ 145.960796][ T5603] kernfs_fop_write_iter+0x3a6/0x4f0 [ 145.966153][ T5603] vfs_write+0x7b2/0xbb0 [ 145.970455][ T5603] ? file_end_write+0x240/0x240 [ 145.975361][ T5603] ? do_raw_spin_unlock+0x13b/0x8b0 [ 145.980607][ T5603] ? lockdep_hardirqs_on+0x98/0x140 [ 145.985862][ T5603] ? __fdget_pos+0x265/0x2f0 [pid 5074] unlink("./29/binderfs") = 0 [pid 5074] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./29/cgroup") = 0 [pid 5074] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./29/cgroup.net") = 0 [ 145.990503][ T5603] ksys_write+0x1a0/0x2c0 [ 145.994890][ T5603] ? __ia32_sys_read+0x90/0x90 [ 145.999712][ T5603] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 146.005749][ T5603] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 146.011778][ T5603] do_syscall_64+0x41/0xc0 [ 146.016224][ T5603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 146.022208][ T5603] RIP: 0033:0x7fd49ce20129 [ 146.026660][ T5603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 146.046314][ T5603] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.054760][ T5603] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 146.062764][ T5603] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 146.070764][ T5603] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 146.078781][ T5603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5074] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 146.086786][ T5603] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001c [ 146.094811][ T5603] [ 146.108257][ T5603] memory: usage 8kB, limit 0kB, failcnt 55 [ 146.114147][ T5603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 146.121552][ T5603] Memory cgroup stats for /syz1: [ 146.121754][ T5603] anon 0 [ 146.121754][ T5603] file 0 [ 146.121754][ T5603] kernel 8192 [ 146.121754][ T5603] kernel_stack 0 [ 146.121754][ T5603] pagetables 0 [pid 5074] rmdir("./29/file0") = 0 [pid 5074] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./29/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./29") = 0 [pid 5074] mkdir("./30", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 32 ./strace-static-x86_64: Process 5609 attached [pid 5609] chdir("./30") = 0 [pid 5609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5609] setpgid(0, 0) = 0 [pid 5609] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5609] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5609] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 146.121754][ T5603] sec_pagetables 0 [ 146.121754][ T5603] percpu 0 [ 146.121754][ T5603] sock 0 [ 146.121754][ T5603] vmalloc 0 [ 146.121754][ T5603] shmem 0 [ 146.121754][ T5603] zswap 0 [ 146.121754][ T5603] zswapped 0 [ 146.121754][ T5603] file_mapped 0 [ 146.121754][ T5603] file_dirty 0 [ 146.121754][ T5603] file_writeback 0 [ 146.121754][ T5603] swapcached 0 [ 146.121754][ T5603] anon_thp 0 [ 146.121754][ T5603] file_thp 0 [ 146.121754][ T5603] shmem_thp 0 [ 146.121754][ T5603] inactive_anon 0 [ 146.121754][ T5603] active_anon 0 [pid 5609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5609] write(3, "1000", 4) = 4 [pid 5609] close(3) = 0 [pid 5609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5609] mkdir("./file0", 000) = 0 [pid 5609] open("./file0", O_RDONLY) = 3 [pid 5609] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5609] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5609] openat(5, "memory.max", O_RDWR) = 6 [ 146.121754][ T5603] inactive_file 0 [ 146.121754][ T5603] active_file 0 [ 146.121754][ T5603] unevictable 0 [ 146.121754][ T5603] slab_reclaimable 6752 [ 146.121754][ T5603] slab_unreclaimable 0 [ 146.121754][ T5603] slab 6752 [ 146.121754][ T5603] workingset_refault_anon 0 [ 146.221139][ T5603] Tasks state (memory values in pages): [ 146.227759][ T5603] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 146.237381][ T5603] Out of memory and no killable processes... [pid 5609] write(6, "0x000000000000040e", 18 [pid 5603] <... write resumed>) = 18 [pid 5603] close(3) = 0 [pid 5603] close(4) = 0 [pid 5603] close(5) = 0 [pid 5603] close(6) = 0 [pid 5603] close(7) = -1 EBADF (Bad file descriptor) [pid 5603] close(8) = -1 EBADF (Bad file descriptor) [pid 5603] close(9) = -1 EBADF (Bad file descriptor) [pid 5603] close(10) = -1 EBADF (Bad file descriptor) [pid 5603] close(11) = -1 EBADF (Bad file descriptor) [pid 5603] close(12) = -1 EBADF (Bad file descriptor) [pid 5603] close(13) = -1 EBADF (Bad file descriptor) [pid 5603] close(14) = -1 EBADF (Bad file descriptor) [pid 5603] close(15) = -1 EBADF (Bad file descriptor) [pid 5603] close(16) = -1 EBADF (Bad file descriptor) [pid 5603] close(17) = -1 EBADF (Bad file descriptor) [pid 5603] close(18) = -1 EBADF (Bad file descriptor) [pid 5603] close(19) = -1 EBADF (Bad file descriptor) [pid 5603] close(20) = -1 EBADF (Bad file descriptor) [pid 5603] close(21) = -1 EBADF (Bad file descriptor) [pid 5603] close(22) = -1 EBADF (Bad file descriptor) [pid 5603] close(23) = -1 EBADF (Bad file descriptor) [pid 5603] close(24) = -1 EBADF (Bad file descriptor) [pid 5603] close(25) = -1 EBADF (Bad file descriptor) [pid 5603] close(26) = -1 EBADF (Bad file descriptor) [pid 5603] close(27) = -1 EBADF (Bad file descriptor) [pid 5603] close(28) = -1 EBADF (Bad file descriptor) [pid 5603] close(29) = -1 EBADF (Bad file descriptor) [pid 5603] exit_group(0) = ? [pid 5603] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./28/binderfs") = 0 [pid 5075] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./28/cgroup") = 0 [pid 5075] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 146.243600][ T5605] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 146.255270][ T5605] CPU: 1 PID: 5605 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 146.265729][ T5605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 146.275807][ T5605] Call Trace: [ 146.279094][ T5605] [ 146.282057][ T5605] dump_stack_lvl+0x1e7/0x2d0 [ 146.286775][ T5605] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5075] unlink("./28/cgroup.net") = 0 [ 146.292278][ T5605] ? panic+0x770/0x770 [ 146.296386][ T5605] dump_header+0xdc/0x940 [ 146.300759][ T5605] out_of_memory+0xf21/0x12c0 [ 146.305497][ T5605] ? mutex_lock_io_nested+0x60/0x60 [ 146.310758][ T5605] ? mark_lock+0x9a/0x340 [ 146.315128][ T5605] ? unregister_oom_notifier+0x20/0x20 [ 146.320636][ T5605] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 146.326661][ T5605] mem_cgroup_out_of_memory+0x263/0x3b0 [ 146.332267][ T5605] ? mem_cgroup_oom_trylock+0x210/0x210 [ 146.337880][ T5605] ? cgroup_file_notify+0x127/0x190 [ 146.343129][ T5605] memory_max_write+0x355/0x470 [ 146.348040][ T5605] ? memory_max_show+0xa0/0xa0 [ 146.352847][ T5605] ? read_lock_is_recursive+0x20/0x20 [ 146.358273][ T5605] ? memory_max_show+0xa0/0xa0 [ 146.363075][ T5605] cgroup_file_write+0x2b1/0x780 [ 146.368058][ T5605] ? cgroup_seqfile_stop+0xd0/0xd0 [ 146.373222][ T5605] ? __virt_addr_valid+0x22f/0x2e0 [ 146.378434][ T5605] ? cgroup_seqfile_stop+0xd0/0xd0 [ 146.383593][ T5605] kernfs_fop_write_iter+0x3a6/0x4f0 [ 146.388930][ T5605] vfs_write+0x7b2/0xbb0 [ 146.393223][ T5605] ? file_end_write+0x240/0x240 [ 146.398117][ T5605] ? do_raw_spin_unlock+0x13b/0x8b0 [ 146.403392][ T5605] ? lockdep_hardirqs_on+0x98/0x140 [ 146.408656][ T5605] ? __fdget_pos+0x265/0x2f0 [ 146.413300][ T5605] ksys_write+0x1a0/0x2c0 [ 146.417684][ T5605] ? __ia32_sys_read+0x90/0x90 [ 146.422500][ T5605] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 146.428544][ T5605] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 146.434582][ T5605] do_syscall_64+0x41/0xc0 [ 146.439040][ T5605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 146.444992][ T5605] RIP: 0033:0x7fd49ce20129 [ 146.449434][ T5605] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 146.469090][ T5605] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.477559][ T5605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 146.485563][ T5605] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./28/file0") = 0 [pid 5075] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./28/cgroup.cpu") = 0 [ 146.493583][ T5605] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 146.501571][ T5605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 146.509574][ T5605] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000019 [ 146.517620][ T5605] [ 146.530082][ T5605] memory: usage 8kB, limit 0kB, failcnt 55 [ 146.537113][ T5605] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./28") = 0 [pid 5075] mkdir("./29", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 31 ./strace-static-x86_64: Process 5610 attached [ 146.545134][ T5605] Memory cgroup stats for /syz1: [ 146.545367][ T5605] anon 0 [ 146.545367][ T5605] file 0 [ 146.545367][ T5605] kernel 8192 [ 146.545367][ T5605] kernel_stack 0 [ 146.545367][ T5605] pagetables 0 [ 146.545367][ T5605] sec_pagetables 0 [ 146.545367][ T5605] percpu 0 [ 146.545367][ T5605] sock 0 [ 146.545367][ T5605] vmalloc 0 [ 146.545367][ T5605] shmem 0 [ 146.545367][ T5605] zswap 0 [ 146.545367][ T5605] zswapped 0 [ 146.545367][ T5605] file_mapped 0 [ 146.545367][ T5605] file_dirty 0 [pid 5610] chdir("./29") = 0 [pid 5610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5610] setpgid(0, 0) = 0 [pid 5610] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5610] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5610] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5610] write(3, "1000", 4) = 4 [pid 5610] close(3) = 0 [pid 5610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5610] mkdir("./file0", 000) = 0 [pid 5610] open("./file0", O_RDONLY) = 3 [pid 5610] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5610] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5610] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5610] openat(5, "memory.max", O_RDWR) = 6 [ 146.545367][ T5605] file_writeback 0 [ 146.545367][ T5605] swapcached 0 [ 146.545367][ T5605] anon_thp 0 [ 146.545367][ T5605] file_thp 0 [ 146.545367][ T5605] shmem_thp 0 [ 146.545367][ T5605] inactive_anon 0 [ 146.545367][ T5605] active_anon 0 [ 146.545367][ T5605] inactive_file 0 [ 146.545367][ T5605] active_file 0 [ 146.545367][ T5605] unevictable 0 [ 146.545367][ T5605] slab_reclaimable 6752 [ 146.545367][ T5605] slab_unreclaimable 0 [ 146.545367][ T5605] slab 6752 [ 146.545367][ T5605] workingset_refault_anon 0 [pid 5610] write(6, "0x000000000000040e", 18 [pid 5605] <... write resumed>) = 18 [pid 5605] close(3) = 0 [pid 5605] close(4) = 0 [pid 5605] close(5) = 0 [pid 5605] close(6) = 0 [ 146.648510][ T5605] Tasks state (memory values in pages): [ 146.654178][ T5605] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 146.663807][ T5605] Out of memory and no killable processes... [ 146.670077][ T5607] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 146.681087][ T5607] CPU: 1 PID: 5607 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5605] close(7) = -1 EBADF (Bad file descriptor) [pid 5605] close(8) = -1 EBADF (Bad file descriptor) [pid 5605] close(9) = -1 EBADF (Bad file descriptor) [pid 5605] close(10) = -1 EBADF (Bad file descriptor) [pid 5605] close(11) = -1 EBADF (Bad file descriptor) [pid 5605] close(12) = -1 EBADF (Bad file descriptor) [pid 5605] close(13) = -1 EBADF (Bad file descriptor) [pid 5605] close(14) = -1 EBADF (Bad file descriptor) [ 146.691563][ T5607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 146.701675][ T5607] Call Trace: [ 146.705001][ T5607] [ 146.707989][ T5607] dump_stack_lvl+0x1e7/0x2d0 [ 146.712725][ T5607] ? nf_tcp_handle_invalid+0x640/0x640 [ 146.718244][ T5607] ? panic+0x770/0x770 [ 146.722381][ T5607] dump_header+0xdc/0x940 [ 146.726775][ T5607] out_of_memory+0xf21/0x12c0 [ 146.731511][ T5607] ? mutex_lock_io_nested+0x60/0x60 [ 146.736774][ T5607] ? mark_lock+0x9a/0x340 [ 146.741161][ T5607] ? unregister_oom_notifier+0x20/0x20 [ 146.746674][ T5607] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 146.752709][ T5607] mem_cgroup_out_of_memory+0x263/0x3b0 [ 146.758288][ T5607] ? mem_cgroup_oom_trylock+0x210/0x210 [ 146.763869][ T5607] ? cgroup_file_notify+0x127/0x190 [ 146.769099][ T5607] memory_max_write+0x355/0x470 [ 146.773984][ T5607] ? memory_max_show+0xa0/0xa0 [ 146.778793][ T5607] ? read_lock_is_recursive+0x20/0x20 [ 146.784196][ T5607] ? memory_max_show+0xa0/0xa0 [ 146.788981][ T5607] cgroup_file_write+0x2b1/0x780 [ 146.793941][ T5607] ? cgroup_seqfile_stop+0xd0/0xd0 [pid 5605] close(15) = -1 EBADF (Bad file descriptor) [pid 5605] close(16) = -1 EBADF (Bad file descriptor) [pid 5605] close(17) = -1 EBADF (Bad file descriptor) [pid 5605] close(18) = -1 EBADF (Bad file descriptor) [pid 5605] close(19) = -1 EBADF (Bad file descriptor) [pid 5605] close(20) = -1 EBADF (Bad file descriptor) [pid 5605] close(21) = -1 EBADF (Bad file descriptor) [pid 5605] close(22) = -1 EBADF (Bad file descriptor) [pid 5605] close(23) = -1 EBADF (Bad file descriptor) [ 146.799067][ T5607] ? __virt_addr_valid+0x22f/0x2e0 [ 146.804224][ T5607] ? cgroup_seqfile_stop+0xd0/0xd0 [ 146.809351][ T5607] kernfs_fop_write_iter+0x3a6/0x4f0 [ 146.814662][ T5607] vfs_write+0x7b2/0xbb0 [ 146.819021][ T5607] ? file_end_write+0x240/0x240 [ 146.823897][ T5607] ? do_raw_spin_unlock+0x13b/0x8b0 [ 146.829130][ T5607] ? lockdep_hardirqs_on+0x98/0x140 [ 146.834353][ T5607] ? __fdget_pos+0x265/0x2f0 [ 146.838964][ T5607] ksys_write+0x1a0/0x2c0 [ 146.843315][ T5607] ? __ia32_sys_read+0x90/0x90 [ 146.848096][ T5607] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 146.854105][ T5607] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 146.860111][ T5607] do_syscall_64+0x41/0xc0 [ 146.864560][ T5607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 146.870506][ T5607] RIP: 0033:0x7fd49ce20129 [ 146.874957][ T5607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5605] close(24) = -1 EBADF (Bad file descriptor) [pid 5605] close(25) = -1 EBADF (Bad file descriptor) [pid 5605] close(26) = -1 EBADF (Bad file descriptor) [pid 5605] close(27) = -1 EBADF (Bad file descriptor) [pid 5605] close(28) = -1 EBADF (Bad file descriptor) [pid 5605] close(29) = -1 EBADF (Bad file descriptor) [pid 5605] exit_group(0) = ? [pid 5605] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.894585][ T5607] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.903036][ T5607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 146.911044][ T5607] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 146.919039][ T5607] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 146.927041][ T5607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 146.935034][ T5607] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000016 [ 146.943066][ T5607] [pid 5073] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 146.959986][ T5607] memory: usage 8kB, limit 0kB, failcnt 55 [ 146.965859][ T5607] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 146.974197][ T5607] Memory cgroup stats for /syz1: [ 146.974990][ T5607] anon 0 [ 146.974990][ T5607] file 0 [ 146.974990][ T5607] kernel 8192 [ 146.974990][ T5607] kernel_stack 0 [ 146.974990][ T5607] pagetables 0 [ 146.974990][ T5607] sec_pagetables 0 [ 146.974990][ T5607] percpu 0 [ 146.974990][ T5607] sock 0 [ 146.974990][ T5607] vmalloc 0 [ 146.974990][ T5607] shmem 0 [ 146.974990][ T5607] zswap 0 [ 146.974990][ T5607] zswapped 0 [ 146.974990][ T5607] file_mapped 0 [ 146.974990][ T5607] file_dirty 0 [ 146.974990][ T5607] file_writeback 0 [ 146.974990][ T5607] swapcached 0 [ 146.974990][ T5607] anon_thp 0 [ 146.974990][ T5607] file_thp 0 [ 146.974990][ T5607] shmem_thp 0 [ 146.974990][ T5607] inactive_anon 0 [ 146.974990][ T5607] active_anon 0 [ 146.974990][ T5607] inactive_file 0 [ 146.974990][ T5607] active_file 0 [ 146.974990][ T5607] unevictable 0 [ 146.974990][ T5607] slab_reclaimable 6752 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./25/binderfs") = 0 [pid 5073] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./25/cgroup") = 0 [pid 5073] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./25/cgroup.net") = 0 [pid 5073] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 146.974990][ T5607] slab_unreclaimable 0 [ 146.974990][ T5607] slab 6752 [ 146.974990][ T5607] workingset_refault_anon 0 [ 147.077062][ T5607] Tasks state (memory values in pages): [ 147.085742][ T5607] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 147.095635][ T5607] Out of memory and no killable processes... [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, [pid 5607] <... write resumed>) = 18 [pid 5607] close(3) = 0 [pid 5607] close(4) = 0 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4 [pid 5607] close(5) = 0 [pid 5607] close(6 [pid 5073] <... close resumed>) = 0 [pid 5073] rmdir("./25/file0") = 0 [pid 5073] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5607] <... close resumed>) = 0 [pid 5607] close(7) = -1 EBADF (Bad file descriptor) [pid 5073] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./25/cgroup.cpu" [pid 5607] close(8 [pid 5073] <... unlink resumed>) = 0 [pid 5607] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] getdents64(3, [pid 5607] close(9 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./25" [pid 5607] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5607] close(10) = -1 EBADF (Bad file descriptor) [pid 5607] close(11) = -1 EBADF (Bad file descriptor) [pid 5607] close(12) = -1 EBADF (Bad file descriptor) [pid 5073] <... rmdir resumed>) = 0 [pid 5607] close(13 [pid 5073] mkdir("./26", 0777 [pid 5607] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5607] close(14) = -1 EBADF (Bad file descriptor) [pid 5607] close(15) = -1 EBADF (Bad file descriptor) [pid 5607] close(16) = -1 EBADF (Bad file descriptor) [pid 5607] close(17) = -1 EBADF (Bad file descriptor) [pid 5073] <... mkdir resumed>) = 0 [pid 5607] close(18 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5607] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5607] close(19) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5611 attached [pid 5607] close(20 [pid 5611] chdir("./26") = 0 [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 28 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5611] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5611] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [ 147.103456][ T5608] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 147.128678][ T5608] CPU: 0 PID: 5608 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 147.139238][ T5608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 147.149318][ T5608] Call Trace: [ 147.152626][ T5608] [ 147.155591][ T5608] dump_stack_lvl+0x1e7/0x2d0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] mkdir("./file0", 000) = 0 [pid 5611] open("./file0", O_RDONLY) = 3 [pid 5611] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5611] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5611] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5611] openat(5, "memory.max", O_RDWR) = 6 [ 147.160322][ T5608] ? nf_tcp_handle_invalid+0x640/0x640 [ 147.165817][ T5608] ? panic+0x770/0x770 [ 147.169949][ T5608] dump_header+0xdc/0x940 [ 147.174343][ T5608] out_of_memory+0xf21/0x12c0 [ 147.179092][ T5608] ? mutex_lock_io_nested+0x60/0x60 [ 147.184345][ T5608] ? mark_lock+0x9a/0x340 [ 147.188714][ T5608] ? unregister_oom_notifier+0x20/0x20 [ 147.194223][ T5608] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 147.200262][ T5608] mem_cgroup_out_of_memory+0x263/0x3b0 [ 147.205865][ T5608] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5611] write(6, "0x000000000000040e", 18 [pid 5607] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5607] close(21) = -1 EBADF (Bad file descriptor) [pid 5607] close(22) = -1 EBADF (Bad file descriptor) [pid 5607] close(23) = -1 EBADF (Bad file descriptor) [pid 5607] close(24) = -1 EBADF (Bad file descriptor) [pid 5607] close(25) = -1 EBADF (Bad file descriptor) [pid 5607] close(26) = -1 EBADF (Bad file descriptor) [pid 5607] close(27) = -1 EBADF (Bad file descriptor) [pid 5607] close(28) = -1 EBADF (Bad file descriptor) [pid 5607] close(29) = -1 EBADF (Bad file descriptor) [ 147.211479][ T5608] ? cgroup_file_notify+0x127/0x190 [ 147.216745][ T5608] memory_max_write+0x355/0x470 [ 147.221660][ T5608] ? memory_max_show+0xa0/0xa0 [ 147.226491][ T5608] ? read_lock_is_recursive+0x20/0x20 [ 147.231931][ T5608] ? memory_max_show+0xa0/0xa0 [ 147.236744][ T5608] cgroup_file_write+0x2b1/0x780 [ 147.241737][ T5608] ? cgroup_seqfile_stop+0xd0/0xd0 [ 147.246879][ T5608] ? __virt_addr_valid+0x22f/0x2e0 [ 147.252025][ T5608] ? cgroup_seqfile_stop+0xd0/0xd0 [ 147.257151][ T5608] kernfs_fop_write_iter+0x3a6/0x4f0 [ 147.262460][ T5608] vfs_write+0x7b2/0xbb0 [ 147.266731][ T5608] ? file_end_write+0x240/0x240 [ 147.271601][ T5608] ? do_raw_spin_unlock+0x13b/0x8b0 [ 147.276828][ T5608] ? lockdep_hardirqs_on+0x98/0x140 [ 147.282065][ T5608] ? __fdget_pos+0x265/0x2f0 [ 147.286680][ T5608] ksys_write+0x1a0/0x2c0 [ 147.291037][ T5608] ? __ia32_sys_read+0x90/0x90 [ 147.295820][ T5608] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 147.301825][ T5608] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 147.307831][ T5608] do_syscall_64+0x41/0xc0 [ 147.312317][ T5608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.318421][ T5608] RIP: 0033:0x7fd49ce20129 [ 147.322845][ T5608] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.342463][ T5608] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 147.350898][ T5608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 147.358898][ T5608] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 147.367067][ T5608] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 147.375150][ T5608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 147.383138][ T5608] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000017 [ 147.391144][ T5608] [ 147.398993][ T5608] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5607] exit_group(0) = ? [pid 5607] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=24, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./22/binderfs") = 0 [pid 5070] umount2("./22/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./22/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./22/cgroup") = 0 [pid 5070] umount2("./22/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./22/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./22/cgroup.net") = 0 [ 147.409373][ T5608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 147.424781][ T5608] Memory cgroup stats for /syz1: [ 147.425001][ T5608] anon 0 [ 147.425001][ T5608] file 0 [ 147.425001][ T5608] kernel 8192 [ 147.425001][ T5608] kernel_stack 0 [ 147.425001][ T5608] pagetables 0 [ 147.425001][ T5608] sec_pagetables 0 [ 147.425001][ T5608] percpu 0 [ 147.425001][ T5608] sock 0 [ 147.425001][ T5608] vmalloc 0 [ 147.425001][ T5608] shmem 0 [ 147.425001][ T5608] zswap 0 [ 147.425001][ T5608] zswapped 0 [ 147.425001][ T5608] file_mapped 0 [ 147.425001][ T5608] file_dirty 0 [ 147.425001][ T5608] file_writeback 0 [ 147.425001][ T5608] swapcached 0 [ 147.425001][ T5608] anon_thp 0 [ 147.425001][ T5608] file_thp 0 [ 147.425001][ T5608] shmem_thp 0 [ 147.425001][ T5608] inactive_anon 0 [ 147.425001][ T5608] active_anon 0 [ 147.425001][ T5608] inactive_file 0 [ 147.425001][ T5608] active_file 0 [ 147.425001][ T5608] unevictable 0 [ 147.425001][ T5608] slab_reclaimable 6752 [pid 5070] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./22/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./22/file0") = 0 [pid 5070] umount2("./22/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./22/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./22/cgroup.cpu") = 0 [pid 5070] getdents64(3, [pid 5608] <... write resumed>) = 18 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [ 147.425001][ T5608] slab_unreclaimable 0 [ 147.425001][ T5608] slab 6752 [ 147.425001][ T5608] workingset_refault_anon 0 [ 147.523551][ T5608] Tasks state (memory values in pages): [ 147.530055][ T5608] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 147.540630][ T5608] Out of memory and no killable processes... [ 147.547626][ T5609] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5070] rmdir("./22") = 0 [pid 5070] mkdir("./23", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5612 attached [pid 5612] chdir("./23" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 25 [pid 5612] <... chdir resumed>) = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [pid 5612] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5612] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5612] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 147.558688][ T5609] CPU: 1 PID: 5609 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 147.569160][ T5609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 147.579274][ T5609] Call Trace: [ 147.582587][ T5609] [ 147.585548][ T5609] dump_stack_lvl+0x1e7/0x2d0 [ 147.590284][ T5609] ? nf_tcp_handle_invalid+0x640/0x640 [ 147.595797][ T5609] ? panic+0x770/0x770 [ 147.599936][ T5609] dump_header+0xdc/0x940 [ 147.604320][ T5609] out_of_memory+0xf21/0x12c0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3 [pid 5608] close(3 [pid 5612] <... close resumed>) = 0 [pid 5608] <... close resumed>) = 0 [pid 5612] symlink("/dev/binderfs", "./binderfs" [pid 5608] close(4 [pid 5612] <... symlink resumed>) = 0 [pid 5608] <... close resumed>) = 0 [pid 5612] mkdir("./file0", 000 [pid 5608] close(5 [pid 5612] <... mkdir resumed>) = 0 [ 147.609051][ T5609] ? mutex_lock_io_nested+0x60/0x60 [ 147.614307][ T5609] ? preempt_schedule+0xdd/0xf0 [ 147.619209][ T5609] ? unregister_oom_notifier+0x20/0x20 [ 147.624719][ T5609] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 147.630872][ T5609] mem_cgroup_out_of_memory+0x263/0x3b0 [ 147.636473][ T5609] ? preempt_schedule_thunk+0x1a/0x20 [ 147.641895][ T5609] ? mem_cgroup_oom_trylock+0x210/0x210 [ 147.647488][ T5609] ? cgroup_file_notify+0x127/0x190 [ 147.652727][ T5609] memory_max_write+0x355/0x470 [ 147.657699][ T5609] ? memory_max_show+0xa0/0xa0 [ 147.662487][ T5609] ? read_lock_is_recursive+0x20/0x20 [ 147.667895][ T5609] ? memory_max_show+0xa0/0xa0 [ 147.672683][ T5609] cgroup_file_write+0x2b1/0x780 [ 147.677642][ T5609] ? cgroup_seqfile_stop+0xd0/0xd0 [ 147.682855][ T5609] ? __virt_addr_valid+0x22f/0x2e0 [ 147.688084][ T5609] ? cgroup_seqfile_stop+0xd0/0xd0 [ 147.693215][ T5609] kernfs_fop_write_iter+0x3a6/0x4f0 [ 147.698523][ T5609] vfs_write+0x7b2/0xbb0 [ 147.702788][ T5609] ? file_end_write+0x240/0x240 [ 147.707660][ T5609] ? do_raw_spin_unlock+0x13b/0x8b0 [ 147.712872][ T5609] ? lockdep_hardirqs_on+0x98/0x140 [ 147.718095][ T5609] ? __fdget_pos+0x265/0x2f0 [ 147.722705][ T5609] ksys_write+0x1a0/0x2c0 [ 147.727076][ T5609] ? __ia32_sys_read+0x90/0x90 [ 147.731897][ T5609] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 147.738279][ T5609] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 147.744294][ T5609] do_syscall_64+0x41/0xc0 [ 147.748820][ T5609] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.754743][ T5609] RIP: 0033:0x7fd49ce20129 [ 147.759173][ T5609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.778828][ T5609] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 147.787291][ T5609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 147.795278][ T5609] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 147.803259][ T5609] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5608] <... close resumed>) = 0 [pid 5612] open("./file0", O_RDONLY [pid 5608] close(6 [pid 5612] <... open resumed>) = 3 [pid 5608] <... close resumed>) = 0 [pid 5612] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5608] close(7 [pid 5612] <... mount resumed>) = 0 [pid 5608] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5612] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5608] close(8 [pid 5612] <... openat resumed>) = 4 [pid 5608] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5612] openat(4, "syz1", O_RDWR|O_PATH [pid 5608] close(9 [pid 5612] <... openat resumed>) = 5 [pid 5608] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5612] openat(5, "memory.max", O_RDWR [pid 5608] close(10 [pid 5612] <... openat resumed>) = 6 [pid 5608] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5612] write(6, "0x000000000000040e", 18 [pid 5608] close(11) = -1 EBADF (Bad file descriptor) [pid 5608] close(12) = -1 EBADF (Bad file descriptor) [pid 5608] close(13) = -1 EBADF (Bad file descriptor) [pid 5608] close(14) = -1 EBADF (Bad file descriptor) [pid 5608] close(15) = -1 EBADF (Bad file descriptor) [pid 5608] close(16) = -1 EBADF (Bad file descriptor) [pid 5608] close(17) = -1 EBADF (Bad file descriptor) [pid 5608] close(18) = -1 EBADF (Bad file descriptor) [pid 5608] close(19) = -1 EBADF (Bad file descriptor) [pid 5608] close(20) = -1 EBADF (Bad file descriptor) [pid 5608] close(21) = -1 EBADF (Bad file descriptor) [ 147.811239][ T5609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 147.819221][ T5609] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001e [ 147.827234][ T5609] [ 147.835744][ T5609] memory: usage 8kB, limit 0kB, failcnt 55 [ 147.842413][ T5609] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 147.851290][ T5609] Memory cgroup stats for /syz1: [ 147.851780][ T5609] anon 0 [ 147.851780][ T5609] file 0 [pid 5608] close(22) = -1 EBADF (Bad file descriptor) [pid 5608] close(23) = -1 EBADF (Bad file descriptor) [pid 5608] close(24) = -1 EBADF (Bad file descriptor) [pid 5608] close(25) = -1 EBADF (Bad file descriptor) [pid 5608] close(26) = -1 EBADF (Bad file descriptor) [pid 5608] close(27) = -1 EBADF (Bad file descriptor) [pid 5608] close(28) = -1 EBADF (Bad file descriptor) [pid 5608] close(29) = -1 EBADF (Bad file descriptor) [pid 5608] exit_group(0) = ? [pid 5608] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 147.851780][ T5609] kernel 8192 [ 147.851780][ T5609] kernel_stack 0 [ 147.851780][ T5609] pagetables 0 [ 147.851780][ T5609] sec_pagetables 0 [ 147.851780][ T5609] percpu 0 [ 147.851780][ T5609] sock 0 [ 147.851780][ T5609] vmalloc 0 [ 147.851780][ T5609] shmem 0 [ 147.851780][ T5609] zswap 0 [ 147.851780][ T5609] zswapped 0 [ 147.851780][ T5609] file_mapped 0 [ 147.851780][ T5609] file_dirty 0 [ 147.851780][ T5609] file_writeback 0 [ 147.851780][ T5609] swapcached 0 [ 147.851780][ T5609] anon_thp 0 [ 147.851780][ T5609] file_thp 0 [pid 5072] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./23/binderfs") = 0 [pid 5072] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./23/cgroup") = 0 [pid 5072] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./23/cgroup.net") = 0 [pid 5072] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 147.851780][ T5609] shmem_thp 0 [ 147.851780][ T5609] inactive_anon 0 [ 147.851780][ T5609] active_anon 0 [ 147.851780][ T5609] inactive_file 0 [ 147.851780][ T5609] active_file 0 [ 147.851780][ T5609] unevictable 0 [ 147.851780][ T5609] slab_reclaimable 6752 [ 147.851780][ T5609] slab_unreclaimable 0 [ 147.851780][ T5609] slab 6752 [ 147.851780][ T5609] workingset_refault_anon 0 [ 147.953887][ T5609] Tasks state (memory values in pages): [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5609] <... write resumed>) = 18 [pid 5609] close(3) = 0 [pid 5609] close(4) = 0 [pid 5609] close(5) = 0 [pid 5609] close(6) = 0 [pid 5072] getdents64(4, [pid 5609] close(7) = -1 EBADF (Bad file descriptor) [pid 5609] close(8) = -1 EBADF (Bad file descriptor) [pid 5609] close(9) = -1 EBADF (Bad file descriptor) [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5609] close(10) = -1 EBADF (Bad file descriptor) [pid 5072] close(4 [pid 5609] close(11 [pid 5072] <... close resumed>) = 0 [pid 5609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] rmdir("./23/file0" [pid 5609] close(12) = -1 EBADF (Bad file descriptor) [pid 5609] close(13) = -1 EBADF (Bad file descriptor) [pid 5609] close(14) = -1 EBADF (Bad file descriptor) [pid 5609] close(15) = -1 EBADF (Bad file descriptor) [pid 5072] <... rmdir resumed>) = 0 [pid 5609] close(16) = -1 EBADF (Bad file descriptor) [pid 5072] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5609] close(17) = -1 EBADF (Bad file descriptor) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5609] close(18 [pid 5072] lstat("./23/cgroup.cpu", [pid 5609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5609] close(19) = -1 EBADF (Bad file descriptor) [pid 5072] unlink("./23/cgroup.cpu" [pid 5609] close(20) = -1 EBADF (Bad file descriptor) [pid 5609] close(21) = -1 EBADF (Bad file descriptor) [pid 5609] close(22) = -1 EBADF (Bad file descriptor) [pid 5609] close(23) = -1 EBADF (Bad file descriptor) [pid 5609] close(24) = -1 EBADF (Bad file descriptor) [pid 5609] close(25) = -1 EBADF (Bad file descriptor) [pid 5609] close(26) = -1 EBADF (Bad file descriptor) [pid 5609] close(27) = -1 EBADF (Bad file descriptor) [pid 5609] close(28) = -1 EBADF (Bad file descriptor) [pid 5609] close(29) = -1 EBADF (Bad file descriptor) [pid 5609] exit_group(0) = ? [pid 5609] +++ exited with 0 +++ [pid 5072] <... unlink resumed>) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 147.960249][ T5609] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 147.970791][ T5609] Out of memory and no killable processes... [ 147.976983][ T5610] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 147.997873][ T5610] CPU: 0 PID: 5610 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5072] rmdir("./23") = 0 [pid 5072] mkdir("./24", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 26 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./30/binderfs") = 0 [pid 5074] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./30/cgroup") = 0 [pid 5074] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./30/cgroup.net") = 0 [pid 5074] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5613 attached [pid 5613] chdir("./24") = 0 [pid 5613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5613] setpgid(0, 0) = 0 [pid 5613] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5613] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 148.008437][ T5610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 148.018533][ T5610] Call Trace: [ 148.021856][ T5610] [ 148.024820][ T5610] dump_stack_lvl+0x1e7/0x2d0 [ 148.029553][ T5610] ? nf_tcp_handle_invalid+0x640/0x640 [ 148.035062][ T5610] ? panic+0x770/0x770 [ 148.039196][ T5610] dump_header+0xdc/0x940 [ 148.043593][ T5610] out_of_memory+0xf21/0x12c0 [ 148.048317][ T5610] ? mutex_lock_io_nested+0x60/0x60 [ 148.053559][ T5610] ? mark_lock+0x9a/0x340 [ 148.057959][ T5610] ? unregister_oom_notifier+0x20/0x20 [pid 5613] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5613] write(3, "1000", 4) = 4 [pid 5613] close(3) = 0 [pid 5613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5613] mkdir("./file0", 000) = 0 [pid 5613] open("./file0", O_RDONLY) = 3 [pid 5613] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5613] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5613] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5613] openat(5, "memory.max", O_RDWR) = 6 [ 148.063463][ T5610] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 148.069510][ T5610] mem_cgroup_out_of_memory+0x263/0x3b0 [ 148.075112][ T5610] ? mem_cgroup_oom_trylock+0x210/0x210 [ 148.080745][ T5610] ? cgroup_file_notify+0x127/0x190 [ 148.086002][ T5610] memory_max_write+0x355/0x470 [ 148.090925][ T5610] ? memory_max_show+0xa0/0xa0 [ 148.095735][ T5610] ? read_lock_is_recursive+0x20/0x20 [ 148.101150][ T5610] ? memory_max_show+0xa0/0xa0 [ 148.105928][ T5610] cgroup_file_write+0x2b1/0x780 [ 148.110883][ T5610] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.116003][ T5610] ? __virt_addr_valid+0x22f/0x2e0 [ 148.121148][ T5610] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.126282][ T5610] kernfs_fop_write_iter+0x3a6/0x4f0 [ 148.131591][ T5610] vfs_write+0x7b2/0xbb0 [ 148.135854][ T5610] ? file_end_write+0x240/0x240 [ 148.140720][ T5610] ? do_raw_spin_unlock+0x13b/0x8b0 [ 148.145928][ T5610] ? lockdep_hardirqs_on+0x98/0x140 [ 148.151146][ T5610] ? __fdget_pos+0x265/0x2f0 [ 148.155748][ T5610] ksys_write+0x1a0/0x2c0 [ 148.160092][ T5610] ? __ia32_sys_read+0x90/0x90 [ 148.164861][ T5610] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 148.170857][ T5610] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 148.176858][ T5610] do_syscall_64+0x41/0xc0 [ 148.181307][ T5610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.187226][ T5610] RIP: 0033:0x7fd49ce20129 [ 148.191651][ T5610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.211267][ T5610] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.219697][ T5610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 148.227678][ T5610] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 148.235659][ T5610] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 148.243668][ T5610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 148.251738][ T5610] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001d [ 148.259750][ T5610] [pid 5613] write(6, "0x000000000000040e", 18 [pid 5074] <... umount2 resumed>) = 0 [pid 5074] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./30/file0") = 0 [pid 5074] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./30/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./30") = 0 [pid 5074] mkdir("./31", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 33 [ 148.271661][ T5610] memory: usage 8kB, limit 0kB, failcnt 55 [ 148.277944][ T5610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 148.285100][ T5610] Memory cgroup stats for /syz1: [ 148.285305][ T5610] anon 0 [ 148.285305][ T5610] file 0 [ 148.285305][ T5610] kernel 8192 [ 148.285305][ T5610] kernel_stack 0 [ 148.285305][ T5610] pagetables 0 [ 148.285305][ T5610] sec_pagetables 0 [ 148.285305][ T5610] percpu 0 [ 148.285305][ T5610] sock 0 [ 148.285305][ T5610] vmalloc 0 [ 148.285305][ T5610] shmem 0 ./strace-static-x86_64: Process 5614 attached [ 148.285305][ T5610] zswap 0 [ 148.285305][ T5610] zswapped 0 [ 148.285305][ T5610] file_mapped 0 [ 148.285305][ T5610] file_dirty 0 [ 148.285305][ T5610] file_writeback 0 [ 148.285305][ T5610] swapcached 0 [ 148.285305][ T5610] anon_thp 0 [ 148.285305][ T5610] file_thp 0 [ 148.285305][ T5610] shmem_thp 0 [ 148.285305][ T5610] inactive_anon 0 [ 148.285305][ T5610] active_anon 0 [ 148.285305][ T5610] inactive_file 0 [ 148.285305][ T5610] active_file 0 [ 148.285305][ T5610] unevictable 0 [ 148.285305][ T5610] slab_reclaimable 6752 [pid 5614] chdir("./31") = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5614] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5614] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] mkdir("./file0", 000) = 0 [pid 5614] open("./file0", O_RDONLY) = 3 [pid 5614] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5614] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5614] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5614] openat(5, "memory.max", O_RDWR) = 6 [pid 5614] write(6, "0x000000000000040e", 18 [pid 5610] <... write resumed>) = 18 [ 148.285305][ T5610] slab_unreclaimable 0 [ 148.285305][ T5610] slab 6752 [ 148.285305][ T5610] workingset_refault_anon 0 [ 148.385679][ T5610] Tasks state (memory values in pages): [ 148.403799][ T5610] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 148.413849][ T5610] Out of memory and no killable processes... [pid 5610] close(3) = 0 [pid 5610] close(4) = 0 [pid 5610] close(5) = 0 [pid 5610] close(6) = 0 [pid 5610] close(7) = -1 EBADF (Bad file descriptor) [pid 5610] close(8) = -1 EBADF (Bad file descriptor) [pid 5610] close(9) = -1 EBADF (Bad file descriptor) [pid 5610] close(10) = -1 EBADF (Bad file descriptor) [pid 5610] close(11) = -1 EBADF (Bad file descriptor) [pid 5610] close(12) = -1 EBADF (Bad file descriptor) [pid 5610] close(13) = -1 EBADF (Bad file descriptor) [pid 5610] close(14) = -1 EBADF (Bad file descriptor) [pid 5610] close(15) = -1 EBADF (Bad file descriptor) [pid 5610] close(16) = -1 EBADF (Bad file descriptor) [pid 5610] close(17) = -1 EBADF (Bad file descriptor) [pid 5610] close(18) = -1 EBADF (Bad file descriptor) [pid 5610] close(19) = -1 EBADF (Bad file descriptor) [pid 5610] close(20) = -1 EBADF (Bad file descriptor) [pid 5610] close(21) = -1 EBADF (Bad file descriptor) [pid 5610] close(22) = -1 EBADF (Bad file descriptor) [ 148.420146][ T5611] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 148.430543][ T5611] CPU: 0 PID: 5611 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 148.440998][ T5611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 148.451091][ T5611] Call Trace: [ 148.454405][ T5611] [ 148.457378][ T5611] dump_stack_lvl+0x1e7/0x2d0 [ 148.462124][ T5611] ? nf_tcp_handle_invalid+0x640/0x640 [ 148.467633][ T5611] ? panic+0x770/0x770 [pid 5610] close(23) = -1 EBADF (Bad file descriptor) [pid 5610] close(24) = -1 EBADF (Bad file descriptor) [pid 5610] close(25) = -1 EBADF (Bad file descriptor) [pid 5610] close(26) = -1 EBADF (Bad file descriptor) [pid 5610] close(27) = -1 EBADF (Bad file descriptor) [pid 5610] close(28) = -1 EBADF (Bad file descriptor) [pid 5610] close(29) = -1 EBADF (Bad file descriptor) [pid 5610] exit_group(0) = ? [pid 5610] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./29/binderfs") = 0 [pid 5075] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./29/cgroup") = 0 [pid 5075] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.471776][ T5611] dump_header+0xdc/0x940 [ 148.476170][ T5611] out_of_memory+0xf21/0x12c0 [ 148.480904][ T5611] ? mutex_lock_io_nested+0x60/0x60 [ 148.486161][ T5611] ? preempt_schedule+0xdd/0xf0 [ 148.491060][ T5611] ? unregister_oom_notifier+0x20/0x20 [ 148.496570][ T5611] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 148.502616][ T5611] mem_cgroup_out_of_memory+0x263/0x3b0 [ 148.508212][ T5611] ? preempt_schedule_thunk+0x1a/0x20 [ 148.513644][ T5611] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5075] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./29/cgroup.net") = 0 [ 148.519265][ T5611] ? cgroup_file_notify+0x127/0x190 [ 148.524525][ T5611] memory_max_write+0x355/0x470 [ 148.529438][ T5611] ? memory_max_show+0xa0/0xa0 [ 148.534252][ T5611] ? read_lock_is_recursive+0x20/0x20 [ 148.539694][ T5611] ? memory_max_show+0xa0/0xa0 [ 148.544494][ T5611] cgroup_file_write+0x2b1/0x780 [ 148.549442][ T5611] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.554559][ T5611] ? __virt_addr_valid+0x22f/0x2e0 [ 148.559699][ T5611] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.564817][ T5611] kernfs_fop_write_iter+0x3a6/0x4f0 [ 148.570116][ T5611] vfs_write+0x7b2/0xbb0 [ 148.574403][ T5611] ? file_end_write+0x240/0x240 [ 148.579275][ T5611] ? do_raw_spin_unlock+0x13b/0x8b0 [ 148.584501][ T5611] ? lockdep_hardirqs_on+0x98/0x140 [ 148.589733][ T5611] ? __fdget_pos+0x265/0x2f0 [ 148.594348][ T5611] ksys_write+0x1a0/0x2c0 [ 148.598698][ T5611] ? __ia32_sys_read+0x90/0x90 [ 148.603492][ T5611] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 148.609494][ T5611] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 148.615495][ T5611] do_syscall_64+0x41/0xc0 [ 148.619932][ T5611] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.625842][ T5611] RIP: 0033:0x7fd49ce20129 [ 148.630266][ T5611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.649895][ T5611] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.658322][ T5611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 148.666305][ T5611] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 148.674300][ T5611] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 148.682323][ T5611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 148.690348][ T5611] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001a [ 148.698366][ T5611] [ 148.708254][ T5611] memory: usage 8kB, limit 0kB, failcnt 55 [ 148.715342][ T5611] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./29/file0") = 0 [pid 5075] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 148.722490][ T5611] Memory cgroup stats for /syz1: [ 148.722700][ T5611] anon 0 [ 148.722700][ T5611] file 0 [ 148.722700][ T5611] kernel 8192 [ 148.722700][ T5611] kernel_stack 0 [ 148.722700][ T5611] pagetables 0 [ 148.722700][ T5611] sec_pagetables 0 [ 148.722700][ T5611] percpu 0 [ 148.722700][ T5611] sock 0 [ 148.722700][ T5611] vmalloc 0 [ 148.722700][ T5611] shmem 0 [ 148.722700][ T5611] zswap 0 [ 148.722700][ T5611] zswapped 0 [ 148.722700][ T5611] file_mapped 0 [ 148.722700][ T5611] file_dirty 0 [pid 5075] unlink("./29/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./29") = 0 [pid 5075] mkdir("./30", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5615 attached [pid 5615] chdir("./30" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 32 [pid 5615] <... chdir resumed>) = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5615] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5615] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] mkdir("./file0", 000) = 0 [pid 5615] open("./file0", O_RDONLY) = 3 [pid 5615] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5615] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5615] openat(5, "memory.max", O_RDWR) = 6 [ 148.722700][ T5611] file_writeback 0 [ 148.722700][ T5611] swapcached 0 [ 148.722700][ T5611] anon_thp 0 [ 148.722700][ T5611] file_thp 0 [ 148.722700][ T5611] shmem_thp 0 [ 148.722700][ T5611] inactive_anon 0 [ 148.722700][ T5611] active_anon 0 [ 148.722700][ T5611] inactive_file 0 [ 148.722700][ T5611] active_file 0 [ 148.722700][ T5611] unevictable 0 [ 148.722700][ T5611] slab_reclaimable 6752 [ 148.722700][ T5611] slab_unreclaimable 0 [ 148.722700][ T5611] slab 6752 [ 148.722700][ T5611] workingset_refault_anon 0 [pid 5615] write(6, "0x000000000000040e", 18 [pid 5611] <... write resumed>) = 18 [pid 5611] close(3) = 0 [pid 5611] close(4) = 0 [pid 5611] close(5) = 0 [pid 5611] close(6) = 0 [pid 5611] close(7) = -1 EBADF (Bad file descriptor) [pid 5611] close(8) = -1 EBADF (Bad file descriptor) [pid 5611] close(9) = -1 EBADF (Bad file descriptor) [pid 5611] close(10) = -1 EBADF (Bad file descriptor) [pid 5611] close(11) = -1 EBADF (Bad file descriptor) [pid 5611] close(12) = -1 EBADF (Bad file descriptor) [pid 5611] close(13) = -1 EBADF (Bad file descriptor) [pid 5611] close(14) = -1 EBADF (Bad file descriptor) [pid 5611] close(15) = -1 EBADF (Bad file descriptor) [pid 5611] close(16) = -1 EBADF (Bad file descriptor) [pid 5611] close(17) = -1 EBADF (Bad file descriptor) [pid 5611] close(18) = -1 EBADF (Bad file descriptor) [pid 5611] close(19) = -1 EBADF (Bad file descriptor) [pid 5611] close(20) = -1 EBADF (Bad file descriptor) [pid 5611] close(21) = -1 EBADF (Bad file descriptor) [pid 5611] close(22) = -1 EBADF (Bad file descriptor) [pid 5611] close(23) = -1 EBADF (Bad file descriptor) [pid 5611] close(24) = -1 EBADF (Bad file descriptor) [pid 5611] close(25) = -1 EBADF (Bad file descriptor) [pid 5611] close(26) = -1 EBADF (Bad file descriptor) [pid 5611] close(27) = -1 EBADF (Bad file descriptor) [pid 5611] close(28) = -1 EBADF (Bad file descriptor) [pid 5611] close(29) = -1 EBADF (Bad file descriptor) [pid 5611] exit_group(0) = ? [pid 5611] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 148.821935][ T5611] Tasks state (memory values in pages): [ 148.832279][ T5611] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 148.843690][ T5611] Out of memory and no killable processes... [ 148.852174][ T5612] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5073] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./26/binderfs") = 0 [pid 5073] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./26/cgroup") = 0 [pid 5073] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./26/cgroup.net") = 0 [ 148.865019][ T5612] CPU: 0 PID: 5612 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 148.875482][ T5612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 148.885576][ T5612] Call Trace: [ 148.888891][ T5612] [ 148.891856][ T5612] dump_stack_lvl+0x1e7/0x2d0 [ 148.896592][ T5612] ? nf_tcp_handle_invalid+0x640/0x640 [ 148.902105][ T5612] ? panic+0x770/0x770 [ 148.906281][ T5612] dump_header+0xdc/0x940 [ 148.910678][ T5612] out_of_memory+0xf21/0x12c0 [ 148.915401][ T5612] ? mutex_lock_io_nested+0x60/0x60 [ 148.920636][ T5612] ? mark_lock+0x9a/0x340 [ 148.924992][ T5612] ? unregister_oom_notifier+0x20/0x20 [ 148.930480][ T5612] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 148.936528][ T5612] mem_cgroup_out_of_memory+0x263/0x3b0 [ 148.942118][ T5612] ? mem_cgroup_oom_trylock+0x210/0x210 [ 148.947708][ T5612] ? cgroup_file_notify+0x127/0x190 [ 148.952984][ T5612] memory_max_write+0x355/0x470 [ 148.957890][ T5612] ? memory_max_show+0xa0/0xa0 [ 148.962698][ T5612] ? read_lock_is_recursive+0x20/0x20 [ 148.968136][ T5612] ? memory_max_show+0xa0/0xa0 [ 148.972950][ T5612] cgroup_file_write+0x2b1/0x780 [ 148.977908][ T5612] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.983029][ T5612] ? __virt_addr_valid+0x22f/0x2e0 [ 148.988186][ T5612] ? cgroup_seqfile_stop+0xd0/0xd0 [ 148.993323][ T5612] kernfs_fop_write_iter+0x3a6/0x4f0 [ 148.998647][ T5612] vfs_write+0x7b2/0xbb0 [ 149.002928][ T5612] ? file_end_write+0x240/0x240 [ 149.007797][ T5612] ? do_raw_spin_unlock+0x13b/0x8b0 [ 149.013017][ T5612] ? lockdep_hardirqs_on+0x98/0x140 [ 149.018236][ T5612] ? __fdget_pos+0x265/0x2f0 [ 149.022871][ T5612] ksys_write+0x1a0/0x2c0 [ 149.027221][ T5612] ? __ia32_sys_read+0x90/0x90 [ 149.031997][ T5612] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 149.038011][ T5612] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 149.044014][ T5612] do_syscall_64+0x41/0xc0 [ 149.048451][ T5612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.054452][ T5612] RIP: 0033:0x7fd49ce20129 [ 149.058883][ T5612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.078498][ T5612] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.086941][ T5612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 149.094933][ T5612] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 149.102913][ T5612] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 149.110891][ T5612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 149.118878][ T5612] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000017 [ 149.126877][ T5612] [pid 5073] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 149.148968][ T5612] memory: usage 8kB, limit 0kB, failcnt 55 [ 149.155235][ T5612] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 149.163073][ T5612] Memory cgroup stats for /syz1: [ 149.163285][ T5612] anon 0 [ 149.163285][ T5612] file 0 [ 149.163285][ T5612] kernel 8192 [ 149.163285][ T5612] kernel_stack 0 [ 149.163285][ T5612] pagetables 0 [ 149.163285][ T5612] sec_pagetables 0 [ 149.163285][ T5612] percpu 0 [ 149.163285][ T5612] sock 0 [ 149.163285][ T5612] vmalloc 0 [ 149.163285][ T5612] shmem 0 [ 149.163285][ T5612] zswap 0 [ 149.163285][ T5612] zswapped 0 [ 149.163285][ T5612] file_mapped 0 [ 149.163285][ T5612] file_dirty 0 [ 149.163285][ T5612] file_writeback 0 [ 149.163285][ T5612] swapcached 0 [ 149.163285][ T5612] anon_thp 0 [ 149.163285][ T5612] file_thp 0 [ 149.163285][ T5612] shmem_thp 0 [ 149.163285][ T5612] inactive_anon 0 [ 149.163285][ T5612] active_anon 0 [ 149.163285][ T5612] inactive_file 0 [ 149.163285][ T5612] active_file 0 [ 149.163285][ T5612] unevictable 0 [ 149.163285][ T5612] slab_reclaimable 6752 [pid 5073] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./26/file0") = 0 [pid 5073] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./26/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./26") = 0 [pid 5073] mkdir("./27", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5616 attached [pid 5616] chdir("./27" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 29 [pid 5616] <... chdir resumed>) = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5616] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5616] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] mkdir("./file0", 000) = 0 [ 149.163285][ T5612] slab_unreclaimable 0 [ 149.163285][ T5612] slab 6752 [ 149.163285][ T5612] workingset_refault_anon 0 [ 149.279155][ T5612] Tasks state (memory values in pages): [ 149.284971][ T5612] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5616] open("./file0", O_RDONLY) = 3 [pid 5616] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5616] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5616] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5616] openat(5, "memory.max", O_RDWR) = 6 [pid 5616] write(6, "0x000000000000040e", 18 [pid 5612] <... write resumed>) = 18 [ 149.309632][ T5612] Out of memory and no killable processes... [ 149.315910][ T5613] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 149.327107][ T5613] CPU: 0 PID: 5613 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 149.337569][ T5613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 149.347661][ T5613] Call Trace: [ 149.350976][ T5613] [ 149.353937][ T5613] dump_stack_lvl+0x1e7/0x2d0 [pid 5612] close(3) = 0 [pid 5612] close(4) = 0 [pid 5612] close(5) = 0 [pid 5612] close(6) = 0 [pid 5612] close(7) = -1 EBADF (Bad file descriptor) [pid 5612] close(8) = -1 EBADF (Bad file descriptor) [pid 5612] close(9) = -1 EBADF (Bad file descriptor) [pid 5612] close(10) = -1 EBADF (Bad file descriptor) [pid 5612] close(11) = -1 EBADF (Bad file descriptor) [pid 5612] close(12) = -1 EBADF (Bad file descriptor) [pid 5612] close(13) = -1 EBADF (Bad file descriptor) [pid 5612] close(14) = -1 EBADF (Bad file descriptor) [pid 5612] close(15) = -1 EBADF (Bad file descriptor) [pid 5612] close(16) = -1 EBADF (Bad file descriptor) [pid 5612] close(17) = -1 EBADF (Bad file descriptor) [pid 5612] close(18) = -1 EBADF (Bad file descriptor) [pid 5612] close(19) = -1 EBADF (Bad file descriptor) [pid 5612] close(20) = -1 EBADF (Bad file descriptor) [pid 5612] close(21) = -1 EBADF (Bad file descriptor) [pid 5612] close(22) = -1 EBADF (Bad file descriptor) [pid 5612] close(23) = -1 EBADF (Bad file descriptor) [pid 5612] close(24) = -1 EBADF (Bad file descriptor) [pid 5612] close(25) = -1 EBADF (Bad file descriptor) [pid 5612] close(26) = -1 EBADF (Bad file descriptor) [pid 5612] close(27) = -1 EBADF (Bad file descriptor) [pid 5612] close(28) = -1 EBADF (Bad file descriptor) [pid 5612] close(29) = -1 EBADF (Bad file descriptor) [ 149.358730][ T5613] ? nf_tcp_handle_invalid+0x640/0x640 [ 149.364244][ T5613] ? panic+0x770/0x770 [ 149.368386][ T5613] dump_header+0xdc/0x940 [ 149.372768][ T5613] out_of_memory+0xf21/0x12c0 [ 149.377515][ T5613] ? mutex_lock_io_nested+0x60/0x60 [ 149.382776][ T5613] ? mark_lock+0x9a/0x340 [ 149.387148][ T5613] ? unregister_oom_notifier+0x20/0x20 [ 149.392662][ T5613] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 149.398741][ T5613] mem_cgroup_out_of_memory+0x263/0x3b0 [ 149.404346][ T5613] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5612] exit_group(0) = ? [pid 5612] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5070] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 149.409967][ T5613] ? cgroup_file_notify+0x127/0x190 [ 149.415222][ T5613] memory_max_write+0x355/0x470 [ 149.420136][ T5613] ? memory_max_show+0xa0/0xa0 [ 149.424952][ T5613] ? read_lock_is_recursive+0x20/0x20 [ 149.430387][ T5613] ? memory_max_show+0xa0/0xa0 [ 149.435187][ T5613] cgroup_file_write+0x2b1/0x780 [ 149.440156][ T5613] ? cgroup_seqfile_stop+0xd0/0xd0 [ 149.445291][ T5613] ? __virt_addr_valid+0x22f/0x2e0 [ 149.450442][ T5613] ? cgroup_seqfile_stop+0xd0/0xd0 [ 149.455568][ T5613] kernfs_fop_write_iter+0x3a6/0x4f0 [ 149.460880][ T5613] vfs_write+0x7b2/0xbb0 [ 149.465144][ T5613] ? file_end_write+0x240/0x240 [ 149.470014][ T5613] ? do_raw_spin_unlock+0x13b/0x8b0 [ 149.475232][ T5613] ? lockdep_hardirqs_on+0x98/0x140 [ 149.480460][ T5613] ? __fdget_pos+0x265/0x2f0 [ 149.485071][ T5613] ksys_write+0x1a0/0x2c0 [ 149.489423][ T5613] ? __ia32_sys_read+0x90/0x90 [ 149.494204][ T5613] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 149.500210][ T5613] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 149.506218][ T5613] do_syscall_64+0x41/0xc0 [ 149.510651][ T5613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.516659][ T5613] RIP: 0033:0x7fd49ce20129 [ 149.521095][ T5613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.540717][ T5613] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.549164][ T5613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5070] unlink("./23/binderfs") = 0 [ 149.557176][ T5613] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 149.565156][ T5613] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 149.573155][ T5613] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 149.581226][ T5613] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000018 [ 149.589232][ T5613] [ 149.596105][ T5613] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] umount2("./23/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./23/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./23/cgroup") = 0 [pid 5070] umount2("./23/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./23/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./23/cgroup.net") = 0 [ 149.602362][ T5613] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 149.612597][ T5613] Memory cgroup stats for /syz1: [ 149.612972][ T5613] anon 0 [ 149.612972][ T5613] file 0 [ 149.612972][ T5613] kernel 8192 [ 149.612972][ T5613] kernel_stack 0 [ 149.612972][ T5613] pagetables 0 [ 149.612972][ T5613] sec_pagetables 0 [ 149.612972][ T5613] percpu 0 [ 149.612972][ T5613] sock 0 [ 149.612972][ T5613] vmalloc 0 [ 149.612972][ T5613] shmem 0 [ 149.612972][ T5613] zswap 0 [ 149.612972][ T5613] zswapped 0 [ 149.612972][ T5613] file_mapped 0 [ 149.612972][ T5613] file_dirty 0 [pid 5070] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 149.612972][ T5613] file_writeback 0 [ 149.612972][ T5613] swapcached 0 [ 149.612972][ T5613] anon_thp 0 [ 149.612972][ T5613] file_thp 0 [ 149.612972][ T5613] shmem_thp 0 [ 149.612972][ T5613] inactive_anon 0 [ 149.612972][ T5613] active_anon 0 [ 149.612972][ T5613] inactive_file 0 [ 149.612972][ T5613] active_file 0 [ 149.612972][ T5613] unevictable 0 [ 149.612972][ T5613] slab_reclaimable 6752 [ 149.612972][ T5613] slab_unreclaimable 0 [ 149.612972][ T5613] slab 6752 [ 149.612972][ T5613] workingset_refault_anon 0 [pid 5070] lstat("./23/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./23/file0") = 0 [pid 5070] umount2("./23/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./23/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./23/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./23") = 0 [pid 5070] mkdir("./24", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5618 attached [ 149.712753][ T5613] Tasks state (memory values in pages): [ 149.723671][ T5613] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 149.737720][ T5613] Out of memory and no killable processes... [pid 5618] chdir("./24" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 26 [pid 5618] <... chdir resumed>) = 0 [pid 5613] <... write resumed>) = 18 [pid 5613] close(3) = 0 [pid 5613] close(4) = 0 [pid 5613] close(5) = 0 [pid 5613] close(6) = 0 [pid 5613] close(7) = -1 EBADF (Bad file descriptor) [pid 5613] close(8) = -1 EBADF (Bad file descriptor) [pid 5613] close(9) = -1 EBADF (Bad file descriptor) [pid 5613] close(10) = -1 EBADF (Bad file descriptor) [pid 5613] close(11) = -1 EBADF (Bad file descriptor) [pid 5613] close(12) = -1 EBADF (Bad file descriptor) [pid 5613] close(13) = -1 EBADF (Bad file descriptor) [pid 5613] close(14) = -1 EBADF (Bad file descriptor) [pid 5613] close(15) = -1 EBADF (Bad file descriptor) [pid 5613] close(16) = -1 EBADF (Bad file descriptor) [pid 5613] close(17) = -1 EBADF (Bad file descriptor) [pid 5613] close(18) = -1 EBADF (Bad file descriptor) [pid 5613] close(19) = -1 EBADF (Bad file descriptor) [pid 5613] close(20) = -1 EBADF (Bad file descriptor) [pid 5613] close(21) = -1 EBADF (Bad file descriptor) [pid 5613] close(22) = -1 EBADF (Bad file descriptor) [pid 5613] close(23) = -1 EBADF (Bad file descriptor) [pid 5613] close(24) = -1 EBADF (Bad file descriptor) [pid 5613] close(25) = -1 EBADF (Bad file descriptor) [pid 5613] close(26) = -1 EBADF (Bad file descriptor) [pid 5613] close(27) = -1 EBADF (Bad file descriptor) [pid 5613] close(28) = -1 EBADF (Bad file descriptor) [pid 5613] close(29) = -1 EBADF (Bad file descriptor) [pid 5613] exit_group(0) = ? [pid 5613] +++ exited with 0 +++ [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5618] <... setpgid resumed>) = 0 [pid 5072] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5618] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5072] <... openat resumed>) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, [pid 5618] <... symlink resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5618] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./24/binderfs" [pid 5618] <... symlink resumed>) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5618] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5072] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./24/cgroup", [pid 5618] <... symlink resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] unlink("./24/cgroup" [pid 5618] <... openat resumed>) = 3 [pid 5072] <... unlink resumed>) = 0 [pid 5618] write(3, "1000", 4 [pid 5072] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5618] <... write resumed>) = 4 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./24/cgroup.net" [pid 5618] close(3 [pid 5072] <... unlink resumed>) = 0 [pid 5618] <... close resumed>) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5618] mkdir("./file0", 000) = 0 [pid 5618] open("./file0", O_RDONLY) = 3 [pid 5618] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5618] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5618] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5618] openat(5, "memory.max", O_RDWR) = 6 [ 149.755003][ T5614] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 149.777138][ T5614] CPU: 1 PID: 5614 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 149.787652][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 149.797757][ T5614] Call Trace: [ 149.801076][ T5614] [ 149.804044][ T5614] dump_stack_lvl+0x1e7/0x2d0 [ 149.808814][ T5614] ? nf_tcp_handle_invalid+0x640/0x640 [ 149.814327][ T5614] ? panic+0x770/0x770 [ 149.818460][ T5614] dump_header+0xdc/0x940 [ 149.822847][ T5614] out_of_memory+0xf21/0x12c0 [ 149.827697][ T5614] ? mutex_lock_io_nested+0x60/0x60 [ 149.832958][ T5614] ? preempt_schedule+0xdd/0xf0 [ 149.837863][ T5614] ? unregister_oom_notifier+0x20/0x20 [ 149.843373][ T5614] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 149.849422][ T5614] mem_cgroup_out_of_memory+0x263/0x3b0 [ 149.855021][ T5614] ? preempt_schedule_thunk+0x1a/0x20 [pid 5618] write(6, "0x000000000000040e", 18 [ 149.860450][ T5614] ? mem_cgroup_oom_trylock+0x210/0x210 [ 149.866068][ T5614] ? cgroup_file_notify+0x127/0x190 [ 149.871415][ T5614] memory_max_write+0x355/0x470 [ 149.876347][ T5614] ? memory_max_show+0xa0/0xa0 [ 149.881166][ T5614] ? read_lock_is_recursive+0x20/0x20 [ 149.886595][ T5614] ? memory_max_show+0xa0/0xa0 [ 149.891408][ T5614] cgroup_file_write+0x2b1/0x780 [ 149.896401][ T5614] ? cgroup_seqfile_stop+0xd0/0xd0 [ 149.901556][ T5614] ? __virt_addr_valid+0x22f/0x2e0 [ 149.906736][ T5614] ? cgroup_seqfile_stop+0xd0/0xd0 [ 149.911889][ T5614] kernfs_fop_write_iter+0x3a6/0x4f0 [ 149.917235][ T5614] vfs_write+0x7b2/0xbb0 [ 149.921538][ T5614] ? file_end_write+0x240/0x240 [ 149.926444][ T5614] ? do_raw_spin_unlock+0x13b/0x8b0 [ 149.931696][ T5614] ? lockdep_hardirqs_on+0x98/0x140 [ 149.936951][ T5614] ? __fdget_pos+0x265/0x2f0 [ 149.941588][ T5614] ksys_write+0x1a0/0x2c0 [ 149.945971][ T5614] ? __ia32_sys_read+0x90/0x90 [ 149.950782][ T5614] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 149.956819][ T5614] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 149.962860][ T5614] do_syscall_64+0x41/0xc0 [ 149.967347][ T5614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.973291][ T5614] RIP: 0033:0x7fd49ce20129 [ 149.977726][ T5614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.997465][ T5614] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.005927][ T5614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5072] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 150.013939][ T5614] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 150.021948][ T5614] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 150.029958][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 150.038055][ T5614] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001f [ 150.046094][ T5614] [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./24/file0") = 0 [pid 5072] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./24/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./24") = 0 [pid 5072] mkdir("./25", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5619 attached [pid 5619] chdir("./25" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 27 [pid 5619] <... chdir resumed>) = 0 [pid 5619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5619] setpgid(0, 0) = 0 [pid 5619] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5619] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5619] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5619] write(3, "1000", 4) = 4 [pid 5619] close(3) = 0 [pid 5619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5619] mkdir("./file0", 000) = 0 [ 150.063118][ T5614] memory: usage 8kB, limit 0kB, failcnt 55 [ 150.073096][ T5614] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 150.090004][ T5614] Memory cgroup stats for /syz1: [ 150.090213][ T5614] anon 0 [ 150.090213][ T5614] file 0 [ 150.090213][ T5614] kernel 8192 [ 150.090213][ T5614] kernel_stack 0 [ 150.090213][ T5614] pagetables 0 [pid 5619] open("./file0", O_RDONLY) = 3 [pid 5619] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5619] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5619] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5619] openat(5, "memory.max", O_RDWR) = 6 [ 150.090213][ T5614] sec_pagetables 0 [ 150.090213][ T5614] percpu 0 [ 150.090213][ T5614] sock 0 [ 150.090213][ T5614] vmalloc 0 [ 150.090213][ T5614] shmem 0 [ 150.090213][ T5614] zswap 0 [ 150.090213][ T5614] zswapped 0 [ 150.090213][ T5614] file_mapped 0 [ 150.090213][ T5614] file_dirty 0 [ 150.090213][ T5614] file_writeback 0 [ 150.090213][ T5614] swapcached 0 [ 150.090213][ T5614] anon_thp 0 [ 150.090213][ T5614] file_thp 0 [ 150.090213][ T5614] shmem_thp 0 [ 150.090213][ T5614] inactive_anon 0 [ 150.090213][ T5614] active_anon 0 [ 150.090213][ T5614] inactive_file 0 [ 150.090213][ T5614] active_file 0 [ 150.090213][ T5614] unevictable 0 [ 150.090213][ T5614] slab_reclaimable 6752 [ 150.090213][ T5614] slab_unreclaimable 0 [ 150.090213][ T5614] slab 6752 [ 150.090213][ T5614] workingset_refault_anon 0 [ 150.201998][ T5614] Tasks state (memory values in pages): [pid 5619] write(6, "0x000000000000040e", 18 [pid 5614] <... write resumed>) = 18 [pid 5614] close(3) = 0 [pid 5614] close(4) = 0 [pid 5614] close(5) = 0 [pid 5614] close(6) = 0 [pid 5614] close(7) = -1 EBADF (Bad file descriptor) [pid 5614] close(8) = -1 EBADF (Bad file descriptor) [pid 5614] close(9) = -1 EBADF (Bad file descriptor) [pid 5614] close(10) = -1 EBADF (Bad file descriptor) [pid 5614] close(11) = -1 EBADF (Bad file descriptor) [pid 5614] close(12) = -1 EBADF (Bad file descriptor) [pid 5614] close(13) = -1 EBADF (Bad file descriptor) [pid 5614] close(14) = -1 EBADF (Bad file descriptor) [pid 5614] close(15) = -1 EBADF (Bad file descriptor) [pid 5614] close(16) = -1 EBADF (Bad file descriptor) [pid 5614] close(17) = -1 EBADF (Bad file descriptor) [pid 5614] close(18) = -1 EBADF (Bad file descriptor) [pid 5614] close(19) = -1 EBADF (Bad file descriptor) [ 150.224267][ T5614] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 150.243759][ T5614] Out of memory and no killable processes... [ 150.254304][ T5615] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 150.297353][ T5615] CPU: 0 PID: 5615 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 150.307851][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 150.317950][ T5615] Call Trace: [ 150.321268][ T5615] [ 150.324235][ T5615] dump_stack_lvl+0x1e7/0x2d0 [ 150.328971][ T5615] ? nf_tcp_handle_invalid+0x640/0x640 [ 150.334570][ T5615] ? panic+0x770/0x770 [ 150.338714][ T5615] dump_header+0xdc/0x940 [ 150.343097][ T5615] out_of_memory+0xf21/0x12c0 [ 150.347841][ T5615] ? mutex_lock_io_nested+0x60/0x60 [ 150.353102][ T5615] ? preempt_schedule+0xdd/0xf0 [ 150.358001][ T5615] ? unregister_oom_notifier+0x20/0x20 [ 150.363508][ T5615] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 150.369553][ T5615] mem_cgroup_out_of_memory+0x263/0x3b0 [ 150.375153][ T5615] ? preempt_schedule_thunk+0x1a/0x20 [ 150.380581][ T5615] ? mem_cgroup_oom_trylock+0x210/0x210 [ 150.386196][ T5615] ? cgroup_file_notify+0x127/0x190 [ 150.391462][ T5615] memory_max_write+0x355/0x470 [ 150.396378][ T5615] ? memory_max_show+0xa0/0xa0 [ 150.401197][ T5615] ? read_lock_is_recursive+0x20/0x20 [ 150.406629][ T5615] ? memory_max_show+0xa0/0xa0 [ 150.411442][ T5615] cgroup_file_write+0x2b1/0x780 [ 150.416431][ T5615] ? cgroup_seqfile_stop+0xd0/0xd0 [ 150.421587][ T5615] ? __virt_addr_valid+0x22f/0x2e0 [ 150.426760][ T5615] ? cgroup_seqfile_stop+0xd0/0xd0 [ 150.431921][ T5615] kernfs_fop_write_iter+0x3a6/0x4f0 [ 150.437267][ T5615] vfs_write+0x7b2/0xbb0 [ 150.441573][ T5615] ? file_end_write+0x240/0x240 [ 150.446476][ T5615] ? do_raw_spin_unlock+0x13b/0x8b0 [ 150.451724][ T5615] ? lockdep_hardirqs_on+0x98/0x140 [ 150.456980][ T5615] ? __fdget_pos+0x265/0x2f0 [ 150.461625][ T5615] ksys_write+0x1a0/0x2c0 [ 150.466008][ T5615] ? __ia32_sys_read+0x90/0x90 [ 150.470820][ T5615] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 150.476858][ T5615] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 150.482896][ T5615] do_syscall_64+0x41/0xc0 [ 150.487362][ T5615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.493310][ T5615] RIP: 0033:0x7fd49ce20129 [ 150.497764][ T5615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 150.517435][ T5615] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.525904][ T5615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 150.533923][ T5615] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5614] close(20) = -1 EBADF (Bad file descriptor) [pid 5614] close(21) = -1 EBADF (Bad file descriptor) [pid 5614] close(22) = -1 EBADF (Bad file descriptor) [pid 5614] close(23) = -1 EBADF (Bad file descriptor) [pid 5614] close(24) = -1 EBADF (Bad file descriptor) [pid 5614] close(25) = -1 EBADF (Bad file descriptor) [pid 5614] close(26) = -1 EBADF (Bad file descriptor) [pid 5614] close(27) = -1 EBADF (Bad file descriptor) [pid 5614] close(28) = -1 EBADF (Bad file descriptor) [pid 5614] close(29) = -1 EBADF (Bad file descriptor) [pid 5614] exit_group(0) = ? [pid 5614] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./31/binderfs") = 0 [pid 5074] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./31/cgroup") = 0 [pid 5074] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./31/cgroup.net") = 0 [pid 5074] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 150.541940][ T5615] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 150.549955][ T5615] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 150.557969][ T5615] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001e [ 150.566007][ T5615] [pid 5074] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./31/file0") = 0 [pid 5074] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./31/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./31") = 0 [pid 5074] mkdir("./32", 0777) = 0 [ 150.598252][ T5615] memory: usage 8kB, limit 0kB, failcnt 55 [ 150.604851][ T5615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 150.620285][ T5615] Memory cgroup stats for /syz1: [ 150.620502][ T5615] anon 0 [ 150.620502][ T5615] file 0 [ 150.620502][ T5615] kernel 8192 [ 150.620502][ T5615] kernel_stack 0 [ 150.620502][ T5615] pagetables 0 [ 150.620502][ T5615] sec_pagetables 0 [ 150.620502][ T5615] percpu 0 [ 150.620502][ T5615] sock 0 [ 150.620502][ T5615] vmalloc 0 [ 150.620502][ T5615] shmem 0 [ 150.620502][ T5615] zswap 0 [ 150.620502][ T5615] zswapped 0 [ 150.620502][ T5615] file_mapped 0 [ 150.620502][ T5615] file_dirty 0 [ 150.620502][ T5615] file_writeback 0 [ 150.620502][ T5615] swapcached 0 [ 150.620502][ T5615] anon_thp 0 [ 150.620502][ T5615] file_thp 0 [ 150.620502][ T5615] shmem_thp 0 [ 150.620502][ T5615] inactive_anon 0 [ 150.620502][ T5615] active_anon 0 [ 150.620502][ T5615] inactive_file 0 [ 150.620502][ T5615] active_file 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 34 ./strace-static-x86_64: Process 5630 attached [pid 5630] chdir("./32") = 0 [pid 5630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 150.620502][ T5615] unevictable 0 [ 150.620502][ T5615] slab_reclaimable 6752 [ 150.620502][ T5615] slab_unreclaimable 0 [ 150.620502][ T5615] slab 6752 [ 150.620502][ T5615] workingset_refault_anon 0 [ 150.721171][ T5615] Tasks state (memory values in pages): [ 150.728919][ T5615] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 150.739285][ T5615] Out of memory and no killable processes... [pid 5630] setpgid(0, 0) = 0 [pid 5615] <... write resumed>) = 18 [pid 5630] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5615] close(3) = 0 [pid 5630] <... symlink resumed>) = 0 [pid 5630] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [ 150.745750][ T5616] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 150.773339][ T5616] CPU: 0 PID: 5616 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 150.783859][ T5616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 150.794054][ T5616] Call Trace: [ 150.797363][ T5616] [ 150.800323][ T5616] dump_stack_lvl+0x1e7/0x2d0 [ 150.805062][ T5616] ? nf_tcp_handle_invalid+0x640/0x640 [ 150.810563][ T5616] ? panic+0x770/0x770 [ 150.814695][ T5616] dump_header+0xdc/0x940 [ 150.819074][ T5616] out_of_memory+0xf21/0x12c0 [ 150.823805][ T5616] ? mutex_lock_io_nested+0x60/0x60 [ 150.829064][ T5616] ? preempt_schedule+0xdd/0xf0 [ 150.833966][ T5616] ? unregister_oom_notifier+0x20/0x20 [ 150.839481][ T5616] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 150.845531][ T5616] mem_cgroup_out_of_memory+0x263/0x3b0 [ 150.851127][ T5616] ? preempt_schedule_thunk+0x1a/0x20 [ 150.856553][ T5616] ? mem_cgroup_oom_trylock+0x210/0x210 [ 150.862175][ T5616] ? cgroup_file_notify+0x127/0x190 [ 150.867443][ T5616] memory_max_write+0x355/0x470 [ 150.872368][ T5616] ? memory_max_show+0xa0/0xa0 [ 150.877215][ T5616] ? read_lock_is_recursive+0x20/0x20 [ 150.882637][ T5616] ? memory_max_show+0xa0/0xa0 [ 150.887450][ T5616] cgroup_file_write+0x2b1/0x780 [ 150.892457][ T5616] ? cgroup_seqfile_stop+0xd0/0xd0 [ 150.897651][ T5616] ? __virt_addr_valid+0x22f/0x2e0 [ 150.902826][ T5616] ? cgroup_seqfile_stop+0xd0/0xd0 [ 150.907987][ T5616] kernfs_fop_write_iter+0x3a6/0x4f0 [ 150.913343][ T5616] vfs_write+0x7b2/0xbb0 [ 150.917651][ T5616] ? file_end_write+0x240/0x240 [ 150.922561][ T5616] ? do_raw_spin_unlock+0x13b/0x8b0 [ 150.927813][ T5616] ? lockdep_hardirqs_on+0x98/0x140 [ 150.933067][ T5616] ? __fdget_pos+0x265/0x2f0 [ 150.937713][ T5616] ksys_write+0x1a0/0x2c0 [ 150.942110][ T5616] ? __ia32_sys_read+0x90/0x90 [ 150.946923][ T5616] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 150.952965][ T5616] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 150.959005][ T5616] do_syscall_64+0x41/0xc0 [ 150.963472][ T5616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.969418][ T5616] RIP: 0033:0x7fd49ce20129 [ 150.973891][ T5616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5615] close(4 [pid 5630] <... symlink resumed>) = 0 [pid 5615] <... close resumed>) = 0 [pid 5630] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5630] write(3, "1000", 4) = 4 [pid 5630] close(3) = 0 [pid 5630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5630] mkdir("./file0", 000) = 0 [pid 5630] open("./file0", O_RDONLY) = 3 [pid 5630] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5630] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5630] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5630] openat(5, "memory.max", O_RDWR [pid 5615] close(5 [pid 5630] <... openat resumed>) = 6 [pid 5615] <... close resumed>) = 0 [pid 5630] write(6, "0x000000000000040e", 18 [pid 5615] close(6) = 0 [pid 5615] close(7) = -1 EBADF (Bad file descriptor) [pid 5615] close(8) = -1 EBADF (Bad file descriptor) [pid 5615] close(9) = -1 EBADF (Bad file descriptor) [ 150.993551][ T5616] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.002419][ T5616] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 151.010450][ T5616] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 151.019160][ T5616] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 151.027187][ T5616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 151.035234][ T5616] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001b [ 151.043281][ T5616] [pid 5615] close(10) = -1 EBADF (Bad file descriptor) [pid 5615] close(11) = -1 EBADF (Bad file descriptor) [pid 5615] close(12) = -1 EBADF (Bad file descriptor) [pid 5615] close(13) = -1 EBADF (Bad file descriptor) [pid 5615] close(14) = -1 EBADF (Bad file descriptor) [pid 5615] close(15) = -1 EBADF (Bad file descriptor) [pid 5615] close(16) = -1 EBADF (Bad file descriptor) [pid 5615] close(17) = -1 EBADF (Bad file descriptor) [pid 5615] close(18) = -1 EBADF (Bad file descriptor) [pid 5615] close(19) = -1 EBADF (Bad file descriptor) [pid 5615] close(20) = -1 EBADF (Bad file descriptor) [pid 5615] close(21) = -1 EBADF (Bad file descriptor) [pid 5615] close(22) = -1 EBADF (Bad file descriptor) [pid 5615] close(23) = -1 EBADF (Bad file descriptor) [pid 5615] close(24) = -1 EBADF (Bad file descriptor) [pid 5615] close(25) = -1 EBADF (Bad file descriptor) [pid 5615] close(26) = -1 EBADF (Bad file descriptor) [pid 5615] close(27) = -1 EBADF (Bad file descriptor) [pid 5615] close(28) = -1 EBADF (Bad file descriptor) [ 151.118447][ T5616] memory: usage 8kB, limit 0kB, failcnt 55 [ 151.125256][ T5616] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 151.136142][ T5616] Memory cgroup stats for /syz1: [ 151.136364][ T5616] anon 0 [ 151.136364][ T5616] file 0 [ 151.136364][ T5616] kernel 8192 [ 151.136364][ T5616] kernel_stack 0 [ 151.136364][ T5616] pagetables 0 [ 151.136364][ T5616] sec_pagetables 0 [ 151.136364][ T5616] percpu 0 [ 151.136364][ T5616] sock 0 [ 151.136364][ T5616] vmalloc 0 [ 151.136364][ T5616] shmem 0 [ 151.136364][ T5616] zswap 0 [ 151.136364][ T5616] zswapped 0 [ 151.136364][ T5616] file_mapped 0 [ 151.136364][ T5616] file_dirty 0 [ 151.136364][ T5616] file_writeback 0 [ 151.136364][ T5616] swapcached 0 [ 151.136364][ T5616] anon_thp 0 [ 151.136364][ T5616] file_thp 0 [ 151.136364][ T5616] shmem_thp 0 [ 151.136364][ T5616] inactive_anon 0 [ 151.136364][ T5616] active_anon 0 [ 151.136364][ T5616] inactive_file 0 [ 151.136364][ T5616] active_file 0 [ 151.136364][ T5616] unevictable 0 [pid 5615] close(29) = -1 EBADF (Bad file descriptor) [pid 5615] exit_group(0) = ? [pid 5615] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./30/binderfs") = 0 [pid 5075] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./30/cgroup") = 0 [pid 5075] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./30/cgroup.net") = 0 [pid 5075] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./30/file0") = 0 [pid 5075] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./30/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./30") = 0 [pid 5075] mkdir("./31", 0777) = 0 [ 151.136364][ T5616] slab_reclaimable 6752 [ 151.136364][ T5616] slab_unreclaimable 0 [ 151.136364][ T5616] slab 6752 [ 151.136364][ T5616] workingset_refault_anon 0 [ 151.243517][ T5616] Tasks state (memory values in pages): [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 33 ./strace-static-x86_64: Process 5636 attached [pid 5636] chdir("./31") = 0 [pid 5636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5636] setpgid(0, 0) = 0 [pid 5616] <... write resumed>) = 18 [pid 5636] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5616] close(3 [pid 5636] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5616] <... close resumed>) = 0 [pid 5636] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5616] close(4 [pid 5636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] <... close resumed>) = 0 [pid 5636] write(3, "1000", 4) = 4 [pid 5616] close(5 [pid 5636] close(3) = 0 [pid 5616] <... close resumed>) = 0 [pid 5636] symlink("/dev/binderfs", "./binderfs" [pid 5616] close(6 [pid 5636] <... symlink resumed>) = 0 [pid 5616] <... close resumed>) = 0 [ 151.261853][ T5616] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 151.281396][ T5616] Out of memory and no killable processes... [ 151.293450][ T5618] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5636] mkdir("./file0", 000 [pid 5616] close(7 [pid 5636] <... mkdir resumed>) = 0 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] open("./file0", O_RDONLY [pid 5616] close(8 [pid 5636] <... open resumed>) = 3 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5616] close(9 [pid 5636] <... mount resumed>) = 0 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5616] close(10 [pid 5636] <... openat resumed>) = 4 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] openat(4, "syz1", O_RDWR|O_PATH [pid 5616] close(11 [pid 5636] <... openat resumed>) = 5 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] openat(5, "memory.max", O_RDWR [pid 5616] close(12 [pid 5636] <... openat resumed>) = 6 [pid 5616] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5636] write(6, "0x000000000000040e", 18 [pid 5616] close(13) = -1 EBADF (Bad file descriptor) [pid 5616] close(14) = -1 EBADF (Bad file descriptor) [pid 5616] close(15) = -1 EBADF (Bad file descriptor) [pid 5616] close(16) = -1 EBADF (Bad file descriptor) [pid 5616] close(17) = -1 EBADF (Bad file descriptor) [pid 5616] close(18) = -1 EBADF (Bad file descriptor) [pid 5616] close(19) = -1 EBADF (Bad file descriptor) [pid 5616] close(20) = -1 EBADF (Bad file descriptor) [pid 5616] close(21) = -1 EBADF (Bad file descriptor) [pid 5616] close(22) = -1 EBADF (Bad file descriptor) [pid 5616] close(23) = -1 EBADF (Bad file descriptor) [pid 5616] close(24) = -1 EBADF (Bad file descriptor) [pid 5616] close(25) = -1 EBADF (Bad file descriptor) [pid 5616] close(26) = -1 EBADF (Bad file descriptor) [pid 5616] close(27) = -1 EBADF (Bad file descriptor) [pid 5616] close(28) = -1 EBADF (Bad file descriptor) [pid 5616] close(29) = -1 EBADF (Bad file descriptor) [pid 5616] exit_group(0) = ? [pid 5616] +++ exited with 0 +++ [ 151.311690][ T5618] CPU: 0 PID: 5618 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 151.322176][ T5618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 151.332274][ T5618] Call Trace: [ 151.335586][ T5618] [ 151.338581][ T5618] dump_stack_lvl+0x1e7/0x2d0 [ 151.343505][ T5618] ? nf_tcp_handle_invalid+0x640/0x640 [ 151.349027][ T5618] ? panic+0x770/0x770 [ 151.353163][ T5618] dump_header+0xdc/0x940 [ 151.357555][ T5618] out_of_memory+0xf21/0x12c0 [ 151.365520][ T5618] ? mutex_lock_io_nested+0x60/0x60 [ 151.370785][ T5618] ? preempt_schedule+0xdd/0xf0 [ 151.375674][ T5618] ? unregister_oom_notifier+0x20/0x20 [ 151.381161][ T5618] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 151.387182][ T5618] mem_cgroup_out_of_memory+0x263/0x3b0 [ 151.392751][ T5618] ? preempt_schedule_thunk+0x1a/0x20 [ 151.398149][ T5618] ? mem_cgroup_oom_trylock+0x210/0x210 [ 151.403730][ T5618] ? cgroup_file_notify+0x127/0x190 [ 151.408958][ T5618] memory_max_write+0x355/0x470 [ 151.413853][ T5618] ? memory_max_show+0xa0/0xa0 [ 151.418662][ T5618] ? read_lock_is_recursive+0x20/0x20 [ 151.424074][ T5618] ? memory_max_show+0xa0/0xa0 [ 151.428860][ T5618] cgroup_file_write+0x2b1/0x780 [ 151.433818][ T5618] ? cgroup_seqfile_stop+0xd0/0xd0 [ 151.438946][ T5618] ? __virt_addr_valid+0x22f/0x2e0 [ 151.444084][ T5618] ? cgroup_seqfile_stop+0xd0/0xd0 [ 151.449207][ T5618] kernfs_fop_write_iter+0x3a6/0x4f0 [ 151.454538][ T5618] vfs_write+0x7b2/0xbb0 [ 151.458905][ T5618] ? file_end_write+0x240/0x240 [ 151.463777][ T5618] ? do_raw_spin_unlock+0x13b/0x8b0 [ 151.468992][ T5618] ? lockdep_hardirqs_on+0x98/0x140 [ 151.474217][ T5618] ? __fdget_pos+0x265/0x2f0 [ 151.478914][ T5618] ksys_write+0x1a0/0x2c0 [ 151.483266][ T5618] ? __ia32_sys_read+0x90/0x90 [ 151.488045][ T5618] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 151.494045][ T5618] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 151.500045][ T5618] do_syscall_64+0x41/0xc0 [ 151.504477][ T5618] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.510390][ T5618] RIP: 0033:0x7fd49ce20129 [ 151.514818][ T5618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 151.534434][ T5618] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.542872][ T5618] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 151.550857][ T5618] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 151.558840][ T5618] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./27/binderfs") = 0 [pid 5073] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./27/cgroup") = 0 [pid 5073] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.566822][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 151.574799][ T5618] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000018 [ 151.582799][ T5618] [ 151.592920][ T5618] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./27/cgroup.net") = 0 [pid 5073] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 151.615856][ T5618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./27/file0") = 0 [pid 5073] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 151.641861][ T5618] Memory cgroup stats for /syz1: [ 151.642082][ T5618] anon 0 [ 151.642082][ T5618] file 0 [ 151.642082][ T5618] kernel 8192 [ 151.642082][ T5618] kernel_stack 0 [ 151.642082][ T5618] pagetables 0 [ 151.642082][ T5618] sec_pagetables 0 [ 151.642082][ T5618] percpu 0 [ 151.642082][ T5618] sock 0 [ 151.642082][ T5618] vmalloc 0 [ 151.642082][ T5618] shmem 0 [ 151.642082][ T5618] zswap 0 [ 151.642082][ T5618] zswapped 0 [ 151.642082][ T5618] file_mapped 0 [ 151.642082][ T5618] file_dirty 0 [pid 5073] unlink("./27/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./27") = 0 [pid 5073] mkdir("./28", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5639 attached [pid 5639] chdir("./28" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 30 [pid 5639] <... chdir resumed>) = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5639] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5639] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [ 151.642082][ T5618] file_writeback 0 [ 151.642082][ T5618] swapcached 0 [ 151.642082][ T5618] anon_thp 0 [ 151.642082][ T5618] file_thp 0 [ 151.642082][ T5618] shmem_thp 0 [ 151.642082][ T5618] inactive_anon 0 [ 151.642082][ T5618] active_anon 0 [ 151.642082][ T5618] inactive_file 0 [ 151.642082][ T5618] active_file 0 [ 151.642082][ T5618] unevictable 0 [ 151.642082][ T5618] slab_reclaimable 6752 [ 151.642082][ T5618] slab_unreclaimable 0 [ 151.642082][ T5618] slab 6752 [ 151.642082][ T5618] workingset_refault_anon 0 [pid 5639] mkdir("./file0", 000) = 0 [pid 5639] open("./file0", O_RDONLY) = 3 [pid 5639] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5639] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5639] openat(5, "memory.max", O_RDWR) = 6 [pid 5639] write(6, "0x000000000000040e", 18 [pid 5618] <... write resumed>) = 18 [pid 5618] close(3) = 0 [pid 5618] close(4) = 0 [ 151.744019][ T5618] Tasks state (memory values in pages): [ 151.750270][ T5618] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 151.760691][ T5618] Out of memory and no killable processes... [ 151.771932][ T5619] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 151.794164][ T5619] CPU: 0 PID: 5619 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 151.804740][ T5619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 151.814839][ T5619] Call Trace: [ 151.818152][ T5619] [ 151.821120][ T5619] dump_stack_lvl+0x1e7/0x2d0 [ 151.825857][ T5619] ? nf_tcp_handle_invalid+0x640/0x640 [ 151.831365][ T5619] ? panic+0x770/0x770 [ 151.835499][ T5619] dump_header+0xdc/0x940 [ 151.839880][ T5619] out_of_memory+0xf21/0x12c0 [ 151.844623][ T5619] ? mutex_lock_io_nested+0x60/0x60 [ 151.849865][ T5619] ? preempt_schedule+0xdd/0xf0 [ 151.854731][ T5619] ? unregister_oom_notifier+0x20/0x20 [ 151.860207][ T5619] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 151.866230][ T5619] mem_cgroup_out_of_memory+0x263/0x3b0 [ 151.871808][ T5619] ? preempt_schedule_thunk+0x1a/0x20 [ 151.877202][ T5619] ? mem_cgroup_oom_trylock+0x210/0x210 [ 151.882777][ T5619] ? cgroup_file_notify+0x127/0x190 [ 151.887996][ T5619] memory_max_write+0x355/0x470 [ 151.892868][ T5619] ? memory_max_show+0xa0/0xa0 [ 151.897648][ T5619] ? read_lock_is_recursive+0x20/0x20 [ 151.903042][ T5619] ? memory_max_show+0xa0/0xa0 [ 151.907818][ T5619] cgroup_file_write+0x2b1/0x780 [ 151.912776][ T5619] ? cgroup_seqfile_stop+0xd0/0xd0 [ 151.917900][ T5619] ? __virt_addr_valid+0x22f/0x2e0 [ 151.923130][ T5619] ? cgroup_seqfile_stop+0xd0/0xd0 [ 151.928263][ T5619] kernfs_fop_write_iter+0x3a6/0x4f0 [ 151.933590][ T5619] vfs_write+0x7b2/0xbb0 [ 151.937862][ T5619] ? file_end_write+0x240/0x240 [ 151.942749][ T5619] ? do_raw_spin_unlock+0x13b/0x8b0 [ 151.947972][ T5619] ? lockdep_hardirqs_on+0x98/0x140 [ 151.953196][ T5619] ? __fdget_pos+0x265/0x2f0 [ 151.957823][ T5619] ksys_write+0x1a0/0x2c0 [ 151.962345][ T5619] ? __ia32_sys_read+0x90/0x90 [ 151.967126][ T5619] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 151.973129][ T5619] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 151.979131][ T5619] do_syscall_64+0x41/0xc0 [ 151.983562][ T5619] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.989470][ T5619] RIP: 0033:0x7fd49ce20129 [ 151.993901][ T5619] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.013535][ T5619] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 152.021975][ T5619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 152.029975][ T5619] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5618] close(5) = 0 [pid 5618] close(6) = 0 [pid 5618] close(7) = -1 EBADF (Bad file descriptor) [pid 5618] close(8) = -1 EBADF (Bad file descriptor) [pid 5618] close(9) = -1 EBADF (Bad file descriptor) [pid 5618] close(10) = -1 EBADF (Bad file descriptor) [pid 5618] close(11) = -1 EBADF (Bad file descriptor) [pid 5618] close(12) = -1 EBADF (Bad file descriptor) [pid 5618] close(13) = -1 EBADF (Bad file descriptor) [pid 5618] close(14) = -1 EBADF (Bad file descriptor) [pid 5618] close(15) = -1 EBADF (Bad file descriptor) [pid 5618] close(16) = -1 EBADF (Bad file descriptor) [pid 5618] close(17) = -1 EBADF (Bad file descriptor) [pid 5618] close(18) = -1 EBADF (Bad file descriptor) [pid 5618] close(19) = -1 EBADF (Bad file descriptor) [pid 5618] close(20) = -1 EBADF (Bad file descriptor) [pid 5618] close(21) = -1 EBADF (Bad file descriptor) [pid 5618] close(22) = -1 EBADF (Bad file descriptor) [pid 5618] close(23) = -1 EBADF (Bad file descriptor) [pid 5618] close(24) = -1 EBADF (Bad file descriptor) [pid 5618] close(25) = -1 EBADF (Bad file descriptor) [pid 5618] close(26) = -1 EBADF (Bad file descriptor) [pid 5618] close(27) = -1 EBADF (Bad file descriptor) [pid 5618] close(28) = -1 EBADF (Bad file descriptor) [pid 5618] close(29) = -1 EBADF (Bad file descriptor) [pid 5618] exit_group(0) = ? [ 152.037967][ T5619] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 152.045948][ T5619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 152.053947][ T5619] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000019 [ 152.062055][ T5619] [ 152.083085][ T5619] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5618] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5070] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 152.095625][ T5619] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 152.105233][ T5619] Memory cgroup stats for /syz1: [ 152.105426][ T5619] anon 0 [ 152.105426][ T5619] file 0 [ 152.105426][ T5619] kernel 8192 [ 152.105426][ T5619] kernel_stack 0 [ 152.105426][ T5619] pagetables 0 [ 152.105426][ T5619] sec_pagetables 0 [ 152.105426][ T5619] percpu 0 [ 152.105426][ T5619] sock 0 [ 152.105426][ T5619] vmalloc 0 [ 152.105426][ T5619] shmem 0 [ 152.105426][ T5619] zswap 0 [ 152.105426][ T5619] zswapped 0 [ 152.105426][ T5619] file_mapped 0 [ 152.105426][ T5619] file_dirty 0 [ 152.105426][ T5619] file_writeback 0 [ 152.105426][ T5619] swapcached 0 [ 152.105426][ T5619] anon_thp 0 [ 152.105426][ T5619] file_thp 0 [ 152.105426][ T5619] shmem_thp 0 [ 152.105426][ T5619] inactive_anon 0 [ 152.105426][ T5619] active_anon 0 [ 152.105426][ T5619] inactive_file 0 [ 152.105426][ T5619] active_file 0 [ 152.105426][ T5619] unevictable 0 [ 152.105426][ T5619] slab_reclaimable 6752 [ 152.105426][ T5619] slab_unreclaimable 0 [pid 5070] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./24/binderfs") = 0 [pid 5070] umount2("./24/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./24/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./24/cgroup") = 0 [pid 5070] umount2("./24/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./24/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./24/cgroup.net") = 0 [pid 5070] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./24/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./24/file0") = 0 [pid 5070] umount2("./24/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./24/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./24/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./24") = 0 [pid 5070] mkdir("./25", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5644 attached [pid 5644] chdir("./25" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 27 [pid 5644] <... chdir resumed>) = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5644] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5644] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 152.105426][ T5619] slab 6752 [ 152.105426][ T5619] workingset_refault_anon 0 [ 152.206929][ T5619] Tasks state (memory values in pages): [ 152.212730][ T5619] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [ 152.263239][ T5619] Out of memory and no killable processes... [ 152.276044][ T5630] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 152.297256][ T5630] CPU: 0 PID: 5630 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 152.307744][ T5630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 152.317837][ T5630] Call Trace: [ 152.321152][ T5630] [ 152.324119][ T5630] dump_stack_lvl+0x1e7/0x2d0 [ 152.328852][ T5630] ? nf_tcp_handle_invalid+0x640/0x640 [ 152.334640][ T5630] ? panic+0x770/0x770 [ 152.339395][ T5630] dump_header+0xdc/0x940 [ 152.344311][ T5630] out_of_memory+0xf21/0x12c0 [ 152.349051][ T5630] ? mutex_lock_io_nested+0x60/0x60 [ 152.354325][ T5630] ? preempt_schedule+0xdd/0xf0 [ 152.359226][ T5630] ? unregister_oom_notifier+0x20/0x20 [ 152.364796][ T5630] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 152.370827][ T5630] mem_cgroup_out_of_memory+0x263/0x3b0 [ 152.376411][ T5630] ? preempt_schedule_thunk+0x1a/0x20 [ 152.381811][ T5630] ? mem_cgroup_oom_trylock+0x210/0x210 [ 152.387399][ T5630] ? cgroup_file_notify+0x127/0x190 [ 152.392620][ T5630] memory_max_write+0x355/0x470 [ 152.397505][ T5630] ? memory_max_show+0xa0/0xa0 [ 152.402287][ T5630] ? read_lock_is_recursive+0x20/0x20 [ 152.407682][ T5630] ? memory_max_show+0xa0/0xa0 [ 152.412462][ T5630] cgroup_file_write+0x2b1/0x780 [ 152.417423][ T5630] ? cgroup_seqfile_stop+0xd0/0xd0 [ 152.422543][ T5630] ? __virt_addr_valid+0x22f/0x2e0 [ 152.427679][ T5630] ? cgroup_seqfile_stop+0xd0/0xd0 [ 152.432815][ T5630] kernfs_fop_write_iter+0x3a6/0x4f0 [ 152.438293][ T5630] vfs_write+0x7b2/0xbb0 [ 152.442558][ T5630] ? file_end_write+0x240/0x240 [ 152.447432][ T5630] ? do_raw_spin_unlock+0x13b/0x8b0 [ 152.452647][ T5630] ? lockdep_hardirqs_on+0x98/0x140 [ 152.457867][ T5630] ? __fdget_pos+0x265/0x2f0 [ 152.462500][ T5630] ksys_write+0x1a0/0x2c0 [ 152.466850][ T5630] ? __ia32_sys_read+0x90/0x90 [ 152.471626][ T5630] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 152.477631][ T5630] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 152.483719][ T5630] do_syscall_64+0x41/0xc0 [ 152.488151][ T5630] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 152.494059][ T5630] RIP: 0033:0x7fd49ce20129 [ 152.498511][ T5630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.518125][ T5630] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 152.526570][ T5630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 152.534560][ T5630] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 152.542535][ T5630] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 152.550511][ T5630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5644] symlink("/dev/binderfs", "./binderfs" [pid 5619] <... write resumed>) = 18 [pid 5619] close(3) = 0 [pid 5619] close(4) = 0 [pid 5619] close(5) = 0 [pid 5619] close(6) = 0 [pid 5619] close(7) = -1 EBADF (Bad file descriptor) [pid 5619] close(8) = -1 EBADF (Bad file descriptor) [pid 5619] close(9) = -1 EBADF (Bad file descriptor) [pid 5619] close(10) = -1 EBADF (Bad file descriptor) [pid 5619] close(11) = -1 EBADF (Bad file descriptor) [pid 5619] close(12) = -1 EBADF (Bad file descriptor) [pid 5619] close(13) = -1 EBADF (Bad file descriptor) [pid 5619] close(14) = -1 EBADF (Bad file descriptor) [pid 5619] close(15) = -1 EBADF (Bad file descriptor) [pid 5619] close(16) = -1 EBADF (Bad file descriptor) [pid 5619] close(17) = -1 EBADF (Bad file descriptor) [pid 5619] close(18) = -1 EBADF (Bad file descriptor) [pid 5619] close(19) = -1 EBADF (Bad file descriptor) [pid 5619] close(20) = -1 EBADF (Bad file descriptor) [pid 5619] close(21) = -1 EBADF (Bad file descriptor) [pid 5619] close(22) = -1 EBADF (Bad file descriptor) [pid 5619] close(23) = -1 EBADF (Bad file descriptor) [pid 5619] close(24) = -1 EBADF (Bad file descriptor) [pid 5619] close(25) = -1 EBADF (Bad file descriptor) [pid 5619] close(26) = -1 EBADF (Bad file descriptor) [pid 5619] close(27) = -1 EBADF (Bad file descriptor) [pid 5619] close(28) = -1 EBADF (Bad file descriptor) [pid 5619] close(29) = -1 EBADF (Bad file descriptor) [pid 5619] exit_group(0) = ? [pid 5619] +++ exited with 0 +++ [pid 5644] <... symlink resumed>) = 0 [pid 5644] mkdir("./file0", 000) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5644] open("./file0", O_RDONLY) = 3 [pid 5072] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5644] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5644] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5072] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5644] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5644] openat(5, "memory.max", O_RDWR [pid 5072] <... openat resumed>) = 3 [pid 5644] <... openat resumed>) = 6 [pid 5072] fstat(3, [pid 5644] write(6, "0x000000000000040e", 18 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 152.558494][ T5630] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000020 [ 152.566530][ T5630] [ 152.575820][ T5630] memory: usage 8kB, limit 0kB, failcnt 55 [ 152.585621][ T5630] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 152.609567][ T5630] Memory cgroup stats for /syz1: [ 152.609729][ T5630] anon 0 [ 152.609729][ T5630] file 0 [ 152.609729][ T5630] kernel 8192 [ 152.609729][ T5630] kernel_stack 0 [ 152.609729][ T5630] pagetables 0 [ 152.609729][ T5630] sec_pagetables 0 [ 152.609729][ T5630] percpu 0 [ 152.609729][ T5630] sock 0 [ 152.609729][ T5630] vmalloc 0 [ 152.609729][ T5630] shmem 0 [ 152.609729][ T5630] zswap 0 [ 152.609729][ T5630] zswapped 0 [ 152.609729][ T5630] file_mapped 0 [ 152.609729][ T5630] file_dirty 0 [ 152.609729][ T5630] file_writeback 0 [ 152.609729][ T5630] swapcached 0 [ 152.609729][ T5630] anon_thp 0 [ 152.609729][ T5630] file_thp 0 [ 152.609729][ T5630] shmem_thp 0 [ 152.609729][ T5630] inactive_anon 0 [ 152.609729][ T5630] active_anon 0 [ 152.609729][ T5630] inactive_file 0 [ 152.609729][ T5630] active_file 0 [ 152.609729][ T5630] unevictable 0 [ 152.609729][ T5630] slab_reclaimable 6752 [ 152.609729][ T5630] slab_unreclaimable 0 [ 152.609729][ T5630] slab 6752 [ 152.609729][ T5630] workingset_refault_anon 0 [pid 5072] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./25/binderfs") = 0 [pid 5630] <... write resumed>) = 18 [pid 5072] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5630] close(3 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5630] <... close resumed>) = 0 [pid 5072] lstat("./25/cgroup", [pid 5630] close(4 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5630] <... close resumed>) = 0 [pid 5072] unlink("./25/cgroup" [pid 5630] close(5 [pid 5072] <... unlink resumed>) = 0 [pid 5630] <... close resumed>) = 0 [pid 5072] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5630] close(6 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5630] <... close resumed>) = 0 [pid 5072] lstat("./25/cgroup.net", [pid 5630] close(7 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 152.711220][ T5630] Tasks state (memory values in pages): [ 152.718167][ T5630] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 152.729227][ T5630] Out of memory and no killable processes... [ 152.735836][ T5636] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 152.749114][ T5636] CPU: 1 PID: 5636 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5630] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] unlink("./25/cgroup.net" [pid 5630] close(8 [pid 5072] <... unlink resumed>) = 0 [pid 5630] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5630] close(9) = -1 EBADF (Bad file descriptor) [pid 5630] close(10) = -1 EBADF (Bad file descriptor) [pid 5630] close(11) = -1 EBADF (Bad file descriptor) [pid 5630] close(12) = -1 EBADF (Bad file descriptor) [ 152.759586][ T5636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 152.769684][ T5636] Call Trace: [ 152.773007][ T5636] [ 152.775981][ T5636] dump_stack_lvl+0x1e7/0x2d0 [ 152.780714][ T5636] ? nf_tcp_handle_invalid+0x640/0x640 [ 152.786225][ T5636] ? panic+0x770/0x770 [ 152.790386][ T5636] dump_header+0xdc/0x940 [ 152.794774][ T5636] out_of_memory+0xf21/0x12c0 [ 152.799512][ T5636] ? mutex_lock_io_nested+0x60/0x60 [ 152.804774][ T5636] ? preempt_schedule+0xdd/0xf0 [ 152.809678][ T5636] ? unregister_oom_notifier+0x20/0x20 [ 152.815186][ T5636] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 152.821254][ T5636] mem_cgroup_out_of_memory+0x263/0x3b0 [ 152.826856][ T5636] ? preempt_schedule_thunk+0x1a/0x20 [ 152.832284][ T5636] ? mem_cgroup_oom_trylock+0x210/0x210 [ 152.837899][ T5636] ? cgroup_file_notify+0x127/0x190 [ 152.843138][ T5636] memory_max_write+0x355/0x470 [ 152.848046][ T5636] ? memory_max_show+0xa0/0xa0 [ 152.852852][ T5636] ? read_lock_is_recursive+0x20/0x20 [ 152.858288][ T5636] ? memory_max_show+0xa0/0xa0 [ 152.863088][ T5636] cgroup_file_write+0x2b1/0x780 [ 152.868070][ T5636] ? cgroup_seqfile_stop+0xd0/0xd0 [ 152.873220][ T5636] ? __virt_addr_valid+0x22f/0x2e0 [ 152.878401][ T5636] ? cgroup_seqfile_stop+0xd0/0xd0 [ 152.883543][ T5636] kernfs_fop_write_iter+0x3a6/0x4f0 [ 152.888890][ T5636] vfs_write+0x7b2/0xbb0 [ 152.893188][ T5636] ? file_end_write+0x240/0x240 [ 152.898086][ T5636] ? do_raw_spin_unlock+0x13b/0x8b0 [ 152.903334][ T5636] ? lockdep_hardirqs_on+0x98/0x140 [ 152.908592][ T5636] ? __fdget_pos+0x265/0x2f0 [ 152.913227][ T5636] ksys_write+0x1a0/0x2c0 [ 152.917619][ T5636] ? __ia32_sys_read+0x90/0x90 [ 152.922427][ T5636] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 152.928487][ T5636] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 152.934520][ T5636] do_syscall_64+0x41/0xc0 [ 152.938991][ T5636] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 152.944924][ T5636] RIP: 0033:0x7fd49ce20129 [ 152.949362][ T5636] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.969015][ T5636] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 152.977494][ T5636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 152.985505][ T5636] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 152.993501][ T5636] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 153.001514][ T5636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5630] close(13) = -1 EBADF (Bad file descriptor) [pid 5630] close(14) = -1 EBADF (Bad file descriptor) [pid 5630] close(15) = -1 EBADF (Bad file descriptor) [pid 5630] close(16) = -1 EBADF (Bad file descriptor) [pid 5630] close(17) = -1 EBADF (Bad file descriptor) [pid 5630] close(18) = -1 EBADF (Bad file descriptor) [pid 5630] close(19) = -1 EBADF (Bad file descriptor) [pid 5630] close(20) = -1 EBADF (Bad file descriptor) [pid 5630] close(21) = -1 EBADF (Bad file descriptor) [pid 5630] close(22) = -1 EBADF (Bad file descriptor) [pid 5630] close(23) = -1 EBADF (Bad file descriptor) [pid 5630] close(24) = -1 EBADF (Bad file descriptor) [pid 5630] close(25) = -1 EBADF (Bad file descriptor) [pid 5630] close(26) = -1 EBADF (Bad file descriptor) [pid 5630] close(27) = -1 EBADF (Bad file descriptor) [pid 5630] close(28) = -1 EBADF (Bad file descriptor) [pid 5630] close(29) = -1 EBADF (Bad file descriptor) [pid 5630] exit_group(0) = ? [pid 5630] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./32/binderfs") = 0 [pid 5074] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./32/cgroup") = 0 [pid 5074] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./32/cgroup.net") = 0 [pid 5074] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... umount2 resumed>) = 0 [pid 5074] <... umount2 resumed>) = 0 [pid 5072] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./25/file0", [pid 5074] lstat("./32/file0", [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] <... openat resumed>) = 4 [pid 5074] <... openat resumed>) = 4 [pid 5072] fstat(4, [pid 5074] fstat(4, [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, [pid 5074] getdents64(4, [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, [pid 5074] getdents64(4, [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4 [pid 5074] close(4 [pid 5072] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5072] rmdir("./25/file0" [pid 5074] rmdir("./32/file0" [pid 5072] <... rmdir resumed>) = 0 [pid 5074] <... rmdir resumed>) = 0 [pid 5072] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./25/cgroup.cpu", [pid 5074] lstat("./32/cgroup.cpu", [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 153.009538][ T5636] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001f [ 153.017597][ T5636] [ 153.031217][ T5636] memory: usage 8kB, limit 0kB, failcnt 55 [ 153.037555][ T5636] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 153.045064][ T5636] Memory cgroup stats for /syz1: [ 153.045350][ T5636] anon 0 [ 153.045350][ T5636] file 0 [ 153.045350][ T5636] kernel 8192 [ 153.045350][ T5636] kernel_stack 0 [ 153.045350][ T5636] pagetables 0 [pid 5072] unlink("./25/cgroup.cpu" [pid 5074] unlink("./32/cgroup.cpu" [pid 5072] <... unlink resumed>) = 0 [pid 5074] <... unlink resumed>) = 0 [pid 5072] getdents64(3, [pid 5074] getdents64(3, [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3 [pid 5074] close(3 [pid 5072] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5072] rmdir("./25" [pid 5074] rmdir("./32" [pid 5072] <... rmdir resumed>) = 0 [pid 5074] <... rmdir resumed>) = 0 [pid 5072] mkdir("./26", 0777 [pid 5074] mkdir("./33", 0777 [pid 5072] <... mkdir resumed>) = 0 [ 153.045350][ T5636] sec_pagetables 0 [ 153.045350][ T5636] percpu 0 [ 153.045350][ T5636] sock 0 [ 153.045350][ T5636] vmalloc 0 [ 153.045350][ T5636] shmem 0 [ 153.045350][ T5636] zswap 0 [ 153.045350][ T5636] zswapped 0 [ 153.045350][ T5636] file_mapped 0 [ 153.045350][ T5636] file_dirty 0 [ 153.045350][ T5636] file_writeback 0 [ 153.045350][ T5636] swapcached 0 [ 153.045350][ T5636] anon_thp 0 [ 153.045350][ T5636] file_thp 0 [ 153.045350][ T5636] shmem_thp 0 [ 153.045350][ T5636] inactive_anon 0 [ 153.045350][ T5636] active_anon 0 [pid 5074] <... mkdir resumed>) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5646 attached [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 28 [pid 5646] chdir("./33" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 35 [pid 5646] <... chdir resumed>) = 0 [pid 5646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5646] setpgid(0, 0) = 0 [pid 5646] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5646] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5646] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5646] write(3, "1000", 4) = 4 [pid 5646] close(3) = 0 [pid 5646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5646] mkdir("./file0", 000) = 0 [pid 5646] open("./file0", O_RDONLY) = 3 [pid 5646] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5646] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5646] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5646] openat(5, "memory.max", O_RDWR) = 6 [pid 5646] write(6, "0x000000000000040e", 18./strace-static-x86_64: Process 5645 attached [pid 5645] chdir("./26") = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [ 153.045350][ T5636] inactive_file 0 [ 153.045350][ T5636] active_file 0 [ 153.045350][ T5636] unevictable 0 [ 153.045350][ T5636] slab_reclaimable 6752 [ 153.045350][ T5636] slab_unreclaimable 0 [ 153.045350][ T5636] slab 6752 [ 153.045350][ T5636] workingset_refault_anon 0 [ 153.151749][ T5636] Tasks state (memory values in pages): [ 153.157971][ T5636] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5645] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5645] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5645] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] mkdir("./file0", 000 [pid 5636] <... write resumed>) = 18 [pid 5645] <... mkdir resumed>) = 0 [pid 5645] open("./file0", O_RDONLY) = 3 [pid 5645] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5645] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5645] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5645] openat(5, "memory.max", O_RDWR) = 6 [pid 5645] write(6, "0x000000000000040e", 18 [pid 5636] close(3) = 0 [pid 5636] close(4) = 0 [pid 5636] close(5) = 0 [pid 5636] close(6) = 0 [ 153.168564][ T5636] Out of memory and no killable processes... [ 153.175359][ T5639] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 153.186766][ T5639] CPU: 1 PID: 5639 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 153.197240][ T5639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 153.207338][ T5639] Call Trace: [ 153.210646][ T5639] [ 153.213605][ T5639] dump_stack_lvl+0x1e7/0x2d0 [pid 5636] close(7) = -1 EBADF (Bad file descriptor) [pid 5636] close(8) = -1 EBADF (Bad file descriptor) [pid 5636] close(9) = -1 EBADF (Bad file descriptor) [pid 5636] close(10) = -1 EBADF (Bad file descriptor) [pid 5636] close(11) = -1 EBADF (Bad file descriptor) [pid 5636] close(12) = -1 EBADF (Bad file descriptor) [pid 5636] close(13) = -1 EBADF (Bad file descriptor) [pid 5636] close(14) = -1 EBADF (Bad file descriptor) [pid 5636] close(15) = -1 EBADF (Bad file descriptor) [ 153.218358][ T5639] ? nf_tcp_handle_invalid+0x640/0x640 [ 153.223874][ T5639] ? panic+0x770/0x770 [ 153.228015][ T5639] dump_header+0xdc/0x940 [ 153.232387][ T5639] out_of_memory+0xf21/0x12c0 [ 153.237125][ T5639] ? mutex_lock_io_nested+0x60/0x60 [ 153.242387][ T5639] ? mark_lock+0x9a/0x340 [ 153.246783][ T5639] ? unregister_oom_notifier+0x20/0x20 [ 153.252282][ T5639] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 153.258298][ T5639] mem_cgroup_out_of_memory+0x263/0x3b0 [ 153.263888][ T5639] ? mem_cgroup_oom_trylock+0x210/0x210 [ 153.269482][ T5639] ? cgroup_file_notify+0x127/0x190 [ 153.274732][ T5639] memory_max_write+0x355/0x470 [ 153.279610][ T5639] ? memory_max_show+0xa0/0xa0 [ 153.284390][ T5639] ? read_lock_is_recursive+0x20/0x20 [ 153.289784][ T5639] ? memory_max_show+0xa0/0xa0 [ 153.294564][ T5639] cgroup_file_write+0x2b1/0x780 [ 153.299525][ T5639] ? cgroup_seqfile_stop+0xd0/0xd0 [ 153.304651][ T5639] ? __virt_addr_valid+0x22f/0x2e0 [ 153.309789][ T5639] ? cgroup_seqfile_stop+0xd0/0xd0 [ 153.314910][ T5639] kernfs_fop_write_iter+0x3a6/0x4f0 [ 153.320218][ T5639] vfs_write+0x7b2/0xbb0 [ 153.324506][ T5639] ? file_end_write+0x240/0x240 [ 153.329383][ T5639] ? do_raw_spin_unlock+0x13b/0x8b0 [ 153.334620][ T5639] ? lockdep_hardirqs_on+0x98/0x140 [ 153.339847][ T5639] ? __fdget_pos+0x265/0x2f0 [ 153.344476][ T5639] ksys_write+0x1a0/0x2c0 [ 153.348829][ T5639] ? __ia32_sys_read+0x90/0x90 [ 153.353611][ T5639] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 153.359625][ T5639] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 153.365631][ T5639] do_syscall_64+0x41/0xc0 [ 153.370067][ T5639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 153.375983][ T5639] RIP: 0033:0x7fd49ce20129 [ 153.380412][ T5639] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.400027][ T5639] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 153.408456][ T5639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5636] close(16) = -1 EBADF (Bad file descriptor) [pid 5636] close(17) = -1 EBADF (Bad file descriptor) [pid 5636] close(18) = -1 EBADF (Bad file descriptor) [pid 5636] close(19) = -1 EBADF (Bad file descriptor) [pid 5636] close(20) = -1 EBADF (Bad file descriptor) [pid 5636] close(21) = -1 EBADF (Bad file descriptor) [pid 5636] close(22) = -1 EBADF (Bad file descriptor) [pid 5636] close(23) = -1 EBADF (Bad file descriptor) [pid 5636] close(24) = -1 EBADF (Bad file descriptor) [pid 5636] close(25) = -1 EBADF (Bad file descriptor) [ 153.416441][ T5639] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 153.424420][ T5639] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 153.432399][ T5639] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 153.440383][ T5639] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001c [ 153.448382][ T5639] [ 153.454675][ T5639] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5636] close(26) = -1 EBADF (Bad file descriptor) [pid 5636] close(27) = -1 EBADF (Bad file descriptor) [pid 5636] close(28) = -1 EBADF (Bad file descriptor) [pid 5636] close(29) = -1 EBADF (Bad file descriptor) [pid 5636] exit_group(0) = ? [pid 5636] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./31/binderfs") = 0 [pid 5075] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./31/cgroup") = 0 [pid 5075] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./31/cgroup.net") = 0 [ 153.470144][ T5639] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 153.478687][ T5639] Memory cgroup stats for /syz1: [ 153.478883][ T5639] anon 0 [ 153.478883][ T5639] file 0 [ 153.478883][ T5639] kernel 8192 [ 153.478883][ T5639] kernel_stack 0 [ 153.478883][ T5639] pagetables 0 [ 153.478883][ T5639] sec_pagetables 0 [ 153.478883][ T5639] percpu 0 [ 153.478883][ T5639] sock 0 [ 153.478883][ T5639] vmalloc 0 [ 153.478883][ T5639] shmem 0 [ 153.478883][ T5639] zswap 0 [ 153.478883][ T5639] zswapped 0 [ 153.478883][ T5639] file_mapped 0 [ 153.478883][ T5639] file_dirty 0 [ 153.478883][ T5639] file_writeback 0 [ 153.478883][ T5639] swapcached 0 [ 153.478883][ T5639] anon_thp 0 [ 153.478883][ T5639] file_thp 0 [ 153.478883][ T5639] shmem_thp 0 [ 153.478883][ T5639] inactive_anon 0 [ 153.478883][ T5639] active_anon 0 [ 153.478883][ T5639] inactive_file 0 [ 153.478883][ T5639] active_file 0 [ 153.478883][ T5639] unevictable 0 [ 153.478883][ T5639] slab_reclaimable 6752 [ 153.478883][ T5639] slab_unreclaimable 0 [ 153.478883][ T5639] slab 6752 [pid 5075] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5639] <... write resumed>) = 18 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 153.478883][ T5639] workingset_refault_anon 0 [ 153.579769][ T5639] Tasks state (memory values in pages): [ 153.585368][ T5639] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 153.595430][ T5639] Out of memory and no killable processes... [ 153.601874][ T5644] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5075] close(4) = 0 [pid 5075] rmdir("./31/file0") = 0 [pid 5075] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./31/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./31") = 0 [pid 5075] mkdir("./32", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 34 [pid 5639] close(3) = 0 [pid 5639] close(4) = 0 [pid 5639] close(5) = 0 [pid 5639] close(6) = 0 [pid 5639] close(7) = -1 EBADF (Bad file descriptor) [pid 5639] close(8) = -1 EBADF (Bad file descriptor) [pid 5639] close(9) = -1 EBADF (Bad file descriptor) [pid 5639] close(10) = -1 EBADF (Bad file descriptor) [pid 5639] close(11) = -1 EBADF (Bad file descriptor) [pid 5639] close(12) = -1 EBADF (Bad file descriptor) [ 153.614172][ T5644] CPU: 0 PID: 5644 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 153.624646][ T5644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 153.634754][ T5644] Call Trace: [ 153.638065][ T5644] [ 153.641045][ T5644] dump_stack_lvl+0x1e7/0x2d0 [ 153.645792][ T5644] ? nf_tcp_handle_invalid+0x640/0x640 [ 153.651312][ T5644] ? panic+0x770/0x770 [ 153.655465][ T5644] dump_header+0xdc/0x940 [ 153.659855][ T5644] out_of_memory+0xf21/0x12c0 [ 153.664592][ T5644] ? mutex_lock_io_nested+0x60/0x60 [pid 5639] close(13) = -1 EBADF (Bad file descriptor) [pid 5639] close(14) = -1 EBADF (Bad file descriptor) [pid 5639] close(15) = -1 EBADF (Bad file descriptor) [pid 5639] close(16) = -1 EBADF (Bad file descriptor) [pid 5639] close(17) = -1 EBADF (Bad file descriptor) [pid 5639] close(18) = -1 EBADF (Bad file descriptor) [pid 5639] close(19) = -1 EBADF (Bad file descriptor) [pid 5639] close(20) = -1 EBADF (Bad file descriptor) [pid 5639] close(21) = -1 EBADF (Bad file descriptor) [pid 5639] close(22) = -1 EBADF (Bad file descriptor) [pid 5639] close(23) = -1 EBADF (Bad file descriptor) [pid 5639] close(24) = -1 EBADF (Bad file descriptor) [pid 5639] close(25) = -1 EBADF (Bad file descriptor) [pid 5639] close(26) = -1 EBADF (Bad file descriptor) [pid 5639] close(27) = -1 EBADF (Bad file descriptor) [pid 5639] close(28) = -1 EBADF (Bad file descriptor) [pid 5639] close(29) = -1 EBADF (Bad file descriptor) [pid 5639] exit_group(0) = ? [pid 5639] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 153.669855][ T5644] ? mark_lock+0x9a/0x340 [ 153.674225][ T5644] ? unregister_oom_notifier+0x20/0x20 [ 153.679734][ T5644] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 153.685785][ T5644] mem_cgroup_out_of_memory+0x263/0x3b0 [ 153.691405][ T5644] ? mem_cgroup_oom_trylock+0x210/0x210 [ 153.697031][ T5644] ? cgroup_file_notify+0x127/0x190 [ 153.702296][ T5644] memory_max_write+0x355/0x470 [ 153.707217][ T5644] ? memory_max_show+0xa0/0xa0 [ 153.712056][ T5644] ? read_lock_is_recursive+0x20/0x20 [pid 5073] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./28/binderfs") = 0 [pid 5073] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./28/cgroup") = 0 [pid 5073] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./28/cgroup.net") = 0 [pid 5073] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5648 attached [pid 5648] chdir("./32") = 0 [pid 5648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5648] setpgid(0, 0) = 0 [pid 5648] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [ 153.717499][ T5644] ? memory_max_show+0xa0/0xa0 [ 153.722316][ T5644] cgroup_file_write+0x2b1/0x780 [ 153.727317][ T5644] ? cgroup_seqfile_stop+0xd0/0xd0 [ 153.732479][ T5644] ? __virt_addr_valid+0x22f/0x2e0 [ 153.737673][ T5644] ? cgroup_seqfile_stop+0xd0/0xd0 [ 153.742838][ T5644] kernfs_fop_write_iter+0x3a6/0x4f0 [ 153.748195][ T5644] vfs_write+0x7b2/0xbb0 [ 153.752509][ T5644] ? file_end_write+0x240/0x240 [ 153.757419][ T5644] ? do_raw_spin_unlock+0x13b/0x8b0 [ 153.762674][ T5644] ? lockdep_hardirqs_on+0x98/0x140 [pid 5648] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5648] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5648] write(3, "1000", 4) = 4 [pid 5648] close(3) = 0 [pid 5648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5648] mkdir("./file0", 000) = 0 [pid 5648] open("./file0", O_RDONLY) = 3 [pid 5648] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5648] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5648] openat(5, "memory.max", O_RDWR) = 6 [ 153.767934][ T5644] ? __fdget_pos+0x265/0x2f0 [ 153.772575][ T5644] ksys_write+0x1a0/0x2c0 [ 153.776961][ T5644] ? __ia32_sys_read+0x90/0x90 [ 153.781778][ T5644] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 153.787840][ T5644] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 153.793884][ T5644] do_syscall_64+0x41/0xc0 [ 153.798366][ T5644] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 153.804318][ T5644] RIP: 0033:0x7fd49ce20129 [ 153.808771][ T5644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.828423][ T5644] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 153.836866][ T5644] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 153.844881][ T5644] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 153.852874][ T5644] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 153.860877][ T5644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5648] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./28/file0") = 0 [pid 5073] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./28/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 153.868884][ T5644] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000019 [ 153.876896][ T5644] [ 153.899897][ T5644] memory: usage 8kB, limit 0kB, failcnt 55 [ 153.905795][ T5644] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 153.913182][ T5644] Memory cgroup stats for /syz1: [ 153.913398][ T5644] anon 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./28") = 0 [pid 5073] mkdir("./29", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 31 [ 153.913398][ T5644] file 0 [ 153.913398][ T5644] kernel 8192 [ 153.913398][ T5644] kernel_stack 0 [ 153.913398][ T5644] pagetables 0 [ 153.913398][ T5644] sec_pagetables 0 [ 153.913398][ T5644] percpu 0 [ 153.913398][ T5644] sock 0 [ 153.913398][ T5644] vmalloc 0 [ 153.913398][ T5644] shmem 0 [ 153.913398][ T5644] zswap 0 [ 153.913398][ T5644] zswapped 0 [ 153.913398][ T5644] file_mapped 0 [ 153.913398][ T5644] file_dirty 0 [ 153.913398][ T5644] file_writeback 0 [ 153.913398][ T5644] swapcached 0 [ 153.913398][ T5644] anon_thp 0 ./strace-static-x86_64: Process 5649 attached [pid 5649] chdir("./29") = 0 [ 153.913398][ T5644] file_thp 0 [ 153.913398][ T5644] shmem_thp 0 [ 153.913398][ T5644] inactive_anon 0 [ 153.913398][ T5644] active_anon 0 [ 153.913398][ T5644] inactive_file 0 [ 153.913398][ T5644] active_file 0 [ 153.913398][ T5644] unevictable 0 [ 153.913398][ T5644] slab_reclaimable 6752 [ 153.913398][ T5644] slab_unreclaimable 0 [ 153.913398][ T5644] slab 6752 [ 153.913398][ T5644] workingset_refault_anon 0 [ 154.013903][ T5644] Tasks state (memory values in pages): [pid 5649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5649] setpgid(0, 0) = 0 [pid 5649] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 154.027021][ T5644] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 154.042439][ T5644] Out of memory and no killable processes... [ 154.050907][ T5646] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 154.066617][ T5646] CPU: 1 PID: 5646 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5649] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5644] <... write resumed>) = 18 [pid 5649] <... symlink resumed>) = 0 [pid 5649] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5644] close(3 [pid 5649] <... symlink resumed>) = 0 [pid 5649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5644] <... close resumed>) = 0 [pid 5649] <... openat resumed>) = 3 [pid 5649] write(3, "1000", 4 [pid 5644] close(4 [pid 5649] <... write resumed>) = 4 [pid 5649] close(3 [pid 5644] <... close resumed>) = 0 [pid 5649] <... close resumed>) = 0 [pid 5649] symlink("/dev/binderfs", "./binderfs" [pid 5644] close(5 [pid 5649] <... symlink resumed>) = 0 [pid 5649] mkdir("./file0", 000 [pid 5644] <... close resumed>) = 0 [pid 5649] <... mkdir resumed>) = 0 [pid 5649] open("./file0", O_RDONLY [pid 5644] close(6 [pid 5649] <... open resumed>) = 3 [pid 5649] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5644] <... close resumed>) = 0 [pid 5649] <... mount resumed>) = 0 [pid 5649] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5644] close(7 [pid 5649] <... openat resumed>) = 4 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5649] openat(4, "syz1", O_RDWR|O_PATH [pid 5644] close(8 [pid 5649] <... openat resumed>) = 5 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5649] openat(5, "memory.max", O_RDWR [pid 5644] close(9 [pid 5649] <... openat resumed>) = 6 [pid 5644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5649] write(6, "0x000000000000040e", 18 [pid 5644] close(10) = -1 EBADF (Bad file descriptor) [pid 5644] close(11) = -1 EBADF (Bad file descriptor) [pid 5644] close(12) = -1 EBADF (Bad file descriptor) [pid 5644] close(13) = -1 EBADF (Bad file descriptor) [pid 5644] close(14) = -1 EBADF (Bad file descriptor) [pid 5644] close(15) = -1 EBADF (Bad file descriptor) [pid 5644] close(16) = -1 EBADF (Bad file descriptor) [pid 5644] close(17) = -1 EBADF (Bad file descriptor) [pid 5644] close(18) = -1 EBADF (Bad file descriptor) [pid 5644] close(19) = -1 EBADF (Bad file descriptor) [pid 5644] close(20) = -1 EBADF (Bad file descriptor) [pid 5644] close(21) = -1 EBADF (Bad file descriptor) [pid 5644] close(22) = -1 EBADF (Bad file descriptor) [pid 5644] close(23) = -1 EBADF (Bad file descriptor) [pid 5644] close(24) = -1 EBADF (Bad file descriptor) [pid 5644] close(25) = -1 EBADF (Bad file descriptor) [pid 5644] close(26) = -1 EBADF (Bad file descriptor) [pid 5644] close(27) = -1 EBADF (Bad file descriptor) [pid 5644] close(28) = -1 EBADF (Bad file descriptor) [pid 5644] close(29) = -1 EBADF (Bad file descriptor) [pid 5644] exit_group(0) = ? [pid 5644] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./25/binderfs") = 0 [pid 5070] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./25/cgroup") = 0 [ 154.077093][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 154.087188][ T5646] Call Trace: [ 154.090505][ T5646] [ 154.093468][ T5646] dump_stack_lvl+0x1e7/0x2d0 [ 154.098200][ T5646] ? nf_tcp_handle_invalid+0x640/0x640 [ 154.103729][ T5646] ? panic+0x770/0x770 [ 154.107865][ T5646] dump_header+0xdc/0x940 [ 154.112250][ T5646] out_of_memory+0xf21/0x12c0 [ 154.116990][ T5646] ? mutex_lock_io_nested+0x60/0x60 [ 154.122248][ T5646] ? mark_lock+0x9a/0x340 [pid 5070] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./25/cgroup.net") = 0 [ 154.126623][ T5646] ? unregister_oom_notifier+0x20/0x20 [ 154.132135][ T5646] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 154.138181][ T5646] mem_cgroup_out_of_memory+0x263/0x3b0 [ 154.143799][ T5646] ? mem_cgroup_oom_trylock+0x210/0x210 [ 154.149392][ T5646] ? cgroup_file_notify+0x127/0x190 [ 154.154624][ T5646] memory_max_write+0x355/0x470 [ 154.159530][ T5646] ? memory_max_show+0xa0/0xa0 [ 154.164319][ T5646] ? read_lock_is_recursive+0x20/0x20 [ 154.169708][ T5646] ? memory_max_show+0xa0/0xa0 [ 154.174495][ T5646] cgroup_file_write+0x2b1/0x780 [ 154.179467][ T5646] ? cgroup_seqfile_stop+0xd0/0xd0 [ 154.184602][ T5646] ? __virt_addr_valid+0x22f/0x2e0 [ 154.189737][ T5646] ? cgroup_seqfile_stop+0xd0/0xd0 [ 154.194892][ T5646] kernfs_fop_write_iter+0x3a6/0x4f0 [ 154.200206][ T5646] vfs_write+0x7b2/0xbb0 [ 154.204488][ T5646] ? file_end_write+0x240/0x240 [ 154.209372][ T5646] ? do_raw_spin_unlock+0x13b/0x8b0 [ 154.214604][ T5646] ? lockdep_hardirqs_on+0x98/0x140 [ 154.219840][ T5646] ? __fdget_pos+0x265/0x2f0 [ 154.224462][ T5646] ksys_write+0x1a0/0x2c0 [ 154.228833][ T5646] ? __ia32_sys_read+0x90/0x90 [ 154.233659][ T5646] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 154.239678][ T5646] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 154.245699][ T5646] do_syscall_64+0x41/0xc0 [ 154.250130][ T5646] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.256038][ T5646] RIP: 0033:0x7fd49ce20129 [ 154.260471][ T5646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 154.280116][ T5646] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 154.288583][ T5646] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 154.296591][ T5646] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 154.304585][ T5646] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 154.312561][ T5646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 154.320545][ T5646] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000021 [pid 5070] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./25/file0") = 0 [pid 5070] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./25/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./25") = 0 [pid 5070] mkdir("./26", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5650 attached [ 154.328570][ T5646] [ 154.338935][ T5646] memory: usage 8kB, limit 0kB, failcnt 55 [ 154.345355][ T5646] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 154.353353][ T5646] Memory cgroup stats for /syz1: [ 154.354370][ T5646] anon 0 [ 154.354370][ T5646] file 0 [ 154.354370][ T5646] kernel 8192 [ 154.354370][ T5646] kernel_stack 0 [ 154.354370][ T5646] pagetables 0 [ 154.354370][ T5646] sec_pagetables 0 [ 154.354370][ T5646] percpu 0 [ 154.354370][ T5646] sock 0 [ 154.354370][ T5646] vmalloc 0 [ 154.354370][ T5646] shmem 0 [ 154.354370][ T5646] zswap 0 [ 154.354370][ T5646] zswapped 0 [ 154.354370][ T5646] file_mapped 0 [ 154.354370][ T5646] file_dirty 0 [ 154.354370][ T5646] file_writeback 0 [ 154.354370][ T5646] swapcached 0 [ 154.354370][ T5646] anon_thp 0 [ 154.354370][ T5646] file_thp 0 [ 154.354370][ T5646] shmem_thp 0 [ 154.354370][ T5646] inactive_anon 0 [ 154.354370][ T5646] active_anon 0 [ 154.354370][ T5646] inactive_file 0 [pid 5650] chdir("./26" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 28 [pid 5650] <... chdir resumed>) = 0 [pid 5650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5650] setpgid(0, 0) = 0 [pid 5650] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5650] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5650] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5650] write(3, "1000", 4) = 4 [pid 5650] close(3) = 0 [pid 5650] symlink("/dev/binderfs", "./binderfs") = 0 [ 154.354370][ T5646] active_file 0 [ 154.354370][ T5646] unevictable 0 [ 154.354370][ T5646] slab_reclaimable 6752 [ 154.354370][ T5646] slab_unreclaimable 0 [ 154.354370][ T5646] slab 6752 [ 154.354370][ T5646] workingset_refault_anon 0 [ 154.457298][ T5646] Tasks state (memory values in pages): [ 154.463898][ T5646] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5650] mkdir("./file0", 000) = 0 [pid 5650] open("./file0", O_RDONLY) = 3 [pid 5650] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5650] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5650] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5650] openat(5, "memory.max", O_RDWR) = 6 [pid 5650] write(6, "0x000000000000040e", 18 [pid 5646] <... write resumed>) = 18 [ 154.474846][ T5646] Out of memory and no killable processes... [ 154.482139][ T5645] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 154.494662][ T5645] CPU: 1 PID: 5645 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 154.505134][ T5645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 154.515226][ T5645] Call Trace: [ 154.518541][ T5645] [ 154.521502][ T5645] dump_stack_lvl+0x1e7/0x2d0 [ 154.526216][ T5645] ? nf_tcp_handle_invalid+0x640/0x640 [ 154.531705][ T5645] ? panic+0x770/0x770 [ 154.535808][ T5645] dump_header+0xdc/0x940 [ 154.540169][ T5645] out_of_memory+0xf21/0x12c0 [ 154.544875][ T5645] ? mutex_lock_io_nested+0x60/0x60 [ 154.550099][ T5645] ? mark_lock+0x9a/0x340 [ 154.554440][ T5645] ? unregister_oom_notifier+0x20/0x20 [ 154.559916][ T5645] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 154.565930][ T5645] mem_cgroup_out_of_memory+0x263/0x3b0 [ 154.571500][ T5645] ? mem_cgroup_oom_trylock+0x210/0x210 [ 154.577097][ T5645] ? cgroup_file_notify+0x127/0x190 [ 154.582322][ T5645] memory_max_write+0x355/0x470 [ 154.587198][ T5645] ? memory_max_show+0xa0/0xa0 [ 154.592015][ T5645] ? read_lock_is_recursive+0x20/0x20 [ 154.597426][ T5645] ? memory_max_show+0xa0/0xa0 [ 154.602225][ T5645] cgroup_file_write+0x2b1/0x780 [ 154.607211][ T5645] ? cgroup_seqfile_stop+0xd0/0xd0 [ 154.612365][ T5645] ? __virt_addr_valid+0x22f/0x2e0 [ 154.617518][ T5645] ? cgroup_seqfile_stop+0xd0/0xd0 [ 154.622653][ T5645] kernfs_fop_write_iter+0x3a6/0x4f0 [ 154.627969][ T5645] vfs_write+0x7b2/0xbb0 [ 154.632244][ T5645] ? file_end_write+0x240/0x240 [ 154.637123][ T5645] ? do_raw_spin_unlock+0x13b/0x8b0 [ 154.642345][ T5645] ? lockdep_hardirqs_on+0x98/0x140 [ 154.647571][ T5645] ? __fdget_pos+0x265/0x2f0 [ 154.652180][ T5645] ksys_write+0x1a0/0x2c0 [ 154.656543][ T5645] ? __ia32_sys_read+0x90/0x90 [ 154.661347][ T5645] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 154.667368][ T5645] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 154.673399][ T5645] do_syscall_64+0x41/0xc0 [ 154.677852][ T5645] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.683776][ T5645] RIP: 0033:0x7fd49ce20129 [ 154.688216][ T5645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 154.707840][ T5645] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 154.716272][ T5645] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5646] close(3) = 0 [pid 5646] close(4) = 0 [pid 5646] close(5) = 0 [pid 5646] close(6) = 0 [pid 5646] close(7) = -1 EBADF (Bad file descriptor) [pid 5646] close(8) = -1 EBADF (Bad file descriptor) [pid 5646] close(9) = -1 EBADF (Bad file descriptor) [pid 5646] close(10) = -1 EBADF (Bad file descriptor) [pid 5646] close(11) = -1 EBADF (Bad file descriptor) [pid 5646] close(12) = -1 EBADF (Bad file descriptor) [pid 5646] close(13) = -1 EBADF (Bad file descriptor) [pid 5646] close(14) = -1 EBADF (Bad file descriptor) [pid 5646] close(15) = -1 EBADF (Bad file descriptor) [pid 5646] close(16) = -1 EBADF (Bad file descriptor) [pid 5646] close(17) = -1 EBADF (Bad file descriptor) [pid 5646] close(18) = -1 EBADF (Bad file descriptor) [pid 5646] close(19) = -1 EBADF (Bad file descriptor) [pid 5646] close(20) = -1 EBADF (Bad file descriptor) [ 154.724259][ T5645] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 154.732263][ T5645] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 154.740264][ T5645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 154.748259][ T5645] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001a [ 154.756272][ T5645] [ 154.768517][ T5645] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5646] close(21) = -1 EBADF (Bad file descriptor) [pid 5646] close(22) = -1 EBADF (Bad file descriptor) [pid 5646] close(23) = -1 EBADF (Bad file descriptor) [pid 5646] close(24) = -1 EBADF (Bad file descriptor) [pid 5646] close(25) = -1 EBADF (Bad file descriptor) [pid 5646] close(26) = -1 EBADF (Bad file descriptor) [pid 5646] close(27) = -1 EBADF (Bad file descriptor) [pid 5646] close(28) = -1 EBADF (Bad file descriptor) [pid 5646] close(29) = -1 EBADF (Bad file descriptor) [pid 5646] exit_group(0) = ? [pid 5646] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./33/binderfs") = 0 [pid 5074] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./33/cgroup") = 0 [pid 5074] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./33/cgroup.net") = 0 [ 154.776662][ T5645] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 154.784652][ T5645] Memory cgroup stats for /syz1: [ 154.784861][ T5645] anon 0 [ 154.784861][ T5645] file 0 [ 154.784861][ T5645] kernel 8192 [ 154.784861][ T5645] kernel_stack 0 [ 154.784861][ T5645] pagetables 0 [ 154.784861][ T5645] sec_pagetables 0 [ 154.784861][ T5645] percpu 0 [ 154.784861][ T5645] sock 0 [ 154.784861][ T5645] vmalloc 0 [ 154.784861][ T5645] shmem 0 [ 154.784861][ T5645] zswap 0 [ 154.784861][ T5645] zswapped 0 [ 154.784861][ T5645] file_mapped 0 [ 154.784861][ T5645] file_dirty 0 [ 154.784861][ T5645] file_writeback 0 [ 154.784861][ T5645] swapcached 0 [ 154.784861][ T5645] anon_thp 0 [ 154.784861][ T5645] file_thp 0 [ 154.784861][ T5645] shmem_thp 0 [ 154.784861][ T5645] inactive_anon 0 [ 154.784861][ T5645] active_anon 0 [ 154.784861][ T5645] inactive_file 0 [ 154.784861][ T5645] active_file 0 [ 154.784861][ T5645] unevictable 0 [ 154.784861][ T5645] slab_reclaimable 6752 [ 154.784861][ T5645] slab_unreclaimable 0 [ 154.784861][ T5645] slab 6752 [ 154.784861][ T5645] workingset_refault_anon 0 [pid 5074] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5645] <... write resumed>) = 18 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./33/file0") = 0 [pid 5074] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./33/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./33") = 0 [pid 5074] mkdir("./34", 0777) = 0 [ 154.883298][ T5645] Tasks state (memory values in pages): [ 154.892325][ T5645] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 154.902941][ T5645] Out of memory and no killable processes... [ 154.909964][ T5648] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 154.921041][ T5648] CPU: 1 PID: 5648 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 154.931513][ T5648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 154.941623][ T5648] Call Trace: [ 154.944942][ T5648] [ 154.947911][ T5648] dump_stack_lvl+0x1e7/0x2d0 [ 154.952645][ T5648] ? nf_tcp_handle_invalid+0x640/0x640 [ 154.958180][ T5648] ? panic+0x770/0x770 [ 154.962313][ T5648] dump_header+0xdc/0x940 [ 154.966703][ T5648] out_of_memory+0xf21/0x12c0 [ 154.971435][ T5648] ? mutex_lock_io_nested+0x60/0x60 [ 154.976714][ T5648] ? preempt_schedule+0xdd/0xf0 [ 154.981615][ T5648] ? unregister_oom_notifier+0x20/0x20 [ 154.987131][ T5648] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 154.993164][ T5648] mem_cgroup_out_of_memory+0x263/0x3b0 [ 154.998733][ T5648] ? preempt_schedule_thunk+0x1a/0x20 [ 155.004132][ T5648] ? mem_cgroup_oom_trylock+0x210/0x210 [ 155.009722][ T5648] ? cgroup_file_notify+0x127/0x190 [ 155.014947][ T5648] memory_max_write+0x355/0x470 [ 155.019822][ T5648] ? memory_max_show+0xa0/0xa0 [ 155.024612][ T5648] ? read_lock_is_recursive+0x20/0x20 [ 155.030005][ T5648] ? memory_max_show+0xa0/0xa0 [ 155.034785][ T5648] cgroup_file_write+0x2b1/0x780 [ 155.039755][ T5648] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.044891][ T5648] ? __virt_addr_valid+0x22f/0x2e0 [ 155.050043][ T5648] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.055164][ T5648] kernfs_fop_write_iter+0x3a6/0x4f0 [ 155.060474][ T5648] vfs_write+0x7b2/0xbb0 [ 155.064740][ T5648] ? file_end_write+0x240/0x240 [ 155.069609][ T5648] ? do_raw_spin_unlock+0x13b/0x8b0 [ 155.074824][ T5648] ? lockdep_hardirqs_on+0x98/0x140 [ 155.080055][ T5648] ? __fdget_pos+0x265/0x2f0 [ 155.084664][ T5648] ksys_write+0x1a0/0x2c0 [ 155.089030][ T5648] ? __ia32_sys_read+0x90/0x90 [ 155.093807][ T5648] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 155.099810][ T5648] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 155.105817][ T5648] do_syscall_64+0x41/0xc0 [ 155.110264][ T5648] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.116198][ T5648] RIP: 0033:0x7fd49ce20129 [ 155.120641][ T5648] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.140260][ T5648] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.148691][ T5648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 155.156674][ T5648] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 155.164659][ T5648] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 155.172730][ T5648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 36 [pid 5645] close(3) = 0 [pid 5645] close(4) = 0 [pid 5645] close(5) = 0 [pid 5645] close(6) = 0 [pid 5645] close(7) = -1 EBADF (Bad file descriptor) [pid 5645] close(8) = -1 EBADF (Bad file descriptor) [pid 5645] close(9) = -1 EBADF (Bad file descriptor) [pid 5645] close(10) = -1 EBADF (Bad file descriptor) [pid 5645] close(11) = -1 EBADF (Bad file descriptor) [pid 5645] close(12) = -1 EBADF (Bad file descriptor) [pid 5645] close(13) = -1 EBADF (Bad file descriptor) [pid 5645] close(14) = -1 EBADF (Bad file descriptor) [pid 5645] close(15) = -1 EBADF (Bad file descriptor) [pid 5645] close(16) = -1 EBADF (Bad file descriptor) [pid 5645] close(17) = -1 EBADF (Bad file descriptor) [pid 5645] close(18) = -1 EBADF (Bad file descriptor) [pid 5645] close(19) = -1 EBADF (Bad file descriptor) [pid 5645] close(20) = -1 EBADF (Bad file descriptor) [pid 5645] close(21) = -1 EBADF (Bad file descriptor) [pid 5645] close(22) = -1 EBADF (Bad file descriptor) [pid 5645] close(23) = -1 EBADF (Bad file descriptor) [pid 5645] close(24) = -1 EBADF (Bad file descriptor) [pid 5645] close(25) = -1 EBADF (Bad file descriptor) [pid 5645] close(26) = -1 EBADF (Bad file descriptor) [pid 5645] close(27) = -1 EBADF (Bad file descriptor) [pid 5645] close(28) = -1 EBADF (Bad file descriptor) [pid 5645] close(29) = -1 EBADF (Bad file descriptor) [pid 5645] exit_group(0) = ? [pid 5645] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5651 attached ) = 0 [pid 5072] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5651] chdir("./34" [pid 5072] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5651] <... chdir resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./26/binderfs") = 0 [pid 5651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5651] <... prctl resumed>) = 0 [ 155.180715][ T5648] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000020 [ 155.188721][ T5648] [ 155.197150][ T5648] memory: usage 8kB, limit 0kB, failcnt 55 [ 155.203423][ T5648] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 155.213952][ T5648] Memory cgroup stats for /syz1: [ 155.216818][ T5648] anon 0 [ 155.216818][ T5648] file 0 [ 155.216818][ T5648] kernel 8192 [ 155.216818][ T5648] kernel_stack 0 [ 155.216818][ T5648] pagetables 0 [ 155.216818][ T5648] sec_pagetables 0 [ 155.216818][ T5648] percpu 0 [ 155.216818][ T5648] sock 0 [ 155.216818][ T5648] vmalloc 0 [ 155.216818][ T5648] shmem 0 [ 155.216818][ T5648] zswap 0 [ 155.216818][ T5648] zswapped 0 [ 155.216818][ T5648] file_mapped 0 [ 155.216818][ T5648] file_dirty 0 [ 155.216818][ T5648] file_writeback 0 [ 155.216818][ T5648] swapcached 0 [ 155.216818][ T5648] anon_thp 0 [ 155.216818][ T5648] file_thp 0 [ 155.216818][ T5648] shmem_thp 0 [ 155.216818][ T5648] inactive_anon 0 [pid 5072] unlink("./26/cgroup" [pid 5651] setpgid(0, 0 [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./26/cgroup.net") = 0 [pid 5072] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5651] <... setpgid resumed>) = 0 [pid 5651] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5072] <... umount2 resumed>) = 0 [pid 5072] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5651] <... symlink resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5651] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5072] lstat("./26/file0", [pid 5651] <... symlink resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, [pid 5651] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, [pid 5651] <... symlink resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4 [pid 5651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... close resumed>) = 0 [pid 5651] <... openat resumed>) = 3 [pid 5072] rmdir("./26/file0" [pid 5651] write(3, "1000", 4 [pid 5072] <... rmdir resumed>) = 0 [pid 5072] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./26/cgroup.cpu", [pid 5651] <... write resumed>) = 4 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5651] close(3 [pid 5072] unlink("./26/cgroup.cpu" [pid 5651] <... close resumed>) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5072] getdents64(3, [pid 5651] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3 [pid 5651] <... symlink resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5072] rmdir("./26" [pid 5651] mkdir("./file0", 000 [pid 5072] <... rmdir resumed>) = 0 [pid 5072] mkdir("./27", 0777 [pid 5651] <... mkdir resumed>) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5651] open("./file0", O_RDONLY) = 3 ./strace-static-x86_64: Process 5652 attached [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 29 [pid 5652] chdir("./27" [pid 5651] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5652] <... chdir resumed>) = 0 [pid 5652] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5651] <... mount resumed>) = 0 [pid 5652] <... prctl resumed>) = 0 [pid 5652] setpgid(0, 0) = 0 [pid 5651] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5652] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5651] <... openat resumed>) = 4 [pid 5652] <... symlink resumed>) = 0 [pid 5652] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5651] openat(4, "syz1", O_RDWR|O_PATH [pid 5652] <... symlink resumed>) = 0 [pid 5651] <... openat resumed>) = 5 [pid 5652] symlink("/syzcgroup/net/syz5", "./cgroup.net" [ 155.216818][ T5648] active_anon 0 [ 155.216818][ T5648] inactive_file 0 [ 155.216818][ T5648] active_file 0 [ 155.216818][ T5648] unevictable 0 [ 155.216818][ T5648] slab_reclaimable 6752 [ 155.216818][ T5648] slab_unreclaimable 0 [ 155.216818][ T5648] slab 6752 [ 155.216818][ T5648] workingset_refault_anon 0 [pid 5651] openat(5, "memory.max", O_RDWR) = 6 [pid 5651] write(6, "0x000000000000040e", 18 [pid 5652] <... symlink resumed>) = 0 [pid 5652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5652] write(3, "1000", 4) = 4 [pid 5652] close(3) = 0 [pid 5652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5652] mkdir("./file0", 000) = 0 [pid 5652] open("./file0", O_RDONLY) = 3 [pid 5652] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5652] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5652] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5652] openat(5, "memory.max", O_RDWR) = 6 [pid 5652] write(6, "0x000000000000040e", 18 [pid 5648] <... write resumed>) = 18 [ 155.351401][ T5648] Tasks state (memory values in pages): [ 155.373743][ T5648] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 155.384218][ T5648] Out of memory and no killable processes... [ 155.391114][ T5649] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5648] close(3) = 0 [pid 5648] close(4) = 0 [pid 5648] close(5) = 0 [pid 5648] close(6) = 0 [pid 5648] close(7) = -1 EBADF (Bad file descriptor) [pid 5648] close(8) = -1 EBADF (Bad file descriptor) [pid 5648] close(9) = -1 EBADF (Bad file descriptor) [pid 5648] close(10) = -1 EBADF (Bad file descriptor) [pid 5648] close(11) = -1 EBADF (Bad file descriptor) [pid 5648] close(12) = -1 EBADF (Bad file descriptor) [pid 5648] close(13) = -1 EBADF (Bad file descriptor) [pid 5648] close(14) = -1 EBADF (Bad file descriptor) [pid 5648] close(15) = -1 EBADF (Bad file descriptor) [pid 5648] close(16) = -1 EBADF (Bad file descriptor) [pid 5648] close(17) = -1 EBADF (Bad file descriptor) [pid 5648] close(18) = -1 EBADF (Bad file descriptor) [pid 5648] close(19) = -1 EBADF (Bad file descriptor) [pid 5648] close(20) = -1 EBADF (Bad file descriptor) [pid 5648] close(21) = -1 EBADF (Bad file descriptor) [pid 5648] close(22) = -1 EBADF (Bad file descriptor) [pid 5648] close(23) = -1 EBADF (Bad file descriptor) [pid 5648] close(24) = -1 EBADF (Bad file descriptor) [pid 5648] close(25) = -1 EBADF (Bad file descriptor) [pid 5648] close(26) = -1 EBADF (Bad file descriptor) [pid 5648] close(27) = -1 EBADF (Bad file descriptor) [pid 5648] close(28) = -1 EBADF (Bad file descriptor) [pid 5648] close(29) = -1 EBADF (Bad file descriptor) [pid 5648] exit_group(0) = ? [pid 5648] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./32/binderfs") = 0 [pid 5075] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./32/cgroup") = 0 [pid 5075] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./32/cgroup.net") = 0 [ 155.402138][ T5649] CPU: 0 PID: 5649 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 155.412607][ T5649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 155.422711][ T5649] Call Trace: [ 155.426030][ T5649] [ 155.428998][ T5649] dump_stack_lvl+0x1e7/0x2d0 [ 155.433747][ T5649] ? nf_tcp_handle_invalid+0x640/0x640 [ 155.439269][ T5649] ? panic+0x770/0x770 [ 155.443417][ T5649] dump_header+0xdc/0x940 [ 155.447806][ T5649] out_of_memory+0xf21/0x12c0 [ 155.452543][ T5649] ? mutex_lock_io_nested+0x60/0x60 [ 155.457823][ T5649] ? preempt_schedule+0xdd/0xf0 [ 155.462719][ T5649] ? unregister_oom_notifier+0x20/0x20 [ 155.468212][ T5649] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 155.474253][ T5649] mem_cgroup_out_of_memory+0x263/0x3b0 [ 155.479852][ T5649] ? preempt_schedule_thunk+0x1a/0x20 [ 155.485286][ T5649] ? mem_cgroup_oom_trylock+0x210/0x210 [ 155.490901][ T5649] ? cgroup_file_notify+0x127/0x190 [ 155.496167][ T5649] memory_max_write+0x355/0x470 [ 155.501082][ T5649] ? memory_max_show+0xa0/0xa0 [ 155.505889][ T5649] ? read_lock_is_recursive+0x20/0x20 [ 155.511310][ T5649] ? memory_max_show+0xa0/0xa0 [ 155.516154][ T5649] cgroup_file_write+0x2b1/0x780 [ 155.521157][ T5649] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.526303][ T5649] ? __virt_addr_valid+0x22f/0x2e0 [ 155.531445][ T5649] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.536582][ T5649] kernfs_fop_write_iter+0x3a6/0x4f0 [ 155.541919][ T5649] vfs_write+0x7b2/0xbb0 [ 155.546213][ T5649] ? file_end_write+0x240/0x240 [ 155.551099][ T5649] ? do_raw_spin_unlock+0x13b/0x8b0 [ 155.556354][ T5649] ? lockdep_hardirqs_on+0x98/0x140 [ 155.561707][ T5649] ? __fdget_pos+0x265/0x2f0 [ 155.566341][ T5649] ksys_write+0x1a0/0x2c0 [ 155.570715][ T5649] ? __ia32_sys_read+0x90/0x90 [ 155.575522][ T5649] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 155.581545][ T5649] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 155.587579][ T5649] do_syscall_64+0x41/0xc0 [ 155.592033][ T5649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.597982][ T5649] RIP: 0033:0x7fd49ce20129 [ 155.602428][ T5649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.622064][ T5649] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.630521][ T5649] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 155.638518][ T5649] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./32/file0") = 0 [pid 5075] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./32/cgroup.cpu") = 0 [ 155.646524][ T5649] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 155.654532][ T5649] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 155.662546][ T5649] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001d [ 155.670574][ T5649] [ 155.682164][ T5649] memory: usage 8kB, limit 0kB, failcnt 55 [ 155.695891][ T5649] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./32") = 0 [pid 5075] mkdir("./33", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5654 attached [pid 5654] chdir("./33" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 35 [pid 5654] <... chdir resumed>) = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5654] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5654] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] mkdir("./file0", 000) = 0 [pid 5654] open("./file0", O_RDONLY) = 3 [pid 5654] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5654] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5654] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 155.703609][ T5649] Memory cgroup stats for /syz1: [ 155.703990][ T5649] anon 0 [ 155.703990][ T5649] file 0 [ 155.703990][ T5649] kernel 8192 [ 155.703990][ T5649] kernel_stack 0 [ 155.703990][ T5649] pagetables 0 [ 155.703990][ T5649] sec_pagetables 0 [ 155.703990][ T5649] percpu 0 [ 155.703990][ T5649] sock 0 [ 155.703990][ T5649] vmalloc 0 [ 155.703990][ T5649] shmem 0 [ 155.703990][ T5649] zswap 0 [ 155.703990][ T5649] zswapped 0 [ 155.703990][ T5649] file_mapped 0 [ 155.703990][ T5649] file_dirty 0 [pid 5654] openat(5, "memory.max", O_RDWR) = 6 [ 155.703990][ T5649] file_writeback 0 [ 155.703990][ T5649] swapcached 0 [ 155.703990][ T5649] anon_thp 0 [ 155.703990][ T5649] file_thp 0 [ 155.703990][ T5649] shmem_thp 0 [ 155.703990][ T5649] inactive_anon 0 [ 155.703990][ T5649] active_anon 0 [ 155.703990][ T5649] inactive_file 0 [ 155.703990][ T5649] active_file 0 [ 155.703990][ T5649] unevictable 0 [ 155.703990][ T5649] slab_reclaimable 6752 [ 155.703990][ T5649] slab_unreclaimable 0 [ 155.703990][ T5649] slab 6752 [ 155.703990][ T5649] workingset_refault_anon 0 [pid 5654] write(6, "0x000000000000040e", 18 [pid 5649] <... write resumed>) = 18 [pid 5649] close(3) = 0 [ 155.826678][ T5649] Tasks state (memory values in pages): [ 155.832446][ T5649] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 155.842451][ T5649] Out of memory and no killable processes... [ 155.848869][ T5650] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 155.860157][ T5650] CPU: 1 PID: 5650 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5649] close(4) = 0 [pid 5649] close(5) = 0 [pid 5649] close(6) = 0 [pid 5649] close(7) = -1 EBADF (Bad file descriptor) [pid 5649] close(8) = -1 EBADF (Bad file descriptor) [pid 5649] close(9) = -1 EBADF (Bad file descriptor) [pid 5649] close(10) = -1 EBADF (Bad file descriptor) [pid 5649] close(11) = -1 EBADF (Bad file descriptor) [pid 5649] close(12) = -1 EBADF (Bad file descriptor) [pid 5649] close(13) = -1 EBADF (Bad file descriptor) [pid 5649] close(14) = -1 EBADF (Bad file descriptor) [pid 5649] close(15) = -1 EBADF (Bad file descriptor) [pid 5649] close(16) = -1 EBADF (Bad file descriptor) [pid 5649] close(17) = -1 EBADF (Bad file descriptor) [pid 5649] close(18) = -1 EBADF (Bad file descriptor) [pid 5649] close(19) = -1 EBADF (Bad file descriptor) [pid 5649] close(20) = -1 EBADF (Bad file descriptor) [pid 5649] close(21) = -1 EBADF (Bad file descriptor) [pid 5649] close(22) = -1 EBADF (Bad file descriptor) [pid 5649] close(23) = -1 EBADF (Bad file descriptor) [pid 5649] close(24) = -1 EBADF (Bad file descriptor) [pid 5649] close(25) = -1 EBADF (Bad file descriptor) [pid 5649] close(26) = -1 EBADF (Bad file descriptor) [pid 5649] close(27) = -1 EBADF (Bad file descriptor) [pid 5649] close(28) = -1 EBADF (Bad file descriptor) [pid 5649] close(29) = -1 EBADF (Bad file descriptor) [pid 5649] exit_group(0) = ? [pid 5649] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 155.870632][ T5650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 155.880729][ T5650] Call Trace: [ 155.884047][ T5650] [ 155.887023][ T5650] dump_stack_lvl+0x1e7/0x2d0 [ 155.891871][ T5650] ? nf_tcp_handle_invalid+0x640/0x640 [ 155.897383][ T5650] ? panic+0x770/0x770 [ 155.901516][ T5650] dump_header+0xdc/0x940 [ 155.905900][ T5650] out_of_memory+0xf21/0x12c0 [ 155.910713][ T5650] ? mutex_lock_io_nested+0x60/0x60 [ 155.916008][ T5650] ? preempt_schedule+0xdd/0xf0 [ 155.920917][ T5650] ? unregister_oom_notifier+0x20/0x20 [pid 5073] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./29/binderfs") = 0 [pid 5073] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./29/cgroup") = 0 [pid 5073] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./29/cgroup.net") = 0 [ 155.926430][ T5650] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 155.932481][ T5650] mem_cgroup_out_of_memory+0x263/0x3b0 [ 155.938102][ T5650] ? preempt_schedule_thunk+0x1a/0x20 [ 155.943546][ T5650] ? mem_cgroup_oom_trylock+0x210/0x210 [ 155.949189][ T5650] ? cgroup_file_notify+0x127/0x190 [ 155.954443][ T5650] memory_max_write+0x355/0x470 [ 155.959342][ T5650] ? memory_max_show+0xa0/0xa0 [ 155.964160][ T5650] ? read_lock_is_recursive+0x20/0x20 [ 155.969589][ T5650] ? memory_max_show+0xa0/0xa0 [ 155.974404][ T5650] cgroup_file_write+0x2b1/0x780 [ 155.979394][ T5650] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.984555][ T5650] ? __virt_addr_valid+0x22f/0x2e0 [ 155.989750][ T5650] ? cgroup_seqfile_stop+0xd0/0xd0 [ 155.994899][ T5650] kernfs_fop_write_iter+0x3a6/0x4f0 [ 156.000230][ T5650] vfs_write+0x7b2/0xbb0 [ 156.004636][ T5650] ? file_end_write+0x240/0x240 [ 156.009511][ T5650] ? do_raw_spin_unlock+0x13b/0x8b0 [ 156.014730][ T5650] ? lockdep_hardirqs_on+0x98/0x140 [ 156.019965][ T5650] ? __fdget_pos+0x265/0x2f0 [ 156.024605][ T5650] ksys_write+0x1a0/0x2c0 [ 156.028989][ T5650] ? __ia32_sys_read+0x90/0x90 [ 156.033801][ T5650] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 156.039839][ T5650] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 156.045876][ T5650] do_syscall_64+0x41/0xc0 [ 156.050333][ T5650] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 156.056267][ T5650] RIP: 0033:0x7fd49ce20129 [ 156.060722][ T5650] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.080372][ T5650] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.088837][ T5650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 156.096867][ T5650] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 156.104878][ T5650] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 156.112897][ T5650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./29/file0") = 0 [pid 5073] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./29/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./29") = 0 [pid 5073] mkdir("./30", 0777) = 0 [ 156.120921][ T5650] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001a [ 156.128969][ T5650] [ 156.141829][ T5650] memory: usage 8kB, limit 0kB, failcnt 55 [ 156.148201][ T5650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 156.155478][ T5650] Memory cgroup stats for /syz1: [ 156.155681][ T5650] anon 0 [ 156.155681][ T5650] file 0 [ 156.155681][ T5650] kernel 8192 [ 156.155681][ T5650] kernel_stack 0 [ 156.155681][ T5650] pagetables 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 32 [ 156.155681][ T5650] sec_pagetables 0 [ 156.155681][ T5650] percpu 0 [ 156.155681][ T5650] sock 0 [ 156.155681][ T5650] vmalloc 0 [ 156.155681][ T5650] shmem 0 [ 156.155681][ T5650] zswap 0 [ 156.155681][ T5650] zswapped 0 [ 156.155681][ T5650] file_mapped 0 [ 156.155681][ T5650] file_dirty 0 [ 156.155681][ T5650] file_writeback 0 [ 156.155681][ T5650] swapcached 0 [ 156.155681][ T5650] anon_thp 0 [ 156.155681][ T5650] file_thp 0 [ 156.155681][ T5650] shmem_thp 0 [ 156.155681][ T5650] inactive_anon 0 [ 156.155681][ T5650] active_anon 0 ./strace-static-x86_64: Process 5655 attached [pid 5655] chdir("./30") = 0 [pid 5655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5655] setpgid(0, 0) = 0 [pid 5655] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5655] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5655] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5655] write(3, "1000", 4) = 4 [pid 5655] close(3) = 0 [pid 5655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5655] mkdir("./file0", 000) = 0 [pid 5655] open("./file0", O_RDONLY) = 3 [pid 5655] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5655] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5655] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 156.155681][ T5650] inactive_file 0 [ 156.155681][ T5650] active_file 0 [ 156.155681][ T5650] unevictable 0 [ 156.155681][ T5650] slab_reclaimable 6752 [ 156.155681][ T5650] slab_unreclaimable 0 [ 156.155681][ T5650] slab 6752 [ 156.155681][ T5650] workingset_refault_anon 0 [pid 5655] openat(5, "memory.max", O_RDWR) = 6 [pid 5655] write(6, "0x000000000000040e", 18 [pid 5650] <... write resumed>) = 18 [ 156.292624][ T5650] Tasks state (memory values in pages): [ 156.298287][ T5650] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 156.308199][ T5650] Out of memory and no killable processes... [ 156.314256][ T5651] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 156.324655][ T5651] CPU: 1 PID: 5651 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 156.335109][ T5651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 156.345203][ T5651] Call Trace: [ 156.348511][ T5651] [ 156.351477][ T5651] dump_stack_lvl+0x1e7/0x2d0 [ 156.356208][ T5651] ? nf_tcp_handle_invalid+0x640/0x640 [ 156.361737][ T5651] ? panic+0x770/0x770 [ 156.365874][ T5651] dump_header+0xdc/0x940 [ 156.370244][ T5651] out_of_memory+0xf21/0x12c0 [ 156.374948][ T5651] ? mutex_lock_io_nested+0x60/0x60 [ 156.380177][ T5651] ? preempt_schedule+0xdd/0xf0 [ 156.385049][ T5651] ? unregister_oom_notifier+0x20/0x20 [ 156.390527][ T5651] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 156.396582][ T5651] mem_cgroup_out_of_memory+0x263/0x3b0 [ 156.402152][ T5651] ? preempt_schedule_thunk+0x1a/0x20 [ 156.407547][ T5651] ? mem_cgroup_oom_trylock+0x210/0x210 [ 156.413152][ T5651] ? cgroup_file_notify+0x127/0x190 [ 156.418375][ T5651] memory_max_write+0x355/0x470 [ 156.423250][ T5651] ? memory_max_show+0xa0/0xa0 [ 156.428032][ T5651] ? read_lock_is_recursive+0x20/0x20 [ 156.433441][ T5651] ? memory_max_show+0xa0/0xa0 [ 156.438225][ T5651] cgroup_file_write+0x2b1/0x780 [ 156.443183][ T5651] ? cgroup_seqfile_stop+0xd0/0xd0 [ 156.448305][ T5651] ? __virt_addr_valid+0x22f/0x2e0 [ 156.453464][ T5651] ? cgroup_seqfile_stop+0xd0/0xd0 [ 156.458585][ T5651] kernfs_fop_write_iter+0x3a6/0x4f0 [ 156.463891][ T5651] vfs_write+0x7b2/0xbb0 [ 156.468162][ T5651] ? file_end_write+0x240/0x240 [ 156.473031][ T5651] ? do_raw_spin_unlock+0x13b/0x8b0 [ 156.478246][ T5651] ? lockdep_hardirqs_on+0x98/0x140 [ 156.483473][ T5651] ? __fdget_pos+0x265/0x2f0 [ 156.488081][ T5651] ksys_write+0x1a0/0x2c0 [ 156.492454][ T5651] ? __ia32_sys_read+0x90/0x90 [ 156.497236][ T5651] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 156.503241][ T5651] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 156.509248][ T5651] do_syscall_64+0x41/0xc0 [ 156.513693][ T5651] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 156.519624][ T5651] RIP: 0033:0x7fd49ce20129 [ 156.524071][ T5651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.543689][ T5651] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.552125][ T5651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 156.560136][ T5651] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 156.568129][ T5651] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 156.576111][ T5651] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 156.584099][ T5651] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000022 [pid 5650] close(3) = 0 [pid 5650] close(4) = 0 [pid 5650] close(5) = 0 [pid 5650] close(6) = 0 [pid 5650] close(7) = -1 EBADF (Bad file descriptor) [pid 5650] close(8) = -1 EBADF (Bad file descriptor) [pid 5650] close(9) = -1 EBADF (Bad file descriptor) [pid 5650] close(10) = -1 EBADF (Bad file descriptor) [pid 5650] close(11) = -1 EBADF (Bad file descriptor) [pid 5650] close(12) = -1 EBADF (Bad file descriptor) [pid 5650] close(13) = -1 EBADF (Bad file descriptor) [pid 5650] close(14) = -1 EBADF (Bad file descriptor) [pid 5650] close(15) = -1 EBADF (Bad file descriptor) [pid 5650] close(16) = -1 EBADF (Bad file descriptor) [pid 5650] close(17) = -1 EBADF (Bad file descriptor) [pid 5650] close(18) = -1 EBADF (Bad file descriptor) [ 156.592126][ T5651] [ 156.601836][ T5651] memory: usage 8kB, limit 0kB, failcnt 55 [ 156.609046][ T5651] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 156.617538][ T5651] Memory cgroup stats for /syz1: [ 156.617755][ T5651] anon 0 [ 156.617755][ T5651] file 0 [ 156.617755][ T5651] kernel 8192 [ 156.617755][ T5651] kernel_stack 0 [ 156.617755][ T5651] pagetables 0 [ 156.617755][ T5651] sec_pagetables 0 [pid 5650] close(19) = -1 EBADF (Bad file descriptor) [pid 5650] close(20) = -1 EBADF (Bad file descriptor) [pid 5650] close(21) = -1 EBADF (Bad file descriptor) [pid 5650] close(22) = -1 EBADF (Bad file descriptor) [pid 5650] close(23) = -1 EBADF (Bad file descriptor) [pid 5650] close(24) = -1 EBADF (Bad file descriptor) [pid 5650] close(25) = -1 EBADF (Bad file descriptor) [pid 5650] close(26) = -1 EBADF (Bad file descriptor) [pid 5650] close(27) = -1 EBADF (Bad file descriptor) [pid 5650] close(28) = -1 EBADF (Bad file descriptor) [pid 5650] close(29) = -1 EBADF (Bad file descriptor) [pid 5650] exit_group(0) = ? [pid 5650] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./26/binderfs") = 0 [pid 5070] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./26/cgroup") = 0 [pid 5070] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./26/cgroup.net") = 0 [ 156.617755][ T5651] percpu 0 [ 156.617755][ T5651] sock 0 [ 156.617755][ T5651] vmalloc 0 [ 156.617755][ T5651] shmem 0 [ 156.617755][ T5651] zswap 0 [ 156.617755][ T5651] zswapped 0 [ 156.617755][ T5651] file_mapped 0 [ 156.617755][ T5651] file_dirty 0 [ 156.617755][ T5651] file_writeback 0 [ 156.617755][ T5651] swapcached 0 [ 156.617755][ T5651] anon_thp 0 [ 156.617755][ T5651] file_thp 0 [ 156.617755][ T5651] shmem_thp 0 [ 156.617755][ T5651] inactive_anon 0 [ 156.617755][ T5651] active_anon 0 [ 156.617755][ T5651] inactive_file 0 [pid 5070] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./26/file0") = 0 [pid 5070] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 156.617755][ T5651] active_file 0 [ 156.617755][ T5651] unevictable 0 [ 156.617755][ T5651] slab_reclaimable 6752 [ 156.617755][ T5651] slab_unreclaimable 0 [ 156.617755][ T5651] slab 6752 [ 156.617755][ T5651] workingset_refault_anon 0 [ 156.719146][ T5651] Tasks state (memory values in pages): [ 156.724762][ T5651] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 156.734912][ T5651] Out of memory and no killable processes... [pid 5070] unlink("./26/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./26") = 0 [ 156.741792][ T5652] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 156.753154][ T5652] CPU: 0 PID: 5652 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 156.763628][ T5652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 156.773729][ T5652] Call Trace: [ 156.777050][ T5652] [ 156.780025][ T5652] dump_stack_lvl+0x1e7/0x2d0 [ 156.784757][ T5652] ? nf_tcp_handle_invalid+0x640/0x640 [ 156.790265][ T5652] ? panic+0x770/0x770 [pid 5070] mkdir("./27", 0777) = 0 [pid 5651] <... write resumed>) = 18 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5657 attached [pid 5657] chdir("./27") = 0 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 29 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5657] setpgid(0, 0) = 0 [pid 5657] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5657] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5657] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] mkdir("./file0", 000) = 0 [pid 5657] open("./file0", O_RDONLY) = 3 [pid 5657] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5657] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5657] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5657] openat(5, "memory.max", O_RDWR) = 6 [pid 5657] write(6, "0x000000000000040e", 18 [pid 5651] close(3) = 0 [pid 5651] close(4) = 0 [ 156.794404][ T5652] dump_header+0xdc/0x940 [ 156.798793][ T5652] out_of_memory+0xf21/0x12c0 [ 156.803544][ T5652] ? mutex_lock_io_nested+0x60/0x60 [ 156.808801][ T5652] ? preempt_schedule+0xdd/0xf0 [ 156.813703][ T5652] ? unregister_oom_notifier+0x20/0x20 [ 156.819210][ T5652] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 156.825267][ T5652] mem_cgroup_out_of_memory+0x263/0x3b0 [ 156.830863][ T5652] ? preempt_schedule_thunk+0x1a/0x20 [ 156.836307][ T5652] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5651] close(5) = 0 [pid 5651] close(6) = 0 [pid 5651] close(7) = -1 EBADF (Bad file descriptor) [pid 5651] close(8) = -1 EBADF (Bad file descriptor) [ 156.841924][ T5652] ? cgroup_file_notify+0x127/0x190 [ 156.847185][ T5652] memory_max_write+0x355/0x470 [ 156.852124][ T5652] ? memory_max_show+0xa0/0xa0 [ 156.856946][ T5652] ? read_lock_is_recursive+0x20/0x20 [ 156.862364][ T5652] ? memory_max_show+0xa0/0xa0 [ 156.867153][ T5652] cgroup_file_write+0x2b1/0x780 [ 156.872155][ T5652] ? cgroup_seqfile_stop+0xd0/0xd0 [ 156.877293][ T5652] ? __virt_addr_valid+0x22f/0x2e0 [ 156.882450][ T5652] ? cgroup_seqfile_stop+0xd0/0xd0 [ 156.887571][ T5652] kernfs_fop_write_iter+0x3a6/0x4f0 [ 156.892883][ T5652] vfs_write+0x7b2/0xbb0 [ 156.897148][ T5652] ? file_end_write+0x240/0x240 [ 156.902020][ T5652] ? do_raw_spin_unlock+0x13b/0x8b0 [ 156.907268][ T5652] ? lockdep_hardirqs_on+0x98/0x140 [ 156.912491][ T5652] ? __fdget_pos+0x265/0x2f0 [ 156.917116][ T5652] ksys_write+0x1a0/0x2c0 [ 156.921467][ T5652] ? __ia32_sys_read+0x90/0x90 [ 156.926251][ T5652] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 156.932255][ T5652] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 156.938258][ T5652] do_syscall_64+0x41/0xc0 [ 156.942711][ T5652] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 156.948627][ T5652] RIP: 0033:0x7fd49ce20129 [ 156.953055][ T5652] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.972672][ T5652] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.981104][ T5652] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5651] close(9) = -1 EBADF (Bad file descriptor) [pid 5651] close(10) = -1 EBADF (Bad file descriptor) [pid 5651] close(11) = -1 EBADF (Bad file descriptor) [pid 5651] close(12) = -1 EBADF (Bad file descriptor) [pid 5651] close(13) = -1 EBADF (Bad file descriptor) [pid 5651] close(14) = -1 EBADF (Bad file descriptor) [pid 5651] close(15) = -1 EBADF (Bad file descriptor) [pid 5651] close(16) = -1 EBADF (Bad file descriptor) [pid 5651] close(17) = -1 EBADF (Bad file descriptor) [pid 5651] close(18) = -1 EBADF (Bad file descriptor) [pid 5651] close(19) = -1 EBADF (Bad file descriptor) [pid 5651] close(20) = -1 EBADF (Bad file descriptor) [pid 5651] close(21) = -1 EBADF (Bad file descriptor) [pid 5651] close(22) = -1 EBADF (Bad file descriptor) [pid 5651] close(23) = -1 EBADF (Bad file descriptor) [pid 5651] close(24) = -1 EBADF (Bad file descriptor) [pid 5651] close(25) = -1 EBADF (Bad file descriptor) [pid 5651] close(26) = -1 EBADF (Bad file descriptor) [pid 5651] close(27) = -1 EBADF (Bad file descriptor) [pid 5651] close(28) = -1 EBADF (Bad file descriptor) [pid 5651] close(29) = -1 EBADF (Bad file descriptor) [pid 5651] exit_group(0) = ? [ 156.989087][ T5652] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 156.997072][ T5652] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 157.005054][ T5652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 157.013049][ T5652] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001b [ 157.021066][ T5652] [ 157.029943][ T5652] memory: usage 8kB, limit 0kB, failcnt 55 [ 157.035827][ T5652] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5651] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 157.074840][ T5652] Memory cgroup stats for /syz1: [ 157.075052][ T5652] anon 0 [ 157.075052][ T5652] file 0 [ 157.075052][ T5652] kernel 8192 [ 157.075052][ T5652] kernel_stack 0 [ 157.075052][ T5652] pagetables 0 [ 157.075052][ T5652] sec_pagetables 0 [ 157.075052][ T5652] percpu 0 [ 157.075052][ T5652] sock 0 [ 157.075052][ T5652] vmalloc 0 [ 157.075052][ T5652] shmem 0 [ 157.075052][ T5652] zswap 0 [ 157.075052][ T5652] zswapped 0 [ 157.075052][ T5652] file_mapped 0 [ 157.075052][ T5652] file_dirty 0 [pid 5074] unlink("./34/binderfs") = 0 [pid 5074] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./34/cgroup") = 0 [pid 5074] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./34/cgroup.net") = 0 [pid 5074] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./34/file0") = 0 [pid 5074] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./34/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [ 157.075052][ T5652] file_writeback 0 [ 157.075052][ T5652] swapcached 0 [ 157.075052][ T5652] anon_thp 0 [ 157.075052][ T5652] file_thp 0 [ 157.075052][ T5652] shmem_thp 0 [ 157.075052][ T5652] inactive_anon 0 [ 157.075052][ T5652] active_anon 0 [ 157.075052][ T5652] inactive_file 0 [ 157.075052][ T5652] active_file 0 [ 157.075052][ T5652] unevictable 0 [ 157.075052][ T5652] slab_reclaimable 6752 [ 157.075052][ T5652] slab_unreclaimable 0 [ 157.075052][ T5652] slab 6752 [ 157.075052][ T5652] workingset_refault_anon 0 [pid 5074] rmdir("./34") = 0 [pid 5074] mkdir("./35", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5659 attached [pid 5659] chdir("./35" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 37 [pid 5659] <... chdir resumed>) = 0 [pid 5659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5659] setpgid(0, 0) = 0 [pid 5659] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5659] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5659] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5659] write(3, "1000", 4) = 4 [pid 5659] close(3) = 0 [pid 5659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5659] mkdir("./file0", 000) = 0 [pid 5659] open("./file0", O_RDONLY) = 3 [pid 5659] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5659] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5659] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5659] openat(5, "memory.max", O_RDWR) = 6 [ 157.193664][ T5652] Tasks state (memory values in pages): [ 157.204583][ T5652] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 157.223157][ T5652] Out of memory and no killable processes... [pid 5659] write(6, "0x000000000000040e", 18 [pid 5652] <... write resumed>) = 18 [pid 5652] close(3) = 0 [pid 5652] close(4) = 0 [pid 5652] close(5) = 0 [pid 5652] close(6) = 0 [pid 5652] close(7) = -1 EBADF (Bad file descriptor) [pid 5652] close(8) = -1 EBADF (Bad file descriptor) [pid 5652] close(9) = -1 EBADF (Bad file descriptor) [pid 5652] close(10) = -1 EBADF (Bad file descriptor) [pid 5652] close(11) = -1 EBADF (Bad file descriptor) [pid 5652] close(12) = -1 EBADF (Bad file descriptor) [pid 5652] close(13) = -1 EBADF (Bad file descriptor) [pid 5652] close(14) = -1 EBADF (Bad file descriptor) [pid 5652] close(15) = -1 EBADF (Bad file descriptor) [pid 5652] close(16) = -1 EBADF (Bad file descriptor) [pid 5652] close(17) = -1 EBADF (Bad file descriptor) [pid 5652] close(18) = -1 EBADF (Bad file descriptor) [pid 5652] close(19) = -1 EBADF (Bad file descriptor) [pid 5652] close(20) = -1 EBADF (Bad file descriptor) [pid 5652] close(21) = -1 EBADF (Bad file descriptor) [pid 5652] close(22) = -1 EBADF (Bad file descriptor) [pid 5652] close(23) = -1 EBADF (Bad file descriptor) [pid 5652] close(24) = -1 EBADF (Bad file descriptor) [pid 5652] close(25) = -1 EBADF (Bad file descriptor) [pid 5652] close(26) = -1 EBADF (Bad file descriptor) [pid 5652] close(27) = -1 EBADF (Bad file descriptor) [pid 5652] close(28) = -1 EBADF (Bad file descriptor) [ 157.244506][ T5654] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 157.304793][ T5654] CPU: 1 PID: 5654 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 157.315289][ T5654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 157.325387][ T5654] Call Trace: [ 157.328704][ T5654] [ 157.331671][ T5654] dump_stack_lvl+0x1e7/0x2d0 [ 157.336406][ T5654] ? nf_tcp_handle_invalid+0x640/0x640 [ 157.341916][ T5654] ? panic+0x770/0x770 [ 157.346056][ T5654] dump_header+0xdc/0x940 [ 157.350437][ T5654] out_of_memory+0xf21/0x12c0 [ 157.355170][ T5654] ? mutex_lock_io_nested+0x60/0x60 [ 157.360431][ T5654] ? preempt_schedule+0xdd/0xf0 [ 157.365334][ T5654] ? unregister_oom_notifier+0x20/0x20 [ 157.370848][ T5654] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 157.377053][ T5654] ? lockdep_hardirqs_on+0x98/0x140 [ 157.382306][ T5654] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 157.388513][ T5654] mem_cgroup_out_of_memory+0x263/0x3b0 [ 157.394109][ T5654] ? preempt_schedule_thunk+0x1a/0x20 [ 157.399551][ T5654] ? mem_cgroup_oom_trylock+0x210/0x210 [ 157.405171][ T5654] ? cgroup_file_notify+0x127/0x190 [ 157.410428][ T5654] memory_max_write+0x355/0x470 [ 157.415342][ T5654] ? memory_max_show+0xa0/0xa0 [ 157.420157][ T5654] ? read_lock_is_recursive+0x20/0x20 [ 157.425588][ T5654] ? memory_max_show+0xa0/0xa0 [ 157.430402][ T5654] cgroup_file_write+0x2b1/0x780 [ 157.435389][ T5654] ? cgroup_seqfile_stop+0xd0/0xd0 [ 157.440544][ T5654] ? __virt_addr_valid+0x22f/0x2e0 [ 157.445723][ T5654] ? cgroup_seqfile_stop+0xd0/0xd0 [ 157.450875][ T5654] kernfs_fop_write_iter+0x3a6/0x4f0 [ 157.456225][ T5654] vfs_write+0x7b2/0xbb0 [ 157.460523][ T5654] ? file_end_write+0x240/0x240 [ 157.465428][ T5654] ? do_raw_spin_unlock+0x13b/0x8b0 [ 157.470676][ T5654] ? lockdep_hardirqs_on+0x98/0x140 [ 157.475939][ T5654] ? __fdget_pos+0x265/0x2f0 [ 157.480587][ T5654] ksys_write+0x1a0/0x2c0 [ 157.484978][ T5654] ? __ia32_sys_read+0x90/0x90 [ 157.489828][ T5654] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 157.495876][ T5654] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 157.501920][ T5654] do_syscall_64+0x41/0xc0 [ 157.506385][ T5654] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 157.512330][ T5654] RIP: 0033:0x7fd49ce20129 [ 157.516789][ T5654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 157.536448][ T5654] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 157.544923][ T5654] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5652] close(29) = -1 EBADF (Bad file descriptor) [pid 5652] exit_group(0) = ? [pid 5652] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./27/binderfs") = 0 [ 157.552945][ T5654] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 157.560964][ T5654] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 157.568998][ T5654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 157.577038][ T5654] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000021 [ 157.585089][ T5654] [pid 5072] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./27/cgroup") = 0 [pid 5072] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./27/cgroup.net") = 0 [pid 5072] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./27/file0") = 0 [pid 5072] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 157.615268][ T5654] memory: usage 8kB, limit 0kB, failcnt 55 [ 157.625916][ T5654] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 157.667873][ T5654] Memory cgroup stats for /syz1: [ 157.668101][ T5654] anon 0 [ 157.668101][ T5654] file 0 [ 157.668101][ T5654] kernel 8192 [ 157.668101][ T5654] kernel_stack 0 [ 157.668101][ T5654] pagetables 0 [ 157.668101][ T5654] sec_pagetables 0 [ 157.668101][ T5654] percpu 0 [ 157.668101][ T5654] sock 0 [ 157.668101][ T5654] vmalloc 0 [ 157.668101][ T5654] shmem 0 [ 157.668101][ T5654] zswap 0 [ 157.668101][ T5654] zswapped 0 [ 157.668101][ T5654] file_mapped 0 [ 157.668101][ T5654] file_dirty 0 [pid 5072] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./27/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./27") = 0 [pid 5072] mkdir("./28", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5671 attached , child_tidptr=0x5555574ac5d0) = 30 [pid 5671] chdir("./28") = 0 [pid 5671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5671] setpgid(0, 0) = 0 [pid 5671] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 157.668101][ T5654] file_writeback 0 [ 157.668101][ T5654] swapcached 0 [ 157.668101][ T5654] anon_thp 0 [ 157.668101][ T5654] file_thp 0 [ 157.668101][ T5654] shmem_thp 0 [ 157.668101][ T5654] inactive_anon 0 [ 157.668101][ T5654] active_anon 0 [ 157.668101][ T5654] inactive_file 0 [ 157.668101][ T5654] active_file 0 [ 157.668101][ T5654] unevictable 0 [ 157.668101][ T5654] slab_reclaimable 6752 [ 157.668101][ T5654] slab_unreclaimable 0 [ 157.668101][ T5654] slab 6752 [ 157.668101][ T5654] workingset_refault_anon 0 [pid 5671] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5671] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5671] write(3, "1000", 4) = 4 [pid 5671] close(3) = 0 [pid 5671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5671] mkdir("./file0", 000) = 0 [pid 5671] open("./file0", O_RDONLY) = 3 [pid 5671] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5671] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5671] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5671] openat(5, "memory.max", O_RDWR) = 6 [ 157.793892][ T5654] Tasks state (memory values in pages): [ 157.805532][ T5654] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 157.853760][ T5654] Out of memory and no killable processes... [ 157.865825][ T5655] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 157.886910][ T5655] CPU: 1 PID: 5655 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 157.897429][ T5655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 157.907587][ T5655] Call Trace: [ 157.910914][ T5655] [ 157.913994][ T5655] dump_stack_lvl+0x1e7/0x2d0 [ 157.918717][ T5655] ? nf_tcp_handle_invalid+0x640/0x640 [ 157.924218][ T5655] ? panic+0x770/0x770 [ 157.928354][ T5655] dump_header+0xdc/0x940 [ 157.932821][ T5655] out_of_memory+0xf21/0x12c0 [ 157.937690][ T5655] ? mutex_lock_io_nested+0x60/0x60 [ 157.942967][ T5655] ? preempt_schedule+0xdd/0xf0 [ 157.947882][ T5655] ? unregister_oom_notifier+0x20/0x20 [ 157.953396][ T5655] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 157.959446][ T5655] mem_cgroup_out_of_memory+0x263/0x3b0 [ 157.965147][ T5655] ? preempt_schedule_thunk+0x1a/0x20 [ 157.970580][ T5655] ? mem_cgroup_oom_trylock+0x210/0x210 [ 157.976197][ T5655] ? cgroup_file_notify+0x127/0x190 [ 157.981470][ T5655] memory_max_write+0x355/0x470 [ 157.986382][ T5655] ? memory_max_show+0xa0/0xa0 [ 157.991208][ T5655] ? read_lock_is_recursive+0x20/0x20 [ 157.996720][ T5655] ? memory_max_show+0xa0/0xa0 [ 158.001555][ T5655] cgroup_file_write+0x2b1/0x780 [ 158.006531][ T5655] ? cgroup_seqfile_stop+0xd0/0xd0 [ 158.011689][ T5655] ? __virt_addr_valid+0x22f/0x2e0 [ 158.016866][ T5655] ? cgroup_seqfile_stop+0xd0/0xd0 [ 158.022143][ T5655] kernfs_fop_write_iter+0x3a6/0x4f0 [ 158.027566][ T5655] vfs_write+0x7b2/0xbb0 [ 158.032020][ T5655] ? file_end_write+0x240/0x240 [ 158.037181][ T5655] ? do_raw_spin_unlock+0x13b/0x8b0 [ 158.042711][ T5655] ? lockdep_hardirqs_on+0x98/0x140 [ 158.048105][ T5655] ? __fdget_pos+0x265/0x2f0 [ 158.052831][ T5655] ksys_write+0x1a0/0x2c0 [ 158.057399][ T5655] ? __ia32_sys_read+0x90/0x90 [ 158.062878][ T5655] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 158.068991][ T5655] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 158.075146][ T5655] do_syscall_64+0x41/0xc0 [ 158.079744][ T5655] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 158.085815][ T5655] RIP: 0033:0x7fd49ce20129 [ 158.090281][ T5655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 158.110065][ T5655] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.118568][ T5655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 158.126623][ T5655] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 158.134637][ T5655] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 158.142643][ T5655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5671] write(6, "0x000000000000040e", 18 [pid 5654] <... write resumed>) = 18 [pid 5654] close(3) = 0 [pid 5654] close(4) = 0 [pid 5654] close(5) = 0 [pid 5654] close(6) = 0 [pid 5654] close(7) = -1 EBADF (Bad file descriptor) [pid 5654] close(8) = -1 EBADF (Bad file descriptor) [pid 5654] close(9) = -1 EBADF (Bad file descriptor) [pid 5654] close(10) = -1 EBADF (Bad file descriptor) [pid 5654] close(11) = -1 EBADF (Bad file descriptor) [ 158.150634][ T5655] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001e [ 158.158644][ T5655] [pid 5654] close(12) = -1 EBADF (Bad file descriptor) [pid 5654] close(13) = -1 EBADF (Bad file descriptor) [pid 5654] close(14) = -1 EBADF (Bad file descriptor) [pid 5654] close(15) = -1 EBADF (Bad file descriptor) [pid 5654] close(16) = -1 EBADF (Bad file descriptor) [pid 5654] close(17) = -1 EBADF (Bad file descriptor) [pid 5654] close(18) = -1 EBADF (Bad file descriptor) [pid 5654] close(19) = -1 EBADF (Bad file descriptor) [pid 5654] close(20) = -1 EBADF (Bad file descriptor) [pid 5654] close(21) = -1 EBADF (Bad file descriptor) [pid 5654] close(22) = -1 EBADF (Bad file descriptor) [pid 5654] close(23) = -1 EBADF (Bad file descriptor) [pid 5654] close(24) = -1 EBADF (Bad file descriptor) [pid 5654] close(25) = -1 EBADF (Bad file descriptor) [pid 5654] close(26) = -1 EBADF (Bad file descriptor) [pid 5654] close(27) = -1 EBADF (Bad file descriptor) [pid 5654] close(28) = -1 EBADF (Bad file descriptor) [pid 5654] close(29) = -1 EBADF (Bad file descriptor) [pid 5654] exit_group(0) = ? [pid 5654] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./33/binderfs") = 0 [pid 5075] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./33/cgroup") = 0 [pid 5075] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./33/cgroup.net") = 0 [pid 5075] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./33/file0") = 0 [pid 5075] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./33/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./33") = 0 [pid 5075] mkdir("./34", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5676 attached [pid 5676] chdir("./34") = 0 [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 36 [pid 5676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5676] setpgid(0, 0) = 0 [pid 5676] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5676] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5676] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5676] write(3, "1000", 4) = 4 [pid 5676] close(3) = 0 [pid 5676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5676] mkdir("./file0", 000) = 0 [pid 5676] open("./file0", O_RDONLY) = 3 [pid 5676] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5676] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5676] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5676] openat(5, "memory.max", O_RDWR) = 6 [ 158.245384][ T5655] memory: usage 8kB, limit 0kB, failcnt 55 [ 158.281598][ T5655] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 158.317132][ T5655] Memory cgroup stats for /syz1: [ 158.317298][ T5655] anon 0 [ 158.317298][ T5655] file 0 [ 158.317298][ T5655] kernel 8192 [ 158.317298][ T5655] kernel_stack 0 [ 158.317298][ T5655] pagetables 0 [ 158.317298][ T5655] sec_pagetables 0 [ 158.317298][ T5655] percpu 0 [ 158.317298][ T5655] sock 0 [ 158.317298][ T5655] vmalloc 0 [ 158.317298][ T5655] shmem 0 [ 158.317298][ T5655] zswap 0 [ 158.317298][ T5655] zswapped 0 [ 158.317298][ T5655] file_mapped 0 [ 158.317298][ T5655] file_dirty 0 [ 158.317298][ T5655] file_writeback 0 [ 158.317298][ T5655] swapcached 0 [ 158.317298][ T5655] anon_thp 0 [ 158.317298][ T5655] file_thp 0 [ 158.317298][ T5655] shmem_thp 0 [ 158.317298][ T5655] inactive_anon 0 [ 158.317298][ T5655] active_anon 0 [ 158.317298][ T5655] inactive_file 0 [ 158.317298][ T5655] active_file 0 [ 158.317298][ T5655] unevictable 0 [ 158.317298][ T5655] slab_reclaimable 6752 [ 158.317298][ T5655] slab_unreclaimable 0 [ 158.317298][ T5655] slab 6752 [ 158.317298][ T5655] workingset_refault_anon 0 [pid 5676] write(6, "0x000000000000040e", 18 [pid 5655] <... write resumed>) = 18 [pid 5655] close(3) = 0 [pid 5655] close(4) = 0 [pid 5655] close(5) = 0 [ 158.422208][ T5655] Tasks state (memory values in pages): [ 158.428018][ T5655] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 158.445977][ T5655] Out of memory and no killable processes... [pid 5655] close(6) = 0 [pid 5655] close(7) = -1 EBADF (Bad file descriptor) [pid 5655] close(8) = -1 EBADF (Bad file descriptor) [pid 5655] close(9) = -1 EBADF (Bad file descriptor) [pid 5655] close(10) = -1 EBADF (Bad file descriptor) [pid 5655] close(11) = -1 EBADF (Bad file descriptor) [pid 5655] close(12) = -1 EBADF (Bad file descriptor) [pid 5655] close(13) = -1 EBADF (Bad file descriptor) [pid 5655] close(14) = -1 EBADF (Bad file descriptor) [pid 5655] close(15) = -1 EBADF (Bad file descriptor) [pid 5655] close(16) = -1 EBADF (Bad file descriptor) [pid 5655] close(17) = -1 EBADF (Bad file descriptor) [pid 5655] close(18) = -1 EBADF (Bad file descriptor) [pid 5655] close(19) = -1 EBADF (Bad file descriptor) [pid 5655] close(20) = -1 EBADF (Bad file descriptor) [pid 5655] close(21) = -1 EBADF (Bad file descriptor) [pid 5655] close(22) = -1 EBADF (Bad file descriptor) [ 158.462832][ T5657] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 158.483033][ T5657] CPU: 1 PID: 5657 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 158.493528][ T5657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 158.503632][ T5657] Call Trace: [ 158.506954][ T5657] [ 158.509952][ T5657] dump_stack_lvl+0x1e7/0x2d0 [ 158.514694][ T5657] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5655] close(23) = -1 EBADF (Bad file descriptor) [pid 5655] close(24) = -1 EBADF (Bad file descriptor) [pid 5655] close(25) = -1 EBADF (Bad file descriptor) [pid 5655] close(26) = -1 EBADF (Bad file descriptor) [pid 5655] close(27) = -1 EBADF (Bad file descriptor) [pid 5655] close(28) = -1 EBADF (Bad file descriptor) [pid 5655] close(29) = -1 EBADF (Bad file descriptor) [pid 5655] exit_group(0) = ? [pid 5655] +++ exited with 0 +++ [ 158.520214][ T5657] ? panic+0x770/0x770 [ 158.524357][ T5657] dump_header+0xdc/0x940 [ 158.528759][ T5657] out_of_memory+0xf21/0x12c0 [ 158.533509][ T5657] ? mutex_lock_io_nested+0x60/0x60 [ 158.538789][ T5657] ? preempt_schedule+0xdd/0xf0 [ 158.543708][ T5657] ? unregister_oom_notifier+0x20/0x20 [ 158.549215][ T5657] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 158.555416][ T5657] ? lockdep_hardirqs_on+0x98/0x140 [ 158.560672][ T5657] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 158.566890][ T5657] mem_cgroup_out_of_memory+0x263/0x3b0 [ 158.572490][ T5657] ? preempt_schedule_thunk+0x1a/0x20 [ 158.577923][ T5657] ? mem_cgroup_oom_trylock+0x210/0x210 [ 158.583542][ T5657] ? cgroup_file_notify+0x127/0x190 [ 158.588804][ T5657] memory_max_write+0x355/0x470 [ 158.593742][ T5657] ? memory_max_show+0xa0/0xa0 [ 158.598558][ T5657] ? read_lock_is_recursive+0x20/0x20 [ 158.603983][ T5657] ? memory_max_show+0xa0/0xa0 [ 158.608797][ T5657] cgroup_file_write+0x2b1/0x780 [ 158.613796][ T5657] ? cgroup_seqfile_stop+0xd0/0xd0 [ 158.618958][ T5657] ? __virt_addr_valid+0x22f/0x2e0 [ 158.624134][ T5657] ? cgroup_seqfile_stop+0xd0/0xd0 [ 158.629300][ T5657] kernfs_fop_write_iter+0x3a6/0x4f0 [ 158.634651][ T5657] vfs_write+0x7b2/0xbb0 [ 158.638967][ T5657] ? file_end_write+0x240/0x240 [ 158.643891][ T5657] ? do_raw_spin_unlock+0x13b/0x8b0 [ 158.649153][ T5657] ? lockdep_hardirqs_on+0x98/0x140 [ 158.654421][ T5657] ? __fdget_pos+0x265/0x2f0 [ 158.659081][ T5657] ksys_write+0x1a0/0x2c0 [ 158.663478][ T5657] ? __ia32_sys_read+0x90/0x90 [ 158.668296][ T5657] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 158.674349][ T5657] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 158.680480][ T5657] do_syscall_64+0x41/0xc0 [ 158.684955][ T5657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 158.690923][ T5657] RIP: 0033:0x7fd49ce20129 [ 158.695394][ T5657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 158.715059][ T5657] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./30/binderfs") = 0 [pid 5073] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./30/cgroup") = 0 [pid 5073] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./30/cgroup.net") = 0 [pid 5073] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 158.723547][ T5657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 158.731574][ T5657] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 158.739594][ T5657] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 158.747619][ T5657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 158.755635][ T5657] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001b [ 158.763675][ T5657] [pid 5073] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./30/file0") = 0 [pid 5073] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./30/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./30") = 0 [pid 5073] mkdir("./31", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5680 attached [pid 5680] chdir("./31" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 33 [pid 5680] <... chdir resumed>) = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5680] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5680] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] mkdir("./file0", 000) = 0 [pid 5680] open("./file0", O_RDONLY) = 3 [pid 5680] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5680] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5680] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5680] openat(5, "memory.max", O_RDWR) = 6 [ 158.776753][ T5657] memory: usage 8kB, limit 0kB, failcnt 55 [ 158.803105][ T5657] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 158.826202][ T5657] Memory cgroup stats for /syz1: [ 158.829905][ T5657] anon 0 [ 158.829905][ T5657] file 0 [ 158.829905][ T5657] kernel 8192 [ 158.829905][ T5657] kernel_stack 0 [ 158.829905][ T5657] pagetables 0 [ 158.829905][ T5657] sec_pagetables 0 [ 158.829905][ T5657] percpu 0 [ 158.829905][ T5657] sock 0 [ 158.829905][ T5657] vmalloc 0 [ 158.829905][ T5657] shmem 0 [ 158.829905][ T5657] zswap 0 [ 158.829905][ T5657] zswapped 0 [ 158.829905][ T5657] file_mapped 0 [ 158.829905][ T5657] file_dirty 0 [ 158.829905][ T5657] file_writeback 0 [ 158.829905][ T5657] swapcached 0 [ 158.829905][ T5657] anon_thp 0 [ 158.829905][ T5657] file_thp 0 [ 158.829905][ T5657] shmem_thp 0 [ 158.829905][ T5657] inactive_anon 0 [ 158.829905][ T5657] active_anon 0 [ 158.829905][ T5657] inactive_file 0 [ 158.829905][ T5657] active_file 0 [ 158.829905][ T5657] unevictable 0 [ 158.829905][ T5657] slab_reclaimable 6752 [ 158.829905][ T5657] slab_unreclaimable 0 [ 158.829905][ T5657] slab 6752 [ 158.829905][ T5657] workingset_refault_anon 0 [ 158.942946][ T5657] Tasks state (memory values in pages): [ 158.954806][ T5657] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 158.976729][ T5657] Out of memory and no killable processes... [pid 5680] write(6, "0x000000000000040e", 18 [pid 5657] <... write resumed>) = 18 [pid 5657] close(3) = 0 [pid 5657] close(4) = 0 [pid 5657] close(5) = 0 [pid 5657] close(6) = 0 [pid 5657] close(7) = -1 EBADF (Bad file descriptor) [pid 5657] close(8) = -1 EBADF (Bad file descriptor) [pid 5657] close(9) = -1 EBADF (Bad file descriptor) [pid 5657] close(10) = -1 EBADF (Bad file descriptor) [pid 5657] close(11) = -1 EBADF (Bad file descriptor) [pid 5657] close(12) = -1 EBADF (Bad file descriptor) [pid 5657] close(13) = -1 EBADF (Bad file descriptor) [ 158.984205][ T5659] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5657] close(14) = -1 EBADF (Bad file descriptor) [pid 5657] close(15) = -1 EBADF (Bad file descriptor) [pid 5657] close(16) = -1 EBADF (Bad file descriptor) [pid 5657] close(17) = -1 EBADF (Bad file descriptor) [ 159.016913][ T5659] CPU: 0 PID: 5659 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 159.027421][ T5659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.037528][ T5659] Call Trace: [ 159.040846][ T5659] [ 159.043818][ T5659] dump_stack_lvl+0x1e7/0x2d0 [ 159.048562][ T5659] ? nf_tcp_handle_invalid+0x640/0x640 [ 159.054078][ T5659] ? panic+0x770/0x770 [ 159.058214][ T5659] dump_header+0xdc/0x940 [ 159.062601][ T5659] out_of_memory+0xf21/0x12c0 [ 159.067339][ T5659] ? mutex_lock_io_nested+0x60/0x60 [ 159.072700][ T5659] ? preempt_schedule+0xdd/0xf0 [ 159.077613][ T5659] ? unregister_oom_notifier+0x20/0x20 [ 159.083092][ T5659] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 159.089103][ T5659] mem_cgroup_out_of_memory+0x263/0x3b0 [ 159.094668][ T5659] ? preempt_schedule_thunk+0x1a/0x20 [ 159.100062][ T5659] ? mem_cgroup_oom_trylock+0x210/0x210 [ 159.105638][ T5659] ? cgroup_file_notify+0x127/0x190 [ 159.110897][ T5659] memory_max_write+0x355/0x470 [ 159.115817][ T5659] ? memory_max_show+0xa0/0xa0 [ 159.120618][ T5659] ? read_lock_is_recursive+0x20/0x20 [ 159.126017][ T5659] ? memory_max_show+0xa0/0xa0 [ 159.130830][ T5659] cgroup_file_write+0x2b1/0x780 [ 159.135796][ T5659] ? cgroup_seqfile_stop+0xd0/0xd0 [ 159.140930][ T5659] ? __virt_addr_valid+0x22f/0x2e0 [ 159.146096][ T5659] ? cgroup_seqfile_stop+0xd0/0xd0 [ 159.151298][ T5659] kernfs_fop_write_iter+0x3a6/0x4f0 [ 159.156710][ T5659] vfs_write+0x7b2/0xbb0 [ 159.160986][ T5659] ? file_end_write+0x240/0x240 [ 159.165861][ T5659] ? do_raw_spin_unlock+0x13b/0x8b0 [ 159.171082][ T5659] ? lockdep_hardirqs_on+0x98/0x140 [ 159.176306][ T5659] ? __fdget_pos+0x265/0x2f0 [ 159.180916][ T5659] ksys_write+0x1a0/0x2c0 [ 159.185269][ T5659] ? __ia32_sys_read+0x90/0x90 [ 159.190845][ T5659] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 159.196921][ T5659] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 159.202953][ T5659] do_syscall_64+0x41/0xc0 [ 159.207395][ T5659] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.213312][ T5659] RIP: 0033:0x7fd49ce20129 [ 159.217744][ T5659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.237373][ T5659] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.245805][ T5659] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 159.253786][ T5659] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5657] close(18) = -1 EBADF (Bad file descriptor) [pid 5657] close(19) = -1 EBADF (Bad file descriptor) [pid 5657] close(20) = -1 EBADF (Bad file descriptor) [pid 5657] close(21) = -1 EBADF (Bad file descriptor) [pid 5657] close(22) = -1 EBADF (Bad file descriptor) [pid 5657] close(23) = -1 EBADF (Bad file descriptor) [pid 5657] close(24) = -1 EBADF (Bad file descriptor) [pid 5657] close(25) = -1 EBADF (Bad file descriptor) [pid 5657] close(26) = -1 EBADF (Bad file descriptor) [pid 5657] close(27) = -1 EBADF (Bad file descriptor) [pid 5657] close(28) = -1 EBADF (Bad file descriptor) [pid 5657] close(29) = -1 EBADF (Bad file descriptor) [pid 5657] exit_group(0) = ? [pid 5657] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 159.261767][ T5659] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 159.269752][ T5659] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 159.277735][ T5659] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000023 [ 159.285753][ T5659] [pid 5070] unlink("./27/binderfs") = 0 [pid 5070] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./27/cgroup") = 0 [pid 5070] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./27/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./27/cgroup.net") = 0 [pid 5070] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./27/file0") = 0 [pid 5070] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./27/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./27") = 0 [pid 5070] mkdir("./28", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached [pid 5682] chdir("./28") = 0 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 30 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [pid 5682] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5682] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5682] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 159.333979][ T5659] memory: usage 8kB, limit 0kB, failcnt 55 [ 159.340500][ T5659] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 159.354719][ T5659] Memory cgroup stats for /syz1: [ 159.354946][ T5659] anon 0 [ 159.354946][ T5659] file 0 [ 159.354946][ T5659] kernel 8192 [ 159.354946][ T5659] kernel_stack 0 [ 159.354946][ T5659] pagetables 0 [ 159.354946][ T5659] sec_pagetables 0 [ 159.354946][ T5659] percpu 0 [ 159.354946][ T5659] sock 0 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5682] mkdir("./file0", 000) = 0 [pid 5682] open("./file0", O_RDONLY) = 3 [pid 5682] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5682] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5682] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5682] openat(5, "memory.max", O_RDWR) = 6 [ 159.354946][ T5659] vmalloc 0 [ 159.354946][ T5659] shmem 0 [ 159.354946][ T5659] zswap 0 [ 159.354946][ T5659] zswapped 0 [ 159.354946][ T5659] file_mapped 0 [ 159.354946][ T5659] file_dirty 0 [ 159.354946][ T5659] file_writeback 0 [ 159.354946][ T5659] swapcached 0 [ 159.354946][ T5659] anon_thp 0 [ 159.354946][ T5659] file_thp 0 [ 159.354946][ T5659] shmem_thp 0 [ 159.354946][ T5659] inactive_anon 0 [ 159.354946][ T5659] active_anon 0 [ 159.354946][ T5659] inactive_file 0 [ 159.354946][ T5659] active_file 0 [ 159.354946][ T5659] unevictable 0 [ 159.354946][ T5659] slab_reclaimable 6752 [ 159.354946][ T5659] slab_unreclaimable 0 [ 159.354946][ T5659] slab 6752 [ 159.354946][ T5659] workingset_refault_anon 0 [ 159.459690][ T5659] Tasks state (memory values in pages): [ 159.465261][ T5659] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 159.476595][ T5659] Out of memory and no killable processes... [pid 5682] write(6, "0x000000000000040e", 18 [pid 5659] <... write resumed>) = 18 [pid 5659] close(3) = 0 [pid 5659] close(4) = 0 [pid 5659] close(5) = 0 [pid 5659] close(6) = 0 [pid 5659] close(7) = -1 EBADF (Bad file descriptor) [pid 5659] close(8) = -1 EBADF (Bad file descriptor) [pid 5659] close(9) = -1 EBADF (Bad file descriptor) [pid 5659] close(10) = -1 EBADF (Bad file descriptor) [pid 5659] close(11) = -1 EBADF (Bad file descriptor) [pid 5659] close(12) = -1 EBADF (Bad file descriptor) [pid 5659] close(13) = -1 EBADF (Bad file descriptor) [pid 5659] close(14) = -1 EBADF (Bad file descriptor) [pid 5659] close(15) = -1 EBADF (Bad file descriptor) [pid 5659] close(16) = -1 EBADF (Bad file descriptor) [pid 5659] close(17) = -1 EBADF (Bad file descriptor) [pid 5659] close(18) = -1 EBADF (Bad file descriptor) [pid 5659] close(19) = -1 EBADF (Bad file descriptor) [pid 5659] close(20) = -1 EBADF (Bad file descriptor) [pid 5659] close(21) = -1 EBADF (Bad file descriptor) [pid 5659] close(22) = -1 EBADF (Bad file descriptor) [pid 5659] close(23) = -1 EBADF (Bad file descriptor) [pid 5659] close(24) = -1 EBADF (Bad file descriptor) [pid 5659] close(25) = -1 EBADF (Bad file descriptor) [pid 5659] close(26) = -1 EBADF (Bad file descriptor) [pid 5659] close(27) = -1 EBADF (Bad file descriptor) [pid 5659] close(28) = -1 EBADF (Bad file descriptor) [pid 5659] close(29) = -1 EBADF (Bad file descriptor) [pid 5659] exit_group(0) = ? [pid 5659] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./35/binderfs") = 0 [ 159.482917][ T5671] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 159.497646][ T5671] CPU: 1 PID: 5671 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 159.508134][ T5671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.518232][ T5671] Call Trace: [ 159.521541][ T5671] [ 159.524504][ T5671] dump_stack_lvl+0x1e7/0x2d0 [ 159.529234][ T5671] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5074] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./35/cgroup") = 0 [pid 5074] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./35/cgroup.net") = 0 [ 159.534732][ T5671] ? panic+0x770/0x770 [ 159.538851][ T5671] dump_header+0xdc/0x940 [ 159.543227][ T5671] out_of_memory+0xf21/0x12c0 [ 159.547953][ T5671] ? mutex_lock_io_nested+0x60/0x60 [ 159.553208][ T5671] ? preempt_schedule+0xdd/0xf0 [ 159.558130][ T5671] ? unregister_oom_notifier+0x20/0x20 [ 159.563629][ T5671] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 159.569814][ T5671] ? lockdep_hardirqs_on+0x98/0x140 [ 159.575035][ T5671] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 159.581210][ T5671] mem_cgroup_out_of_memory+0x263/0x3b0 [ 159.586782][ T5671] ? preempt_schedule_thunk+0x1a/0x20 [ 159.592179][ T5671] ? mem_cgroup_oom_trylock+0x210/0x210 [ 159.597771][ T5671] ? cgroup_file_notify+0x127/0x190 [ 159.602995][ T5671] memory_max_write+0x355/0x470 [ 159.607871][ T5671] ? memory_max_show+0xa0/0xa0 [ 159.612653][ T5671] ? read_lock_is_recursive+0x20/0x20 [ 159.618049][ T5671] ? memory_max_show+0xa0/0xa0 [ 159.622828][ T5671] cgroup_file_write+0x2b1/0x780 [ 159.627786][ T5671] ? cgroup_seqfile_stop+0xd0/0xd0 [ 159.632913][ T5671] ? __virt_addr_valid+0x22f/0x2e0 [ 159.638054][ T5671] ? cgroup_seqfile_stop+0xd0/0xd0 [ 159.643174][ T5671] kernfs_fop_write_iter+0x3a6/0x4f0 [ 159.648482][ T5671] vfs_write+0x7b2/0xbb0 [ 159.652747][ T5671] ? file_end_write+0x240/0x240 [ 159.657618][ T5671] ? do_raw_spin_unlock+0x13b/0x8b0 [ 159.662835][ T5671] ? lockdep_hardirqs_on+0x98/0x140 [ 159.668060][ T5671] ? __fdget_pos+0x265/0x2f0 [ 159.672666][ T5671] ksys_write+0x1a0/0x2c0 [ 159.677017][ T5671] ? __ia32_sys_read+0x90/0x90 [ 159.681807][ T5671] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 159.687813][ T5671] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 159.693823][ T5671] do_syscall_64+0x41/0xc0 [ 159.698258][ T5671] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.704173][ T5671] RIP: 0033:0x7fd49ce20129 [ 159.708599][ T5671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.728214][ T5671] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.736641][ T5671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 159.744620][ T5671] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 159.752598][ T5671] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 159.760574][ T5671] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 159.768555][ T5671] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001c [ 159.776567][ T5671] [pid 5074] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.782037][ T5671] memory: usage 8kB, limit 0kB, failcnt 55 [ 159.788089][ T5671] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 159.795663][ T5671] Memory cgroup stats for /syz1: [ 159.797103][ T5671] anon 0 [ 159.797103][ T5671] file 0 [ 159.797103][ T5671] kernel 8192 [ 159.797103][ T5671] kernel_stack 0 [ 159.797103][ T5671] pagetables 0 [ 159.797103][ T5671] sec_pagetables 0 [ 159.797103][ T5671] percpu 0 [ 159.797103][ T5671] sock 0 [ 159.797103][ T5671] vmalloc 0 [ 159.797103][ T5671] shmem 0 [ 159.797103][ T5671] zswap 0 [ 159.797103][ T5671] zswapped 0 [ 159.797103][ T5671] file_mapped 0 [ 159.797103][ T5671] file_dirty 0 [ 159.797103][ T5671] file_writeback 0 [ 159.797103][ T5671] swapcached 0 [ 159.797103][ T5671] anon_thp 0 [ 159.797103][ T5671] file_thp 0 [ 159.797103][ T5671] shmem_thp 0 [ 159.797103][ T5671] inactive_anon 0 [ 159.797103][ T5671] active_anon 0 [ 159.797103][ T5671] inactive_file 0 [ 159.797103][ T5671] active_file 0 [ 159.797103][ T5671] unevictable 0 [ 159.797103][ T5671] slab_reclaimable 6752 [ 159.797103][ T5671] slab_unreclaimable 0 [pid 5074] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./35/file0") = 0 [pid 5074] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./35/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./35" [pid 5671] <... write resumed>) = 18 [pid 5074] <... rmdir resumed>) = 0 [pid 5671] close(3) = 0 [pid 5671] close(4 [ 159.797103][ T5671] slab 6752 [ 159.797103][ T5671] workingset_refault_anon 0 [ 159.896368][ T5671] Tasks state (memory values in pages): [ 159.902794][ T5671] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 159.912581][ T5671] Out of memory and no killable processes... [ 159.918885][ T5676] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5074] mkdir("./36", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5683 attached [pid 5683] chdir("./36" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 38 [pid 5683] <... chdir resumed>) = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5683] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5683] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] mkdir("./file0", 000) = 0 [pid 5683] open("./file0", O_RDONLY) = 3 [pid 5683] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5683] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5683] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5683] openat(5, "memory.max", O_RDWR) = 6 [pid 5683] write(6, "0x000000000000040e", 18 [pid 5671] <... close resumed>) = 0 [pid 5671] close(5) = 0 [pid 5671] close(6) = 0 [pid 5671] close(7) = -1 EBADF (Bad file descriptor) [pid 5671] close(8) = -1 EBADF (Bad file descriptor) [pid 5671] close(9) = -1 EBADF (Bad file descriptor) [pid 5671] close(10) = -1 EBADF (Bad file descriptor) [pid 5671] close(11) = -1 EBADF (Bad file descriptor) [ 159.931542][ T5676] CPU: 0 PID: 5676 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 159.942010][ T5676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.952112][ T5676] Call Trace: [ 159.955429][ T5676] [ 159.958393][ T5676] dump_stack_lvl+0x1e7/0x2d0 [ 159.963130][ T5676] ? nf_tcp_handle_invalid+0x640/0x640 [ 159.968641][ T5676] ? panic+0x770/0x770 [ 159.972784][ T5676] dump_header+0xdc/0x940 [ 159.977171][ T5676] out_of_memory+0xf21/0x12c0 [ 159.981918][ T5676] ? mutex_lock_io_nested+0x60/0x60 [pid 5671] close(12) = -1 EBADF (Bad file descriptor) [pid 5671] close(13) = -1 EBADF (Bad file descriptor) [pid 5671] close(14) = -1 EBADF (Bad file descriptor) [pid 5671] close(15) = -1 EBADF (Bad file descriptor) [pid 5671] close(16) = -1 EBADF (Bad file descriptor) [pid 5671] close(17) = -1 EBADF (Bad file descriptor) [pid 5671] close(18) = -1 EBADF (Bad file descriptor) [pid 5671] close(19) = -1 EBADF (Bad file descriptor) [pid 5671] close(20) = -1 EBADF (Bad file descriptor) [pid 5671] close(21) = -1 EBADF (Bad file descriptor) [pid 5671] close(22) = -1 EBADF (Bad file descriptor) [pid 5671] close(23) = -1 EBADF (Bad file descriptor) [pid 5671] close(24) = -1 EBADF (Bad file descriptor) [pid 5671] close(25) = -1 EBADF (Bad file descriptor) [pid 5671] close(26) = -1 EBADF (Bad file descriptor) [pid 5671] close(27) = -1 EBADF (Bad file descriptor) [pid 5671] close(28) = -1 EBADF (Bad file descriptor) [pid 5671] close(29) = -1 EBADF (Bad file descriptor) [pid 5671] exit_group(0) = ? [pid 5671] +++ exited with 0 +++ [ 159.987181][ T5676] ? preempt_schedule+0xdd/0xf0 [ 159.992091][ T5676] ? unregister_oom_notifier+0x20/0x20 [ 159.997603][ T5676] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 160.003665][ T5676] mem_cgroup_out_of_memory+0x263/0x3b0 [ 160.009263][ T5676] ? preempt_schedule_thunk+0x1a/0x20 [ 160.014692][ T5676] ? mem_cgroup_oom_trylock+0x210/0x210 [ 160.020315][ T5676] ? cgroup_file_notify+0x127/0x190 [ 160.025568][ T5676] memory_max_write+0x355/0x470 [ 160.030489][ T5676] ? memory_max_show+0xa0/0xa0 [ 160.035301][ T5676] ? read_lock_is_recursive+0x20/0x20 [ 160.040718][ T5676] ? memory_max_show+0xa0/0xa0 [ 160.045506][ T5676] cgroup_file_write+0x2b1/0x780 [ 160.050474][ T5676] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.055630][ T5676] ? __virt_addr_valid+0x22f/0x2e0 [ 160.060800][ T5676] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.065922][ T5676] kernfs_fop_write_iter+0x3a6/0x4f0 [ 160.071252][ T5676] vfs_write+0x7b2/0xbb0 [ 160.075540][ T5676] ? file_end_write+0x240/0x240 [ 160.080426][ T5676] ? do_raw_spin_unlock+0x13b/0x8b0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 160.085682][ T5676] ? lockdep_hardirqs_on+0x98/0x140 [ 160.090957][ T5676] ? __fdget_pos+0x265/0x2f0 [ 160.095568][ T5676] ksys_write+0x1a0/0x2c0 [ 160.099938][ T5676] ? __ia32_sys_read+0x90/0x90 [ 160.104763][ T5676] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 160.110817][ T5676] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 160.116871][ T5676] do_syscall_64+0x41/0xc0 [ 160.121337][ T5676] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.127281][ T5676] RIP: 0033:0x7fd49ce20129 [pid 5072] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./28/binderfs") = 0 [pid 5072] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./28/cgroup") = 0 [pid 5072] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./28/cgroup.net") = 0 [ 160.131747][ T5676] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.151407][ T5676] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 160.159869][ T5676] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 160.167875][ T5676] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 160.175893][ T5676] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./28/file0") = 0 [pid 5072] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./28/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./28") = 0 [pid 5072] mkdir("./29", 0777) = 0 [ 160.183986][ T5676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 160.192001][ T5676] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000022 [ 160.200024][ T5676] [ 160.216323][ T5676] memory: usage 8kB, limit 0kB, failcnt 55 [ 160.223898][ T5676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 31 ./strace-static-x86_64: Process 5684 attached [pid 5684] chdir("./29") = 0 [pid 5684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5684] setpgid(0, 0) = 0 [pid 5684] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5684] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5684] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5684] write(3, "1000", 4) = 4 [pid 5684] close(3) = 0 [pid 5684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5684] mkdir("./file0", 000) = 0 [pid 5684] open("./file0", O_RDONLY) = 3 [pid 5684] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5684] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5684] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5684] openat(5, "memory.max", O_RDWR) = 6 [ 160.238774][ T5676] Memory cgroup stats for /syz1: [ 160.238994][ T5676] anon 0 [ 160.238994][ T5676] file 0 [ 160.238994][ T5676] kernel 8192 [ 160.238994][ T5676] kernel_stack 0 [ 160.238994][ T5676] pagetables 0 [ 160.238994][ T5676] sec_pagetables 0 [ 160.238994][ T5676] percpu 0 [ 160.238994][ T5676] sock 0 [ 160.238994][ T5676] vmalloc 0 [ 160.238994][ T5676] shmem 0 [ 160.238994][ T5676] zswap 0 [ 160.238994][ T5676] zswapped 0 [ 160.238994][ T5676] file_mapped 0 [ 160.238994][ T5676] file_dirty 0 [ 160.238994][ T5676] file_writeback 0 [ 160.238994][ T5676] swapcached 0 [ 160.238994][ T5676] anon_thp 0 [ 160.238994][ T5676] file_thp 0 [ 160.238994][ T5676] shmem_thp 0 [ 160.238994][ T5676] inactive_anon 0 [ 160.238994][ T5676] active_anon 0 [ 160.238994][ T5676] inactive_file 0 [ 160.238994][ T5676] active_file 0 [ 160.238994][ T5676] unevictable 0 [ 160.238994][ T5676] slab_reclaimable 6752 [ 160.238994][ T5676] slab_unreclaimable 0 [ 160.238994][ T5676] slab 6752 [ 160.238994][ T5676] workingset_refault_anon 0 [pid 5684] write(6, "0x000000000000040e", 18 [pid 5676] <... write resumed>) = 18 [pid 5676] close(3) = 0 [pid 5676] close(4) = 0 [pid 5676] close(5) = 0 [pid 5676] close(6) = 0 [ 160.343905][ T5676] Tasks state (memory values in pages): [ 160.351190][ T5676] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 160.366000][ T5676] Out of memory and no killable processes... [pid 5676] close(7) = -1 EBADF (Bad file descriptor) [pid 5676] close(8) = -1 EBADF (Bad file descriptor) [pid 5676] close(9) = -1 EBADF (Bad file descriptor) [pid 5676] close(10) = -1 EBADF (Bad file descriptor) [pid 5676] close(11) = -1 EBADF (Bad file descriptor) [pid 5676] close(12) = -1 EBADF (Bad file descriptor) [pid 5676] close(13) = -1 EBADF (Bad file descriptor) [pid 5676] close(14) = -1 EBADF (Bad file descriptor) [pid 5676] close(15) = -1 EBADF (Bad file descriptor) [pid 5676] close(16) = -1 EBADF (Bad file descriptor) [pid 5676] close(17) = -1 EBADF (Bad file descriptor) [pid 5676] close(18) = -1 EBADF (Bad file descriptor) [pid 5676] close(19) = -1 EBADF (Bad file descriptor) [pid 5676] close(20) = -1 EBADF (Bad file descriptor) [pid 5676] close(21) = -1 EBADF (Bad file descriptor) [pid 5676] close(22) = -1 EBADF (Bad file descriptor) [pid 5676] close(23) = -1 EBADF (Bad file descriptor) [pid 5676] close(24) = -1 EBADF (Bad file descriptor) [pid 5676] close(25) = -1 EBADF (Bad file descriptor) [pid 5676] close(26) = -1 EBADF (Bad file descriptor) [pid 5676] close(27) = -1 EBADF (Bad file descriptor) [pid 5676] close(28) = -1 EBADF (Bad file descriptor) [pid 5676] close(29) = -1 EBADF (Bad file descriptor) [pid 5676] exit_group(0) = ? [pid 5676] +++ exited with 0 +++ [ 160.386663][ T5680] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 160.406709][ T5680] CPU: 0 PID: 5680 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 160.417198][ T5680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 160.427302][ T5680] Call Trace: [ 160.430627][ T5680] [ 160.433596][ T5680] dump_stack_lvl+0x1e7/0x2d0 [ 160.438335][ T5680] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./34/binderfs") = 0 [pid 5075] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./34/cgroup") = 0 [pid 5075] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./34/cgroup.net") = 0 [ 160.443841][ T5680] ? panic+0x770/0x770 [ 160.447959][ T5680] dump_header+0xdc/0x940 [ 160.452339][ T5680] out_of_memory+0xf21/0x12c0 [ 160.457090][ T5680] ? mutex_lock_io_nested+0x60/0x60 [ 160.462360][ T5680] ? preempt_schedule+0xdd/0xf0 [ 160.467275][ T5680] ? unregister_oom_notifier+0x20/0x20 [ 160.472783][ T5680] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 160.478849][ T5680] mem_cgroup_out_of_memory+0x263/0x3b0 [ 160.484464][ T5680] ? preempt_schedule_thunk+0x1a/0x20 [ 160.489873][ T5680] ? mem_cgroup_oom_trylock+0x210/0x210 [ 160.495471][ T5680] ? cgroup_file_notify+0x127/0x190 [ 160.500704][ T5680] memory_max_write+0x355/0x470 [ 160.505596][ T5680] ? memory_max_show+0xa0/0xa0 [ 160.510386][ T5680] ? read_lock_is_recursive+0x20/0x20 [ 160.515784][ T5680] ? memory_max_show+0xa0/0xa0 [ 160.520589][ T5680] cgroup_file_write+0x2b1/0x780 [ 160.525564][ T5680] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.530716][ T5680] ? __virt_addr_valid+0x22f/0x2e0 [ 160.535883][ T5680] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.541032][ T5680] kernfs_fop_write_iter+0x3a6/0x4f0 [ 160.546384][ T5680] vfs_write+0x7b2/0xbb0 [ 160.550685][ T5680] ? file_end_write+0x240/0x240 [ 160.555586][ T5680] ? do_raw_spin_unlock+0x13b/0x8b0 [ 160.560817][ T5680] ? lockdep_hardirqs_on+0x98/0x140 [ 160.566056][ T5680] ? __fdget_pos+0x265/0x2f0 [ 160.570680][ T5680] ksys_write+0x1a0/0x2c0 [ 160.575082][ T5680] ? __ia32_sys_read+0x90/0x90 [ 160.579886][ T5680] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 160.585893][ T5680] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 160.591906][ T5680] do_syscall_64+0x41/0xc0 [ 160.596358][ T5680] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.602284][ T5680] RIP: 0033:0x7fd49ce20129 [ 160.606740][ T5680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.626394][ T5680] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 160.634848][ T5680] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 160.642849][ T5680] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 160.650863][ T5680] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 160.658873][ T5680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 160.666882][ T5680] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001f [ 160.674916][ T5680] [ 160.681762][ T5680] memory: usage 8kB, limit 0kB, failcnt 55 [ 160.687832][ T5680] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./34/file0") = 0 [pid 5075] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./34/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./34") = 0 [pid 5075] mkdir("./35", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 37 [ 160.694790][ T5680] Memory cgroup stats for /syz1: [ 160.694995][ T5680] anon 0 [ 160.694995][ T5680] file 0 [ 160.694995][ T5680] kernel 8192 [ 160.694995][ T5680] kernel_stack 0 [ 160.694995][ T5680] pagetables 0 [ 160.694995][ T5680] sec_pagetables 0 [ 160.694995][ T5680] percpu 0 [ 160.694995][ T5680] sock 0 [ 160.694995][ T5680] vmalloc 0 [ 160.694995][ T5680] shmem 0 [ 160.694995][ T5680] zswap 0 [ 160.694995][ T5680] zswapped 0 [ 160.694995][ T5680] file_mapped 0 [ 160.694995][ T5680] file_dirty 0 ./strace-static-x86_64: Process 5685 attached [ 160.694995][ T5680] file_writeback 0 [ 160.694995][ T5680] swapcached 0 [ 160.694995][ T5680] anon_thp 0 [ 160.694995][ T5680] file_thp 0 [ 160.694995][ T5680] shmem_thp 0 [ 160.694995][ T5680] inactive_anon 0 [ 160.694995][ T5680] active_anon 0 [ 160.694995][ T5680] inactive_file 0 [ 160.694995][ T5680] active_file 0 [ 160.694995][ T5680] unevictable 0 [ 160.694995][ T5680] slab_reclaimable 6752 [ 160.694995][ T5680] slab_unreclaimable 0 [ 160.694995][ T5680] slab 6752 [ 160.694995][ T5680] workingset_refault_anon 0 [pid 5685] chdir("./35") = 0 [pid 5685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] <... write resumed>) = 18 [pid 5685] setpgid(0, 0) = 0 [pid 5680] close(3 [pid 5685] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5680] <... close resumed>) = 0 [pid 5685] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5680] close(4 [pid 5685] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5680] <... close resumed>) = 0 [pid 5685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] close(5 [pid 5685] write(3, "1000", 4) = 4 [pid 5680] <... close resumed>) = 0 [pid 5685] close(3) = 0 [pid 5680] close(6 [pid 5685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] <... close resumed>) = 0 [pid 5685] mkdir("./file0", 000) = 0 [pid 5680] close(7 [pid 5685] open("./file0", O_RDONLY [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] <... open resumed>) = 3 [pid 5680] close(8 [pid 5685] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] <... mount resumed>) = 0 [pid 5680] close(9 [pid 5685] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] <... openat resumed>) = 4 [pid 5680] close(10 [pid 5685] openat(4, "syz1", O_RDWR|O_PATH [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] <... openat resumed>) = 5 [pid 5680] close(11 [pid 5685] openat(5, "memory.max", O_RDWR [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] <... openat resumed>) = 6 [pid 5680] close(12 [pid 5685] write(6, "0x000000000000040e", 18 [pid 5680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5680] close(13) = -1 EBADF (Bad file descriptor) [pid 5680] close(14) = -1 EBADF (Bad file descriptor) [pid 5680] close(15) = -1 EBADF (Bad file descriptor) [pid 5680] close(16) = -1 EBADF (Bad file descriptor) [pid 5680] close(17) = -1 EBADF (Bad file descriptor) [pid 5680] close(18) = -1 EBADF (Bad file descriptor) [pid 5680] close(19) = -1 EBADF (Bad file descriptor) [pid 5680] close(20) = -1 EBADF (Bad file descriptor) [pid 5680] close(21) = -1 EBADF (Bad file descriptor) [pid 5680] close(22) = -1 EBADF (Bad file descriptor) [pid 5680] close(23) = -1 EBADF (Bad file descriptor) [pid 5680] close(24) = -1 EBADF (Bad file descriptor) [pid 5680] close(25) = -1 EBADF (Bad file descriptor) [pid 5680] close(26) = -1 EBADF (Bad file descriptor) [pid 5680] close(27) = -1 EBADF (Bad file descriptor) [pid 5680] close(28) = -1 EBADF (Bad file descriptor) [pid 5680] close(29) = -1 EBADF (Bad file descriptor) [pid 5680] exit_group(0) = ? [pid 5680] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 160.795026][ T5680] Tasks state (memory values in pages): [ 160.801093][ T5680] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 160.811111][ T5680] Out of memory and no killable processes... [ 160.817783][ T5682] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5073] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./31/binderfs") = 0 [pid 5073] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./31/cgroup") = 0 [pid 5073] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./31/cgroup.net") = 0 [ 160.854227][ T5682] CPU: 0 PID: 5682 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 160.864735][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 160.874824][ T5682] Call Trace: [ 160.878129][ T5682] [ 160.881101][ T5682] dump_stack_lvl+0x1e7/0x2d0 [ 160.885847][ T5682] ? nf_tcp_handle_invalid+0x640/0x640 [ 160.891364][ T5682] ? panic+0x770/0x770 [ 160.895498][ T5682] dump_header+0xdc/0x940 [ 160.899909][ T5682] out_of_memory+0xf21/0x12c0 [ 160.904650][ T5682] ? mutex_lock_io_nested+0x60/0x60 [ 160.909894][ T5682] ? preempt_schedule+0xdd/0xf0 [ 160.914766][ T5682] ? unregister_oom_notifier+0x20/0x20 [ 160.920245][ T5682] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 160.926288][ T5682] mem_cgroup_out_of_memory+0x263/0x3b0 [ 160.931868][ T5682] ? preempt_schedule_thunk+0x1a/0x20 [ 160.937274][ T5682] ? mem_cgroup_oom_trylock+0x210/0x210 [ 160.942851][ T5682] ? cgroup_file_notify+0x127/0x190 [ 160.948072][ T5682] memory_max_write+0x355/0x470 [ 160.952945][ T5682] ? memory_max_show+0xa0/0xa0 [ 160.957729][ T5682] ? read_lock_is_recursive+0x20/0x20 [ 160.963125][ T5682] ? memory_max_show+0xa0/0xa0 [ 160.967905][ T5682] cgroup_file_write+0x2b1/0x780 [ 160.972871][ T5682] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.977992][ T5682] ? __virt_addr_valid+0x22f/0x2e0 [ 160.983130][ T5682] ? cgroup_seqfile_stop+0xd0/0xd0 [ 160.988249][ T5682] kernfs_fop_write_iter+0x3a6/0x4f0 [ 160.993556][ T5682] vfs_write+0x7b2/0xbb0 [ 160.997822][ T5682] ? file_end_write+0x240/0x240 [ 161.002697][ T5682] ? do_raw_spin_unlock+0x13b/0x8b0 [ 161.007910][ T5682] ? lockdep_hardirqs_on+0x98/0x140 [ 161.013128][ T5682] ? __fdget_pos+0x265/0x2f0 [ 161.017759][ T5682] ksys_write+0x1a0/0x2c0 [ 161.022110][ T5682] ? __ia32_sys_read+0x90/0x90 [ 161.026893][ T5682] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 161.032894][ T5682] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 161.038897][ T5682] do_syscall_64+0x41/0xc0 [ 161.043325][ T5682] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.049232][ T5682] RIP: 0033:0x7fd49ce20129 [ 161.053667][ T5682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.073282][ T5682] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.081712][ T5682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 161.089695][ T5682] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 161.097672][ T5682] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 161.105676][ T5682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 161.113678][ T5682] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001c [ 161.121694][ T5682] [ 161.127420][ T5682] memory: usage 8kB, limit 0kB, failcnt 55 [ 161.133294][ T5682] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 161.144343][ T5682] Memory cgroup stats for /syz1: [ 161.144529][ T5682] anon 0 [ 161.144529][ T5682] file 0 [pid 5073] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./31/file0") = 0 [pid 5073] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./31/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./31") = 0 [pid 5073] mkdir("./32", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5686 attached [pid 5686] chdir("./32" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 34 [pid 5686] <... chdir resumed>) = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5686] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5686] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] mkdir("./file0", 000) = 0 [pid 5686] open("./file0", O_RDONLY) = 3 [ 161.144529][ T5682] kernel 8192 [ 161.144529][ T5682] kernel_stack 0 [ 161.144529][ T5682] pagetables 0 [ 161.144529][ T5682] sec_pagetables 0 [ 161.144529][ T5682] percpu 0 [ 161.144529][ T5682] sock 0 [ 161.144529][ T5682] vmalloc 0 [ 161.144529][ T5682] shmem 0 [ 161.144529][ T5682] zswap 0 [ 161.144529][ T5682] zswapped 0 [ 161.144529][ T5682] file_mapped 0 [ 161.144529][ T5682] file_dirty 0 [ 161.144529][ T5682] file_writeback 0 [ 161.144529][ T5682] swapcached 0 [ 161.144529][ T5682] anon_thp 0 [ 161.144529][ T5682] file_thp 0 [pid 5686] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5686] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5686] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5686] openat(5, "memory.max", O_RDWR) = 6 [ 161.144529][ T5682] shmem_thp 0 [ 161.144529][ T5682] inactive_anon 0 [ 161.144529][ T5682] active_anon 0 [ 161.144529][ T5682] inactive_file 0 [ 161.144529][ T5682] active_file 0 [ 161.144529][ T5682] unevictable 0 [ 161.144529][ T5682] slab_reclaimable 6752 [ 161.144529][ T5682] slab_unreclaimable 0 [ 161.144529][ T5682] slab 6752 [ 161.144529][ T5682] workingset_refault_anon 0 [ 161.250409][ T5682] Tasks state (memory values in pages): [pid 5686] write(6, "0x000000000000040e", 18 [pid 5682] <... write resumed>) = 18 [pid 5682] close(3) = 0 [ 161.256399][ T5682] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 161.266575][ T5682] Out of memory and no killable processes... [ 161.272637][ T5683] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 161.284938][ T5683] CPU: 1 PID: 5683 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 161.295423][ T5683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5682] close(4) = 0 [pid 5682] close(5) = 0 [pid 5682] close(6) = 0 [pid 5682] close(7) = -1 EBADF (Bad file descriptor) [pid 5682] close(8) = -1 EBADF (Bad file descriptor) [pid 5682] close(9) = -1 EBADF (Bad file descriptor) [pid 5682] close(10) = -1 EBADF (Bad file descriptor) [pid 5682] close(11) = -1 EBADF (Bad file descriptor) [pid 5682] close(12) = -1 EBADF (Bad file descriptor) [pid 5682] close(13) = -1 EBADF (Bad file descriptor) [pid 5682] close(14) = -1 EBADF (Bad file descriptor) [pid 5682] close(15) = -1 EBADF (Bad file descriptor) [pid 5682] close(16) = -1 EBADF (Bad file descriptor) [pid 5682] close(17) = -1 EBADF (Bad file descriptor) [pid 5682] close(18) = -1 EBADF (Bad file descriptor) [pid 5682] close(19) = -1 EBADF (Bad file descriptor) [pid 5682] close(20) = -1 EBADF (Bad file descriptor) [pid 5682] close(21) = -1 EBADF (Bad file descriptor) [pid 5682] close(22) = -1 EBADF (Bad file descriptor) [pid 5682] close(23) = -1 EBADF (Bad file descriptor) [pid 5682] close(24) = -1 EBADF (Bad file descriptor) [pid 5682] close(25) = -1 EBADF (Bad file descriptor) [pid 5682] close(26) = -1 EBADF (Bad file descriptor) [pid 5682] close(27) = -1 EBADF (Bad file descriptor) [pid 5682] close(28) = -1 EBADF (Bad file descriptor) [pid 5682] close(29) = -1 EBADF (Bad file descriptor) [pid 5682] exit_group(0) = ? [pid 5682] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5070] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 161.305530][ T5683] Call Trace: [ 161.308861][ T5683] [ 161.311834][ T5683] dump_stack_lvl+0x1e7/0x2d0 [ 161.316578][ T5683] ? nf_tcp_handle_invalid+0x640/0x640 [ 161.322085][ T5683] ? panic+0x770/0x770 [ 161.326215][ T5683] dump_header+0xdc/0x940 [ 161.330620][ T5683] out_of_memory+0xf21/0x12c0 [ 161.335365][ T5683] ? mutex_lock_io_nested+0x60/0x60 [ 161.340631][ T5683] ? preempt_schedule+0xdd/0xf0 [ 161.345541][ T5683] ? unregister_oom_notifier+0x20/0x20 [ 161.351066][ T5683] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5070] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./28/binderfs") = 0 [pid 5070] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./28/cgroup") = 0 [pid 5070] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 161.357113][ T5683] mem_cgroup_out_of_memory+0x263/0x3b0 [ 161.362688][ T5683] ? preempt_schedule_thunk+0x1a/0x20 [ 161.368092][ T5683] ? mem_cgroup_oom_trylock+0x210/0x210 [ 161.373668][ T5683] ? cgroup_file_notify+0x127/0x190 [ 161.378895][ T5683] memory_max_write+0x355/0x470 [ 161.383770][ T5683] ? memory_max_show+0xa0/0xa0 [ 161.388550][ T5683] ? read_lock_is_recursive+0x20/0x20 [ 161.393945][ T5683] ? memory_max_show+0xa0/0xa0 [ 161.398725][ T5683] cgroup_file_write+0x2b1/0x780 [ 161.403684][ T5683] ? cgroup_seqfile_stop+0xd0/0xd0 [ 161.408805][ T5683] ? __virt_addr_valid+0x22f/0x2e0 [ 161.413956][ T5683] ? cgroup_seqfile_stop+0xd0/0xd0 [ 161.419169][ T5683] kernfs_fop_write_iter+0x3a6/0x4f0 [ 161.424491][ T5683] vfs_write+0x7b2/0xbb0 [ 161.428776][ T5683] ? file_end_write+0x240/0x240 [ 161.433712][ T5683] ? do_raw_spin_unlock+0x13b/0x8b0 [ 161.439034][ T5683] ? lockdep_hardirqs_on+0x98/0x140 [ 161.444279][ T5683] ? __fdget_pos+0x265/0x2f0 [ 161.448900][ T5683] ksys_write+0x1a0/0x2c0 [ 161.453261][ T5683] ? __ia32_sys_read+0x90/0x90 [ 161.458043][ T5683] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 161.464051][ T5683] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 161.470056][ T5683] do_syscall_64+0x41/0xc0 [ 161.474491][ T5683] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.480405][ T5683] RIP: 0033:0x7fd49ce20129 [ 161.484829][ T5683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.504444][ T5683] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.512872][ T5683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 161.520855][ T5683] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 161.528838][ T5683] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 161.536818][ T5683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 161.544802][ T5683] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000024 [ 161.552799][ T5683] [pid 5070] unlink("./28/cgroup.net") = 0 [pid 5070] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 161.562224][ T5683] memory: usage 8kB, limit 0kB, failcnt 55 [ 161.577203][ T5683] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 161.584919][ T5683] Memory cgroup stats for /syz1: [ 161.585073][ T5683] anon 0 [ 161.585073][ T5683] file 0 [ 161.585073][ T5683] kernel 8192 [ 161.585073][ T5683] kernel_stack 0 [ 161.585073][ T5683] pagetables 0 [ 161.585073][ T5683] sec_pagetables 0 [ 161.585073][ T5683] percpu 0 [pid 5070] rmdir("./28/file0") = 0 [pid 5070] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./28/cgroup.cpu") = 0 [ 161.585073][ T5683] sock 0 [ 161.585073][ T5683] vmalloc 0 [ 161.585073][ T5683] shmem 0 [ 161.585073][ T5683] zswap 0 [ 161.585073][ T5683] zswapped 0 [ 161.585073][ T5683] file_mapped 0 [ 161.585073][ T5683] file_dirty 0 [ 161.585073][ T5683] file_writeback 0 [ 161.585073][ T5683] swapcached 0 [ 161.585073][ T5683] anon_thp 0 [ 161.585073][ T5683] file_thp 0 [ 161.585073][ T5683] shmem_thp 0 [ 161.585073][ T5683] inactive_anon 0 [ 161.585073][ T5683] active_anon 0 [ 161.585073][ T5683] inactive_file 0 [ 161.585073][ T5683] active_file 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./28") = 0 [pid 5070] mkdir("./29", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 31 ./strace-static-x86_64: Process 5687 attached [pid 5687] chdir("./29") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [ 161.585073][ T5683] unevictable 0 [ 161.585073][ T5683] slab_reclaimable 6752 [ 161.585073][ T5683] slab_unreclaimable 0 [ 161.585073][ T5683] slab 6752 [ 161.585073][ T5683] workingset_refault_anon 0 [ 161.691417][ T5683] Tasks state (memory values in pages): [ 161.697451][ T5683] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5687] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5687] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5687] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3 [pid 5683] <... write resumed>) = 18 [pid 5687] <... close resumed>) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] mkdir("./file0", 000) = 0 [pid 5687] open("./file0", O_RDONLY) = 3 [pid 5687] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5687] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5687] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5687] openat(5, "memory.max", O_RDWR) = 6 [ 161.707352][ T5683] Out of memory and no killable processes... [ 161.713923][ T5684] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 161.725485][ T5684] CPU: 1 PID: 5684 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 161.735957][ T5684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 161.746146][ T5684] Call Trace: [ 161.749463][ T5684] [ 161.752427][ T5684] dump_stack_lvl+0x1e7/0x2d0 [ 161.757159][ T5684] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5687] write(6, "0x000000000000040e", 18 [pid 5683] close(3) = 0 [ 161.762779][ T5684] ? panic+0x770/0x770 [ 161.766913][ T5684] dump_header+0xdc/0x940 [ 161.771314][ T5684] out_of_memory+0xf21/0x12c0 [ 161.776064][ T5684] ? mutex_lock_io_nested+0x60/0x60 [ 161.781346][ T5684] ? mark_lock+0x9a/0x340 [ 161.785720][ T5684] ? unregister_oom_notifier+0x20/0x20 [ 161.791230][ T5684] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 161.797298][ T5684] mem_cgroup_out_of_memory+0x263/0x3b0 [ 161.802903][ T5684] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5683] close(4) = 0 [pid 5683] close(5) = 0 [pid 5683] close(6) = 0 [pid 5683] close(7) = -1 EBADF (Bad file descriptor) [pid 5683] close(8) = -1 EBADF (Bad file descriptor) [pid 5683] close(9) = -1 EBADF (Bad file descriptor) [pid 5683] close(10) = -1 EBADF (Bad file descriptor) [pid 5683] close(11) = -1 EBADF (Bad file descriptor) [pid 5683] close(12) = -1 EBADF (Bad file descriptor) [pid 5683] close(13) = -1 EBADF (Bad file descriptor) [ 161.808592][ T5684] ? cgroup_file_notify+0x127/0x190 [ 161.813821][ T5684] memory_max_write+0x355/0x470 [ 161.818719][ T5684] ? memory_max_show+0xa0/0xa0 [ 161.823501][ T5684] ? read_lock_is_recursive+0x20/0x20 [ 161.828899][ T5684] ? memory_max_show+0xa0/0xa0 [ 161.833680][ T5684] cgroup_file_write+0x2b1/0x780 [ 161.838655][ T5684] ? cgroup_seqfile_stop+0xd0/0xd0 [ 161.843813][ T5684] ? __virt_addr_valid+0x22f/0x2e0 [ 161.848970][ T5684] ? cgroup_seqfile_stop+0xd0/0xd0 [ 161.854117][ T5684] kernfs_fop_write_iter+0x3a6/0x4f0 [ 161.859434][ T5684] vfs_write+0x7b2/0xbb0 [ 161.863701][ T5684] ? file_end_write+0x240/0x240 [ 161.868590][ T5684] ? do_raw_spin_unlock+0x13b/0x8b0 [ 161.873803][ T5684] ? lockdep_hardirqs_on+0x98/0x140 [ 161.879026][ T5684] ? __fdget_pos+0x265/0x2f0 [ 161.883633][ T5684] ksys_write+0x1a0/0x2c0 [ 161.887988][ T5684] ? __ia32_sys_read+0x90/0x90 [ 161.892767][ T5684] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 161.898774][ T5684] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 161.904774][ T5684] do_syscall_64+0x41/0xc0 [ 161.909208][ T5684] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.915124][ T5684] RIP: 0033:0x7fd49ce20129 [ 161.919565][ T5684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.939179][ T5684] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.947609][ T5684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 161.955589][ T5684] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5683] close(14) = -1 EBADF (Bad file descriptor) [pid 5683] close(15) = -1 EBADF (Bad file descriptor) [pid 5683] close(16) = -1 EBADF (Bad file descriptor) [pid 5683] close(17) = -1 EBADF (Bad file descriptor) [pid 5683] close(18) = -1 EBADF (Bad file descriptor) [pid 5683] close(19) = -1 EBADF (Bad file descriptor) [pid 5683] close(20) = -1 EBADF (Bad file descriptor) [ 161.963569][ T5684] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 161.971563][ T5684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 161.979570][ T5684] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001d [ 161.987583][ T5684] [ 161.993613][ T5684] memory: usage 8kB, limit 0kB, failcnt 55 [ 161.999606][ T5684] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 162.007382][ T5684] Memory cgroup stats for /syz1: [pid 5683] close(21) = -1 EBADF (Bad file descriptor) [pid 5683] close(22) = -1 EBADF (Bad file descriptor) [pid 5683] close(23) = -1 EBADF (Bad file descriptor) [pid 5683] close(24) = -1 EBADF (Bad file descriptor) [pid 5683] close(25) = -1 EBADF (Bad file descriptor) [pid 5683] close(26) = -1 EBADF (Bad file descriptor) [pid 5683] close(27) = -1 EBADF (Bad file descriptor) [pid 5683] close(28) = -1 EBADF (Bad file descriptor) [pid 5683] close(29) = -1 EBADF (Bad file descriptor) [pid 5683] exit_group(0) = ? [pid 5683] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./36/binderfs") = 0 [pid 5074] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./36/cgroup") = 0 [pid 5074] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./36/cgroup.net") = 0 [ 162.008029][ T5684] anon 0 [ 162.008029][ T5684] file 0 [ 162.008029][ T5684] kernel 8192 [ 162.008029][ T5684] kernel_stack 0 [ 162.008029][ T5684] pagetables 0 [ 162.008029][ T5684] sec_pagetables 0 [ 162.008029][ T5684] percpu 0 [ 162.008029][ T5684] sock 0 [ 162.008029][ T5684] vmalloc 0 [ 162.008029][ T5684] shmem 0 [ 162.008029][ T5684] zswap 0 [ 162.008029][ T5684] zswapped 0 [ 162.008029][ T5684] file_mapped 0 [ 162.008029][ T5684] file_dirty 0 [ 162.008029][ T5684] file_writeback 0 [ 162.008029][ T5684] swapcached 0 [pid 5074] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 162.008029][ T5684] anon_thp 0 [ 162.008029][ T5684] file_thp 0 [ 162.008029][ T5684] shmem_thp 0 [ 162.008029][ T5684] inactive_anon 0 [ 162.008029][ T5684] active_anon 0 [ 162.008029][ T5684] inactive_file 0 [ 162.008029][ T5684] active_file 0 [ 162.008029][ T5684] unevictable 0 [ 162.008029][ T5684] slab_reclaimable 6752 [ 162.008029][ T5684] slab_unreclaimable 0 [ 162.008029][ T5684] slab 6752 [ 162.008029][ T5684] workingset_refault_anon 0 [pid 5074] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./36/file0") = 0 [pid 5074] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5684] <... write resumed>) = 18 [pid 5074] unlink("./36/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./36") = 0 [pid 5074] mkdir("./37", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 39 [ 162.112294][ T5684] Tasks state (memory values in pages): [ 162.118236][ T5684] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 162.128252][ T5684] Out of memory and no killable processes... [ 162.134332][ T5685] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 162.145157][ T5685] CPU: 0 PID: 5685 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5684] close(3) = 0 [pid 5684] close(4) = 0 [pid 5684] close(5) = 0 [pid 5684] close(6) = 0 [pid 5684] close(7) = -1 EBADF (Bad file descriptor) [pid 5684] close(8) = -1 EBADF (Bad file descriptor) [pid 5684] close(9) = -1 EBADF (Bad file descriptor) [pid 5684] close(10) = -1 EBADF (Bad file descriptor) [pid 5684] close(11) = -1 EBADF (Bad file descriptor) [pid 5684] close(12) = -1 EBADF (Bad file descriptor) [pid 5684] close(13) = -1 EBADF (Bad file descriptor) [pid 5684] close(14) = -1 EBADF (Bad file descriptor) [pid 5684] close(15) = -1 EBADF (Bad file descriptor) [pid 5684] close(16) = -1 EBADF (Bad file descriptor) [pid 5684] close(17) = -1 EBADF (Bad file descriptor) [pid 5684] close(18) = -1 EBADF (Bad file descriptor) [pid 5684] close(19) = -1 EBADF (Bad file descriptor) [pid 5684] close(20) = -1 EBADF (Bad file descriptor) [pid 5684] close(21) = -1 EBADF (Bad file descriptor) [pid 5684] close(22) = -1 EBADF (Bad file descriptor) [pid 5684] close(23) = -1 EBADF (Bad file descriptor) [pid 5684] close(24) = -1 EBADF (Bad file descriptor) [pid 5684] close(25) = -1 EBADF (Bad file descriptor) [ 162.155637][ T5685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 162.165741][ T5685] Call Trace: [ 162.169063][ T5685] [ 162.172037][ T5685] dump_stack_lvl+0x1e7/0x2d0 [ 162.176774][ T5685] ? nf_tcp_handle_invalid+0x640/0x640 [ 162.182289][ T5685] ? panic+0x770/0x770 [ 162.186429][ T5685] dump_header+0xdc/0x940 [ 162.190814][ T5685] out_of_memory+0xf21/0x12c0 [ 162.195569][ T5685] ? mutex_lock_io_nested+0x60/0x60 [ 162.200839][ T5685] ? preempt_schedule+0xdd/0xf0 [ 162.205743][ T5685] ? unregister_oom_notifier+0x20/0x20 [pid 5684] close(26) = -1 EBADF (Bad file descriptor) [pid 5684] close(27) = -1 EBADF (Bad file descriptor) [pid 5684] close(28) = -1 EBADF (Bad file descriptor) [pid 5684] close(29) = -1 EBADF (Bad file descriptor) [pid 5684] exit_group(0) = ? [pid 5684] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./29/binderfs") = 0 [pid 5072] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 162.211256][ T5685] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 162.217311][ T5685] mem_cgroup_out_of_memory+0x263/0x3b0 [ 162.222922][ T5685] ? preempt_schedule_thunk+0x1a/0x20 [ 162.228362][ T5685] ? mem_cgroup_oom_trylock+0x210/0x210 [ 162.233991][ T5685] ? cgroup_file_notify+0x127/0x190 [ 162.239256][ T5685] memory_max_write+0x355/0x470 [ 162.244177][ T5685] ? memory_max_show+0xa0/0xa0 [ 162.249003][ T5685] ? read_lock_is_recursive+0x20/0x20 [ 162.254434][ T5685] ? memory_max_show+0xa0/0xa0 [ 162.259247][ T5685] cgroup_file_write+0x2b1/0x780 [pid 5072] unlink("./29/cgroup") = 0 [pid 5072] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./29/cgroup.net") = 0 [ 162.264240][ T5685] ? cgroup_seqfile_stop+0xd0/0xd0 [ 162.269405][ T5685] ? __virt_addr_valid+0x22f/0x2e0 [ 162.274598][ T5685] ? cgroup_seqfile_stop+0xd0/0xd0 [ 162.279726][ T5685] kernfs_fop_write_iter+0x3a6/0x4f0 [ 162.285058][ T5685] vfs_write+0x7b2/0xbb0 [ 162.289349][ T5685] ? file_end_write+0x240/0x240 [ 162.294302][ T5685] ? do_raw_spin_unlock+0x13b/0x8b0 [ 162.299531][ T5685] ? lockdep_hardirqs_on+0x98/0x140 [ 162.304783][ T5685] ? __fdget_pos+0x265/0x2f0 [ 162.309426][ T5685] ksys_write+0x1a0/0x2c0 [ 162.313809][ T5685] ? __ia32_sys_read+0x90/0x90 [ 162.318608][ T5685] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 162.324648][ T5685] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 162.330667][ T5685] do_syscall_64+0x41/0xc0 [ 162.335095][ T5685] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.341016][ T5685] RIP: 0033:0x7fd49ce20129 [ 162.345455][ T5685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.365074][ T5685] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.373517][ T5685] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 162.381534][ T5685] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 162.389536][ T5685] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 162.397622][ T5685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 162.405632][ T5685] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000023 [pid 5072] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5688 attached ) = 0 [pid 5072] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5688] chdir("./37" [pid 5072] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, [pid 5688] <... chdir resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./29/file0") = 0 [pid 5072] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./29/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 162.415139][ T5685] [ 162.427151][ T5685] memory: usage 8kB, limit 0kB, failcnt 55 [ 162.433459][ T5685] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 162.440804][ T5685] Memory cgroup stats for /syz1: [ 162.441037][ T5685] anon 0 [ 162.441037][ T5685] file 0 [ 162.441037][ T5685] kernel 8192 [ 162.441037][ T5685] kernel_stack 0 [ 162.441037][ T5685] pagetables 0 [ 162.441037][ T5685] sec_pagetables 0 [pid 5072] rmdir("./29") = 0 [pid 5072] mkdir("./30", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5689 attached [pid 5689] chdir("./30" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 32 [pid 5689] <... chdir resumed>) = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5689] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5689] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] mkdir("./file0", 000) = 0 [pid 5689] open("./file0", O_RDONLY) = 3 [pid 5689] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5689] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 162.441037][ T5685] percpu 0 [ 162.441037][ T5685] sock 0 [ 162.441037][ T5685] vmalloc 0 [ 162.441037][ T5685] shmem 0 [ 162.441037][ T5685] zswap 0 [ 162.441037][ T5685] zswapped 0 [ 162.441037][ T5685] file_mapped 0 [ 162.441037][ T5685] file_dirty 0 [ 162.441037][ T5685] file_writeback 0 [ 162.441037][ T5685] swapcached 0 [ 162.441037][ T5685] anon_thp 0 [ 162.441037][ T5685] file_thp 0 [ 162.441037][ T5685] shmem_thp 0 [ 162.441037][ T5685] inactive_anon 0 [ 162.441037][ T5685] active_anon 0 [ 162.441037][ T5685] inactive_file 0 [pid 5689] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5689] openat(5, "memory.max", O_RDWR) = 6 [pid 5689] write(6, "0x000000000000040e", 18 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 [pid 5688] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 162.441037][ T5685] active_file 0 [ 162.441037][ T5685] unevictable 0 [ 162.441037][ T5685] slab_reclaimable 6752 [ 162.441037][ T5685] slab_unreclaimable 0 [ 162.441037][ T5685] slab 6752 [ 162.441037][ T5685] workingset_refault_anon 0 [ 162.549195][ T5685] Tasks state (memory values in pages): [ 162.555464][ T5685] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5688] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5685] <... write resumed>) = 18 [pid 5688] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5685] close(3 [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5685] <... close resumed>) = 0 [pid 5688] write(3, "1000", 4) = 4 [pid 5685] close(4 [pid 5688] close(3) = 0 [pid 5685] <... close resumed>) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5685] close(5 [pid 5688] mkdir("./file0", 000) = 0 [pid 5685] <... close resumed>) = 0 [pid 5688] open("./file0", O_RDONLY) = 3 [pid 5685] close(6 [pid 5688] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5685] <... close resumed>) = 0 [ 162.573088][ T5685] Out of memory and no killable processes... [ 162.579492][ T5686] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 162.590775][ T5686] CPU: 1 PID: 5686 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 162.601236][ T5686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 162.611355][ T5686] Call Trace: [ 162.614658][ T5686] [ 162.617615][ T5686] dump_stack_lvl+0x1e7/0x2d0 [pid 5688] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5685] close(7 [pid 5688] openat(4, "syz1", O_RDWR|O_PATH [pid 5685] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5688] <... openat resumed>) = 5 [pid 5685] close(8 [pid 5688] openat(5, "memory.max", O_RDWR [pid 5685] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5688] <... openat resumed>) = 6 [pid 5685] close(9 [pid 5688] write(6, "0x000000000000040e", 18 [pid 5685] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5685] close(10) = -1 EBADF (Bad file descriptor) [pid 5685] close(11) = -1 EBADF (Bad file descriptor) [pid 5685] close(12) = -1 EBADF (Bad file descriptor) [pid 5685] close(13) = -1 EBADF (Bad file descriptor) [pid 5685] close(14) = -1 EBADF (Bad file descriptor) [pid 5685] close(15) = -1 EBADF (Bad file descriptor) [pid 5685] close(16) = -1 EBADF (Bad file descriptor) [pid 5685] close(17) = -1 EBADF (Bad file descriptor) [pid 5685] close(18) = -1 EBADF (Bad file descriptor) [pid 5685] close(19) = -1 EBADF (Bad file descriptor) [pid 5685] close(20) = -1 EBADF (Bad file descriptor) [pid 5685] close(21) = -1 EBADF (Bad file descriptor) [pid 5685] close(22) = -1 EBADF (Bad file descriptor) [pid 5685] close(23) = -1 EBADF (Bad file descriptor) [pid 5685] close(24) = -1 EBADF (Bad file descriptor) [pid 5685] close(25) = -1 EBADF (Bad file descriptor) [pid 5685] close(26) = -1 EBADF (Bad file descriptor) [pid 5685] close(27) = -1 EBADF (Bad file descriptor) [pid 5685] close(28) = -1 EBADF (Bad file descriptor) [pid 5685] close(29) = -1 EBADF (Bad file descriptor) [pid 5685] exit_group(0) = ? [pid 5685] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5075] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./35/binderfs") = 0 [pid 5075] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./35/cgroup") = 0 [pid 5075] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./35/cgroup.net") = 0 [ 162.622341][ T5686] ? nf_tcp_handle_invalid+0x640/0x640 [ 162.627867][ T5686] ? panic+0x770/0x770 [ 162.631994][ T5686] dump_header+0xdc/0x940 [ 162.636381][ T5686] out_of_memory+0xf21/0x12c0 [ 162.641118][ T5686] ? mutex_lock_io_nested+0x60/0x60 [ 162.646376][ T5686] ? preempt_schedule+0xdd/0xf0 [ 162.651295][ T5686] ? unregister_oom_notifier+0x20/0x20 [ 162.656797][ T5686] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 162.662816][ T5686] mem_cgroup_out_of_memory+0x263/0x3b0 [ 162.668383][ T5686] ? preempt_schedule_thunk+0x1a/0x20 [ 162.673795][ T5686] ? mem_cgroup_oom_trylock+0x210/0x210 [ 162.679383][ T5686] ? cgroup_file_notify+0x127/0x190 [ 162.684624][ T5686] memory_max_write+0x355/0x470 [ 162.689509][ T5686] ? memory_max_show+0xa0/0xa0 [ 162.694297][ T5686] ? read_lock_is_recursive+0x20/0x20 [ 162.699685][ T5686] ? memory_max_show+0xa0/0xa0 [ 162.704547][ T5686] cgroup_file_write+0x2b1/0x780 [ 162.709538][ T5686] ? cgroup_seqfile_stop+0xd0/0xd0 [ 162.714675][ T5686] ? __virt_addr_valid+0x22f/0x2e0 [ 162.719843][ T5686] ? cgroup_seqfile_stop+0xd0/0xd0 [ 162.724976][ T5686] kernfs_fop_write_iter+0x3a6/0x4f0 [ 162.730289][ T5686] vfs_write+0x7b2/0xbb0 [ 162.734576][ T5686] ? file_end_write+0x240/0x240 [ 162.739459][ T5686] ? do_raw_spin_unlock+0x13b/0x8b0 [ 162.744691][ T5686] ? lockdep_hardirqs_on+0x98/0x140 [ 162.749940][ T5686] ? __fdget_pos+0x265/0x2f0 [ 162.754560][ T5686] ksys_write+0x1a0/0x2c0 [ 162.759003][ T5686] ? __ia32_sys_read+0x90/0x90 [ 162.763785][ T5686] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 162.769789][ T5686] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 162.775798][ T5686] do_syscall_64+0x41/0xc0 [ 162.780232][ T5686] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 162.786144][ T5686] RIP: 0033:0x7fd49ce20129 [ 162.790571][ T5686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.810211][ T5686] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5075] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./35/file0") = 0 [pid 5075] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./35/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./35") = 0 [pid 5075] mkdir("./36", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5690 attached [pid 5690] chdir("./36" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 38 [pid 5690] <... chdir resumed>) = 0 [pid 5690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5690] setpgid(0, 0) = 0 [pid 5690] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [ 162.818657][ T5686] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 162.826644][ T5686] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 162.834626][ T5686] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 162.842606][ T5686] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 162.850590][ T5686] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000020 [ 162.858592][ T5686] [pid 5690] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5690] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5690] write(3, "1000", 4) = 4 [pid 5690] close(3) = 0 [pid 5690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5690] mkdir("./file0", 000) = 0 [pid 5690] open("./file0", O_RDONLY) = 3 [pid 5690] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5690] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 162.881399][ T5686] memory: usage 8kB, limit 0kB, failcnt 55 [ 162.891443][ T5686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 162.904019][ T5686] Memory cgroup stats for /syz1: [ 162.904745][ T5686] anon 0 [ 162.904745][ T5686] file 0 [ 162.904745][ T5686] kernel 8192 [ 162.904745][ T5686] kernel_stack 0 [ 162.904745][ T5686] pagetables 0 [ 162.904745][ T5686] sec_pagetables 0 [ 162.904745][ T5686] percpu 0 [pid 5690] openat(5, "memory.max", O_RDWR) = 6 [ 162.904745][ T5686] sock 0 [ 162.904745][ T5686] vmalloc 0 [ 162.904745][ T5686] shmem 0 [ 162.904745][ T5686] zswap 0 [ 162.904745][ T5686] zswapped 0 [ 162.904745][ T5686] file_mapped 0 [ 162.904745][ T5686] file_dirty 0 [ 162.904745][ T5686] file_writeback 0 [ 162.904745][ T5686] swapcached 0 [ 162.904745][ T5686] anon_thp 0 [ 162.904745][ T5686] file_thp 0 [ 162.904745][ T5686] shmem_thp 0 [ 162.904745][ T5686] inactive_anon 0 [ 162.904745][ T5686] active_anon 0 [ 162.904745][ T5686] inactive_file 0 [ 162.904745][ T5686] active_file 0 [ 162.904745][ T5686] unevictable 0 [ 162.904745][ T5686] slab_reclaimable 6752 [ 162.904745][ T5686] slab_unreclaimable 0 [ 162.904745][ T5686] slab 6752 [ 162.904745][ T5686] workingset_refault_anon 0 [ 163.002864][ T5686] Tasks state (memory values in pages): [ 163.011416][ T5686] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 163.021857][ T5686] Out of memory and no killable processes... [pid 5690] write(6, "0x000000000000040e", 18 [pid 5686] <... write resumed>) = 18 [pid 5686] close(3) = 0 [pid 5686] close(4) = 0 [pid 5686] close(5) = 0 [pid 5686] close(6) = 0 [pid 5686] close(7) = -1 EBADF (Bad file descriptor) [pid 5686] close(8) = -1 EBADF (Bad file descriptor) [pid 5686] close(9) = -1 EBADF (Bad file descriptor) [pid 5686] close(10) = -1 EBADF (Bad file descriptor) [pid 5686] close(11) = -1 EBADF (Bad file descriptor) [pid 5686] close(12) = -1 EBADF (Bad file descriptor) [pid 5686] close(13) = -1 EBADF (Bad file descriptor) [pid 5686] close(14) = -1 EBADF (Bad file descriptor) [pid 5686] close(15) = -1 EBADF (Bad file descriptor) [pid 5686] close(16) = -1 EBADF (Bad file descriptor) [pid 5686] close(17) = -1 EBADF (Bad file descriptor) [pid 5686] close(18) = -1 EBADF (Bad file descriptor) [pid 5686] close(19) = -1 EBADF (Bad file descriptor) [pid 5686] close(20) = -1 EBADF (Bad file descriptor) [pid 5686] close(21) = -1 EBADF (Bad file descriptor) [pid 5686] close(22) = -1 EBADF (Bad file descriptor) [pid 5686] close(23) = -1 EBADF (Bad file descriptor) [pid 5686] close(24) = -1 EBADF (Bad file descriptor) [pid 5686] close(25) = -1 EBADF (Bad file descriptor) [pid 5686] close(26) = -1 EBADF (Bad file descriptor) [pid 5686] close(27) = -1 EBADF (Bad file descriptor) [pid 5686] close(28) = -1 EBADF (Bad file descriptor) [pid 5686] close(29) = -1 EBADF (Bad file descriptor) [pid 5686] exit_group(0) = ? [pid 5686] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5073] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./32/binderfs") = 0 [pid 5073] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./32/cgroup") = 0 [pid 5073] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./32/cgroup.net") = 0 [ 163.028880][ T5687] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 163.040388][ T5687] CPU: 0 PID: 5687 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 163.050850][ T5687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 163.060949][ T5687] Call Trace: [ 163.064283][ T5687] [ 163.067254][ T5687] dump_stack_lvl+0x1e7/0x2d0 [ 163.072012][ T5687] ? nf_tcp_handle_invalid+0x640/0x640 [ 163.077526][ T5687] ? panic+0x770/0x770 [ 163.081902][ T5687] dump_header+0xdc/0x940 [ 163.086268][ T5687] out_of_memory+0xf21/0x12c0 [ 163.091006][ T5687] ? mutex_lock_io_nested+0x60/0x60 [ 163.096265][ T5687] ? mark_lock+0x9a/0x340 [ 163.100640][ T5687] ? unregister_oom_notifier+0x20/0x20 [ 163.106138][ T5687] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 163.112179][ T5687] mem_cgroup_out_of_memory+0x263/0x3b0 [ 163.117783][ T5687] ? mem_cgroup_oom_trylock+0x210/0x210 [ 163.123380][ T5687] ? cgroup_file_notify+0x127/0x190 [ 163.128594][ T5687] memory_max_write+0x355/0x470 [ 163.133469][ T5687] ? memory_max_show+0xa0/0xa0 [ 163.138250][ T5687] ? read_lock_is_recursive+0x20/0x20 [ 163.143648][ T5687] ? memory_max_show+0xa0/0xa0 [ 163.148528][ T5687] cgroup_file_write+0x2b1/0x780 [ 163.153501][ T5687] ? cgroup_seqfile_stop+0xd0/0xd0 [ 163.158646][ T5687] ? __virt_addr_valid+0x22f/0x2e0 [ 163.163789][ T5687] ? cgroup_seqfile_stop+0xd0/0xd0 [ 163.168917][ T5687] kernfs_fop_write_iter+0x3a6/0x4f0 [ 163.174238][ T5687] vfs_write+0x7b2/0xbb0 [ 163.178596][ T5687] ? file_end_write+0x240/0x240 [ 163.183474][ T5687] ? do_raw_spin_unlock+0x13b/0x8b0 [ 163.188709][ T5687] ? lockdep_hardirqs_on+0x98/0x140 [ 163.193935][ T5687] ? __fdget_pos+0x265/0x2f0 [ 163.198554][ T5687] ksys_write+0x1a0/0x2c0 [ 163.202994][ T5687] ? __ia32_sys_read+0x90/0x90 [ 163.207789][ T5687] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 163.213798][ T5687] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 163.219806][ T5687] do_syscall_64+0x41/0xc0 [ 163.224245][ T5687] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.230164][ T5687] RIP: 0033:0x7fd49ce20129 [ 163.234679][ T5687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.254567][ T5687] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 163.263041][ T5687] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 163.271029][ T5687] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 163.279009][ T5687] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 163.286997][ T5687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 163.294980][ T5687] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001d [ 163.302995][ T5687] [ 163.315482][ T5687] memory: usage 8kB, limit 0kB, failcnt 55 [ 163.321431][ T5687] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5073] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./32/file0") = 0 [pid 5073] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./32/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./32") = 0 [pid 5073] mkdir("./33", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 35 ./strace-static-x86_64: Process 5691 attached [ 163.329070][ T5687] Memory cgroup stats for /syz1: [ 163.329272][ T5687] anon 0 [ 163.329272][ T5687] file 0 [ 163.329272][ T5687] kernel 8192 [ 163.329272][ T5687] kernel_stack 0 [ 163.329272][ T5687] pagetables 0 [ 163.329272][ T5687] sec_pagetables 0 [ 163.329272][ T5687] percpu 0 [ 163.329272][ T5687] sock 0 [ 163.329272][ T5687] vmalloc 0 [ 163.329272][ T5687] shmem 0 [ 163.329272][ T5687] zswap 0 [ 163.329272][ T5687] zswapped 0 [ 163.329272][ T5687] file_mapped 0 [ 163.329272][ T5687] file_dirty 0 [ 163.329272][ T5687] file_writeback 0 [ 163.329272][ T5687] swapcached 0 [pid 5691] chdir("./33") = 0 [pid 5691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5691] setpgid(0, 0) = 0 [pid 5691] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5691] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5691] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5691] write(3, "1000", 4) = 4 [pid 5691] close(3) = 0 [pid 5691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5691] mkdir("./file0", 000) = 0 [pid 5691] open("./file0", O_RDONLY) = 3 [pid 5691] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5691] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5691] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 163.329272][ T5687] anon_thp 0 [ 163.329272][ T5687] file_thp 0 [ 163.329272][ T5687] shmem_thp 0 [ 163.329272][ T5687] inactive_anon 0 [ 163.329272][ T5687] active_anon 0 [ 163.329272][ T5687] inactive_file 0 [ 163.329272][ T5687] active_file 0 [ 163.329272][ T5687] unevictable 0 [ 163.329272][ T5687] slab_reclaimable 6752 [ 163.329272][ T5687] slab_unreclaimable 0 [ 163.329272][ T5687] slab 6752 [ 163.329272][ T5687] workingset_refault_anon 0 [pid 5691] openat(5, "memory.max", O_RDWR) = 6 [pid 5691] write(6, "0x000000000000040e", 18 [pid 5687] <... write resumed>) = 18 [pid 5687] close(3) = 0 [pid 5687] close(4) = 0 [pid 5687] close(5) = 0 [pid 5687] close(6) = 0 [pid 5687] close(7) = -1 EBADF (Bad file descriptor) [pid 5687] close(8) = -1 EBADF (Bad file descriptor) [pid 5687] close(9) = -1 EBADF (Bad file descriptor) [pid 5687] close(10) = -1 EBADF (Bad file descriptor) [pid 5687] close(11) = -1 EBADF (Bad file descriptor) [pid 5687] close(12) = -1 EBADF (Bad file descriptor) [pid 5687] close(13) = -1 EBADF (Bad file descriptor) [pid 5687] close(14) = -1 EBADF (Bad file descriptor) [pid 5687] close(15) = -1 EBADF (Bad file descriptor) [pid 5687] close(16) = -1 EBADF (Bad file descriptor) [pid 5687] close(17) = -1 EBADF (Bad file descriptor) [pid 5687] close(18) = -1 EBADF (Bad file descriptor) [pid 5687] close(19) = -1 EBADF (Bad file descriptor) [pid 5687] close(20) = -1 EBADF (Bad file descriptor) [pid 5687] close(21) = -1 EBADF (Bad file descriptor) [pid 5687] close(22) = -1 EBADF (Bad file descriptor) [pid 5687] close(23) = -1 EBADF (Bad file descriptor) [pid 5687] close(24) = -1 EBADF (Bad file descriptor) [pid 5687] close(25) = -1 EBADF (Bad file descriptor) [pid 5687] close(26) = -1 EBADF (Bad file descriptor) [pid 5687] close(27) = -1 EBADF (Bad file descriptor) [pid 5687] close(28) = -1 EBADF (Bad file descriptor) [pid 5687] close(29) = -1 EBADF (Bad file descriptor) [pid 5687] exit_group(0) = ? [pid 5687] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 163.431559][ T5687] Tasks state (memory values in pages): [ 163.437662][ T5687] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 163.447354][ T5687] Out of memory and no killable processes... [ 163.453428][ T5689] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 163.468580][ T5689] CPU: 0 PID: 5689 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5070] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./29/binderfs") = 0 [pid 5070] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./29/cgroup") = 0 [pid 5070] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./29/cgroup.net") = 0 [ 163.479051][ T5689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 163.489150][ T5689] Call Trace: [ 163.492470][ T5689] [ 163.495473][ T5689] dump_stack_lvl+0x1e7/0x2d0 [ 163.500210][ T5689] ? nf_tcp_handle_invalid+0x640/0x640 [ 163.505714][ T5689] ? panic+0x770/0x770 [ 163.509811][ T5689] dump_header+0xdc/0x940 [ 163.514173][ T5689] out_of_memory+0xf21/0x12c0 [ 163.518903][ T5689] ? mutex_lock_io_nested+0x60/0x60 [ 163.524152][ T5689] ? preempt_schedule+0xdd/0xf0 [ 163.529035][ T5689] ? unregister_oom_notifier+0x20/0x20 [ 163.534540][ T5689] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 163.540580][ T5689] mem_cgroup_out_of_memory+0x263/0x3b0 [ 163.546170][ T5689] ? preempt_schedule_thunk+0x1a/0x20 [ 163.551598][ T5689] ? mem_cgroup_oom_trylock+0x210/0x210 [ 163.557196][ T5689] ? cgroup_file_notify+0x127/0x190 [ 163.562426][ T5689] memory_max_write+0x355/0x470 [ 163.567340][ T5689] ? memory_max_show+0xa0/0xa0 [ 163.572157][ T5689] ? read_lock_is_recursive+0x20/0x20 [ 163.577581][ T5689] ? memory_max_show+0xa0/0xa0 [ 163.582386][ T5689] cgroup_file_write+0x2b1/0x780 [ 163.587381][ T5689] ? cgroup_seqfile_stop+0xd0/0xd0 [ 163.592531][ T5689] ? __virt_addr_valid+0x22f/0x2e0 [ 163.597690][ T5689] ? cgroup_seqfile_stop+0xd0/0xd0 [ 163.602817][ T5689] kernfs_fop_write_iter+0x3a6/0x4f0 [ 163.608140][ T5689] vfs_write+0x7b2/0xbb0 [ 163.612406][ T5689] ? file_end_write+0x240/0x240 [ 163.617301][ T5689] ? do_raw_spin_unlock+0x13b/0x8b0 [ 163.622565][ T5689] ? lockdep_hardirqs_on+0x98/0x140 [ 163.627814][ T5689] ? __fdget_pos+0x265/0x2f0 [ 163.632457][ T5689] ksys_write+0x1a0/0x2c0 [ 163.636818][ T5689] ? __ia32_sys_read+0x90/0x90 [ 163.641609][ T5689] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 163.647632][ T5689] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 163.653634][ T5689] do_syscall_64+0x41/0xc0 [ 163.658067][ T5689] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.663987][ T5689] RIP: 0033:0x7fd49ce20129 [ 163.668452][ T5689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.688083][ T5689] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 163.696554][ T5689] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 163.704569][ T5689] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 163.712570][ T5689] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 163.720688][ T5689] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 163.728711][ T5689] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001e [ 163.736751][ T5689] [pid 5070] close(4) = 0 [pid 5070] rmdir("./29/file0") = 0 [pid 5070] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./29/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./29") = 0 [pid 5070] mkdir("./30", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5692 attached [pid 5692] chdir("./30" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 32 [pid 5692] <... chdir resumed>) = 0 [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5692] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5692] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] mkdir("./file0", 000) = 0 [pid 5692] open("./file0", O_RDONLY) = 3 [pid 5692] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5692] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 163.759148][ T5689] memory: usage 8kB, limit 0kB, failcnt 55 [ 163.775700][ T5689] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 163.784773][ T5689] Memory cgroup stats for /syz1: [ 163.785184][ T5689] anon 0 [ 163.785184][ T5689] file 0 [ 163.785184][ T5689] kernel 8192 [ 163.785184][ T5689] kernel_stack 0 [ 163.785184][ T5689] pagetables 0 [ 163.785184][ T5689] sec_pagetables 0 [pid 5692] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5692] openat(5, "memory.max", O_RDWR) = 6 [ 163.785184][ T5689] percpu 0 [ 163.785184][ T5689] sock 0 [ 163.785184][ T5689] vmalloc 0 [ 163.785184][ T5689] shmem 0 [ 163.785184][ T5689] zswap 0 [ 163.785184][ T5689] zswapped 0 [ 163.785184][ T5689] file_mapped 0 [ 163.785184][ T5689] file_dirty 0 [ 163.785184][ T5689] file_writeback 0 [ 163.785184][ T5689] swapcached 0 [ 163.785184][ T5689] anon_thp 0 [ 163.785184][ T5689] file_thp 0 [ 163.785184][ T5689] shmem_thp 0 [ 163.785184][ T5689] inactive_anon 0 [ 163.785184][ T5689] active_anon 0 [ 163.785184][ T5689] inactive_file 0 [ 163.785184][ T5689] active_file 0 [ 163.785184][ T5689] unevictable 0 [ 163.785184][ T5689] slab_reclaimable 6752 [ 163.785184][ T5689] slab_unreclaimable 0 [ 163.785184][ T5689] slab 6752 [ 163.785184][ T5689] workingset_refault_anon 0 [ 163.890382][ T5689] Tasks state (memory values in pages): [ 163.896059][ T5689] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5692] write(6, "0x000000000000040e", 18 [pid 5689] <... write resumed>) = 18 [ 163.912174][ T5689] Out of memory and no killable processes... [ 163.918382][ T5688] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 163.936018][ T5688] CPU: 0 PID: 5688 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 163.946498][ T5688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 163.956591][ T5688] Call Trace: [pid 5689] close(3) = 0 [pid 5689] close(4) = 0 [pid 5689] close(5) = 0 [pid 5689] close(6) = 0 [pid 5689] close(7) = -1 EBADF (Bad file descriptor) [pid 5689] close(8) = -1 EBADF (Bad file descriptor) [pid 5689] close(9) = -1 EBADF (Bad file descriptor) [pid 5689] close(10) = -1 EBADF (Bad file descriptor) [pid 5689] close(11) = -1 EBADF (Bad file descriptor) [pid 5689] close(12) = -1 EBADF (Bad file descriptor) [pid 5689] close(13) = -1 EBADF (Bad file descriptor) [pid 5689] close(14) = -1 EBADF (Bad file descriptor) [pid 5689] close(15) = -1 EBADF (Bad file descriptor) [pid 5689] close(16) = -1 EBADF (Bad file descriptor) [pid 5689] close(17) = -1 EBADF (Bad file descriptor) [pid 5689] close(18) = -1 EBADF (Bad file descriptor) [pid 5689] close(19) = -1 EBADF (Bad file descriptor) [pid 5689] close(20) = -1 EBADF (Bad file descriptor) [pid 5689] close(21) = -1 EBADF (Bad file descriptor) [pid 5689] close(22) = -1 EBADF (Bad file descriptor) [pid 5689] close(23) = -1 EBADF (Bad file descriptor) [pid 5689] close(24) = -1 EBADF (Bad file descriptor) [pid 5689] close(25) = -1 EBADF (Bad file descriptor) [pid 5689] close(26) = -1 EBADF (Bad file descriptor) [ 163.959904][ T5688] [ 163.962872][ T5688] dump_stack_lvl+0x1e7/0x2d0 [ 163.967603][ T5688] ? nf_tcp_handle_invalid+0x640/0x640 [ 163.973111][ T5688] ? panic+0x770/0x770 [ 163.977245][ T5688] dump_header+0xdc/0x940 [ 163.981657][ T5688] out_of_memory+0xf21/0x12c0 [ 163.986392][ T5688] ? mutex_lock_io_nested+0x60/0x60 [ 163.991650][ T5688] ? mark_lock+0x9a/0x340 [ 163.996025][ T5688] ? unregister_oom_notifier+0x20/0x20 [ 164.001540][ T5688] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5689] close(27) = -1 EBADF (Bad file descriptor) [pid 5689] close(28) = -1 EBADF (Bad file descriptor) [pid 5689] close(29) = -1 EBADF (Bad file descriptor) [pid 5689] exit_group(0) = ? [pid 5689] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5072] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./30/binderfs") = 0 [pid 5072] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./30/cgroup") = 0 [pid 5072] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./30/cgroup.net") = 0 [ 164.007593][ T5688] mem_cgroup_out_of_memory+0x263/0x3b0 [ 164.013209][ T5688] ? mem_cgroup_oom_trylock+0x210/0x210 [ 164.018830][ T5688] ? cgroup_file_notify+0x127/0x190 [ 164.024096][ T5688] memory_max_write+0x355/0x470 [ 164.029012][ T5688] ? memory_max_show+0xa0/0xa0 [ 164.033832][ T5688] ? read_lock_is_recursive+0x20/0x20 [ 164.039263][ T5688] ? memory_max_show+0xa0/0xa0 [ 164.044079][ T5688] cgroup_file_write+0x2b1/0x780 [ 164.049071][ T5688] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.054235][ T5688] ? __virt_addr_valid+0x22f/0x2e0 [ 164.059407][ T5688] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.064531][ T5688] kernfs_fop_write_iter+0x3a6/0x4f0 [ 164.069858][ T5688] vfs_write+0x7b2/0xbb0 [ 164.074146][ T5688] ? file_end_write+0x240/0x240 [ 164.079021][ T5688] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.084239][ T5688] ? lockdep_hardirqs_on+0x98/0x140 [ 164.089482][ T5688] ? __fdget_pos+0x265/0x2f0 [ 164.094110][ T5688] ksys_write+0x1a0/0x2c0 [ 164.098490][ T5688] ? __ia32_sys_read+0x90/0x90 [ 164.103314][ T5688] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 164.109380][ T5688] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 164.115405][ T5688] do_syscall_64+0x41/0xc0 [ 164.119844][ T5688] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.125761][ T5688] RIP: 0033:0x7fd49ce20129 [ 164.130210][ T5688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.149941][ T5688] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.158380][ T5688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 164.166374][ T5688] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 164.174355][ T5688] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 164.183519][ T5688] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 164.191600][ T5688] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000025 [ 164.199612][ T5688] [ 164.206686][ T5688] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5072] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./30/file0") = 0 [pid 5072] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./30/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./30") = 0 [pid 5072] mkdir("./31", 0777) = 0 [ 164.212571][ T5688] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 164.221645][ T5688] Memory cgroup stats for /syz1: [ 164.221851][ T5688] anon 0 [ 164.221851][ T5688] file 0 [ 164.221851][ T5688] kernel 8192 [ 164.221851][ T5688] kernel_stack 0 [ 164.221851][ T5688] pagetables 0 [ 164.221851][ T5688] sec_pagetables 0 [ 164.221851][ T5688] percpu 0 [ 164.221851][ T5688] sock 0 [ 164.221851][ T5688] vmalloc 0 [ 164.221851][ T5688] shmem 0 [ 164.221851][ T5688] zswap 0 [ 164.221851][ T5688] zswapped 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5693 attached [pid 5693] chdir("./31" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 33 [pid 5693] <... chdir resumed>) = 0 [pid 5693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5693] setpgid(0, 0) = 0 [pid 5693] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5693] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5693] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5693] write(3, "1000", 4) = 4 [pid 5693] close(3) = 0 [pid 5693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5693] mkdir("./file0", 000) = 0 [pid 5693] open("./file0", O_RDONLY) = 3 [pid 5693] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5693] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5693] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5693] openat(5, "memory.max", O_RDWR) = 6 [ 164.221851][ T5688] file_mapped 0 [ 164.221851][ T5688] file_dirty 0 [ 164.221851][ T5688] file_writeback 0 [ 164.221851][ T5688] swapcached 0 [ 164.221851][ T5688] anon_thp 0 [ 164.221851][ T5688] file_thp 0 [ 164.221851][ T5688] shmem_thp 0 [ 164.221851][ T5688] inactive_anon 0 [ 164.221851][ T5688] active_anon 0 [ 164.221851][ T5688] inactive_file 0 [ 164.221851][ T5688] active_file 0 [ 164.221851][ T5688] unevictable 0 [ 164.221851][ T5688] slab_reclaimable 6752 [ 164.221851][ T5688] slab_unreclaimable 0 [ 164.221851][ T5688] slab 6752 [pid 5693] write(6, "0x000000000000040e", 18 [pid 5688] <... write resumed>) = 18 [pid 5688] close(3) = 0 [pid 5688] close(4) = 0 [pid 5688] close(5) = 0 [pid 5688] close(6) = 0 [pid 5688] close(7) = -1 EBADF (Bad file descriptor) [ 164.221851][ T5688] workingset_refault_anon 0 [ 164.329386][ T5688] Tasks state (memory values in pages): [ 164.335006][ T5688] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 164.347134][ T5688] Out of memory and no killable processes... [ 164.353417][ T5690] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5688] close(8) = -1 EBADF (Bad file descriptor) [pid 5688] close(9) = -1 EBADF (Bad file descriptor) [pid 5688] close(10) = -1 EBADF (Bad file descriptor) [pid 5688] close(11) = -1 EBADF (Bad file descriptor) [pid 5688] close(12) = -1 EBADF (Bad file descriptor) [pid 5688] close(13) = -1 EBADF (Bad file descriptor) [pid 5688] close(14) = -1 EBADF (Bad file descriptor) [pid 5688] close(15) = -1 EBADF (Bad file descriptor) [pid 5688] close(16) = -1 EBADF (Bad file descriptor) [pid 5688] close(17) = -1 EBADF (Bad file descriptor) [pid 5688] close(18) = -1 EBADF (Bad file descriptor) [pid 5688] close(19) = -1 EBADF (Bad file descriptor) [pid 5688] close(20) = -1 EBADF (Bad file descriptor) [pid 5688] close(21) = -1 EBADF (Bad file descriptor) [pid 5688] close(22) = -1 EBADF (Bad file descriptor) [pid 5688] close(23) = -1 EBADF (Bad file descriptor) [pid 5688] close(24) = -1 EBADF (Bad file descriptor) [pid 5688] close(25) = -1 EBADF (Bad file descriptor) [pid 5688] close(26) = -1 EBADF (Bad file descriptor) [pid 5688] close(27) = -1 EBADF (Bad file descriptor) [pid 5688] close(28) = -1 EBADF (Bad file descriptor) [pid 5688] close(29) = -1 EBADF (Bad file descriptor) [pid 5688] exit_group(0) = ? [pid 5688] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 164.365337][ T5690] CPU: 0 PID: 5690 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 164.375808][ T5690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 164.386000][ T5690] Call Trace: [ 164.389326][ T5690] [ 164.392301][ T5690] dump_stack_lvl+0x1e7/0x2d0 [ 164.397037][ T5690] ? nf_tcp_handle_invalid+0x640/0x640 [ 164.402549][ T5690] ? panic+0x770/0x770 [ 164.406683][ T5690] dump_header+0xdc/0x940 [ 164.411071][ T5690] out_of_memory+0xf21/0x12c0 [pid 5074] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./37/binderfs") = 0 [pid 5074] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./37/cgroup") = 0 [pid 5074] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./37/cgroup.net") = 0 [ 164.415807][ T5690] ? mutex_lock_io_nested+0x60/0x60 [ 164.421070][ T5690] ? preempt_schedule+0xdd/0xf0 [ 164.425977][ T5690] ? unregister_oom_notifier+0x20/0x20 [ 164.431486][ T5690] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 164.437539][ T5690] mem_cgroup_out_of_memory+0x263/0x3b0 [ 164.443146][ T5690] ? preempt_schedule_thunk+0x1a/0x20 [ 164.448660][ T5690] ? mem_cgroup_oom_trylock+0x210/0x210 [ 164.454293][ T5690] ? cgroup_file_notify+0x127/0x190 [ 164.459530][ T5690] memory_max_write+0x355/0x470 [ 164.465355][ T5690] ? memory_max_show+0xa0/0xa0 [ 164.470169][ T5690] ? read_lock_is_recursive+0x20/0x20 [ 164.475578][ T5690] ? memory_max_show+0xa0/0xa0 [ 164.480377][ T5690] cgroup_file_write+0x2b1/0x780 [ 164.485367][ T5690] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.490506][ T5690] ? __virt_addr_valid+0x22f/0x2e0 [ 164.495642][ T5690] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.500779][ T5690] kernfs_fop_write_iter+0x3a6/0x4f0 [ 164.506110][ T5690] vfs_write+0x7b2/0xbb0 [ 164.510392][ T5690] ? file_end_write+0x240/0x240 [ 164.515256][ T5690] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.520482][ T5690] ? lockdep_hardirqs_on+0x98/0x140 [ 164.525721][ T5690] ? __fdget_pos+0x265/0x2f0 [ 164.530345][ T5690] ksys_write+0x1a0/0x2c0 [ 164.534734][ T5690] ? __ia32_sys_read+0x90/0x90 [ 164.539541][ T5690] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 164.545572][ T5690] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 164.551588][ T5690] do_syscall_64+0x41/0xc0 [ 164.556040][ T5690] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.561963][ T5690] RIP: 0033:0x7fd49ce20129 [ 164.566415][ T5690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.586069][ T5690] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.594511][ T5690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 164.602523][ T5690] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./37/file0") = 0 [pid 5074] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./37/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [ 164.610626][ T5690] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 164.618619][ T5690] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 164.626623][ T5690] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000024 [ 164.634658][ T5690] [ 164.653782][ T5690] memory: usage 8kB, limit 0kB, failcnt 55 [ 164.659803][ T5690] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5074] rmdir("./37") = 0 [pid 5074] mkdir("./38", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 40 ./strace-static-x86_64: Process 5694 attached [pid 5694] chdir("./38") = 0 [pid 5694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5694] setpgid(0, 0) = 0 [pid 5694] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5694] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5694] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5694] write(3, "1000", 4) = 4 [pid 5694] close(3) = 0 [pid 5694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5694] mkdir("./file0", 000) = 0 [pid 5694] open("./file0", O_RDONLY) = 3 [pid 5694] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5694] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5694] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5694] openat(5, "memory.max", O_RDWR) = 6 [ 164.673883][ T5690] Memory cgroup stats for /syz1: [ 164.674100][ T5690] anon 0 [ 164.674100][ T5690] file 0 [ 164.674100][ T5690] kernel 8192 [ 164.674100][ T5690] kernel_stack 0 [ 164.674100][ T5690] pagetables 0 [ 164.674100][ T5690] sec_pagetables 0 [ 164.674100][ T5690] percpu 0 [ 164.674100][ T5690] sock 0 [ 164.674100][ T5690] vmalloc 0 [ 164.674100][ T5690] shmem 0 [ 164.674100][ T5690] zswap 0 [ 164.674100][ T5690] zswapped 0 [ 164.674100][ T5690] file_mapped 0 [ 164.674100][ T5690] file_dirty 0 [ 164.674100][ T5690] file_writeback 0 [ 164.674100][ T5690] swapcached 0 [ 164.674100][ T5690] anon_thp 0 [ 164.674100][ T5690] file_thp 0 [ 164.674100][ T5690] shmem_thp 0 [ 164.674100][ T5690] inactive_anon 0 [ 164.674100][ T5690] active_anon 0 [ 164.674100][ T5690] inactive_file 0 [ 164.674100][ T5690] active_file 0 [ 164.674100][ T5690] unevictable 0 [ 164.674100][ T5690] slab_reclaimable 6752 [ 164.674100][ T5690] slab_unreclaimable 0 [ 164.674100][ T5690] slab 6752 [ 164.674100][ T5690] workingset_refault_anon 0 [pid 5694] write(6, "0x000000000000040e", 18 [pid 5690] <... write resumed>) = 18 [pid 5690] close(3) = 0 [pid 5690] close(4) = 0 [pid 5690] close(5) = 0 [pid 5690] close(6) = 0 [pid 5690] close(7) = -1 EBADF (Bad file descriptor) [pid 5690] close(8) = -1 EBADF (Bad file descriptor) [pid 5690] close(9) = -1 EBADF (Bad file descriptor) [pid 5690] close(10) = -1 EBADF (Bad file descriptor) [ 164.786811][ T5690] Tasks state (memory values in pages): [ 164.792665][ T5690] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 164.802687][ T5690] Out of memory and no killable processes... [ 164.809099][ T5691] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 164.820483][ T5691] CPU: 1 PID: 5691 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5690] close(11) = -1 EBADF (Bad file descriptor) [pid 5690] close(12) = -1 EBADF (Bad file descriptor) [pid 5690] close(13) = -1 EBADF (Bad file descriptor) [pid 5690] close(14) = -1 EBADF (Bad file descriptor) [pid 5690] close(15) = -1 EBADF (Bad file descriptor) [pid 5690] close(16) = -1 EBADF (Bad file descriptor) [pid 5690] close(17) = -1 EBADF (Bad file descriptor) [pid 5690] close(18) = -1 EBADF (Bad file descriptor) [pid 5690] close(19) = -1 EBADF (Bad file descriptor) [pid 5690] close(20) = -1 EBADF (Bad file descriptor) [pid 5690] close(21) = -1 EBADF (Bad file descriptor) [pid 5690] close(22) = -1 EBADF (Bad file descriptor) [pid 5690] close(23) = -1 EBADF (Bad file descriptor) [pid 5690] close(24) = -1 EBADF (Bad file descriptor) [pid 5690] close(25) = -1 EBADF (Bad file descriptor) [pid 5690] close(26) = -1 EBADF (Bad file descriptor) [pid 5690] close(27) = -1 EBADF (Bad file descriptor) [pid 5690] close(28) = -1 EBADF (Bad file descriptor) [pid 5690] close(29) = -1 EBADF (Bad file descriptor) [pid 5690] exit_group(0) = ? [pid 5690] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./36/binderfs") = 0 [pid 5075] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./36/cgroup") = 0 [pid 5075] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./36/cgroup.net") = 0 [ 164.830951][ T5691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 164.841054][ T5691] Call Trace: [ 164.844407][ T5691] [ 164.847387][ T5691] dump_stack_lvl+0x1e7/0x2d0 [ 164.852132][ T5691] ? nf_tcp_handle_invalid+0x640/0x640 [ 164.857645][ T5691] ? panic+0x770/0x770 [ 164.861775][ T5691] dump_header+0xdc/0x940 [ 164.866160][ T5691] out_of_memory+0xf21/0x12c0 [ 164.870910][ T5691] ? mutex_lock_io_nested+0x60/0x60 [ 164.876163][ T5691] ? mark_lock+0x9a/0x340 [ 164.880533][ T5691] ? unregister_oom_notifier+0x20/0x20 [ 164.886036][ T5691] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 164.892164][ T5691] mem_cgroup_out_of_memory+0x263/0x3b0 [ 164.897771][ T5691] ? mem_cgroup_oom_trylock+0x210/0x210 [ 164.903372][ T5691] ? cgroup_file_notify+0x127/0x190 [ 164.909687][ T5691] memory_max_write+0x355/0x470 [ 164.914581][ T5691] ? memory_max_show+0xa0/0xa0 [ 164.919399][ T5691] ? read_lock_is_recursive+0x20/0x20 [ 164.924808][ T5691] ? memory_max_show+0xa0/0xa0 [ 164.929598][ T5691] cgroup_file_write+0x2b1/0x780 [ 164.934570][ T5691] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.939694][ T5691] ? __virt_addr_valid+0x22f/0x2e0 [ 164.944832][ T5691] ? cgroup_seqfile_stop+0xd0/0xd0 [ 164.949966][ T5691] kernfs_fop_write_iter+0x3a6/0x4f0 [ 164.955276][ T5691] vfs_write+0x7b2/0xbb0 [ 164.959561][ T5691] ? file_end_write+0x240/0x240 [ 164.964427][ T5691] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.969638][ T5691] ? lockdep_hardirqs_on+0x98/0x140 [ 164.974861][ T5691] ? __fdget_pos+0x265/0x2f0 [ 164.979474][ T5691] ksys_write+0x1a0/0x2c0 [ 164.983822][ T5691] ? __ia32_sys_read+0x90/0x90 [ 164.988599][ T5691] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 164.994599][ T5691] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 165.000614][ T5691] do_syscall_64+0x41/0xc0 [ 165.005051][ T5691] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.010987][ T5691] RIP: 0033:0x7fd49ce20129 [ 165.015411][ T5691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.035031][ T5691] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 165.044182][ T5691] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 165.052355][ T5691] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 165.060341][ T5691] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 165.068320][ T5691] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 165.076297][ T5691] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000021 [ 165.084299][ T5691] [pid 5075] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 165.089958][ T5691] memory: usage 8kB, limit 0kB, failcnt 55 [ 165.095816][ T5691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 165.103818][ T5691] Memory cgroup stats for /syz1: [ 165.106177][ T5691] anon 0 [ 165.106177][ T5691] file 0 [ 165.106177][ T5691] kernel 8192 [ 165.106177][ T5691] kernel_stack 0 [ 165.106177][ T5691] pagetables 0 [ 165.106177][ T5691] sec_pagetables 0 [ 165.106177][ T5691] percpu 0 [ 165.106177][ T5691] sock 0 [ 165.106177][ T5691] vmalloc 0 [ 165.106177][ T5691] shmem 0 [ 165.106177][ T5691] zswap 0 [ 165.106177][ T5691] zswapped 0 [ 165.106177][ T5691] file_mapped 0 [ 165.106177][ T5691] file_dirty 0 [ 165.106177][ T5691] file_writeback 0 [ 165.106177][ T5691] swapcached 0 [ 165.106177][ T5691] anon_thp 0 [ 165.106177][ T5691] file_thp 0 [ 165.106177][ T5691] shmem_thp 0 [ 165.106177][ T5691] inactive_anon 0 [ 165.106177][ T5691] active_anon 0 [ 165.106177][ T5691] inactive_file 0 [ 165.106177][ T5691] active_file 0 [ 165.106177][ T5691] unevictable 0 [pid 5075] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./36/file0") = 0 [pid 5075] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./36/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./36") = 0 [pid 5075] mkdir("./37", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 39 ./strace-static-x86_64: Process 5695 attached [pid 5695] chdir("./37" [pid 5691] <... write resumed>) = 18 [pid 5695] <... chdir resumed>) = 0 [pid 5691] close(3 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5691] <... close resumed>) = 0 [pid 5695] <... prctl resumed>) = 0 [pid 5691] close(4 [pid 5695] setpgid(0, 0 [pid 5691] <... close resumed>) = 0 [pid 5695] <... setpgid resumed>) = 0 [pid 5691] close(5 [pid 5695] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5691] <... close resumed>) = 0 [pid 5695] <... symlink resumed>) = 0 [pid 5691] close(6 [pid 5695] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5691] <... close resumed>) = 0 [pid 5695] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5691] close(7 [pid 5695] <... symlink resumed>) = 0 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5691] close(8 [pid 5695] <... openat resumed>) = 3 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] write(3, "1000", 4 [pid 5691] close(9 [pid 5695] <... write resumed>) = 4 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] close(3 [pid 5691] close(10 [pid 5695] <... close resumed>) = 0 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] symlink("/dev/binderfs", "./binderfs" [pid 5691] close(11 [pid 5695] <... symlink resumed>) = 0 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] mkdir("./file0", 000 [pid 5691] close(12 [pid 5695] <... mkdir resumed>) = 0 [pid 5695] open("./file0", O_RDONLY [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] <... open resumed>) = 3 [pid 5691] close(13 [pid 5695] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] <... mount resumed>) = 0 [pid 5691] close(14 [pid 5695] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] <... openat resumed>) = 4 [pid 5691] close(15 [pid 5695] openat(4, "syz1", O_RDWR|O_PATH [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] <... openat resumed>) = 5 [ 165.106177][ T5691] slab_reclaimable 6752 [ 165.106177][ T5691] slab_unreclaimable 0 [ 165.106177][ T5691] slab 6752 [ 165.106177][ T5691] workingset_refault_anon 0 [ 165.205962][ T5691] Tasks state (memory values in pages): [ 165.212074][ T5691] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 165.222171][ T5691] Out of memory and no killable processes... [ 165.229684][ T5692] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5691] close(16 [pid 5695] openat(5, "memory.max", O_RDWR [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] <... openat resumed>) = 6 [pid 5691] close(17 [pid 5695] write(6, "0x000000000000040e", 18 [pid 5691] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 165.273837][ T5692] CPU: 0 PID: 5692 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 165.284333][ T5692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 165.294415][ T5692] Call Trace: [ 165.297720][ T5692] [ 165.300695][ T5692] dump_stack_lvl+0x1e7/0x2d0 [ 165.305425][ T5692] ? nf_tcp_handle_invalid+0x640/0x640 [ 165.310938][ T5692] ? panic+0x770/0x770 [ 165.315068][ T5692] dump_header+0xdc/0x940 [ 165.319449][ T5692] out_of_memory+0xf21/0x12c0 [ 165.324169][ T5692] ? mutex_lock_io_nested+0x60/0x60 [ 165.329420][ T5692] ? preempt_schedule+0xdd/0xf0 [ 165.334316][ T5692] ? unregister_oom_notifier+0x20/0x20 [ 165.339820][ T5692] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 165.345870][ T5692] mem_cgroup_out_of_memory+0x263/0x3b0 [ 165.351465][ T5692] ? preempt_schedule_thunk+0x1a/0x20 [ 165.356872][ T5692] ? mem_cgroup_oom_trylock+0x210/0x210 [ 165.362501][ T5692] ? cgroup_file_notify+0x127/0x190 [ 165.367763][ T5692] memory_max_write+0x355/0x470 [ 165.372674][ T5692] ? memory_max_show+0xa0/0xa0 [ 165.377489][ T5692] ? read_lock_is_recursive+0x20/0x20 [ 165.382920][ T5692] ? memory_max_show+0xa0/0xa0 [ 165.387729][ T5692] cgroup_file_write+0x2b1/0x780 [ 165.392718][ T5692] ? cgroup_seqfile_stop+0xd0/0xd0 [ 165.397866][ T5692] ? __virt_addr_valid+0x22f/0x2e0 [ 165.403045][ T5692] ? cgroup_seqfile_stop+0xd0/0xd0 [ 165.408182][ T5692] kernfs_fop_write_iter+0x3a6/0x4f0 [ 165.413499][ T5692] vfs_write+0x7b2/0xbb0 [ 165.417792][ T5692] ? file_end_write+0x240/0x240 [pid 5691] close(18) = -1 EBADF (Bad file descriptor) [pid 5691] close(19) = -1 EBADF (Bad file descriptor) [pid 5691] close(20) = -1 EBADF (Bad file descriptor) [pid 5691] close(21) = -1 EBADF (Bad file descriptor) [pid 5691] close(22) = -1 EBADF (Bad file descriptor) [pid 5691] close(23) = -1 EBADF (Bad file descriptor) [pid 5691] close(24) = -1 EBADF (Bad file descriptor) [pid 5691] close(25) = -1 EBADF (Bad file descriptor) [pid 5691] close(26) = -1 EBADF (Bad file descriptor) [pid 5691] close(27) = -1 EBADF (Bad file descriptor) [pid 5691] close(28) = -1 EBADF (Bad file descriptor) [pid 5691] close(29) = -1 EBADF (Bad file descriptor) [pid 5691] exit_group(0) = ? [pid 5691] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./33/binderfs") = 0 [pid 5073] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 165.422698][ T5692] ? do_raw_spin_unlock+0x13b/0x8b0 [ 165.427967][ T5692] ? lockdep_hardirqs_on+0x98/0x140 [ 165.433230][ T5692] ? __fdget_pos+0x265/0x2f0 [ 165.437873][ T5692] ksys_write+0x1a0/0x2c0 [ 165.442269][ T5692] ? __ia32_sys_read+0x90/0x90 [ 165.447084][ T5692] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 165.453131][ T5692] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 165.459175][ T5692] do_syscall_64+0x41/0xc0 [ 165.463655][ T5692] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.469611][ T5692] RIP: 0033:0x7fd49ce20129 [pid 5073] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./33/cgroup") = 0 [pid 5073] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./33/cgroup.net") = 0 [ 165.474075][ T5692] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.493717][ T5692] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 165.502160][ T5692] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 165.510171][ T5692] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./33/file0") = 0 [pid 5073] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 165.518182][ T5692] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 165.526168][ T5692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 165.534164][ T5692] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001e [ 165.542213][ T5692] [pid 5073] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./33/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./33") = 0 [pid 5073] mkdir("./34", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5696 attached [pid 5696] chdir("./34" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 36 [pid 5696] <... chdir resumed>) = 0 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5696] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5696] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] mkdir("./file0", 000) = 0 [pid 5696] open("./file0", O_RDONLY) = 3 [ 165.566816][ T5692] memory: usage 8kB, limit 0kB, failcnt 55 [ 165.572706][ T5692] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 165.589182][ T5692] Memory cgroup stats for /syz1: [ 165.589443][ T5692] anon 0 [ 165.589443][ T5692] file 0 [ 165.589443][ T5692] kernel 8192 [ 165.589443][ T5692] kernel_stack 0 [ 165.589443][ T5692] pagetables 0 [ 165.589443][ T5692] sec_pagetables 0 [ 165.589443][ T5692] percpu 0 [pid 5696] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5696] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5696] openat(5, "memory.max", O_RDWR) = 6 [ 165.589443][ T5692] sock 0 [ 165.589443][ T5692] vmalloc 0 [ 165.589443][ T5692] shmem 0 [ 165.589443][ T5692] zswap 0 [ 165.589443][ T5692] zswapped 0 [ 165.589443][ T5692] file_mapped 0 [ 165.589443][ T5692] file_dirty 0 [ 165.589443][ T5692] file_writeback 0 [ 165.589443][ T5692] swapcached 0 [ 165.589443][ T5692] anon_thp 0 [ 165.589443][ T5692] file_thp 0 [ 165.589443][ T5692] shmem_thp 0 [ 165.589443][ T5692] inactive_anon 0 [ 165.589443][ T5692] active_anon 0 [ 165.589443][ T5692] inactive_file 0 [ 165.589443][ T5692] active_file 0 [ 165.589443][ T5692] unevictable 0 [ 165.589443][ T5692] slab_reclaimable 6752 [ 165.589443][ T5692] slab_unreclaimable 0 [ 165.589443][ T5692] slab 6752 [ 165.589443][ T5692] workingset_refault_anon 0 [ 165.699325][ T5692] Tasks state (memory values in pages): [ 165.704940][ T5692] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5696] write(6, "0x000000000000040e", 18 [pid 5692] <... write resumed>) = 18 [pid 5692] close(3) = 0 [pid 5692] close(4) = 0 [pid 5692] close(5) = 0 [pid 5692] close(6) = 0 [pid 5692] close(7) = -1 EBADF (Bad file descriptor) [pid 5692] close(8) = -1 EBADF (Bad file descriptor) [pid 5692] close(9) = -1 EBADF (Bad file descriptor) [pid 5692] close(10) = -1 EBADF (Bad file descriptor) [pid 5692] close(11) = -1 EBADF (Bad file descriptor) [pid 5692] close(12) = -1 EBADF (Bad file descriptor) [pid 5692] close(13) = -1 EBADF (Bad file descriptor) [pid 5692] close(14) = -1 EBADF (Bad file descriptor) [pid 5692] close(15) = -1 EBADF (Bad file descriptor) [pid 5692] close(16) = -1 EBADF (Bad file descriptor) [pid 5692] close(17) = -1 EBADF (Bad file descriptor) [pid 5692] close(18) = -1 EBADF (Bad file descriptor) [pid 5692] close(19) = -1 EBADF (Bad file descriptor) [pid 5692] close(20) = -1 EBADF (Bad file descriptor) [pid 5692] close(21) = -1 EBADF (Bad file descriptor) [pid 5692] close(22) = -1 EBADF (Bad file descriptor) [pid 5692] close(23) = -1 EBADF (Bad file descriptor) [pid 5692] close(24) = -1 EBADF (Bad file descriptor) [pid 5692] close(25) = -1 EBADF (Bad file descriptor) [pid 5692] close(26) = -1 EBADF (Bad file descriptor) [pid 5692] close(27) = -1 EBADF (Bad file descriptor) [pid 5692] close(28) = -1 EBADF (Bad file descriptor) [pid 5692] close(29) = -1 EBADF (Bad file descriptor) [pid 5692] exit_group(0) = ? [pid 5692] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 165.716652][ T5692] Out of memory and no killable processes... [ 165.723135][ T5693] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 165.739314][ T5693] CPU: 1 PID: 5693 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 165.749795][ T5693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 165.759893][ T5693] Call Trace: [ 165.763211][ T5693] [pid 5070] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./30/binderfs") = 0 [pid 5070] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./30/cgroup") = 0 [pid 5070] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./30/cgroup.net") = 0 [ 165.766216][ T5693] dump_stack_lvl+0x1e7/0x2d0 [ 165.770961][ T5693] ? nf_tcp_handle_invalid+0x640/0x640 [ 165.776472][ T5693] ? panic+0x770/0x770 [ 165.780607][ T5693] dump_header+0xdc/0x940 [ 165.785111][ T5693] out_of_memory+0xf21/0x12c0 [ 165.789857][ T5693] ? mutex_lock_io_nested+0x60/0x60 [ 165.795122][ T5693] ? preempt_schedule+0xdd/0xf0 [ 165.800033][ T5693] ? unregister_oom_notifier+0x20/0x20 [ 165.805546][ T5693] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 165.811604][ T5693] mem_cgroup_out_of_memory+0x263/0x3b0 [ 165.817207][ T5693] ? preempt_schedule_thunk+0x1a/0x20 [ 165.822637][ T5693] ? mem_cgroup_oom_trylock+0x210/0x210 [ 165.828258][ T5693] ? cgroup_file_notify+0x127/0x190 [ 165.833511][ T5693] memory_max_write+0x355/0x470 [ 165.838426][ T5693] ? memory_max_show+0xa0/0xa0 [ 165.843322][ T5693] ? read_lock_is_recursive+0x20/0x20 [ 165.848747][ T5693] ? memory_max_show+0xa0/0xa0 [ 165.853555][ T5693] cgroup_file_write+0x2b1/0x780 [ 165.858544][ T5693] ? cgroup_seqfile_stop+0xd0/0xd0 [ 165.863693][ T5693] ? __virt_addr_valid+0x22f/0x2e0 [ 165.868855][ T5693] ? cgroup_seqfile_stop+0xd0/0xd0 [ 165.874104][ T5693] kernfs_fop_write_iter+0x3a6/0x4f0 [ 165.879459][ T5693] vfs_write+0x7b2/0xbb0 [ 165.883769][ T5693] ? file_end_write+0x240/0x240 [ 165.888696][ T5693] ? do_raw_spin_unlock+0x13b/0x8b0 [ 165.893948][ T5693] ? lockdep_hardirqs_on+0x98/0x140 [ 165.899208][ T5693] ? __fdget_pos+0x265/0x2f0 [ 165.903853][ T5693] ksys_write+0x1a0/0x2c0 [ 165.908242][ T5693] ? __ia32_sys_read+0x90/0x90 [ 165.913053][ T5693] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 165.919095][ T5693] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 165.925151][ T5693] do_syscall_64+0x41/0xc0 [ 165.929660][ T5693] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.935667][ T5693] RIP: 0033:0x7fd49ce20129 [ 165.940131][ T5693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.959781][ T5693] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5070] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 165.968242][ T5693] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 165.976252][ T5693] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 165.984256][ T5693] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 165.992261][ T5693] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 166.000271][ T5693] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001f [ 166.008388][ T5693] [pid 5070] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./30/file0") = 0 [pid 5070] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./30/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./30") = 0 [pid 5070] mkdir("./31", 0777) = 0 [ 166.015714][ T5693] memory: usage 8kB, limit 0kB, failcnt 55 [ 166.021966][ T5693] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 166.029416][ T5693] Memory cgroup stats for /syz1: [ 166.029582][ T5693] anon 0 [ 166.029582][ T5693] file 0 [ 166.029582][ T5693] kernel 8192 [ 166.029582][ T5693] kernel_stack 0 [ 166.029582][ T5693] pagetables 0 [ 166.029582][ T5693] sec_pagetables 0 [ 166.029582][ T5693] percpu 0 [ 166.029582][ T5693] sock 0 [ 166.029582][ T5693] vmalloc 0 [ 166.029582][ T5693] shmem 0 [ 166.029582][ T5693] zswap 0 [ 166.029582][ T5693] zswapped 0 [ 166.029582][ T5693] file_mapped 0 [ 166.029582][ T5693] file_dirty 0 [ 166.029582][ T5693] file_writeback 0 [ 166.029582][ T5693] swapcached 0 [ 166.029582][ T5693] anon_thp 0 [ 166.029582][ T5693] file_thp 0 [ 166.029582][ T5693] shmem_thp 0 [ 166.029582][ T5693] inactive_anon 0 [ 166.029582][ T5693] active_anon 0 [ 166.029582][ T5693] inactive_file 0 [ 166.029582][ T5693] active_file 0 [ 166.029582][ T5693] unevictable 0 [ 166.029582][ T5693] slab_reclaimable 6752 [ 166.029582][ T5693] slab_unreclaimable 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 33 ./strace-static-x86_64: Process 5697 attached [pid 5697] chdir("./31") = 0 [pid 5697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5697] setpgid(0, 0) = 0 [pid 5697] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5697] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5697] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 166.029582][ T5693] slab 6752 [ 166.029582][ T5693] workingset_refault_anon 0 [ 166.131677][ T5693] Tasks state (memory values in pages): [ 166.138821][ T5693] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 166.149082][ T5693] Out of memory and no killable processes... [ 166.155446][ T5694] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5693] <... write resumed>) = 18 [pid 5697] <... openat resumed>) = 3 [pid 5697] write(3, "1000", 4) = 4 [pid 5697] close(3) = 0 [pid 5697] symlink("/dev/binderfs", "./binderfs" [pid 5693] close(3) = 0 [pid 5693] close(4) = 0 [pid 5693] close(5) = 0 [pid 5693] close(6) = 0 [pid 5693] close(7) = -1 EBADF (Bad file descriptor) [pid 5693] close(8) = -1 EBADF (Bad file descriptor) [pid 5693] close(9) = -1 EBADF (Bad file descriptor) [ 166.168529][ T5694] CPU: 1 PID: 5694 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 166.179002][ T5694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 166.189099][ T5694] Call Trace: [ 166.192416][ T5694] [ 166.195481][ T5694] dump_stack_lvl+0x1e7/0x2d0 [ 166.200214][ T5694] ? nf_tcp_handle_invalid+0x640/0x640 [ 166.205724][ T5694] ? panic+0x770/0x770 [ 166.209948][ T5694] dump_header+0xdc/0x940 [ 166.214340][ T5694] out_of_memory+0xf21/0x12c0 [pid 5693] close(10) = -1 EBADF (Bad file descriptor) [pid 5693] close(11) = -1 EBADF (Bad file descriptor) [pid 5693] close(12) = -1 EBADF (Bad file descriptor) [pid 5693] close(13) = -1 EBADF (Bad file descriptor) [pid 5693] close(14) = -1 EBADF (Bad file descriptor) [pid 5693] close(15) = -1 EBADF (Bad file descriptor) [pid 5693] close(16) = -1 EBADF (Bad file descriptor) [pid 5693] close(17) = -1 EBADF (Bad file descriptor) [pid 5693] close(18) = -1 EBADF (Bad file descriptor) [ 166.219078][ T5694] ? mutex_lock_io_nested+0x60/0x60 [ 166.224377][ T5694] ? mark_lock+0x9a/0x340 [ 166.230151][ T5694] ? unregister_oom_notifier+0x20/0x20 [ 166.235677][ T5694] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 166.241832][ T5694] mem_cgroup_out_of_memory+0x263/0x3b0 [ 166.247473][ T5694] ? mem_cgroup_oom_trylock+0x210/0x210 [ 166.253098][ T5694] ? cgroup_file_notify+0x127/0x190 [ 166.258358][ T5694] memory_max_write+0x355/0x470 [ 166.263269][ T5694] ? memory_max_show+0xa0/0xa0 [ 166.268781][ T5694] ? read_lock_is_recursive+0x20/0x20 [ 166.274221][ T5694] ? memory_max_show+0xa0/0xa0 [ 166.279033][ T5694] cgroup_file_write+0x2b1/0x780 [ 166.284019][ T5694] ? cgroup_seqfile_stop+0xd0/0xd0 [ 166.289172][ T5694] ? __virt_addr_valid+0x22f/0x2e0 [ 166.294342][ T5694] ? cgroup_seqfile_stop+0xd0/0xd0 [ 166.299492][ T5694] kernfs_fop_write_iter+0x3a6/0x4f0 [ 166.304835][ T5694] vfs_write+0x7b2/0xbb0 [ 166.309134][ T5694] ? file_end_write+0x240/0x240 [ 166.314028][ T5694] ? do_raw_spin_unlock+0x13b/0x8b0 [ 166.319261][ T5694] ? lockdep_hardirqs_on+0x98/0x140 [ 166.324515][ T5694] ? __fdget_pos+0x265/0x2f0 [ 166.329154][ T5694] ksys_write+0x1a0/0x2c0 [ 166.333537][ T5694] ? __ia32_sys_read+0x90/0x90 [ 166.338344][ T5694] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 166.344379][ T5694] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 166.350412][ T5694] do_syscall_64+0x41/0xc0 [ 166.354880][ T5694] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.360831][ T5694] RIP: 0033:0x7fd49ce20129 [ 166.365281][ T5694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.384932][ T5694] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.393400][ T5694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 166.401410][ T5694] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 166.409421][ T5694] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5693] close(19) = -1 EBADF (Bad file descriptor) [pid 5693] close(20) = -1 EBADF (Bad file descriptor) [pid 5693] close(21) = -1 EBADF (Bad file descriptor) [pid 5693] close(22) = -1 EBADF (Bad file descriptor) [pid 5693] close(23) = -1 EBADF (Bad file descriptor) [pid 5693] close(24) = -1 EBADF (Bad file descriptor) [pid 5693] close(25) = -1 EBADF (Bad file descriptor) [pid 5693] close(26) = -1 EBADF (Bad file descriptor) [pid 5693] close(27) = -1 EBADF (Bad file descriptor) [pid 5693] close(28) = -1 EBADF (Bad file descriptor) [pid 5693] close(29) = -1 EBADF (Bad file descriptor) [pid 5693] exit_group(0) = ? [pid 5693] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5072] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, [pid 5697] <... symlink resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5697] mkdir("./file0", 000 [pid 5072] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5697] <... mkdir resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5697] open("./file0", O_RDONLY [pid 5072] lstat("./31/binderfs", [pid 5697] <... open resumed>) = 3 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5697] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5072] unlink("./31/binderfs" [pid 5697] <... mount resumed>) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5697] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5072] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5697] <... openat resumed>) = 4 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5697] openat(4, "syz1", O_RDWR|O_PATH [pid 5072] lstat("./31/cgroup", [pid 5697] <... openat resumed>) = 5 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5697] openat(5, "memory.max", O_RDWR [pid 5072] unlink("./31/cgroup" [pid 5697] <... openat resumed>) = 6 [pid 5072] <... unlink resumed>) = 0 [pid 5697] write(6, "0x000000000000040e", 18 [pid 5072] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./31/cgroup.net") = 0 [pid 5072] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 166.417430][ T5694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 166.425873][ T5694] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000026 [ 166.433911][ T5694] [ 166.437995][ T5694] memory: usage 8kB, limit 0kB, failcnt 55 [ 166.445183][ T5694] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./31/file0") = 0 [pid 5072] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./31/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./31") = 0 [pid 5072] mkdir("./32", 0777) = 0 [ 166.486316][ T5694] Memory cgroup stats for /syz1: [ 166.486706][ T5694] anon 0 [ 166.486706][ T5694] file 0 [ 166.486706][ T5694] kernel 8192 [ 166.486706][ T5694] kernel_stack 0 [ 166.486706][ T5694] pagetables 0 [ 166.486706][ T5694] sec_pagetables 0 [ 166.486706][ T5694] percpu 0 [ 166.486706][ T5694] sock 0 [ 166.486706][ T5694] vmalloc 0 [ 166.486706][ T5694] shmem 0 [ 166.486706][ T5694] zswap 0 [ 166.486706][ T5694] zswapped 0 [ 166.486706][ T5694] file_mapped 0 [ 166.486706][ T5694] file_dirty 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 34 ./strace-static-x86_64: Process 5698 attached [pid 5698] chdir("./32") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5698] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5698] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] mkdir("./file0", 000) = 0 [pid 5698] open("./file0", O_RDONLY) = 3 [pid 5698] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5698] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5698] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 166.486706][ T5694] file_writeback 0 [ 166.486706][ T5694] swapcached 0 [ 166.486706][ T5694] anon_thp 0 [ 166.486706][ T5694] file_thp 0 [ 166.486706][ T5694] shmem_thp 0 [ 166.486706][ T5694] inactive_anon 0 [ 166.486706][ T5694] active_anon 0 [ 166.486706][ T5694] inactive_file 0 [ 166.486706][ T5694] active_file 0 [ 166.486706][ T5694] unevictable 0 [ 166.486706][ T5694] slab_reclaimable 6752 [ 166.486706][ T5694] slab_unreclaimable 0 [ 166.486706][ T5694] slab 6752 [ 166.486706][ T5694] workingset_refault_anon 0 [pid 5698] openat(5, "memory.max", O_RDWR) = 6 [pid 5698] write(6, "0x000000000000040e", 18 [pid 5694] <... write resumed>) = 18 [pid 5694] close(3) = 0 [pid 5694] close(4) = 0 [pid 5694] close(5) = 0 [pid 5694] close(6) = 0 [pid 5694] close(7) = -1 EBADF (Bad file descriptor) [pid 5694] close(8) = -1 EBADF (Bad file descriptor) [pid 5694] close(9) = -1 EBADF (Bad file descriptor) [pid 5694] close(10) = -1 EBADF (Bad file descriptor) [pid 5694] close(11) = -1 EBADF (Bad file descriptor) [pid 5694] close(12) = -1 EBADF (Bad file descriptor) [pid 5694] close(13) = -1 EBADF (Bad file descriptor) [pid 5694] close(14) = -1 EBADF (Bad file descriptor) [pid 5694] close(15) = -1 EBADF (Bad file descriptor) [pid 5694] close(16) = -1 EBADF (Bad file descriptor) [pid 5694] close(17) = -1 EBADF (Bad file descriptor) [pid 5694] close(18) = -1 EBADF (Bad file descriptor) [pid 5694] close(19) = -1 EBADF (Bad file descriptor) [pid 5694] close(20) = -1 EBADF (Bad file descriptor) [pid 5694] close(21) = -1 EBADF (Bad file descriptor) [pid 5694] close(22) = -1 EBADF (Bad file descriptor) [pid 5694] close(23) = -1 EBADF (Bad file descriptor) [pid 5694] close(24) = -1 EBADF (Bad file descriptor) [pid 5694] close(25) = -1 EBADF (Bad file descriptor) [pid 5694] close(26) = -1 EBADF (Bad file descriptor) [pid 5694] close(27) = -1 EBADF (Bad file descriptor) [pid 5694] close(28) = -1 EBADF (Bad file descriptor) [pid 5694] close(29) = -1 EBADF (Bad file descriptor) [pid 5694] exit_group(0) = ? [pid 5694] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.585058][ T5694] Tasks state (memory values in pages): [ 166.591042][ T5694] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 166.600628][ T5694] Out of memory and no killable processes... [ 166.607530][ T5695] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 166.622585][ T5695] CPU: 0 PID: 5695 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5074] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./38/binderfs") = 0 [pid 5074] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./38/cgroup") = 0 [pid 5074] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./38/cgroup.net") = 0 [ 166.633053][ T5695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 166.643152][ T5695] Call Trace: [ 166.646470][ T5695] [ 166.649440][ T5695] dump_stack_lvl+0x1e7/0x2d0 [ 166.654178][ T5695] ? nf_tcp_handle_invalid+0x640/0x640 [ 166.659692][ T5695] ? panic+0x770/0x770 [ 166.663785][ T5695] dump_header+0xdc/0x940 [ 166.668148][ T5695] out_of_memory+0xf21/0x12c0 [ 166.672866][ T5695] ? mutex_lock_io_nested+0x60/0x60 [ 166.678124][ T5695] ? mark_lock+0x9a/0x340 [ 166.682494][ T5695] ? unregister_oom_notifier+0x20/0x20 [ 166.687984][ T5695] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 166.693999][ T5695] mem_cgroup_out_of_memory+0x263/0x3b0 [ 166.699599][ T5695] ? mem_cgroup_oom_trylock+0x210/0x210 [ 166.705211][ T5695] ? cgroup_file_notify+0x127/0x190 [ 166.710443][ T5695] memory_max_write+0x355/0x470 [ 166.715345][ T5695] ? memory_max_show+0xa0/0xa0 [ 166.720141][ T5695] ? read_lock_is_recursive+0x20/0x20 [ 166.725532][ T5695] ? memory_max_show+0xa0/0xa0 [ 166.730312][ T5695] cgroup_file_write+0x2b1/0x780 [ 166.735273][ T5695] ? cgroup_seqfile_stop+0xd0/0xd0 [ 166.740393][ T5695] ? __virt_addr_valid+0x22f/0x2e0 [ 166.745534][ T5695] ? cgroup_seqfile_stop+0xd0/0xd0 [ 166.750653][ T5695] kernfs_fop_write_iter+0x3a6/0x4f0 [ 166.755960][ T5695] vfs_write+0x7b2/0xbb0 [ 166.760224][ T5695] ? file_end_write+0x240/0x240 [ 166.765100][ T5695] ? do_raw_spin_unlock+0x13b/0x8b0 [ 166.770314][ T5695] ? lockdep_hardirqs_on+0x98/0x140 [ 166.775533][ T5695] ? __fdget_pos+0x265/0x2f0 [ 166.780229][ T5695] ksys_write+0x1a0/0x2c0 [ 166.784598][ T5695] ? __ia32_sys_read+0x90/0x90 [ 166.789394][ T5695] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 166.795408][ T5695] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 166.801436][ T5695] do_syscall_64+0x41/0xc0 [ 166.805892][ T5695] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 166.811825][ T5695] RIP: 0033:0x7fd49ce20129 [ 166.816352][ T5695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.835983][ T5695] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.844422][ T5695] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 166.852417][ T5695] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 166.860408][ T5695] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 166.868387][ T5695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 166.876391][ T5695] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000025 [ 166.884412][ T5695] [pid 5074] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 166.893546][ T5695] memory: usage 8kB, limit 0kB, failcnt 55 [ 166.902252][ T5695] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 166.910939][ T5695] Memory cgroup stats for /syz1: [ 166.911139][ T5695] anon 0 [ 166.911139][ T5695] file 0 [ 166.911139][ T5695] kernel 8192 [ 166.911139][ T5695] kernel_stack 0 [ 166.911139][ T5695] pagetables 0 [ 166.911139][ T5695] sec_pagetables 0 [ 166.911139][ T5695] percpu 0 [ 166.911139][ T5695] sock 0 [ 166.911139][ T5695] vmalloc 0 [ 166.911139][ T5695] shmem 0 [ 166.911139][ T5695] zswap 0 [ 166.911139][ T5695] zswapped 0 [ 166.911139][ T5695] file_mapped 0 [ 166.911139][ T5695] file_dirty 0 [ 166.911139][ T5695] file_writeback 0 [ 166.911139][ T5695] swapcached 0 [ 166.911139][ T5695] anon_thp 0 [ 166.911139][ T5695] file_thp 0 [ 166.911139][ T5695] shmem_thp 0 [ 166.911139][ T5695] inactive_anon 0 [ 166.911139][ T5695] active_anon 0 [ 166.911139][ T5695] inactive_file 0 [ 166.911139][ T5695] active_file 0 [ 166.911139][ T5695] unevictable 0 [pid 5074] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./38/file0") = 0 [pid 5074] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./38/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./38") = 0 [pid 5074] mkdir("./39", 0777) = 0 [ 166.911139][ T5695] slab_reclaimable 6752 [ 166.911139][ T5695] slab_unreclaimable 0 [ 166.911139][ T5695] slab 6752 [ 166.911139][ T5695] workingset_refault_anon 0 [ 167.024834][ T5695] Tasks state (memory values in pages): [ 167.030737][ T5695] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5699 attached [pid 5699] chdir("./39" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 41 [pid 5699] <... chdir resumed>) = 0 [pid 5699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5699] setpgid(0, 0) = 0 [pid 5695] <... write resumed>) = 18 [pid 5695] close(3) = 0 [pid 5695] close(4) = 0 [pid 5695] close(5) = 0 [pid 5695] close(6) = 0 [pid 5695] close(7) = -1 EBADF (Bad file descriptor) [pid 5695] close(8) = -1 EBADF (Bad file descriptor) [pid 5695] close(9) = -1 EBADF (Bad file descriptor) [pid 5695] close(10) = -1 EBADF (Bad file descriptor) [pid 5695] close(11) = -1 EBADF (Bad file descriptor) [pid 5695] close(12) = -1 EBADF (Bad file descriptor) [pid 5695] close(13) = -1 EBADF (Bad file descriptor) [pid 5695] close(14) = -1 EBADF (Bad file descriptor) [pid 5695] close(15) = -1 EBADF (Bad file descriptor) [pid 5695] close(16) = -1 EBADF (Bad file descriptor) [pid 5695] close(17) = -1 EBADF (Bad file descriptor) [pid 5695] close(18) = -1 EBADF (Bad file descriptor) [pid 5695] close(19) = -1 EBADF (Bad file descriptor) [pid 5695] close(20 [pid 5699] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5695] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5695] close(21) = -1 EBADF (Bad file descriptor) [pid 5695] close(22) = -1 EBADF (Bad file descriptor) [pid 5695] close(23) = -1 EBADF (Bad file descriptor) [pid 5695] close(24) = -1 EBADF (Bad file descriptor) [pid 5695] close(25) = -1 EBADF (Bad file descriptor) [pid 5695] close(26) = -1 EBADF (Bad file descriptor) [pid 5695] close(27) = -1 EBADF (Bad file descriptor) [pid 5695] close(28) = -1 EBADF (Bad file descriptor) [pid 5695] close(29) = -1 EBADF (Bad file descriptor) [pid 5695] exit_group(0) = ? [pid 5695] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 167.045410][ T5695] Out of memory and no killable processes... [ 167.054517][ T5696] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 167.067292][ T5696] CPU: 1 PID: 5696 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 167.077759][ T5696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 167.087850][ T5696] Call Trace: [ 167.091164][ T5696] [pid 5075] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./37/binderfs") = 0 [pid 5075] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./37/cgroup") = 0 [pid 5075] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./37/cgroup.net") = 0 [ 167.094141][ T5696] dump_stack_lvl+0x1e7/0x2d0 [ 167.098874][ T5696] ? nf_tcp_handle_invalid+0x640/0x640 [ 167.104387][ T5696] ? panic+0x770/0x770 [ 167.108520][ T5696] dump_header+0xdc/0x940 [ 167.112899][ T5696] out_of_memory+0xf21/0x12c0 [ 167.117639][ T5696] ? mutex_lock_io_nested+0x60/0x60 [ 167.122900][ T5696] ? mark_lock+0x9a/0x340 [ 167.127280][ T5696] ? unregister_oom_notifier+0x20/0x20 [ 167.132782][ T5696] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 167.138825][ T5696] mem_cgroup_out_of_memory+0x263/0x3b0 [ 167.144431][ T5696] ? mem_cgroup_oom_trylock+0x210/0x210 [ 167.150052][ T5696] ? cgroup_file_notify+0x127/0x190 [ 167.155307][ T5696] memory_max_write+0x355/0x470 [ 167.160214][ T5696] ? memory_max_show+0xa0/0xa0 [ 167.165017][ T5696] ? read_lock_is_recursive+0x20/0x20 [ 167.170441][ T5696] ? memory_max_show+0xa0/0xa0 [ 167.175331][ T5696] cgroup_file_write+0x2b1/0x780 [ 167.180318][ T5696] ? cgroup_seqfile_stop+0xd0/0xd0 [ 167.185461][ T5696] ? __virt_addr_valid+0x22f/0x2e0 [ 167.190631][ T5696] ? cgroup_seqfile_stop+0xd0/0xd0 [ 167.195776][ T5696] kernfs_fop_write_iter+0x3a6/0x4f0 [ 167.201120][ T5696] vfs_write+0x7b2/0xbb0 [ 167.205418][ T5696] ? file_end_write+0x240/0x240 [ 167.210333][ T5696] ? do_raw_spin_unlock+0x13b/0x8b0 [ 167.215582][ T5696] ? lockdep_hardirqs_on+0x98/0x140 [ 167.220842][ T5696] ? __fdget_pos+0x265/0x2f0 [ 167.225475][ T5696] ksys_write+0x1a0/0x2c0 [ 167.229840][ T5696] ? __ia32_sys_read+0x90/0x90 [ 167.234648][ T5696] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 167.240687][ T5696] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 167.246722][ T5696] do_syscall_64+0x41/0xc0 [ 167.251185][ T5696] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 167.257137][ T5696] RIP: 0033:0x7fd49ce20129 [ 167.261585][ T5696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 167.281239][ T5696] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5075] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5699] <... symlink resumed>) = 0 [pid 5699] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5699] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5699] write(3, "1000", 4) = 4 [pid 5699] close(3) = 0 [pid 5699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5699] mkdir("./file0", 000) = 0 [pid 5699] open("./file0", O_RDONLY) = 3 [pid 5699] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5699] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5699] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5699] openat(5, "memory.max", O_RDWR) = 6 [pid 5699] write(6, "0x000000000000040e", 18 [pid 5075] <... umount2 resumed>) = 0 [pid 5075] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 167.289721][ T5696] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 167.297730][ T5696] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 167.305736][ T5696] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 167.313742][ T5696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 167.321746][ T5696] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000022 [ 167.329784][ T5696] [ 167.339604][ T5696] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5075] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 167.347599][ T5696] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 167.354795][ T5696] Memory cgroup stats for /syz1: [ 167.354999][ T5696] anon 0 [ 167.354999][ T5696] file 0 [ 167.354999][ T5696] kernel 8192 [ 167.354999][ T5696] kernel_stack 0 [ 167.354999][ T5696] pagetables 0 [ 167.354999][ T5696] sec_pagetables 0 [ 167.354999][ T5696] percpu 0 [ 167.354999][ T5696] sock 0 [ 167.354999][ T5696] vmalloc 0 [ 167.354999][ T5696] shmem 0 [ 167.354999][ T5696] zswap 0 [ 167.354999][ T5696] zswapped 0 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./37/file0") = 0 [pid 5075] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./37/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./37") = 0 [pid 5075] mkdir("./38", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 40 ./strace-static-x86_64: Process 5700 attached [pid 5700] chdir("./38") = 0 [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5700] setpgid(0, 0) = 0 [pid 5700] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5700] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5700] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5700] write(3, "1000", 4) = 4 [pid 5700] close(3) = 0 [ 167.354999][ T5696] file_mapped 0 [ 167.354999][ T5696] file_dirty 0 [ 167.354999][ T5696] file_writeback 0 [ 167.354999][ T5696] swapcached 0 [ 167.354999][ T5696] anon_thp 0 [ 167.354999][ T5696] file_thp 0 [ 167.354999][ T5696] shmem_thp 0 [ 167.354999][ T5696] inactive_anon 0 [ 167.354999][ T5696] active_anon 0 [ 167.354999][ T5696] inactive_file 0 [ 167.354999][ T5696] active_file 0 [ 167.354999][ T5696] unevictable 0 [ 167.354999][ T5696] slab_reclaimable 6752 [ 167.354999][ T5696] slab_unreclaimable 0 [ 167.354999][ T5696] slab 6752 [pid 5700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5700] mkdir("./file0", 000) = 0 [pid 5700] open("./file0", O_RDONLY) = 3 [pid 5700] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5700] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5700] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5700] openat(5, "memory.max", O_RDWR) = 6 [pid 5700] write(6, "0x000000000000040e", 18 [pid 5696] <... write resumed>) = 18 [pid 5696] close(3) = 0 [pid 5696] close(4) = 0 [pid 5696] close(5) = 0 [pid 5696] close(6) = 0 [pid 5696] close(7) = -1 EBADF (Bad file descriptor) [pid 5696] close(8) = -1 EBADF (Bad file descriptor) [pid 5696] close(9) = -1 EBADF (Bad file descriptor) [pid 5696] close(10) = -1 EBADF (Bad file descriptor) [pid 5696] close(11) = -1 EBADF (Bad file descriptor) [pid 5696] close(12) = -1 EBADF (Bad file descriptor) [pid 5696] close(13) = -1 EBADF (Bad file descriptor) [pid 5696] close(14) = -1 EBADF (Bad file descriptor) [pid 5696] close(15) = -1 EBADF (Bad file descriptor) [pid 5696] close(16) = -1 EBADF (Bad file descriptor) [pid 5696] close(17) = -1 EBADF (Bad file descriptor) [pid 5696] close(18) = -1 EBADF (Bad file descriptor) [pid 5696] close(19) = -1 EBADF (Bad file descriptor) [pid 5696] close(20) = -1 EBADF (Bad file descriptor) [ 167.354999][ T5696] workingset_refault_anon 0 [ 167.455704][ T5696] Tasks state (memory values in pages): [ 167.461589][ T5696] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 167.471178][ T5696] Out of memory and no killable processes... [ 167.477513][ T5697] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5696] close(21) = -1 EBADF (Bad file descriptor) [pid 5696] close(22) = -1 EBADF (Bad file descriptor) [pid 5696] close(23) = -1 EBADF (Bad file descriptor) [pid 5696] close(24) = -1 EBADF (Bad file descriptor) [pid 5696] close(25) = -1 EBADF (Bad file descriptor) [pid 5696] close(26) = -1 EBADF (Bad file descriptor) [pid 5696] close(27) = -1 EBADF (Bad file descriptor) [pid 5696] close(28) = -1 EBADF (Bad file descriptor) [pid 5696] close(29) = -1 EBADF (Bad file descriptor) [pid 5696] exit_group(0) = ? [pid 5696] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5073] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./34/binderfs") = 0 [pid 5073] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./34/cgroup") = 0 [pid 5073] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./34/cgroup.net") = 0 [ 167.489333][ T5697] CPU: 0 PID: 5697 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 167.499888][ T5697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 167.509985][ T5697] Call Trace: [ 167.513303][ T5697] [ 167.516270][ T5697] dump_stack_lvl+0x1e7/0x2d0 [ 167.520993][ T5697] ? nf_tcp_handle_invalid+0x640/0x640 [ 167.526483][ T5697] ? panic+0x770/0x770 [ 167.530627][ T5697] dump_header+0xdc/0x940 [ 167.534977][ T5697] out_of_memory+0xf21/0x12c0 [ 167.539675][ T5697] ? mutex_lock_io_nested+0x60/0x60 [ 167.544921][ T5697] ? mark_lock+0x9a/0x340 [ 167.549292][ T5697] ? unregister_oom_notifier+0x20/0x20 [ 167.554797][ T5697] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 167.560841][ T5697] mem_cgroup_out_of_memory+0x263/0x3b0 [ 167.566775][ T5697] ? mem_cgroup_oom_trylock+0x210/0x210 [ 167.572387][ T5697] ? cgroup_file_notify+0x127/0x190 [ 167.577643][ T5697] memory_max_write+0x355/0x470 [ 167.582558][ T5697] ? memory_max_show+0xa0/0xa0 [ 167.587377][ T5697] ? read_lock_is_recursive+0x20/0x20 [ 167.592803][ T5697] ? memory_max_show+0xa0/0xa0 [ 167.597616][ T5697] cgroup_file_write+0x2b1/0x780 [ 167.602606][ T5697] ? cgroup_seqfile_stop+0xd0/0xd0 [ 167.607829][ T5697] ? __virt_addr_valid+0x22f/0x2e0 [ 167.612971][ T5697] ? cgroup_seqfile_stop+0xd0/0xd0 [ 167.618092][ T5697] kernfs_fop_write_iter+0x3a6/0x4f0 [ 167.623411][ T5697] vfs_write+0x7b2/0xbb0 [ 167.627696][ T5697] ? file_end_write+0x240/0x240 [ 167.632567][ T5697] ? do_raw_spin_unlock+0x13b/0x8b0 [ 167.637780][ T5697] ? lockdep_hardirqs_on+0x98/0x140 [ 167.643003][ T5697] ? __fdget_pos+0x265/0x2f0 [ 167.647627][ T5697] ksys_write+0x1a0/0x2c0 [ 167.652016][ T5697] ? __ia32_sys_read+0x90/0x90 [ 167.656821][ T5697] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 167.662850][ T5697] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 167.668872][ T5697] do_syscall_64+0x41/0xc0 [ 167.673347][ T5697] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 167.679300][ T5697] RIP: 0033:0x7fd49ce20129 [ 167.683768][ T5697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 167.703424][ T5697] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.711978][ T5697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 167.719997][ T5697] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 167.727989][ T5697] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 167.735989][ T5697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./34/file0") = 0 [pid 5073] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./34/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [ 167.744008][ T5697] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000001f [ 167.752053][ T5697] [ 167.761159][ T5697] memory: usage 8kB, limit 0kB, failcnt 55 [ 167.767182][ T5697] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 167.774081][ T5697] Memory cgroup stats for /syz1: [ 167.774298][ T5697] anon 0 [ 167.774298][ T5697] file 0 [ 167.774298][ T5697] kernel 8192 [ 167.774298][ T5697] kernel_stack 0 [ 167.774298][ T5697] pagetables 0 [ 167.774298][ T5697] sec_pagetables 0 [pid 5073] rmdir("./34") = 0 [pid 5073] mkdir("./35", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 37 ./strace-static-x86_64: Process 5701 attached [pid 5701] chdir("./35") = 0 [pid 5701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5701] setpgid(0, 0) = 0 [pid 5701] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5701] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5701] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5701] write(3, "1000", 4) = 4 [pid 5701] close(3) = 0 [pid 5701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5701] mkdir("./file0", 000) = 0 [pid 5701] open("./file0", O_RDONLY) = 3 [ 167.774298][ T5697] percpu 0 [ 167.774298][ T5697] sock 0 [ 167.774298][ T5697] vmalloc 0 [ 167.774298][ T5697] shmem 0 [ 167.774298][ T5697] zswap 0 [ 167.774298][ T5697] zswapped 0 [ 167.774298][ T5697] file_mapped 0 [ 167.774298][ T5697] file_dirty 0 [ 167.774298][ T5697] file_writeback 0 [ 167.774298][ T5697] swapcached 0 [ 167.774298][ T5697] anon_thp 0 [ 167.774298][ T5697] file_thp 0 [ 167.774298][ T5697] shmem_thp 0 [ 167.774298][ T5697] inactive_anon 0 [ 167.774298][ T5697] active_anon 0 [ 167.774298][ T5697] inactive_file 0 [pid 5701] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5701] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5701] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5701] openat(5, "memory.max", O_RDWR) = 6 [ 167.774298][ T5697] active_file 0 [ 167.774298][ T5697] unevictable 0 [ 167.774298][ T5697] slab_reclaimable 6752 [ 167.774298][ T5697] slab_unreclaimable 0 [ 167.774298][ T5697] slab 6752 [ 167.774298][ T5697] workingset_refault_anon 0 [ 167.872379][ T5697] Tasks state (memory values in pages): [ 167.878263][ T5697] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 167.888105][ T5697] Out of memory and no killable processes... [pid 5701] write(6, "0x000000000000040e", 18 [pid 5697] <... write resumed>) = 18 [ 167.894227][ T5698] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 167.904764][ T5698] CPU: 0 PID: 5698 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 167.915226][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 167.925333][ T5698] Call Trace: [ 167.928638][ T5698] [ 167.931583][ T5698] dump_stack_lvl+0x1e7/0x2d0 [ 167.936289][ T5698] ? nf_tcp_handle_invalid+0x640/0x640 [ 167.941781][ T5698] ? panic+0x770/0x770 [ 167.945915][ T5698] dump_header+0xdc/0x940 [pid 5697] close(3) = 0 [pid 5697] close(4) = 0 [pid 5697] close(5) = 0 [pid 5697] close(6) = 0 [pid 5697] close(7) = -1 EBADF (Bad file descriptor) [pid 5697] close(8) = -1 EBADF (Bad file descriptor) [pid 5697] close(9) = -1 EBADF (Bad file descriptor) [pid 5697] close(10) = -1 EBADF (Bad file descriptor) [pid 5697] close(11) = -1 EBADF (Bad file descriptor) [pid 5697] close(12) = -1 EBADF (Bad file descriptor) [ 167.950278][ T5698] out_of_memory+0xf21/0x12c0 [ 167.955012][ T5698] ? mutex_lock_io_nested+0x60/0x60 [ 167.960266][ T5698] ? mark_lock+0x9a/0x340 [ 167.964636][ T5698] ? unregister_oom_notifier+0x20/0x20 [ 167.970147][ T5698] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 167.976175][ T5698] mem_cgroup_out_of_memory+0x263/0x3b0 [ 167.981758][ T5698] ? mem_cgroup_oom_trylock+0x210/0x210 [ 167.987381][ T5698] ? cgroup_file_notify+0x127/0x190 [ 167.992656][ T5698] memory_max_write+0x355/0x470 [pid 5697] close(13) = -1 EBADF (Bad file descriptor) [pid 5697] close(14) = -1 EBADF (Bad file descriptor) [pid 5697] close(15) = -1 EBADF (Bad file descriptor) [pid 5697] close(16) = -1 EBADF (Bad file descriptor) [pid 5697] close(17) = -1 EBADF (Bad file descriptor) [pid 5697] close(18) = -1 EBADF (Bad file descriptor) [pid 5697] close(19) = -1 EBADF (Bad file descriptor) [pid 5697] close(20) = -1 EBADF (Bad file descriptor) [pid 5697] close(21) = -1 EBADF (Bad file descriptor) [pid 5697] close(22) = -1 EBADF (Bad file descriptor) [pid 5697] close(23) = -1 EBADF (Bad file descriptor) [pid 5697] close(24) = -1 EBADF (Bad file descriptor) [pid 5697] close(25) = -1 EBADF (Bad file descriptor) [pid 5697] close(26) = -1 EBADF (Bad file descriptor) [pid 5697] close(27) = -1 EBADF (Bad file descriptor) [pid 5697] close(28) = -1 EBADF (Bad file descriptor) [pid 5697] close(29) = -1 EBADF (Bad file descriptor) [pid 5697] exit_group(0) = ? [pid 5697] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 167.997571][ T5698] ? memory_max_show+0xa0/0xa0 [ 168.002397][ T5698] ? read_lock_is_recursive+0x20/0x20 [ 168.007829][ T5698] ? memory_max_show+0xa0/0xa0 [ 168.012658][ T5698] cgroup_file_write+0x2b1/0x780 [ 168.017660][ T5698] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.022819][ T5698] ? __virt_addr_valid+0x22f/0x2e0 [ 168.028005][ T5698] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.033165][ T5698] kernfs_fop_write_iter+0x3a6/0x4f0 [ 168.038514][ T5698] vfs_write+0x7b2/0xbb0 [ 168.042815][ T5698] ? file_end_write+0x240/0x240 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./31/binderfs") = 0 [pid 5070] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./31/cgroup") = 0 [pid 5070] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./31/cgroup.net") = 0 [ 168.047716][ T5698] ? do_raw_spin_unlock+0x13b/0x8b0 [ 168.052966][ T5698] ? lockdep_hardirqs_on+0x98/0x140 [ 168.058226][ T5698] ? __fdget_pos+0x265/0x2f0 [ 168.062873][ T5698] ksys_write+0x1a0/0x2c0 [ 168.067260][ T5698] ? __ia32_sys_read+0x90/0x90 [ 168.072075][ T5698] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 168.078119][ T5698] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 168.084158][ T5698] do_syscall_64+0x41/0xc0 [ 168.088624][ T5698] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.094580][ T5698] RIP: 0033:0x7fd49ce20129 [ 168.099038][ T5698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.118867][ T5698] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.127334][ T5698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 168.136537][ T5698] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5070] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 168.144653][ T5698] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 168.152684][ T5698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 168.160876][ T5698] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000020 [ 168.168915][ T5698] [ 168.187514][ T5698] memory: usage 8kB, limit 0kB, failcnt 55 [ 168.193423][ T5698] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] rmdir("./31/file0") = 0 [pid 5070] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./31/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./31") = 0 [pid 5070] mkdir("./32", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5702 attached [pid 5702] chdir("./32" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 34 [pid 5702] <... chdir resumed>) = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5702] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5702] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] mkdir("./file0", 000) = 0 [pid 5702] open("./file0", O_RDONLY) = 3 [pid 5702] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 168.200489][ T5698] Memory cgroup stats for /syz1: [ 168.200839][ T5698] anon 0 [ 168.200839][ T5698] file 0 [ 168.200839][ T5698] kernel 8192 [ 168.200839][ T5698] kernel_stack 0 [ 168.200839][ T5698] pagetables 0 [ 168.200839][ T5698] sec_pagetables 0 [ 168.200839][ T5698] percpu 0 [ 168.200839][ T5698] sock 0 [ 168.200839][ T5698] vmalloc 0 [ 168.200839][ T5698] shmem 0 [ 168.200839][ T5698] zswap 0 [ 168.200839][ T5698] zswapped 0 [ 168.200839][ T5698] file_mapped 0 [ 168.200839][ T5698] file_dirty 0 [ 168.200839][ T5698] file_writeback 0 [pid 5702] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5702] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5702] openat(5, "memory.max", O_RDWR) = 6 [ 168.200839][ T5698] swapcached 0 [ 168.200839][ T5698] anon_thp 0 [ 168.200839][ T5698] file_thp 0 [ 168.200839][ T5698] shmem_thp 0 [ 168.200839][ T5698] inactive_anon 0 [ 168.200839][ T5698] active_anon 0 [ 168.200839][ T5698] inactive_file 0 [ 168.200839][ T5698] active_file 0 [ 168.200839][ T5698] unevictable 0 [ 168.200839][ T5698] slab_reclaimable 6752 [ 168.200839][ T5698] slab_unreclaimable 0 [ 168.200839][ T5698] slab 6752 [ 168.200839][ T5698] workingset_refault_anon 0 [pid 5702] write(6, "0x000000000000040e", 18 [pid 5698] <... write resumed>) = 18 [ 168.299300][ T5698] Tasks state (memory values in pages): [ 168.304949][ T5698] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 168.314646][ T5698] Out of memory and no killable processes... [ 168.322434][ T5699] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 168.333106][ T5699] CPU: 0 PID: 5699 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 168.343701][ T5699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 168.353808][ T5699] Call Trace: [ 168.357130][ T5699] [ 168.360113][ T5699] dump_stack_lvl+0x1e7/0x2d0 [ 168.364866][ T5699] ? nf_tcp_handle_invalid+0x640/0x640 [ 168.370370][ T5699] ? panic+0x770/0x770 [ 168.374484][ T5699] dump_header+0xdc/0x940 [ 168.378927][ T5699] out_of_memory+0xf21/0x12c0 [ 168.383625][ T5699] ? mutex_lock_io_nested+0x60/0x60 [ 168.388863][ T5699] ? preempt_schedule+0xdd/0xf0 [ 168.393765][ T5699] ? unregister_oom_notifier+0x20/0x20 [ 168.399290][ T5699] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 168.405349][ T5699] mem_cgroup_out_of_memory+0x263/0x3b0 [ 168.410940][ T5699] ? preempt_schedule_thunk+0x1a/0x20 [ 168.416386][ T5699] ? mem_cgroup_oom_trylock+0x210/0x210 [ 168.422016][ T5699] ? cgroup_file_notify+0x127/0x190 [ 168.427274][ T5699] memory_max_write+0x355/0x470 [ 168.433379][ T5699] ? memory_max_show+0xa0/0xa0 [ 168.438192][ T5699] ? read_lock_is_recursive+0x20/0x20 [ 168.443618][ T5699] ? memory_max_show+0xa0/0xa0 [ 168.448407][ T5699] cgroup_file_write+0x2b1/0x780 [ 168.453374][ T5699] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.458502][ T5699] ? __virt_addr_valid+0x22f/0x2e0 [ 168.463650][ T5699] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.468782][ T5699] kernfs_fop_write_iter+0x3a6/0x4f0 [ 168.474096][ T5699] vfs_write+0x7b2/0xbb0 [ 168.478371][ T5699] ? file_end_write+0x240/0x240 [ 168.483247][ T5699] ? do_raw_spin_unlock+0x13b/0x8b0 [ 168.488470][ T5699] ? lockdep_hardirqs_on+0x98/0x140 [ 168.493694][ T5699] ? __fdget_pos+0x265/0x2f0 [ 168.498309][ T5699] ksys_write+0x1a0/0x2c0 [ 168.502660][ T5699] ? __ia32_sys_read+0x90/0x90 [ 168.507442][ T5699] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 168.513632][ T5699] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 168.519655][ T5699] do_syscall_64+0x41/0xc0 [ 168.524100][ T5699] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.530019][ T5699] RIP: 0033:0x7fd49ce20129 [ 168.534448][ T5699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.554071][ T5699] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.562505][ T5699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 168.570509][ T5699] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 168.578492][ T5699] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 168.586580][ T5699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 168.594568][ T5699] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000027 [pid 5698] close(3) = 0 [pid 5698] close(4) = 0 [pid 5698] close(5) = 0 [pid 5698] close(6) = 0 [pid 5698] close(7) = -1 EBADF (Bad file descriptor) [pid 5698] close(8) = -1 EBADF (Bad file descriptor) [pid 5698] close(9) = -1 EBADF (Bad file descriptor) [pid 5698] close(10) = -1 EBADF (Bad file descriptor) [pid 5698] close(11) = -1 EBADF (Bad file descriptor) [pid 5698] close(12) = -1 EBADF (Bad file descriptor) [pid 5698] close(13) = -1 EBADF (Bad file descriptor) [pid 5698] close(14) = -1 EBADF (Bad file descriptor) [ 168.602573][ T5699] [pid 5698] close(15) = -1 EBADF (Bad file descriptor) [pid 5698] close(16) = -1 EBADF (Bad file descriptor) [pid 5698] close(17) = -1 EBADF (Bad file descriptor) [pid 5698] close(18) = -1 EBADF (Bad file descriptor) [pid 5698] close(19) = -1 EBADF (Bad file descriptor) [pid 5698] close(20) = -1 EBADF (Bad file descriptor) [pid 5698] close(21) = -1 EBADF (Bad file descriptor) [pid 5698] close(22) = -1 EBADF (Bad file descriptor) [pid 5698] close(23) = -1 EBADF (Bad file descriptor) [pid 5698] close(24) = -1 EBADF (Bad file descriptor) [pid 5698] close(25) = -1 EBADF (Bad file descriptor) [pid 5698] close(26) = -1 EBADF (Bad file descriptor) [pid 5698] close(27) = -1 EBADF (Bad file descriptor) [pid 5698] close(28) = -1 EBADF (Bad file descriptor) [pid 5698] close(29) = -1 EBADF (Bad file descriptor) [pid 5698] exit_group(0) = ? [pid 5698] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 168.631976][ T5699] memory: usage 8kB, limit 0kB, failcnt 55 [ 168.643759][ T5699] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 168.652744][ T5699] Memory cgroup stats for /syz1: [ 168.652954][ T5699] anon 0 [ 168.652954][ T5699] file 0 [ 168.652954][ T5699] kernel 8192 [ 168.652954][ T5699] kernel_stack 0 [ 168.652954][ T5699] pagetables 0 [ 168.652954][ T5699] sec_pagetables 0 [ 168.652954][ T5699] percpu 0 [ 168.652954][ T5699] sock 0 [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./32/binderfs") = 0 [pid 5072] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./32/cgroup") = 0 [pid 5072] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./32/cgroup.net") = 0 [ 168.652954][ T5699] vmalloc 0 [ 168.652954][ T5699] shmem 0 [ 168.652954][ T5699] zswap 0 [ 168.652954][ T5699] zswapped 0 [ 168.652954][ T5699] file_mapped 0 [ 168.652954][ T5699] file_dirty 0 [ 168.652954][ T5699] file_writeback 0 [ 168.652954][ T5699] swapcached 0 [ 168.652954][ T5699] anon_thp 0 [ 168.652954][ T5699] file_thp 0 [ 168.652954][ T5699] shmem_thp 0 [ 168.652954][ T5699] inactive_anon 0 [ 168.652954][ T5699] active_anon 0 [ 168.652954][ T5699] inactive_file 0 [ 168.652954][ T5699] active_file 0 [pid 5072] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./32/file0") = 0 [pid 5072] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./32/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./32") = 0 [pid 5072] mkdir("./33", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5703 attached [ 168.652954][ T5699] unevictable 0 [ 168.652954][ T5699] slab_reclaimable 6752 [ 168.652954][ T5699] slab_unreclaimable 0 [ 168.652954][ T5699] slab 6752 [ 168.652954][ T5699] workingset_refault_anon 0 [ 168.752603][ T5699] Tasks state (memory values in pages): [ 168.764079][ T5699] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 168.775182][ T5699] Out of memory and no killable processes... , child_tidptr=0x5555574ac5d0) = 35 [pid 5699] <... write resumed>) = 18 [pid 5699] close(3 [pid 5703] chdir("./33" [pid 5699] <... close resumed>) = 0 [pid 5699] close(4) = 0 [pid 5699] close(5) = 0 [pid 5699] close(6) = 0 [pid 5699] close(7) = -1 EBADF (Bad file descriptor) [pid 5699] close(8) = -1 EBADF (Bad file descriptor) [pid 5699] close(9) = -1 EBADF (Bad file descriptor) [pid 5699] close(10) = -1 EBADF (Bad file descriptor) [pid 5699] close(11) = -1 EBADF (Bad file descriptor) [pid 5699] close(12) = -1 EBADF (Bad file descriptor) [pid 5699] close(13) = -1 EBADF (Bad file descriptor) [pid 5699] close(14) = -1 EBADF (Bad file descriptor) [pid 5699] close(15) = -1 EBADF (Bad file descriptor) [pid 5699] close(16) = -1 EBADF (Bad file descriptor) [pid 5699] close(17) = -1 EBADF (Bad file descriptor) [pid 5699] close(18) = -1 EBADF (Bad file descriptor) [pid 5699] close(19) = -1 EBADF (Bad file descriptor) [pid 5699] close(20) = -1 EBADF (Bad file descriptor) [pid 5699] close(21) = -1 EBADF (Bad file descriptor) [ 168.788080][ T5700] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 168.799142][ T5700] CPU: 0 PID: 5700 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 168.809617][ T5700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 168.819722][ T5700] Call Trace: [ 168.823044][ T5700] [ 168.826018][ T5700] dump_stack_lvl+0x1e7/0x2d0 [ 168.830760][ T5700] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5699] close(22) = -1 EBADF (Bad file descriptor) [pid 5699] close(23) = -1 EBADF (Bad file descriptor) [pid 5699] close(24) = -1 EBADF (Bad file descriptor) [pid 5699] close(25) = -1 EBADF (Bad file descriptor) [pid 5699] close(26) = -1 EBADF (Bad file descriptor) [pid 5699] close(27) = -1 EBADF (Bad file descriptor) [pid 5699] close(28) = -1 EBADF (Bad file descriptor) [pid 5699] close(29) = -1 EBADF (Bad file descriptor) [pid 5699] exit_group(0) = ? [pid 5699] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./39/binderfs") = 0 [pid 5074] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 168.836278][ T5700] ? panic+0x770/0x770 [ 168.840422][ T5700] dump_header+0xdc/0x940 [ 168.844854][ T5700] out_of_memory+0xf21/0x12c0 [ 168.849604][ T5700] ? mutex_lock_io_nested+0x60/0x60 [ 168.854875][ T5700] ? preempt_schedule+0xdd/0xf0 [ 168.859790][ T5700] ? unregister_oom_notifier+0x20/0x20 [ 168.865295][ T5700] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 168.871340][ T5700] mem_cgroup_out_of_memory+0x263/0x3b0 [ 168.876953][ T5700] ? preempt_schedule_thunk+0x1a/0x20 [ 168.882397][ T5700] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5074] unlink("./39/cgroup") = 0 [pid 5074] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./39/cgroup.net") = 0 [ 168.888024][ T5700] ? cgroup_file_notify+0x127/0x190 [ 168.893286][ T5700] memory_max_write+0x355/0x470 [ 168.898205][ T5700] ? memory_max_show+0xa0/0xa0 [ 168.903023][ T5700] ? read_lock_is_recursive+0x20/0x20 [ 168.908441][ T5700] ? memory_max_show+0xa0/0xa0 [ 168.913227][ T5700] cgroup_file_write+0x2b1/0x780 [ 168.918214][ T5700] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.923347][ T5700] ? __virt_addr_valid+0x22f/0x2e0 [ 168.928500][ T5700] ? cgroup_seqfile_stop+0xd0/0xd0 [ 168.933653][ T5700] kernfs_fop_write_iter+0x3a6/0x4f0 [ 168.938980][ T5700] vfs_write+0x7b2/0xbb0 [ 168.943249][ T5700] ? file_end_write+0x240/0x240 [ 168.948117][ T5700] ? do_raw_spin_unlock+0x13b/0x8b0 [ 168.953328][ T5700] ? lockdep_hardirqs_on+0x98/0x140 [ 168.958548][ T5700] ? __fdget_pos+0x265/0x2f0 [ 168.963157][ T5700] ksys_write+0x1a0/0x2c0 [ 168.967517][ T5700] ? __ia32_sys_read+0x90/0x90 [ 168.972300][ T5700] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 168.978322][ T5700] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 168.984340][ T5700] do_syscall_64+0x41/0xc0 [ 168.988775][ T5700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.994686][ T5700] RIP: 0033:0x7fd49ce20129 [ 168.999109][ T5700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.018726][ T5700] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 169.027157][ T5700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5074] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5703] <... chdir resumed>) = 0 [pid 5074] <... umount2 resumed>) = 0 [pid 5074] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5703] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5074] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5703] <... prctl resumed>) = 0 [pid 5074] <... openat resumed>) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 169.035150][ T5700] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 169.043125][ T5700] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 169.051104][ T5700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 169.059086][ T5700] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000026 [ 169.067084][ T5700] [ 169.084029][ T5700] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] getdents64(4, [pid 5703] setpgid(0, 0 [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4 [pid 5703] <... setpgid resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5074] rmdir("./39/file0") = 0 [pid 5074] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./39/cgroup.cpu" [pid 5703] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5074] <... unlink resumed>) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5703] <... symlink resumed>) = 0 [pid 5074] rmdir("./39") = 0 [pid 5703] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5074] mkdir("./40", 0777 [pid 5703] <... symlink resumed>) = 0 [pid 5074] <... mkdir resumed>) = 0 [pid 5703] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5704 attached [pid 5703] <... symlink resumed>) = 0 [pid 5704] chdir("./40" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 42 [pid 5704] <... chdir resumed>) = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5704] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5704] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] mkdir("./file0", 000) = 0 [ 169.094621][ T5700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 169.118218][ T5700] Memory cgroup stats for /syz1: [ 169.118444][ T5700] anon 0 [ 169.118444][ T5700] file 0 [ 169.118444][ T5700] kernel 8192 [ 169.118444][ T5700] kernel_stack 0 [ 169.118444][ T5700] pagetables 0 [ 169.118444][ T5700] sec_pagetables 0 [pid 5704] open("./file0", O_RDONLY) = 3 [pid 5704] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5704] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5704] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5704] openat(5, "memory.max", O_RDWR) = 6 [ 169.118444][ T5700] percpu 0 [ 169.118444][ T5700] sock 0 [ 169.118444][ T5700] vmalloc 0 [ 169.118444][ T5700] shmem 0 [ 169.118444][ T5700] zswap 0 [ 169.118444][ T5700] zswapped 0 [ 169.118444][ T5700] file_mapped 0 [ 169.118444][ T5700] file_dirty 0 [ 169.118444][ T5700] file_writeback 0 [ 169.118444][ T5700] swapcached 0 [ 169.118444][ T5700] anon_thp 0 [ 169.118444][ T5700] file_thp 0 [ 169.118444][ T5700] shmem_thp 0 [ 169.118444][ T5700] inactive_anon 0 [ 169.118444][ T5700] active_anon 0 [ 169.118444][ T5700] inactive_file 0 [pid 5704] write(6, "0x000000000000040e", 18 [pid 5703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5703] write(3, "1000", 4) = 4 [pid 5703] close(3) = 0 [pid 5703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5703] mkdir("./file0", 000) = 0 [pid 5703] open("./file0", O_RDONLY) = 3 [pid 5703] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5703] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5703] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5703] openat(5, "memory.max", O_RDWR) = 6 [ 169.118444][ T5700] active_file 0 [ 169.118444][ T5700] unevictable 0 [ 169.118444][ T5700] slab_reclaimable 6752 [ 169.118444][ T5700] slab_unreclaimable 0 [ 169.118444][ T5700] slab 6752 [ 169.118444][ T5700] workingset_refault_anon 0 [ 169.228413][ T5700] Tasks state (memory values in pages): [ 169.233989][ T5700] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5703] write(6, "0x000000000000040e", 18 [pid 5700] <... write resumed>) = 18 [pid 5700] close(3) = 0 [pid 5700] close(4) = 0 [pid 5700] close(5) = 0 [pid 5700] close(6) = 0 [pid 5700] close(7) = -1 EBADF (Bad file descriptor) [pid 5700] close(8) = -1 EBADF (Bad file descriptor) [pid 5700] close(9) = -1 EBADF (Bad file descriptor) [pid 5700] close(10) = -1 EBADF (Bad file descriptor) [pid 5700] close(11) = -1 EBADF (Bad file descriptor) [pid 5700] close(12) = -1 EBADF (Bad file descriptor) [pid 5700] close(13) = -1 EBADF (Bad file descriptor) [pid 5700] close(14) = -1 EBADF (Bad file descriptor) [pid 5700] close(15) = -1 EBADF (Bad file descriptor) [pid 5700] close(16) = -1 EBADF (Bad file descriptor) [pid 5700] close(17) = -1 EBADF (Bad file descriptor) [pid 5700] close(18) = -1 EBADF (Bad file descriptor) [pid 5700] close(19) = -1 EBADF (Bad file descriptor) [pid 5700] close(20) = -1 EBADF (Bad file descriptor) [ 169.265479][ T5700] Out of memory and no killable processes... [ 169.271873][ T5701] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 169.283650][ T5701] CPU: 1 PID: 5701 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 169.294127][ T5701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 169.304248][ T5701] Call Trace: [ 169.307570][ T5701] [ 169.310537][ T5701] dump_stack_lvl+0x1e7/0x2d0 [pid 5700] close(21) = -1 EBADF (Bad file descriptor) [pid 5700] close(22) = -1 EBADF (Bad file descriptor) [pid 5700] close(23) = -1 EBADF (Bad file descriptor) [pid 5700] close(24) = -1 EBADF (Bad file descriptor) [pid 5700] close(25) = -1 EBADF (Bad file descriptor) [pid 5700] close(26) = -1 EBADF (Bad file descriptor) [pid 5700] close(27) = -1 EBADF (Bad file descriptor) [pid 5700] close(28) = -1 EBADF (Bad file descriptor) [pid 5700] close(29) = -1 EBADF (Bad file descriptor) [ 169.315270][ T5701] ? nf_tcp_handle_invalid+0x640/0x640 [ 169.320785][ T5701] ? panic+0x770/0x770 [ 169.324930][ T5701] dump_header+0xdc/0x940 [ 169.329315][ T5701] out_of_memory+0xf21/0x12c0 [ 169.334053][ T5701] ? mutex_lock_io_nested+0x60/0x60 [ 169.339315][ T5701] ? preempt_schedule+0xdd/0xf0 [ 169.344212][ T5701] ? unregister_oom_notifier+0x20/0x20 [ 169.349718][ T5701] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 169.355764][ T5701] mem_cgroup_out_of_memory+0x263/0x3b0 [ 169.361371][ T5701] ? preempt_schedule_thunk+0x1a/0x20 [ 169.366798][ T5701] ? mem_cgroup_oom_trylock+0x210/0x210 [ 169.372430][ T5701] ? cgroup_file_notify+0x127/0x190 [ 169.377690][ T5701] memory_max_write+0x355/0x470 [ 169.382603][ T5701] ? memory_max_show+0xa0/0xa0 [ 169.387418][ T5701] ? read_lock_is_recursive+0x20/0x20 [ 169.392883][ T5701] ? memory_max_show+0xa0/0xa0 [ 169.397690][ T5701] cgroup_file_write+0x2b1/0x780 [ 169.402702][ T5701] ? cgroup_seqfile_stop+0xd0/0xd0 [ 169.407858][ T5701] ? __virt_addr_valid+0x22f/0x2e0 [ 169.413035][ T5701] ? cgroup_seqfile_stop+0xd0/0xd0 [ 169.418187][ T5701] kernfs_fop_write_iter+0x3a6/0x4f0 [ 169.423530][ T5701] vfs_write+0x7b2/0xbb0 [ 169.427918][ T5701] ? file_end_write+0x240/0x240 [ 169.432827][ T5701] ? do_raw_spin_unlock+0x13b/0x8b0 [ 169.438098][ T5701] ? lockdep_hardirqs_on+0x98/0x140 [ 169.443389][ T5701] ? __fdget_pos+0x265/0x2f0 [ 169.448045][ T5701] ksys_write+0x1a0/0x2c0 [ 169.452459][ T5701] ? __ia32_sys_read+0x90/0x90 [ 169.457284][ T5701] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 169.463329][ T5701] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 169.469380][ T5701] do_syscall_64+0x41/0xc0 [ 169.473855][ T5701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 169.479808][ T5701] RIP: 0033:0x7fd49ce20129 [ 169.484271][ T5701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.503938][ T5701] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5700] exit_group(0) = ? [pid 5700] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./38/binderfs") = 0 [pid 5075] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./38/cgroup") = 0 [pid 5075] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./38/cgroup.net") = 0 [pid 5075] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 169.512403][ T5701] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 169.520418][ T5701] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 169.528432][ T5701] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 169.536441][ T5701] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 169.544441][ T5701] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000023 [ 169.552465][ T5701] [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./38/file0") = 0 [pid 5075] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./38/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./38") = 0 [pid 5075] mkdir("./39", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 41 [ 169.563107][ T5701] memory: usage 8kB, limit 0kB, failcnt 55 [ 169.569739][ T5701] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 169.577425][ T5701] Memory cgroup stats for /syz1: [ 169.577747][ T5701] anon 0 [ 169.577747][ T5701] file 0 [ 169.577747][ T5701] kernel 8192 [ 169.577747][ T5701] kernel_stack 0 [ 169.577747][ T5701] pagetables 0 [ 169.577747][ T5701] sec_pagetables 0 [ 169.577747][ T5701] percpu 0 [ 169.577747][ T5701] sock 0 [ 169.577747][ T5701] vmalloc 0 [ 169.577747][ T5701] shmem 0 [ 169.577747][ T5701] zswap 0 [ 169.577747][ T5701] zswapped 0 [ 169.577747][ T5701] file_mapped 0 [ 169.577747][ T5701] file_dirty 0 [ 169.577747][ T5701] file_writeback 0 [ 169.577747][ T5701] swapcached 0 [ 169.577747][ T5701] anon_thp 0 [ 169.577747][ T5701] file_thp 0 [ 169.577747][ T5701] shmem_thp 0 [ 169.577747][ T5701] inactive_anon 0 [ 169.577747][ T5701] active_anon 0 [ 169.577747][ T5701] inactive_file 0 [ 169.577747][ T5701] active_file 0 [ 169.577747][ T5701] unevictable 0 [ 169.577747][ T5701] slab_reclaimable 6752 [ 169.577747][ T5701] slab_unreclaimable 0 ./strace-static-x86_64: Process 5705 attached [pid 5705] chdir("./39") = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5705] setpgid(0, 0) = 0 [pid 5705] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [ 169.577747][ T5701] slab 6752 [ 169.577747][ T5701] workingset_refault_anon 0 [ 169.683649][ T5701] Tasks state (memory values in pages): [ 169.689791][ T5701] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 169.700480][ T5701] Out of memory and no killable processes... [pid 5705] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5701] <... write resumed>) = 18 [pid 5705] <... symlink resumed>) = 0 [pid 5705] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5705] write(3, "1000", 4) = 4 [pid 5705] close(3) = 0 [pid 5705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5705] mkdir("./file0", 000) = 0 [pid 5705] open("./file0", O_RDONLY) = 3 [pid 5705] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5705] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 169.707700][ T5702] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 169.718574][ T5702] CPU: 1 PID: 5702 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 169.729050][ T5702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 169.739147][ T5702] Call Trace: [ 169.742476][ T5702] [ 169.745444][ T5702] dump_stack_lvl+0x1e7/0x2d0 [ 169.750193][ T5702] ? nf_tcp_handle_invalid+0x640/0x640 [ 169.755729][ T5702] ? panic+0x770/0x770 [ 169.759858][ T5702] dump_header+0xdc/0x940 [ 169.764236][ T5702] out_of_memory+0xf21/0x12c0 [ 169.768962][ T5702] ? mutex_lock_io_nested+0x60/0x60 [ 169.774242][ T5702] ? preempt_schedule+0xdd/0xf0 [ 169.779141][ T5702] ? unregister_oom_notifier+0x20/0x20 [ 169.784647][ T5702] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 169.790702][ T5702] mem_cgroup_out_of_memory+0x263/0x3b0 [ 169.796267][ T5702] ? preempt_schedule_thunk+0x1a/0x20 [ 169.801665][ T5702] ? mem_cgroup_oom_trylock+0x210/0x210 [ 169.807247][ T5702] ? cgroup_file_notify+0x127/0x190 [ 169.812473][ T5702] memory_max_write+0x355/0x470 [ 169.817349][ T5702] ? memory_max_show+0xa0/0xa0 [ 169.822146][ T5702] ? read_lock_is_recursive+0x20/0x20 [ 169.827539][ T5702] ? memory_max_show+0xa0/0xa0 [ 169.832319][ T5702] cgroup_file_write+0x2b1/0x780 [ 169.837280][ T5702] ? cgroup_seqfile_stop+0xd0/0xd0 [ 169.842405][ T5702] ? __virt_addr_valid+0x22f/0x2e0 [ 169.847556][ T5702] ? cgroup_seqfile_stop+0xd0/0xd0 [ 169.852720][ T5702] kernfs_fop_write_iter+0x3a6/0x4f0 [ 169.858032][ T5702] vfs_write+0x7b2/0xbb0 [ 169.862298][ T5702] ? file_end_write+0x240/0x240 [ 169.867170][ T5702] ? do_raw_spin_unlock+0x13b/0x8b0 [ 169.872384][ T5702] ? lockdep_hardirqs_on+0x98/0x140 [ 169.877631][ T5702] ? __fdget_pos+0x265/0x2f0 [ 169.882239][ T5702] ksys_write+0x1a0/0x2c0 [ 169.886593][ T5702] ? __ia32_sys_read+0x90/0x90 [ 169.891377][ T5702] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 169.897380][ T5702] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 169.903401][ T5702] do_syscall_64+0x41/0xc0 [ 169.907852][ T5702] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 169.913781][ T5702] RIP: 0033:0x7fd49ce20129 [ 169.918314][ T5702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.938037][ T5702] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 169.946466][ T5702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 169.954448][ T5702] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5705] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5705] openat(5, "memory.max", O_RDWR) = 6 [pid 5705] write(6, "0x000000000000040e", 18 [pid 5701] close(3) = 0 [pid 5701] close(4) = 0 [pid 5701] close(5) = 0 [pid 5701] close(6) = 0 [pid 5701] close(7) = -1 EBADF (Bad file descriptor) [pid 5701] close(8) = -1 EBADF (Bad file descriptor) [pid 5701] close(9) = -1 EBADF (Bad file descriptor) [ 169.962442][ T5702] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 169.970517][ T5702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 169.978519][ T5702] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000020 [ 169.986609][ T5702] [ 169.997689][ T5702] memory: usage 8kB, limit 0kB, failcnt 55 [ 170.004346][ T5702] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 170.011846][ T5702] Memory cgroup stats for /syz1: [pid 5701] close(10) = -1 EBADF (Bad file descriptor) [pid 5701] close(11) = -1 EBADF (Bad file descriptor) [pid 5701] close(12) = -1 EBADF (Bad file descriptor) [pid 5701] close(13) = -1 EBADF (Bad file descriptor) [pid 5701] close(14) = -1 EBADF (Bad file descriptor) [pid 5701] close(15) = -1 EBADF (Bad file descriptor) [pid 5701] close(16) = -1 EBADF (Bad file descriptor) [pid 5701] close(17) = -1 EBADF (Bad file descriptor) [pid 5701] close(18) = -1 EBADF (Bad file descriptor) [pid 5701] close(19) = -1 EBADF (Bad file descriptor) [pid 5701] close(20) = -1 EBADF (Bad file descriptor) [pid 5701] close(21) = -1 EBADF (Bad file descriptor) [pid 5701] close(22) = -1 EBADF (Bad file descriptor) [pid 5701] close(23) = -1 EBADF (Bad file descriptor) [pid 5701] close(24) = -1 EBADF (Bad file descriptor) [pid 5701] close(25) = -1 EBADF (Bad file descriptor) [ 170.012006][ T5702] anon 0 [ 170.012006][ T5702] file 0 [ 170.012006][ T5702] kernel 8192 [ 170.012006][ T5702] kernel_stack 0 [ 170.012006][ T5702] pagetables 0 [ 170.012006][ T5702] sec_pagetables 0 [ 170.012006][ T5702] percpu 0 [ 170.012006][ T5702] sock 0 [ 170.012006][ T5702] vmalloc 0 [ 170.012006][ T5702] shmem 0 [ 170.012006][ T5702] zswap 0 [ 170.012006][ T5702] zswapped 0 [ 170.012006][ T5702] file_mapped 0 [ 170.012006][ T5702] file_dirty 0 [ 170.012006][ T5702] file_writeback 0 [ 170.012006][ T5702] swapcached 0 [pid 5701] close(26) = -1 EBADF (Bad file descriptor) [pid 5701] close(27) = -1 EBADF (Bad file descriptor) [pid 5701] close(28) = -1 EBADF (Bad file descriptor) [pid 5701] close(29) = -1 EBADF (Bad file descriptor) [pid 5701] exit_group(0) = ? [pid 5701] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./35/binderfs") = 0 [pid 5073] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./35/cgroup") = 0 [pid 5073] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./35/cgroup.net") = 0 [pid 5073] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 170.012006][ T5702] anon_thp 0 [ 170.012006][ T5702] file_thp 0 [ 170.012006][ T5702] shmem_thp 0 [ 170.012006][ T5702] inactive_anon 0 [ 170.012006][ T5702] active_anon 0 [ 170.012006][ T5702] inactive_file 0 [ 170.012006][ T5702] active_file 0 [ 170.012006][ T5702] unevictable 0 [ 170.012006][ T5702] slab_reclaimable 6752 [ 170.012006][ T5702] slab_unreclaimable 0 [ 170.012006][ T5702] slab 6752 [ 170.012006][ T5702] workingset_refault_anon 0 [ 170.113200][ T5702] Tasks state (memory values in pages): [pid 5073] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./35/file0") = 0 [pid 5073] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./35/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./35") = 0 [pid 5073] mkdir("./36", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5706 attached [pid 5706] chdir("./36" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 38 [pid 5706] <... chdir resumed>) = 0 [pid 5706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5706] setpgid(0, 0) = 0 [pid 5706] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5706] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5706] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5702] <... write resumed>) = 18 [pid 5706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5702] close(3 [pid 5706] <... openat resumed>) = 3 [pid 5706] write(3, "1000", 4) = 4 [ 170.119678][ T5702] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 170.146576][ T5702] Out of memory and no killable processes... [ 170.153261][ T5704] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5706] close(3) = 0 [pid 5706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5706] mkdir("./file0", 000) = 0 [pid 5706] open("./file0", O_RDONLY) = 3 [pid 5706] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5706] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5706] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5706] openat(5, "memory.max", O_RDWR) = 6 [ 170.166655][ T5704] CPU: 1 PID: 5704 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 170.177128][ T5704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 170.187316][ T5704] Call Trace: [ 170.190644][ T5704] [ 170.193791][ T5704] dump_stack_lvl+0x1e7/0x2d0 [ 170.198530][ T5704] ? nf_tcp_handle_invalid+0x640/0x640 [ 170.204040][ T5704] ? panic+0x770/0x770 [ 170.208174][ T5704] dump_header+0xdc/0x940 [ 170.212559][ T5704] out_of_memory+0xf21/0x12c0 [pid 5706] write(6, "0x000000000000040e", 18 [pid 5702] <... close resumed>) = 0 [pid 5702] close(4) = 0 [pid 5702] close(5) = 0 [pid 5702] close(6) = 0 [pid 5702] close(7) = -1 EBADF (Bad file descriptor) [pid 5702] close(8) = -1 EBADF (Bad file descriptor) [pid 5702] close(9) = -1 EBADF (Bad file descriptor) [pid 5702] close(10) = -1 EBADF (Bad file descriptor) [pid 5702] close(11) = -1 EBADF (Bad file descriptor) [pid 5702] close(12) = -1 EBADF (Bad file descriptor) [pid 5702] close(13) = -1 EBADF (Bad file descriptor) [ 170.217292][ T5704] ? mutex_lock_io_nested+0x60/0x60 [ 170.222548][ T5704] ? preempt_schedule+0xdd/0xf0 [ 170.227447][ T5704] ? unregister_oom_notifier+0x20/0x20 [ 170.232964][ T5704] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 170.239022][ T5704] mem_cgroup_out_of_memory+0x263/0x3b0 [ 170.244627][ T5704] ? preempt_schedule_thunk+0x1a/0x20 [ 170.250062][ T5704] ? mem_cgroup_oom_trylock+0x210/0x210 [ 170.255862][ T5704] ? cgroup_file_notify+0x127/0x190 [ 170.261135][ T5704] memory_max_write+0x355/0x470 [ 170.266051][ T5704] ? memory_max_show+0xa0/0xa0 [ 170.270869][ T5704] ? read_lock_is_recursive+0x20/0x20 [ 170.276315][ T5704] ? memory_max_show+0xa0/0xa0 [ 170.281126][ T5704] cgroup_file_write+0x2b1/0x780 [ 170.286119][ T5704] ? cgroup_seqfile_stop+0xd0/0xd0 [ 170.291290][ T5704] ? __virt_addr_valid+0x22f/0x2e0 [ 170.296481][ T5704] ? cgroup_seqfile_stop+0xd0/0xd0 [ 170.301650][ T5704] kernfs_fop_write_iter+0x3a6/0x4f0 [ 170.307009][ T5704] vfs_write+0x7b2/0xbb0 [ 170.311337][ T5704] ? file_end_write+0x240/0x240 [ 170.316251][ T5704] ? do_raw_spin_unlock+0x13b/0x8b0 [ 170.321534][ T5704] ? lockdep_hardirqs_on+0x98/0x140 [ 170.326804][ T5704] ? __fdget_pos+0x265/0x2f0 [ 170.331448][ T5704] ksys_write+0x1a0/0x2c0 [ 170.335843][ T5704] ? __ia32_sys_read+0x90/0x90 [ 170.340628][ T5704] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 170.346651][ T5704] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 170.352687][ T5704] do_syscall_64+0x41/0xc0 [ 170.357155][ T5704] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 170.363102][ T5704] RIP: 0033:0x7fd49ce20129 [ 170.367558][ T5704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 170.387214][ T5704] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 170.395680][ T5704] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 170.403698][ T5704] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 170.411714][ T5704] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5702] close(14) = -1 EBADF (Bad file descriptor) [pid 5702] close(15) = -1 EBADF (Bad file descriptor) [pid 5702] close(16) = -1 EBADF (Bad file descriptor) [pid 5702] close(17) = -1 EBADF (Bad file descriptor) [pid 5702] close(18) = -1 EBADF (Bad file descriptor) [pid 5702] close(19) = -1 EBADF (Bad file descriptor) [pid 5702] close(20) = -1 EBADF (Bad file descriptor) [pid 5702] close(21) = -1 EBADF (Bad file descriptor) [pid 5702] close(22) = -1 EBADF (Bad file descriptor) [pid 5702] close(23) = -1 EBADF (Bad file descriptor) [pid 5702] close(24) = -1 EBADF (Bad file descriptor) [pid 5702] close(25) = -1 EBADF (Bad file descriptor) [pid 5702] close(26) = -1 EBADF (Bad file descriptor) [pid 5702] close(27) = -1 EBADF (Bad file descriptor) [pid 5702] close(28) = -1 EBADF (Bad file descriptor) [pid 5702] close(29) = -1 EBADF (Bad file descriptor) [pid 5702] exit_group(0) = ? [pid 5702] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./32/binderfs") = 0 [pid 5070] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./32/cgroup") = 0 [pid 5070] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./32/cgroup.net") = 0 [pid 5070] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 170.419723][ T5704] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 170.427739][ T5704] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000028 [ 170.435784][ T5704] [ 170.445759][ T5704] memory: usage 8kB, limit 0kB, failcnt 55 [ 170.452823][ T5704] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 170.460419][ T5704] Memory cgroup stats for /syz1: [ 170.461063][ T5704] anon 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./32/file0") = 0 [pid 5070] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./32/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./32") = 0 [pid 5070] mkdir("./33", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 35 ./strace-static-x86_64: Process 5707 attached [pid 5707] chdir("./33") = 0 [pid 5707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5707] setpgid(0, 0) = 0 [pid 5707] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 170.461063][ T5704] file 0 [ 170.461063][ T5704] kernel 8192 [ 170.461063][ T5704] kernel_stack 0 [ 170.461063][ T5704] pagetables 0 [ 170.461063][ T5704] sec_pagetables 0 [ 170.461063][ T5704] percpu 0 [ 170.461063][ T5704] sock 0 [ 170.461063][ T5704] vmalloc 0 [ 170.461063][ T5704] shmem 0 [ 170.461063][ T5704] zswap 0 [ 170.461063][ T5704] zswapped 0 [ 170.461063][ T5704] file_mapped 0 [ 170.461063][ T5704] file_dirty 0 [ 170.461063][ T5704] file_writeback 0 [ 170.461063][ T5704] swapcached 0 [ 170.461063][ T5704] anon_thp 0 [pid 5707] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5707] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5707] write(3, "1000", 4) = 4 [pid 5707] close(3) = 0 [pid 5707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5707] mkdir("./file0", 000) = 0 [pid 5707] open("./file0", O_RDONLY) = 3 [pid 5707] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5707] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5707] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5707] openat(5, "memory.max", O_RDWR) = 6 [ 170.461063][ T5704] file_thp 0 [ 170.461063][ T5704] shmem_thp 0 [ 170.461063][ T5704] inactive_anon 0 [ 170.461063][ T5704] active_anon 0 [ 170.461063][ T5704] inactive_file 0 [ 170.461063][ T5704] active_file 0 [ 170.461063][ T5704] unevictable 0 [ 170.461063][ T5704] slab_reclaimable 6752 [ 170.461063][ T5704] slab_unreclaimable 0 [ 170.461063][ T5704] slab 6752 [ 170.461063][ T5704] workingset_refault_anon 0 [ 170.564077][ T5704] Tasks state (memory values in pages): [pid 5707] write(6, "0x000000000000040e", 18 [pid 5704] <... write resumed>) = 18 [pid 5704] close(3) = 0 [pid 5704] close(4) = 0 [pid 5704] close(5) = 0 [pid 5704] close(6) = 0 [pid 5704] close(7) = -1 EBADF (Bad file descriptor) [pid 5704] close(8) = -1 EBADF (Bad file descriptor) [pid 5704] close(9) = -1 EBADF (Bad file descriptor) [pid 5704] close(10) = -1 EBADF (Bad file descriptor) [pid 5704] close(11) = -1 EBADF (Bad file descriptor) [pid 5704] close(12) = -1 EBADF (Bad file descriptor) [pid 5704] close(13) = -1 EBADF (Bad file descriptor) [pid 5704] close(14) = -1 EBADF (Bad file descriptor) [pid 5704] close(15) = -1 EBADF (Bad file descriptor) [pid 5704] close(16) = -1 EBADF (Bad file descriptor) [pid 5704] close(17) = -1 EBADF (Bad file descriptor) [pid 5704] close(18) = -1 EBADF (Bad file descriptor) [pid 5704] close(19) = -1 EBADF (Bad file descriptor) [ 170.569789][ T5704] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 170.579423][ T5704] Out of memory and no killable processes... [ 170.585524][ T5703] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 170.597055][ T5703] CPU: 1 PID: 5703 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 170.607533][ T5703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 170.617640][ T5703] Call Trace: [pid 5704] close(20) = -1 EBADF (Bad file descriptor) [pid 5704] close(21) = -1 EBADF (Bad file descriptor) [pid 5704] close(22) = -1 EBADF (Bad file descriptor) [pid 5704] close(23) = -1 EBADF (Bad file descriptor) [pid 5704] close(24) = -1 EBADF (Bad file descriptor) [ 170.620960][ T5703] [ 170.623922][ T5703] dump_stack_lvl+0x1e7/0x2d0 [ 170.628656][ T5703] ? nf_tcp_handle_invalid+0x640/0x640 [ 170.634167][ T5703] ? panic+0x770/0x770 [ 170.638339][ T5703] dump_header+0xdc/0x940 [ 170.642734][ T5703] out_of_memory+0xf21/0x12c0 [ 170.647468][ T5703] ? mutex_lock_io_nested+0x60/0x60 [ 170.652732][ T5703] ? preempt_schedule+0xdd/0xf0 [ 170.657642][ T5703] ? unregister_oom_notifier+0x20/0x20 [ 170.663147][ T5703] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5704] close(25) = -1 EBADF (Bad file descriptor) [pid 5704] close(26) = -1 EBADF (Bad file descriptor) [pid 5704] close(27) = -1 EBADF (Bad file descriptor) [pid 5704] close(28) = -1 EBADF (Bad file descriptor) [pid 5704] close(29) = -1 EBADF (Bad file descriptor) [pid 5704] exit_group(0) = ? [pid 5704] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 170.669208][ T5703] mem_cgroup_out_of_memory+0x263/0x3b0 [ 170.674816][ T5703] ? preempt_schedule_thunk+0x1a/0x20 [ 170.680243][ T5703] ? mem_cgroup_oom_trylock+0x210/0x210 [ 170.685865][ T5703] ? cgroup_file_notify+0x127/0x190 [ 170.691124][ T5703] memory_max_write+0x355/0x470 [ 170.696035][ T5703] ? memory_max_show+0xa0/0xa0 [ 170.700852][ T5703] ? read_lock_is_recursive+0x20/0x20 [ 170.706278][ T5703] ? memory_max_show+0xa0/0xa0 [ 170.711091][ T5703] cgroup_file_write+0x2b1/0x780 [ 170.716084][ T5703] ? cgroup_seqfile_stop+0xd0/0xd0 [ 170.721241][ T5703] ? __virt_addr_valid+0x22f/0x2e0 [ 170.726406][ T5703] ? cgroup_seqfile_stop+0xd0/0xd0 [ 170.731537][ T5703] kernfs_fop_write_iter+0x3a6/0x4f0 [ 170.736877][ T5703] vfs_write+0x7b2/0xbb0 [ 170.741185][ T5703] ? file_end_write+0x240/0x240 [ 170.746115][ T5703] ? do_raw_spin_unlock+0x13b/0x8b0 [ 170.751363][ T5703] ? lockdep_hardirqs_on+0x98/0x140 [ 170.756617][ T5703] ? __fdget_pos+0x265/0x2f0 [ 170.761283][ T5703] ksys_write+0x1a0/0x2c0 [ 170.765665][ T5703] ? __ia32_sys_read+0x90/0x90 [ 170.770474][ T5703] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 170.776510][ T5703] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 170.782583][ T5703] do_syscall_64+0x41/0xc0 [ 170.787054][ T5703] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 170.793003][ T5703] RIP: 0033:0x7fd49ce20129 [ 170.797457][ T5703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./40/binderfs") = 0 [pid 5074] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./40/cgroup") = 0 [pid 5074] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./40/cgroup.net") = 0 [pid 5074] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 170.817109][ T5703] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 170.825573][ T5703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 170.833592][ T5703] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 170.841596][ T5703] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 170.849593][ T5703] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 170.857608][ T5703] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000021 [ 170.865655][ T5703] [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./40/file0") = 0 [pid 5074] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./40/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./40") = 0 [pid 5074] mkdir("./41", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 43 ./strace-static-x86_64: Process 5708 attached [pid 5708] chdir("./41") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5708] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5708] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [ 170.878686][ T5703] memory: usage 8kB, limit 0kB, failcnt 55 [ 170.885477][ T5703] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 170.901527][ T5703] Memory cgroup stats for /syz1: [ 170.901745][ T5703] anon 0 [ 170.901745][ T5703] file 0 [ 170.901745][ T5703] kernel 8192 [ 170.901745][ T5703] kernel_stack 0 [ 170.901745][ T5703] pagetables 0 [ 170.901745][ T5703] sec_pagetables 0 [ 170.901745][ T5703] percpu 0 [pid 5708] mkdir("./file0", 000) = 0 [pid 5708] open("./file0", O_RDONLY) = 3 [pid 5708] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 170.901745][ T5703] sock 0 [ 170.901745][ T5703] vmalloc 0 [ 170.901745][ T5703] shmem 0 [ 170.901745][ T5703] zswap 0 [ 170.901745][ T5703] zswapped 0 [ 170.901745][ T5703] file_mapped 0 [ 170.901745][ T5703] file_dirty 0 [ 170.901745][ T5703] file_writeback 0 [ 170.901745][ T5703] swapcached 0 [ 170.901745][ T5703] anon_thp 0 [ 170.901745][ T5703] file_thp 0 [ 170.901745][ T5703] shmem_thp 0 [ 170.901745][ T5703] inactive_anon 0 [ 170.901745][ T5703] active_anon 0 [ 170.901745][ T5703] inactive_file 0 [ 170.901745][ T5703] active_file 0 [pid 5708] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5708] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5708] openat(5, "memory.max", O_RDWR) = 6 [ 170.901745][ T5703] unevictable 0 [ 170.901745][ T5703] slab_reclaimable 6752 [ 170.901745][ T5703] slab_unreclaimable 0 [ 170.901745][ T5703] slab 6752 [ 170.901745][ T5703] workingset_refault_anon 0 [ 171.002785][ T5703] Tasks state (memory values in pages): [ 171.008467][ T5703] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 171.018014][ T5703] Out of memory and no killable processes... [pid 5708] write(6, "0x000000000000040e", 18 [pid 5703] <... write resumed>) = 18 [pid 5703] close(3) = 0 [pid 5703] close(4) = 0 [pid 5703] close(5) = 0 [pid 5703] close(6) = 0 [pid 5703] close(7) = -1 EBADF (Bad file descriptor) [pid 5703] close(8) = -1 EBADF (Bad file descriptor) [pid 5703] close(9) = -1 EBADF (Bad file descriptor) [pid 5703] close(10) = -1 EBADF (Bad file descriptor) [pid 5703] close(11) = -1 EBADF (Bad file descriptor) [pid 5703] close(12) = -1 EBADF (Bad file descriptor) [pid 5703] close(13) = -1 EBADF (Bad file descriptor) [pid 5703] close(14) = -1 EBADF (Bad file descriptor) [pid 5703] close(15) = -1 EBADF (Bad file descriptor) [pid 5703] close(16) = -1 EBADF (Bad file descriptor) [pid 5703] close(17) = -1 EBADF (Bad file descriptor) [pid 5703] close(18) = -1 EBADF (Bad file descriptor) [pid 5703] close(19) = -1 EBADF (Bad file descriptor) [pid 5703] close(20) = -1 EBADF (Bad file descriptor) [pid 5703] close(21) = -1 EBADF (Bad file descriptor) [pid 5703] close(22) = -1 EBADF (Bad file descriptor) [pid 5703] close(23) = -1 EBADF (Bad file descriptor) [pid 5703] close(24) = -1 EBADF (Bad file descriptor) [pid 5703] close(25) = -1 EBADF (Bad file descriptor) [pid 5703] close(26) = -1 EBADF (Bad file descriptor) [pid 5703] close(27) = -1 EBADF (Bad file descriptor) [pid 5703] close(28) = -1 EBADF (Bad file descriptor) [pid 5703] close(29) = -1 EBADF (Bad file descriptor) [pid 5703] exit_group(0) = ? [pid 5703] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 171.024073][ T5705] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 171.035071][ T5705] CPU: 1 PID: 5705 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 171.045535][ T5705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 171.055600][ T5705] Call Trace: [ 171.058896][ T5705] [ 171.061858][ T5705] dump_stack_lvl+0x1e7/0x2d0 [ 171.066590][ T5705] ? nf_tcp_handle_invalid+0x640/0x640 [ 171.072083][ T5705] ? panic+0x770/0x770 [ 171.076186][ T5705] dump_header+0xdc/0x940 [ 171.080551][ T5705] out_of_memory+0xf21/0x12c0 [ 171.085283][ T5705] ? mutex_lock_io_nested+0x60/0x60 [ 171.090545][ T5705] ? preempt_schedule+0xdd/0xf0 [ 171.095442][ T5705] ? unregister_oom_notifier+0x20/0x20 [ 171.100943][ T5705] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 171.106972][ T5705] mem_cgroup_out_of_memory+0x263/0x3b0 [ 171.112556][ T5705] ? preempt_schedule_thunk+0x1a/0x20 [ 171.117970][ T5705] ? mem_cgroup_oom_trylock+0x210/0x210 [ 171.123549][ T5705] ? cgroup_file_notify+0x127/0x190 [ 171.128773][ T5705] memory_max_write+0x355/0x470 [ 171.133666][ T5705] ? memory_max_show+0xa0/0xa0 [ 171.138450][ T5705] ? read_lock_is_recursive+0x20/0x20 [ 171.143847][ T5705] ? memory_max_show+0xa0/0xa0 [ 171.148626][ T5705] cgroup_file_write+0x2b1/0x780 [ 171.153583][ T5705] ? cgroup_seqfile_stop+0xd0/0xd0 [ 171.158716][ T5705] ? __virt_addr_valid+0x22f/0x2e0 [ 171.163882][ T5705] ? cgroup_seqfile_stop+0xd0/0xd0 [ 171.169004][ T5705] kernfs_fop_write_iter+0x3a6/0x4f0 [ 171.174311][ T5705] vfs_write+0x7b2/0xbb0 [ 171.178582][ T5705] ? file_end_write+0x240/0x240 [ 171.183467][ T5705] ? do_raw_spin_unlock+0x13b/0x8b0 [ 171.188692][ T5705] ? lockdep_hardirqs_on+0x98/0x140 [ 171.193916][ T5705] ? __fdget_pos+0x265/0x2f0 [ 171.198528][ T5705] ksys_write+0x1a0/0x2c0 [ 171.202880][ T5705] ? __ia32_sys_read+0x90/0x90 [ 171.207661][ T5705] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 171.213672][ T5705] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 171.219680][ T5705] do_syscall_64+0x41/0xc0 [ 171.224118][ T5705] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 171.230039][ T5705] RIP: 0033:0x7fd49ce20129 [ 171.234467][ T5705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 171.254086][ T5705] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.262517][ T5705] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 171.270527][ T5705] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 171.278527][ T5705] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 171.286509][ T5705] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 171.294499][ T5705] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000027 [ 171.302501][ T5705] [ 171.310203][ T5705] memory: usage 8kB, limit 0kB, failcnt 55 [ 171.317887][ T5705] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 171.324801][ T5705] Memory cgroup stats for /syz1: [ 171.325013][ T5705] anon 0 [ 171.325013][ T5705] file 0 [ 171.325013][ T5705] kernel 8192 [ 171.325013][ T5705] kernel_stack 0 [ 171.325013][ T5705] pagetables 0 [ 171.325013][ T5705] sec_pagetables 0 [ 171.325013][ T5705] percpu 0 [ 171.325013][ T5705] sock 0 [ 171.325013][ T5705] vmalloc 0 [ 171.325013][ T5705] shmem 0 [ 171.325013][ T5705] zswap 0 [ 171.325013][ T5705] zswapped 0 [ 171.325013][ T5705] file_mapped 0 [ 171.325013][ T5705] file_dirty 0 [ 171.325013][ T5705] file_writeback 0 [ 171.325013][ T5705] swapcached 0 [pid 5072] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./33/binderfs") = 0 [pid 5072] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 171.325013][ T5705] anon_thp 0 [ 171.325013][ T5705] file_thp 0 [ 171.325013][ T5705] shmem_thp 0 [ 171.325013][ T5705] inactive_anon 0 [ 171.325013][ T5705] active_anon 0 [ 171.325013][ T5705] inactive_file 0 [ 171.325013][ T5705] active_file 0 [ 171.325013][ T5705] unevictable 0 [ 171.325013][ T5705] slab_reclaimable 6752 [ 171.325013][ T5705] slab_unreclaimable 0 [ 171.325013][ T5705] slab 6752 [ 171.325013][ T5705] workingset_refault_anon 0 [pid 5072] unlink("./33/cgroup") = 0 [pid 5072] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./33/cgroup.net") = 0 [pid 5072] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./33/file0") = 0 [pid 5072] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./33/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./33") = 0 [pid 5072] mkdir("./34", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5709 attached [ 171.441229][ T5705] Tasks state (memory values in pages): [ 171.447768][ T5705] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 171.458711][ T5705] Out of memory and no killable processes... [ 171.465650][ T5706] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 171.476922][ T5706] CPU: 0 PID: 5706 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 171.487410][ T5706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 171.497480][ T5706] Call Trace: [ 171.500774][ T5706] [ 171.503714][ T5706] dump_stack_lvl+0x1e7/0x2d0 [ 171.508416][ T5706] ? nf_tcp_handle_invalid+0x640/0x640 [ 171.513912][ T5706] ? panic+0x770/0x770 [ 171.518008][ T5706] dump_header+0xdc/0x940 [ 171.522374][ T5706] out_of_memory+0xf21/0x12c0 [ 171.527075][ T5706] ? mutex_lock_io_nested+0x60/0x60 [ 171.532298][ T5706] ? mark_lock+0x9a/0x340 [ 171.536653][ T5706] ? unregister_oom_notifier+0x20/0x20 [ 171.542154][ T5706] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 171.548165][ T5706] mem_cgroup_out_of_memory+0x263/0x3b0 [ 171.553761][ T5706] ? mem_cgroup_oom_trylock+0x210/0x210 [ 171.559338][ T5706] ? cgroup_file_notify+0x127/0x190 [ 171.564563][ T5706] memory_max_write+0x355/0x470 [ 171.569441][ T5706] ? memory_max_show+0xa0/0xa0 [ 171.574222][ T5706] ? read_lock_is_recursive+0x20/0x20 [ 171.579618][ T5706] ? memory_max_show+0xa0/0xa0 [ 171.584421][ T5706] cgroup_file_write+0x2b1/0x780 [ 171.589378][ T5706] ? cgroup_seqfile_stop+0xd0/0xd0 [ 171.594501][ T5706] ? __virt_addr_valid+0x22f/0x2e0 [ 171.599646][ T5706] ? cgroup_seqfile_stop+0xd0/0xd0 [ 171.604766][ T5706] kernfs_fop_write_iter+0x3a6/0x4f0 [ 171.610075][ T5706] vfs_write+0x7b2/0xbb0 [ 171.614356][ T5706] ? file_end_write+0x240/0x240 [ 171.619232][ T5706] ? do_raw_spin_unlock+0x13b/0x8b0 [ 171.624447][ T5706] ? lockdep_hardirqs_on+0x98/0x140 [ 171.629671][ T5706] ? __fdget_pos+0x265/0x2f0 [ 171.634286][ T5706] ksys_write+0x1a0/0x2c0 [ 171.638645][ T5706] ? __ia32_sys_read+0x90/0x90 [ 171.643424][ T5706] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 171.649429][ T5706] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 171.655438][ T5706] do_syscall_64+0x41/0xc0 [ 171.659874][ T5706] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 171.665791][ T5706] RIP: 0033:0x7fd49ce20129 [ 171.670220][ T5706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5705] <... write resumed>) = 18 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 36 [pid 5709] chdir("./34" [pid 5705] close(3 [pid 5709] <... chdir resumed>) = 0 [pid 5705] <... close resumed>) = 0 [pid 5709] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5705] close(4 [pid 5709] <... prctl resumed>) = 0 [pid 5709] setpgid(0, 0 [pid 5705] <... close resumed>) = 0 [ 171.689835][ T5706] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.698282][ T5706] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 171.706277][ T5706] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 171.714291][ T5706] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 171.722277][ T5706] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 171.730257][ T5706] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000024 [ 171.738258][ T5706] [pid 5709] <... setpgid resumed>) = 0 [pid 5705] close(5 [pid 5709] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5705] <... close resumed>) = 0 [pid 5709] <... symlink resumed>) = 0 [pid 5705] close(6 [pid 5709] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5705] <... close resumed>) = 0 [pid 5709] <... symlink resumed>) = 0 [pid 5705] close(7) = -1 EBADF (Bad file descriptor) [pid 5705] close(8) = -1 EBADF (Bad file descriptor) [ 171.750549][ T5706] memory: usage 8kB, limit 0kB, failcnt 55 [ 171.756800][ T5706] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 171.765505][ T5706] Memory cgroup stats for /syz1: [ 171.766073][ T5706] anon 0 [ 171.766073][ T5706] file 0 [ 171.766073][ T5706] kernel 8192 [ 171.766073][ T5706] kernel_stack 0 [ 171.766073][ T5706] pagetables 0 [ 171.766073][ T5706] sec_pagetables 0 [ 171.766073][ T5706] percpu 0 [ 171.766073][ T5706] sock 0 [ 171.766073][ T5706] vmalloc 0 [ 171.766073][ T5706] shmem 0 [ 171.766073][ T5706] zswap 0 [ 171.766073][ T5706] zswapped 0 [ 171.766073][ T5706] file_mapped 0 [ 171.766073][ T5706] file_dirty 0 [ 171.766073][ T5706] file_writeback 0 [ 171.766073][ T5706] swapcached 0 [ 171.766073][ T5706] anon_thp 0 [ 171.766073][ T5706] file_thp 0 [ 171.766073][ T5706] shmem_thp 0 [ 171.766073][ T5706] inactive_anon 0 [ 171.766073][ T5706] active_anon 0 [ 171.766073][ T5706] inactive_file 0 [ 171.766073][ T5706] active_file 0 [ 171.766073][ T5706] unevictable 0 [pid 5709] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5705] close(9 [pid 5709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5705] close(10) = -1 EBADF (Bad file descriptor) [pid 5705] close(11) = -1 EBADF (Bad file descriptor) [pid 5705] close(12) = -1 EBADF (Bad file descriptor) [pid 5705] close(13) = -1 EBADF (Bad file descriptor) [pid 5705] close(14) = -1 EBADF (Bad file descriptor) [pid 5705] close(15) = -1 EBADF (Bad file descriptor) [pid 5705] close(16) = -1 EBADF (Bad file descriptor) [pid 5705] close(17) = -1 EBADF (Bad file descriptor) [pid 5705] close(18) = -1 EBADF (Bad file descriptor) [pid 5705] close(19 [pid 5709] <... openat resumed>) = 3 [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5709] write(3, "1000", 4 [pid 5705] close(20 [pid 5709] <... write resumed>) = 4 [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5709] close(3 [pid 5705] close(21 [pid 5709] <... close resumed>) = 0 [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5709] symlink("/dev/binderfs", "./binderfs" [pid 5705] close(22 [pid 5709] <... symlink resumed>) = 0 [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5709] mkdir("./file0", 000 [pid 5705] close(23) = -1 EBADF (Bad file descriptor) [pid 5709] <... mkdir resumed>) = 0 [pid 5705] close(24 [pid 5709] open("./file0", O_RDONLY [pid 5705] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5705] close(25) = -1 EBADF (Bad file descriptor) [pid 5705] close(26) = -1 EBADF (Bad file descriptor) [pid 5705] close(27) = -1 EBADF (Bad file descriptor) [pid 5705] close(28) = -1 EBADF (Bad file descriptor) [pid 5705] close(29) = -1 EBADF (Bad file descriptor) [ 171.766073][ T5706] slab_reclaimable 6752 [ 171.766073][ T5706] slab_unreclaimable 0 [ 171.766073][ T5706] slab 6752 [ 171.766073][ T5706] workingset_refault_anon 0 [ 171.870948][ T5706] Tasks state (memory values in pages): [ 171.877195][ T5706] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5709] <... open resumed>) = 3 [pid 5705] exit_group(0 [pid 5709] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5705] <... exit_group resumed>) = ? [pid 5709] <... mount resumed>) = 0 [pid 5705] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5075] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5706] <... write resumed>) = 18 [pid 5075] getdents64(3, [pid 5706] close(3 [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5706] <... close resumed>) = 0 [pid 5075] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5706] close(4 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5706] <... close resumed>) = 0 [pid 5075] lstat("./39/binderfs", [pid 5706] close(5 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5706] <... close resumed>) = 0 [pid 5075] unlink("./39/binderfs" [pid 5709] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5706] close(6 [pid 5075] <... unlink resumed>) = 0 [pid 5709] <... openat resumed>) = 4 [pid 5706] <... close resumed>) = 0 [pid 5075] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5709] openat(4, "syz1", O_RDWR|O_PATH [pid 5706] close(7 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5709] <... openat resumed>) = 5 [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] lstat("./39/cgroup", [pid 5709] openat(5, "memory.max", O_RDWR [pid 5706] close(8 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5709] <... openat resumed>) = 6 [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] unlink("./39/cgroup" [pid 5709] write(6, "0x000000000000040e", 18 [pid 5706] close(9 [pid 5075] <... unlink resumed>) = 0 [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5706] close(10 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] lstat("./39/cgroup.net", [pid 5706] close(11 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] unlink("./39/cgroup.net" [pid 5706] close(12 [pid 5075] <... unlink resumed>) = 0 [pid 5706] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5706] close(13) = -1 EBADF (Bad file descriptor) [pid 5706] close(14) = -1 EBADF (Bad file descriptor) [pid 5706] close(15) = -1 EBADF (Bad file descriptor) [pid 5706] close(16) = -1 EBADF (Bad file descriptor) [pid 5706] close(17) = -1 EBADF (Bad file descriptor) [pid 5706] close(18) = -1 EBADF (Bad file descriptor) [pid 5706] close(19) = -1 EBADF (Bad file descriptor) [pid 5706] close(20) = -1 EBADF (Bad file descriptor) [pid 5706] close(21) = -1 EBADF (Bad file descriptor) [pid 5706] close(22) = -1 EBADF (Bad file descriptor) [pid 5706] close(23) = -1 EBADF (Bad file descriptor) [pid 5706] close(24) = -1 EBADF (Bad file descriptor) [pid 5706] close(25) = -1 EBADF (Bad file descriptor) [pid 5706] close(26) = -1 EBADF (Bad file descriptor) [pid 5706] close(27) = -1 EBADF (Bad file descriptor) [pid 5706] close(28) = -1 EBADF (Bad file descriptor) [pid 5706] close(29) = -1 EBADF (Bad file descriptor) [pid 5706] exit_group(0) = ? [pid 5706] +++ exited with 0 +++ [ 171.895728][ T5706] Out of memory and no killable processes... [ 171.906310][ T5707] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 171.930418][ T5707] CPU: 0 PID: 5707 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 171.940913][ T5707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./36/binderfs") = 0 [pid 5073] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./36/cgroup") = 0 [pid 5073] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./36/cgroup.net") = 0 [ 171.951018][ T5707] Call Trace: [ 171.954333][ T5707] [ 171.957301][ T5707] dump_stack_lvl+0x1e7/0x2d0 [ 171.962037][ T5707] ? nf_tcp_handle_invalid+0x640/0x640 [ 171.967570][ T5707] ? panic+0x770/0x770 [ 171.971711][ T5707] dump_header+0xdc/0x940 [ 171.976118][ T5707] out_of_memory+0xf21/0x12c0 [ 171.980878][ T5707] ? mutex_lock_io_nested+0x60/0x60 [ 171.986124][ T5707] ? mark_lock+0x9a/0x340 [ 171.990508][ T5707] ? unregister_oom_notifier+0x20/0x20 [ 171.996000][ T5707] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 172.002053][ T5707] mem_cgroup_out_of_memory+0x263/0x3b0 [ 172.007668][ T5707] ? mem_cgroup_oom_trylock+0x210/0x210 [ 172.013264][ T5707] ? cgroup_file_notify+0x127/0x190 [ 172.018506][ T5707] memory_max_write+0x355/0x470 [ 172.023383][ T5707] ? memory_max_show+0xa0/0xa0 [ 172.028194][ T5707] ? read_lock_is_recursive+0x20/0x20 [ 172.033611][ T5707] ? memory_max_show+0xa0/0xa0 [ 172.038392][ T5707] cgroup_file_write+0x2b1/0x780 [ 172.043383][ T5707] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.048534][ T5707] ? __virt_addr_valid+0x22f/0x2e0 [ 172.053712][ T5707] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.058869][ T5707] kernfs_fop_write_iter+0x3a6/0x4f0 [ 172.064221][ T5707] vfs_write+0x7b2/0xbb0 [ 172.068529][ T5707] ? file_end_write+0x240/0x240 [ 172.073438][ T5707] ? do_raw_spin_unlock+0x13b/0x8b0 [ 172.078679][ T5707] ? lockdep_hardirqs_on+0x98/0x140 [ 172.083919][ T5707] ? __fdget_pos+0x265/0x2f0 [ 172.088566][ T5707] ksys_write+0x1a0/0x2c0 [ 172.092953][ T5707] ? __ia32_sys_read+0x90/0x90 [ 172.097767][ T5707] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 172.103783][ T5707] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 172.109820][ T5707] do_syscall_64+0x41/0xc0 [ 172.114290][ T5707] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 172.120234][ T5707] RIP: 0033:0x7fd49ce20129 [ 172.124690][ T5707] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.144356][ T5707] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 172.152824][ T5707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 172.160849][ T5707] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 172.168862][ T5707] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 172.176883][ T5707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 172.184878][ T5707] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000021 [ 172.192918][ T5707] [ 172.197250][ T5707] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = 0 [pid 5073] <... umount2 resumed>) = 0 [pid 5075] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./39/file0", [pid 5073] lstat("./36/file0", [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] <... openat resumed>) = 4 [pid 5073] <... openat resumed>) = 4 [pid 5075] fstat(4, [pid 5073] fstat(4, [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, [pid 5073] getdents64(4, [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, [pid 5073] getdents64(4, [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4 [pid 5073] close(4 [pid 5075] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5075] rmdir("./39/file0" [pid 5073] rmdir("./36/file0" [pid 5075] <... rmdir resumed>) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5075] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./39/cgroup.cpu", [pid 5073] lstat("./36/cgroup.cpu", [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./39/cgroup.cpu" [pid 5073] unlink("./36/cgroup.cpu" [pid 5075] <... unlink resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5075] getdents64(3, [pid 5073] getdents64(3, [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3 [pid 5073] close(3 [pid 5075] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [ 172.203118][ T5707] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 172.218427][ T5707] Memory cgroup stats for /syz1: [ 172.218632][ T5707] anon 0 [ 172.218632][ T5707] file 0 [ 172.218632][ T5707] kernel 8192 [ 172.218632][ T5707] kernel_stack 0 [ 172.218632][ T5707] pagetables 0 [ 172.218632][ T5707] sec_pagetables 0 [ 172.218632][ T5707] percpu 0 [ 172.218632][ T5707] sock 0 [ 172.218632][ T5707] vmalloc 0 [pid 5075] rmdir("./39" [pid 5073] rmdir("./36" [pid 5075] <... rmdir resumed>) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5075] mkdir("./40", 0777 [pid 5073] mkdir("./37", 0777 [pid 5075] <... mkdir resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5711 attached ./strace-static-x86_64: Process 5710 attached [pid 5711] chdir("./37" [pid 5710] chdir("./40" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 42 [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 39 [pid 5711] <... chdir resumed>) = 0 [pid 5710] <... chdir resumed>) = 0 [pid 5711] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5710] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5711] <... prctl resumed>) = 0 [pid 5710] <... prctl resumed>) = 0 [pid 5711] setpgid(0, 0 [pid 5710] setpgid(0, 0 [pid 5711] <... setpgid resumed>) = 0 [pid 5710] <... setpgid resumed>) = 0 [pid 5711] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5710] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5711] <... symlink resumed>) = 0 [pid 5710] <... symlink resumed>) = 0 [pid 5711] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5710] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5711] <... symlink resumed>) = 0 [pid 5710] <... symlink resumed>) = 0 [pid 5711] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5710] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5711] <... symlink resumed>) = 0 [pid 5710] <... symlink resumed>) = 0 [pid 5711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5711] <... openat resumed>) = 3 [pid 5710] <... openat resumed>) = 3 [pid 5711] write(3, "1000", 4 [pid 5710] write(3, "1000", 4 [pid 5711] <... write resumed>) = 4 [pid 5710] <... write resumed>) = 4 [pid 5711] close(3 [pid 5710] close(3 [pid 5711] <... close resumed>) = 0 [pid 5710] <... close resumed>) = 0 [pid 5711] symlink("/dev/binderfs", "./binderfs" [pid 5710] symlink("/dev/binderfs", "./binderfs" [pid 5711] <... symlink resumed>) = 0 [pid 5710] <... symlink resumed>) = 0 [ 172.218632][ T5707] shmem 0 [ 172.218632][ T5707] zswap 0 [ 172.218632][ T5707] zswapped 0 [ 172.218632][ T5707] file_mapped 0 [ 172.218632][ T5707] file_dirty 0 [ 172.218632][ T5707] file_writeback 0 [ 172.218632][ T5707] swapcached 0 [ 172.218632][ T5707] anon_thp 0 [ 172.218632][ T5707] file_thp 0 [ 172.218632][ T5707] shmem_thp 0 [ 172.218632][ T5707] inactive_anon 0 [ 172.218632][ T5707] active_anon 0 [ 172.218632][ T5707] inactive_file 0 [ 172.218632][ T5707] active_file 0 [ 172.218632][ T5707] unevictable 0 [ 172.218632][ T5707] slab_reclaimable 6752 [pid 5711] mkdir("./file0", 000 [pid 5710] mkdir("./file0", 000 [pid 5711] <... mkdir resumed>) = 0 [pid 5710] <... mkdir resumed>) = 0 [pid 5711] open("./file0", O_RDONLY [pid 5710] open("./file0", O_RDONLY [pid 5711] <... open resumed>) = 3 [pid 5710] <... open resumed>) = 3 [pid 5711] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5710] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5711] <... mount resumed>) = 0 [pid 5710] <... mount resumed>) = 0 [pid 5711] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5710] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5711] <... openat resumed>) = 4 [pid 5710] <... openat resumed>) = 4 [pid 5711] openat(4, "syz1", O_RDWR|O_PATH [pid 5710] openat(4, "syz1", O_RDWR|O_PATH [pid 5711] <... openat resumed>) = 5 [pid 5710] <... openat resumed>) = 5 [pid 5711] openat(5, "memory.max", O_RDWR [pid 5710] openat(5, "memory.max", O_RDWR [pid 5711] <... openat resumed>) = 6 [pid 5710] <... openat resumed>) = 6 [pid 5711] write(6, "0x000000000000040e", 18 [ 172.218632][ T5707] slab_unreclaimable 0 [ 172.218632][ T5707] slab 6752 [ 172.218632][ T5707] workingset_refault_anon 0 [ 172.327723][ T5707] Tasks state (memory values in pages): [ 172.333336][ T5707] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 172.351657][ T5707] Out of memory and no killable processes... [ 172.359744][ T5708] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 172.376422][ T5708] CPU: 0 PID: 5708 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 172.386924][ T5708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 172.397224][ T5708] Call Trace: [ 172.400545][ T5708] [ 172.403514][ T5708] dump_stack_lvl+0x1e7/0x2d0 [ 172.408267][ T5708] ? nf_tcp_handle_invalid+0x640/0x640 [ 172.413781][ T5708] ? panic+0x770/0x770 [ 172.417918][ T5708] dump_header+0xdc/0x940 [ 172.422303][ T5708] out_of_memory+0xf21/0x12c0 [ 172.427040][ T5708] ? mutex_lock_io_nested+0x60/0x60 [ 172.432298][ T5708] ? mark_lock+0x9a/0x340 [ 172.436661][ T5708] ? unregister_oom_notifier+0x20/0x20 [ 172.442134][ T5708] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 172.448140][ T5708] mem_cgroup_out_of_memory+0x263/0x3b0 [pid 5710] write(6, "0x000000000000040e", 18 [pid 5707] <... write resumed>) = 18 [ 172.453709][ T5708] ? mem_cgroup_oom_trylock+0x210/0x210 [ 172.459284][ T5708] ? cgroup_file_notify+0x127/0x190 [ 172.464507][ T5708] memory_max_write+0x355/0x470 [ 172.469396][ T5708] ? memory_max_show+0xa0/0xa0 [ 172.474214][ T5708] ? read_lock_is_recursive+0x20/0x20 [ 172.479633][ T5708] ? memory_max_show+0xa0/0xa0 [ 172.484419][ T5708] cgroup_file_write+0x2b1/0x780 [ 172.489405][ T5708] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.494550][ T5708] ? __virt_addr_valid+0x22f/0x2e0 [ 172.499709][ T5708] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.504844][ T5708] kernfs_fop_write_iter+0x3a6/0x4f0 [ 172.510175][ T5708] vfs_write+0x7b2/0xbb0 [ 172.514525][ T5708] ? file_end_write+0x240/0x240 [ 172.519416][ T5708] ? do_raw_spin_unlock+0x13b/0x8b0 [ 172.524644][ T5708] ? lockdep_hardirqs_on+0x98/0x140 [ 172.529883][ T5708] ? __fdget_pos+0x265/0x2f0 [ 172.534525][ T5708] ksys_write+0x1a0/0x2c0 [ 172.538913][ T5708] ? __ia32_sys_read+0x90/0x90 [ 172.543720][ T5708] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 172.549884][ T5708] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 172.555942][ T5708] do_syscall_64+0x41/0xc0 [ 172.560416][ T5708] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 172.566369][ T5708] RIP: 0033:0x7fd49ce20129 [ 172.570820][ T5708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.590463][ T5708] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5707] close(3) = 0 [pid 5707] close(4) = 0 [pid 5707] close(5) = 0 [pid 5707] close(6) = 0 [pid 5707] close(7) = -1 EBADF (Bad file descriptor) [pid 5707] close(8) = -1 EBADF (Bad file descriptor) [pid 5707] close(9) = -1 EBADF (Bad file descriptor) [pid 5707] close(10) = -1 EBADF (Bad file descriptor) [pid 5707] close(11) = -1 EBADF (Bad file descriptor) [pid 5707] close(12) = -1 EBADF (Bad file descriptor) [pid 5707] close(13) = -1 EBADF (Bad file descriptor) [pid 5707] close(14) = -1 EBADF (Bad file descriptor) [pid 5707] close(15) = -1 EBADF (Bad file descriptor) [pid 5707] close(16) = -1 EBADF (Bad file descriptor) [pid 5707] close(17) = -1 EBADF (Bad file descriptor) [pid 5707] close(18) = -1 EBADF (Bad file descriptor) [pid 5707] close(19) = -1 EBADF (Bad file descriptor) [pid 5707] close(20) = -1 EBADF (Bad file descriptor) [pid 5707] close(21) = -1 EBADF (Bad file descriptor) [pid 5707] close(22) = -1 EBADF (Bad file descriptor) [pid 5707] close(23) = -1 EBADF (Bad file descriptor) [pid 5707] close(24) = -1 EBADF (Bad file descriptor) [pid 5707] close(25) = -1 EBADF (Bad file descriptor) [pid 5707] close(26) = -1 EBADF (Bad file descriptor) [pid 5707] close(27) = -1 EBADF (Bad file descriptor) [pid 5707] close(28) = -1 EBADF (Bad file descriptor) [pid 5707] close(29) = -1 EBADF (Bad file descriptor) [pid 5707] exit_group(0) = ? [pid 5707] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 172.598954][ T5708] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 172.606969][ T5708] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 172.614985][ T5708] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 172.623010][ T5708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 172.631233][ T5708] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000029 [ 172.639279][ T5708] [pid 5070] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./33/binderfs") = 0 [pid 5070] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./33/cgroup") = 0 [pid 5070] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./33/cgroup.net") = 0 [ 172.666615][ T5708] memory: usage 8kB, limit 0kB, failcnt 55 [ 172.672554][ T5708] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 172.688278][ T5708] Memory cgroup stats for /syz1: [ 172.688486][ T5708] anon 0 [ 172.688486][ T5708] file 0 [ 172.688486][ T5708] kernel 8192 [ 172.688486][ T5708] kernel_stack 0 [ 172.688486][ T5708] pagetables 0 [ 172.688486][ T5708] sec_pagetables 0 [ 172.688486][ T5708] percpu 0 [ 172.688486][ T5708] sock 0 [ 172.688486][ T5708] vmalloc 0 [ 172.688486][ T5708] shmem 0 [ 172.688486][ T5708] zswap 0 [ 172.688486][ T5708] zswapped 0 [ 172.688486][ T5708] file_mapped 0 [ 172.688486][ T5708] file_dirty 0 [ 172.688486][ T5708] file_writeback 0 [ 172.688486][ T5708] swapcached 0 [ 172.688486][ T5708] anon_thp 0 [ 172.688486][ T5708] file_thp 0 [ 172.688486][ T5708] shmem_thp 0 [ 172.688486][ T5708] inactive_anon 0 [ 172.688486][ T5708] active_anon 0 [ 172.688486][ T5708] inactive_file 0 [ 172.688486][ T5708] active_file 0 [pid 5070] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./33/file0") = 0 [pid 5070] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./33/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./33") = 0 [pid 5070] mkdir("./34", 0777) = 0 [ 172.688486][ T5708] unevictable 0 [ 172.688486][ T5708] slab_reclaimable 6752 [ 172.688486][ T5708] slab_unreclaimable 0 [ 172.688486][ T5708] slab 6752 [ 172.688486][ T5708] workingset_refault_anon 0 [ 172.799619][ T5708] Tasks state (memory values in pages): [ 172.805236][ T5708] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 36 ./strace-static-x86_64: Process 5712 attached [pid 5708] <... write resumed>) = 18 [pid 5712] chdir("./34") = 0 [pid 5708] close(3 [pid 5712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] <... close resumed>) = 0 [pid 5712] setpgid(0, 0) = 0 [pid 5708] close(4 [pid 5712] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5708] <... close resumed>) = 0 [pid 5712] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5708] close(5 [pid 5712] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5708] <... close resumed>) = 0 [pid 5712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] close(6 [pid 5712] write(3, "1000", 4) = 4 [pid 5708] <... close resumed>) = 0 [pid 5712] close(3) = 0 [pid 5708] close(7 [ 172.822583][ T5708] Out of memory and no killable processes... [ 172.829216][ T5709] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 172.840490][ T5709] CPU: 1 PID: 5709 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 172.850975][ T5709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 172.861077][ T5709] Call Trace: [ 172.864391][ T5709] [ 172.867357][ T5709] dump_stack_lvl+0x1e7/0x2d0 [pid 5712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] mkdir("./file0", 000) = 0 [pid 5708] close(8 [pid 5712] open("./file0", O_RDONLY [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] <... open resumed>) = 3 [pid 5708] close(9 [pid 5712] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] <... mount resumed>) = 0 [pid 5708] close(10 [pid 5712] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] <... openat resumed>) = 4 [pid 5708] close(11 [pid 5712] openat(4, "syz1", O_RDWR|O_PATH [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] <... openat resumed>) = 5 [pid 5708] close(12 [pid 5712] openat(5, "memory.max", O_RDWR [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5712] <... openat resumed>) = 6 [pid 5708] close(13 [pid 5712] write(6, "0x000000000000040e", 18 [pid 5708] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5708] close(14) = -1 EBADF (Bad file descriptor) [pid 5708] close(15) = -1 EBADF (Bad file descriptor) [pid 5708] close(16) = -1 EBADF (Bad file descriptor) [pid 5708] close(17) = -1 EBADF (Bad file descriptor) [pid 5708] close(18) = -1 EBADF (Bad file descriptor) [pid 5708] close(19) = -1 EBADF (Bad file descriptor) [pid 5708] close(20) = -1 EBADF (Bad file descriptor) [pid 5708] close(21) = -1 EBADF (Bad file descriptor) [pid 5708] close(22) = -1 EBADF (Bad file descriptor) [pid 5708] close(23) = -1 EBADF (Bad file descriptor) [pid 5708] close(24) = -1 EBADF (Bad file descriptor) [pid 5708] close(25) = -1 EBADF (Bad file descriptor) [pid 5708] close(26) = -1 EBADF (Bad file descriptor) [pid 5708] close(27) = -1 EBADF (Bad file descriptor) [pid 5708] close(28) = -1 EBADF (Bad file descriptor) [pid 5708] close(29) = -1 EBADF (Bad file descriptor) [pid 5708] exit_group(0) = ? [pid 5708] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./41/binderfs") = 0 [pid 5074] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 172.872087][ T5709] ? nf_tcp_handle_invalid+0x640/0x640 [ 172.877604][ T5709] ? panic+0x770/0x770 [ 172.881751][ T5709] dump_header+0xdc/0x940 [ 172.886135][ T5709] out_of_memory+0xf21/0x12c0 [ 172.890866][ T5709] ? mutex_lock_io_nested+0x60/0x60 [ 172.896123][ T5709] ? preempt_schedule+0xdd/0xf0 [ 172.901028][ T5709] ? unregister_oom_notifier+0x20/0x20 [ 172.906537][ T5709] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 172.912579][ T5709] mem_cgroup_out_of_memory+0x263/0x3b0 [pid 5074] unlink("./41/cgroup") = 0 [pid 5074] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./41/cgroup.net") = 0 [ 172.918187][ T5709] ? preempt_schedule_thunk+0x1a/0x20 [ 172.923591][ T5709] ? mem_cgroup_oom_trylock+0x210/0x210 [ 172.929185][ T5709] ? cgroup_file_notify+0x127/0x190 [ 172.934430][ T5709] memory_max_write+0x355/0x470 [ 172.939310][ T5709] ? memory_max_show+0xa0/0xa0 [ 172.944124][ T5709] ? read_lock_is_recursive+0x20/0x20 [ 172.949513][ T5709] ? memory_max_show+0xa0/0xa0 [ 172.954288][ T5709] cgroup_file_write+0x2b1/0x780 [ 172.959243][ T5709] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.964363][ T5709] ? __virt_addr_valid+0x22f/0x2e0 [ 172.969522][ T5709] ? cgroup_seqfile_stop+0xd0/0xd0 [ 172.974646][ T5709] kernfs_fop_write_iter+0x3a6/0x4f0 [ 172.979955][ T5709] vfs_write+0x7b2/0xbb0 [ 172.984221][ T5709] ? file_end_write+0x240/0x240 [ 172.989092][ T5709] ? do_raw_spin_unlock+0x13b/0x8b0 [ 172.994306][ T5709] ? lockdep_hardirqs_on+0x98/0x140 [ 172.999531][ T5709] ? __fdget_pos+0x265/0x2f0 [ 173.004139][ T5709] ksys_write+0x1a0/0x2c0 [ 173.008489][ T5709] ? __ia32_sys_read+0x90/0x90 [ 173.013267][ T5709] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 173.019269][ T5709] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 173.025278][ T5709] do_syscall_64+0x41/0xc0 [ 173.029715][ T5709] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 173.035632][ T5709] RIP: 0033:0x7fd49ce20129 [ 173.040059][ T5709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.059676][ T5709] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5074] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 173.068103][ T5709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 173.076083][ T5709] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 173.084061][ T5709] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 173.092044][ T5709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 173.100026][ T5709] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000022 [ 173.108026][ T5709] [pid 5074] rmdir("./41/file0") = 0 [pid 5074] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./41/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./41") = 0 [pid 5074] mkdir("./42", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5713 attached [pid 5713] chdir("./42" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 44 [pid 5713] <... chdir resumed>) = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5713] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5713] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] mkdir("./file0", 000) = 0 [pid 5713] open("./file0", O_RDONLY) = 3 [pid 5713] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 173.131457][ T5709] memory: usage 8kB, limit 0kB, failcnt 55 [ 173.144335][ T5709] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 173.153923][ T5709] Memory cgroup stats for /syz1: [ 173.154134][ T5709] anon 0 [ 173.154134][ T5709] file 0 [ 173.154134][ T5709] kernel 8192 [ 173.154134][ T5709] kernel_stack 0 [ 173.154134][ T5709] pagetables 0 [ 173.154134][ T5709] sec_pagetables 0 [ 173.154134][ T5709] percpu 0 [pid 5713] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5713] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5713] openat(5, "memory.max", O_RDWR) = 6 [ 173.154134][ T5709] sock 0 [ 173.154134][ T5709] vmalloc 0 [ 173.154134][ T5709] shmem 0 [ 173.154134][ T5709] zswap 0 [ 173.154134][ T5709] zswapped 0 [ 173.154134][ T5709] file_mapped 0 [ 173.154134][ T5709] file_dirty 0 [ 173.154134][ T5709] file_writeback 0 [ 173.154134][ T5709] swapcached 0 [ 173.154134][ T5709] anon_thp 0 [ 173.154134][ T5709] file_thp 0 [ 173.154134][ T5709] shmem_thp 0 [ 173.154134][ T5709] inactive_anon 0 [ 173.154134][ T5709] active_anon 0 [ 173.154134][ T5709] inactive_file 0 [ 173.154134][ T5709] active_file 0 [ 173.154134][ T5709] unevictable 0 [ 173.154134][ T5709] slab_reclaimable 6752 [ 173.154134][ T5709] slab_unreclaimable 0 [ 173.154134][ T5709] slab 6752 [ 173.154134][ T5709] workingset_refault_anon 0 [ 173.253752][ T5709] Tasks state (memory values in pages): [ 173.260648][ T5709] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 173.273326][ T5709] Out of memory and no killable processes... [pid 5713] write(6, "0x000000000000040e", 18 [pid 5709] <... write resumed>) = 18 [pid 5709] close(3) = 0 [pid 5709] close(4) = 0 [pid 5709] close(5) = 0 [pid 5709] close(6) = 0 [pid 5709] close(7) = -1 EBADF (Bad file descriptor) [pid 5709] close(8) = -1 EBADF (Bad file descriptor) [pid 5709] close(9) = -1 EBADF (Bad file descriptor) [pid 5709] close(10) = -1 EBADF (Bad file descriptor) [pid 5709] close(11) = -1 EBADF (Bad file descriptor) [pid 5709] close(12) = -1 EBADF (Bad file descriptor) [pid 5709] close(13) = -1 EBADF (Bad file descriptor) [pid 5709] close(14) = -1 EBADF (Bad file descriptor) [pid 5709] close(15) = -1 EBADF (Bad file descriptor) [pid 5709] close(16) = -1 EBADF (Bad file descriptor) [pid 5709] close(17) = -1 EBADF (Bad file descriptor) [pid 5709] close(18) = -1 EBADF (Bad file descriptor) [pid 5709] close(19) = -1 EBADF (Bad file descriptor) [pid 5709] close(20) = -1 EBADF (Bad file descriptor) [pid 5709] close(21) = -1 EBADF (Bad file descriptor) [pid 5709] close(22) = -1 EBADF (Bad file descriptor) [pid 5709] close(23) = -1 EBADF (Bad file descriptor) [pid 5709] close(24) = -1 EBADF (Bad file descriptor) [pid 5709] close(25) = -1 EBADF (Bad file descriptor) [pid 5709] close(26) = -1 EBADF (Bad file descriptor) [pid 5709] close(27) = -1 EBADF (Bad file descriptor) [pid 5709] close(28) = -1 EBADF (Bad file descriptor) [pid 5709] close(29) = -1 EBADF (Bad file descriptor) [ 173.279842][ T5711] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 173.292021][ T5711] CPU: 1 PID: 5711 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 173.302510][ T5711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 173.312630][ T5711] Call Trace: [ 173.315970][ T5711] [ 173.318951][ T5711] dump_stack_lvl+0x1e7/0x2d0 [ 173.323685][ T5711] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5709] exit_group(0) = ? [pid 5709] +++ exited with 0 +++ [ 173.329198][ T5711] ? panic+0x770/0x770 [ 173.333351][ T5711] dump_header+0xdc/0x940 [ 173.337735][ T5711] out_of_memory+0xf21/0x12c0 [ 173.342481][ T5711] ? mutex_lock_io_nested+0x60/0x60 [ 173.347741][ T5711] ? mark_lock+0x9a/0x340 [ 173.352105][ T5711] ? unregister_oom_notifier+0x20/0x20 [ 173.357605][ T5711] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 173.363623][ T5711] mem_cgroup_out_of_memory+0x263/0x3b0 [ 173.369218][ T5711] ? mem_cgroup_oom_trylock+0x210/0x210 [ 173.374828][ T5711] ? cgroup_file_notify+0x127/0x190 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5072] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./34/binderfs") = 0 [ 173.380062][ T5711] memory_max_write+0x355/0x470 [ 173.384945][ T5711] ? memory_max_show+0xa0/0xa0 [ 173.389738][ T5711] ? read_lock_is_recursive+0x20/0x20 [ 173.395146][ T5711] ? memory_max_show+0xa0/0xa0 [ 173.399937][ T5711] cgroup_file_write+0x2b1/0x780 [ 173.404914][ T5711] ? cgroup_seqfile_stop+0xd0/0xd0 [ 173.410046][ T5711] ? __virt_addr_valid+0x22f/0x2e0 [ 173.415192][ T5711] ? cgroup_seqfile_stop+0xd0/0xd0 [ 173.420319][ T5711] kernfs_fop_write_iter+0x3a6/0x4f0 [ 173.425631][ T5711] vfs_write+0x7b2/0xbb0 [ 173.429899][ T5711] ? file_end_write+0x240/0x240 [ 173.434778][ T5711] ? do_raw_spin_unlock+0x13b/0x8b0 [ 173.439995][ T5711] ? lockdep_hardirqs_on+0x98/0x140 [ 173.445223][ T5711] ? __fdget_pos+0x265/0x2f0 [ 173.449851][ T5711] ksys_write+0x1a0/0x2c0 [ 173.454232][ T5711] ? __ia32_sys_read+0x90/0x90 [ 173.459016][ T5711] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 173.465029][ T5711] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 173.471038][ T5711] do_syscall_64+0x41/0xc0 [ 173.475475][ T5711] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 173.481394][ T5711] RIP: 0033:0x7fd49ce20129 [ 173.485821][ T5711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.505457][ T5711] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 173.514036][ T5711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 173.522050][ T5711] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./34/cgroup") = 0 [pid 5072] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./34/cgroup.net") = 0 [pid 5072] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 173.530044][ T5711] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 173.538028][ T5711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 173.546024][ T5711] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000025 [ 173.554037][ T5711] [pid 5072] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./34/file0") = 0 [pid 5072] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./34/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./34") = 0 [pid 5072] mkdir("./35", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 37 [ 173.575318][ T5711] memory: usage 8kB, limit 0kB, failcnt 55 [ 173.583740][ T5711] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 173.592851][ T5711] Memory cgroup stats for /syz1: [ 173.593511][ T5711] anon 0 [ 173.593511][ T5711] file 0 [ 173.593511][ T5711] kernel 8192 [ 173.593511][ T5711] kernel_stack 0 [ 173.593511][ T5711] pagetables 0 [ 173.593511][ T5711] sec_pagetables 0 [ 173.593511][ T5711] percpu 0 [ 173.593511][ T5711] sock 0 [ 173.593511][ T5711] vmalloc 0 [ 173.593511][ T5711] shmem 0 [ 173.593511][ T5711] zswap 0 [ 173.593511][ T5711] zswapped 0 [ 173.593511][ T5711] file_mapped 0 [ 173.593511][ T5711] file_dirty 0 [ 173.593511][ T5711] file_writeback 0 [ 173.593511][ T5711] swapcached 0 [ 173.593511][ T5711] anon_thp 0 [ 173.593511][ T5711] file_thp 0 [ 173.593511][ T5711] shmem_thp 0 [ 173.593511][ T5711] inactive_anon 0 [ 173.593511][ T5711] active_anon 0 [ 173.593511][ T5711] inactive_file 0 [ 173.593511][ T5711] active_file 0 [ 173.593511][ T5711] unevictable 0 ./strace-static-x86_64: Process 5714 attached [pid 5714] chdir("./35") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5714] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5714] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] mkdir("./file0", 000) = 0 [pid 5714] open("./file0", O_RDONLY) = 3 [pid 5714] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5714] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5714] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5714] openat(5, "memory.max", O_RDWR) = 6 [ 173.593511][ T5711] slab_reclaimable 6752 [ 173.593511][ T5711] slab_unreclaimable 0 [ 173.593511][ T5711] slab 6752 [ 173.593511][ T5711] workingset_refault_anon 0 [ 173.703952][ T5711] Tasks state (memory values in pages): [ 173.713600][ T5711] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5714] write(6, "0x000000000000040e", 18 [pid 5711] <... write resumed>) = 18 [pid 5711] close(3) = 0 [pid 5711] close(4) = 0 [pid 5711] close(5) = 0 [pid 5711] close(6) = 0 [pid 5711] close(7) = -1 EBADF (Bad file descriptor) [pid 5711] close(8) = -1 EBADF (Bad file descriptor) [pid 5711] close(9) = -1 EBADF (Bad file descriptor) [pid 5711] close(10) = -1 EBADF (Bad file descriptor) [pid 5711] close(11) = -1 EBADF (Bad file descriptor) [pid 5711] close(12) = -1 EBADF (Bad file descriptor) [pid 5711] close(13) = -1 EBADF (Bad file descriptor) [pid 5711] close(14) = -1 EBADF (Bad file descriptor) [pid 5711] close(15) = -1 EBADF (Bad file descriptor) [pid 5711] close(16) = -1 EBADF (Bad file descriptor) [pid 5711] close(17) = -1 EBADF (Bad file descriptor) [pid 5711] close(18) = -1 EBADF (Bad file descriptor) [pid 5711] close(19) = -1 EBADF (Bad file descriptor) [pid 5711] close(20) = -1 EBADF (Bad file descriptor) [pid 5711] close(21) = -1 EBADF (Bad file descriptor) [pid 5711] close(22) = -1 EBADF (Bad file descriptor) [pid 5711] close(23) = -1 EBADF (Bad file descriptor) [pid 5711] close(24) = -1 EBADF (Bad file descriptor) [pid 5711] close(25) = -1 EBADF (Bad file descriptor) [ 173.728472][ T5711] Out of memory and no killable processes... [ 173.734563][ T5710] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 173.752312][ T5710] CPU: 1 PID: 5710 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 173.762799][ T5710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 173.772905][ T5710] Call Trace: [pid 5711] close(26) = -1 EBADF (Bad file descriptor) [pid 5711] close(27) = -1 EBADF (Bad file descriptor) [pid 5711] close(28) = -1 EBADF (Bad file descriptor) [pid 5711] close(29) = -1 EBADF (Bad file descriptor) [pid 5711] exit_group(0) = ? [pid 5711] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 173.776229][ T5710] [ 173.779203][ T5710] dump_stack_lvl+0x1e7/0x2d0 [ 173.783942][ T5710] ? nf_tcp_handle_invalid+0x640/0x640 [ 173.789454][ T5710] ? panic+0x770/0x770 [ 173.793601][ T5710] dump_header+0xdc/0x940 [ 173.797990][ T5710] out_of_memory+0xf21/0x12c0 [ 173.802730][ T5710] ? mutex_lock_io_nested+0x60/0x60 [ 173.807996][ T5710] ? mark_lock+0x9a/0x340 [ 173.812375][ T5710] ? unregister_oom_notifier+0x20/0x20 [ 173.817884][ T5710] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 173.823919][ T5710] mem_cgroup_out_of_memory+0x263/0x3b0 [ 173.829540][ T5710] ? mem_cgroup_oom_trylock+0x210/0x210 [ 173.835164][ T5710] ? cgroup_file_notify+0x10a/0x190 [ 173.840423][ T5710] memory_max_write+0x355/0x470 [ 173.845340][ T5710] ? memory_max_show+0xa0/0xa0 [ 173.850157][ T5710] ? read_lock_is_recursive+0x20/0x20 [ 173.855585][ T5710] ? memory_max_show+0xa0/0xa0 [ 173.860402][ T5710] cgroup_file_write+0x2b1/0x780 [ 173.865394][ T5710] ? cgroup_seqfile_stop+0xd0/0xd0 [ 173.870557][ T5710] ? __virt_addr_valid+0x22f/0x2e0 [ 173.875738][ T5710] ? cgroup_seqfile_stop+0xd0/0xd0 [ 173.880866][ T5710] kernfs_fop_write_iter+0x3a6/0x4f0 [ 173.886178][ T5710] vfs_write+0x7b2/0xbb0 [ 173.890475][ T5710] ? file_end_write+0x240/0x240 [ 173.895397][ T5710] ? do_raw_spin_unlock+0x13b/0x8b0 [ 173.900654][ T5710] ? lockdep_hardirqs_on+0x98/0x140 [ 173.905887][ T5710] ? __fdget_pos+0x265/0x2f0 [ 173.910516][ T5710] ksys_write+0x1a0/0x2c0 [ 173.914899][ T5710] ? __ia32_sys_read+0x90/0x90 [ 173.919720][ T5710] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 173.925746][ T5710] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 173.931769][ T5710] do_syscall_64+0x41/0xc0 [ 173.936227][ T5710] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 173.942155][ T5710] RIP: 0033:0x7fd49ce20129 [ 173.946613][ T5710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.966253][ T5710] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./37/binderfs") = 0 [pid 5073] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./37/cgroup") = 0 [pid 5073] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./37/cgroup.net") = 0 [pid 5073] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 173.974700][ T5710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 173.982713][ T5710] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 173.990716][ T5710] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 173.998713][ T5710] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 174.006728][ T5710] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000028 [ 174.014771][ T5710] [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./37/file0") = 0 [pid 5073] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./37/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./37") = 0 [pid 5073] mkdir("./38", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5715 attached [pid 5715] chdir("./38" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 40 [pid 5715] <... chdir resumed>) = 0 [pid 5715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5715] setpgid(0, 0) = 0 [pid 5715] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5715] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5715] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5715] write(3, "1000", 4) = 4 [pid 5715] close(3) = 0 [pid 5715] symlink("/dev/binderfs", "./binderfs") = 0 [ 174.033164][ T5710] memory: usage 8kB, limit 0kB, failcnt 55 [ 174.041051][ T5710] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 174.055123][ T5710] Memory cgroup stats for /syz1: [ 174.055336][ T5710] anon 0 [ 174.055336][ T5710] file 0 [ 174.055336][ T5710] kernel 8192 [ 174.055336][ T5710] kernel_stack 0 [ 174.055336][ T5710] pagetables 0 [ 174.055336][ T5710] sec_pagetables 0 [ 174.055336][ T5710] percpu 0 [pid 5715] mkdir("./file0", 000) = 0 [pid 5715] open("./file0", O_RDONLY) = 3 [pid 5715] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 174.055336][ T5710] sock 0 [ 174.055336][ T5710] vmalloc 0 [ 174.055336][ T5710] shmem 0 [ 174.055336][ T5710] zswap 0 [ 174.055336][ T5710] zswapped 0 [ 174.055336][ T5710] file_mapped 0 [ 174.055336][ T5710] file_dirty 0 [ 174.055336][ T5710] file_writeback 0 [ 174.055336][ T5710] swapcached 0 [ 174.055336][ T5710] anon_thp 0 [ 174.055336][ T5710] file_thp 0 [ 174.055336][ T5710] shmem_thp 0 [ 174.055336][ T5710] inactive_anon 0 [ 174.055336][ T5710] active_anon 0 [ 174.055336][ T5710] inactive_file 0 [ 174.055336][ T5710] active_file 0 [pid 5715] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5715] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5715] openat(5, "memory.max", O_RDWR) = 6 [ 174.055336][ T5710] unevictable 0 [ 174.055336][ T5710] slab_reclaimable 6752 [ 174.055336][ T5710] slab_unreclaimable 0 [ 174.055336][ T5710] slab 6752 [ 174.055336][ T5710] workingset_refault_anon 0 [ 174.157412][ T5710] Tasks state (memory values in pages): [ 174.163018][ T5710] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 174.172587][ T5710] Out of memory and no killable processes... [pid 5715] write(6, "0x000000000000040e", 18 [pid 5710] <... write resumed>) = 18 [pid 5710] close(3) = 0 [pid 5710] close(4) = 0 [pid 5710] close(5) = 0 [pid 5710] close(6) = 0 [pid 5710] close(7) = -1 EBADF (Bad file descriptor) [pid 5710] close(8) = -1 EBADF (Bad file descriptor) [pid 5710] close(9) = -1 EBADF (Bad file descriptor) [pid 5710] close(10) = -1 EBADF (Bad file descriptor) [pid 5710] close(11) = -1 EBADF (Bad file descriptor) [pid 5710] close(12) = -1 EBADF (Bad file descriptor) [pid 5710] close(13) = -1 EBADF (Bad file descriptor) [pid 5710] close(14) = -1 EBADF (Bad file descriptor) [pid 5710] close(15) = -1 EBADF (Bad file descriptor) [pid 5710] close(16) = -1 EBADF (Bad file descriptor) [pid 5710] close(17) = -1 EBADF (Bad file descriptor) [pid 5710] close(18) = -1 EBADF (Bad file descriptor) [pid 5710] close(19) = -1 EBADF (Bad file descriptor) [pid 5710] close(20) = -1 EBADF (Bad file descriptor) [pid 5710] close(21) = -1 EBADF (Bad file descriptor) [pid 5710] close(22) = -1 EBADF (Bad file descriptor) [pid 5710] close(23) = -1 EBADF (Bad file descriptor) [pid 5710] close(24) = -1 EBADF (Bad file descriptor) [pid 5710] close(25) = -1 EBADF (Bad file descriptor) [pid 5710] close(26) = -1 EBADF (Bad file descriptor) [pid 5710] close(27) = -1 EBADF (Bad file descriptor) [pid 5710] close(28) = -1 EBADF (Bad file descriptor) [pid 5710] close(29) = -1 EBADF (Bad file descriptor) [pid 5710] exit_group(0) = ? [pid 5710] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./40/binderfs") = 0 [pid 5075] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./40/cgroup") = 0 [pid 5075] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./40/cgroup.net") = 0 [ 174.178776][ T5712] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 174.190141][ T5712] CPU: 0 PID: 5712 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 174.200605][ T5712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 174.210720][ T5712] Call Trace: [ 174.214045][ T5712] [ 174.217029][ T5712] dump_stack_lvl+0x1e7/0x2d0 [ 174.221775][ T5712] ? nf_tcp_handle_invalid+0x640/0x640 [ 174.227285][ T5712] ? panic+0x770/0x770 [ 174.231428][ T5712] dump_header+0xdc/0x940 [ 174.235820][ T5712] out_of_memory+0xf21/0x12c0 [ 174.240560][ T5712] ? mutex_lock_io_nested+0x60/0x60 [ 174.245822][ T5712] ? preempt_schedule+0xdd/0xf0 [ 174.250713][ T5712] ? unregister_oom_notifier+0x20/0x20 [ 174.256215][ T5712] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 174.262262][ T5712] mem_cgroup_out_of_memory+0x263/0x3b0 [ 174.267866][ T5712] ? preempt_schedule_thunk+0x1a/0x20 [ 174.273284][ T5712] ? mem_cgroup_oom_trylock+0x210/0x210 [ 174.278871][ T5712] ? cgroup_file_notify+0x127/0x190 [ 174.284160][ T5712] memory_max_write+0x355/0x470 [ 174.289077][ T5712] ? memory_max_show+0xa0/0xa0 [ 174.293877][ T5712] ? read_lock_is_recursive+0x20/0x20 [ 174.299286][ T5712] ? memory_max_show+0xa0/0xa0 [ 174.304094][ T5712] cgroup_file_write+0x2b1/0x780 [ 174.309095][ T5712] ? cgroup_seqfile_stop+0xd0/0xd0 [ 174.314245][ T5712] ? __virt_addr_valid+0x22f/0x2e0 [ 174.319420][ T5712] ? cgroup_seqfile_stop+0xd0/0xd0 [ 174.324569][ T5712] kernfs_fop_write_iter+0x3a6/0x4f0 [ 174.329899][ T5712] vfs_write+0x7b2/0xbb0 [ 174.334181][ T5712] ? file_end_write+0x240/0x240 [ 174.339089][ T5712] ? do_raw_spin_unlock+0x13b/0x8b0 [ 174.344335][ T5712] ? lockdep_hardirqs_on+0x98/0x140 [ 174.349591][ T5712] ? __fdget_pos+0x265/0x2f0 [ 174.354230][ T5712] ksys_write+0x1a0/0x2c0 [ 174.358682][ T5712] ? __ia32_sys_read+0x90/0x90 [ 174.363485][ T5712] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 174.369523][ T5712] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 174.375596][ T5712] do_syscall_64+0x41/0xc0 [ 174.380053][ T5712] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.385986][ T5712] RIP: 0033:0x7fd49ce20129 [ 174.390442][ T5712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 174.410098][ T5712] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.418558][ T5712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 174.426557][ T5712] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 174.434571][ T5712] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 174.442587][ T5712] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 174.450601][ T5712] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000022 [ 174.458643][ T5712] [ 174.471555][ T5712] memory: usage 8kB, limit 0kB, failcnt 55 [ 174.477607][ T5712] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./40/file0") = 0 [pid 5075] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./40/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./40") = 0 [pid 5075] mkdir("./41", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 43 [ 174.484494][ T5712] Memory cgroup stats for /syz1: [ 174.484713][ T5712] anon 0 [ 174.484713][ T5712] file 0 [ 174.484713][ T5712] kernel 8192 [ 174.484713][ T5712] kernel_stack 0 [ 174.484713][ T5712] pagetables 0 [ 174.484713][ T5712] sec_pagetables 0 [ 174.484713][ T5712] percpu 0 [ 174.484713][ T5712] sock 0 [ 174.484713][ T5712] vmalloc 0 [ 174.484713][ T5712] shmem 0 [ 174.484713][ T5712] zswap 0 [ 174.484713][ T5712] zswapped 0 [ 174.484713][ T5712] file_mapped 0 [ 174.484713][ T5712] file_dirty 0 ./strace-static-x86_64: Process 5716 attached [ 174.484713][ T5712] file_writeback 0 [ 174.484713][ T5712] swapcached 0 [ 174.484713][ T5712] anon_thp 0 [ 174.484713][ T5712] file_thp 0 [ 174.484713][ T5712] shmem_thp 0 [ 174.484713][ T5712] inactive_anon 0 [ 174.484713][ T5712] active_anon 0 [ 174.484713][ T5712] inactive_file 0 [ 174.484713][ T5712] active_file 0 [ 174.484713][ T5712] unevictable 0 [ 174.484713][ T5712] slab_reclaimable 6752 [ 174.484713][ T5712] slab_unreclaimable 0 [ 174.484713][ T5712] slab 6752 [ 174.484713][ T5712] workingset_refault_anon 0 [pid 5716] chdir("./41") = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5716] setpgid(0, 0 [pid 5712] <... write resumed>) = 18 [ 174.585349][ T5712] Tasks state (memory values in pages): [ 174.591895][ T5712] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 174.601800][ T5712] Out of memory and no killable processes... [ 174.608883][ T5713] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 174.619774][ T5713] CPU: 0 PID: 5713 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5716] <... setpgid resumed>) = 0 [pid 5716] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5716] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5716] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 174.630243][ T5713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 174.640346][ T5713] Call Trace: [ 174.643662][ T5713] [ 174.646633][ T5713] dump_stack_lvl+0x1e7/0x2d0 [ 174.651369][ T5713] ? nf_tcp_handle_invalid+0x640/0x640 [ 174.656882][ T5713] ? panic+0x770/0x770 [ 174.661018][ T5713] dump_header+0xdc/0x940 [ 174.665407][ T5713] out_of_memory+0xf21/0x12c0 [ 174.670148][ T5713] ? mutex_lock_io_nested+0x60/0x60 [ 174.675416][ T5713] ? mark_lock+0x9a/0x340 [ 174.679798][ T5713] ? unregister_oom_notifier+0x20/0x20 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5716] mkdir("./file0", 000) = 0 [pid 5716] open("./file0", O_RDONLY) = 3 [pid 5716] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5716] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5716] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5716] openat(5, "memory.max", O_RDWR) = 6 [ 174.685312][ T5713] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 174.691352][ T5713] mem_cgroup_out_of_memory+0x263/0x3b0 [ 174.696961][ T5713] ? mem_cgroup_oom_trylock+0x210/0x210 [ 174.702801][ T5713] ? cgroup_file_notify+0x127/0x190 [ 174.708074][ T5713] memory_max_write+0x355/0x470 [ 174.712992][ T5713] ? memory_max_show+0xa0/0xa0 [ 174.717819][ T5713] ? read_lock_is_recursive+0x20/0x20 [ 174.723256][ T5713] ? memory_max_show+0xa0/0xa0 [ 174.728070][ T5713] cgroup_file_write+0x2b1/0x780 [ 174.733045][ T5713] ? cgroup_seqfile_stop+0xd0/0xd0 [ 174.738173][ T5713] ? __virt_addr_valid+0x22f/0x2e0 [ 174.743328][ T5713] ? cgroup_seqfile_stop+0xd0/0xd0 [ 174.748455][ T5713] kernfs_fop_write_iter+0x3a6/0x4f0 [ 174.753772][ T5713] vfs_write+0x7b2/0xbb0 [ 174.758043][ T5713] ? file_end_write+0x240/0x240 [ 174.762914][ T5713] ? do_raw_spin_unlock+0x13b/0x8b0 [ 174.768130][ T5713] ? lockdep_hardirqs_on+0x98/0x140 [ 174.773356][ T5713] ? __fdget_pos+0x265/0x2f0 [ 174.777971][ T5713] ksys_write+0x1a0/0x2c0 [ 174.782341][ T5713] ? __ia32_sys_read+0x90/0x90 [ 174.787121][ T5713] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 174.793126][ T5713] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 174.799146][ T5713] do_syscall_64+0x41/0xc0 [ 174.803580][ T5713] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.809502][ T5713] RIP: 0033:0x7fd49ce20129 [ 174.813929][ T5713] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5716] write(6, "0x000000000000040e", 18 [pid 5712] close(3) = 0 [pid 5712] close(4) = 0 [pid 5712] close(5) = 0 [pid 5712] close(6) = 0 [pid 5712] close(7) = -1 EBADF (Bad file descriptor) [pid 5712] close(8) = -1 EBADF (Bad file descriptor) [pid 5712] close(9) = -1 EBADF (Bad file descriptor) [pid 5712] close(10) = -1 EBADF (Bad file descriptor) [pid 5712] close(11) = -1 EBADF (Bad file descriptor) [pid 5712] close(12) = -1 EBADF (Bad file descriptor) [pid 5712] close(13) = -1 EBADF (Bad file descriptor) [pid 5712] close(14) = -1 EBADF (Bad file descriptor) [pid 5712] close(15) = -1 EBADF (Bad file descriptor) [pid 5712] close(16) = -1 EBADF (Bad file descriptor) [pid 5712] close(17) = -1 EBADF (Bad file descriptor) [pid 5712] close(18) = -1 EBADF (Bad file descriptor) [pid 5712] close(19) = -1 EBADF (Bad file descriptor) [pid 5712] close(20) = -1 EBADF (Bad file descriptor) [pid 5712] close(21) = -1 EBADF (Bad file descriptor) [pid 5712] close(22) = -1 EBADF (Bad file descriptor) [pid 5712] close(23) = -1 EBADF (Bad file descriptor) [pid 5712] close(24) = -1 EBADF (Bad file descriptor) [pid 5712] close(25) = -1 EBADF (Bad file descriptor) [pid 5712] close(26) = -1 EBADF (Bad file descriptor) [pid 5712] close(27) = -1 EBADF (Bad file descriptor) [pid 5712] close(28) = -1 EBADF (Bad file descriptor) [pid 5712] close(29) = -1 EBADF (Bad file descriptor) [pid 5712] exit_group(0) = ? [pid 5712] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 174.833548][ T5713] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.841977][ T5713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 174.849965][ T5713] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 174.857950][ T5713] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 174.865938][ T5713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 174.873916][ T5713] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002a [ 174.881917][ T5713] [pid 5070] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./34/binderfs") = 0 [pid 5070] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./34/cgroup") = 0 [pid 5070] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./34/cgroup.net") = 0 [pid 5070] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./34/file0") = 0 [pid 5070] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./34/cgroup.cpu") = 0 [ 174.931288][ T5713] memory: usage 8kB, limit 0kB, failcnt 55 [ 174.940418][ T5713] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 174.952210][ T5713] Memory cgroup stats for /syz1: [ 174.952432][ T5713] anon 0 [ 174.952432][ T5713] file 0 [ 174.952432][ T5713] kernel 8192 [ 174.952432][ T5713] kernel_stack 0 [ 174.952432][ T5713] pagetables 0 [ 174.952432][ T5713] sec_pagetables 0 [ 174.952432][ T5713] percpu 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./34") = 0 [pid 5070] mkdir("./35", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 37 ./strace-static-x86_64: Process 5717 attached [pid 5717] chdir("./35") = 0 [pid 5717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5717] setpgid(0, 0) = 0 [pid 5717] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5717] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5717] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 174.952432][ T5713] sock 0 [ 174.952432][ T5713] vmalloc 0 [ 174.952432][ T5713] shmem 0 [ 174.952432][ T5713] zswap 0 [ 174.952432][ T5713] zswapped 0 [ 174.952432][ T5713] file_mapped 0 [ 174.952432][ T5713] file_dirty 0 [ 174.952432][ T5713] file_writeback 0 [ 174.952432][ T5713] swapcached 0 [ 174.952432][ T5713] anon_thp 0 [ 174.952432][ T5713] file_thp 0 [ 174.952432][ T5713] shmem_thp 0 [ 174.952432][ T5713] inactive_anon 0 [ 174.952432][ T5713] active_anon 0 [ 174.952432][ T5713] inactive_file 0 [ 174.952432][ T5713] active_file 0 [pid 5717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5717] write(3, "1000", 4) = 4 [pid 5717] close(3) = 0 [pid 5717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5717] mkdir("./file0", 000) = 0 [pid 5717] open("./file0", O_RDONLY) = 3 [pid 5717] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5717] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5717] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5717] openat(5, "memory.max", O_RDWR) = 6 [ 174.952432][ T5713] unevictable 0 [ 174.952432][ T5713] slab_reclaimable 6752 [ 174.952432][ T5713] slab_unreclaimable 0 [ 174.952432][ T5713] slab 6752 [ 174.952432][ T5713] workingset_refault_anon 0 [ 175.051129][ T5713] Tasks state (memory values in pages): [ 175.056863][ T5713] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 175.066372][ T5713] Out of memory and no killable processes... [pid 5717] write(6, "0x000000000000040e", 18 [pid 5713] <... write resumed>) = 18 [pid 5713] close(3) = 0 [pid 5713] close(4) = 0 [pid 5713] close(5) = 0 [pid 5713] close(6) = 0 [pid 5713] close(7) = -1 EBADF (Bad file descriptor) [pid 5713] close(8) = -1 EBADF (Bad file descriptor) [pid 5713] close(9) = -1 EBADF (Bad file descriptor) [pid 5713] close(10) = -1 EBADF (Bad file descriptor) [pid 5713] close(11) = -1 EBADF (Bad file descriptor) [pid 5713] close(12) = -1 EBADF (Bad file descriptor) [pid 5713] close(13) = -1 EBADF (Bad file descriptor) [pid 5713] close(14) = -1 EBADF (Bad file descriptor) [pid 5713] close(15) = -1 EBADF (Bad file descriptor) [ 175.072566][ T5714] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 175.083026][ T5714] CPU: 0 PID: 5714 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 175.093490][ T5714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 175.103592][ T5714] Call Trace: [ 175.106916][ T5714] [ 175.109889][ T5714] dump_stack_lvl+0x1e7/0x2d0 [ 175.114638][ T5714] ? nf_tcp_handle_invalid+0x640/0x640 [ 175.120158][ T5714] ? panic+0x770/0x770 [ 175.124304][ T5714] dump_header+0xdc/0x940 [pid 5713] close(16) = -1 EBADF (Bad file descriptor) [pid 5713] close(17) = -1 EBADF (Bad file descriptor) [pid 5713] close(18) = -1 EBADF (Bad file descriptor) [pid 5713] close(19) = -1 EBADF (Bad file descriptor) [pid 5713] close(20) = -1 EBADF (Bad file descriptor) [pid 5713] close(21) = -1 EBADF (Bad file descriptor) [pid 5713] close(22) = -1 EBADF (Bad file descriptor) [pid 5713] close(23) = -1 EBADF (Bad file descriptor) [pid 5713] close(24) = -1 EBADF (Bad file descriptor) [pid 5713] close(25) = -1 EBADF (Bad file descriptor) [pid 5713] close(26) = -1 EBADF (Bad file descriptor) [pid 5713] close(27) = -1 EBADF (Bad file descriptor) [pid 5713] close(28) = -1 EBADF (Bad file descriptor) [pid 5713] close(29) = -1 EBADF (Bad file descriptor) [pid 5713] exit_group(0) = ? [pid 5713] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 175.128699][ T5714] out_of_memory+0xf21/0x12c0 [ 175.133443][ T5714] ? mutex_lock_io_nested+0x60/0x60 [ 175.138722][ T5714] ? mark_lock+0x9a/0x340 [ 175.143092][ T5714] ? unregister_oom_notifier+0x20/0x20 [ 175.148597][ T5714] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 175.154650][ T5714] mem_cgroup_out_of_memory+0x263/0x3b0 [ 175.160257][ T5714] ? mem_cgroup_oom_trylock+0x210/0x210 [ 175.165875][ T5714] ? cgroup_file_notify+0x127/0x190 [ 175.171150][ T5714] memory_max_write+0x355/0x470 [ 175.176072][ T5714] ? memory_max_show+0xa0/0xa0 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 175.180900][ T5714] ? read_lock_is_recursive+0x20/0x20 [ 175.186338][ T5714] ? memory_max_show+0xa0/0xa0 [ 175.191145][ T5714] cgroup_file_write+0x2b1/0x780 [ 175.196106][ T5714] ? cgroup_seqfile_stop+0xd0/0xd0 [ 175.201235][ T5714] ? __virt_addr_valid+0x22f/0x2e0 [ 175.206416][ T5714] ? cgroup_seqfile_stop+0xd0/0xd0 [ 175.211545][ T5714] kernfs_fop_write_iter+0x3a6/0x4f0 [ 175.216860][ T5714] vfs_write+0x7b2/0xbb0 [ 175.221132][ T5714] ? file_end_write+0x240/0x240 [ 175.226007][ T5714] ? do_raw_spin_unlock+0x13b/0x8b0 [ 175.231227][ T5714] ? lockdep_hardirqs_on+0x98/0x140 [ 175.236453][ T5714] ? __fdget_pos+0x265/0x2f0 [ 175.241066][ T5714] ksys_write+0x1a0/0x2c0 [ 175.245422][ T5714] ? __ia32_sys_read+0x90/0x90 [ 175.250201][ T5714] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 175.256207][ T5714] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 175.262231][ T5714] do_syscall_64+0x41/0xc0 [ 175.266666][ T5714] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 175.272585][ T5714] RIP: 0033:0x7fd49ce20129 [ 175.277013][ T5714] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.296663][ T5714] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 175.305101][ T5714] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 175.313101][ T5714] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 175.321089][ T5714] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./42/binderfs") = 0 [pid 5074] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 175.329078][ T5714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 175.337064][ T5714] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000023 [ 175.345068][ T5714] [ 175.355800][ T5714] memory: usage 8kB, limit 0kB, failcnt 55 [ 175.361751][ T5714] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 175.371117][ T5714] Memory cgroup stats for /syz1: [ 175.371653][ T5714] anon 0 [ 175.371653][ T5714] file 0 [pid 5074] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./42/cgroup") = 0 [pid 5074] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./42/cgroup.net") = 0 [ 175.371653][ T5714] kernel 8192 [ 175.371653][ T5714] kernel_stack 0 [ 175.371653][ T5714] pagetables 0 [ 175.371653][ T5714] sec_pagetables 0 [ 175.371653][ T5714] percpu 0 [ 175.371653][ T5714] sock 0 [ 175.371653][ T5714] vmalloc 0 [ 175.371653][ T5714] shmem 0 [ 175.371653][ T5714] zswap 0 [ 175.371653][ T5714] zswapped 0 [ 175.371653][ T5714] file_mapped 0 [ 175.371653][ T5714] file_dirty 0 [ 175.371653][ T5714] file_writeback 0 [ 175.371653][ T5714] swapcached 0 [ 175.371653][ T5714] anon_thp 0 [ 175.371653][ T5714] file_thp 0 [pid 5074] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 175.371653][ T5714] shmem_thp 0 [ 175.371653][ T5714] inactive_anon 0 [ 175.371653][ T5714] active_anon 0 [ 175.371653][ T5714] inactive_file 0 [ 175.371653][ T5714] active_file 0 [ 175.371653][ T5714] unevictable 0 [ 175.371653][ T5714] slab_reclaimable 6752 [ 175.371653][ T5714] slab_unreclaimable 0 [ 175.371653][ T5714] slab 6752 [ 175.371653][ T5714] workingset_refault_anon 0 [ 175.470332][ T5714] Tasks state (memory values in pages): [pid 5074] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./42/file0") = 0 [pid 5074] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./42/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./42" [pid 5714] <... write resumed>) = 18 [pid 5074] <... rmdir resumed>) = 0 [pid 5074] mkdir("./43", 0777) = 0 [ 175.476121][ T5714] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 175.492905][ T5714] Out of memory and no killable processes... [ 175.499173][ T5715] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 175.516922][ T5715] CPU: 0 PID: 5715 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 175.527407][ T5715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 175.537501][ T5715] Call Trace: [ 175.540786][ T5715] [ 175.543724][ T5715] dump_stack_lvl+0x1e7/0x2d0 [ 175.548450][ T5715] ? nf_tcp_handle_invalid+0x640/0x640 [ 175.553928][ T5715] ? panic+0x770/0x770 [ 175.558026][ T5715] dump_header+0xdc/0x940 [ 175.562374][ T5715] out_of_memory+0xf21/0x12c0 [ 175.567072][ T5715] ? mutex_lock_io_nested+0x60/0x60 [ 175.572299][ T5715] ? mark_lock+0x9a/0x340 [ 175.576647][ T5715] ? unregister_oom_notifier+0x20/0x20 [ 175.582136][ T5715] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 175.588145][ T5715] mem_cgroup_out_of_memory+0x263/0x3b0 [ 175.593715][ T5715] ? mem_cgroup_oom_trylock+0x210/0x210 [ 175.599296][ T5715] ? cgroup_file_notify+0x127/0x190 [ 175.604520][ T5715] memory_max_write+0x355/0x470 [ 175.609400][ T5715] ? memory_max_show+0xa0/0xa0 [ 175.614192][ T5715] ? read_lock_is_recursive+0x20/0x20 [ 175.619585][ T5715] ? memory_max_show+0xa0/0xa0 [ 175.624366][ T5715] cgroup_file_write+0x2b1/0x780 [ 175.629326][ T5715] ? cgroup_seqfile_stop+0xd0/0xd0 [ 175.634453][ T5715] ? __virt_addr_valid+0x22f/0x2e0 [ 175.639596][ T5715] ? cgroup_seqfile_stop+0xd0/0xd0 [ 175.644717][ T5715] kernfs_fop_write_iter+0x3a6/0x4f0 [ 175.650025][ T5715] vfs_write+0x7b2/0xbb0 [ 175.654296][ T5715] ? file_end_write+0x240/0x240 [ 175.659166][ T5715] ? do_raw_spin_unlock+0x13b/0x8b0 [ 175.664404][ T5715] ? lockdep_hardirqs_on+0x98/0x140 [ 175.669643][ T5715] ? __fdget_pos+0x265/0x2f0 [ 175.674262][ T5715] ksys_write+0x1a0/0x2c0 [ 175.678632][ T5715] ? __ia32_sys_read+0x90/0x90 [ 175.683419][ T5715] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 175.689430][ T5715] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 175.695434][ T5715] do_syscall_64+0x41/0xc0 [ 175.699871][ T5715] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 175.705784][ T5715] RIP: 0033:0x7fd49ce20129 [ 175.710208][ T5715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.729841][ T5715] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 175.738291][ T5715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 175.746283][ T5715] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 175.754271][ T5715] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 175.762255][ T5715] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 175.770244][ T5715] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000026 [ 175.778265][ T5715] [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5714] close(3) = 0 [pid 5714] close(4) = 0 [pid 5714] close(5) = 0 [pid 5714] close(6) = 0 [pid 5714] close(7) = -1 EBADF (Bad file descriptor) [pid 5714] close(8) = -1 EBADF (Bad file descriptor) [pid 5714] close(9) = -1 EBADF (Bad file descriptor) [pid 5714] close(10) = -1 EBADF (Bad file descriptor) [pid 5714] close(11) = -1 EBADF (Bad file descriptor) [pid 5714] close(12) = -1 EBADF (Bad file descriptor) [pid 5714] close(13) = -1 EBADF (Bad file descriptor) [pid 5714] close(14) = -1 EBADF (Bad file descriptor) [pid 5714] close(15) = -1 EBADF (Bad file descriptor) [pid 5714] close(16) = -1 EBADF (Bad file descriptor) [pid 5714] close(17) = -1 EBADF (Bad file descriptor) [pid 5714] close(18) = -1 EBADF (Bad file descriptor) [pid 5714] close(19) = -1 EBADF (Bad file descriptor) [pid 5714] close(20) = -1 EBADF (Bad file descriptor) [pid 5714] close(21) = -1 EBADF (Bad file descriptor) [pid 5714] close(22) = -1 EBADF (Bad file descriptor) [pid 5714] close(23) = -1 EBADF (Bad file descriptor) [pid 5714] close(24) = -1 EBADF (Bad file descriptor) [pid 5714] close(25) = -1 EBADF (Bad file descriptor) [pid 5714] close(26) = -1 EBADF (Bad file descriptor) [pid 5714] close(27) = -1 EBADF (Bad file descriptor) [pid 5714] close(28) = -1 EBADF (Bad file descriptor) [pid 5714] close(29) = -1 EBADF (Bad file descriptor) [pid 5714] exit_group(0) = ? [pid 5714] +++ exited with 0 +++ [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 45 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- ./strace-static-x86_64: Process 5718 attached [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./35/binderfs") = 0 [pid 5072] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 175.796780][ T5715] memory: usage 8kB, limit 0kB, failcnt 55 [ 175.802661][ T5715] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 175.810750][ T5715] Memory cgroup stats for /syz1: [ 175.810967][ T5715] anon 0 [ 175.810967][ T5715] file 0 [ 175.810967][ T5715] kernel 8192 [ 175.810967][ T5715] kernel_stack 0 [ 175.810967][ T5715] pagetables 0 [ 175.810967][ T5715] sec_pagetables 0 [ 175.810967][ T5715] percpu 0 [ 175.810967][ T5715] sock 0 [ 175.810967][ T5715] vmalloc 0 [ 175.810967][ T5715] shmem 0 [pid 5072] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./35/cgroup") = 0 [pid 5072] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./35/cgroup.net") = 0 [ 175.810967][ T5715] zswap 0 [ 175.810967][ T5715] zswapped 0 [ 175.810967][ T5715] file_mapped 0 [ 175.810967][ T5715] file_dirty 0 [ 175.810967][ T5715] file_writeback 0 [ 175.810967][ T5715] swapcached 0 [ 175.810967][ T5715] anon_thp 0 [ 175.810967][ T5715] file_thp 0 [ 175.810967][ T5715] shmem_thp 0 [ 175.810967][ T5715] inactive_anon 0 [ 175.810967][ T5715] active_anon 0 [ 175.810967][ T5715] inactive_file 0 [ 175.810967][ T5715] active_file 0 [ 175.810967][ T5715] unevictable 0 [ 175.810967][ T5715] slab_reclaimable 6752 [pid 5072] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5718] chdir("./43") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5718] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5718] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... umount2 resumed>) = 0 [pid 5718] <... symlink resumed>) = 0 [pid 5072] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5718] mkdir("./file0", 000 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5718] <... mkdir resumed>) = 0 [pid 5072] lstat("./35/file0", [pid 5718] open("./file0", O_RDONLY [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5718] <... open resumed>) = 3 [pid 5072] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5718] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5718] <... mount resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5718] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5072] <... openat resumed>) = 4 [pid 5718] <... openat resumed>) = 4 [pid 5072] fstat(4, [pid 5718] openat(4, "syz1", O_RDWR|O_PATH [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5718] <... openat resumed>) = 5 [pid 5072] getdents64(4, [pid 5718] openat(5, "memory.max", O_RDWR [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5718] <... openat resumed>) = 6 [pid 5072] getdents64(4, [pid 5718] write(6, "0x000000000000040e", 18 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [ 175.810967][ T5715] slab_unreclaimable 0 [ 175.810967][ T5715] slab 6752 [ 175.810967][ T5715] workingset_refault_anon 0 [ 175.915277][ T5715] Tasks state (memory values in pages): [ 175.921731][ T5715] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 175.932540][ T5715] Out of memory and no killable processes... [pid 5072] rmdir("./35/file0" [pid 5715] <... write resumed>) = 18 [pid 5072] <... rmdir resumed>) = 0 [pid 5072] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./35/cgroup.cpu") = 0 [ 175.939086][ T5716] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 175.950554][ T5716] CPU: 1 PID: 5716 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 175.961014][ T5716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 175.971103][ T5716] Call Trace: [ 175.974394][ T5716] [ 175.977357][ T5716] dump_stack_lvl+0x1e7/0x2d0 [ 175.982079][ T5716] ? nf_tcp_handle_invalid+0x640/0x640 [ 175.987560][ T5716] ? panic+0x770/0x770 [ 175.991658][ T5716] dump_header+0xdc/0x940 [ 175.996010][ T5716] out_of_memory+0xf21/0x12c0 [ 176.000709][ T5716] ? mutex_lock_io_nested+0x60/0x60 [ 176.005932][ T5716] ? mark_lock+0x9a/0x340 [ 176.010278][ T5716] ? unregister_oom_notifier+0x20/0x20 [ 176.015751][ T5716] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 176.021760][ T5716] mem_cgroup_out_of_memory+0x263/0x3b0 [ 176.027346][ T5716] ? mem_cgroup_oom_trylock+0x210/0x210 [ 176.032929][ T5716] ? cgroup_file_notify+0x127/0x190 [ 176.038151][ T5716] memory_max_write+0x355/0x470 [ 176.043044][ T5716] ? memory_max_show+0xa0/0xa0 [ 176.047823][ T5716] ? read_lock_is_recursive+0x20/0x20 [ 176.053218][ T5716] ? memory_max_show+0xa0/0xa0 [ 176.057999][ T5716] cgroup_file_write+0x2b1/0x780 [ 176.062954][ T5716] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.068075][ T5716] ? __virt_addr_valid+0x22f/0x2e0 [ 176.073215][ T5716] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.078339][ T5716] kernfs_fop_write_iter+0x3a6/0x4f0 [ 176.083646][ T5716] vfs_write+0x7b2/0xbb0 [ 176.087919][ T5716] ? file_end_write+0x240/0x240 [ 176.092788][ T5716] ? do_raw_spin_unlock+0x13b/0x8b0 [ 176.098006][ T5716] ? lockdep_hardirqs_on+0x98/0x140 [ 176.103229][ T5716] ? __fdget_pos+0x265/0x2f0 [ 176.107842][ T5716] ksys_write+0x1a0/0x2c0 [ 176.112194][ T5716] ? __ia32_sys_read+0x90/0x90 [ 176.116973][ T5716] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 176.122979][ T5716] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 176.128983][ T5716] do_syscall_64+0x41/0xc0 [ 176.133424][ T5716] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 176.139342][ T5716] RIP: 0033:0x7fd49ce20129 [ 176.143775][ T5716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 176.163397][ T5716] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.171914][ T5716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 176.179899][ T5716] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 176.187881][ T5716] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] getdents64(3, [pid 5715] close(3 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5715] <... close resumed>) = 0 [pid 5072] close(3 [pid 5715] close(4) = 0 [pid 5715] close(5) = 0 [pid 5715] close(6) = 0 [pid 5715] close(7) = -1 EBADF (Bad file descriptor) [pid 5715] close(8) = -1 EBADF (Bad file descriptor) [pid 5715] close(9) = -1 EBADF (Bad file descriptor) [pid 5715] close(10) = -1 EBADF (Bad file descriptor) [pid 5715] close(11) = -1 EBADF (Bad file descriptor) [pid 5715] close(12) = -1 EBADF (Bad file descriptor) [pid 5715] close(13) = -1 EBADF (Bad file descriptor) [pid 5715] close(14) = -1 EBADF (Bad file descriptor) [pid 5715] close(15) = -1 EBADF (Bad file descriptor) [pid 5715] close(16) = -1 EBADF (Bad file descriptor) [pid 5715] close(17) = -1 EBADF (Bad file descriptor) [pid 5715] close(18) = -1 EBADF (Bad file descriptor) [pid 5072] <... close resumed>) = 0 [pid 5715] close(19 [pid 5072] rmdir("./35" [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5715] close(20) = -1 EBADF (Bad file descriptor) [pid 5715] close(21) = -1 EBADF (Bad file descriptor) [pid 5072] <... rmdir resumed>) = 0 [pid 5715] close(22 [pid 5072] mkdir("./36", 0777 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5715] close(23) = -1 EBADF (Bad file descriptor) [pid 5715] close(24 [pid 5072] <... mkdir resumed>) = 0 [pid 5715] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5715] close(25) = -1 EBADF (Bad file descriptor) [pid 5715] close(26) = -1 EBADF (Bad file descriptor) [pid 5715] close(27) = -1 EBADF (Bad file descriptor) [pid 5715] close(28) = -1 EBADF (Bad file descriptor) [pid 5715] close(29) = -1 EBADF (Bad file descriptor) [pid 5715] exit_group(0) = ? [pid 5715] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 38 ./strace-static-x86_64: Process 5719 attached [pid 5073] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5719] chdir("./36" [pid 5073] fstat(3, [pid 5719] <... chdir resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5719] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] getdents64(3, [pid 5719] <... prctl resumed>) = 0 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5719] setpgid(0, 0) = 0 [pid 5073] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./38/binderfs", [pid 5719] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./38/binderfs" [pid 5719] <... symlink resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5719] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 5073] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./38/cgroup" [pid 5719] <... symlink resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5719] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5073] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5719] <... symlink resumed>) = 0 [pid 5073] lstat("./38/cgroup.net", [pid 5719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./38/cgroup.net") = 0 [pid 5073] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5719] <... openat resumed>) = 3 [ 176.195863][ T5716] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 176.203847][ T5716] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000029 [ 176.211849][ T5716] [ 176.228854][ T5716] memory: usage 8kB, limit 0kB, failcnt 55 [ 176.240717][ T5716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 176.268017][ T5716] Memory cgroup stats for /syz1: [ 176.268432][ T5716] anon 0 [ 176.268432][ T5716] file 0 [ 176.268432][ T5716] kernel 8192 [ 176.268432][ T5716] kernel_stack 0 [ 176.268432][ T5716] pagetables 0 [ 176.268432][ T5716] sec_pagetables 0 [ 176.268432][ T5716] percpu 0 [ 176.268432][ T5716] sock 0 [ 176.268432][ T5716] vmalloc 0 [ 176.268432][ T5716] shmem 0 [ 176.268432][ T5716] zswap 0 [ 176.268432][ T5716] zswapped 0 [ 176.268432][ T5716] file_mapped 0 [ 176.268432][ T5716] file_dirty 0 [pid 5073] getdents64(4, [pid 5719] write(3, "1000", 4 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./38/file0") = 0 [pid 5073] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./38/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./38") = 0 [pid 5073] mkdir("./39", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5720 attached [pid 5720] chdir("./39" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 41 [pid 5720] <... chdir resumed>) = 0 [pid 5720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5720] setpgid(0, 0) = 0 [pid 5720] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5720] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5720] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5720] write(3, "1000", 4) = 4 [pid 5720] close(3) = 0 [pid 5720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5720] mkdir("./file0", 000) = 0 [pid 5720] open("./file0", O_RDONLY) = 3 [pid 5720] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5720] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5720] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5720] openat(5, "memory.max", O_RDWR) = 6 [pid 5720] write(6, "0x000000000000040e", 18 [pid 5719] <... write resumed>) = 4 [pid 5719] close(3) = 0 [pid 5719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5719] mkdir("./file0", 000) = 0 [ 176.268432][ T5716] file_writeback 0 [ 176.268432][ T5716] swapcached 0 [ 176.268432][ T5716] anon_thp 0 [ 176.268432][ T5716] file_thp 0 [ 176.268432][ T5716] shmem_thp 0 [ 176.268432][ T5716] inactive_anon 0 [ 176.268432][ T5716] active_anon 0 [ 176.268432][ T5716] inactive_file 0 [ 176.268432][ T5716] active_file 0 [ 176.268432][ T5716] unevictable 0 [ 176.268432][ T5716] slab_reclaimable 6752 [ 176.268432][ T5716] slab_unreclaimable 0 [ 176.268432][ T5716] slab 6752 [ 176.268432][ T5716] workingset_refault_anon 0 [pid 5719] open("./file0", O_RDONLY) = 3 [pid 5719] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5719] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5719] openat(5, "memory.max", O_RDWR) = 6 [pid 5719] write(6, "0x000000000000040e", 18 [pid 5716] <... write resumed>) = 18 [pid 5716] close(3) = 0 [pid 5716] close(4) = 0 [pid 5716] close(5) = 0 [pid 5716] close(6) = 0 [pid 5716] close(7) = -1 EBADF (Bad file descriptor) [pid 5716] close(8) = -1 EBADF (Bad file descriptor) [pid 5716] close(9) = -1 EBADF (Bad file descriptor) [pid 5716] close(10) = -1 EBADF (Bad file descriptor) [pid 5716] close(11) = -1 EBADF (Bad file descriptor) [pid 5716] close(12) = -1 EBADF (Bad file descriptor) [pid 5716] close(13) = -1 EBADF (Bad file descriptor) [pid 5716] close(14) = -1 EBADF (Bad file descriptor) [pid 5716] close(15) = -1 EBADF (Bad file descriptor) [ 176.371182][ T5716] Tasks state (memory values in pages): [ 176.377122][ T5716] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 176.400280][ T5716] Out of memory and no killable processes... [pid 5716] close(16) = -1 EBADF (Bad file descriptor) [pid 5716] close(17) = -1 EBADF (Bad file descriptor) [pid 5716] close(18) = -1 EBADF (Bad file descriptor) [pid 5716] close(19) = -1 EBADF (Bad file descriptor) [pid 5716] close(20) = -1 EBADF (Bad file descriptor) [pid 5716] close(21) = -1 EBADF (Bad file descriptor) [pid 5716] close(22) = -1 EBADF (Bad file descriptor) [pid 5716] close(23) = -1 EBADF (Bad file descriptor) [pid 5716] close(24) = -1 EBADF (Bad file descriptor) [pid 5716] close(25) = -1 EBADF (Bad file descriptor) [pid 5716] close(26) = -1 EBADF (Bad file descriptor) [pid 5716] close(27) = -1 EBADF (Bad file descriptor) [pid 5716] close(28) = -1 EBADF (Bad file descriptor) [pid 5716] close(29) = -1 EBADF (Bad file descriptor) [pid 5716] exit_group(0) = ? [pid 5716] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 176.411707][ T5717] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 176.426920][ T5717] CPU: 1 PID: 5717 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 176.437401][ T5717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 176.447506][ T5717] Call Trace: [ 176.450820][ T5717] [ 176.453792][ T5717] dump_stack_lvl+0x1e7/0x2d0 [ 176.458531][ T5717] ? nf_tcp_handle_invalid+0x640/0x640 [ 176.464047][ T5717] ? panic+0x770/0x770 [pid 5075] unlink("./41/binderfs") = 0 [pid 5075] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./41/cgroup") = 0 [pid 5075] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./41/cgroup.net") = 0 [ 176.468187][ T5717] dump_header+0xdc/0x940 [ 176.472576][ T5717] out_of_memory+0xf21/0x12c0 [ 176.477314][ T5717] ? mutex_lock_io_nested+0x60/0x60 [ 176.482580][ T5717] ? preempt_schedule+0xdd/0xf0 [ 176.487487][ T5717] ? unregister_oom_notifier+0x20/0x20 [ 176.492996][ T5717] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 176.499023][ T5717] mem_cgroup_out_of_memory+0x263/0x3b0 [ 176.504592][ T5717] ? preempt_schedule_thunk+0x1a/0x20 [ 176.509999][ T5717] ? mem_cgroup_oom_trylock+0x210/0x210 [ 176.515628][ T5717] ? cgroup_file_notify+0x127/0x190 [ 176.520886][ T5717] memory_max_write+0x355/0x470 [ 176.525794][ T5717] ? memory_max_show+0xa0/0xa0 [ 176.530608][ T5717] ? read_lock_is_recursive+0x20/0x20 [ 176.536030][ T5717] ? memory_max_show+0xa0/0xa0 [ 176.540828][ T5717] cgroup_file_write+0x2b1/0x780 [ 176.545822][ T5717] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.550962][ T5717] ? __virt_addr_valid+0x22f/0x2e0 [ 176.556119][ T5717] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.561257][ T5717] kernfs_fop_write_iter+0x3a6/0x4f0 [ 176.566578][ T5717] vfs_write+0x7b2/0xbb0 [ 176.570863][ T5717] ? file_end_write+0x240/0x240 [ 176.575736][ T5717] ? do_raw_spin_unlock+0x13b/0x8b0 [ 176.580968][ T5717] ? lockdep_hardirqs_on+0x98/0x140 [ 176.586230][ T5717] ? __fdget_pos+0x265/0x2f0 [ 176.590861][ T5717] ksys_write+0x1a0/0x2c0 [ 176.595229][ T5717] ? __ia32_sys_read+0x90/0x90 [ 176.600047][ T5717] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 176.606076][ T5717] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 176.612108][ T5717] do_syscall_64+0x41/0xc0 [ 176.616600][ T5717] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 176.622552][ T5717] RIP: 0033:0x7fd49ce20129 [ 176.627005][ T5717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 176.646636][ T5717] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.655090][ T5717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 176.663105][ T5717] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 176.671110][ T5717] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 176.679095][ T5717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 176.687092][ T5717] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000023 [ 176.695138][ T5717] [ 176.702416][ T5717] memory: usage 8kB, limit 0kB, failcnt 55 [ 176.712042][ T5717] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./41/file0") = 0 [pid 5075] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./41/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./41") = 0 [pid 5075] mkdir("./42", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5721 attached [pid 5721] chdir("./42" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 44 [pid 5721] <... chdir resumed>) = 0 [ 176.722662][ T5717] Memory cgroup stats for /syz1: [ 176.722861][ T5717] anon 0 [ 176.722861][ T5717] file 0 [ 176.722861][ T5717] kernel 8192 [ 176.722861][ T5717] kernel_stack 0 [ 176.722861][ T5717] pagetables 0 [ 176.722861][ T5717] sec_pagetables 0 [ 176.722861][ T5717] percpu 0 [ 176.722861][ T5717] sock 0 [ 176.722861][ T5717] vmalloc 0 [ 176.722861][ T5717] shmem 0 [ 176.722861][ T5717] zswap 0 [ 176.722861][ T5717] zswapped 0 [ 176.722861][ T5717] file_mapped 0 [ 176.722861][ T5717] file_dirty 0 [pid 5721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5721] setpgid(0, 0) = 0 [pid 5721] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5721] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5721] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5721] write(3, "1000", 4) = 4 [pid 5721] close(3) = 0 [pid 5721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5721] mkdir("./file0", 000) = 0 [pid 5721] open("./file0", O_RDONLY) = 3 [pid 5721] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5721] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5721] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5721] openat(5, "memory.max", O_RDWR) = 6 [ 176.722861][ T5717] file_writeback 0 [ 176.722861][ T5717] swapcached 0 [ 176.722861][ T5717] anon_thp 0 [ 176.722861][ T5717] file_thp 0 [ 176.722861][ T5717] shmem_thp 0 [ 176.722861][ T5717] inactive_anon 0 [ 176.722861][ T5717] active_anon 0 [ 176.722861][ T5717] inactive_file 0 [ 176.722861][ T5717] active_file 0 [ 176.722861][ T5717] unevictable 0 [ 176.722861][ T5717] slab_reclaimable 6752 [ 176.722861][ T5717] slab_unreclaimable 0 [ 176.722861][ T5717] slab 6752 [ 176.722861][ T5717] workingset_refault_anon 0 [pid 5721] write(6, "0x000000000000040e", 18 [pid 5717] <... write resumed>) = 18 [pid 5717] close(3) = 0 [pid 5717] close(4) = 0 [pid 5717] close(5) = 0 [pid 5717] close(6) = 0 [pid 5717] close(7) = -1 EBADF (Bad file descriptor) [pid 5717] close(8) = -1 EBADF (Bad file descriptor) [ 176.821259][ T5717] Tasks state (memory values in pages): [ 176.828950][ T5717] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 176.839094][ T5717] Out of memory and no killable processes... [ 176.846604][ T5718] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 176.862468][ T5718] CPU: 1 PID: 5718 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5717] close(9) = -1 EBADF (Bad file descriptor) [pid 5717] close(10) = -1 EBADF (Bad file descriptor) [pid 5717] close(11) = -1 EBADF (Bad file descriptor) [pid 5717] close(12) = -1 EBADF (Bad file descriptor) [pid 5717] close(13) = -1 EBADF (Bad file descriptor) [pid 5717] close(14) = -1 EBADF (Bad file descriptor) [pid 5717] close(15) = -1 EBADF (Bad file descriptor) [pid 5717] close(16) = -1 EBADF (Bad file descriptor) [pid 5717] close(17) = -1 EBADF (Bad file descriptor) [pid 5717] close(18) = -1 EBADF (Bad file descriptor) [pid 5717] close(19) = -1 EBADF (Bad file descriptor) [pid 5717] close(20) = -1 EBADF (Bad file descriptor) [pid 5717] close(21) = -1 EBADF (Bad file descriptor) [pid 5717] close(22) = -1 EBADF (Bad file descriptor) [pid 5717] close(23) = -1 EBADF (Bad file descriptor) [pid 5717] close(24) = -1 EBADF (Bad file descriptor) [pid 5717] close(25) = -1 EBADF (Bad file descriptor) [pid 5717] close(26) = -1 EBADF (Bad file descriptor) [pid 5717] close(27) = -1 EBADF (Bad file descriptor) [pid 5717] close(28) = -1 EBADF (Bad file descriptor) [pid 5717] close(29) = -1 EBADF (Bad file descriptor) [pid 5717] exit_group(0) = ? [pid 5717] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 176.872946][ T5718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 176.883045][ T5718] Call Trace: [ 176.886370][ T5718] [ 176.889354][ T5718] dump_stack_lvl+0x1e7/0x2d0 [ 176.894094][ T5718] ? nf_tcp_handle_invalid+0x640/0x640 [ 176.899609][ T5718] ? panic+0x770/0x770 [ 176.903748][ T5718] dump_header+0xdc/0x940 [ 176.908137][ T5718] out_of_memory+0xf21/0x12c0 [ 176.912874][ T5718] ? mutex_lock_io_nested+0x60/0x60 [ 176.918141][ T5718] ? mark_lock+0x9a/0x340 [ 176.922527][ T5718] ? unregister_oom_notifier+0x20/0x20 [ 176.928013][ T5718] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 176.934037][ T5718] mem_cgroup_out_of_memory+0x263/0x3b0 [ 176.939619][ T5718] ? mem_cgroup_oom_trylock+0x210/0x210 [ 176.945241][ T5718] ? cgroup_file_notify+0x127/0x190 [ 176.950471][ T5718] memory_max_write+0x355/0x470 [ 176.955345][ T5718] ? memory_max_show+0xa0/0xa0 [ 176.960144][ T5718] ? read_lock_is_recursive+0x20/0x20 [ 176.965536][ T5718] ? memory_max_show+0xa0/0xa0 [pid 5070] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./35/binderfs") = 0 [pid 5070] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./35/cgroup") = 0 [pid 5070] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 176.970316][ T5718] cgroup_file_write+0x2b1/0x780 [ 176.975275][ T5718] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.980399][ T5718] ? __virt_addr_valid+0x22f/0x2e0 [ 176.985537][ T5718] ? cgroup_seqfile_stop+0xd0/0xd0 [ 176.990657][ T5718] kernfs_fop_write_iter+0x3a6/0x4f0 [ 176.995964][ T5718] vfs_write+0x7b2/0xbb0 [ 177.000235][ T5718] ? file_end_write+0x240/0x240 [ 177.005115][ T5718] ? do_raw_spin_unlock+0x13b/0x8b0 [ 177.010348][ T5718] ? lockdep_hardirqs_on+0x98/0x140 [ 177.015570][ T5718] ? __fdget_pos+0x265/0x2f0 [ 177.020200][ T5718] ksys_write+0x1a0/0x2c0 [ 177.024555][ T5718] ? __ia32_sys_read+0x90/0x90 [ 177.029338][ T5718] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 177.035343][ T5718] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 177.041350][ T5718] do_syscall_64+0x41/0xc0 [ 177.045783][ T5718] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 177.051696][ T5718] RIP: 0033:0x7fd49ce20129 [ 177.056123][ T5718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.075740][ T5718] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.084172][ T5718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 177.092159][ T5718] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 177.100166][ T5718] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 177.108179][ T5718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 177.116183][ T5718] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002b [pid 5070] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./35/cgroup.net") = 0 [pid 5070] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 177.124209][ T5718] [pid 5070] rmdir("./35/file0") = 0 [pid 5070] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./35/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./35") = 0 [pid 5070] mkdir("./36", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 38 ./strace-static-x86_64: Process 5722 attached [ 177.145801][ T5718] memory: usage 8kB, limit 0kB, failcnt 55 [ 177.154096][ T5718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 177.162634][ T5718] Memory cgroup stats for /syz1: [ 177.162851][ T5718] anon 0 [ 177.162851][ T5718] file 0 [ 177.162851][ T5718] kernel 8192 [ 177.162851][ T5718] kernel_stack 0 [ 177.162851][ T5718] pagetables 0 [ 177.162851][ T5718] sec_pagetables 0 [ 177.162851][ T5718] percpu 0 [ 177.162851][ T5718] sock 0 [ 177.162851][ T5718] vmalloc 0 [pid 5722] chdir("./36") = 0 [pid 5722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5722] setpgid(0, 0) = 0 [pid 5722] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5722] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5722] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5722] write(3, "1000", 4) = 4 [pid 5722] close(3) = 0 [pid 5722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5722] mkdir("./file0", 000) = 0 [pid 5722] open("./file0", O_RDONLY) = 3 [pid 5722] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5722] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5722] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5722] openat(5, "memory.max", O_RDWR) = 6 [ 177.162851][ T5718] shmem 0 [ 177.162851][ T5718] zswap 0 [ 177.162851][ T5718] zswapped 0 [ 177.162851][ T5718] file_mapped 0 [ 177.162851][ T5718] file_dirty 0 [ 177.162851][ T5718] file_writeback 0 [ 177.162851][ T5718] swapcached 0 [ 177.162851][ T5718] anon_thp 0 [ 177.162851][ T5718] file_thp 0 [ 177.162851][ T5718] shmem_thp 0 [ 177.162851][ T5718] inactive_anon 0 [ 177.162851][ T5718] active_anon 0 [ 177.162851][ T5718] inactive_file 0 [ 177.162851][ T5718] active_file 0 [ 177.162851][ T5718] unevictable 0 [ 177.162851][ T5718] slab_reclaimable 6752 [ 177.162851][ T5718] slab_unreclaimable 0 [ 177.162851][ T5718] slab 6752 [ 177.162851][ T5718] workingset_refault_anon 0 [ 177.259246][ T5718] Tasks state (memory values in pages): [ 177.264839][ T5718] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 177.278506][ T5718] Out of memory and no killable processes... [ 177.285115][ T5720] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5722] write(6, "0x000000000000040e", 18 [pid 5718] <... write resumed>) = 18 [pid 5718] close(3) = 0 [pid 5718] close(4) = 0 [pid 5718] close(5) = 0 [pid 5718] close(6) = 0 [pid 5718] close(7) = -1 EBADF (Bad file descriptor) [pid 5718] close(8) = -1 EBADF (Bad file descriptor) [pid 5718] close(9) = -1 EBADF (Bad file descriptor) [pid 5718] close(10) = -1 EBADF (Bad file descriptor) [pid 5718] close(11) = -1 EBADF (Bad file descriptor) [pid 5718] close(12) = -1 EBADF (Bad file descriptor) [pid 5718] close(13) = -1 EBADF (Bad file descriptor) [pid 5718] close(14) = -1 EBADF (Bad file descriptor) [pid 5718] close(15) = -1 EBADF (Bad file descriptor) [pid 5718] close(16) = -1 EBADF (Bad file descriptor) [pid 5718] close(17) = -1 EBADF (Bad file descriptor) [pid 5718] close(18) = -1 EBADF (Bad file descriptor) [pid 5718] close(19) = -1 EBADF (Bad file descriptor) [pid 5718] close(20) = -1 EBADF (Bad file descriptor) [pid 5718] close(21) = -1 EBADF (Bad file descriptor) [pid 5718] close(22) = -1 EBADF (Bad file descriptor) [pid 5718] close(23) = -1 EBADF (Bad file descriptor) [pid 5718] close(24) = -1 EBADF (Bad file descriptor) [pid 5718] close(25) = -1 EBADF (Bad file descriptor) [pid 5718] close(26) = -1 EBADF (Bad file descriptor) [ 177.297990][ T5720] CPU: 1 PID: 5720 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 177.308462][ T5720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 177.318566][ T5720] Call Trace: [ 177.321877][ T5720] [ 177.324843][ T5720] dump_stack_lvl+0x1e7/0x2d0 [ 177.329582][ T5720] ? nf_tcp_handle_invalid+0x640/0x640 [ 177.335113][ T5720] ? panic+0x770/0x770 [ 177.339251][ T5720] dump_header+0xdc/0x940 [ 177.343630][ T5720] out_of_memory+0xf21/0x12c0 [pid 5718] close(27) = -1 EBADF (Bad file descriptor) [pid 5718] close(28) = -1 EBADF (Bad file descriptor) [pid 5718] close(29) = -1 EBADF (Bad file descriptor) [pid 5718] exit_group(0) = ? [pid 5718] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 177.348367][ T5720] ? mutex_lock_io_nested+0x60/0x60 [ 177.353633][ T5720] ? preempt_schedule+0xdd/0xf0 [ 177.358537][ T5720] ? unregister_oom_notifier+0x20/0x20 [ 177.364043][ T5720] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 177.370103][ T5720] mem_cgroup_out_of_memory+0x263/0x3b0 [ 177.375694][ T5720] ? preempt_schedule_thunk+0x1a/0x20 [ 177.381122][ T5720] ? mem_cgroup_oom_trylock+0x210/0x210 [ 177.386732][ T5720] ? cgroup_file_notify+0x127/0x190 [ 177.391994][ T5720] memory_max_write+0x355/0x470 [ 177.396941][ T5720] ? memory_max_show+0xa0/0xa0 [ 177.401746][ T5720] ? read_lock_is_recursive+0x20/0x20 [ 177.407148][ T5720] ? memory_max_show+0xa0/0xa0 [ 177.411948][ T5720] cgroup_file_write+0x2b1/0x780 [ 177.416914][ T5720] ? cgroup_seqfile_stop+0xd0/0xd0 [ 177.422058][ T5720] ? __virt_addr_valid+0x22f/0x2e0 [ 177.427207][ T5720] ? cgroup_seqfile_stop+0xd0/0xd0 [ 177.432348][ T5720] kernfs_fop_write_iter+0x3a6/0x4f0 [ 177.437660][ T5720] vfs_write+0x7b2/0xbb0 [ 177.441930][ T5720] ? file_end_write+0x240/0x240 [ 177.446798][ T5720] ? do_raw_spin_unlock+0x13b/0x8b0 [ 177.452014][ T5720] ? lockdep_hardirqs_on+0x98/0x140 [ 177.457240][ T5720] ? __fdget_pos+0x265/0x2f0 [ 177.461850][ T5720] ksys_write+0x1a0/0x2c0 [ 177.466204][ T5720] ? __ia32_sys_read+0x90/0x90 [ 177.470983][ T5720] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 177.476990][ T5720] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 177.482993][ T5720] do_syscall_64+0x41/0xc0 [ 177.487431][ T5720] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 177.493344][ T5720] RIP: 0033:0x7fd49ce20129 [ 177.497776][ T5720] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.517394][ T5720] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.525835][ T5720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 177.533817][ T5720] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./43/binderfs") = 0 [pid 5074] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./43/cgroup") = 0 [pid 5074] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./43/cgroup.net") = 0 [pid 5074] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./43/file0") = 0 [pid 5074] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./43/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./43") = 0 [pid 5074] mkdir("./44", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5723 attached [pid 5723] chdir("./44" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 46 [pid 5723] <... chdir resumed>) = 0 [pid 5723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5723] setpgid(0, 0) = 0 [pid 5723] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5723] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5723] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 177.541801][ T5720] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 177.549781][ T5720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 177.557762][ T5720] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000027 [ 177.565783][ T5720] [pid 5723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5723] write(3, "1000", 4) = 4 [pid 5723] close(3) = 0 [pid 5723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5723] mkdir("./file0", 000) = 0 [pid 5723] open("./file0", O_RDONLY) = 3 [pid 5723] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5723] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5723] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5723] openat(5, "memory.max", O_RDWR) = 6 [ 177.607219][ T5720] memory: usage 8kB, limit 0kB, failcnt 55 [ 177.614104][ T5720] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 177.628793][ T5720] Memory cgroup stats for /syz1: [ 177.629726][ T5720] anon 0 [ 177.629726][ T5720] file 0 [ 177.629726][ T5720] kernel 8192 [ 177.629726][ T5720] kernel_stack 0 [ 177.629726][ T5720] pagetables 0 [ 177.629726][ T5720] sec_pagetables 0 [ 177.629726][ T5720] percpu 0 [ 177.629726][ T5720] sock 0 [ 177.629726][ T5720] vmalloc 0 [ 177.629726][ T5720] shmem 0 [ 177.629726][ T5720] zswap 0 [ 177.629726][ T5720] zswapped 0 [ 177.629726][ T5720] file_mapped 0 [ 177.629726][ T5720] file_dirty 0 [ 177.629726][ T5720] file_writeback 0 [ 177.629726][ T5720] swapcached 0 [ 177.629726][ T5720] anon_thp 0 [ 177.629726][ T5720] file_thp 0 [ 177.629726][ T5720] shmem_thp 0 [ 177.629726][ T5720] inactive_anon 0 [ 177.629726][ T5720] active_anon 0 [ 177.629726][ T5720] inactive_file 0 [ 177.629726][ T5720] active_file 0 [ 177.629726][ T5720] unevictable 0 [ 177.629726][ T5720] slab_reclaimable 6752 [ 177.629726][ T5720] slab_unreclaimable 0 [ 177.629726][ T5720] slab 6752 [ 177.629726][ T5720] workingset_refault_anon 0 [ 177.728014][ T5720] Tasks state (memory values in pages): [ 177.733612][ T5720] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 177.743282][ T5720] Out of memory and no killable processes... [pid 5723] write(6, "0x000000000000040e", 18 [pid 5720] <... write resumed>) = 18 [pid 5720] close(3) = 0 [pid 5720] close(4) = 0 [pid 5720] close(5) = 0 [pid 5720] close(6) = 0 [pid 5720] close(7) = -1 EBADF (Bad file descriptor) [pid 5720] close(8) = -1 EBADF (Bad file descriptor) [pid 5720] close(9) = -1 EBADF (Bad file descriptor) [pid 5720] close(10) = -1 EBADF (Bad file descriptor) [pid 5720] close(11) = -1 EBADF (Bad file descriptor) [pid 5720] close(12) = -1 EBADF (Bad file descriptor) [pid 5720] close(13) = -1 EBADF (Bad file descriptor) [pid 5720] close(14) = -1 EBADF (Bad file descriptor) [pid 5720] close(15) = -1 EBADF (Bad file descriptor) [pid 5720] close(16) = -1 EBADF (Bad file descriptor) [pid 5720] close(17) = -1 EBADF (Bad file descriptor) [pid 5720] close(18) = -1 EBADF (Bad file descriptor) [pid 5720] close(19) = -1 EBADF (Bad file descriptor) [pid 5720] close(20) = -1 EBADF (Bad file descriptor) [pid 5720] close(21) = -1 EBADF (Bad file descriptor) [pid 5720] close(22) = -1 EBADF (Bad file descriptor) [pid 5720] close(23) = -1 EBADF (Bad file descriptor) [pid 5720] close(24) = -1 EBADF (Bad file descriptor) [pid 5720] close(25) = -1 EBADF (Bad file descriptor) [pid 5720] close(26) = -1 EBADF (Bad file descriptor) [pid 5720] close(27) = -1 EBADF (Bad file descriptor) [pid 5720] close(28) = -1 EBADF (Bad file descriptor) [pid 5720] close(29) = -1 EBADF (Bad file descriptor) [pid 5720] exit_group(0) = ? [pid 5720] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5073] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./39/binderfs") = 0 [pid 5073] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./39/cgroup") = 0 [pid 5073] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 177.749908][ T5719] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 177.760767][ T5719] CPU: 0 PID: 5719 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 177.771225][ T5719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 177.781315][ T5719] Call Trace: [ 177.784625][ T5719] [ 177.787591][ T5719] dump_stack_lvl+0x1e7/0x2d0 [ 177.792320][ T5719] ? nf_tcp_handle_invalid+0x640/0x640 [ 177.797834][ T5719] ? panic+0x770/0x770 [ 177.801975][ T5719] dump_header+0xdc/0x940 [pid 5073] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./39/cgroup.net") = 0 [ 177.806366][ T5719] out_of_memory+0xf21/0x12c0 [ 177.811105][ T5719] ? mutex_lock_io_nested+0x60/0x60 [ 177.816365][ T5719] ? preempt_schedule+0xdd/0xf0 [ 177.821268][ T5719] ? unregister_oom_notifier+0x20/0x20 [ 177.826773][ T5719] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 177.832800][ T5719] mem_cgroup_out_of_memory+0x263/0x3b0 [ 177.838372][ T5719] ? preempt_schedule_thunk+0x1a/0x20 [ 177.843784][ T5719] ? mem_cgroup_oom_trylock+0x210/0x210 [ 177.849403][ T5719] ? cgroup_file_notify+0x127/0x190 [ 177.854665][ T5719] memory_max_write+0x355/0x470 [ 177.859577][ T5719] ? memory_max_show+0xa0/0xa0 [ 177.864395][ T5719] ? read_lock_is_recursive+0x20/0x20 [ 177.869825][ T5719] ? memory_max_show+0xa0/0xa0 [ 177.874631][ T5719] cgroup_file_write+0x2b1/0x780 [ 177.879618][ T5719] ? cgroup_seqfile_stop+0xd0/0xd0 [ 177.884760][ T5719] ? __virt_addr_valid+0x22f/0x2e0 [ 177.889908][ T5719] ? cgroup_seqfile_stop+0xd0/0xd0 [ 177.895031][ T5719] kernfs_fop_write_iter+0x3a6/0x4f0 [ 177.900350][ T5719] vfs_write+0x7b2/0xbb0 [ 177.904647][ T5719] ? file_end_write+0x240/0x240 [ 177.909556][ T5719] ? do_raw_spin_unlock+0x13b/0x8b0 [ 177.914806][ T5719] ? lockdep_hardirqs_on+0x98/0x140 [ 177.920070][ T5719] ? __fdget_pos+0x265/0x2f0 [ 177.924698][ T5719] ksys_write+0x1a0/0x2c0 [ 177.929110][ T5719] ? __ia32_sys_read+0x90/0x90 [ 177.933926][ T5719] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 177.939952][ T5719] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 177.945965][ T5719] do_syscall_64+0x41/0xc0 [ 177.950451][ T5719] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 177.956404][ T5719] RIP: 0033:0x7fd49ce20129 [ 177.960859][ T5719] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.980498][ T5719] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.988933][ T5719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 177.996942][ T5719] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./39/file0") = 0 [pid 5073] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 178.004953][ T5719] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 178.012950][ T5719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 178.020941][ T5719] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000024 [ 178.028978][ T5719] [ 178.046835][ T5719] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./39/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./39") = 0 [pid 5073] mkdir("./40", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 42 ./strace-static-x86_64: Process 5724 attached [pid 5724] chdir("./40") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5724] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5724] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 178.052834][ T5719] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 178.065087][ T5719] Memory cgroup stats for /syz1: [ 178.065303][ T5719] anon 0 [ 178.065303][ T5719] file 0 [ 178.065303][ T5719] kernel 8192 [ 178.065303][ T5719] kernel_stack 0 [ 178.065303][ T5719] pagetables 0 [ 178.065303][ T5719] sec_pagetables 0 [ 178.065303][ T5719] percpu 0 [ 178.065303][ T5719] sock 0 [ 178.065303][ T5719] vmalloc 0 [ 178.065303][ T5719] shmem 0 [ 178.065303][ T5719] zswap 0 [ 178.065303][ T5719] zswapped 0 [ 178.065303][ T5719] file_mapped 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5724] mkdir("./file0", 000) = 0 [pid 5724] open("./file0", O_RDONLY) = 3 [pid 5724] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5724] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5724] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5724] openat(5, "memory.max", O_RDWR) = 6 [ 178.065303][ T5719] file_dirty 0 [ 178.065303][ T5719] file_writeback 0 [ 178.065303][ T5719] swapcached 0 [ 178.065303][ T5719] anon_thp 0 [ 178.065303][ T5719] file_thp 0 [ 178.065303][ T5719] shmem_thp 0 [ 178.065303][ T5719] inactive_anon 0 [ 178.065303][ T5719] active_anon 0 [ 178.065303][ T5719] inactive_file 0 [ 178.065303][ T5719] active_file 0 [ 178.065303][ T5719] unevictable 0 [ 178.065303][ T5719] slab_reclaimable 6752 [ 178.065303][ T5719] slab_unreclaimable 0 [ 178.065303][ T5719] slab 6752 [pid 5724] write(6, "0x000000000000040e", 18 [ 178.065303][ T5719] workingset_refault_anon 0 [ 178.165258][ T5719] Tasks state (memory values in pages): [ 178.176257][ T5719] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 178.192479][ T5719] Out of memory and no killable processes... [ 178.198837][ T5721] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5719] <... write resumed>) = 18 [pid 5719] close(3) = 0 [pid 5719] close(4) = 0 [pid 5719] close(5) = 0 [pid 5719] close(6) = 0 [pid 5719] close(7) = -1 EBADF (Bad file descriptor) [pid 5719] close(8) = -1 EBADF (Bad file descriptor) [pid 5719] close(9) = -1 EBADF (Bad file descriptor) [pid 5719] close(10) = -1 EBADF (Bad file descriptor) [pid 5719] close(11) = -1 EBADF (Bad file descriptor) [pid 5719] close(12) = -1 EBADF (Bad file descriptor) [pid 5719] close(13) = -1 EBADF (Bad file descriptor) [pid 5719] close(14) = -1 EBADF (Bad file descriptor) [pid 5719] close(15) = -1 EBADF (Bad file descriptor) [pid 5719] close(16) = -1 EBADF (Bad file descriptor) [pid 5719] close(17) = -1 EBADF (Bad file descriptor) [pid 5719] close(18) = -1 EBADF (Bad file descriptor) [ 178.215949][ T5721] CPU: 0 PID: 5721 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 178.226459][ T5721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 178.236580][ T5721] Call Trace: [ 178.239899][ T5721] [ 178.242877][ T5721] dump_stack_lvl+0x1e7/0x2d0 [ 178.247635][ T5721] ? nf_tcp_handle_invalid+0x640/0x640 [ 178.253159][ T5721] ? panic+0x770/0x770 [ 178.257305][ T5721] dump_header+0xdc/0x940 [ 178.261700][ T5721] out_of_memory+0xf21/0x12c0 [pid 5719] close(19) = -1 EBADF (Bad file descriptor) [pid 5719] close(20) = -1 EBADF (Bad file descriptor) [pid 5719] close(21) = -1 EBADF (Bad file descriptor) [pid 5719] close(22) = -1 EBADF (Bad file descriptor) [pid 5719] close(23) = -1 EBADF (Bad file descriptor) [pid 5719] close(24) = -1 EBADF (Bad file descriptor) [pid 5719] close(25) = -1 EBADF (Bad file descriptor) [pid 5719] close(26) = -1 EBADF (Bad file descriptor) [pid 5719] close(27) = -1 EBADF (Bad file descriptor) [pid 5719] close(28) = -1 EBADF (Bad file descriptor) [pid 5719] close(29) = -1 EBADF (Bad file descriptor) [pid 5719] exit_group(0) = ? [pid 5719] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./36/binderfs") = 0 [pid 5072] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 178.266452][ T5721] ? mutex_lock_io_nested+0x60/0x60 [ 178.271721][ T5721] ? preempt_schedule+0xdd/0xf0 [ 178.276646][ T5721] ? unregister_oom_notifier+0x20/0x20 [ 178.282167][ T5721] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 178.288219][ T5721] mem_cgroup_out_of_memory+0x263/0x3b0 [ 178.293821][ T5721] ? preempt_schedule_thunk+0x1a/0x20 [ 178.299263][ T5721] ? mem_cgroup_oom_trylock+0x210/0x210 [ 178.304884][ T5721] ? cgroup_file_notify+0x127/0x190 [ 178.310149][ T5721] memory_max_write+0x355/0x470 [pid 5072] unlink("./36/cgroup") = 0 [pid 5072] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./36/cgroup.net") = 0 [ 178.315097][ T5721] ? memory_max_show+0xa0/0xa0 [ 178.319938][ T5721] ? read_lock_is_recursive+0x20/0x20 [ 178.325392][ T5721] ? memory_max_show+0xa0/0xa0 [ 178.330234][ T5721] cgroup_file_write+0x2b1/0x780 [ 178.335250][ T5721] ? cgroup_seqfile_stop+0xd0/0xd0 [ 178.340434][ T5721] ? __virt_addr_valid+0x22f/0x2e0 [ 178.345676][ T5721] ? cgroup_seqfile_stop+0xd0/0xd0 [ 178.350896][ T5721] kernfs_fop_write_iter+0x3a6/0x4f0 [ 178.356270][ T5721] vfs_write+0x7b2/0xbb0 [ 178.360587][ T5721] ? file_end_write+0x240/0x240 [ 178.365515][ T5721] ? do_raw_spin_unlock+0x13b/0x8b0 [ 178.370772][ T5721] ? lockdep_hardirqs_on+0x98/0x140 [ 178.376033][ T5721] ? __fdget_pos+0x265/0x2f0 [ 178.380662][ T5721] ksys_write+0x1a0/0x2c0 [ 178.385054][ T5721] ? __ia32_sys_read+0x90/0x90 [ 178.389869][ T5721] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 178.395922][ T5721] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 178.402245][ T5721] do_syscall_64+0x41/0xc0 [ 178.406722][ T5721] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.412672][ T5721] RIP: 0033:0x7fd49ce20129 [ 178.417131][ T5721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.436790][ T5721] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.445260][ T5721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 178.453265][ T5721] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./36/file0") = 0 [ 178.461250][ T5721] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 178.469243][ T5721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 178.477254][ T5721] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002a [ 178.485306][ T5721] [ 178.505666][ T5721] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5072] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./36/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./36") = 0 [pid 5072] mkdir("./37", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5725 attached [pid 5725] chdir("./37" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 39 [pid 5725] <... chdir resumed>) = 0 [pid 5725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5725] setpgid(0, 0) = 0 [pid 5725] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5725] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5725] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5725] write(3, "1000", 4) = 4 [pid 5725] close(3) = 0 [pid 5725] symlink("/dev/binderfs", "./binderfs") = 0 [ 178.511751][ T5721] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 178.526107][ T5721] Memory cgroup stats for /syz1: [ 178.526328][ T5721] anon 0 [ 178.526328][ T5721] file 0 [ 178.526328][ T5721] kernel 8192 [ 178.526328][ T5721] kernel_stack 0 [ 178.526328][ T5721] pagetables 0 [ 178.526328][ T5721] sec_pagetables 0 [ 178.526328][ T5721] percpu 0 [ 178.526328][ T5721] sock 0 [ 178.526328][ T5721] vmalloc 0 [ 178.526328][ T5721] shmem 0 [ 178.526328][ T5721] zswap 0 [ 178.526328][ T5721] zswapped 0 [pid 5725] mkdir("./file0", 000) = 0 [pid 5725] open("./file0", O_RDONLY) = 3 [pid 5725] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5725] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5725] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5725] openat(5, "memory.max", O_RDWR) = 6 [ 178.526328][ T5721] file_mapped 0 [ 178.526328][ T5721] file_dirty 0 [ 178.526328][ T5721] file_writeback 0 [ 178.526328][ T5721] swapcached 0 [ 178.526328][ T5721] anon_thp 0 [ 178.526328][ T5721] file_thp 0 [ 178.526328][ T5721] shmem_thp 0 [ 178.526328][ T5721] inactive_anon 0 [ 178.526328][ T5721] active_anon 0 [ 178.526328][ T5721] inactive_file 0 [ 178.526328][ T5721] active_file 0 [ 178.526328][ T5721] unevictable 0 [ 178.526328][ T5721] slab_reclaimable 6752 [ 178.526328][ T5721] slab_unreclaimable 0 [ 178.526328][ T5721] slab 6752 [ 178.526328][ T5721] workingset_refault_anon 0 [ 178.630423][ T5721] Tasks state (memory values in pages): [ 178.636496][ T5721] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 178.655841][ T5721] Out of memory and no killable processes... [pid 5725] write(6, "0x000000000000040e", 18 [pid 5721] <... write resumed>) = 18 [pid 5721] close(3) = 0 [pid 5721] close(4) = 0 [pid 5721] close(5) = 0 [pid 5721] close(6) = 0 [pid 5721] close(7) = -1 EBADF (Bad file descriptor) [pid 5721] close(8) = -1 EBADF (Bad file descriptor) [pid 5721] close(9) = -1 EBADF (Bad file descriptor) [pid 5721] close(10) = -1 EBADF (Bad file descriptor) [pid 5721] close(11) = -1 EBADF (Bad file descriptor) [pid 5721] close(12) = -1 EBADF (Bad file descriptor) [pid 5721] close(13) = -1 EBADF (Bad file descriptor) [pid 5721] close(14) = -1 EBADF (Bad file descriptor) [pid 5721] close(15) = -1 EBADF (Bad file descriptor) [pid 5721] close(16) = -1 EBADF (Bad file descriptor) [pid 5721] close(17) = -1 EBADF (Bad file descriptor) [pid 5721] close(18) = -1 EBADF (Bad file descriptor) [pid 5721] close(19) = -1 EBADF (Bad file descriptor) [pid 5721] close(20) = -1 EBADF (Bad file descriptor) [pid 5721] close(21) = -1 EBADF (Bad file descriptor) [pid 5721] close(22) = -1 EBADF (Bad file descriptor) [pid 5721] close(23) = -1 EBADF (Bad file descriptor) [pid 5721] close(24) = -1 EBADF (Bad file descriptor) [pid 5721] close(25) = -1 EBADF (Bad file descriptor) [pid 5721] close(26) = -1 EBADF (Bad file descriptor) [pid 5721] close(27) = -1 EBADF (Bad file descriptor) [pid 5721] close(28) = -1 EBADF (Bad file descriptor) [pid 5721] close(29) = -1 EBADF (Bad file descriptor) [pid 5721] exit_group(0) = ? [pid 5721] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5075] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 178.663457][ T5722] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 178.676664][ T5722] CPU: 0 PID: 5722 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 178.687150][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 178.697252][ T5722] Call Trace: [ 178.700579][ T5722] [ 178.703552][ T5722] dump_stack_lvl+0x1e7/0x2d0 [ 178.708296][ T5722] ? nf_tcp_handle_invalid+0x640/0x640 [ 178.713821][ T5722] ? panic+0x770/0x770 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./42/binderfs") = 0 [pid 5075] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./42/cgroup") = 0 [pid 5075] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./42/cgroup.net") = 0 [ 178.717960][ T5722] dump_header+0xdc/0x940 [ 178.722350][ T5722] out_of_memory+0xf21/0x12c0 [ 178.727183][ T5722] ? mutex_lock_io_nested+0x60/0x60 [ 178.732468][ T5722] ? preempt_schedule+0xdd/0xf0 [ 178.737379][ T5722] ? unregister_oom_notifier+0x20/0x20 [ 178.742892][ T5722] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 178.748915][ T5722] mem_cgroup_out_of_memory+0x263/0x3b0 [ 178.754488][ T5722] ? preempt_schedule_thunk+0x1a/0x20 [ 178.759890][ T5722] ? mem_cgroup_oom_trylock+0x210/0x210 [ 178.765470][ T5722] ? cgroup_file_notify+0x127/0x190 [ 178.770691][ T5722] memory_max_write+0x355/0x470 [ 178.775565][ T5722] ? memory_max_show+0xa0/0xa0 [ 178.780351][ T5722] ? read_lock_is_recursive+0x20/0x20 [ 178.785750][ T5722] ? memory_max_show+0xa0/0xa0 [ 178.790536][ T5722] cgroup_file_write+0x2b1/0x780 [ 178.796681][ T5722] ? cgroup_seqfile_stop+0xd0/0xd0 [ 178.801812][ T5722] ? __virt_addr_valid+0x22f/0x2e0 [ 178.806953][ T5722] ? cgroup_seqfile_stop+0xd0/0xd0 [ 178.812082][ T5722] kernfs_fop_write_iter+0x3a6/0x4f0 [ 178.817390][ T5722] vfs_write+0x7b2/0xbb0 [ 178.821659][ T5722] ? file_end_write+0x240/0x240 [ 178.826536][ T5722] ? do_raw_spin_unlock+0x13b/0x8b0 [ 178.831755][ T5722] ? lockdep_hardirqs_on+0x98/0x140 [ 178.836998][ T5722] ? __fdget_pos+0x265/0x2f0 [ 178.841609][ T5722] ksys_write+0x1a0/0x2c0 [ 178.845961][ T5722] ? __ia32_sys_read+0x90/0x90 [ 178.850744][ T5722] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 178.856756][ T5722] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 178.862759][ T5722] do_syscall_64+0x41/0xc0 [ 178.867194][ T5722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 178.873112][ T5722] RIP: 0033:0x7fd49ce20129 [ 178.877543][ T5722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.897160][ T5722] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.905597][ T5722] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 178.913585][ T5722] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 178.921568][ T5722] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 178.929567][ T5722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 178.937571][ T5722] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000024 [ 178.945588][ T5722] [ 178.952677][ T5722] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./42/file0") = 0 [pid 5075] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./42/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./42") = 0 [pid 5075] mkdir("./43", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5726 attached [pid 5726] chdir("./43" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 45 [pid 5726] <... chdir resumed>) = 0 [pid 5726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5726] setpgid(0, 0) = 0 [pid 5726] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5726] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5726] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5726] write(3, "1000", 4) = 4 [pid 5726] close(3) = 0 [pid 5726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5726] mkdir("./file0", 000) = 0 [pid 5726] open("./file0", O_RDONLY) = 3 [pid 5726] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5726] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5726] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 178.963161][ T5722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 178.973582][ T5722] Memory cgroup stats for /syz1: [ 178.973794][ T5722] anon 0 [ 178.973794][ T5722] file 0 [ 178.973794][ T5722] kernel 8192 [ 178.973794][ T5722] kernel_stack 0 [ 178.973794][ T5722] pagetables 0 [ 178.973794][ T5722] sec_pagetables 0 [ 178.973794][ T5722] percpu 0 [ 178.973794][ T5722] sock 0 [ 178.973794][ T5722] vmalloc 0 [ 178.973794][ T5722] shmem 0 [ 178.973794][ T5722] zswap 0 [ 178.973794][ T5722] zswapped 0 [ 178.973794][ T5722] file_mapped 0 [pid 5726] openat(5, "memory.max", O_RDWR) = 6 [ 178.973794][ T5722] file_dirty 0 [ 178.973794][ T5722] file_writeback 0 [ 178.973794][ T5722] swapcached 0 [ 178.973794][ T5722] anon_thp 0 [ 178.973794][ T5722] file_thp 0 [ 178.973794][ T5722] shmem_thp 0 [ 178.973794][ T5722] inactive_anon 0 [ 178.973794][ T5722] active_anon 0 [ 178.973794][ T5722] inactive_file 0 [ 178.973794][ T5722] active_file 0 [ 178.973794][ T5722] unevictable 0 [ 178.973794][ T5722] slab_reclaimable 6752 [ 178.973794][ T5722] slab_unreclaimable 0 [ 178.973794][ T5722] slab 6752 [ 178.973794][ T5722] workingset_refault_anon 0 [pid 5726] write(6, "0x000000000000040e", 18 [pid 5722] <... write resumed>) = 18 [pid 5722] close(3) = 0 [pid 5722] close(4) = 0 [pid 5722] close(5) = 0 [pid 5722] close(6) = 0 [pid 5722] close(7) = -1 EBADF (Bad file descriptor) [ 179.071440][ T5722] Tasks state (memory values in pages): [ 179.081588][ T5722] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 179.093497][ T5722] Out of memory and no killable processes... [ 179.101997][ T5723] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5722] close(8) = -1 EBADF (Bad file descriptor) [pid 5722] close(9) = -1 EBADF (Bad file descriptor) [pid 5722] close(10) = -1 EBADF (Bad file descriptor) [pid 5722] close(11) = -1 EBADF (Bad file descriptor) [pid 5722] close(12) = -1 EBADF (Bad file descriptor) [pid 5722] close(13) = -1 EBADF (Bad file descriptor) [pid 5722] close(14) = -1 EBADF (Bad file descriptor) [pid 5722] close(15) = -1 EBADF (Bad file descriptor) [pid 5722] close(16) = -1 EBADF (Bad file descriptor) [pid 5722] close(17) = -1 EBADF (Bad file descriptor) [pid 5722] close(18) = -1 EBADF (Bad file descriptor) [pid 5722] close(19) = -1 EBADF (Bad file descriptor) [pid 5722] close(20) = -1 EBADF (Bad file descriptor) [pid 5722] close(21) = -1 EBADF (Bad file descriptor) [pid 5722] close(22) = -1 EBADF (Bad file descriptor) [pid 5722] close(23) = -1 EBADF (Bad file descriptor) [pid 5722] close(24) = -1 EBADF (Bad file descriptor) [pid 5722] close(25) = -1 EBADF (Bad file descriptor) [pid 5722] close(26) = -1 EBADF (Bad file descriptor) [pid 5722] close(27) = -1 EBADF (Bad file descriptor) [pid 5722] close(28) = -1 EBADF (Bad file descriptor) [pid 5722] close(29) = -1 EBADF (Bad file descriptor) [pid 5722] exit_group(0) = ? [pid 5722] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 179.112453][ T5723] CPU: 0 PID: 5723 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 179.122917][ T5723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 179.133019][ T5723] Call Trace: [ 179.136343][ T5723] [ 179.139317][ T5723] dump_stack_lvl+0x1e7/0x2d0 [ 179.144059][ T5723] ? nf_tcp_handle_invalid+0x640/0x640 [ 179.149580][ T5723] ? panic+0x770/0x770 [ 179.153720][ T5723] dump_header+0xdc/0x940 [ 179.158115][ T5723] out_of_memory+0xf21/0x12c0 [ 179.162855][ T5723] ? mutex_lock_io_nested+0x60/0x60 [pid 5070] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./36/binderfs") = 0 [pid 5070] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./36/cgroup") = 0 [pid 5070] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./36/cgroup.net") = 0 [ 179.168122][ T5723] ? preempt_schedule+0xdd/0xf0 [ 179.173031][ T5723] ? unregister_oom_notifier+0x20/0x20 [ 179.178550][ T5723] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 179.184593][ T5723] mem_cgroup_out_of_memory+0x263/0x3b0 [ 179.190190][ T5723] ? preempt_schedule_thunk+0x1a/0x20 [ 179.195619][ T5723] ? mem_cgroup_oom_trylock+0x210/0x210 [ 179.201241][ T5723] ? cgroup_file_notify+0x127/0x190 [ 179.206489][ T5723] memory_max_write+0x355/0x470 [ 179.211393][ T5723] ? memory_max_show+0xa0/0xa0 [ 179.216206][ T5723] ? read_lock_is_recursive+0x20/0x20 [ 179.221634][ T5723] ? memory_max_show+0xa0/0xa0 [ 179.226446][ T5723] cgroup_file_write+0x2b1/0x780 [ 179.231433][ T5723] ? cgroup_seqfile_stop+0xd0/0xd0 [ 179.236593][ T5723] ? __virt_addr_valid+0x22f/0x2e0 [ 179.241770][ T5723] ? cgroup_seqfile_stop+0xd0/0xd0 [ 179.246922][ T5723] kernfs_fop_write_iter+0x3a6/0x4f0 [ 179.252268][ T5723] vfs_write+0x7b2/0xbb0 [ 179.256572][ T5723] ? file_end_write+0x240/0x240 [ 179.261479][ T5723] ? do_raw_spin_unlock+0x13b/0x8b0 [ 179.266724][ T5723] ? lockdep_hardirqs_on+0x98/0x140 [ 179.271976][ T5723] ? __fdget_pos+0x265/0x2f0 [ 179.276614][ T5723] ksys_write+0x1a0/0x2c0 [ 179.281001][ T5723] ? __ia32_sys_read+0x90/0x90 [ 179.285813][ T5723] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 179.291838][ T5723] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 179.297850][ T5723] do_syscall_64+0x41/0xc0 [ 179.302318][ T5723] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 179.308266][ T5723] RIP: 0033:0x7fd49ce20129 [ 179.312713][ T5723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.332360][ T5723] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.340815][ T5723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 179.348810][ T5723] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 179.356823][ T5723] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 179.364831][ T5723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./36/file0") = 0 [pid 5070] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./36/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 179.372848][ T5723] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002c [ 179.380889][ T5723] [ 179.391854][ T5723] memory: usage 8kB, limit 0kB, failcnt 55 [ 179.397987][ T5723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 179.404916][ T5723] Memory cgroup stats for /syz1: [ 179.405077][ T5723] anon 0 [ 179.405077][ T5723] file 0 [ 179.405077][ T5723] kernel 8192 [ 179.405077][ T5723] kernel_stack 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./36") = 0 [pid 5070] mkdir("./37", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 39 ./strace-static-x86_64: Process 5727 attached [pid 5727] chdir("./37") = 0 [pid 5727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5727] setpgid(0, 0) = 0 [pid 5727] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5727] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5727] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5727] write(3, "1000", 4) = 4 [pid 5727] close(3) = 0 [pid 5727] symlink("/dev/binderfs", "./binderfs") = 0 [ 179.405077][ T5723] pagetables 0 [ 179.405077][ T5723] sec_pagetables 0 [ 179.405077][ T5723] percpu 0 [ 179.405077][ T5723] sock 0 [ 179.405077][ T5723] vmalloc 0 [ 179.405077][ T5723] shmem 0 [ 179.405077][ T5723] zswap 0 [ 179.405077][ T5723] zswapped 0 [ 179.405077][ T5723] file_mapped 0 [ 179.405077][ T5723] file_dirty 0 [ 179.405077][ T5723] file_writeback 0 [ 179.405077][ T5723] swapcached 0 [ 179.405077][ T5723] anon_thp 0 [ 179.405077][ T5723] file_thp 0 [ 179.405077][ T5723] shmem_thp 0 [pid 5727] mkdir("./file0", 000) = 0 [pid 5727] open("./file0", O_RDONLY) = 3 [pid 5727] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5727] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5727] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5727] openat(5, "memory.max", O_RDWR) = 6 [ 179.405077][ T5723] inactive_anon 0 [ 179.405077][ T5723] active_anon 0 [ 179.405077][ T5723] inactive_file 0 [ 179.405077][ T5723] active_file 0 [ 179.405077][ T5723] unevictable 0 [ 179.405077][ T5723] slab_reclaimable 6752 [ 179.405077][ T5723] slab_unreclaimable 0 [ 179.405077][ T5723] slab 6752 [ 179.405077][ T5723] workingset_refault_anon 0 [ 179.505244][ T5723] Tasks state (memory values in pages): [pid 5727] write(6, "0x000000000000040e", 18 [pid 5723] <... write resumed>) = 18 [pid 5723] close(3) = 0 [pid 5723] close(4) = 0 [pid 5723] close(5) = 0 [pid 5723] close(6) = 0 [pid 5723] close(7) = -1 EBADF (Bad file descriptor) [pid 5723] close(8) = -1 EBADF (Bad file descriptor) [pid 5723] close(9) = -1 EBADF (Bad file descriptor) [pid 5723] close(10) = -1 EBADF (Bad file descriptor) [pid 5723] close(11) = -1 EBADF (Bad file descriptor) [pid 5723] close(12) = -1 EBADF (Bad file descriptor) [pid 5723] close(13) = -1 EBADF (Bad file descriptor) [pid 5723] close(14) = -1 EBADF (Bad file descriptor) [pid 5723] close(15) = -1 EBADF (Bad file descriptor) [pid 5723] close(16) = -1 EBADF (Bad file descriptor) [pid 5723] close(17) = -1 EBADF (Bad file descriptor) [pid 5723] close(18) = -1 EBADF (Bad file descriptor) [pid 5723] close(19) = -1 EBADF (Bad file descriptor) [pid 5723] close(20) = -1 EBADF (Bad file descriptor) [pid 5723] close(21) = -1 EBADF (Bad file descriptor) [pid 5723] close(22) = -1 EBADF (Bad file descriptor) [pid 5723] close(23) = -1 EBADF (Bad file descriptor) [pid 5723] close(24) = -1 EBADF (Bad file descriptor) [pid 5723] close(25) = -1 EBADF (Bad file descriptor) [pid 5723] close(26) = -1 EBADF (Bad file descriptor) [pid 5723] close(27) = -1 EBADF (Bad file descriptor) [pid 5723] close(28) = -1 EBADF (Bad file descriptor) [pid 5723] close(29) = -1 EBADF (Bad file descriptor) [pid 5723] exit_group(0) = ? [ 179.516631][ T5723] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 179.528280][ T5723] Out of memory and no killable processes... [ 179.535624][ T5724] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 179.547566][ T5724] CPU: 1 PID: 5724 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 179.558030][ T5724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 179.568117][ T5724] Call Trace: [pid 5723] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./44/binderfs") = 0 [pid 5074] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./44/cgroup") = 0 [pid 5074] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./44/cgroup.net") = 0 [ 179.571425][ T5724] [ 179.574379][ T5724] dump_stack_lvl+0x1e7/0x2d0 [ 179.579114][ T5724] ? nf_tcp_handle_invalid+0x640/0x640 [ 179.584628][ T5724] ? panic+0x770/0x770 [ 179.588747][ T5724] dump_header+0xdc/0x940 [ 179.593124][ T5724] out_of_memory+0xf21/0x12c0 [ 179.597844][ T5724] ? mutex_lock_io_nested+0x60/0x60 [ 179.603083][ T5724] ? mark_lock+0x9a/0x340 [ 179.607459][ T5724] ? unregister_oom_notifier+0x20/0x20 [ 179.612963][ T5724] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 179.619003][ T5724] mem_cgroup_out_of_memory+0x263/0x3b0 [ 179.624601][ T5724] ? mem_cgroup_oom_trylock+0x210/0x210 [ 179.630212][ T5724] ? cgroup_file_notify+0x127/0x190 [ 179.635467][ T5724] memory_max_write+0x355/0x470 [ 179.640343][ T5724] ? memory_max_show+0xa0/0xa0 [ 179.645127][ T5724] ? read_lock_is_recursive+0x20/0x20 [ 179.650554][ T5724] ? memory_max_show+0xa0/0xa0 [ 179.655336][ T5724] cgroup_file_write+0x2b1/0x780 [ 179.660294][ T5724] ? cgroup_seqfile_stop+0xd0/0xd0 [ 179.665417][ T5724] ? __virt_addr_valid+0x22f/0x2e0 [ 179.670559][ T5724] ? cgroup_seqfile_stop+0xd0/0xd0 [ 179.675680][ T5724] kernfs_fop_write_iter+0x3a6/0x4f0 [ 179.680992][ T5724] vfs_write+0x7b2/0xbb0 [ 179.685257][ T5724] ? file_end_write+0x240/0x240 [ 179.690130][ T5724] ? do_raw_spin_unlock+0x13b/0x8b0 [ 179.695375][ T5724] ? lockdep_hardirqs_on+0x98/0x140 [ 179.700617][ T5724] ? __fdget_pos+0x265/0x2f0 [ 179.705240][ T5724] ksys_write+0x1a0/0x2c0 [ 179.709606][ T5724] ? __ia32_sys_read+0x90/0x90 [ 179.714388][ T5724] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 179.720413][ T5724] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 179.726423][ T5724] do_syscall_64+0x41/0xc0 [ 179.730862][ T5724] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 179.736782][ T5724] RIP: 0033:0x7fd49ce20129 [ 179.741214][ T5724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.760852][ T5724] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.769290][ T5724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 179.777278][ T5724] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 179.785257][ T5724] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 179.793257][ T5724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 179.801246][ T5724] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000028 [ 179.809277][ T5724] [ 179.815473][ T5724] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./44/file0") = 0 [pid 5074] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./44/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./44") = 0 [pid 5074] mkdir("./45", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 47 ./strace-static-x86_64: Process 5728 attached [pid 5728] chdir("./45") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 179.823576][ T5724] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 179.830631][ T5724] Memory cgroup stats for /syz1: [ 179.831773][ T5724] anon 0 [ 179.831773][ T5724] file 0 [ 179.831773][ T5724] kernel 8192 [ 179.831773][ T5724] kernel_stack 0 [ 179.831773][ T5724] pagetables 0 [ 179.831773][ T5724] sec_pagetables 0 [ 179.831773][ T5724] percpu 0 [ 179.831773][ T5724] sock 0 [ 179.831773][ T5724] vmalloc 0 [ 179.831773][ T5724] shmem 0 [ 179.831773][ T5724] zswap 0 [ 179.831773][ T5724] zswapped 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5728] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5728] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] mkdir("./file0", 000) = 0 [pid 5728] open("./file0", O_RDONLY) = 3 [pid 5728] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5728] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5728] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5728] openat(5, "memory.max", O_RDWR) = 6 [ 179.831773][ T5724] file_mapped 0 [ 179.831773][ T5724] file_dirty 0 [ 179.831773][ T5724] file_writeback 0 [ 179.831773][ T5724] swapcached 0 [ 179.831773][ T5724] anon_thp 0 [ 179.831773][ T5724] file_thp 0 [ 179.831773][ T5724] shmem_thp 0 [ 179.831773][ T5724] inactive_anon 0 [ 179.831773][ T5724] active_anon 0 [ 179.831773][ T5724] inactive_file 0 [ 179.831773][ T5724] active_file 0 [ 179.831773][ T5724] unevictable 0 [ 179.831773][ T5724] slab_reclaimable 6752 [ 179.831773][ T5724] slab_unreclaimable 0 [ 179.831773][ T5724] slab 6752 [pid 5728] write(6, "0x000000000000040e", 18 [pid 5724] <... write resumed>) = 18 [pid 5724] close(3) = 0 [pid 5724] close(4) = 0 [pid 5724] close(5) = 0 [pid 5724] close(6) = 0 [pid 5724] close(7) = -1 EBADF (Bad file descriptor) [pid 5724] close(8) = -1 EBADF (Bad file descriptor) [pid 5724] close(9) = -1 EBADF (Bad file descriptor) [pid 5724] close(10) = -1 EBADF (Bad file descriptor) [pid 5724] close(11) = -1 EBADF (Bad file descriptor) [pid 5724] close(12) = -1 EBADF (Bad file descriptor) [pid 5724] close(13) = -1 EBADF (Bad file descriptor) [pid 5724] close(14) = -1 EBADF (Bad file descriptor) [pid 5724] close(15) = -1 EBADF (Bad file descriptor) [pid 5724] close(16) = -1 EBADF (Bad file descriptor) [pid 5724] close(17) = -1 EBADF (Bad file descriptor) [pid 5724] close(18) = -1 EBADF (Bad file descriptor) [pid 5724] close(19) = -1 EBADF (Bad file descriptor) [pid 5724] close(20) = -1 EBADF (Bad file descriptor) [pid 5724] close(21) = -1 EBADF (Bad file descriptor) [pid 5724] close(22) = -1 EBADF (Bad file descriptor) [pid 5724] close(23) = -1 EBADF (Bad file descriptor) [pid 5724] close(24) = -1 EBADF (Bad file descriptor) [pid 5724] close(25) = -1 EBADF (Bad file descriptor) [pid 5724] close(26) = -1 EBADF (Bad file descriptor) [pid 5724] close(27) = -1 EBADF (Bad file descriptor) [pid 5724] close(28) = -1 EBADF (Bad file descriptor) [pid 5724] close(29) = -1 EBADF (Bad file descriptor) [pid 5724] exit_group(0) = ? [pid 5724] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 179.831773][ T5724] workingset_refault_anon 0 [ 179.930401][ T5724] Tasks state (memory values in pages): [ 179.935988][ T5724] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 179.945746][ T5724] Out of memory and no killable processes... [ 179.951983][ T5725] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 179.963968][ T5725] CPU: 1 PID: 5725 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5073] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 179.974519][ T5725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 179.984612][ T5725] Call Trace: [ 179.987934][ T5725] [ 179.990911][ T5725] dump_stack_lvl+0x1e7/0x2d0 [ 179.995650][ T5725] ? nf_tcp_handle_invalid+0x640/0x640 [ 180.001168][ T5725] ? panic+0x770/0x770 [ 180.005309][ T5725] dump_header+0xdc/0x940 [ 180.009708][ T5725] out_of_memory+0xf21/0x12c0 [ 180.014440][ T5725] ? mutex_lock_io_nested+0x60/0x60 [ 180.019703][ T5725] ? preempt_schedule+0xdd/0xf0 [pid 5073] unlink("./40/binderfs") = 0 [pid 5073] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./40/cgroup") = 0 [pid 5073] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./40/cgroup.net") = 0 [ 180.024611][ T5725] ? unregister_oom_notifier+0x20/0x20 [ 180.030134][ T5725] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 180.036183][ T5725] mem_cgroup_out_of_memory+0x263/0x3b0 [ 180.041784][ T5725] ? preempt_schedule_thunk+0x1a/0x20 [ 180.047211][ T5725] ? mem_cgroup_oom_trylock+0x210/0x210 [ 180.052794][ T5725] ? cgroup_file_notify+0x127/0x190 [ 180.058024][ T5725] memory_max_write+0x355/0x470 [ 180.062920][ T5725] ? memory_max_show+0xa0/0xa0 [ 180.067706][ T5725] ? read_lock_is_recursive+0x20/0x20 [ 180.073099][ T5725] ? memory_max_show+0xa0/0xa0 [ 180.077879][ T5725] cgroup_file_write+0x2b1/0x780 [ 180.082855][ T5725] ? cgroup_seqfile_stop+0xd0/0xd0 [ 180.087976][ T5725] ? __virt_addr_valid+0x22f/0x2e0 [ 180.093116][ T5725] ? cgroup_seqfile_stop+0xd0/0xd0 [ 180.098239][ T5725] kernfs_fop_write_iter+0x3a6/0x4f0 [ 180.103542][ T5725] vfs_write+0x7b2/0xbb0 [ 180.107808][ T5725] ? file_end_write+0x240/0x240 [ 180.112683][ T5725] ? do_raw_spin_unlock+0x13b/0x8b0 [ 180.117900][ T5725] ? lockdep_hardirqs_on+0x98/0x140 [ 180.123121][ T5725] ? __fdget_pos+0x265/0x2f0 [ 180.127732][ T5725] ksys_write+0x1a0/0x2c0 [ 180.132085][ T5725] ? __ia32_sys_read+0x90/0x90 [ 180.136869][ T5725] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 180.142873][ T5725] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 180.148892][ T5725] do_syscall_64+0x41/0xc0 [ 180.153331][ T5725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 180.159242][ T5725] RIP: 0033:0x7fd49ce20129 [ 180.163669][ T5725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.183287][ T5725] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 180.191739][ T5725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 180.199721][ T5725] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 180.207702][ T5725] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 180.215683][ T5725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./40/file0") = 0 [pid 5073] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./40/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./40") = 0 [pid 5073] mkdir("./41", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5729 attached [pid 5729] chdir("./41" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 43 [pid 5729] <... chdir resumed>) = 0 [pid 5729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5729] setpgid(0, 0) = 0 [pid 5729] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5729] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5729] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5729] write(3, "1000", 4) = 4 [pid 5729] close(3) = 0 [pid 5729] symlink("/dev/binderfs", "./binderfs") = 0 [ 180.223665][ T5725] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000025 [ 180.231673][ T5725] [ 180.248326][ T5725] memory: usage 8kB, limit 0kB, failcnt 55 [ 180.264074][ T5725] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5729] mkdir("./file0", 000) = 0 [pid 5729] open("./file0", O_RDONLY) = 3 [pid 5729] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5729] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5729] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5729] openat(5, "memory.max", O_RDWR) = 6 [ 180.279676][ T5725] Memory cgroup stats for /syz1: [ 180.280966][ T5725] anon 0 [ 180.280966][ T5725] file 0 [ 180.280966][ T5725] kernel 8192 [ 180.280966][ T5725] kernel_stack 0 [ 180.280966][ T5725] pagetables 0 [ 180.280966][ T5725] sec_pagetables 0 [ 180.280966][ T5725] percpu 0 [ 180.280966][ T5725] sock 0 [ 180.280966][ T5725] vmalloc 0 [ 180.280966][ T5725] shmem 0 [ 180.280966][ T5725] zswap 0 [ 180.280966][ T5725] zswapped 0 [ 180.280966][ T5725] file_mapped 0 [ 180.280966][ T5725] file_dirty 0 [ 180.280966][ T5725] file_writeback 0 [ 180.280966][ T5725] swapcached 0 [ 180.280966][ T5725] anon_thp 0 [ 180.280966][ T5725] file_thp 0 [ 180.280966][ T5725] shmem_thp 0 [ 180.280966][ T5725] inactive_anon 0 [ 180.280966][ T5725] active_anon 0 [ 180.280966][ T5725] inactive_file 0 [ 180.280966][ T5725] active_file 0 [ 180.280966][ T5725] unevictable 0 [ 180.280966][ T5725] slab_reclaimable 6752 [ 180.280966][ T5725] slab_unreclaimable 0 [ 180.280966][ T5725] slab 6752 [ 180.280966][ T5725] workingset_refault_anon 0 [pid 5729] write(6, "0x000000000000040e", 18 [pid 5725] <... write resumed>) = 18 [pid 5725] close(3) = 0 [pid 5725] close(4) = 0 [pid 5725] close(5) = 0 [pid 5725] close(6) = 0 [pid 5725] close(7) = -1 EBADF (Bad file descriptor) [pid 5725] close(8) = -1 EBADF (Bad file descriptor) [pid 5725] close(9) = -1 EBADF (Bad file descriptor) [ 180.387741][ T5725] Tasks state (memory values in pages): [ 180.394590][ T5725] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 180.404621][ T5725] Out of memory and no killable processes... [ 180.412024][ T5726] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 180.422559][ T5726] CPU: 0 PID: 5726 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5725] close(10) = -1 EBADF (Bad file descriptor) [pid 5725] close(11) = -1 EBADF (Bad file descriptor) [pid 5725] close(12) = -1 EBADF (Bad file descriptor) [pid 5725] close(13) = -1 EBADF (Bad file descriptor) [pid 5725] close(14) = -1 EBADF (Bad file descriptor) [pid 5725] close(15) = -1 EBADF (Bad file descriptor) [pid 5725] close(16) = -1 EBADF (Bad file descriptor) [pid 5725] close(17) = -1 EBADF (Bad file descriptor) [pid 5725] close(18) = -1 EBADF (Bad file descriptor) [pid 5725] close(19) = -1 EBADF (Bad file descriptor) [pid 5725] close(20) = -1 EBADF (Bad file descriptor) [pid 5725] close(21) = -1 EBADF (Bad file descriptor) [pid 5725] close(22) = -1 EBADF (Bad file descriptor) [pid 5725] close(23) = -1 EBADF (Bad file descriptor) [pid 5725] close(24) = -1 EBADF (Bad file descriptor) [pid 5725] close(25) = -1 EBADF (Bad file descriptor) [pid 5725] close(26) = -1 EBADF (Bad file descriptor) [pid 5725] close(27) = -1 EBADF (Bad file descriptor) [pid 5725] close(28) = -1 EBADF (Bad file descriptor) [pid 5725] close(29) = -1 EBADF (Bad file descriptor) [pid 5725] exit_group(0) = ? [pid 5725] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 180.433020][ T5726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 180.443106][ T5726] Call Trace: [ 180.446415][ T5726] [ 180.449381][ T5726] dump_stack_lvl+0x1e7/0x2d0 [ 180.454111][ T5726] ? nf_tcp_handle_invalid+0x640/0x640 [ 180.459625][ T5726] ? panic+0x770/0x770 [ 180.463777][ T5726] dump_header+0xdc/0x940 [ 180.468160][ T5726] out_of_memory+0xf21/0x12c0 [ 180.472887][ T5726] ? mutex_lock_io_nested+0x60/0x60 [ 180.478156][ T5726] ? preempt_schedule+0xdd/0xf0 [ 180.483049][ T5726] ? unregister_oom_notifier+0x20/0x20 [pid 5072] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./37/binderfs") = 0 [pid 5072] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./37/cgroup") = 0 [pid 5072] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./37/cgroup.net") = 0 [ 180.488554][ T5726] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 180.494593][ T5726] mem_cgroup_out_of_memory+0x263/0x3b0 [ 180.500209][ T5726] ? preempt_schedule_thunk+0x1a/0x20 [ 180.505641][ T5726] ? mem_cgroup_oom_trylock+0x210/0x210 [ 180.511254][ T5726] ? cgroup_file_notify+0x127/0x190 [ 180.516507][ T5726] memory_max_write+0x355/0x470 [ 180.521399][ T5726] ? memory_max_show+0xa0/0xa0 [ 180.526175][ T5726] ? read_lock_is_recursive+0x20/0x20 [ 180.531575][ T5726] ? memory_max_show+0xa0/0xa0 [ 180.536385][ T5726] cgroup_file_write+0x2b1/0x780 [ 180.541387][ T5726] ? cgroup_seqfile_stop+0xd0/0xd0 [ 180.546536][ T5726] ? __virt_addr_valid+0x22f/0x2e0 [ 180.551712][ T5726] ? cgroup_seqfile_stop+0xd0/0xd0 [ 180.556863][ T5726] kernfs_fop_write_iter+0x3a6/0x4f0 [ 180.562207][ T5726] vfs_write+0x7b2/0xbb0 [ 180.566509][ T5726] ? file_end_write+0x240/0x240 [ 180.571412][ T5726] ? do_raw_spin_unlock+0x13b/0x8b0 [ 180.576658][ T5726] ? lockdep_hardirqs_on+0x98/0x140 [ 180.581917][ T5726] ? __fdget_pos+0x265/0x2f0 [ 180.586557][ T5726] ksys_write+0x1a0/0x2c0 [ 180.590943][ T5726] ? __ia32_sys_read+0x90/0x90 [ 180.595749][ T5726] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 180.601796][ T5726] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 180.607832][ T5726] do_syscall_64+0x41/0xc0 [ 180.612290][ T5726] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 180.618212][ T5726] RIP: 0033:0x7fd49ce20129 [ 180.622662][ T5726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.642325][ T5726] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 180.650751][ T5726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 180.658745][ T5726] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 180.666754][ T5726] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 180.674762][ T5726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5072] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./37/file0") = 0 [pid 5072] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./37/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 180.682753][ T5726] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002b [ 180.690766][ T5726] [pid 5072] rmdir("./37") = 0 [pid 5072] mkdir("./38", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5730 attached [pid 5730] chdir("./38" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 40 [pid 5730] <... chdir resumed>) = 0 [pid 5730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5730] setpgid(0, 0) = 0 [pid 5730] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5730] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5730] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5730] write(3, "1000", 4) = 4 [pid 5730] close(3) = 0 [pid 5730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5730] mkdir("./file0", 000) = 0 [pid 5730] open("./file0", O_RDONLY) = 3 [pid 5730] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5730] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5730] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5730] openat(5, "memory.max", O_RDWR) = 6 [ 180.722447][ T5726] memory: usage 8kB, limit 0kB, failcnt 55 [ 180.734176][ T5726] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 180.742868][ T5726] Memory cgroup stats for /syz1: [ 180.743065][ T5726] anon 0 [ 180.743065][ T5726] file 0 [ 180.743065][ T5726] kernel 8192 [ 180.743065][ T5726] kernel_stack 0 [ 180.743065][ T5726] pagetables 0 [ 180.743065][ T5726] sec_pagetables 0 [ 180.743065][ T5726] percpu 0 [ 180.743065][ T5726] sock 0 [ 180.743065][ T5726] vmalloc 0 [ 180.743065][ T5726] shmem 0 [ 180.743065][ T5726] zswap 0 [ 180.743065][ T5726] zswapped 0 [ 180.743065][ T5726] file_mapped 0 [ 180.743065][ T5726] file_dirty 0 [ 180.743065][ T5726] file_writeback 0 [ 180.743065][ T5726] swapcached 0 [ 180.743065][ T5726] anon_thp 0 [ 180.743065][ T5726] file_thp 0 [ 180.743065][ T5726] shmem_thp 0 [ 180.743065][ T5726] inactive_anon 0 [ 180.743065][ T5726] active_anon 0 [ 180.743065][ T5726] inactive_file 0 [ 180.743065][ T5726] active_file 0 [ 180.743065][ T5726] unevictable 0 [ 180.743065][ T5726] slab_reclaimable 6752 [ 180.743065][ T5726] slab_unreclaimable 0 [ 180.743065][ T5726] slab 6752 [ 180.743065][ T5726] workingset_refault_anon 0 [ 180.855230][ T5726] Tasks state (memory values in pages): [ 180.861233][ T5726] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5730] write(6, "0x000000000000040e", 18 [pid 5726] <... write resumed>) = 18 [pid 5726] close(3) = 0 [pid 5726] close(4) = 0 [pid 5726] close(5) = 0 [pid 5726] close(6) = 0 [pid 5726] close(7) = -1 EBADF (Bad file descriptor) [pid 5726] close(8) = -1 EBADF (Bad file descriptor) [pid 5726] close(9) = -1 EBADF (Bad file descriptor) [pid 5726] close(10) = -1 EBADF (Bad file descriptor) [pid 5726] close(11) = -1 EBADF (Bad file descriptor) [pid 5726] close(12) = -1 EBADF (Bad file descriptor) [pid 5726] close(13) = -1 EBADF (Bad file descriptor) [pid 5726] close(14) = -1 EBADF (Bad file descriptor) [pid 5726] close(15) = -1 EBADF (Bad file descriptor) [pid 5726] close(16) = -1 EBADF (Bad file descriptor) [pid 5726] close(17) = -1 EBADF (Bad file descriptor) [pid 5726] close(18) = -1 EBADF (Bad file descriptor) [pid 5726] close(19) = -1 EBADF (Bad file descriptor) [pid 5726] close(20) = -1 EBADF (Bad file descriptor) [pid 5726] close(21) = -1 EBADF (Bad file descriptor) [pid 5726] close(22) = -1 EBADF (Bad file descriptor) [pid 5726] close(23) = -1 EBADF (Bad file descriptor) [pid 5726] close(24) = -1 EBADF (Bad file descriptor) [pid 5726] close(25) = -1 EBADF (Bad file descriptor) [pid 5726] close(26) = -1 EBADF (Bad file descriptor) [pid 5726] close(27) = -1 EBADF (Bad file descriptor) [pid 5726] close(28) = -1 EBADF (Bad file descriptor) [pid 5726] close(29) = -1 EBADF (Bad file descriptor) [pid 5726] exit_group(0) = ? [pid 5726] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 180.871220][ T5726] Out of memory and no killable processes... [ 180.878332][ T5727] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 180.889627][ T5727] CPU: 1 PID: 5727 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 180.900095][ T5727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 180.910183][ T5727] Call Trace: [ 180.913514][ T5727] [ 180.916487][ T5727] dump_stack_lvl+0x1e7/0x2d0 [pid 5075] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./43/binderfs") = 0 [pid 5075] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./43/cgroup") = 0 [pid 5075] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./43/cgroup.net") = 0 [ 180.921227][ T5727] ? nf_tcp_handle_invalid+0x640/0x640 [ 180.926756][ T5727] ? panic+0x770/0x770 [ 180.930900][ T5727] dump_header+0xdc/0x940 [ 180.935284][ T5727] out_of_memory+0xf21/0x12c0 [ 180.940016][ T5727] ? mutex_lock_io_nested+0x60/0x60 [ 180.945276][ T5727] ? mark_lock+0x9a/0x340 [ 180.949650][ T5727] ? unregister_oom_notifier+0x20/0x20 [ 180.955148][ T5727] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 180.961167][ T5727] mem_cgroup_out_of_memory+0x263/0x3b0 [ 180.966746][ T5727] ? mem_cgroup_oom_trylock+0x210/0x210 [ 180.972345][ T5727] ? cgroup_file_notify+0x127/0x190 [ 180.977576][ T5727] memory_max_write+0x355/0x470 [ 180.982453][ T5727] ? memory_max_show+0xa0/0xa0 [ 180.987251][ T5727] ? read_lock_is_recursive+0x20/0x20 [ 180.992646][ T5727] ? memory_max_show+0xa0/0xa0 [ 180.997439][ T5727] cgroup_file_write+0x2b1/0x780 [ 181.002405][ T5727] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.007542][ T5727] ? __virt_addr_valid+0x22f/0x2e0 [ 181.012699][ T5727] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.017835][ T5727] kernfs_fop_write_iter+0x3a6/0x4f0 [ 181.023140][ T5727] vfs_write+0x7b2/0xbb0 [ 181.027422][ T5727] ? file_end_write+0x240/0x240 [ 181.032310][ T5727] ? do_raw_spin_unlock+0x13b/0x8b0 [ 181.037540][ T5727] ? lockdep_hardirqs_on+0x98/0x140 [ 181.042776][ T5727] ? __fdget_pos+0x265/0x2f0 [ 181.047393][ T5727] ksys_write+0x1a0/0x2c0 [ 181.051750][ T5727] ? __ia32_sys_read+0x90/0x90 [ 181.056537][ T5727] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 181.062556][ T5727] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 181.068560][ T5727] do_syscall_64+0x41/0xc0 [ 181.072990][ T5727] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 181.078901][ T5727] RIP: 0033:0x7fd49ce20129 [ 181.083328][ T5727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.102949][ T5727] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.111381][ T5727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 181.119367][ T5727] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 181.127372][ T5727] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 181.135351][ T5727] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 181.143330][ T5727] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000025 [ 181.151339][ T5727] [ 181.158036][ T5727] memory: usage 8kB, limit 0kB, failcnt 55 [ 181.166383][ T5727] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./43/file0") = 0 [pid 5075] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./43/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./43") = 0 [pid 5075] mkdir("./44", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5731 attached [pid 5731] chdir("./44" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 46 [pid 5731] <... chdir resumed>) = 0 [pid 5731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5731] setpgid(0, 0) = 0 [pid 5731] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5731] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5731] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5731] write(3, "1000", 4) = 4 [pid 5731] close(3) = 0 [pid 5731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5731] mkdir("./file0", 000) = 0 [ 181.176328][ T5727] Memory cgroup stats for /syz1: [ 181.176802][ T5727] anon 0 [ 181.176802][ T5727] file 0 [ 181.176802][ T5727] kernel 8192 [ 181.176802][ T5727] kernel_stack 0 [ 181.176802][ T5727] pagetables 0 [ 181.176802][ T5727] sec_pagetables 0 [ 181.176802][ T5727] percpu 0 [ 181.176802][ T5727] sock 0 [ 181.176802][ T5727] vmalloc 0 [ 181.176802][ T5727] shmem 0 [ 181.176802][ T5727] zswap 0 [ 181.176802][ T5727] zswapped 0 [ 181.176802][ T5727] file_mapped 0 [ 181.176802][ T5727] file_dirty 0 [pid 5731] open("./file0", O_RDONLY) = 3 [pid 5731] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5731] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5731] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5731] openat(5, "memory.max", O_RDWR) = 6 [ 181.176802][ T5727] file_writeback 0 [ 181.176802][ T5727] swapcached 0 [ 181.176802][ T5727] anon_thp 0 [ 181.176802][ T5727] file_thp 0 [ 181.176802][ T5727] shmem_thp 0 [ 181.176802][ T5727] inactive_anon 0 [ 181.176802][ T5727] active_anon 0 [ 181.176802][ T5727] inactive_file 0 [ 181.176802][ T5727] active_file 0 [ 181.176802][ T5727] unevictable 0 [ 181.176802][ T5727] slab_reclaimable 6752 [ 181.176802][ T5727] slab_unreclaimable 0 [ 181.176802][ T5727] slab 6752 [ 181.176802][ T5727] workingset_refault_anon 0 [pid 5731] write(6, "0x000000000000040e", 18 [pid 5727] <... write resumed>) = 18 [pid 5727] close(3) = 0 [pid 5727] close(4) = 0 [pid 5727] close(5) = 0 [pid 5727] close(6) = 0 [pid 5727] close(7) = -1 EBADF (Bad file descriptor) [pid 5727] close(8) = -1 EBADF (Bad file descriptor) [pid 5727] close(9) = -1 EBADF (Bad file descriptor) [pid 5727] close(10) = -1 EBADF (Bad file descriptor) [pid 5727] close(11) = -1 EBADF (Bad file descriptor) [pid 5727] close(12) = -1 EBADF (Bad file descriptor) [pid 5727] close(13) = -1 EBADF (Bad file descriptor) [pid 5727] close(14) = -1 EBADF (Bad file descriptor) [pid 5727] close(15) = -1 EBADF (Bad file descriptor) [pid 5727] close(16) = -1 EBADF (Bad file descriptor) [pid 5727] close(17) = -1 EBADF (Bad file descriptor) [pid 5727] close(18) = -1 EBADF (Bad file descriptor) [ 181.277967][ T5727] Tasks state (memory values in pages): [ 181.283759][ T5727] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 181.293683][ T5727] Out of memory and no killable processes... [ 181.302095][ T5728] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5727] close(19) = -1 EBADF (Bad file descriptor) [pid 5727] close(20) = -1 EBADF (Bad file descriptor) [pid 5727] close(21) = -1 EBADF (Bad file descriptor) [pid 5727] close(22) = -1 EBADF (Bad file descriptor) [pid 5727] close(23) = -1 EBADF (Bad file descriptor) [pid 5727] close(24) = -1 EBADF (Bad file descriptor) [pid 5727] close(25) = -1 EBADF (Bad file descriptor) [pid 5727] close(26) = -1 EBADF (Bad file descriptor) [pid 5727] close(27) = -1 EBADF (Bad file descriptor) [pid 5727] close(28) = -1 EBADF (Bad file descriptor) [pid 5727] close(29) = -1 EBADF (Bad file descriptor) [pid 5727] exit_group(0) = ? [pid 5727] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 181.321781][ T5728] CPU: 1 PID: 5728 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 181.332272][ T5728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 181.342373][ T5728] Call Trace: [ 181.345693][ T5728] [ 181.348677][ T5728] dump_stack_lvl+0x1e7/0x2d0 [ 181.353412][ T5728] ? nf_tcp_handle_invalid+0x640/0x640 [ 181.358928][ T5728] ? panic+0x770/0x770 [ 181.363078][ T5728] dump_header+0xdc/0x940 [ 181.367468][ T5728] out_of_memory+0xf21/0x12c0 [ 181.372218][ T5728] ? mutex_lock_io_nested+0x60/0x60 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./37/binderfs") = 0 [pid 5070] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./37/cgroup") = 0 [pid 5070] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 181.377494][ T5728] ? preempt_schedule+0xdd/0xf0 [ 181.382399][ T5728] ? unregister_oom_notifier+0x20/0x20 [ 181.387909][ T5728] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 181.393945][ T5728] mem_cgroup_out_of_memory+0x263/0x3b0 [ 181.399539][ T5728] ? preempt_schedule_thunk+0x1a/0x20 [ 181.404952][ T5728] ? mem_cgroup_oom_trylock+0x210/0x210 [ 181.410546][ T5728] ? cgroup_file_notify+0x127/0x190 [ 181.415790][ T5728] memory_max_write+0x355/0x470 [ 181.420669][ T5728] ? memory_max_show+0xa0/0xa0 [ 181.425464][ T5728] ? read_lock_is_recursive+0x20/0x20 [ 181.430877][ T5728] ? memory_max_show+0xa0/0xa0 [ 181.435657][ T5728] cgroup_file_write+0x2b1/0x780 [ 181.440633][ T5728] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.445754][ T5728] ? __virt_addr_valid+0x22f/0x2e0 [ 181.450912][ T5728] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.456035][ T5728] kernfs_fop_write_iter+0x3a6/0x4f0 [ 181.461358][ T5728] vfs_write+0x7b2/0xbb0 [ 181.465641][ T5728] ? file_end_write+0x240/0x240 [ 181.470507][ T5728] ? do_raw_spin_unlock+0x13b/0x8b0 [ 181.475726][ T5728] ? lockdep_hardirqs_on+0x98/0x140 [ 181.480960][ T5728] ? __fdget_pos+0x265/0x2f0 [ 181.485598][ T5728] ksys_write+0x1a0/0x2c0 [ 181.489980][ T5728] ? __ia32_sys_read+0x90/0x90 [ 181.494791][ T5728] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 181.500840][ T5728] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 181.506882][ T5728] do_syscall_64+0x41/0xc0 [ 181.511359][ T5728] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 181.517307][ T5728] RIP: 0033:0x7fd49ce20129 [ 181.521768][ T5728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.541422][ T5728] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.549887][ T5728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 181.557908][ T5728] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 181.565901][ T5728] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./37/cgroup.net") = 0 [pid 5070] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 181.573908][ T5728] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 181.581915][ T5728] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002d [ 181.589945][ T5728] [ 181.602931][ T5728] memory: usage 8kB, limit 0kB, failcnt 55 [ 181.608835][ T5728] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 181.615712][ T5728] Memory cgroup stats for /syz1: [ 181.615922][ T5728] anon 0 [ 181.615922][ T5728] file 0 [ 181.615922][ T5728] kernel 8192 [pid 5070] rmdir("./37/file0") = 0 [pid 5070] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./37/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./37") = 0 [pid 5070] mkdir("./38", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 40 ./strace-static-x86_64: Process 5732 attached [pid 5732] chdir("./38") = 0 [pid 5732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5732] setpgid(0, 0) = 0 [pid 5732] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 181.615922][ T5728] kernel_stack 0 [ 181.615922][ T5728] pagetables 0 [ 181.615922][ T5728] sec_pagetables 0 [ 181.615922][ T5728] percpu 0 [ 181.615922][ T5728] sock 0 [ 181.615922][ T5728] vmalloc 0 [ 181.615922][ T5728] shmem 0 [ 181.615922][ T5728] zswap 0 [ 181.615922][ T5728] zswapped 0 [ 181.615922][ T5728] file_mapped 0 [ 181.615922][ T5728] file_dirty 0 [ 181.615922][ T5728] file_writeback 0 [ 181.615922][ T5728] swapcached 0 [ 181.615922][ T5728] anon_thp 0 [ 181.615922][ T5728] file_thp 0 [ 181.615922][ T5728] shmem_thp 0 [pid 5732] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5732] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5732] write(3, "1000", 4) = 4 [pid 5732] close(3) = 0 [pid 5732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5732] mkdir("./file0", 000) = 0 [pid 5732] open("./file0", O_RDONLY) = 3 [pid 5732] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5732] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5732] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5732] openat(5, "memory.max", O_RDWR) = 6 [ 181.615922][ T5728] inactive_anon 0 [ 181.615922][ T5728] active_anon 0 [ 181.615922][ T5728] inactive_file 0 [ 181.615922][ T5728] active_file 0 [ 181.615922][ T5728] unevictable 0 [ 181.615922][ T5728] slab_reclaimable 6752 [ 181.615922][ T5728] slab_unreclaimable 0 [ 181.615922][ T5728] slab 6752 [ 181.615922][ T5728] workingset_refault_anon 0 [ 181.721903][ T5728] Tasks state (memory values in pages): [pid 5732] write(6, "0x000000000000040e", 18 [pid 5728] <... write resumed>) = 18 [pid 5728] close(3) = 0 [pid 5728] close(4) = 0 [pid 5728] close(5) = 0 [pid 5728] close(6) = 0 [pid 5728] close(7) = -1 EBADF (Bad file descriptor) [pid 5728] close(8) = -1 EBADF (Bad file descriptor) [pid 5728] close(9) = -1 EBADF (Bad file descriptor) [pid 5728] close(10) = -1 EBADF (Bad file descriptor) [pid 5728] close(11) = -1 EBADF (Bad file descriptor) [pid 5728] close(12) = -1 EBADF (Bad file descriptor) [pid 5728] close(13) = -1 EBADF (Bad file descriptor) [pid 5728] close(14) = -1 EBADF (Bad file descriptor) [pid 5728] close(15) = -1 EBADF (Bad file descriptor) [pid 5728] close(16) = -1 EBADF (Bad file descriptor) [pid 5728] close(17) = -1 EBADF (Bad file descriptor) [pid 5728] close(18) = -1 EBADF (Bad file descriptor) [pid 5728] close(19) = -1 EBADF (Bad file descriptor) [pid 5728] close(20) = -1 EBADF (Bad file descriptor) [pid 5728] close(21) = -1 EBADF (Bad file descriptor) [pid 5728] close(22) = -1 EBADF (Bad file descriptor) [pid 5728] close(23) = -1 EBADF (Bad file descriptor) [pid 5728] close(24) = -1 EBADF (Bad file descriptor) [pid 5728] close(25) = -1 EBADF (Bad file descriptor) [pid 5728] close(26) = -1 EBADF (Bad file descriptor) [pid 5728] close(27) = -1 EBADF (Bad file descriptor) [pid 5728] close(28) = -1 EBADF (Bad file descriptor) [pid 5728] close(29) = -1 EBADF (Bad file descriptor) [pid 5728] exit_group(0) = ? [pid 5728] +++ exited with 0 +++ [ 181.728096][ T5728] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 181.737800][ T5728] Out of memory and no killable processes... [ 181.743872][ T5729] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 181.755454][ T5729] CPU: 1 PID: 5729 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 181.765934][ T5729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 181.776037][ T5729] Call Trace: [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./45/binderfs") = 0 [pid 5074] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./45/cgroup") = 0 [pid 5074] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./45/cgroup.net") = 0 [ 181.779357][ T5729] [ 181.782329][ T5729] dump_stack_lvl+0x1e7/0x2d0 [ 181.787063][ T5729] ? nf_tcp_handle_invalid+0x640/0x640 [ 181.792565][ T5729] ? panic+0x770/0x770 [ 181.796696][ T5729] dump_header+0xdc/0x940 [ 181.801090][ T5729] out_of_memory+0xf21/0x12c0 [ 181.805838][ T5729] ? mutex_lock_io_nested+0x60/0x60 [ 181.811118][ T5729] ? preempt_schedule+0xdd/0xf0 [ 181.816044][ T5729] ? unregister_oom_notifier+0x20/0x20 [ 181.821564][ T5729] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 181.827625][ T5729] mem_cgroup_out_of_memory+0x263/0x3b0 [ 181.833234][ T5729] ? preempt_schedule_thunk+0x1a/0x20 [ 181.838666][ T5729] ? mem_cgroup_oom_trylock+0x210/0x210 [ 181.844281][ T5729] ? cgroup_file_notify+0x127/0x190 [ 181.849526][ T5729] memory_max_write+0x355/0x470 [ 181.854408][ T5729] ? memory_max_show+0xa0/0xa0 [ 181.859216][ T5729] ? read_lock_is_recursive+0x20/0x20 [ 181.864634][ T5729] ? memory_max_show+0xa0/0xa0 [ 181.869430][ T5729] cgroup_file_write+0x2b1/0x780 [ 181.874405][ T5729] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.879547][ T5729] ? __virt_addr_valid+0x22f/0x2e0 [ 181.884701][ T5729] ? cgroup_seqfile_stop+0xd0/0xd0 [ 181.889834][ T5729] kernfs_fop_write_iter+0x3a6/0x4f0 [ 181.895274][ T5729] vfs_write+0x7b2/0xbb0 [ 181.899643][ T5729] ? file_end_write+0x240/0x240 [ 181.904520][ T5729] ? do_raw_spin_unlock+0x13b/0x8b0 [ 181.909739][ T5729] ? lockdep_hardirqs_on+0x98/0x140 [ 181.914975][ T5729] ? __fdget_pos+0x265/0x2f0 [ 181.919584][ T5729] ksys_write+0x1a0/0x2c0 [ 181.923935][ T5729] ? __ia32_sys_read+0x90/0x90 [ 181.928714][ T5729] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 181.934737][ T5729] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 181.940745][ T5729] do_syscall_64+0x41/0xc0 [ 181.945184][ T5729] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 181.951100][ T5729] RIP: 0033:0x7fd49ce20129 [ 181.955528][ T5729] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 181.975234][ T5729] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.983666][ T5729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 181.991652][ T5729] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 181.999631][ T5729] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 182.007610][ T5729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 182.015590][ T5729] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000029 [ 182.023627][ T5729] [pid 5074] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./45/file0") = 0 [pid 5074] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./45/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./45") = 0 [pid 5074] mkdir("./46", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5733 attached [pid 5733] chdir("./46" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 48 [pid 5733] <... chdir resumed>) = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5733] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5733] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] mkdir("./file0", 000) = 0 [pid 5733] open("./file0", O_RDONLY) = 3 [pid 5733] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5733] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5733] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5733] openat(5, "memory.max", O_RDWR) = 6 [ 182.037836][ T5729] memory: usage 8kB, limit 0kB, failcnt 55 [ 182.052321][ T5729] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 182.068721][ T5729] Memory cgroup stats for /syz1: [ 182.068947][ T5729] anon 0 [ 182.068947][ T5729] file 0 [ 182.068947][ T5729] kernel 8192 [ 182.068947][ T5729] kernel_stack 0 [ 182.068947][ T5729] pagetables 0 [ 182.068947][ T5729] sec_pagetables 0 [ 182.068947][ T5729] percpu 0 [ 182.068947][ T5729] sock 0 [ 182.068947][ T5729] vmalloc 0 [ 182.068947][ T5729] shmem 0 [ 182.068947][ T5729] zswap 0 [ 182.068947][ T5729] zswapped 0 [ 182.068947][ T5729] file_mapped 0 [ 182.068947][ T5729] file_dirty 0 [ 182.068947][ T5729] file_writeback 0 [ 182.068947][ T5729] swapcached 0 [ 182.068947][ T5729] anon_thp 0 [ 182.068947][ T5729] file_thp 0 [ 182.068947][ T5729] shmem_thp 0 [ 182.068947][ T5729] inactive_anon 0 [ 182.068947][ T5729] active_anon 0 [ 182.068947][ T5729] inactive_file 0 [ 182.068947][ T5729] active_file 0 [ 182.068947][ T5729] unevictable 0 [ 182.068947][ T5729] slab_reclaimable 6752 [ 182.068947][ T5729] slab_unreclaimable 0 [ 182.068947][ T5729] slab 6752 [ 182.068947][ T5729] workingset_refault_anon 0 [ 182.173403][ T5729] Tasks state (memory values in pages): [ 182.179376][ T5729] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5733] write(6, "0x000000000000040e", 18 [pid 5729] <... write resumed>) = 18 [pid 5729] close(3) = 0 [pid 5729] close(4) = 0 [pid 5729] close(5) = 0 [pid 5729] close(6) = 0 [pid 5729] close(7) = -1 EBADF (Bad file descriptor) [pid 5729] close(8) = -1 EBADF (Bad file descriptor) [pid 5729] close(9) = -1 EBADF (Bad file descriptor) [pid 5729] close(10) = -1 EBADF (Bad file descriptor) [pid 5729] close(11) = -1 EBADF (Bad file descriptor) [pid 5729] close(12) = -1 EBADF (Bad file descriptor) [pid 5729] close(13) = -1 EBADF (Bad file descriptor) [pid 5729] close(14) = -1 EBADF (Bad file descriptor) [pid 5729] close(15) = -1 EBADF (Bad file descriptor) [pid 5729] close(16) = -1 EBADF (Bad file descriptor) [pid 5729] close(17) = -1 EBADF (Bad file descriptor) [pid 5729] close(18) = -1 EBADF (Bad file descriptor) [pid 5729] close(19) = -1 EBADF (Bad file descriptor) [pid 5729] close(20) = -1 EBADF (Bad file descriptor) [pid 5729] close(21) = -1 EBADF (Bad file descriptor) [pid 5729] close(22) = -1 EBADF (Bad file descriptor) [pid 5729] close(23) = -1 EBADF (Bad file descriptor) [pid 5729] close(24) = -1 EBADF (Bad file descriptor) [pid 5729] close(25) = -1 EBADF (Bad file descriptor) [pid 5729] close(26) = -1 EBADF (Bad file descriptor) [pid 5729] close(27) = -1 EBADF (Bad file descriptor) [pid 5729] close(28) = -1 EBADF (Bad file descriptor) [pid 5729] close(29) = -1 EBADF (Bad file descriptor) [pid 5729] exit_group(0) = ? [pid 5729] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5073] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 182.189491][ T5729] Out of memory and no killable processes... [ 182.195641][ T5730] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 182.207324][ T5730] CPU: 1 PID: 5730 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 182.217806][ T5730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 182.227918][ T5730] Call Trace: [ 182.231249][ T5730] [ 182.234230][ T5730] dump_stack_lvl+0x1e7/0x2d0 [pid 5073] unlink("./41/binderfs") = 0 [pid 5073] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./41/cgroup") = 0 [pid 5073] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./41/cgroup.net") = 0 [ 182.238977][ T5730] ? nf_tcp_handle_invalid+0x640/0x640 [ 182.244497][ T5730] ? panic+0x770/0x770 [ 182.248646][ T5730] dump_header+0xdc/0x940 [ 182.253046][ T5730] out_of_memory+0xf21/0x12c0 [ 182.257772][ T5730] ? mutex_lock_io_nested+0x60/0x60 [ 182.263023][ T5730] ? preempt_schedule+0xdd/0xf0 [ 182.267932][ T5730] ? unregister_oom_notifier+0x20/0x20 [ 182.273441][ T5730] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 182.279489][ T5730] mem_cgroup_out_of_memory+0x263/0x3b0 [ 182.285058][ T5730] ? preempt_schedule_thunk+0x1a/0x20 [ 182.290451][ T5730] ? mem_cgroup_oom_trylock+0x210/0x210 [ 182.296031][ T5730] ? cgroup_file_notify+0x127/0x190 [ 182.301254][ T5730] memory_max_write+0x355/0x470 [ 182.306128][ T5730] ? memory_max_show+0xa0/0xa0 [ 182.310911][ T5730] ? read_lock_is_recursive+0x20/0x20 [ 182.316304][ T5730] ? memory_max_show+0xa0/0xa0 [ 182.321087][ T5730] cgroup_file_write+0x2b1/0x780 [ 182.326046][ T5730] ? cgroup_seqfile_stop+0xd0/0xd0 [ 182.331170][ T5730] ? __virt_addr_valid+0x22f/0x2e0 [ 182.336311][ T5730] ? cgroup_seqfile_stop+0xd0/0xd0 [ 182.341435][ T5730] kernfs_fop_write_iter+0x3a6/0x4f0 [ 182.346746][ T5730] vfs_write+0x7b2/0xbb0 [ 182.351012][ T5730] ? file_end_write+0x240/0x240 [ 182.355886][ T5730] ? do_raw_spin_unlock+0x13b/0x8b0 [ 182.361103][ T5730] ? lockdep_hardirqs_on+0x98/0x140 [ 182.366331][ T5730] ? __fdget_pos+0x265/0x2f0 [ 182.370940][ T5730] ksys_write+0x1a0/0x2c0 [ 182.375290][ T5730] ? __ia32_sys_read+0x90/0x90 [ 182.380073][ T5730] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 182.386077][ T5730] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 182.392085][ T5730] do_syscall_64+0x41/0xc0 [ 182.396541][ T5730] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 182.402557][ T5730] RIP: 0033:0x7fd49ce20129 [ 182.406986][ T5730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.426607][ T5730] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 182.435035][ T5730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 182.443033][ T5730] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 182.451015][ T5730] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 182.458998][ T5730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 182.466978][ T5730] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000026 [ 182.474978][ T5730] [pid 5073] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./41/file0") = 0 [pid 5073] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./41/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./41") = 0 [pid 5073] mkdir("./42", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 44 [ 182.487764][ T5730] memory: usage 8kB, limit 0kB, failcnt 55 [ 182.494316][ T5730] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 182.502138][ T5730] Memory cgroup stats for /syz1: [ 182.502728][ T5730] anon 0 [ 182.502728][ T5730] file 0 [ 182.502728][ T5730] kernel 8192 [ 182.502728][ T5730] kernel_stack 0 [ 182.502728][ T5730] pagetables 0 [ 182.502728][ T5730] sec_pagetables 0 [ 182.502728][ T5730] percpu 0 [ 182.502728][ T5730] sock 0 [ 182.502728][ T5730] vmalloc 0 [ 182.502728][ T5730] shmem 0 [ 182.502728][ T5730] zswap 0 ./strace-static-x86_64: Process 5734 attached [pid 5734] chdir("./42") = 0 [pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5734] setpgid(0, 0) = 0 [pid 5734] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5734] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5734] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 182.502728][ T5730] zswapped 0 [ 182.502728][ T5730] file_mapped 0 [ 182.502728][ T5730] file_dirty 0 [ 182.502728][ T5730] file_writeback 0 [ 182.502728][ T5730] swapcached 0 [ 182.502728][ T5730] anon_thp 0 [ 182.502728][ T5730] file_thp 0 [ 182.502728][ T5730] shmem_thp 0 [ 182.502728][ T5730] inactive_anon 0 [ 182.502728][ T5730] active_anon 0 [ 182.502728][ T5730] inactive_file 0 [ 182.502728][ T5730] active_file 0 [ 182.502728][ T5730] unevictable 0 [ 182.502728][ T5730] slab_reclaimable 6752 [ 182.502728][ T5730] slab_unreclaimable 0 [pid 5734] write(3, "1000", 4) = 4 [pid 5734] close(3) = 0 [pid 5734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5734] mkdir("./file0", 000) = 0 [pid 5734] open("./file0", O_RDONLY) = 3 [pid 5734] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5734] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5734] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5734] openat(5, "memory.max", O_RDWR) = 6 [ 182.502728][ T5730] slab 6752 [ 182.502728][ T5730] workingset_refault_anon 0 [ 182.620620][ T5730] Tasks state (memory values in pages): [pid 5734] write(6, "0x000000000000040e", 18 [pid 5730] <... write resumed>) = 18 [pid 5730] close(3) = 0 [pid 5730] close(4) = 0 [pid 5730] close(5) = 0 [pid 5730] close(6) = 0 [pid 5730] close(7) = -1 EBADF (Bad file descriptor) [pid 5730] close(8) = -1 EBADF (Bad file descriptor) [pid 5730] close(9) = -1 EBADF (Bad file descriptor) [pid 5730] close(10) = -1 EBADF (Bad file descriptor) [pid 5730] close(11) = -1 EBADF (Bad file descriptor) [pid 5730] close(12) = -1 EBADF (Bad file descriptor) [pid 5730] close(13) = -1 EBADF (Bad file descriptor) [pid 5730] close(14) = -1 EBADF (Bad file descriptor) [pid 5730] close(15) = -1 EBADF (Bad file descriptor) [pid 5730] close(16) = -1 EBADF (Bad file descriptor) [pid 5730] close(17) = -1 EBADF (Bad file descriptor) [pid 5730] close(18) = -1 EBADF (Bad file descriptor) [pid 5730] close(19) = -1 EBADF (Bad file descriptor) [pid 5730] close(20) = -1 EBADF (Bad file descriptor) [pid 5730] close(21) = -1 EBADF (Bad file descriptor) [pid 5730] close(22) = -1 EBADF (Bad file descriptor) [pid 5730] close(23) = -1 EBADF (Bad file descriptor) [pid 5730] close(24) = -1 EBADF (Bad file descriptor) [pid 5730] close(25) = -1 EBADF (Bad file descriptor) [pid 5730] close(26) = -1 EBADF (Bad file descriptor) [pid 5730] close(27) = -1 EBADF (Bad file descriptor) [pid 5730] close(28) = -1 EBADF (Bad file descriptor) [pid 5730] close(29) = -1 EBADF (Bad file descriptor) [pid 5730] exit_group(0) = ? [pid 5730] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 182.632490][ T5730] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 182.643541][ T5730] Out of memory and no killable processes... [ 182.653897][ T5731] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 182.665112][ T5731] CPU: 0 PID: 5731 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 182.675600][ T5731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 182.685696][ T5731] Call Trace: [ 182.689008][ T5731] [pid 5072] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./38/binderfs") = 0 [pid 5072] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./38/cgroup") = 0 [pid 5072] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 182.691974][ T5731] dump_stack_lvl+0x1e7/0x2d0 [ 182.696713][ T5731] ? nf_tcp_handle_invalid+0x640/0x640 [ 182.702225][ T5731] ? panic+0x770/0x770 [ 182.706369][ T5731] dump_header+0xdc/0x940 [ 182.710762][ T5731] out_of_memory+0xf21/0x12c0 [ 182.715498][ T5731] ? mutex_lock_io_nested+0x60/0x60 [ 182.720779][ T5731] ? preempt_schedule+0xdd/0xf0 [ 182.725691][ T5731] ? unregister_oom_notifier+0x20/0x20 [ 182.731179][ T5731] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 182.737191][ T5731] mem_cgroup_out_of_memory+0x263/0x3b0 [ 182.742761][ T5731] ? preempt_schedule_thunk+0x1a/0x20 [ 182.748176][ T5731] ? mem_cgroup_oom_trylock+0x210/0x210 [ 182.753754][ T5731] ? cgroup_file_notify+0x127/0x190 [ 182.758973][ T5731] memory_max_write+0x355/0x470 [ 182.763872][ T5731] ? memory_max_show+0xa0/0xa0 [ 182.768654][ T5731] ? read_lock_is_recursive+0x20/0x20 [ 182.774055][ T5731] ? memory_max_show+0xa0/0xa0 [ 182.778847][ T5731] cgroup_file_write+0x2b1/0x780 [ 182.783839][ T5731] ? cgroup_seqfile_stop+0xd0/0xd0 [ 182.788964][ T5731] ? __virt_addr_valid+0x22f/0x2e0 [ 182.794101][ T5731] ? cgroup_seqfile_stop+0xd0/0xd0 [ 182.799225][ T5731] kernfs_fop_write_iter+0x3a6/0x4f0 [ 182.804535][ T5731] vfs_write+0x7b2/0xbb0 [ 182.808797][ T5731] ? file_end_write+0x240/0x240 [ 182.813663][ T5731] ? do_raw_spin_unlock+0x13b/0x8b0 [ 182.818876][ T5731] ? lockdep_hardirqs_on+0x98/0x140 [ 182.824117][ T5731] ? __fdget_pos+0x265/0x2f0 [ 182.828772][ T5731] ksys_write+0x1a0/0x2c0 [ 182.833156][ T5731] ? __ia32_sys_read+0x90/0x90 [ 182.837949][ T5731] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 182.843957][ T5731] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 182.849959][ T5731] do_syscall_64+0x41/0xc0 [ 182.854389][ T5731] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 182.860323][ T5731] RIP: 0033:0x7fd49ce20129 [ 182.864777][ T5731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.884405][ T5731] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.892854][ T5731] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 182.900851][ T5731] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 182.908837][ T5731] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 182.916819][ T5731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 182.924804][ T5731] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002c [ 182.932805][ T5731] [pid 5072] unlink("./38/cgroup.net") = 0 [ 182.938866][ T5731] memory: usage 8kB, limit 0kB, failcnt 55 [ 182.944734][ T5731] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 182.952337][ T5731] Memory cgroup stats for /syz1: [ 182.952551][ T5731] anon 0 [ 182.952551][ T5731] file 0 [ 182.952551][ T5731] kernel 8192 [ 182.952551][ T5731] kernel_stack 0 [ 182.952551][ T5731] pagetables 0 [ 182.952551][ T5731] sec_pagetables 0 [ 182.952551][ T5731] percpu 0 [ 182.952551][ T5731] sock 0 [ 182.952551][ T5731] vmalloc 0 [ 182.952551][ T5731] shmem 0 [ 182.952551][ T5731] zswap 0 [ 182.952551][ T5731] zswapped 0 [ 182.952551][ T5731] file_mapped 0 [ 182.952551][ T5731] file_dirty 0 [ 182.952551][ T5731] file_writeback 0 [ 182.952551][ T5731] swapcached 0 [ 182.952551][ T5731] anon_thp 0 [ 182.952551][ T5731] file_thp 0 [ 182.952551][ T5731] shmem_thp 0 [ 182.952551][ T5731] inactive_anon 0 [ 182.952551][ T5731] active_anon 0 [ 182.952551][ T5731] inactive_file 0 [ 182.952551][ T5731] active_file 0 [ 182.952551][ T5731] unevictable 0 [ 182.952551][ T5731] slab_reclaimable 6752 [ 182.952551][ T5731] slab_unreclaimable 0 [ 182.952551][ T5731] slab 6752 [pid 5072] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./38/file0") = 0 [pid 5072] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./38/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./38") = 0 [pid 5072] mkdir("./39", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5735 attached [pid 5735] chdir("./39" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 41 [pid 5735] <... chdir resumed>) = 0 [pid 5735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5735] setpgid(0, 0) = 0 [pid 5735] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5735] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5735] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5735] write(3, "1000", 4) = 4 [pid 5735] close(3) = 0 [pid 5735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5735] mkdir("./file0", 000) = 0 [pid 5735] open("./file0", O_RDONLY) = 3 [pid 5735] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5735] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5735] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5735] openat(5, "memory.max", O_RDWR) = 6 [ 182.952551][ T5731] workingset_refault_anon 0 [ 183.059667][ T5731] Tasks state (memory values in pages): [ 183.065281][ T5731] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5735] write(6, "0x000000000000040e", 18 [pid 5731] <... write resumed>) = 18 [pid 5731] close(3) = 0 [pid 5731] close(4) = 0 [pid 5731] close(5) = 0 [pid 5731] close(6) = 0 [pid 5731] close(7) = -1 EBADF (Bad file descriptor) [pid 5731] close(8) = -1 EBADF (Bad file descriptor) [pid 5731] close(9) = -1 EBADF (Bad file descriptor) [pid 5731] close(10) = -1 EBADF (Bad file descriptor) [pid 5731] close(11) = -1 EBADF (Bad file descriptor) [pid 5731] close(12) = -1 EBADF (Bad file descriptor) [pid 5731] close(13) = -1 EBADF (Bad file descriptor) [pid 5731] close(14) = -1 EBADF (Bad file descriptor) [pid 5731] close(15) = -1 EBADF (Bad file descriptor) [pid 5731] close(16) = -1 EBADF (Bad file descriptor) [pid 5731] close(17) = -1 EBADF (Bad file descriptor) [pid 5731] close(18) = -1 EBADF (Bad file descriptor) [pid 5731] close(19) = -1 EBADF (Bad file descriptor) [pid 5731] close(20) = -1 EBADF (Bad file descriptor) [pid 5731] close(21) = -1 EBADF (Bad file descriptor) [pid 5731] close(22) = -1 EBADF (Bad file descriptor) [pid 5731] close(23) = -1 EBADF (Bad file descriptor) [pid 5731] close(24) = -1 EBADF (Bad file descriptor) [pid 5731] close(25) = -1 EBADF (Bad file descriptor) [pid 5731] close(26) = -1 EBADF (Bad file descriptor) [pid 5731] close(27) = -1 EBADF (Bad file descriptor) [pid 5731] close(28) = -1 EBADF (Bad file descriptor) [pid 5731] close(29) = -1 EBADF (Bad file descriptor) [pid 5731] exit_group(0) = ? [pid 5731] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./44/binderfs") = 0 [ 183.105004][ T5731] Out of memory and no killable processes... [ 183.112938][ T5732] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 183.140405][ T5732] CPU: 1 PID: 5732 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5075] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./44/cgroup") = 0 [pid 5075] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 183.150903][ T5732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 183.161000][ T5732] Call Trace: [ 183.164330][ T5732] [ 183.167302][ T5732] dump_stack_lvl+0x1e7/0x2d0 [ 183.172023][ T5732] ? nf_tcp_handle_invalid+0x640/0x640 [ 183.177500][ T5732] ? panic+0x770/0x770 [ 183.181599][ T5732] dump_header+0xdc/0x940 [ 183.185947][ T5732] out_of_memory+0xf21/0x12c0 [ 183.190653][ T5732] ? mutex_lock_io_nested+0x60/0x60 [ 183.195879][ T5732] ? preempt_schedule+0xdd/0xf0 [ 183.200747][ T5732] ? unregister_oom_notifier+0x20/0x20 [ 183.206219][ T5732] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 183.212246][ T5732] mem_cgroup_out_of_memory+0x263/0x3b0 [ 183.217812][ T5732] ? preempt_schedule_thunk+0x1a/0x20 [ 183.223201][ T5732] ? mem_cgroup_oom_trylock+0x210/0x210 [ 183.228776][ T5732] ? cgroup_file_notify+0x127/0x190 [ 183.233993][ T5732] memory_max_write+0x355/0x470 [ 183.238869][ T5732] ? memory_max_show+0xa0/0xa0 [ 183.243648][ T5732] ? read_lock_is_recursive+0x20/0x20 [ 183.249040][ T5732] ? memory_max_show+0xa0/0xa0 [ 183.253821][ T5732] cgroup_file_write+0x2b1/0x780 [ 183.258774][ T5732] ? cgroup_seqfile_stop+0xd0/0xd0 [ 183.263909][ T5732] ? __virt_addr_valid+0x22f/0x2e0 [ 183.269050][ T5732] ? cgroup_seqfile_stop+0xd0/0xd0 [ 183.274169][ T5732] kernfs_fop_write_iter+0x3a6/0x4f0 [ 183.279472][ T5732] vfs_write+0x7b2/0xbb0 [ 183.283759][ T5732] ? file_end_write+0x240/0x240 [ 183.288629][ T5732] ? do_raw_spin_unlock+0x13b/0x8b0 [ 183.293846][ T5732] ? lockdep_hardirqs_on+0x98/0x140 [ 183.299103][ T5732] ? __fdget_pos+0x265/0x2f0 [ 183.303711][ T5732] ksys_write+0x1a0/0x2c0 [ 183.308059][ T5732] ? __ia32_sys_read+0x90/0x90 [ 183.312841][ T5732] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 183.318844][ T5732] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 183.324842][ T5732] do_syscall_64+0x41/0xc0 [ 183.329275][ T5732] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.335192][ T5732] RIP: 0033:0x7fd49ce20129 [ 183.339621][ T5732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.359234][ T5732] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.367682][ T5732] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 183.375667][ T5732] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 183.383664][ T5732] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 183.391659][ T5732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] unlink("./44/cgroup.net") = 0 [ 183.399640][ T5732] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000026 [ 183.407653][ T5732] [ 183.413757][ T5732] memory: usage 8kB, limit 0kB, failcnt 55 [ 183.419709][ T5732] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 183.426754][ T5732] Memory cgroup stats for /syz1: [ 183.428288][ T5732] anon 0 [ 183.428288][ T5732] file 0 [ 183.428288][ T5732] kernel 8192 [ 183.428288][ T5732] kernel_stack 0 [ 183.428288][ T5732] pagetables 0 [ 183.428288][ T5732] sec_pagetables 0 [ 183.428288][ T5732] percpu 0 [ 183.428288][ T5732] sock 0 [ 183.428288][ T5732] vmalloc 0 [ 183.428288][ T5732] shmem 0 [ 183.428288][ T5732] zswap 0 [ 183.428288][ T5732] zswapped 0 [ 183.428288][ T5732] file_mapped 0 [ 183.428288][ T5732] file_dirty 0 [ 183.428288][ T5732] file_writeback 0 [ 183.428288][ T5732] swapcached 0 [ 183.428288][ T5732] anon_thp 0 [ 183.428288][ T5732] file_thp 0 [ 183.428288][ T5732] shmem_thp 0 [ 183.428288][ T5732] inactive_anon 0 [ 183.428288][ T5732] active_anon 0 [ 183.428288][ T5732] inactive_file 0 [ 183.428288][ T5732] active_file 0 [pid 5075] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./44/file0") = 0 [pid 5075] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./44/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./44") = 0 [ 183.428288][ T5732] unevictable 0 [ 183.428288][ T5732] slab_reclaimable 6752 [ 183.428288][ T5732] slab_unreclaimable 0 [ 183.428288][ T5732] slab 6752 [ 183.428288][ T5732] workingset_refault_anon 0 [ 183.537314][ T5732] Tasks state (memory values in pages): [ 183.543190][ T5732] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5075] mkdir("./45", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 47 ./strace-static-x86_64: Process 5736 attached [pid 5732] <... write resumed>) = 18 [pid 5732] close(3) = 0 [pid 5732] close(4) = 0 [pid 5732] close(5) = 0 [pid 5732] close(6) = 0 [pid 5732] close(7) = -1 EBADF (Bad file descriptor) [pid 5732] close(8) = -1 EBADF (Bad file descriptor) [pid 5732] close(9) = -1 EBADF (Bad file descriptor) [pid 5732] close(10) = -1 EBADF (Bad file descriptor) [pid 5732] close(11) = -1 EBADF (Bad file descriptor) [pid 5732] close(12) = -1 EBADF (Bad file descriptor) [pid 5736] chdir("./45" [pid 5732] close(13 [pid 5736] <... chdir resumed>) = 0 [pid 5732] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5732] close(14) = -1 EBADF (Bad file descriptor) [pid 5732] close(15) = -1 EBADF (Bad file descriptor) [pid 5732] close(16) = -1 EBADF (Bad file descriptor) [pid 5732] close(17) = -1 EBADF (Bad file descriptor) [pid 5732] close(18) = -1 EBADF (Bad file descriptor) [pid 5732] close(19) = -1 EBADF (Bad file descriptor) [pid 5732] close(20) = -1 EBADF (Bad file descriptor) [pid 5732] close(21) = -1 EBADF (Bad file descriptor) [pid 5732] close(22) = -1 EBADF (Bad file descriptor) [pid 5732] close(23) = -1 EBADF (Bad file descriptor) [pid 5732] close(24) = -1 EBADF (Bad file descriptor) [ 183.559541][ T5732] Out of memory and no killable processes... [ 183.565731][ T5733] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 183.590135][ T5733] CPU: 0 PID: 5733 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5732] close(25) = -1 EBADF (Bad file descriptor) [pid 5732] close(26) = -1 EBADF (Bad file descriptor) [pid 5732] close(27) = -1 EBADF (Bad file descriptor) [pid 5732] close(28) = -1 EBADF (Bad file descriptor) [pid 5732] close(29) = -1 EBADF (Bad file descriptor) [pid 5732] exit_group(0) = ? [pid 5732] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./38/binderfs") = 0 [pid 5070] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./38/cgroup") = 0 [pid 5070] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./38/cgroup.net") = 0 [pid 5070] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5736] <... prctl resumed>) = 0 [ 183.600611][ T5733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 183.610701][ T5733] Call Trace: [ 183.614017][ T5733] [ 183.616991][ T5733] dump_stack_lvl+0x1e7/0x2d0 [ 183.621734][ T5733] ? nf_tcp_handle_invalid+0x640/0x640 [ 183.627248][ T5733] ? panic+0x770/0x770 [ 183.631385][ T5733] dump_header+0xdc/0x940 [ 183.635773][ T5733] out_of_memory+0xf21/0x12c0 [ 183.640531][ T5733] ? mutex_lock_io_nested+0x60/0x60 [ 183.645802][ T5733] ? preempt_schedule+0xdd/0xf0 [ 183.650716][ T5733] ? unregister_oom_notifier+0x20/0x20 [pid 5736] setpgid(0, 0) = 0 [pid 5736] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5736] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5736] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] mkdir("./file0", 000) = 0 [pid 5736] open("./file0", O_RDONLY) = 3 [pid 5736] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5736] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5736] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5736] openat(5, "memory.max", O_RDWR) = 6 [ 183.656232][ T5733] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 183.662283][ T5733] mem_cgroup_out_of_memory+0x263/0x3b0 [ 183.667888][ T5733] ? preempt_schedule_thunk+0x1a/0x20 [ 183.673319][ T5733] ? mem_cgroup_oom_trylock+0x210/0x210 [ 183.678936][ T5733] ? cgroup_file_notify+0x127/0x190 [ 183.684192][ T5733] memory_max_write+0x355/0x470 [ 183.689106][ T5733] ? memory_max_show+0xa0/0xa0 [ 183.693925][ T5733] ? read_lock_is_recursive+0x20/0x20 [ 183.699344][ T5733] ? memory_max_show+0xa0/0xa0 [ 183.704158][ T5733] cgroup_file_write+0x2b1/0x780 [ 183.709147][ T5733] ? cgroup_seqfile_stop+0xd0/0xd0 [ 183.714296][ T5733] ? __virt_addr_valid+0x22f/0x2e0 [ 183.719470][ T5733] ? cgroup_seqfile_stop+0xd0/0xd0 [ 183.724626][ T5733] kernfs_fop_write_iter+0x3a6/0x4f0 [ 183.729968][ T5733] vfs_write+0x7b2/0xbb0 [ 183.734267][ T5733] ? file_end_write+0x240/0x240 [ 183.739172][ T5733] ? do_raw_spin_unlock+0x13b/0x8b0 [ 183.744422][ T5733] ? lockdep_hardirqs_on+0x98/0x140 [ 183.749678][ T5733] ? __fdget_pos+0x265/0x2f0 [ 183.754288][ T5733] ksys_write+0x1a0/0x2c0 [ 183.758652][ T5733] ? __ia32_sys_read+0x90/0x90 [ 183.763458][ T5733] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 183.769492][ T5733] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 183.775518][ T5733] do_syscall_64+0x41/0xc0 [ 183.779970][ T5733] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 183.785894][ T5733] RIP: 0033:0x7fd49ce20129 [ 183.790347][ T5733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.809989][ T5733] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.818436][ T5733] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 183.826438][ T5733] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 183.834450][ T5733] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 183.842457][ T5733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 183.850452][ T5733] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002e [pid 5736] write(6, "0x000000000000040e", 18 [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./38/file0") = 0 [pid 5070] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./38/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./38") = 0 [pid 5070] mkdir("./39", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5737 attached [pid 5737] chdir("./39" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 41 [pid 5737] <... chdir resumed>) = 0 [pid 5737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5737] setpgid(0, 0) = 0 [ 183.858501][ T5733] [ 183.874319][ T5733] memory: usage 8kB, limit 0kB, failcnt 55 [ 183.880270][ T5733] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 183.894425][ T5733] Memory cgroup stats for /syz1: [ 183.894626][ T5733] anon 0 [ 183.894626][ T5733] file 0 [ 183.894626][ T5733] kernel 8192 [pid 5737] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5737] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5737] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5737] write(3, "1000", 4) = 4 [pid 5737] close(3) = 0 [pid 5737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5737] mkdir("./file0", 000) = 0 [pid 5737] open("./file0", O_RDONLY) = 3 [pid 5737] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5737] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5737] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5737] openat(5, "memory.max", O_RDWR) = 6 [ 183.894626][ T5733] kernel_stack 0 [ 183.894626][ T5733] pagetables 0 [ 183.894626][ T5733] sec_pagetables 0 [ 183.894626][ T5733] percpu 0 [ 183.894626][ T5733] sock 0 [ 183.894626][ T5733] vmalloc 0 [ 183.894626][ T5733] shmem 0 [ 183.894626][ T5733] zswap 0 [ 183.894626][ T5733] zswapped 0 [ 183.894626][ T5733] file_mapped 0 [ 183.894626][ T5733] file_dirty 0 [ 183.894626][ T5733] file_writeback 0 [ 183.894626][ T5733] swapcached 0 [ 183.894626][ T5733] anon_thp 0 [ 183.894626][ T5733] file_thp 0 [ 183.894626][ T5733] shmem_thp 0 [ 183.894626][ T5733] inactive_anon 0 [ 183.894626][ T5733] active_anon 0 [ 183.894626][ T5733] inactive_file 0 [ 183.894626][ T5733] active_file 0 [ 183.894626][ T5733] unevictable 0 [ 183.894626][ T5733] slab_reclaimable 6752 [ 183.894626][ T5733] slab_unreclaimable 0 [ 183.894626][ T5733] slab 6752 [ 183.894626][ T5733] workingset_refault_anon 0 [ 184.000445][ T5733] Tasks state (memory values in pages): [pid 5737] write(6, "0x000000000000040e", 18 [pid 5733] <... write resumed>) = 18 [pid 5733] close(3) = 0 [pid 5733] close(4) = 0 [pid 5733] close(5) = 0 [pid 5733] close(6) = 0 [pid 5733] close(7) = -1 EBADF (Bad file descriptor) [pid 5733] close(8) = -1 EBADF (Bad file descriptor) [pid 5733] close(9) = -1 EBADF (Bad file descriptor) [pid 5733] close(10) = -1 EBADF (Bad file descriptor) [ 184.006232][ T5733] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 184.018323][ T5733] Out of memory and no killable processes... [ 184.024707][ T5734] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 184.035496][ T5734] CPU: 0 PID: 5734 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 184.045958][ T5734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 184.056059][ T5734] Call Trace: [pid 5733] close(11) = -1 EBADF (Bad file descriptor) [pid 5733] close(12) = -1 EBADF (Bad file descriptor) [pid 5733] close(13) = -1 EBADF (Bad file descriptor) [pid 5733] close(14) = -1 EBADF (Bad file descriptor) [pid 5733] close(15) = -1 EBADF (Bad file descriptor) [pid 5733] close(16) = -1 EBADF (Bad file descriptor) [pid 5733] close(17) = -1 EBADF (Bad file descriptor) [pid 5733] close(18) = -1 EBADF (Bad file descriptor) [pid 5733] close(19) = -1 EBADF (Bad file descriptor) [pid 5733] close(20) = -1 EBADF (Bad file descriptor) [pid 5733] close(21) = -1 EBADF (Bad file descriptor) [pid 5733] close(22) = -1 EBADF (Bad file descriptor) [pid 5733] close(23) = -1 EBADF (Bad file descriptor) [pid 5733] close(24) = -1 EBADF (Bad file descriptor) [pid 5733] close(25) = -1 EBADF (Bad file descriptor) [pid 5733] close(26) = -1 EBADF (Bad file descriptor) [pid 5733] close(27) = -1 EBADF (Bad file descriptor) [pid 5733] close(28) = -1 EBADF (Bad file descriptor) [pid 5733] close(29) = -1 EBADF (Bad file descriptor) [pid 5733] exit_group(0) = ? [pid 5733] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 184.059375][ T5734] [ 184.062341][ T5734] dump_stack_lvl+0x1e7/0x2d0 [ 184.067077][ T5734] ? nf_tcp_handle_invalid+0x640/0x640 [ 184.072603][ T5734] ? panic+0x770/0x770 [ 184.076736][ T5734] dump_header+0xdc/0x940 [ 184.081122][ T5734] out_of_memory+0xf21/0x12c0 [ 184.085852][ T5734] ? mutex_lock_io_nested+0x60/0x60 [ 184.091108][ T5734] ? preempt_schedule+0xdd/0xf0 [ 184.096015][ T5734] ? unregister_oom_notifier+0x20/0x20 [ 184.101523][ T5734] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./46/binderfs") = 0 [pid 5074] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./46/cgroup") = 0 [pid 5074] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./46/cgroup.net") = 0 [ 184.107585][ T5734] mem_cgroup_out_of_memory+0x263/0x3b0 [ 184.113194][ T5734] ? preempt_schedule_thunk+0x1a/0x20 [ 184.118625][ T5734] ? mem_cgroup_oom_trylock+0x210/0x210 [ 184.124239][ T5734] ? cgroup_file_notify+0x127/0x190 [ 184.129502][ T5734] memory_max_write+0x355/0x470 [ 184.134414][ T5734] ? memory_max_show+0xa0/0xa0 [ 184.139223][ T5734] ? read_lock_is_recursive+0x20/0x20 [ 184.144636][ T5734] ? memory_max_show+0xa0/0xa0 [ 184.149424][ T5734] cgroup_file_write+0x2b1/0x780 [ 184.154401][ T5734] ? cgroup_seqfile_stop+0xd0/0xd0 [ 184.159542][ T5734] ? __virt_addr_valid+0x22f/0x2e0 [ 184.164688][ T5734] ? cgroup_seqfile_stop+0xd0/0xd0 [ 184.169809][ T5734] kernfs_fop_write_iter+0x3a6/0x4f0 [ 184.175123][ T5734] vfs_write+0x7b2/0xbb0 [ 184.179393][ T5734] ? file_end_write+0x240/0x240 [ 184.184268][ T5734] ? do_raw_spin_unlock+0x13b/0x8b0 [ 184.189506][ T5734] ? lockdep_hardirqs_on+0x98/0x140 [ 184.194745][ T5734] ? __fdget_pos+0x265/0x2f0 [ 184.199368][ T5734] ksys_write+0x1a0/0x2c0 [ 184.203737][ T5734] ? __ia32_sys_read+0x90/0x90 [ 184.208551][ T5734] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 184.214586][ T5734] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 184.220609][ T5734] do_syscall_64+0x41/0xc0 [ 184.225056][ T5734] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 184.231107][ T5734] RIP: 0033:0x7fd49ce20129 [ 184.235579][ T5734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 184.255219][ T5734] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.263657][ T5734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 184.271651][ T5734] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 184.279735][ T5734] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 184.287723][ T5734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 184.295708][ T5734] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002a [ 184.303719][ T5734] [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./46/file0") = 0 [pid 5074] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./46/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./46") = 0 [pid 5074] mkdir("./47", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 49 [ 184.325490][ T5734] memory: usage 8kB, limit 0kB, failcnt 55 [ 184.338794][ T5734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 184.345707][ T5734] Memory cgroup stats for /syz1: [ 184.345911][ T5734] anon 0 [ 184.345911][ T5734] file 0 [ 184.345911][ T5734] kernel 8192 [ 184.345911][ T5734] kernel_stack 0 [ 184.345911][ T5734] pagetables 0 [ 184.345911][ T5734] sec_pagetables 0 [ 184.345911][ T5734] percpu 0 [ 184.345911][ T5734] sock 0 [ 184.345911][ T5734] vmalloc 0 [ 184.345911][ T5734] shmem 0 [ 184.345911][ T5734] zswap 0 [ 184.345911][ T5734] zswapped 0 [ 184.345911][ T5734] file_mapped 0 [ 184.345911][ T5734] file_dirty 0 [ 184.345911][ T5734] file_writeback 0 [ 184.345911][ T5734] swapcached 0 [ 184.345911][ T5734] anon_thp 0 [ 184.345911][ T5734] file_thp 0 [ 184.345911][ T5734] shmem_thp 0 [ 184.345911][ T5734] inactive_anon 0 [ 184.345911][ T5734] active_anon 0 [ 184.345911][ T5734] inactive_file 0 [ 184.345911][ T5734] active_file 0 ./strace-static-x86_64: Process 5738 attached [pid 5738] chdir("./47") = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [pid 5738] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5738] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5738] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5738] mkdir("./file0", 000) = 0 [pid 5738] open("./file0", O_RDONLY) = 3 [pid 5738] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5738] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5738] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 184.345911][ T5734] unevictable 0 [ 184.345911][ T5734] slab_reclaimable 6752 [ 184.345911][ T5734] slab_unreclaimable 0 [ 184.345911][ T5734] slab 6752 [ 184.345911][ T5734] workingset_refault_anon 0 [pid 5738] openat(5, "memory.max", O_RDWR) = 6 [pid 5738] write(6, "0x000000000000040e", 18 [pid 5734] <... write resumed>) = 18 [pid 5734] close(3) = 0 [pid 5734] close(4) = 0 [pid 5734] close(5) = 0 [pid 5734] close(6) = 0 [pid 5734] close(7) = -1 EBADF (Bad file descriptor) [pid 5734] close(8) = -1 EBADF (Bad file descriptor) [pid 5734] close(9) = -1 EBADF (Bad file descriptor) [pid 5734] close(10) = -1 EBADF (Bad file descriptor) [pid 5734] close(11) = -1 EBADF (Bad file descriptor) [pid 5734] close(12) = -1 EBADF (Bad file descriptor) [pid 5734] close(13) = -1 EBADF (Bad file descriptor) [pid 5734] close(14) = -1 EBADF (Bad file descriptor) [pid 5734] close(15) = -1 EBADF (Bad file descriptor) [pid 5734] close(16) = -1 EBADF (Bad file descriptor) [pid 5734] close(17) = -1 EBADF (Bad file descriptor) [pid 5734] close(18) = -1 EBADF (Bad file descriptor) [pid 5734] close(19) = -1 EBADF (Bad file descriptor) [pid 5734] close(20) = -1 EBADF (Bad file descriptor) [pid 5734] close(21) = -1 EBADF (Bad file descriptor) [pid 5734] close(22) = -1 EBADF (Bad file descriptor) [pid 5734] close(23) = -1 EBADF (Bad file descriptor) [pid 5734] close(24) = -1 EBADF (Bad file descriptor) [pid 5734] close(25) = -1 EBADF (Bad file descriptor) [pid 5734] close(26) = -1 EBADF (Bad file descriptor) [pid 5734] close(27) = -1 EBADF (Bad file descriptor) [pid 5734] close(28) = -1 EBADF (Bad file descriptor) [pid 5734] close(29) = -1 EBADF (Bad file descriptor) [ 184.483888][ T5734] Tasks state (memory values in pages): [ 184.494173][ T5734] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 184.510861][ T5734] Out of memory and no killable processes... [ 184.518712][ T5735] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5734] exit_group(0) = ? [pid 5734] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 184.530143][ T5735] CPU: 1 PID: 5735 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 184.541219][ T5735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 184.551323][ T5735] Call Trace: [ 184.554638][ T5735] [ 184.557612][ T5735] dump_stack_lvl+0x1e7/0x2d0 [ 184.562348][ T5735] ? nf_tcp_handle_invalid+0x640/0x640 [ 184.567862][ T5735] ? panic+0x770/0x770 [ 184.572004][ T5735] dump_header+0xdc/0x940 [ 184.576387][ T5735] out_of_memory+0xf21/0x12c0 [pid 5073] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./42/binderfs") = 0 [pid 5073] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./42/cgroup") = 0 [pid 5073] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./42/cgroup.net") = 0 [ 184.581114][ T5735] ? mutex_lock_io_nested+0x60/0x60 [ 184.586368][ T5735] ? preempt_schedule+0xdd/0xf0 [ 184.591243][ T5735] ? unregister_oom_notifier+0x20/0x20 [ 184.596737][ T5735] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 184.602759][ T5735] mem_cgroup_out_of_memory+0x263/0x3b0 [ 184.608325][ T5735] ? preempt_schedule_thunk+0x1a/0x20 [ 184.613724][ T5735] ? mem_cgroup_oom_trylock+0x210/0x210 [ 184.619305][ T5735] ? cgroup_file_notify+0x127/0x190 [ 184.624529][ T5735] memory_max_write+0x355/0x470 [ 184.629410][ T5735] ? memory_max_show+0xa0/0xa0 [ 184.634196][ T5735] ? read_lock_is_recursive+0x20/0x20 [ 184.639588][ T5735] ? memory_max_show+0xa0/0xa0 [ 184.644366][ T5735] cgroup_file_write+0x2b1/0x780 [ 184.649410][ T5735] ? cgroup_seqfile_stop+0xd0/0xd0 [ 184.654539][ T5735] ? __virt_addr_valid+0x22f/0x2e0 [ 184.659681][ T5735] ? cgroup_seqfile_stop+0xd0/0xd0 [ 184.664804][ T5735] kernfs_fop_write_iter+0x3a6/0x4f0 [ 184.670113][ T5735] vfs_write+0x7b2/0xbb0 [ 184.674384][ T5735] ? file_end_write+0x240/0x240 [ 184.679260][ T5735] ? do_raw_spin_unlock+0x13b/0x8b0 [ 184.684479][ T5735] ? lockdep_hardirqs_on+0x98/0x140 [ 184.689702][ T5735] ? __fdget_pos+0x265/0x2f0 [ 184.694310][ T5735] ksys_write+0x1a0/0x2c0 [ 184.698664][ T5735] ? __ia32_sys_read+0x90/0x90 [ 184.703449][ T5735] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 184.709457][ T5735] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 184.715475][ T5735] do_syscall_64+0x41/0xc0 [ 184.719914][ T5735] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 184.725829][ T5735] RIP: 0033:0x7fd49ce20129 [ 184.730258][ T5735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 184.749877][ T5735] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.758311][ T5735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 184.766305][ T5735] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 184.774285][ T5735] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 184.782268][ T5735] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 184.790252][ T5735] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000027 [ 184.798256][ T5735] [ 184.804789][ T5735] memory: usage 8kB, limit 0kB, failcnt 55 [ 184.810909][ T5735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 184.818616][ T5735] Memory cgroup stats for /syz1: [ 184.819505][ T5735] anon 0 [ 184.819505][ T5735] file 0 [ 184.819505][ T5735] kernel 8192 [ 184.819505][ T5735] kernel_stack 0 [ 184.819505][ T5735] pagetables 0 [ 184.819505][ T5735] sec_pagetables 0 [ 184.819505][ T5735] percpu 0 [ 184.819505][ T5735] sock 0 [ 184.819505][ T5735] vmalloc 0 [ 184.819505][ T5735] shmem 0 [ 184.819505][ T5735] zswap 0 [ 184.819505][ T5735] zswapped 0 [ 184.819505][ T5735] file_mapped 0 [ 184.819505][ T5735] file_dirty 0 [ 184.819505][ T5735] file_writeback 0 [ 184.819505][ T5735] swapcached 0 [ 184.819505][ T5735] anon_thp 0 [ 184.819505][ T5735] file_thp 0 [ 184.819505][ T5735] shmem_thp 0 [pid 5073] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 184.819505][ T5735] inactive_anon 0 [ 184.819505][ T5735] active_anon 0 [ 184.819505][ T5735] inactive_file 0 [ 184.819505][ T5735] active_file 0 [ 184.819505][ T5735] unevictable 0 [ 184.819505][ T5735] slab_reclaimable 6752 [ 184.819505][ T5735] slab_unreclaimable 0 [ 184.819505][ T5735] slab 6752 [ 184.819505][ T5735] workingset_refault_anon 0 [ 184.920348][ T5735] Tasks state (memory values in pages): [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, [pid 5735] <... write resumed>) = 18 [pid 5073] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./42/file0") = 0 [pid 5073] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./42/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./42") = 0 [pid 5073] mkdir("./43", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5740 attached [pid 5740] chdir("./43" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 45 [pid 5735] close(3) = 0 [pid 5735] close(4) = 0 [pid 5735] close(5 [pid 5740] <... chdir resumed>) = 0 [pid 5735] <... close resumed>) = 0 [pid 5735] close(6) = 0 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5735] close(7) = -1 EBADF (Bad file descriptor) [pid 5740] <... prctl resumed>) = 0 [pid 5735] close(8) = -1 EBADF (Bad file descriptor) [pid 5735] close(9) = -1 EBADF (Bad file descriptor) [pid 5735] close(10) = -1 EBADF (Bad file descriptor) [pid 5740] setpgid(0, 0 [pid 5735] close(11 [pid 5740] <... setpgid resumed>) = 0 [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(12 [pid 5740] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(13 [pid 5740] <... symlink resumed>) = 0 [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(14) = -1 EBADF (Bad file descriptor) [pid 5735] close(15) = -1 EBADF (Bad file descriptor) [pid 5740] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5735] close(16) = -1 EBADF (Bad file descriptor) [pid 5740] <... symlink resumed>) = 0 [pid 5735] close(17) = -1 EBADF (Bad file descriptor) [pid 5735] close(18) = -1 EBADF (Bad file descriptor) [pid 5735] close(19) = -1 EBADF (Bad file descriptor) [pid 5735] close(20) = -1 EBADF (Bad file descriptor) [pid 5735] close(21) = -1 EBADF (Bad file descriptor) [pid 5735] close(22 [pid 5740] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(23) = -1 EBADF (Bad file descriptor) [pid 5735] close(24) = -1 EBADF (Bad file descriptor) [pid 5740] <... symlink resumed>) = 0 [pid 5735] close(25) = -1 EBADF (Bad file descriptor) [pid 5735] close(26) = -1 EBADF (Bad file descriptor) [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5735] close(27 [pid 5740] <... openat resumed>) = 3 [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(28 [pid 5740] write(3, "1000", 4 [pid 5735] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5735] close(29) = -1 EBADF (Bad file descriptor) [pid 5740] <... write resumed>) = 4 [pid 5735] exit_group(0 [pid 5740] close(3 [pid 5735] <... exit_group resumed>) = ? [ 184.927377][ T5735] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 184.937410][ T5735] Out of memory and no killable processes... [ 184.944205][ T5736] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5740] <... close resumed>) = 0 [pid 5735] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./39/binderfs") = 0 [pid 5072] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./39/cgroup") = 0 [pid 5072] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./39/cgroup.net") = 0 [pid 5072] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5740] mkdir("./file0", 000) = 0 [pid 5740] open("./file0", O_RDONLY) = 3 [pid 5740] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5740] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5740] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5740] openat(5, "memory.max", O_RDWR) = 6 [ 184.986853][ T5736] CPU: 1 PID: 5736 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 184.997372][ T5736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 185.007508][ T5736] Call Trace: [ 185.010818][ T5736] [ 185.013782][ T5736] dump_stack_lvl+0x1e7/0x2d0 [ 185.018515][ T5736] ? nf_tcp_handle_invalid+0x640/0x640 [ 185.024032][ T5736] ? panic+0x770/0x770 [ 185.028171][ T5736] dump_header+0xdc/0x940 [ 185.032567][ T5736] out_of_memory+0xf21/0x12c0 [ 185.037307][ T5736] ? mutex_lock_io_nested+0x60/0x60 [ 185.042597][ T5736] ? preempt_schedule+0xdd/0xf0 [ 185.047502][ T5736] ? unregister_oom_notifier+0x20/0x20 [ 185.052996][ T5736] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 185.059028][ T5736] mem_cgroup_out_of_memory+0x263/0x3b0 [ 185.064603][ T5736] ? preempt_schedule_thunk+0x1a/0x20 [ 185.070004][ T5736] ? mem_cgroup_oom_trylock+0x210/0x210 [ 185.075584][ T5736] ? cgroup_file_notify+0x127/0x190 [ 185.080806][ T5736] memory_max_write+0x355/0x470 [ 185.085680][ T5736] ? memory_max_show+0xa0/0xa0 [ 185.090479][ T5736] ? read_lock_is_recursive+0x20/0x20 [ 185.095894][ T5736] ? memory_max_show+0xa0/0xa0 [ 185.100678][ T5736] cgroup_file_write+0x2b1/0x780 [ 185.105650][ T5736] ? cgroup_seqfile_stop+0xd0/0xd0 [ 185.110791][ T5736] ? __virt_addr_valid+0x22f/0x2e0 [ 185.115933][ T5736] ? cgroup_seqfile_stop+0xd0/0xd0 [ 185.121059][ T5736] kernfs_fop_write_iter+0x3a6/0x4f0 [ 185.126367][ T5736] vfs_write+0x7b2/0xbb0 [ 185.130656][ T5736] ? file_end_write+0x240/0x240 [ 185.135530][ T5736] ? do_raw_spin_unlock+0x13b/0x8b0 [ 185.140746][ T5736] ? lockdep_hardirqs_on+0x98/0x140 [ 185.145969][ T5736] ? __fdget_pos+0x265/0x2f0 [ 185.150579][ T5736] ksys_write+0x1a0/0x2c0 [ 185.154927][ T5736] ? __ia32_sys_read+0x90/0x90 [ 185.159718][ T5736] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 185.165726][ T5736] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 185.171729][ T5736] do_syscall_64+0x41/0xc0 [ 185.176168][ T5736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.182086][ T5736] RIP: 0033:0x7fd49ce20129 [ 185.186520][ T5736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.206169][ T5736] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 185.214607][ T5736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 185.222591][ T5736] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5740] write(6, "0x000000000000040e", 18 [pid 5072] <... umount2 resumed>) = 0 [pid 5072] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 185.230606][ T5736] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 185.238594][ T5736] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 185.246591][ T5736] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002d [ 185.254606][ T5736] [ 185.260471][ T5736] memory: usage 8kB, limit 0kB, failcnt 55 [ 185.267194][ T5736] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 185.278596][ T5736] Memory cgroup stats for /syz1: [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./39/file0") = 0 [pid 5072] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./39/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./39") = 0 [pid 5072] mkdir("./40", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 42 ./strace-static-x86_64: Process 5741 attached [pid 5741] chdir("./40") = 0 [pid 5741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5741] setpgid(0, 0) = 0 [pid 5741] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5741] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5741] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5741] write(3, "1000", 4) = 4 [ 185.279919][ T5736] anon 0 [ 185.279919][ T5736] file 0 [ 185.279919][ T5736] kernel 8192 [ 185.279919][ T5736] kernel_stack 0 [ 185.279919][ T5736] pagetables 0 [ 185.279919][ T5736] sec_pagetables 0 [ 185.279919][ T5736] percpu 0 [ 185.279919][ T5736] sock 0 [ 185.279919][ T5736] vmalloc 0 [ 185.279919][ T5736] shmem 0 [ 185.279919][ T5736] zswap 0 [ 185.279919][ T5736] zswapped 0 [ 185.279919][ T5736] file_mapped 0 [ 185.279919][ T5736] file_dirty 0 [ 185.279919][ T5736] file_writeback 0 [ 185.279919][ T5736] swapcached 0 [ 185.279919][ T5736] anon_thp 0 [pid 5741] close(3) = 0 [pid 5741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5741] mkdir("./file0", 000) = 0 [pid 5741] open("./file0", O_RDONLY) = 3 [pid 5741] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5741] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5741] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5741] openat(5, "memory.max", O_RDWR) = 6 [ 185.279919][ T5736] file_thp 0 [ 185.279919][ T5736] shmem_thp 0 [ 185.279919][ T5736] inactive_anon 0 [ 185.279919][ T5736] active_anon 0 [ 185.279919][ T5736] inactive_file 0 [ 185.279919][ T5736] active_file 0 [ 185.279919][ T5736] unevictable 0 [ 185.279919][ T5736] slab_reclaimable 6752 [ 185.279919][ T5736] slab_unreclaimable 0 [ 185.279919][ T5736] slab 6752 [ 185.279919][ T5736] workingset_refault_anon 0 [ 185.379520][ T5736] Tasks state (memory values in pages): [pid 5741] write(6, "0x000000000000040e", 18 [pid 5736] <... write resumed>) = 18 [pid 5736] close(3) = 0 [pid 5736] close(4) = 0 [pid 5736] close(5) = 0 [pid 5736] close(6) = 0 [pid 5736] close(7) = -1 EBADF (Bad file descriptor) [pid 5736] close(8) = -1 EBADF (Bad file descriptor) [pid 5736] close(9) = -1 EBADF (Bad file descriptor) [pid 5736] close(10) = -1 EBADF (Bad file descriptor) [pid 5736] close(11) = -1 EBADF (Bad file descriptor) [pid 5736] close(12) = -1 EBADF (Bad file descriptor) [pid 5736] close(13) = -1 EBADF (Bad file descriptor) [pid 5736] close(14) = -1 EBADF (Bad file descriptor) [pid 5736] close(15) = -1 EBADF (Bad file descriptor) [pid 5736] close(16) = -1 EBADF (Bad file descriptor) [pid 5736] close(17) = -1 EBADF (Bad file descriptor) [pid 5736] close(18) = -1 EBADF (Bad file descriptor) [pid 5736] close(19) = -1 EBADF (Bad file descriptor) [pid 5736] close(20) = -1 EBADF (Bad file descriptor) [pid 5736] close(21) = -1 EBADF (Bad file descriptor) [pid 5736] close(22) = -1 EBADF (Bad file descriptor) [pid 5736] close(23) = -1 EBADF (Bad file descriptor) [pid 5736] close(24) = -1 EBADF (Bad file descriptor) [pid 5736] close(25) = -1 EBADF (Bad file descriptor) [pid 5736] close(26) = -1 EBADF (Bad file descriptor) [pid 5736] close(27) = -1 EBADF (Bad file descriptor) [pid 5736] close(28) = -1 EBADF (Bad file descriptor) [pid 5736] close(29) = -1 EBADF (Bad file descriptor) [pid 5736] exit_group(0) = ? [pid 5736] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 185.385447][ T5736] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 185.400904][ T5736] Out of memory and no killable processes... [ 185.408335][ T5737] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./45/binderfs") = 0 [pid 5075] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./45/cgroup") = 0 [pid 5075] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./45/cgroup.net") = 0 [ 185.434371][ T5737] CPU: 0 PID: 5737 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 185.444863][ T5737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 185.454972][ T5737] Call Trace: [ 185.458302][ T5737] [ 185.461269][ T5737] dump_stack_lvl+0x1e7/0x2d0 [ 185.465982][ T5737] ? nf_tcp_handle_invalid+0x640/0x640 [ 185.471492][ T5737] ? panic+0x770/0x770 [ 185.475628][ T5737] dump_header+0xdc/0x940 [ 185.479991][ T5737] out_of_memory+0xf21/0x12c0 [ 185.484718][ T5737] ? mutex_lock_io_nested+0x60/0x60 [ 185.489980][ T5737] ? mark_lock+0x9a/0x340 [ 185.494339][ T5737] ? unregister_oom_notifier+0x20/0x20 [ 185.499820][ T5737] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 185.505825][ T5737] mem_cgroup_out_of_memory+0x263/0x3b0 [ 185.511390][ T5737] ? mem_cgroup_oom_trylock+0x210/0x210 [ 185.516967][ T5737] ? cgroup_file_notify+0x127/0x190 [ 185.522187][ T5737] memory_max_write+0x355/0x470 [ 185.527075][ T5737] ? memory_max_show+0xa0/0xa0 [ 185.531876][ T5737] ? read_lock_is_recursive+0x20/0x20 [ 185.537272][ T5737] ? memory_max_show+0xa0/0xa0 [ 185.542053][ T5737] cgroup_file_write+0x2b1/0x780 [ 185.547014][ T5737] ? cgroup_seqfile_stop+0xd0/0xd0 [ 185.552142][ T5737] ? __virt_addr_valid+0x22f/0x2e0 [ 185.557285][ T5737] ? cgroup_seqfile_stop+0xd0/0xd0 [ 185.562407][ T5737] kernfs_fop_write_iter+0x3a6/0x4f0 [ 185.567718][ T5737] vfs_write+0x7b2/0xbb0 [ 185.571983][ T5737] ? file_end_write+0x240/0x240 [ 185.576856][ T5737] ? do_raw_spin_unlock+0x13b/0x8b0 [ 185.582075][ T5737] ? lockdep_hardirqs_on+0x98/0x140 [ 185.587302][ T5737] ? __fdget_pos+0x265/0x2f0 [ 185.591913][ T5737] ksys_write+0x1a0/0x2c0 [ 185.596266][ T5737] ? __ia32_sys_read+0x90/0x90 [ 185.601048][ T5737] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 185.607050][ T5737] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 185.613058][ T5737] do_syscall_64+0x41/0xc0 [ 185.617495][ T5737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.623413][ T5737] RIP: 0033:0x7fd49ce20129 [ 185.627838][ T5737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.647455][ T5737] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 185.655883][ T5737] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 185.663864][ T5737] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 185.671870][ T5737] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 185.679861][ T5737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 185.687844][ T5737] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000027 [ 185.695845][ T5737] [ 185.708843][ T5737] memory: usage 8kB, limit 0kB, failcnt 55 [ 185.714725][ T5737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 185.722367][ T5737] Memory cgroup stats for /syz1: [ 185.722671][ T5737] anon 0 [ 185.722671][ T5737] file 0 [ 185.722671][ T5737] kernel 8192 [ 185.722671][ T5737] kernel_stack 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./45/file0") = 0 [pid 5075] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./45/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./45") = 0 [pid 5075] mkdir("./46", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 48 ./strace-static-x86_64: Process 5742 attached [pid 5742] chdir("./46") = 0 [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5742] setpgid(0, 0) = 0 [pid 5742] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5742] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5742] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 185.722671][ T5737] pagetables 0 [ 185.722671][ T5737] sec_pagetables 0 [ 185.722671][ T5737] percpu 0 [ 185.722671][ T5737] sock 0 [ 185.722671][ T5737] vmalloc 0 [ 185.722671][ T5737] shmem 0 [ 185.722671][ T5737] zswap 0 [ 185.722671][ T5737] zswapped 0 [ 185.722671][ T5737] file_mapped 0 [ 185.722671][ T5737] file_dirty 0 [ 185.722671][ T5737] file_writeback 0 [ 185.722671][ T5737] swapcached 0 [ 185.722671][ T5737] anon_thp 0 [ 185.722671][ T5737] file_thp 0 [ 185.722671][ T5737] shmem_thp 0 [ 185.722671][ T5737] inactive_anon 0 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] mkdir("./file0", 000) = 0 [pid 5742] open("./file0", O_RDONLY) = 3 [pid 5742] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5742] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5742] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5742] openat(5, "memory.max", O_RDWR) = 6 [ 185.722671][ T5737] active_anon 0 [ 185.722671][ T5737] inactive_file 0 [ 185.722671][ T5737] active_file 0 [ 185.722671][ T5737] unevictable 0 [ 185.722671][ T5737] slab_reclaimable 6752 [ 185.722671][ T5737] slab_unreclaimable 0 [ 185.722671][ T5737] slab 6752 [ 185.722671][ T5737] workingset_refault_anon 0 [ 185.821838][ T5737] Tasks state (memory values in pages): [ 185.827540][ T5737] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5742] write(6, "0x000000000000040e", 18 [pid 5737] <... write resumed>) = 18 [pid 5737] close(3) = 0 [pid 5737] close(4) = 0 [pid 5737] close(5) = 0 [pid 5737] close(6) = 0 [pid 5737] close(7) = -1 EBADF (Bad file descriptor) [pid 5737] close(8) = -1 EBADF (Bad file descriptor) [pid 5737] close(9) = -1 EBADF (Bad file descriptor) [pid 5737] close(10) = -1 EBADF (Bad file descriptor) [pid 5737] close(11) = -1 EBADF (Bad file descriptor) [pid 5737] close(12) = -1 EBADF (Bad file descriptor) [pid 5737] close(13) = -1 EBADF (Bad file descriptor) [pid 5737] close(14) = -1 EBADF (Bad file descriptor) [pid 5737] close(15) = -1 EBADF (Bad file descriptor) [pid 5737] close(16) = -1 EBADF (Bad file descriptor) [pid 5737] close(17) = -1 EBADF (Bad file descriptor) [pid 5737] close(18) = -1 EBADF (Bad file descriptor) [pid 5737] close(19) = -1 EBADF (Bad file descriptor) [pid 5737] close(20) = -1 EBADF (Bad file descriptor) [pid 5737] close(21) = -1 EBADF (Bad file descriptor) [pid 5737] close(22) = -1 EBADF (Bad file descriptor) [pid 5737] close(23) = -1 EBADF (Bad file descriptor) [pid 5737] close(24) = -1 EBADF (Bad file descriptor) [pid 5737] close(25) = -1 EBADF (Bad file descriptor) [pid 5737] close(26) = -1 EBADF (Bad file descriptor) [pid 5737] close(27) = -1 EBADF (Bad file descriptor) [pid 5737] close(28) = -1 EBADF (Bad file descriptor) [pid 5737] close(29) = -1 EBADF (Bad file descriptor) [pid 5737] exit_group(0) = ? [pid 5737] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./39/binderfs") = 0 [pid 5070] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./39/cgroup") = 0 [pid 5070] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./39/cgroup.net") = 0 [ 185.837231][ T5737] Out of memory and no killable processes... [ 185.843303][ T5738] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 185.874973][ T5738] CPU: 1 PID: 5738 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 185.885481][ T5738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 185.895585][ T5738] Call Trace: [ 185.898978][ T5738] [ 185.901944][ T5738] dump_stack_lvl+0x1e7/0x2d0 [ 185.906661][ T5738] ? nf_tcp_handle_invalid+0x640/0x640 [ 185.912157][ T5738] ? panic+0x770/0x770 [ 185.916290][ T5738] dump_header+0xdc/0x940 [ 185.920662][ T5738] out_of_memory+0xf21/0x12c0 [ 185.925395][ T5738] ? mutex_lock_io_nested+0x60/0x60 [ 185.930649][ T5738] ? mark_lock+0x9a/0x340 [ 185.935005][ T5738] ? unregister_oom_notifier+0x20/0x20 [ 185.940513][ T5738] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 185.946555][ T5738] mem_cgroup_out_of_memory+0x263/0x3b0 [ 185.952163][ T5738] ? mem_cgroup_oom_trylock+0x210/0x210 [ 185.957768][ T5738] ? cgroup_file_notify+0x127/0x190 [ 185.963003][ T5738] memory_max_write+0x355/0x470 [ 185.967886][ T5738] ? memory_max_show+0xa0/0xa0 [ 185.972668][ T5738] ? read_lock_is_recursive+0x20/0x20 [ 185.978064][ T5738] ? memory_max_show+0xa0/0xa0 [ 185.982864][ T5738] cgroup_file_write+0x2b1/0x780 [ 185.987823][ T5738] ? cgroup_seqfile_stop+0xd0/0xd0 [ 185.992947][ T5738] ? __virt_addr_valid+0x22f/0x2e0 [ 185.998092][ T5738] ? cgroup_seqfile_stop+0xd0/0xd0 [ 186.003218][ T5738] kernfs_fop_write_iter+0x3a6/0x4f0 [ 186.008526][ T5738] vfs_write+0x7b2/0xbb0 [ 186.012816][ T5738] ? file_end_write+0x240/0x240 [ 186.017706][ T5738] ? do_raw_spin_unlock+0x13b/0x8b0 [ 186.022943][ T5738] ? lockdep_hardirqs_on+0x98/0x140 [ 186.028201][ T5738] ? __fdget_pos+0x265/0x2f0 [ 186.032840][ T5738] ksys_write+0x1a0/0x2c0 [ 186.037204][ T5738] ? __ia32_sys_read+0x90/0x90 [ 186.041986][ T5738] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 186.048010][ T5738] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 186.054017][ T5738] do_syscall_64+0x41/0xc0 [ 186.058456][ T5738] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 186.064372][ T5738] RIP: 0033:0x7fd49ce20129 [ 186.068801][ T5738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5070] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 186.089387][ T5738] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.097822][ T5738] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 186.105808][ T5738] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 186.113795][ T5738] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 186.121778][ T5738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 186.129780][ T5738] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002f [ 186.137781][ T5738] [pid 5070] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./39/file0") = 0 [ 186.157643][ T5738] memory: usage 8kB, limit 0kB, failcnt 55 [ 186.163739][ T5738] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 186.171602][ T5738] Memory cgroup stats for /syz1: [ 186.172142][ T5738] anon 0 [ 186.172142][ T5738] file 0 [ 186.172142][ T5738] kernel 8192 [ 186.172142][ T5738] kernel_stack 0 [ 186.172142][ T5738] pagetables 0 [ 186.172142][ T5738] sec_pagetables 0 [ 186.172142][ T5738] percpu 0 [ 186.172142][ T5738] sock 0 [ 186.172142][ T5738] vmalloc 0 [ 186.172142][ T5738] shmem 0 [pid 5070] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 186.172142][ T5738] zswap 0 [ 186.172142][ T5738] zswapped 0 [ 186.172142][ T5738] file_mapped 0 [ 186.172142][ T5738] file_dirty 0 [ 186.172142][ T5738] file_writeback 0 [ 186.172142][ T5738] swapcached 0 [ 186.172142][ T5738] anon_thp 0 [ 186.172142][ T5738] file_thp 0 [ 186.172142][ T5738] shmem_thp 0 [ 186.172142][ T5738] inactive_anon 0 [ 186.172142][ T5738] active_anon 0 [ 186.172142][ T5738] inactive_file 0 [ 186.172142][ T5738] active_file 0 [ 186.172142][ T5738] unevictable 0 [ 186.172142][ T5738] slab_reclaimable 6752 [pid 5070] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./39/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./39") = 0 [pid 5070] mkdir("./40", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 42 ./strace-static-x86_64: Process 5743 attached [pid 5743] chdir("./40") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5743] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5743] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] mkdir("./file0", 000) = 0 [pid 5743] open("./file0", O_RDONLY) = 3 [pid 5743] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5743] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5743] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5743] openat(5, "memory.max", O_RDWR) = 6 [ 186.172142][ T5738] slab_unreclaimable 0 [ 186.172142][ T5738] slab 6752 [ 186.172142][ T5738] workingset_refault_anon 0 [ 186.279931][ T5738] Tasks state (memory values in pages): [ 186.286439][ T5738] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 186.299724][ T5738] Out of memory and no killable processes... [pid 5743] write(6, "0x000000000000040e", 18 [pid 5738] <... write resumed>) = 18 [pid 5738] close(3) = 0 [pid 5738] close(4) = 0 [pid 5738] close(5) = 0 [pid 5738] close(6) = 0 [pid 5738] close(7) = -1 EBADF (Bad file descriptor) [pid 5738] close(8) = -1 EBADF (Bad file descriptor) [pid 5738] close(9) = -1 EBADF (Bad file descriptor) [pid 5738] close(10) = -1 EBADF (Bad file descriptor) [pid 5738] close(11) = -1 EBADF (Bad file descriptor) [pid 5738] close(12) = -1 EBADF (Bad file descriptor) [pid 5738] close(13) = -1 EBADF (Bad file descriptor) [pid 5738] close(14) = -1 EBADF (Bad file descriptor) [pid 5738] close(15) = -1 EBADF (Bad file descriptor) [pid 5738] close(16) = -1 EBADF (Bad file descriptor) [pid 5738] close(17) = -1 EBADF (Bad file descriptor) [pid 5738] close(18) = -1 EBADF (Bad file descriptor) [pid 5738] close(19) = -1 EBADF (Bad file descriptor) [pid 5738] close(20) = -1 EBADF (Bad file descriptor) [pid 5738] close(21) = -1 EBADF (Bad file descriptor) [pid 5738] close(22) = -1 EBADF (Bad file descriptor) [pid 5738] close(23) = -1 EBADF (Bad file descriptor) [pid 5738] close(24) = -1 EBADF (Bad file descriptor) [pid 5738] close(25) = -1 EBADF (Bad file descriptor) [pid 5738] close(26) = -1 EBADF (Bad file descriptor) [pid 5738] close(27) = -1 EBADF (Bad file descriptor) [pid 5738] close(28) = -1 EBADF (Bad file descriptor) [pid 5738] close(29) = -1 EBADF (Bad file descriptor) [pid 5738] exit_group(0) = ? [pid 5738] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./47/binderfs") = 0 [pid 5074] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./47/cgroup") = 0 [pid 5074] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./47/cgroup.net") = 0 [ 186.305830][ T5740] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 186.317841][ T5740] CPU: 0 PID: 5740 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 186.328319][ T5740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 186.338423][ T5740] Call Trace: [ 186.341746][ T5740] [ 186.344719][ T5740] dump_stack_lvl+0x1e7/0x2d0 [ 186.349454][ T5740] ? nf_tcp_handle_invalid+0x640/0x640 [ 186.354972][ T5740] ? panic+0x770/0x770 [ 186.359117][ T5740] dump_header+0xdc/0x940 [ 186.363509][ T5740] out_of_memory+0xf21/0x12c0 [ 186.368252][ T5740] ? mutex_lock_io_nested+0x60/0x60 [ 186.373502][ T5740] ? mark_lock+0x9a/0x340 [ 186.377879][ T5740] ? unregister_oom_notifier+0x20/0x20 [ 186.383391][ T5740] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 186.389445][ T5740] mem_cgroup_out_of_memory+0x263/0x3b0 [ 186.395065][ T5740] ? mem_cgroup_oom_trylock+0x210/0x210 [ 186.400691][ T5740] ? cgroup_file_notify+0x127/0x190 [ 186.405960][ T5740] memory_max_write+0x355/0x470 [ 186.410875][ T5740] ? memory_max_show+0xa0/0xa0 [ 186.415693][ T5740] ? read_lock_is_recursive+0x20/0x20 [ 186.421121][ T5740] ? memory_max_show+0xa0/0xa0 [ 186.425926][ T5740] cgroup_file_write+0x2b1/0x780 [ 186.430887][ T5740] ? cgroup_seqfile_stop+0xd0/0xd0 [ 186.436038][ T5740] ? __virt_addr_valid+0x22f/0x2e0 [ 186.441348][ T5740] ? cgroup_seqfile_stop+0xd0/0xd0 [ 186.446631][ T5740] kernfs_fop_write_iter+0x3a6/0x4f0 [ 186.451960][ T5740] vfs_write+0x7b2/0xbb0 [ 186.456240][ T5740] ? file_end_write+0x240/0x240 [ 186.461113][ T5740] ? do_raw_spin_unlock+0x13b/0x8b0 [ 186.466329][ T5740] ? lockdep_hardirqs_on+0x98/0x140 [ 186.471560][ T5740] ? __fdget_pos+0x265/0x2f0 [ 186.476172][ T5740] ksys_write+0x1a0/0x2c0 [ 186.480524][ T5740] ? __ia32_sys_read+0x90/0x90 [ 186.485323][ T5740] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 186.491356][ T5740] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 186.497391][ T5740] do_syscall_64+0x41/0xc0 [ 186.501841][ T5740] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 186.507766][ T5740] RIP: 0033:0x7fd49ce20129 [ 186.512199][ T5740] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.531841][ T5740] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.540300][ T5740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 186.548300][ T5740] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 186.556297][ T5740] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 186.564290][ T5740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 186.572281][ T5740] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002b [ 186.580313][ T5740] [ 186.588207][ T5740] memory: usage 8kB, limit 0kB, failcnt 55 [ 186.594084][ T5740] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 186.602209][ T5740] Memory cgroup stats for /syz1: [pid 5074] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./47/file0") = 0 [pid 5074] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./47/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./47") = 0 [pid 5074] mkdir("./48", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5744 attached [pid 5744] chdir("./48" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 50 [pid 5744] <... chdir resumed>) = 0 [pid 5744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5744] setpgid(0, 0) = 0 [pid 5744] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 186.602425][ T5740] anon 0 [ 186.602425][ T5740] file 0 [ 186.602425][ T5740] kernel 8192 [ 186.602425][ T5740] kernel_stack 0 [ 186.602425][ T5740] pagetables 0 [ 186.602425][ T5740] sec_pagetables 0 [ 186.602425][ T5740] percpu 0 [ 186.602425][ T5740] sock 0 [ 186.602425][ T5740] vmalloc 0 [ 186.602425][ T5740] shmem 0 [ 186.602425][ T5740] zswap 0 [ 186.602425][ T5740] zswapped 0 [ 186.602425][ T5740] file_mapped 0 [ 186.602425][ T5740] file_dirty 0 [ 186.602425][ T5740] file_writeback 0 [ 186.602425][ T5740] swapcached 0 [ 186.602425][ T5740] anon_thp 0 [pid 5744] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5744] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5744] write(3, "1000", 4) = 4 [pid 5744] close(3) = 0 [pid 5744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5744] mkdir("./file0", 000) = 0 [pid 5744] open("./file0", O_RDONLY) = 3 [pid 5744] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5744] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5744] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5744] openat(5, "memory.max", O_RDWR) = 6 [ 186.602425][ T5740] file_thp 0 [ 186.602425][ T5740] shmem_thp 0 [ 186.602425][ T5740] inactive_anon 0 [ 186.602425][ T5740] active_anon 0 [ 186.602425][ T5740] inactive_file 0 [ 186.602425][ T5740] active_file 0 [ 186.602425][ T5740] unevictable 0 [ 186.602425][ T5740] slab_reclaimable 6752 [ 186.602425][ T5740] slab_unreclaimable 0 [ 186.602425][ T5740] slab 6752 [ 186.602425][ T5740] workingset_refault_anon 0 [pid 5744] write(6, "0x000000000000040e", 18 [pid 5740] <... write resumed>) = 18 [pid 5740] close(3) = 0 [pid 5740] close(4) = 0 [pid 5740] close(5) = 0 [pid 5740] close(6) = 0 [pid 5740] close(7) = -1 EBADF (Bad file descriptor) [pid 5740] close(8) = -1 EBADF (Bad file descriptor) [pid 5740] close(9) = -1 EBADF (Bad file descriptor) [pid 5740] close(10) = -1 EBADF (Bad file descriptor) [pid 5740] close(11) = -1 EBADF (Bad file descriptor) [pid 5740] close(12) = -1 EBADF (Bad file descriptor) [pid 5740] close(13) = -1 EBADF (Bad file descriptor) [ 186.710740][ T5740] Tasks state (memory values in pages): [ 186.718641][ T5740] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 186.728637][ T5740] Out of memory and no killable processes... [ 186.734814][ T5741] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5740] close(14) = -1 EBADF (Bad file descriptor) [pid 5740] close(15) = -1 EBADF (Bad file descriptor) [pid 5740] close(16) = -1 EBADF (Bad file descriptor) [pid 5740] close(17) = -1 EBADF (Bad file descriptor) [pid 5740] close(18) = -1 EBADF (Bad file descriptor) [pid 5740] close(19) = -1 EBADF (Bad file descriptor) [pid 5740] close(20) = -1 EBADF (Bad file descriptor) [pid 5740] close(21) = -1 EBADF (Bad file descriptor) [pid 5740] close(22) = -1 EBADF (Bad file descriptor) [pid 5740] close(23) = -1 EBADF (Bad file descriptor) [pid 5740] close(24) = -1 EBADF (Bad file descriptor) [pid 5740] close(25) = -1 EBADF (Bad file descriptor) [pid 5740] close(26) = -1 EBADF (Bad file descriptor) [pid 5740] close(27) = -1 EBADF (Bad file descriptor) [pid 5740] close(28) = -1 EBADF (Bad file descriptor) [pid 5740] close(29) = -1 EBADF (Bad file descriptor) [pid 5740] exit_group(0) = ? [pid 5740] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./43/binderfs") = 0 [ 186.752575][ T5741] CPU: 0 PID: 5741 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 186.763058][ T5741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 186.773166][ T5741] Call Trace: [ 186.776486][ T5741] [ 186.779462][ T5741] dump_stack_lvl+0x1e7/0x2d0 [ 186.784203][ T5741] ? nf_tcp_handle_invalid+0x640/0x640 [ 186.789724][ T5741] ? panic+0x770/0x770 [ 186.793867][ T5741] dump_header+0xdc/0x940 [ 186.798266][ T5741] out_of_memory+0xf21/0x12c0 [ 186.803019][ T5741] ? mutex_lock_io_nested+0x60/0x60 [pid 5073] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./43/cgroup") = 0 [pid 5073] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./43/cgroup.net") = 0 [ 186.808290][ T5741] ? mark_lock+0x9a/0x340 [ 186.812699][ T5741] ? unregister_oom_notifier+0x20/0x20 [ 186.818216][ T5741] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 186.824276][ T5741] mem_cgroup_out_of_memory+0x263/0x3b0 [ 186.829915][ T5741] ? mem_cgroup_oom_trylock+0x210/0x210 [ 186.835528][ T5741] ? cgroup_file_notify+0x127/0x190 [ 186.840764][ T5741] memory_max_write+0x355/0x470 [ 186.845670][ T5741] ? memory_max_show+0xa0/0xa0 [ 186.850465][ T5741] ? read_lock_is_recursive+0x20/0x20 [ 186.855892][ T5741] ? memory_max_show+0xa0/0xa0 [ 186.860690][ T5741] cgroup_file_write+0x2b1/0x780 [ 186.865651][ T5741] ? cgroup_seqfile_stop+0xd0/0xd0 [ 186.870776][ T5741] ? __virt_addr_valid+0x22f/0x2e0 [ 186.875916][ T5741] ? cgroup_seqfile_stop+0xd0/0xd0 [ 186.881038][ T5741] kernfs_fop_write_iter+0x3a6/0x4f0 [ 186.886367][ T5741] vfs_write+0x7b2/0xbb0 [ 186.890652][ T5741] ? file_end_write+0x240/0x240 [ 186.895525][ T5741] ? do_raw_spin_unlock+0x13b/0x8b0 [ 186.900739][ T5741] ? lockdep_hardirqs_on+0x98/0x140 [ 186.905970][ T5741] ? __fdget_pos+0x265/0x2f0 [ 186.910619][ T5741] ksys_write+0x1a0/0x2c0 [ 186.915009][ T5741] ? __ia32_sys_read+0x90/0x90 [ 186.919827][ T5741] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 186.925893][ T5741] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 186.931928][ T5741] do_syscall_64+0x41/0xc0 [ 186.936428][ T5741] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 186.942365][ T5741] RIP: 0033:0x7fd49ce20129 [ 186.946832][ T5741] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.966494][ T5741] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.974962][ T5741] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 186.982977][ T5741] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 186.990978][ T5741] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 186.998970][ T5741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./43/file0") = 0 [pid 5073] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./43/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./43") = 0 [ 187.006984][ T5741] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000028 [ 187.015008][ T5741] [ 187.028534][ T5741] memory: usage 8kB, limit 0kB, failcnt 55 [ 187.034422][ T5741] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.050824][ T5741] Memory cgroup stats for /syz1: [ 187.051036][ T5741] anon 0 [ 187.051036][ T5741] file 0 [pid 5073] mkdir("./44", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5745 attached [pid 5745] chdir("./44" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 46 [pid 5745] <... chdir resumed>) = 0 [pid 5745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5745] setpgid(0, 0) = 0 [pid 5745] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5745] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5745] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5745] write(3, "1000", 4) = 4 [pid 5745] close(3) = 0 [pid 5745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5745] mkdir("./file0", 000) = 0 [pid 5745] open("./file0", O_RDONLY) = 3 [pid 5745] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5745] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5745] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5745] openat(5, "memory.max", O_RDWR) = 6 [ 187.051036][ T5741] kernel 8192 [ 187.051036][ T5741] kernel_stack 0 [ 187.051036][ T5741] pagetables 0 [ 187.051036][ T5741] sec_pagetables 0 [ 187.051036][ T5741] percpu 0 [ 187.051036][ T5741] sock 0 [ 187.051036][ T5741] vmalloc 0 [ 187.051036][ T5741] shmem 0 [ 187.051036][ T5741] zswap 0 [ 187.051036][ T5741] zswapped 0 [ 187.051036][ T5741] file_mapped 0 [ 187.051036][ T5741] file_dirty 0 [ 187.051036][ T5741] file_writeback 0 [ 187.051036][ T5741] swapcached 0 [ 187.051036][ T5741] anon_thp 0 [ 187.051036][ T5741] file_thp 0 [ 187.051036][ T5741] shmem_thp 0 [ 187.051036][ T5741] inactive_anon 0 [ 187.051036][ T5741] active_anon 0 [ 187.051036][ T5741] inactive_file 0 [ 187.051036][ T5741] active_file 0 [ 187.051036][ T5741] unevictable 0 [ 187.051036][ T5741] slab_reclaimable 6752 [ 187.051036][ T5741] slab_unreclaimable 0 [ 187.051036][ T5741] slab 6752 [ 187.051036][ T5741] workingset_refault_anon 0 [ 187.156223][ T5741] Tasks state (memory values in pages): [pid 5745] write(6, "0x000000000000040e", 18 [pid 5741] <... write resumed>) = 18 [pid 5741] close(3) = 0 [pid 5741] close(4) = 0 [pid 5741] close(5) = 0 [pid 5741] close(6) = 0 [pid 5741] close(7) = -1 EBADF (Bad file descriptor) [pid 5741] close(8) = -1 EBADF (Bad file descriptor) [pid 5741] close(9) = -1 EBADF (Bad file descriptor) [pid 5741] close(10) = -1 EBADF (Bad file descriptor) [pid 5741] close(11) = -1 EBADF (Bad file descriptor) [pid 5741] close(12) = -1 EBADF (Bad file descriptor) [pid 5741] close(13) = -1 EBADF (Bad file descriptor) [pid 5741] close(14) = -1 EBADF (Bad file descriptor) [pid 5741] close(15) = -1 EBADF (Bad file descriptor) [pid 5741] close(16) = -1 EBADF (Bad file descriptor) [pid 5741] close(17) = -1 EBADF (Bad file descriptor) [pid 5741] close(18) = -1 EBADF (Bad file descriptor) [pid 5741] close(19) = -1 EBADF (Bad file descriptor) [ 187.162881][ T5741] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 187.194815][ T5741] Out of memory and no killable processes... [ 187.201457][ T5742] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5741] close(20) = -1 EBADF (Bad file descriptor) [pid 5741] close(21) = -1 EBADF (Bad file descriptor) [pid 5741] close(22) = -1 EBADF (Bad file descriptor) [pid 5741] close(23) = -1 EBADF (Bad file descriptor) [pid 5741] close(24) = -1 EBADF (Bad file descriptor) [pid 5741] close(25) = -1 EBADF (Bad file descriptor) [pid 5741] close(26) = -1 EBADF (Bad file descriptor) [pid 5741] close(27) = -1 EBADF (Bad file descriptor) [pid 5741] close(28) = -1 EBADF (Bad file descriptor) [pid 5741] close(29) = -1 EBADF (Bad file descriptor) [pid 5741] exit_group(0) = ? [pid 5741] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5072] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 187.212482][ T5742] CPU: 1 PID: 5742 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 187.222957][ T5742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 187.233074][ T5742] Call Trace: [ 187.236394][ T5742] [ 187.239467][ T5742] dump_stack_lvl+0x1e7/0x2d0 [ 187.244210][ T5742] ? nf_tcp_handle_invalid+0x640/0x640 [ 187.249727][ T5742] ? panic+0x770/0x770 [ 187.254480][ T5742] dump_header+0xdc/0x940 [ 187.258871][ T5742] out_of_memory+0xf21/0x12c0 [pid 5072] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./40/binderfs") = 0 [pid 5072] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 187.263604][ T5742] ? mutex_lock_io_nested+0x60/0x60 [ 187.268843][ T5742] ? preempt_schedule+0xdd/0xf0 [ 187.273725][ T5742] ? unregister_oom_notifier+0x20/0x20 [ 187.279219][ T5742] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 187.285283][ T5742] mem_cgroup_out_of_memory+0x263/0x3b0 [ 187.290941][ T5742] ? preempt_schedule_thunk+0x1a/0x20 [ 187.296343][ T5742] ? mem_cgroup_oom_trylock+0x210/0x210 [ 187.301940][ T5742] ? cgroup_file_notify+0x127/0x190 [ 187.307165][ T5742] memory_max_write+0x355/0x470 [ 187.312039][ T5742] ? memory_max_show+0xa0/0xa0 [ 187.316822][ T5742] ? read_lock_is_recursive+0x20/0x20 [ 187.322218][ T5742] ? memory_max_show+0xa0/0xa0 [ 187.327048][ T5742] cgroup_file_write+0x2b1/0x780 [ 187.332012][ T5742] ? cgroup_seqfile_stop+0xd0/0xd0 [ 187.337137][ T5742] ? __virt_addr_valid+0x22f/0x2e0 [ 187.342279][ T5742] ? cgroup_seqfile_stop+0xd0/0xd0 [ 187.347401][ T5742] kernfs_fop_write_iter+0x3a6/0x4f0 [ 187.352712][ T5742] vfs_write+0x7b2/0xbb0 [ 187.356985][ T5742] ? file_end_write+0x240/0x240 [ 187.361860][ T5742] ? do_raw_spin_unlock+0x13b/0x8b0 [ 187.367077][ T5742] ? lockdep_hardirqs_on+0x98/0x140 [ 187.372328][ T5742] ? __fdget_pos+0x265/0x2f0 [ 187.376958][ T5742] ksys_write+0x1a0/0x2c0 [ 187.381323][ T5742] ? __ia32_sys_read+0x90/0x90 [ 187.386114][ T5742] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 187.392127][ T5742] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 187.398134][ T5742] do_syscall_64+0x41/0xc0 [ 187.402569][ T5742] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 187.408490][ T5742] RIP: 0033:0x7fd49ce20129 [ 187.412944][ T5742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 187.432589][ T5742] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.441029][ T5742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 187.449015][ T5742] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./40/cgroup") = 0 [pid 5072] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 187.457002][ T5742] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 187.464983][ T5742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 187.472987][ T5742] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002e [ 187.480988][ T5742] [ 187.488404][ T5742] memory: usage 8kB, limit 0kB, failcnt 55 [ 187.496762][ T5742] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.505176][ T5742] Memory cgroup stats for /syz1: [ 187.505998][ T5742] anon 0 [pid 5072] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./40/cgroup.net") = 0 [ 187.505998][ T5742] file 0 [ 187.505998][ T5742] kernel 8192 [ 187.505998][ T5742] kernel_stack 0 [ 187.505998][ T5742] pagetables 0 [ 187.505998][ T5742] sec_pagetables 0 [ 187.505998][ T5742] percpu 0 [ 187.505998][ T5742] sock 0 [ 187.505998][ T5742] vmalloc 0 [ 187.505998][ T5742] shmem 0 [ 187.505998][ T5742] zswap 0 [ 187.505998][ T5742] zswapped 0 [ 187.505998][ T5742] file_mapped 0 [ 187.505998][ T5742] file_dirty 0 [ 187.505998][ T5742] file_writeback 0 [ 187.505998][ T5742] swapcached 0 [ 187.505998][ T5742] anon_thp 0 [pid 5072] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 187.505998][ T5742] file_thp 0 [ 187.505998][ T5742] shmem_thp 0 [ 187.505998][ T5742] inactive_anon 0 [ 187.505998][ T5742] active_anon 0 [ 187.505998][ T5742] inactive_file 0 [ 187.505998][ T5742] active_file 0 [ 187.505998][ T5742] unevictable 0 [ 187.505998][ T5742] slab_reclaimable 6752 [ 187.505998][ T5742] slab_unreclaimable 0 [ 187.505998][ T5742] slab 6752 [ 187.505998][ T5742] workingset_refault_anon 0 [ 187.604643][ T5742] Tasks state (memory values in pages): [pid 5072] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./40/file0") = 0 [pid 5072] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./40/cgroup.cpu", [pid 5742] <... write resumed>) = 18 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./40/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./40") = 0 [pid 5072] mkdir("./41", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5746 attached [pid 5746] chdir("./41" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 43 [ 187.610420][ T5742] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 187.620177][ T5742] Out of memory and no killable processes... [ 187.626253][ T5743] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 187.638317][ T5743] CPU: 0 PID: 5743 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 187.648782][ T5743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 187.658879][ T5743] Call Trace: [ 187.662200][ T5743] [pid 5746] <... chdir resumed>) = 0 [pid 5746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5746] setpgid(0, 0) = 0 [pid 5746] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5746] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5746] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5746] write(3, "1000", 4) = 4 [pid 5746] close(3) = 0 [pid 5746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5746] mkdir("./file0", 000) = 0 [pid 5746] open("./file0", O_RDONLY) = 3 [pid 5746] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5746] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5746] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5746] openat(5, "memory.max", O_RDWR) = 6 [ 187.665177][ T5743] dump_stack_lvl+0x1e7/0x2d0 [ 187.669947][ T5743] ? nf_tcp_handle_invalid+0x640/0x640 [ 187.675460][ T5743] ? panic+0x770/0x770 [ 187.679595][ T5743] dump_header+0xdc/0x940 [ 187.683994][ T5743] out_of_memory+0xf21/0x12c0 [ 187.688729][ T5743] ? mutex_lock_io_nested+0x60/0x60 [ 187.693987][ T5743] ? preempt_schedule+0xdd/0xf0 [ 187.698894][ T5743] ? unregister_oom_notifier+0x20/0x20 [ 187.704397][ T5743] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5746] write(6, "0x000000000000040e", 18 [pid 5742] close(3) = 0 [pid 5742] close(4) = 0 [pid 5742] close(5) = 0 [pid 5742] close(6) = 0 [pid 5742] close(7) = -1 EBADF (Bad file descriptor) [pid 5742] close(8) = -1 EBADF (Bad file descriptor) [pid 5742] close(9) = -1 EBADF (Bad file descriptor) [pid 5742] close(10) = -1 EBADF (Bad file descriptor) [pid 5742] close(11) = -1 EBADF (Bad file descriptor) [pid 5742] close(12) = -1 EBADF (Bad file descriptor) [pid 5742] close(13) = -1 EBADF (Bad file descriptor) [pid 5742] close(14) = -1 EBADF (Bad file descriptor) [pid 5742] close(15) = -1 EBADF (Bad file descriptor) [pid 5742] close(16) = -1 EBADF (Bad file descriptor) [pid 5742] close(17) = -1 EBADF (Bad file descriptor) [ 187.710444][ T5743] mem_cgroup_out_of_memory+0x263/0x3b0 [ 187.716042][ T5743] ? preempt_schedule_thunk+0x1a/0x20 [ 187.721472][ T5743] ? mem_cgroup_oom_trylock+0x210/0x210 [ 187.727092][ T5743] ? cgroup_file_notify+0x127/0x190 [ 187.732383][ T5743] memory_max_write+0x355/0x470 [ 187.737296][ T5743] ? memory_max_show+0xa0/0xa0 [ 187.742115][ T5743] ? read_lock_is_recursive+0x20/0x20 [ 187.747537][ T5743] ? memory_max_show+0xa0/0xa0 [ 187.752318][ T5743] cgroup_file_write+0x2b1/0x780 [ 187.757282][ T5743] ? cgroup_seqfile_stop+0xd0/0xd0 [ 187.762413][ T5743] ? __virt_addr_valid+0x22f/0x2e0 [ 187.767569][ T5743] ? cgroup_seqfile_stop+0xd0/0xd0 [ 187.772699][ T5743] kernfs_fop_write_iter+0x3a6/0x4f0 [ 187.778017][ T5743] vfs_write+0x7b2/0xbb0 [ 187.782287][ T5743] ? file_end_write+0x240/0x240 [ 187.787164][ T5743] ? do_raw_spin_unlock+0x13b/0x8b0 [ 187.792381][ T5743] ? lockdep_hardirqs_on+0x98/0x140 [ 187.797604][ T5743] ? __fdget_pos+0x265/0x2f0 [ 187.802217][ T5743] ksys_write+0x1a0/0x2c0 [ 187.806566][ T5743] ? __ia32_sys_read+0x90/0x90 [ 187.811349][ T5743] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 187.817354][ T5743] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 187.823357][ T5743] do_syscall_64+0x41/0xc0 [ 187.827805][ T5743] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 187.833718][ T5743] RIP: 0033:0x7fd49ce20129 [ 187.838145][ T5743] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 187.857764][ T5743] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5742] close(18) = -1 EBADF (Bad file descriptor) [pid 5742] close(19) = -1 EBADF (Bad file descriptor) [pid 5742] close(20) = -1 EBADF (Bad file descriptor) [pid 5742] close(21) = -1 EBADF (Bad file descriptor) [pid 5742] close(22) = -1 EBADF (Bad file descriptor) [pid 5742] close(23) = -1 EBADF (Bad file descriptor) [pid 5742] close(24) = -1 EBADF (Bad file descriptor) [pid 5742] close(25) = -1 EBADF (Bad file descriptor) [pid 5742] close(26) = -1 EBADF (Bad file descriptor) [pid 5742] close(27) = -1 EBADF (Bad file descriptor) [pid 5742] close(28) = -1 EBADF (Bad file descriptor) [pid 5742] close(29) = -1 EBADF (Bad file descriptor) [pid 5742] exit_group(0) = ? [ 187.866195][ T5743] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 187.874176][ T5743] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 187.882159][ T5743] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 187.890156][ T5743] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 187.898150][ T5743] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000028 [ 187.906159][ T5743] [pid 5742] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./46/binderfs") = 0 [pid 5075] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./46/cgroup") = 0 [ 187.934136][ T5743] memory: usage 8kB, limit 0kB, failcnt 55 [ 187.944394][ T5743] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.954625][ T5743] Memory cgroup stats for /syz1: [ 187.954822][ T5743] anon 0 [ 187.954822][ T5743] file 0 [ 187.954822][ T5743] kernel 8192 [ 187.954822][ T5743] kernel_stack 0 [ 187.954822][ T5743] pagetables 0 [ 187.954822][ T5743] sec_pagetables 0 [ 187.954822][ T5743] percpu 0 [ 187.954822][ T5743] sock 0 [ 187.954822][ T5743] vmalloc 0 [ 187.954822][ T5743] shmem 0 [ 187.954822][ T5743] zswap 0 [ 187.954822][ T5743] zswapped 0 [ 187.954822][ T5743] file_mapped 0 [ 187.954822][ T5743] file_dirty 0 [ 187.954822][ T5743] file_writeback 0 [ 187.954822][ T5743] swapcached 0 [ 187.954822][ T5743] anon_thp 0 [ 187.954822][ T5743] file_thp 0 [ 187.954822][ T5743] shmem_thp 0 [ 187.954822][ T5743] inactive_anon 0 [ 187.954822][ T5743] active_anon 0 [ 187.954822][ T5743] inactive_file 0 [ 187.954822][ T5743] active_file 0 [pid 5075] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./46/cgroup.net") = 0 [pid 5075] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./46/file0") = 0 [pid 5075] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./46/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./46") = 0 [pid 5075] mkdir("./47", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5747 attached [pid 5747] chdir("./47" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 49 [ 187.954822][ T5743] unevictable 0 [ 187.954822][ T5743] slab_reclaimable 6752 [ 187.954822][ T5743] slab_unreclaimable 0 [ 187.954822][ T5743] slab 6752 [ 187.954822][ T5743] workingset_refault_anon 0 [ 188.060218][ T5743] Tasks state (memory values in pages): [ 188.073860][ T5743] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5747] <... chdir resumed>) = 0 [pid 5747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5747] setpgid(0, 0) = 0 [pid 5747] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5747] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5747] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5747] write(3, "1000", 4) = 4 [pid 5747] close(3) = 0 [pid 5747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5747] mkdir("./file0", 000) = 0 [pid 5747] open("./file0", O_RDONLY) = 3 [pid 5747] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5743] <... write resumed>) = 18 [pid 5747] <... mount resumed>) = 0 [pid 5747] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5747] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5747] openat(5, "memory.max", O_RDWR) = 6 [ 188.091657][ T5743] Out of memory and no killable processes... [ 188.099731][ T5744] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 188.116478][ T5744] CPU: 0 PID: 5744 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 188.126975][ T5744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 188.137074][ T5744] Call Trace: [pid 5747] write(6, "0x000000000000040e", 18 [pid 5743] close(3) = 0 [pid 5743] close(4) = 0 [pid 5743] close(5) = 0 [pid 5743] close(6) = 0 [pid 5743] close(7) = -1 EBADF (Bad file descriptor) [pid 5743] close(8) = -1 EBADF (Bad file descriptor) [pid 5743] close(9) = -1 EBADF (Bad file descriptor) [pid 5743] close(10) = -1 EBADF (Bad file descriptor) [pid 5743] close(11) = -1 EBADF (Bad file descriptor) [pid 5743] close(12) = -1 EBADF (Bad file descriptor) [pid 5743] close(13) = -1 EBADF (Bad file descriptor) [pid 5743] close(14) = -1 EBADF (Bad file descriptor) [pid 5743] close(15) = -1 EBADF (Bad file descriptor) [pid 5743] close(16) = -1 EBADF (Bad file descriptor) [pid 5743] close(17) = -1 EBADF (Bad file descriptor) [pid 5743] close(18) = -1 EBADF (Bad file descriptor) [pid 5743] close(19) = -1 EBADF (Bad file descriptor) [pid 5743] close(20) = -1 EBADF (Bad file descriptor) [pid 5743] close(21) = -1 EBADF (Bad file descriptor) [pid 5743] close(22) = -1 EBADF (Bad file descriptor) [pid 5743] close(23) = -1 EBADF (Bad file descriptor) [pid 5743] close(24) = -1 EBADF (Bad file descriptor) [pid 5743] close(25) = -1 EBADF (Bad file descriptor) [pid 5743] close(26) = -1 EBADF (Bad file descriptor) [pid 5743] close(27) = -1 EBADF (Bad file descriptor) [pid 5743] close(28) = -1 EBADF (Bad file descriptor) [pid 5743] close(29) = -1 EBADF (Bad file descriptor) [ 188.140387][ T5744] [ 188.143356][ T5744] dump_stack_lvl+0x1e7/0x2d0 [ 188.148085][ T5744] ? nf_tcp_handle_invalid+0x640/0x640 [ 188.153601][ T5744] ? panic+0x770/0x770 [ 188.157758][ T5744] dump_header+0xdc/0x940 [ 188.162152][ T5744] out_of_memory+0xf21/0x12c0 [ 188.166889][ T5744] ? mutex_lock_io_nested+0x60/0x60 [ 188.172153][ T5744] ? preempt_schedule+0xdd/0xf0 [ 188.177057][ T5744] ? unregister_oom_notifier+0x20/0x20 [ 188.182573][ T5744] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5743] exit_group(0) = ? [pid 5743] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./40/binderfs") = 0 [pid 5070] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./40/cgroup") = 0 [pid 5070] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./40/cgroup.net") = 0 [ 188.188631][ T5744] mem_cgroup_out_of_memory+0x263/0x3b0 [ 188.194230][ T5744] ? preempt_schedule_thunk+0x1a/0x20 [ 188.199660][ T5744] ? mem_cgroup_oom_trylock+0x210/0x210 [ 188.205279][ T5744] ? cgroup_file_notify+0x127/0x190 [ 188.210555][ T5744] memory_max_write+0x355/0x470 [ 188.215479][ T5744] ? memory_max_show+0xa0/0xa0 [ 188.220287][ T5744] ? read_lock_is_recursive+0x20/0x20 [ 188.225683][ T5744] ? memory_max_show+0xa0/0xa0 [ 188.230464][ T5744] cgroup_file_write+0x2b1/0x780 [ 188.235423][ T5744] ? cgroup_seqfile_stop+0xd0/0xd0 [ 188.240564][ T5744] ? __virt_addr_valid+0x22f/0x2e0 [ 188.245702][ T5744] ? cgroup_seqfile_stop+0xd0/0xd0 [ 188.250821][ T5744] kernfs_fop_write_iter+0x3a6/0x4f0 [ 188.256144][ T5744] vfs_write+0x7b2/0xbb0 [ 188.260414][ T5744] ? file_end_write+0x240/0x240 [ 188.265283][ T5744] ? do_raw_spin_unlock+0x13b/0x8b0 [ 188.270518][ T5744] ? lockdep_hardirqs_on+0x98/0x140 [ 188.275749][ T5744] ? __fdget_pos+0x265/0x2f0 [ 188.280358][ T5744] ksys_write+0x1a0/0x2c0 [ 188.284705][ T5744] ? __ia32_sys_read+0x90/0x90 [ 188.289479][ T5744] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 188.295480][ T5744] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 188.301486][ T5744] do_syscall_64+0x41/0xc0 [ 188.305926][ T5744] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 188.311836][ T5744] RIP: 0033:0x7fd49ce20129 [ 188.316265][ T5744] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5070] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 188.335883][ T5744] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.344323][ T5744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 188.352304][ T5744] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 188.360286][ T5744] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 188.368269][ T5744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 188.376252][ T5744] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000030 [ 188.384251][ T5744] [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./40/file0") = 0 [pid 5070] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./40/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./40") = 0 [pid 5070] mkdir("./41", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 43 ./strace-static-x86_64: Process 5748 attached [pid 5748] chdir("./41") = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 188.398846][ T5744] memory: usage 8kB, limit 0kB, failcnt 55 [ 188.404736][ T5744] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.432940][ T5744] Memory cgroup stats for /syz1: [ 188.433162][ T5744] anon 0 [ 188.433162][ T5744] file 0 [ 188.433162][ T5744] kernel 8192 [pid 5748] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5748] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5748] mkdir("./file0", 000) = 0 [pid 5748] open("./file0", O_RDONLY) = 3 [pid 5748] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5748] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5748] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5748] openat(5, "memory.max", O_RDWR) = 6 [ 188.433162][ T5744] kernel_stack 0 [ 188.433162][ T5744] pagetables 0 [ 188.433162][ T5744] sec_pagetables 0 [ 188.433162][ T5744] percpu 0 [ 188.433162][ T5744] sock 0 [ 188.433162][ T5744] vmalloc 0 [ 188.433162][ T5744] shmem 0 [ 188.433162][ T5744] zswap 0 [ 188.433162][ T5744] zswapped 0 [ 188.433162][ T5744] file_mapped 0 [ 188.433162][ T5744] file_dirty 0 [ 188.433162][ T5744] file_writeback 0 [ 188.433162][ T5744] swapcached 0 [ 188.433162][ T5744] anon_thp 0 [ 188.433162][ T5744] file_thp 0 [ 188.433162][ T5744] shmem_thp 0 [ 188.433162][ T5744] inactive_anon 0 [ 188.433162][ T5744] active_anon 0 [ 188.433162][ T5744] inactive_file 0 [ 188.433162][ T5744] active_file 0 [ 188.433162][ T5744] unevictable 0 [ 188.433162][ T5744] slab_reclaimable 6752 [ 188.433162][ T5744] slab_unreclaimable 0 [ 188.433162][ T5744] slab 6752 [ 188.433162][ T5744] workingset_refault_anon 0 [ 188.531769][ T5744] Tasks state (memory values in pages): [ 188.537575][ T5744] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5748] write(6, "0x000000000000040e", 18 [pid 5744] <... write resumed>) = 18 [pid 5744] close(3) = 0 [pid 5744] close(4) = 0 [pid 5744] close(5) = 0 [pid 5744] close(6) = 0 [pid 5744] close(7) = -1 EBADF (Bad file descriptor) [pid 5744] close(8) = -1 EBADF (Bad file descriptor) [pid 5744] close(9) = -1 EBADF (Bad file descriptor) [pid 5744] close(10) = -1 EBADF (Bad file descriptor) [pid 5744] close(11) = -1 EBADF (Bad file descriptor) [pid 5744] close(12) = -1 EBADF (Bad file descriptor) [pid 5744] close(13) = -1 EBADF (Bad file descriptor) [pid 5744] close(14) = -1 EBADF (Bad file descriptor) [pid 5744] close(15) = -1 EBADF (Bad file descriptor) [pid 5744] close(16) = -1 EBADF (Bad file descriptor) [pid 5744] close(17) = -1 EBADF (Bad file descriptor) [pid 5744] close(18) = -1 EBADF (Bad file descriptor) [pid 5744] close(19) = -1 EBADF (Bad file descriptor) [pid 5744] close(20) = -1 EBADF (Bad file descriptor) [pid 5744] close(21) = -1 EBADF (Bad file descriptor) [pid 5744] close(22) = -1 EBADF (Bad file descriptor) [pid 5744] close(23) = -1 EBADF (Bad file descriptor) [pid 5744] close(24) = -1 EBADF (Bad file descriptor) [pid 5744] close(25) = -1 EBADF (Bad file descriptor) [pid 5744] close(26) = -1 EBADF (Bad file descriptor) [pid 5744] close(27) = -1 EBADF (Bad file descriptor) [pid 5744] close(28) = -1 EBADF (Bad file descriptor) [pid 5744] close(29) = -1 EBADF (Bad file descriptor) [pid 5744] exit_group(0) = ? [pid 5744] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 188.548100][ T5744] Out of memory and no killable processes... [ 188.555533][ T5745] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 188.567639][ T5745] CPU: 1 PID: 5745 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 188.578100][ T5745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 188.588192][ T5745] Call Trace: [ 188.591501][ T5745] [ 188.594463][ T5745] dump_stack_lvl+0x1e7/0x2d0 [pid 5074] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./48/binderfs") = 0 [pid 5074] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./48/cgroup") = 0 [pid 5074] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./48/cgroup.net") = 0 [ 188.599196][ T5745] ? nf_tcp_handle_invalid+0x640/0x640 [ 188.604709][ T5745] ? panic+0x770/0x770 [ 188.608844][ T5745] dump_header+0xdc/0x940 [ 188.613232][ T5745] out_of_memory+0xf21/0x12c0 [ 188.617967][ T5745] ? mutex_lock_io_nested+0x60/0x60 [ 188.623221][ T5745] ? preempt_schedule+0xdd/0xf0 [ 188.628133][ T5745] ? unregister_oom_notifier+0x20/0x20 [ 188.633631][ T5745] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 188.639665][ T5745] mem_cgroup_out_of_memory+0x263/0x3b0 [ 188.645249][ T5745] ? preempt_schedule_thunk+0x1a/0x20 [ 188.650658][ T5745] ? mem_cgroup_oom_trylock+0x210/0x210 [ 188.656276][ T5745] ? cgroup_file_notify+0x127/0x190 [ 188.661533][ T5745] memory_max_write+0x355/0x470 [ 188.666431][ T5745] ? memory_max_show+0xa0/0xa0 [ 188.671211][ T5745] ? read_lock_is_recursive+0x20/0x20 [ 188.676640][ T5745] ? memory_max_show+0xa0/0xa0 [ 188.681448][ T5745] cgroup_file_write+0x2b1/0x780 [ 188.686430][ T5745] ? cgroup_seqfile_stop+0xd0/0xd0 [ 188.691559][ T5745] ? __virt_addr_valid+0x22f/0x2e0 [ 188.696741][ T5745] ? cgroup_seqfile_stop+0xd0/0xd0 [ 188.701884][ T5745] kernfs_fop_write_iter+0x3a6/0x4f0 [ 188.707208][ T5745] vfs_write+0x7b2/0xbb0 [ 188.711507][ T5745] ? file_end_write+0x240/0x240 [ 188.716420][ T5745] ? do_raw_spin_unlock+0x13b/0x8b0 [ 188.721659][ T5745] ? lockdep_hardirqs_on+0x98/0x140 [ 188.726900][ T5745] ? __fdget_pos+0x265/0x2f0 [ 188.731543][ T5745] ksys_write+0x1a0/0x2c0 [ 188.735925][ T5745] ? __ia32_sys_read+0x90/0x90 [ 188.740736][ T5745] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 188.746775][ T5745] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 188.752816][ T5745] do_syscall_64+0x41/0xc0 [ 188.757285][ T5745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 188.763226][ T5745] RIP: 0033:0x7fd49ce20129 [ 188.767667][ T5745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 188.787312][ T5745] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5074] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 188.795783][ T5745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 188.803799][ T5745] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 188.811809][ T5745] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 188.819847][ T5745] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 188.827864][ T5745] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002c [ 188.835920][ T5745] [pid 5074] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./48/file0") = 0 [pid 5074] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./48/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./48") = 0 [pid 5074] mkdir("./49", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5749 attached [pid 5749] chdir("./49" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 51 [pid 5749] <... chdir resumed>) = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 188.849444][ T5745] memory: usage 8kB, limit 0kB, failcnt 55 [ 188.855330][ T5745] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.863366][ T5745] Memory cgroup stats for /syz1: [ 188.863708][ T5745] anon 0 [ 188.863708][ T5745] file 0 [ 188.863708][ T5745] kernel 8192 [ 188.863708][ T5745] kernel_stack 0 [ 188.863708][ T5745] pagetables 0 [ 188.863708][ T5745] sec_pagetables 0 [ 188.863708][ T5745] percpu 0 [ 188.863708][ T5745] sock 0 [ 188.863708][ T5745] vmalloc 0 [ 188.863708][ T5745] shmem 0 [pid 5749] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [ 188.863708][ T5745] zswap 0 [ 188.863708][ T5745] zswapped 0 [ 188.863708][ T5745] file_mapped 0 [ 188.863708][ T5745] file_dirty 0 [ 188.863708][ T5745] file_writeback 0 [ 188.863708][ T5745] swapcached 0 [ 188.863708][ T5745] anon_thp 0 [ 188.863708][ T5745] file_thp 0 [ 188.863708][ T5745] shmem_thp 0 [ 188.863708][ T5745] inactive_anon 0 [ 188.863708][ T5745] active_anon 0 [ 188.863708][ T5745] inactive_file 0 [ 188.863708][ T5745] active_file 0 [ 188.863708][ T5745] unevictable 0 [ 188.863708][ T5745] slab_reclaimable 6752 [pid 5749] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] mkdir("./file0", 000) = 0 [pid 5749] open("./file0", O_RDONLY) = 3 [pid 5749] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5749] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5749] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5749] openat(5, "memory.max", O_RDWR) = 6 [pid 5749] write(6, "0x000000000000040e", 18 [pid 5745] <... write resumed>) = 18 [ 188.863708][ T5745] slab_unreclaimable 0 [ 188.863708][ T5745] slab 6752 [ 188.863708][ T5745] workingset_refault_anon 0 [ 188.959730][ T5745] Tasks state (memory values in pages): [ 188.965634][ T5745] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 188.976751][ T5745] Out of memory and no killable processes... [ 188.982828][ T5746] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 188.994188][ T5746] CPU: 0 PID: 5746 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 189.004639][ T5746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 189.014717][ T5746] Call Trace: [ 189.018029][ T5746] [ 189.020995][ T5746] dump_stack_lvl+0x1e7/0x2d0 [ 189.025738][ T5746] ? nf_tcp_handle_invalid+0x640/0x640 [ 189.031237][ T5746] ? panic+0x770/0x770 [ 189.035717][ T5746] dump_header+0xdc/0x940 [ 189.040100][ T5746] out_of_memory+0xf21/0x12c0 [ 189.044825][ T5746] ? mutex_lock_io_nested+0x60/0x60 [ 189.050083][ T5746] ? preempt_schedule+0xdd/0xf0 [ 189.055006][ T5746] ? unregister_oom_notifier+0x20/0x20 [ 189.060519][ T5746] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 189.066562][ T5746] mem_cgroup_out_of_memory+0x263/0x3b0 [ 189.072160][ T5746] ? preempt_schedule_thunk+0x1a/0x20 [ 189.077589][ T5746] ? mem_cgroup_oom_trylock+0x210/0x210 [ 189.083215][ T5746] ? cgroup_file_notify+0x127/0x190 [ 189.088484][ T5746] memory_max_write+0x355/0x470 [ 189.093403][ T5746] ? memory_max_show+0xa0/0xa0 [pid 5745] close(3) = 0 [pid 5745] close(4) = 0 [pid 5745] close(5) = 0 [pid 5745] close(6) = 0 [pid 5745] close(7) = -1 EBADF (Bad file descriptor) [pid 5745] close(8) = -1 EBADF (Bad file descriptor) [pid 5745] close(9) = -1 EBADF (Bad file descriptor) [pid 5745] close(10) = -1 EBADF (Bad file descriptor) [pid 5745] close(11) = -1 EBADF (Bad file descriptor) [pid 5745] close(12) = -1 EBADF (Bad file descriptor) [pid 5745] close(13) = -1 EBADF (Bad file descriptor) [pid 5745] close(14) = -1 EBADF (Bad file descriptor) [pid 5745] close(15) = -1 EBADF (Bad file descriptor) [pid 5745] close(16) = -1 EBADF (Bad file descriptor) [ 189.098236][ T5746] ? read_lock_is_recursive+0x20/0x20 [ 189.103668][ T5746] ? memory_max_show+0xa0/0xa0 [ 189.108483][ T5746] cgroup_file_write+0x2b1/0x780 [ 189.113477][ T5746] ? cgroup_seqfile_stop+0xd0/0xd0 [ 189.118633][ T5746] ? __virt_addr_valid+0x22f/0x2e0 [ 189.123811][ T5746] ? cgroup_seqfile_stop+0xd0/0xd0 [ 189.128975][ T5746] kernfs_fop_write_iter+0x3a6/0x4f0 [ 189.134338][ T5746] vfs_write+0x7b2/0xbb0 [ 189.138665][ T5746] ? file_end_write+0x240/0x240 [ 189.143593][ T5746] ? do_raw_spin_unlock+0x13b/0x8b0 [pid 5745] close(17) = -1 EBADF (Bad file descriptor) [pid 5745] close(18) = -1 EBADF (Bad file descriptor) [pid 5745] close(19) = -1 EBADF (Bad file descriptor) [pid 5745] close(20) = -1 EBADF (Bad file descriptor) [pid 5745] close(21) = -1 EBADF (Bad file descriptor) [pid 5745] close(22) = -1 EBADF (Bad file descriptor) [pid 5745] close(23) = -1 EBADF (Bad file descriptor) [pid 5745] close(24) = -1 EBADF (Bad file descriptor) [pid 5745] close(25) = -1 EBADF (Bad file descriptor) [pid 5745] close(26) = -1 EBADF (Bad file descriptor) [pid 5745] close(27) = -1 EBADF (Bad file descriptor) [pid 5745] close(28) = -1 EBADF (Bad file descriptor) [pid 5745] close(29) = -1 EBADF (Bad file descriptor) [pid 5745] exit_group(0) = ? [pid 5745] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./44/binderfs") = 0 [ 189.148854][ T5746] ? lockdep_hardirqs_on+0x98/0x140 [ 189.154128][ T5746] ? __fdget_pos+0x265/0x2f0 [ 189.158781][ T5746] ksys_write+0x1a0/0x2c0 [ 189.163175][ T5746] ? __ia32_sys_read+0x90/0x90 [ 189.167993][ T5746] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 189.174067][ T5746] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 189.180154][ T5746] do_syscall_64+0x41/0xc0 [ 189.184633][ T5746] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 189.190588][ T5746] RIP: 0033:0x7fd49ce20129 [pid 5073] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./44/cgroup") = 0 [pid 5073] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./44/cgroup.net") = 0 [ 189.195051][ T5746] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.214707][ T5746] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.223181][ T5746] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 189.231200][ T5746] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 189.239213][ T5746] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 189.247238][ T5746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 189.255253][ T5746] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000029 [ 189.263306][ T5746] [ 189.281246][ T5746] memory: usage 8kB, limit 0kB, failcnt 55 [ 189.287468][ T5746] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.294363][ T5746] Memory cgroup stats for /syz1: [ 189.294578][ T5746] anon 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./44/file0") = 0 [pid 5073] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./44/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./44") = 0 [pid 5073] mkdir("./45", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 47 [ 189.294578][ T5746] file 0 [ 189.294578][ T5746] kernel 8192 [ 189.294578][ T5746] kernel_stack 0 [ 189.294578][ T5746] pagetables 0 [ 189.294578][ T5746] sec_pagetables 0 [ 189.294578][ T5746] percpu 0 [ 189.294578][ T5746] sock 0 [ 189.294578][ T5746] vmalloc 0 [ 189.294578][ T5746] shmem 0 [ 189.294578][ T5746] zswap 0 [ 189.294578][ T5746] zswapped 0 [ 189.294578][ T5746] file_mapped 0 [ 189.294578][ T5746] file_dirty 0 [ 189.294578][ T5746] file_writeback 0 [ 189.294578][ T5746] swapcached 0 [ 189.294578][ T5746] anon_thp 0 ./strace-static-x86_64: Process 5750 attached [pid 5750] chdir("./45") = 0 [ 189.294578][ T5746] file_thp 0 [ 189.294578][ T5746] shmem_thp 0 [ 189.294578][ T5746] inactive_anon 0 [ 189.294578][ T5746] active_anon 0 [ 189.294578][ T5746] inactive_file 0 [ 189.294578][ T5746] active_file 0 [ 189.294578][ T5746] unevictable 0 [ 189.294578][ T5746] slab_reclaimable 6752 [ 189.294578][ T5746] slab_unreclaimable 0 [ 189.294578][ T5746] slab 6752 [ 189.294578][ T5746] workingset_refault_anon 0 [ 189.395331][ T5746] Tasks state (memory values in pages): [pid 5750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5750] setpgid(0, 0) = 0 [pid 5750] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5746] <... write resumed>) = 18 [pid 5750] <... symlink resumed>) = 0 [pid 5750] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5746] close(3 [pid 5750] <... symlink resumed>) = 0 [pid 5750] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5746] <... close resumed>) = 0 [pid 5750] <... symlink resumed>) = 0 [pid 5750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5746] close(4 [pid 5750] <... openat resumed>) = 3 [pid 5750] write(3, "1000", 4 [pid 5746] <... close resumed>) = 0 [pid 5750] <... write resumed>) = 4 [pid 5750] close(3 [pid 5746] close(5 [pid 5750] <... close resumed>) = 0 [pid 5750] symlink("/dev/binderfs", "./binderfs" [pid 5746] <... close resumed>) = 0 [pid 5750] <... symlink resumed>) = 0 [pid 5750] mkdir("./file0", 000 [pid 5746] close(6 [pid 5750] <... mkdir resumed>) = 0 [pid 5750] open("./file0", O_RDONLY [pid 5746] <... close resumed>) = 0 [pid 5750] <... open resumed>) = 3 [pid 5750] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5746] close(7 [pid 5750] <... mount resumed>) = 0 [pid 5750] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5750] <... openat resumed>) = 4 [pid 5750] openat(4, "syz1", O_RDWR|O_PATH [pid 5746] close(8 [pid 5750] <... openat resumed>) = 5 [pid 5750] openat(5, "memory.max", O_RDWR [pid 5746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5750] <... openat resumed>) = 6 [ 189.405509][ T5746] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 189.423601][ T5746] Out of memory and no killable processes... [ 189.430190][ T5747] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 189.441849][ T5747] CPU: 1 PID: 5747 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5750] write(6, "0x000000000000040e", 18 [pid 5746] close(9) = -1 EBADF (Bad file descriptor) [pid 5746] close(10) = -1 EBADF (Bad file descriptor) [pid 5746] close(11) = -1 EBADF (Bad file descriptor) [pid 5746] close(12) = -1 EBADF (Bad file descriptor) [pid 5746] close(13) = -1 EBADF (Bad file descriptor) [pid 5746] close(14) = -1 EBADF (Bad file descriptor) [pid 5746] close(15) = -1 EBADF (Bad file descriptor) [pid 5746] close(16) = -1 EBADF (Bad file descriptor) [pid 5746] close(17) = -1 EBADF (Bad file descriptor) [pid 5746] close(18) = -1 EBADF (Bad file descriptor) [pid 5746] close(19) = -1 EBADF (Bad file descriptor) [pid 5746] close(20) = -1 EBADF (Bad file descriptor) [pid 5746] close(21) = -1 EBADF (Bad file descriptor) [pid 5746] close(22) = -1 EBADF (Bad file descriptor) [pid 5746] close(23) = -1 EBADF (Bad file descriptor) [pid 5746] close(24) = -1 EBADF (Bad file descriptor) [pid 5746] close(25) = -1 EBADF (Bad file descriptor) [pid 5746] close(26) = -1 EBADF (Bad file descriptor) [pid 5746] close(27) = -1 EBADF (Bad file descriptor) [pid 5746] close(28) = -1 EBADF (Bad file descriptor) [pid 5746] close(29) = -1 EBADF (Bad file descriptor) [pid 5746] exit_group(0) = ? [pid 5746] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./41/binderfs") = 0 [pid 5072] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./41/cgroup") = 0 [pid 5072] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./41/cgroup.net") = 0 [ 189.452317][ T5747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 189.462412][ T5747] Call Trace: [ 189.465721][ T5747] [ 189.468688][ T5747] dump_stack_lvl+0x1e7/0x2d0 [ 189.473417][ T5747] ? nf_tcp_handle_invalid+0x640/0x640 [ 189.478933][ T5747] ? panic+0x770/0x770 [ 189.483069][ T5747] dump_header+0xdc/0x940 [ 189.487453][ T5747] out_of_memory+0xf21/0x12c0 [ 189.492163][ T5747] ? mutex_lock_io_nested+0x60/0x60 [ 189.497404][ T5747] ? preempt_schedule+0xdd/0xf0 [ 189.502301][ T5747] ? unregister_oom_notifier+0x20/0x20 [ 189.507778][ T5747] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 189.513782][ T5747] mem_cgroup_out_of_memory+0x263/0x3b0 [ 189.519344][ T5747] ? preempt_schedule_thunk+0x1a/0x20 [ 189.524739][ T5747] ? mem_cgroup_oom_trylock+0x210/0x210 [ 189.530312][ T5747] ? cgroup_file_notify+0x127/0x190 [ 189.535540][ T5747] memory_max_write+0x355/0x470 [ 189.540419][ T5747] ? memory_max_show+0xa0/0xa0 [ 189.545210][ T5747] ? read_lock_is_recursive+0x20/0x20 [ 189.550605][ T5747] ? memory_max_show+0xa0/0xa0 [ 189.555386][ T5747] cgroup_file_write+0x2b1/0x780 [ 189.560357][ T5747] ? cgroup_seqfile_stop+0xd0/0xd0 [ 189.565496][ T5747] ? __virt_addr_valid+0x22f/0x2e0 [ 189.570636][ T5747] ? cgroup_seqfile_stop+0xd0/0xd0 [ 189.575755][ T5747] kernfs_fop_write_iter+0x3a6/0x4f0 [ 189.581065][ T5747] vfs_write+0x7b2/0xbb0 [ 189.585331][ T5747] ? file_end_write+0x240/0x240 [ 189.590205][ T5747] ? do_raw_spin_unlock+0x13b/0x8b0 [ 189.595425][ T5747] ? lockdep_hardirqs_on+0x98/0x140 [ 189.600645][ T5747] ? __fdget_pos+0x265/0x2f0 [ 189.605249][ T5747] ksys_write+0x1a0/0x2c0 [ 189.609602][ T5747] ? __ia32_sys_read+0x90/0x90 [ 189.614378][ T5747] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 189.620382][ T5747] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 189.626384][ T5747] do_syscall_64+0x41/0xc0 [ 189.630822][ T5747] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 189.636740][ T5747] RIP: 0033:0x7fd49ce20129 [ 189.641167][ T5747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.660787][ T5747] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.669215][ T5747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 189.677213][ T5747] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 189.685206][ T5747] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 189.693205][ T5747] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 189.701197][ T5747] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002f [ 189.709205][ T5747] [pid 5072] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./41/file0") = 0 [pid 5072] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./41/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./41") = 0 [pid 5072] mkdir("./42", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 44 ./strace-static-x86_64: Process 5751 attached [pid 5751] chdir("./42") = 0 [pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 189.729761][ T5747] memory: usage 8kB, limit 0kB, failcnt 55 [ 189.735632][ T5747] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.744223][ T5747] Memory cgroup stats for /syz1: [ 189.744848][ T5747] anon 0 [ 189.744848][ T5747] file 0 [ 189.744848][ T5747] kernel 8192 [ 189.744848][ T5747] kernel_stack 0 [ 189.744848][ T5747] pagetables 0 [ 189.744848][ T5747] sec_pagetables 0 [ 189.744848][ T5747] percpu 0 [ 189.744848][ T5747] sock 0 [ 189.744848][ T5747] vmalloc 0 [pid 5751] setpgid(0, 0) = 0 [pid 5751] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5751] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5751] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5751] write(3, "1000", 4) = 4 [pid 5751] close(3) = 0 [pid 5751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5751] mkdir("./file0", 000) = 0 [pid 5751] open("./file0", O_RDONLY) = 3 [pid 5751] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5751] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5751] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5751] openat(5, "memory.max", O_RDWR) = 6 [ 189.744848][ T5747] shmem 0 [ 189.744848][ T5747] zswap 0 [ 189.744848][ T5747] zswapped 0 [ 189.744848][ T5747] file_mapped 0 [ 189.744848][ T5747] file_dirty 0 [ 189.744848][ T5747] file_writeback 0 [ 189.744848][ T5747] swapcached 0 [ 189.744848][ T5747] anon_thp 0 [ 189.744848][ T5747] file_thp 0 [ 189.744848][ T5747] shmem_thp 0 [ 189.744848][ T5747] inactive_anon 0 [ 189.744848][ T5747] active_anon 0 [ 189.744848][ T5747] inactive_file 0 [ 189.744848][ T5747] active_file 0 [ 189.744848][ T5747] unevictable 0 [ 189.744848][ T5747] slab_reclaimable 6752 [ 189.744848][ T5747] slab_unreclaimable 0 [ 189.744848][ T5747] slab 6752 [ 189.744848][ T5747] workingset_refault_anon 0 [ 189.845323][ T5747] Tasks state (memory values in pages): [ 189.851394][ T5747] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 189.861870][ T5747] Out of memory and no killable processes... [ 189.868446][ T5748] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5751] write(6, "0x000000000000040e", 18 [pid 5747] <... write resumed>) = 18 [pid 5747] close(3) = 0 [pid 5747] close(4) = 0 [pid 5747] close(5) = 0 [pid 5747] close(6) = 0 [pid 5747] close(7) = -1 EBADF (Bad file descriptor) [pid 5747] close(8) = -1 EBADF (Bad file descriptor) [pid 5747] close(9) = -1 EBADF (Bad file descriptor) [pid 5747] close(10) = -1 EBADF (Bad file descriptor) [pid 5747] close(11) = -1 EBADF (Bad file descriptor) [pid 5747] close(12) = -1 EBADF (Bad file descriptor) [pid 5747] close(13) = -1 EBADF (Bad file descriptor) [pid 5747] close(14) = -1 EBADF (Bad file descriptor) [pid 5747] close(15) = -1 EBADF (Bad file descriptor) [pid 5747] close(16) = -1 EBADF (Bad file descriptor) [pid 5747] close(17) = -1 EBADF (Bad file descriptor) [pid 5747] close(18) = -1 EBADF (Bad file descriptor) [pid 5747] close(19) = -1 EBADF (Bad file descriptor) [pid 5747] close(20) = -1 EBADF (Bad file descriptor) [pid 5747] close(21) = -1 EBADF (Bad file descriptor) [pid 5747] close(22) = -1 EBADF (Bad file descriptor) [pid 5747] close(23) = -1 EBADF (Bad file descriptor) [pid 5747] close(24) = -1 EBADF (Bad file descriptor) [pid 5747] close(25) = -1 EBADF (Bad file descriptor) [pid 5747] close(26) = -1 EBADF (Bad file descriptor) [pid 5747] close(27) = -1 EBADF (Bad file descriptor) [pid 5747] close(28) = -1 EBADF (Bad file descriptor) [pid 5747] close(29) = -1 EBADF (Bad file descriptor) [pid 5747] exit_group(0) = ? [pid 5747] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5075] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./47/binderfs") = 0 [pid 5075] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./47/cgroup") = 0 [pid 5075] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./47/cgroup.net") = 0 [ 189.879084][ T5748] CPU: 1 PID: 5748 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 189.889539][ T5748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 189.899634][ T5748] Call Trace: [ 189.902951][ T5748] [ 189.905930][ T5748] dump_stack_lvl+0x1e7/0x2d0 [ 189.910674][ T5748] ? nf_tcp_handle_invalid+0x640/0x640 [ 189.916186][ T5748] ? panic+0x770/0x770 [ 189.920332][ T5748] dump_header+0xdc/0x940 [ 189.924697][ T5748] out_of_memory+0xf21/0x12c0 [ 189.929395][ T5748] ? mutex_lock_io_nested+0x60/0x60 [ 189.934628][ T5748] ? mark_lock+0x9a/0x340 [ 189.939003][ T5748] ? unregister_oom_notifier+0x20/0x20 [ 189.944503][ T5748] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 189.950550][ T5748] mem_cgroup_out_of_memory+0x263/0x3b0 [ 189.956146][ T5748] ? mem_cgroup_oom_trylock+0x210/0x210 [ 189.961721][ T5748] ? cgroup_file_notify+0x127/0x190 [ 189.966963][ T5748] memory_max_write+0x355/0x470 [ 189.971876][ T5748] ? memory_max_show+0xa0/0xa0 [ 189.976708][ T5748] ? read_lock_is_recursive+0x20/0x20 [ 189.982135][ T5748] ? memory_max_show+0xa0/0xa0 [ 189.986944][ T5748] cgroup_file_write+0x2b1/0x780 [ 189.991932][ T5748] ? cgroup_seqfile_stop+0xd0/0xd0 [ 189.997085][ T5748] ? __virt_addr_valid+0x22f/0x2e0 [ 190.002264][ T5748] ? cgroup_seqfile_stop+0xd0/0xd0 [ 190.007419][ T5748] kernfs_fop_write_iter+0x3a6/0x4f0 [ 190.012769][ T5748] vfs_write+0x7b2/0xbb0 [ 190.017074][ T5748] ? file_end_write+0x240/0x240 [ 190.021982][ T5748] ? do_raw_spin_unlock+0x13b/0x8b0 [ 190.027232][ T5748] ? lockdep_hardirqs_on+0x98/0x140 [ 190.032494][ T5748] ? __fdget_pos+0x265/0x2f0 [ 190.037141][ T5748] ksys_write+0x1a0/0x2c0 [ 190.041524][ T5748] ? __ia32_sys_read+0x90/0x90 [ 190.046335][ T5748] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 190.052381][ T5748] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 190.058417][ T5748] do_syscall_64+0x41/0xc0 [ 190.062875][ T5748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 190.068804][ T5748] RIP: 0033:0x7fd49ce20129 [ 190.073255][ T5748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.092895][ T5748] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.101370][ T5748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 190.109382][ T5748] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 190.117377][ T5748] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./47/file0") = 0 [pid 5075] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./47/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./47") = 0 [pid 5075] mkdir("./48", 0777) = 0 [ 190.125371][ T5748] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 190.133373][ T5748] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000029 [ 190.141411][ T5748] [ 190.152564][ T5748] memory: usage 8kB, limit 0kB, failcnt 55 [ 190.159444][ T5748] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 190.175692][ T5748] Memory cgroup stats for /syz1: [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5752 attached [pid 5752] chdir("./48" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 50 [pid 5752] <... chdir resumed>) = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5752] setpgid(0, 0) = 0 [pid 5752] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5752] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5752] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5752] write(3, "1000", 4) = 4 [pid 5752] close(3) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5752] mkdir("./file0", 000) = 0 [pid 5752] open("./file0", O_RDONLY) = 3 [ 190.175969][ T5748] anon 0 [ 190.175969][ T5748] file 0 [ 190.175969][ T5748] kernel 8192 [ 190.175969][ T5748] kernel_stack 0 [ 190.175969][ T5748] pagetables 0 [ 190.175969][ T5748] sec_pagetables 0 [ 190.175969][ T5748] percpu 0 [ 190.175969][ T5748] sock 0 [ 190.175969][ T5748] vmalloc 0 [ 190.175969][ T5748] shmem 0 [ 190.175969][ T5748] zswap 0 [ 190.175969][ T5748] zswapped 0 [ 190.175969][ T5748] file_mapped 0 [ 190.175969][ T5748] file_dirty 0 [ 190.175969][ T5748] file_writeback 0 [ 190.175969][ T5748] swapcached 0 [pid 5752] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5752] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5752] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5752] openat(5, "memory.max", O_RDWR) = 6 [ 190.175969][ T5748] anon_thp 0 [ 190.175969][ T5748] file_thp 0 [ 190.175969][ T5748] shmem_thp 0 [ 190.175969][ T5748] inactive_anon 0 [ 190.175969][ T5748] active_anon 0 [ 190.175969][ T5748] inactive_file 0 [ 190.175969][ T5748] active_file 0 [ 190.175969][ T5748] unevictable 0 [ 190.175969][ T5748] slab_reclaimable 6752 [ 190.175969][ T5748] slab_unreclaimable 0 [ 190.175969][ T5748] slab 6752 [ 190.175969][ T5748] workingset_refault_anon 0 [ 190.274276][ T5748] Tasks state (memory values in pages): [pid 5752] write(6, "0x000000000000040e", 18 [pid 5748] <... write resumed>) = 18 [pid 5748] close(3) = 0 [pid 5748] close(4) = 0 [pid 5748] close(5) = 0 [pid 5748] close(6) = 0 [pid 5748] close(7) = -1 EBADF (Bad file descriptor) [pid 5748] close(8) = -1 EBADF (Bad file descriptor) [pid 5748] close(9) = -1 EBADF (Bad file descriptor) [pid 5748] close(10) = -1 EBADF (Bad file descriptor) [pid 5748] close(11) = -1 EBADF (Bad file descriptor) [pid 5748] close(12) = -1 EBADF (Bad file descriptor) [pid 5748] close(13) = -1 EBADF (Bad file descriptor) [pid 5748] close(14) = -1 EBADF (Bad file descriptor) [pid 5748] close(15) = -1 EBADF (Bad file descriptor) [pid 5748] close(16) = -1 EBADF (Bad file descriptor) [pid 5748] close(17) = -1 EBADF (Bad file descriptor) [pid 5748] close(18) = -1 EBADF (Bad file descriptor) [pid 5748] close(19) = -1 EBADF (Bad file descriptor) [pid 5748] close(20) = -1 EBADF (Bad file descriptor) [pid 5748] close(21) = -1 EBADF (Bad file descriptor) [pid 5748] close(22) = -1 EBADF (Bad file descriptor) [ 190.282933][ T5748] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 190.293787][ T5748] Out of memory and no killable processes... [ 190.300319][ T5749] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 190.314695][ T5749] CPU: 0 PID: 5749 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5748] close(23) = -1 EBADF (Bad file descriptor) [pid 5748] close(24) = -1 EBADF (Bad file descriptor) [pid 5748] close(25) = -1 EBADF (Bad file descriptor) [pid 5748] close(26) = -1 EBADF (Bad file descriptor) [pid 5748] close(27) = -1 EBADF (Bad file descriptor) [pid 5748] close(28) = -1 EBADF (Bad file descriptor) [pid 5748] close(29) = -1 EBADF (Bad file descriptor) [pid 5748] exit_group(0) = ? [pid 5748] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./41/binderfs") = 0 [pid 5070] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./41/cgroup") = 0 [pid 5070] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./41/cgroup.net") = 0 [ 190.325171][ T5749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 190.335267][ T5749] Call Trace: [ 190.338581][ T5749] [ 190.341546][ T5749] dump_stack_lvl+0x1e7/0x2d0 [ 190.346276][ T5749] ? nf_tcp_handle_invalid+0x640/0x640 [ 190.351787][ T5749] ? panic+0x770/0x770 [ 190.355929][ T5749] dump_header+0xdc/0x940 [ 190.360318][ T5749] out_of_memory+0xf21/0x12c0 [ 190.365046][ T5749] ? mutex_lock_io_nested+0x60/0x60 [ 190.370306][ T5749] ? preempt_schedule+0xdd/0xf0 [ 190.375225][ T5749] ? unregister_oom_notifier+0x20/0x20 [ 190.380737][ T5749] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 190.386811][ T5749] mem_cgroup_out_of_memory+0x263/0x3b0 [ 190.392415][ T5749] ? preempt_schedule_thunk+0x1a/0x20 [ 190.397834][ T5749] ? mem_cgroup_oom_trylock+0x210/0x210 [ 190.403429][ T5749] ? cgroup_file_notify+0x127/0x190 [ 190.408655][ T5749] memory_max_write+0x355/0x470 [ 190.413531][ T5749] ? memory_max_show+0xa0/0xa0 [ 190.418311][ T5749] ? read_lock_is_recursive+0x20/0x20 [ 190.423702][ T5749] ? memory_max_show+0xa0/0xa0 [ 190.428480][ T5749] cgroup_file_write+0x2b1/0x780 [ 190.433434][ T5749] ? cgroup_seqfile_stop+0xd0/0xd0 [ 190.438555][ T5749] ? __virt_addr_valid+0x22f/0x2e0 [ 190.443698][ T5749] ? cgroup_seqfile_stop+0xd0/0xd0 [ 190.448817][ T5749] kernfs_fop_write_iter+0x3a6/0x4f0 [ 190.454128][ T5749] vfs_write+0x7b2/0xbb0 [ 190.458398][ T5749] ? file_end_write+0x240/0x240 [ 190.463275][ T5749] ? do_raw_spin_unlock+0x13b/0x8b0 [ 190.468488][ T5749] ? lockdep_hardirqs_on+0x98/0x140 [ 190.473707][ T5749] ? __fdget_pos+0x265/0x2f0 [ 190.478313][ T5749] ksys_write+0x1a0/0x2c0 [ 190.482675][ T5749] ? __ia32_sys_read+0x90/0x90 [ 190.487472][ T5749] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 190.493479][ T5749] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 190.499485][ T5749] do_syscall_64+0x41/0xc0 [ 190.503920][ T5749] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 190.509835][ T5749] RIP: 0033:0x7fd49ce20129 [ 190.514262][ T5749] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.533882][ T5749] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.542313][ T5749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 190.550295][ T5749] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 190.558276][ T5749] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 190.566255][ T5749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 190.574252][ T5749] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000031 [pid 5070] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 190.582250][ T5749] [ 190.588210][ T5749] memory: usage 8kB, limit 0kB, failcnt 55 [ 190.594247][ T5749] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 190.605402][ T5749] Memory cgroup stats for /syz1: [ 190.607098][ T5749] anon 0 [ 190.607098][ T5749] file 0 [ 190.607098][ T5749] kernel 8192 [ 190.607098][ T5749] kernel_stack 0 [ 190.607098][ T5749] pagetables 0 [ 190.607098][ T5749] sec_pagetables 0 [ 190.607098][ T5749] percpu 0 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./41/file0") = 0 [pid 5070] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./41/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./41") = 0 [pid 5070] mkdir("./42", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5753 attached [pid 5753] chdir("./42" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 44 [pid 5753] <... chdir resumed>) = 0 [pid 5753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5753] setpgid(0, 0) = 0 [pid 5753] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5753] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5753] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5753] write(3, "1000", 4) = 4 [pid 5753] close(3) = 0 [pid 5753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5753] mkdir("./file0", 000) = 0 [pid 5753] open("./file0", O_RDONLY) = 3 [pid 5753] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5753] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5753] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5753] openat(5, "memory.max", O_RDWR) = 6 [ 190.607098][ T5749] sock 0 [ 190.607098][ T5749] vmalloc 0 [ 190.607098][ T5749] shmem 0 [ 190.607098][ T5749] zswap 0 [ 190.607098][ T5749] zswapped 0 [ 190.607098][ T5749] file_mapped 0 [ 190.607098][ T5749] file_dirty 0 [ 190.607098][ T5749] file_writeback 0 [ 190.607098][ T5749] swapcached 0 [ 190.607098][ T5749] anon_thp 0 [ 190.607098][ T5749] file_thp 0 [ 190.607098][ T5749] shmem_thp 0 [ 190.607098][ T5749] inactive_anon 0 [ 190.607098][ T5749] active_anon 0 [ 190.607098][ T5749] inactive_file 0 [ 190.607098][ T5749] active_file 0 [ 190.607098][ T5749] unevictable 0 [ 190.607098][ T5749] slab_reclaimable 6752 [ 190.607098][ T5749] slab_unreclaimable 0 [ 190.607098][ T5749] slab 6752 [ 190.607098][ T5749] workingset_refault_anon 0 [ 190.703489][ T5749] Tasks state (memory values in pages): [ 190.715661][ T5749] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 190.725554][ T5749] Out of memory and no killable processes... [pid 5753] write(6, "0x000000000000040e", 18 [pid 5749] <... write resumed>) = 18 [pid 5749] close(3) = 0 [pid 5749] close(4) = 0 [pid 5749] close(5) = 0 [pid 5749] close(6) = 0 [pid 5749] close(7) = -1 EBADF (Bad file descriptor) [pid 5749] close(8) = -1 EBADF (Bad file descriptor) [pid 5749] close(9) = -1 EBADF (Bad file descriptor) [pid 5749] close(10) = -1 EBADF (Bad file descriptor) [ 190.732235][ T5750] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 190.743487][ T5750] CPU: 0 PID: 5750 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 190.753956][ T5750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 190.764052][ T5750] Call Trace: [ 190.767368][ T5750] [ 190.770340][ T5750] dump_stack_lvl+0x1e7/0x2d0 [ 190.775076][ T5750] ? nf_tcp_handle_invalid+0x640/0x640 [ 190.780582][ T5750] ? panic+0x770/0x770 [pid 5749] close(11) = -1 EBADF (Bad file descriptor) [pid 5749] close(12) = -1 EBADF (Bad file descriptor) [pid 5749] close(13) = -1 EBADF (Bad file descriptor) [pid 5749] close(14) = -1 EBADF (Bad file descriptor) [pid 5749] close(15) = -1 EBADF (Bad file descriptor) [pid 5749] close(16) = -1 EBADF (Bad file descriptor) [pid 5749] close(17) = -1 EBADF (Bad file descriptor) [pid 5749] close(18) = -1 EBADF (Bad file descriptor) [pid 5749] close(19) = -1 EBADF (Bad file descriptor) [pid 5749] close(20) = -1 EBADF (Bad file descriptor) [pid 5749] close(21) = -1 EBADF (Bad file descriptor) [pid 5749] close(22) = -1 EBADF (Bad file descriptor) [pid 5749] close(23) = -1 EBADF (Bad file descriptor) [pid 5749] close(24) = -1 EBADF (Bad file descriptor) [pid 5749] close(25) = -1 EBADF (Bad file descriptor) [pid 5749] close(26) = -1 EBADF (Bad file descriptor) [pid 5749] close(27) = -1 EBADF (Bad file descriptor) [pid 5749] close(28) = -1 EBADF (Bad file descriptor) [pid 5749] close(29) = -1 EBADF (Bad file descriptor) [pid 5749] exit_group(0) = ? [pid 5749] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./49/binderfs") = 0 [pid 5074] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./49/cgroup") = 0 [pid 5074] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./49/cgroup.net") = 0 [ 190.784716][ T5750] dump_header+0xdc/0x940 [ 190.789103][ T5750] out_of_memory+0xf21/0x12c0 [ 190.793867][ T5750] ? mutex_lock_io_nested+0x60/0x60 [ 190.799129][ T5750] ? preempt_schedule+0xdd/0xf0 [ 190.804019][ T5750] ? unregister_oom_notifier+0x20/0x20 [ 190.809559][ T5750] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 190.815606][ T5750] mem_cgroup_out_of_memory+0x263/0x3b0 [ 190.821208][ T5750] ? preempt_schedule_thunk+0x1a/0x20 [ 190.826615][ T5750] ? mem_cgroup_oom_trylock+0x210/0x210 [ 190.832205][ T5750] ? cgroup_file_notify+0x127/0x190 [ 190.837433][ T5750] memory_max_write+0x355/0x470 [ 190.842335][ T5750] ? memory_max_show+0xa0/0xa0 [ 190.847119][ T5750] ? read_lock_is_recursive+0x20/0x20 [ 190.852522][ T5750] ? memory_max_show+0xa0/0xa0 [ 190.857303][ T5750] cgroup_file_write+0x2b1/0x780 [ 190.862259][ T5750] ? cgroup_seqfile_stop+0xd0/0xd0 [ 190.867387][ T5750] ? __virt_addr_valid+0x22f/0x2e0 [ 190.872528][ T5750] ? cgroup_seqfile_stop+0xd0/0xd0 [ 190.877650][ T5750] kernfs_fop_write_iter+0x3a6/0x4f0 [ 190.882961][ T5750] vfs_write+0x7b2/0xbb0 [ 190.887229][ T5750] ? file_end_write+0x240/0x240 [ 190.892116][ T5750] ? do_raw_spin_unlock+0x13b/0x8b0 [ 190.897371][ T5750] ? lockdep_hardirqs_on+0x98/0x140 [ 190.902606][ T5750] ? __fdget_pos+0x265/0x2f0 [ 190.907224][ T5750] ksys_write+0x1a0/0x2c0 [ 190.911587][ T5750] ? __ia32_sys_read+0x90/0x90 [ 190.916382][ T5750] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 190.922413][ T5750] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 190.928440][ T5750] do_syscall_64+0x41/0xc0 [ 190.932876][ T5750] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 190.938794][ T5750] RIP: 0033:0x7fd49ce20129 [ 190.943222][ T5750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.962847][ T5750] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.971282][ T5750] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 190.979276][ T5750] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 190.987285][ T5750] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 190.995270][ T5750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 191.003260][ T5750] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002d [ 191.011267][ T5750] [ 191.029124][ T5750] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 191.035008][ T5750] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.043554][ T5750] Memory cgroup stats for /syz1: [ 191.043770][ T5750] anon 0 [ 191.043770][ T5750] file 0 [ 191.043770][ T5750] kernel 8192 [ 191.043770][ T5750] kernel_stack 0 [ 191.043770][ T5750] pagetables 0 [ 191.043770][ T5750] sec_pagetables 0 [ 191.043770][ T5750] percpu 0 [ 191.043770][ T5750] sock 0 [ 191.043770][ T5750] vmalloc 0 [ 191.043770][ T5750] shmem 0 [ 191.043770][ T5750] zswap 0 [ 191.043770][ T5750] zswapped 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./49/file0") = 0 [pid 5074] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./49/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./49") = 0 [pid 5074] mkdir("./50", 0777) = 0 [ 191.043770][ T5750] file_mapped 0 [ 191.043770][ T5750] file_dirty 0 [ 191.043770][ T5750] file_writeback 0 [ 191.043770][ T5750] swapcached 0 [ 191.043770][ T5750] anon_thp 0 [ 191.043770][ T5750] file_thp 0 [ 191.043770][ T5750] shmem_thp 0 [ 191.043770][ T5750] inactive_anon 0 [ 191.043770][ T5750] active_anon 0 [ 191.043770][ T5750] inactive_file 0 [ 191.043770][ T5750] active_file 0 [ 191.043770][ T5750] unevictable 0 [ 191.043770][ T5750] slab_reclaimable 6752 [ 191.043770][ T5750] slab_unreclaimable 0 [ 191.043770][ T5750] slab 6752 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 52 ./strace-static-x86_64: Process 5754 attached [pid 5754] chdir("./50") = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0) = 0 [pid 5754] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5754] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5754] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5754] mkdir("./file0", 000) = 0 [pid 5754] open("./file0", O_RDONLY) = 3 [pid 5754] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5754] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5754] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5754] openat(5, "memory.max", O_RDWR) = 6 [pid 5754] write(6, "0x000000000000040e", 18 [pid 5750] <... write resumed>) = 18 [pid 5750] close(3) = 0 [pid 5750] close(4) = 0 [pid 5750] close(5) = 0 [pid 5750] close(6) = 0 [pid 5750] close(7) = -1 EBADF (Bad file descriptor) [pid 5750] close(8) = -1 EBADF (Bad file descriptor) [pid 5750] close(9) = -1 EBADF (Bad file descriptor) [pid 5750] close(10) = -1 EBADF (Bad file descriptor) [pid 5750] close(11) = -1 EBADF (Bad file descriptor) [pid 5750] close(12) = -1 EBADF (Bad file descriptor) [pid 5750] close(13) = -1 EBADF (Bad file descriptor) [pid 5750] close(14) = -1 EBADF (Bad file descriptor) [pid 5750] close(15) = -1 EBADF (Bad file descriptor) [pid 5750] close(16) = -1 EBADF (Bad file descriptor) [pid 5750] close(17) = -1 EBADF (Bad file descriptor) [pid 5750] close(18) = -1 EBADF (Bad file descriptor) [pid 5750] close(19) = -1 EBADF (Bad file descriptor) [ 191.043770][ T5750] workingset_refault_anon 0 [ 191.140895][ T5750] Tasks state (memory values in pages): [ 191.149173][ T5750] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 191.159187][ T5750] Out of memory and no killable processes... [ 191.165273][ T5751] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5750] close(20) = -1 EBADF (Bad file descriptor) [pid 5750] close(21) = -1 EBADF (Bad file descriptor) [pid 5750] close(22) = -1 EBADF (Bad file descriptor) [pid 5750] close(23) = -1 EBADF (Bad file descriptor) [pid 5750] close(24) = -1 EBADF (Bad file descriptor) [pid 5750] close(25) = -1 EBADF (Bad file descriptor) [pid 5750] close(26) = -1 EBADF (Bad file descriptor) [pid 5750] close(27) = -1 EBADF (Bad file descriptor) [pid 5750] close(28) = -1 EBADF (Bad file descriptor) [pid 5750] close(29) = -1 EBADF (Bad file descriptor) [pid 5750] exit_group(0) = ? [pid 5750] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5073] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./45/binderfs") = 0 [pid 5073] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./45/cgroup") = 0 [pid 5073] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./45/cgroup.net") = 0 [ 191.185376][ T5751] CPU: 0 PID: 5751 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 191.195885][ T5751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 191.205988][ T5751] Call Trace: [ 191.209315][ T5751] [ 191.212284][ T5751] dump_stack_lvl+0x1e7/0x2d0 [ 191.217022][ T5751] ? nf_tcp_handle_invalid+0x640/0x640 [ 191.222538][ T5751] ? panic+0x770/0x770 [ 191.226677][ T5751] dump_header+0xdc/0x940 [ 191.231068][ T5751] out_of_memory+0xf21/0x12c0 [ 191.235812][ T5751] ? mutex_lock_io_nested+0x60/0x60 [ 191.241079][ T5751] ? mark_lock+0x9a/0x340 [ 191.245450][ T5751] ? unregister_oom_notifier+0x20/0x20 [ 191.250989][ T5751] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 191.257031][ T5751] mem_cgroup_out_of_memory+0x263/0x3b0 [ 191.262636][ T5751] ? mem_cgroup_oom_trylock+0x210/0x210 [ 191.268234][ T5751] ? cgroup_file_notify+0x127/0x190 [ 191.273466][ T5751] memory_max_write+0x355/0x470 [ 191.278362][ T5751] ? memory_max_show+0xa0/0xa0 [ 191.283144][ T5751] ? read_lock_is_recursive+0x20/0x20 [ 191.288536][ T5751] ? memory_max_show+0xa0/0xa0 [ 191.293318][ T5751] cgroup_file_write+0x2b1/0x780 [ 191.298287][ T5751] ? cgroup_seqfile_stop+0xd0/0xd0 [ 191.303419][ T5751] ? __virt_addr_valid+0x22f/0x2e0 [ 191.308604][ T5751] ? cgroup_seqfile_stop+0xd0/0xd0 [ 191.313872][ T5751] kernfs_fop_write_iter+0x3a6/0x4f0 [ 191.319208][ T5751] vfs_write+0x7b2/0xbb0 [ 191.323500][ T5751] ? file_end_write+0x240/0x240 [ 191.328416][ T5751] ? do_raw_spin_unlock+0x13b/0x8b0 [ 191.333668][ T5751] ? lockdep_hardirqs_on+0x98/0x140 [ 191.338934][ T5751] ? __fdget_pos+0x265/0x2f0 [ 191.343607][ T5751] ksys_write+0x1a0/0x2c0 [ 191.347991][ T5751] ? __ia32_sys_read+0x90/0x90 [ 191.352780][ T5751] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 191.358809][ T5751] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 191.364879][ T5751] do_syscall_64+0x41/0xc0 [ 191.369362][ T5751] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.375326][ T5751] RIP: 0033:0x7fd49ce20129 [ 191.379794][ T5751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 191.399455][ T5751] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.408102][ T5751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 191.416127][ T5751] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 191.424170][ T5751] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./45/file0") = 0 [ 191.432172][ T5751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 191.440281][ T5751] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002a [ 191.448316][ T5751] [ 191.460806][ T5751] memory: usage 8kB, limit 0kB, failcnt 55 [ 191.466757][ T5751] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.473646][ T5751] Memory cgroup stats for /syz1: [ 191.473843][ T5751] anon 0 [ 191.473843][ T5751] file 0 [ 191.473843][ T5751] kernel 8192 [pid 5073] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./45/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./45") = 0 [pid 5073] mkdir("./46", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 48 ./strace-static-x86_64: Process 5755 attached [pid 5755] chdir("./46") = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5755] setpgid(0, 0) = 0 [ 191.473843][ T5751] kernel_stack 0 [ 191.473843][ T5751] pagetables 0 [ 191.473843][ T5751] sec_pagetables 0 [ 191.473843][ T5751] percpu 0 [ 191.473843][ T5751] sock 0 [ 191.473843][ T5751] vmalloc 0 [ 191.473843][ T5751] shmem 0 [ 191.473843][ T5751] zswap 0 [ 191.473843][ T5751] zswapped 0 [ 191.473843][ T5751] file_mapped 0 [ 191.473843][ T5751] file_dirty 0 [ 191.473843][ T5751] file_writeback 0 [ 191.473843][ T5751] swapcached 0 [ 191.473843][ T5751] anon_thp 0 [ 191.473843][ T5751] file_thp 0 [ 191.473843][ T5751] shmem_thp 0 [pid 5755] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5755] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5755] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5755] write(3, "1000", 4) = 4 [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] mkdir("./file0", 000) = 0 [pid 5755] open("./file0", O_RDONLY) = 3 [pid 5755] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5755] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5755] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5755] openat(5, "memory.max", O_RDWR) = 6 [ 191.473843][ T5751] inactive_anon 0 [ 191.473843][ T5751] active_anon 0 [ 191.473843][ T5751] inactive_file 0 [ 191.473843][ T5751] active_file 0 [ 191.473843][ T5751] unevictable 0 [ 191.473843][ T5751] slab_reclaimable 6752 [ 191.473843][ T5751] slab_unreclaimable 0 [ 191.473843][ T5751] slab 6752 [ 191.473843][ T5751] workingset_refault_anon 0 [ 191.581262][ T5751] Tasks state (memory values in pages): [pid 5755] write(6, "0x000000000000040e", 18 [pid 5751] <... write resumed>) = 18 [pid 5751] close(3) = 0 [pid 5751] close(4) = 0 [pid 5751] close(5) = 0 [pid 5751] close(6) = 0 [pid 5751] close(7) = -1 EBADF (Bad file descriptor) [pid 5751] close(8) = -1 EBADF (Bad file descriptor) [pid 5751] close(9) = -1 EBADF (Bad file descriptor) [pid 5751] close(10) = -1 EBADF (Bad file descriptor) [pid 5751] close(11) = -1 EBADF (Bad file descriptor) [pid 5751] close(12) = -1 EBADF (Bad file descriptor) [pid 5751] close(13) = -1 EBADF (Bad file descriptor) [pid 5751] close(14) = -1 EBADF (Bad file descriptor) [pid 5751] close(15) = -1 EBADF (Bad file descriptor) [pid 5751] close(16) = -1 EBADF (Bad file descriptor) [pid 5751] close(17) = -1 EBADF (Bad file descriptor) [pid 5751] close(18) = -1 EBADF (Bad file descriptor) [pid 5751] close(19) = -1 EBADF (Bad file descriptor) [pid 5751] close(20) = -1 EBADF (Bad file descriptor) [ 191.588616][ T5751] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 191.600539][ T5751] Out of memory and no killable processes... [ 191.607335][ T5752] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 191.623927][ T5752] CPU: 0 PID: 5752 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5751] close(21) = -1 EBADF (Bad file descriptor) [pid 5751] close(22) = -1 EBADF (Bad file descriptor) [pid 5751] close(23) = -1 EBADF (Bad file descriptor) [pid 5751] close(24) = -1 EBADF (Bad file descriptor) [pid 5751] close(25) = -1 EBADF (Bad file descriptor) [pid 5751] close(26) = -1 EBADF (Bad file descriptor) [pid 5751] close(27) = -1 EBADF (Bad file descriptor) [pid 5751] close(28) = -1 EBADF (Bad file descriptor) [pid 5751] close(29) = -1 EBADF (Bad file descriptor) [pid 5751] exit_group(0) = ? [pid 5751] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./42/binderfs") = 0 [pid 5072] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./42/cgroup") = 0 [pid 5072] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./42/cgroup.net") = 0 [ 191.634416][ T5752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 191.644525][ T5752] Call Trace: [ 191.647850][ T5752] [ 191.650826][ T5752] dump_stack_lvl+0x1e7/0x2d0 [ 191.655563][ T5752] ? nf_tcp_handle_invalid+0x640/0x640 [ 191.661080][ T5752] ? panic+0x770/0x770 [ 191.665224][ T5752] dump_header+0xdc/0x940 [ 191.669624][ T5752] out_of_memory+0xf21/0x12c0 [ 191.674368][ T5752] ? mutex_lock_io_nested+0x60/0x60 [ 191.679639][ T5752] ? mark_lock+0x9a/0x340 [ 191.684020][ T5752] ? unregister_oom_notifier+0x20/0x20 [ 191.689537][ T5752] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 191.695590][ T5752] mem_cgroup_out_of_memory+0x263/0x3b0 [ 191.701202][ T5752] ? mem_cgroup_oom_trylock+0x210/0x210 [ 191.706832][ T5752] ? cgroup_file_notify+0x127/0x190 [ 191.712084][ T5752] memory_max_write+0x355/0x470 [ 191.716995][ T5752] ? memory_max_show+0xa0/0xa0 [ 191.721814][ T5752] ? read_lock_is_recursive+0x20/0x20 [ 191.727256][ T5752] ? memory_max_show+0xa0/0xa0 [ 191.732080][ T5752] cgroup_file_write+0x2b1/0x780 [ 191.737068][ T5752] ? cgroup_seqfile_stop+0xd0/0xd0 [ 191.742232][ T5752] ? __virt_addr_valid+0x22f/0x2e0 [ 191.747414][ T5752] ? cgroup_seqfile_stop+0xd0/0xd0 [ 191.752556][ T5752] kernfs_fop_write_iter+0x3a6/0x4f0 [ 191.757878][ T5752] vfs_write+0x7b2/0xbb0 [ 191.762178][ T5752] ? file_end_write+0x240/0x240 [ 191.767090][ T5752] ? do_raw_spin_unlock+0x13b/0x8b0 [ 191.772336][ T5752] ? lockdep_hardirqs_on+0x98/0x140 [ 191.777582][ T5752] ? __fdget_pos+0x265/0x2f0 [ 191.782228][ T5752] ksys_write+0x1a0/0x2c0 [ 191.786631][ T5752] ? __ia32_sys_read+0x90/0x90 [ 191.791446][ T5752] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 191.797504][ T5752] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 191.803547][ T5752] do_syscall_64+0x41/0xc0 [ 191.808019][ T5752] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.813965][ T5752] RIP: 0033:0x7fd49ce20129 [ 191.818434][ T5752] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5072] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 191.838095][ T5752] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.846746][ T5752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 191.854776][ T5752] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 191.862792][ T5752] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 191.870811][ T5752] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 191.878809][ T5752] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000030 [ 191.886856][ T5752] [pid 5072] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./42/file0") = 0 [pid 5072] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./42/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./42") = 0 [pid 5072] mkdir("./43", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5757 attached [pid 5757] chdir("./43" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 45 [pid 5757] <... chdir resumed>) = 0 [pid 5757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5757] setpgid(0, 0) = 0 [pid 5757] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5757] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5757] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] write(3, "1000", 4) = 4 [ 191.906044][ T5752] memory: usage 8kB, limit 0kB, failcnt 55 [ 191.914220][ T5752] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.929128][ T5752] Memory cgroup stats for /syz1: [ 191.929362][ T5752] anon 0 [ 191.929362][ T5752] file 0 [ 191.929362][ T5752] kernel 8192 [ 191.929362][ T5752] kernel_stack 0 [ 191.929362][ T5752] pagetables 0 [ 191.929362][ T5752] sec_pagetables 0 [ 191.929362][ T5752] percpu 0 [pid 5757] close(3) = 0 [pid 5757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5757] mkdir("./file0", 000) = 0 [pid 5757] open("./file0", O_RDONLY) = 3 [pid 5757] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5757] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5757] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5757] openat(5, "memory.max", O_RDWR) = 6 [ 191.929362][ T5752] sock 0 [ 191.929362][ T5752] vmalloc 0 [ 191.929362][ T5752] shmem 0 [ 191.929362][ T5752] zswap 0 [ 191.929362][ T5752] zswapped 0 [ 191.929362][ T5752] file_mapped 0 [ 191.929362][ T5752] file_dirty 0 [ 191.929362][ T5752] file_writeback 0 [ 191.929362][ T5752] swapcached 0 [ 191.929362][ T5752] anon_thp 0 [ 191.929362][ T5752] file_thp 0 [ 191.929362][ T5752] shmem_thp 0 [ 191.929362][ T5752] inactive_anon 0 [ 191.929362][ T5752] active_anon 0 [ 191.929362][ T5752] inactive_file 0 [ 191.929362][ T5752] active_file 0 [pid 5757] write(6, "0x000000000000040e", 18 [pid 5752] <... write resumed>) = 18 [ 191.929362][ T5752] unevictable 0 [ 191.929362][ T5752] slab_reclaimable 6752 [ 191.929362][ T5752] slab_unreclaimable 0 [ 191.929362][ T5752] slab 6752 [ 191.929362][ T5752] workingset_refault_anon 0 [ 192.029407][ T5752] Tasks state (memory values in pages): [ 192.034996][ T5752] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 192.044645][ T5752] Out of memory and no killable processes... [pid 5752] close(3) = 0 [pid 5752] close(4) = 0 [pid 5752] close(5) = 0 [pid 5752] close(6) = 0 [pid 5752] close(7) = -1 EBADF (Bad file descriptor) [pid 5752] close(8) = -1 EBADF (Bad file descriptor) [pid 5752] close(9) = -1 EBADF (Bad file descriptor) [pid 5752] close(10) = -1 EBADF (Bad file descriptor) [pid 5752] close(11) = -1 EBADF (Bad file descriptor) [pid 5752] close(12) = -1 EBADF (Bad file descriptor) [pid 5752] close(13) = -1 EBADF (Bad file descriptor) [pid 5752] close(14) = -1 EBADF (Bad file descriptor) [pid 5752] close(15) = -1 EBADF (Bad file descriptor) [pid 5752] close(16) = -1 EBADF (Bad file descriptor) [pid 5752] close(17) = -1 EBADF (Bad file descriptor) [pid 5752] close(18) = -1 EBADF (Bad file descriptor) [pid 5752] close(19) = -1 EBADF (Bad file descriptor) [pid 5752] close(20) = -1 EBADF (Bad file descriptor) [ 192.055940][ T5753] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 192.071845][ T5753] CPU: 0 PID: 5753 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 192.082334][ T5753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 192.092437][ T5753] Call Trace: [ 192.095760][ T5753] [ 192.098733][ T5753] dump_stack_lvl+0x1e7/0x2d0 [pid 5752] close(21) = -1 EBADF (Bad file descriptor) [pid 5752] close(22) = -1 EBADF (Bad file descriptor) [pid 5752] close(23) = -1 EBADF (Bad file descriptor) [pid 5752] close(24) = -1 EBADF (Bad file descriptor) [pid 5752] close(25) = -1 EBADF (Bad file descriptor) [pid 5752] close(26) = -1 EBADF (Bad file descriptor) [pid 5752] close(27) = -1 EBADF (Bad file descriptor) [pid 5752] close(28) = -1 EBADF (Bad file descriptor) [pid 5752] close(29) = -1 EBADF (Bad file descriptor) [pid 5752] exit_group(0) = ? [pid 5752] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 192.103475][ T5753] ? nf_tcp_handle_invalid+0x640/0x640 [ 192.108994][ T5753] ? panic+0x770/0x770 [ 192.113123][ T5753] dump_header+0xdc/0x940 [ 192.117511][ T5753] out_of_memory+0xf21/0x12c0 [ 192.122250][ T5753] ? mutex_lock_io_nested+0x60/0x60 [ 192.127522][ T5753] ? preempt_schedule+0xdd/0xf0 [ 192.132461][ T5753] ? unregister_oom_notifier+0x20/0x20 [ 192.137966][ T5753] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 192.143997][ T5753] mem_cgroup_out_of_memory+0x263/0x3b0 [ 192.149568][ T5753] ? preempt_schedule_thunk+0x1a/0x20 [ 192.154962][ T5753] ? mem_cgroup_oom_trylock+0x210/0x210 [ 192.160539][ T5753] ? cgroup_file_notify+0x127/0x190 [ 192.165767][ T5753] memory_max_write+0x355/0x470 [ 192.170646][ T5753] ? memory_max_show+0xa0/0xa0 [ 192.175428][ T5753] ? read_lock_is_recursive+0x20/0x20 [ 192.180821][ T5753] ? memory_max_show+0xa0/0xa0 [ 192.185612][ T5753] cgroup_file_write+0x2b1/0x780 [ 192.190567][ T5753] ? cgroup_seqfile_stop+0xd0/0xd0 [ 192.195692][ T5753] ? __virt_addr_valid+0x22f/0x2e0 [ 192.200837][ T5753] ? cgroup_seqfile_stop+0xd0/0xd0 [ 192.205959][ T5753] kernfs_fop_write_iter+0x3a6/0x4f0 [ 192.211279][ T5753] vfs_write+0x7b2/0xbb0 [ 192.215553][ T5753] ? file_end_write+0x240/0x240 [ 192.220424][ T5753] ? do_raw_spin_unlock+0x13b/0x8b0 [ 192.225643][ T5753] ? lockdep_hardirqs_on+0x98/0x140 [ 192.230866][ T5753] ? __fdget_pos+0x265/0x2f0 [ 192.235477][ T5753] ksys_write+0x1a0/0x2c0 [ 192.239828][ T5753] ? __ia32_sys_read+0x90/0x90 [ 192.244612][ T5753] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 192.250620][ T5753] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 192.256627][ T5753] do_syscall_64+0x41/0xc0 [ 192.261062][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 192.266976][ T5753] RIP: 0033:0x7fd49ce20129 [ 192.271402][ T5753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.291024][ T5753] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.299457][ T5753] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 192.307440][ T5753] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 192.315422][ T5753] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 192.323407][ T5753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 192.331393][ T5753] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002a [ 192.339397][ T5753] [ 192.345393][ T5753] memory: usage 8kB, limit 0kB, failcnt 55 [ 192.351727][ T5753] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 192.359299][ T5753] Memory cgroup stats for /syz1: [ 192.359755][ T5753] anon 0 [ 192.359755][ T5753] file 0 [ 192.359755][ T5753] kernel 8192 [ 192.359755][ T5753] kernel_stack 0 [ 192.359755][ T5753] pagetables 0 [ 192.359755][ T5753] sec_pagetables 0 [ 192.359755][ T5753] percpu 0 [ 192.359755][ T5753] sock 0 [ 192.359755][ T5753] vmalloc 0 [ 192.359755][ T5753] shmem 0 [ 192.359755][ T5753] zswap 0 [ 192.359755][ T5753] zswapped 0 [ 192.359755][ T5753] file_mapped 0 [ 192.359755][ T5753] file_dirty 0 [ 192.359755][ T5753] file_writeback 0 [ 192.359755][ T5753] swapcached 0 [ 192.359755][ T5753] anon_thp 0 [ 192.359755][ T5753] file_thp 0 [ 192.359755][ T5753] shmem_thp 0 [ 192.359755][ T5753] inactive_anon 0 [ 192.359755][ T5753] active_anon 0 [ 192.359755][ T5753] inactive_file 0 [ 192.359755][ T5753] active_file 0 [ 192.359755][ T5753] unevictable 0 [ 192.359755][ T5753] slab_reclaimable 6752 [ 192.359755][ T5753] slab_unreclaimable 0 [ 192.359755][ T5753] slab 6752 [ 192.359755][ T5753] workingset_refault_anon 0 [pid 5075] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./48/binderfs") = 0 [pid 5075] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./48/cgroup") = 0 [pid 5075] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./48/cgroup.net") = 0 [pid 5075] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./48/file0") = 0 [pid 5075] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./48/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./48") = 0 [pid 5075] mkdir("./49", 0777) = 0 [pid 5753] <... write resumed>) = 18 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5753] close(3) = 0 [pid 5753] close(4./strace-static-x86_64: Process 5758 attached [ 192.458626][ T5753] Tasks state (memory values in pages): [ 192.464224][ T5753] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 192.484466][ T5753] Out of memory and no killable processes... [ 192.491537][ T5754] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5758] chdir("./49" [pid 5753] <... close resumed>) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 51 [pid 5758] <... chdir resumed>) = 0 [pid 5758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5758] setpgid(0, 0) = 0 [pid 5758] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5758] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5758] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5758] write(3, "1000", 4) = 4 [pid 5758] close(3) = 0 [pid 5758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5758] mkdir("./file0", 000) = 0 [pid 5758] open("./file0", O_RDONLY) = 3 [pid 5758] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5758] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5758] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5758] openat(5, "memory.max", O_RDWR) = 6 [pid 5758] write(6, "0x000000000000040e", 18 [pid 5753] close(5) = 0 [pid 5753] close(6) = 0 [pid 5753] close(7) = -1 EBADF (Bad file descriptor) [pid 5753] close(8) = -1 EBADF (Bad file descriptor) [pid 5753] close(9) = -1 EBADF (Bad file descriptor) [pid 5753] close(10) = -1 EBADF (Bad file descriptor) [pid 5753] close(11) = -1 EBADF (Bad file descriptor) [pid 5753] close(12) = -1 EBADF (Bad file descriptor) [pid 5753] close(13) = -1 EBADF (Bad file descriptor) [pid 5753] close(14) = -1 EBADF (Bad file descriptor) [pid 5753] close(15) = -1 EBADF (Bad file descriptor) [pid 5753] close(16) = -1 EBADF (Bad file descriptor) [pid 5753] close(17) = -1 EBADF (Bad file descriptor) [pid 5753] close(18) = -1 EBADF (Bad file descriptor) [pid 5753] close(19) = -1 EBADF (Bad file descriptor) [pid 5753] close(20) = -1 EBADF (Bad file descriptor) [pid 5753] close(21) = -1 EBADF (Bad file descriptor) [pid 5753] close(22) = -1 EBADF (Bad file descriptor) [pid 5753] close(23) = -1 EBADF (Bad file descriptor) [ 192.506868][ T5754] CPU: 1 PID: 5754 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 192.517351][ T5754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 192.527463][ T5754] Call Trace: [ 192.530779][ T5754] [ 192.533751][ T5754] dump_stack_lvl+0x1e7/0x2d0 [ 192.538511][ T5754] ? nf_tcp_handle_invalid+0x640/0x640 [ 192.544020][ T5754] ? panic+0x770/0x770 [ 192.548180][ T5754] dump_header+0xdc/0x940 [ 192.552570][ T5754] out_of_memory+0xf21/0x12c0 [pid 5753] close(24) = -1 EBADF (Bad file descriptor) [pid 5753] close(25) = -1 EBADF (Bad file descriptor) [pid 5753] close(26) = -1 EBADF (Bad file descriptor) [pid 5753] close(27) = -1 EBADF (Bad file descriptor) [pid 5753] close(28) = -1 EBADF (Bad file descriptor) [pid 5753] close(29) = -1 EBADF (Bad file descriptor) [pid 5753] exit_group(0) = ? [pid 5753] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 192.557312][ T5754] ? mutex_lock_io_nested+0x60/0x60 [ 192.562585][ T5754] ? preempt_schedule+0xdd/0xf0 [ 192.567490][ T5754] ? unregister_oom_notifier+0x20/0x20 [ 192.572989][ T5754] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 192.579034][ T5754] mem_cgroup_out_of_memory+0x263/0x3b0 [ 192.584639][ T5754] ? preempt_schedule_thunk+0x1a/0x20 [ 192.590073][ T5754] ? mem_cgroup_oom_trylock+0x210/0x210 [ 192.595703][ T5754] ? cgroup_file_notify+0x127/0x190 [ 192.600970][ T5754] memory_max_write+0x355/0x470 [ 192.605889][ T5754] ? memory_max_show+0xa0/0xa0 [ 192.610692][ T5754] ? read_lock_is_recursive+0x20/0x20 [ 192.616105][ T5754] ? memory_max_show+0xa0/0xa0 [ 192.620918][ T5754] cgroup_file_write+0x2b1/0x780 [ 192.625894][ T5754] ? cgroup_seqfile_stop+0xd0/0xd0 [ 192.631042][ T5754] ? __virt_addr_valid+0x22f/0x2e0 [ 192.636213][ T5754] ? cgroup_seqfile_stop+0xd0/0xd0 [ 192.641353][ T5754] kernfs_fop_write_iter+0x3a6/0x4f0 [ 192.646678][ T5754] vfs_write+0x7b2/0xbb0 [ 192.650967][ T5754] ? file_end_write+0x240/0x240 [ 192.655842][ T5754] ? do_raw_spin_unlock+0x13b/0x8b0 [ 192.661059][ T5754] ? lockdep_hardirqs_on+0x98/0x140 [ 192.666298][ T5754] ? __fdget_pos+0x265/0x2f0 [ 192.670910][ T5754] ksys_write+0x1a0/0x2c0 [ 192.675264][ T5754] ? __ia32_sys_read+0x90/0x90 [ 192.680048][ T5754] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 192.686049][ T5754] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 192.692069][ T5754] do_syscall_64+0x41/0xc0 [ 192.696503][ T5754] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 192.702533][ T5754] RIP: 0033:0x7fd49ce20129 [ 192.706961][ T5754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.726711][ T5754] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.735150][ T5754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 192.743134][ T5754] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 192.751139][ T5754] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./42/binderfs") = 0 [pid 5070] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./42/cgroup") = 0 [pid 5070] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./42/cgroup.net") = 0 [pid 5070] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [ 192.759136][ T5754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 192.767155][ T5754] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000032 [ 192.775172][ T5754] [ 192.781265][ T5754] memory: usage 8kB, limit 0kB, failcnt 55 [ 192.789739][ T5754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 192.797152][ T5754] Memory cgroup stats for /syz1: [ 192.797354][ T5754] anon 0 [ 192.797354][ T5754] file 0 [pid 5070] rmdir("./42/file0") = 0 [pid 5070] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./42/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./42") = 0 [pid 5070] mkdir("./43", 0777) = 0 [ 192.797354][ T5754] kernel 8192 [ 192.797354][ T5754] kernel_stack 0 [ 192.797354][ T5754] pagetables 0 [ 192.797354][ T5754] sec_pagetables 0 [ 192.797354][ T5754] percpu 0 [ 192.797354][ T5754] sock 0 [ 192.797354][ T5754] vmalloc 0 [ 192.797354][ T5754] shmem 0 [ 192.797354][ T5754] zswap 0 [ 192.797354][ T5754] zswapped 0 [ 192.797354][ T5754] file_mapped 0 [ 192.797354][ T5754] file_dirty 0 [ 192.797354][ T5754] file_writeback 0 [ 192.797354][ T5754] swapcached 0 [ 192.797354][ T5754] anon_thp 0 [ 192.797354][ T5754] file_thp 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 45 ./strace-static-x86_64: Process 5759 attached [pid 5759] chdir("./43") = 0 [pid 5759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5759] setpgid(0, 0) = 0 [pid 5759] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5759] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5759] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5759] write(3, "1000", 4) = 4 [pid 5759] close(3) = 0 [pid 5759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5759] mkdir("./file0", 000) = 0 [pid 5759] open("./file0", O_RDONLY) = 3 [pid 5759] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5759] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5759] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5759] openat(5, "memory.max", O_RDWR) = 6 [ 192.797354][ T5754] shmem_thp 0 [ 192.797354][ T5754] inactive_anon 0 [ 192.797354][ T5754] active_anon 0 [ 192.797354][ T5754] inactive_file 0 [ 192.797354][ T5754] active_file 0 [ 192.797354][ T5754] unevictable 0 [ 192.797354][ T5754] slab_reclaimable 6752 [ 192.797354][ T5754] slab_unreclaimable 0 [ 192.797354][ T5754] slab 6752 [ 192.797354][ T5754] workingset_refault_anon 0 [ 192.900144][ T5754] Tasks state (memory values in pages): [pid 5759] write(6, "0x000000000000040e", 18 [pid 5754] <... write resumed>) = 18 [ 192.906068][ T5754] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 192.917018][ T5754] Out of memory and no killable processes... [ 192.923099][ T5755] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 192.933792][ T5755] CPU: 1 PID: 5755 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 192.944249][ T5755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 192.954341][ T5755] Call Trace: [ 192.957654][ T5755] [pid 5754] close(3) = 0 [pid 5754] close(4) = 0 [pid 5754] close(5) = 0 [pid 5754] close(6) = 0 [pid 5754] close(7) = -1 EBADF (Bad file descriptor) [pid 5754] close(8) = -1 EBADF (Bad file descriptor) [pid 5754] close(9) = -1 EBADF (Bad file descriptor) [pid 5754] close(10) = -1 EBADF (Bad file descriptor) [pid 5754] close(11) = -1 EBADF (Bad file descriptor) [pid 5754] close(12) = -1 EBADF (Bad file descriptor) [pid 5754] close(13) = -1 EBADF (Bad file descriptor) [pid 5754] close(14) = -1 EBADF (Bad file descriptor) [pid 5754] close(15) = -1 EBADF (Bad file descriptor) [pid 5754] close(16) = -1 EBADF (Bad file descriptor) [pid 5754] close(17) = -1 EBADF (Bad file descriptor) [pid 5754] close(18) = -1 EBADF (Bad file descriptor) [pid 5754] close(19) = -1 EBADF (Bad file descriptor) [ 192.960616][ T5755] dump_stack_lvl+0x1e7/0x2d0 [ 192.965341][ T5755] ? nf_tcp_handle_invalid+0x640/0x640 [ 192.970842][ T5755] ? panic+0x770/0x770 [ 192.974980][ T5755] dump_header+0xdc/0x940 [ 192.979366][ T5755] out_of_memory+0xf21/0x12c0 [ 192.984111][ T5755] ? mutex_lock_io_nested+0x60/0x60 [ 192.989370][ T5755] ? preempt_schedule+0xdd/0xf0 [ 192.994262][ T5755] ? unregister_oom_notifier+0x20/0x20 [ 192.999766][ T5755] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 193.005819][ T5755] mem_cgroup_out_of_memory+0x263/0x3b0 [ 193.011423][ T5755] ? preempt_schedule_thunk+0x1a/0x20 [ 193.016863][ T5755] ? mem_cgroup_oom_trylock+0x210/0x210 [ 193.022481][ T5755] ? cgroup_file_notify+0x127/0x190 [ 193.027755][ T5755] memory_max_write+0x355/0x470 [ 193.032675][ T5755] ? memory_max_show+0xa0/0xa0 [ 193.037505][ T5755] ? read_lock_is_recursive+0x20/0x20 [ 193.042927][ T5755] ? memory_max_show+0xa0/0xa0 [ 193.047823][ T5755] cgroup_file_write+0x2b1/0x780 [ 193.052812][ T5755] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.057971][ T5755] ? __virt_addr_valid+0x22f/0x2e0 [ 193.063142][ T5755] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.068269][ T5755] kernfs_fop_write_iter+0x3a6/0x4f0 [ 193.073578][ T5755] vfs_write+0x7b2/0xbb0 [ 193.077861][ T5755] ? file_end_write+0x240/0x240 [ 193.082765][ T5755] ? do_raw_spin_unlock+0x13b/0x8b0 [ 193.088017][ T5755] ? lockdep_hardirqs_on+0x98/0x140 [ 193.093269][ T5755] ? __fdget_pos+0x265/0x2f0 [ 193.097900][ T5755] ksys_write+0x1a0/0x2c0 [ 193.102274][ T5755] ? __ia32_sys_read+0x90/0x90 [ 193.107085][ T5755] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 193.113111][ T5755] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 193.119132][ T5755] do_syscall_64+0x41/0xc0 [ 193.123600][ T5755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 193.129541][ T5755] RIP: 0033:0x7fd49ce20129 [ 193.133997][ T5755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.153649][ T5755] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5754] close(20) = -1 EBADF (Bad file descriptor) [pid 5754] close(21) = -1 EBADF (Bad file descriptor) [pid 5754] close(22) = -1 EBADF (Bad file descriptor) [pid 5754] close(23) = -1 EBADF (Bad file descriptor) [pid 5754] close(24) = -1 EBADF (Bad file descriptor) [pid 5754] close(25) = -1 EBADF (Bad file descriptor) [pid 5754] close(26) = -1 EBADF (Bad file descriptor) [pid 5754] close(27) = -1 EBADF (Bad file descriptor) [pid 5754] close(28) = -1 EBADF (Bad file descriptor) [pid 5754] close(29) = -1 EBADF (Bad file descriptor) [pid 5754] exit_group(0) = ? [pid 5754] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./50/binderfs") = 0 [pid 5074] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./50/cgroup") = 0 [pid 5074] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./50/cgroup.net") = 0 [pid 5074] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 193.162138][ T5755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 193.170141][ T5755] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 193.178157][ T5755] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 193.186166][ T5755] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 193.194174][ T5755] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002e [ 193.202211][ T5755] [pid 5074] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./50/file0") = 0 [pid 5074] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./50/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./50") = 0 [pid 5074] mkdir("./51", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 53 ./strace-static-x86_64: Process 5760 attached [pid 5760] chdir("./51") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [pid 5760] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 193.214602][ T5755] memory: usage 8kB, limit 0kB, failcnt 55 [ 193.221073][ T5755] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 193.228815][ T5755] Memory cgroup stats for /syz1: [ 193.229027][ T5755] anon 0 [ 193.229027][ T5755] file 0 [ 193.229027][ T5755] kernel 8192 [ 193.229027][ T5755] kernel_stack 0 [ 193.229027][ T5755] pagetables 0 [ 193.229027][ T5755] sec_pagetables 0 [ 193.229027][ T5755] percpu 0 [ 193.229027][ T5755] sock 0 [ 193.229027][ T5755] vmalloc 0 [ 193.229027][ T5755] shmem 0 [pid 5760] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5760] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] mkdir("./file0", 000) = 0 [pid 5760] open("./file0", O_RDONLY) = 3 [pid 5760] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5760] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5760] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5760] openat(5, "memory.max", O_RDWR) = 6 [ 193.229027][ T5755] zswap 0 [ 193.229027][ T5755] zswapped 0 [ 193.229027][ T5755] file_mapped 0 [ 193.229027][ T5755] file_dirty 0 [ 193.229027][ T5755] file_writeback 0 [ 193.229027][ T5755] swapcached 0 [ 193.229027][ T5755] anon_thp 0 [ 193.229027][ T5755] file_thp 0 [ 193.229027][ T5755] shmem_thp 0 [ 193.229027][ T5755] inactive_anon 0 [ 193.229027][ T5755] active_anon 0 [ 193.229027][ T5755] inactive_file 0 [ 193.229027][ T5755] active_file 0 [ 193.229027][ T5755] unevictable 0 [ 193.229027][ T5755] slab_reclaimable 6752 [pid 5760] write(6, "0x000000000000040e", 18 [pid 5755] <... write resumed>) = 18 [pid 5755] close(3) = 0 [pid 5755] close(4) = 0 [pid 5755] close(5) = 0 [pid 5755] close(6) = 0 [pid 5755] close(7) = -1 EBADF (Bad file descriptor) [pid 5755] close(8) = -1 EBADF (Bad file descriptor) [pid 5755] close(9) = -1 EBADF (Bad file descriptor) [pid 5755] close(10) = -1 EBADF (Bad file descriptor) [pid 5755] close(11) = -1 EBADF (Bad file descriptor) [pid 5755] close(12) = -1 EBADF (Bad file descriptor) [pid 5755] close(13) = -1 EBADF (Bad file descriptor) [pid 5755] close(14) = -1 EBADF (Bad file descriptor) [pid 5755] close(15) = -1 EBADF (Bad file descriptor) [ 193.229027][ T5755] slab_unreclaimable 0 [ 193.229027][ T5755] slab 6752 [ 193.229027][ T5755] workingset_refault_anon 0 [ 193.329561][ T5755] Tasks state (memory values in pages): [ 193.336575][ T5755] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 193.346098][ T5755] Out of memory and no killable processes... [ 193.353337][ T5757] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5755] close(16) = -1 EBADF (Bad file descriptor) [pid 5755] close(17) = -1 EBADF (Bad file descriptor) [pid 5755] close(18) = -1 EBADF (Bad file descriptor) [pid 5755] close(19) = -1 EBADF (Bad file descriptor) [pid 5755] close(20) = -1 EBADF (Bad file descriptor) [pid 5755] close(21) = -1 EBADF (Bad file descriptor) [pid 5755] close(22) = -1 EBADF (Bad file descriptor) [pid 5755] close(23) = -1 EBADF (Bad file descriptor) [pid 5755] close(24) = -1 EBADF (Bad file descriptor) [pid 5755] close(25) = -1 EBADF (Bad file descriptor) [pid 5755] close(26) = -1 EBADF (Bad file descriptor) [pid 5755] close(27) = -1 EBADF (Bad file descriptor) [pid 5755] close(28) = -1 EBADF (Bad file descriptor) [pid 5755] close(29) = -1 EBADF (Bad file descriptor) [pid 5755] exit_group(0) = ? [pid 5755] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./46/binderfs") = 0 [pid 5073] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./46/cgroup") = 0 [ 193.372681][ T5757] CPU: 1 PID: 5757 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 193.383209][ T5757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 193.393317][ T5757] Call Trace: [ 193.396638][ T5757] [ 193.399609][ T5757] dump_stack_lvl+0x1e7/0x2d0 [ 193.404348][ T5757] ? nf_tcp_handle_invalid+0x640/0x640 [ 193.409855][ T5757] ? panic+0x770/0x770 [ 193.413988][ T5757] dump_header+0xdc/0x940 [ 193.418373][ T5757] out_of_memory+0xf21/0x12c0 [ 193.423114][ T5757] ? mutex_lock_io_nested+0x60/0x60 [ 193.428377][ T5757] ? preempt_schedule+0xdd/0xf0 [ 193.433277][ T5757] ? unregister_oom_notifier+0x20/0x20 [ 193.438784][ T5757] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 193.444813][ T5757] mem_cgroup_out_of_memory+0x263/0x3b0 [ 193.450402][ T5757] ? preempt_schedule_thunk+0x1a/0x20 [ 193.455835][ T5757] ? mem_cgroup_oom_trylock+0x210/0x210 [ 193.461446][ T5757] ? cgroup_file_notify+0x127/0x190 [ 193.466705][ T5757] memory_max_write+0x355/0x470 [ 193.471601][ T5757] ? memory_max_show+0xa0/0xa0 [ 193.476403][ T5757] ? read_lock_is_recursive+0x20/0x20 [ 193.481843][ T5757] ? memory_max_show+0xa0/0xa0 [ 193.486639][ T5757] cgroup_file_write+0x2b1/0x780 [ 193.491615][ T5757] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.496850][ T5757] ? __virt_addr_valid+0x22f/0x2e0 [ 193.502047][ T5757] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.507302][ T5757] kernfs_fop_write_iter+0x3a6/0x4f0 [ 193.512645][ T5757] vfs_write+0x7b2/0xbb0 [ 193.516948][ T5757] ? file_end_write+0x240/0x240 [ 193.521843][ T5757] ? do_raw_spin_unlock+0x13b/0x8b0 [ 193.527089][ T5757] ? lockdep_hardirqs_on+0x98/0x140 [ 193.532346][ T5757] ? __fdget_pos+0x265/0x2f0 [ 193.536979][ T5757] ksys_write+0x1a0/0x2c0 [ 193.541340][ T5757] ? __ia32_sys_read+0x90/0x90 [ 193.546126][ T5757] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 193.552139][ T5757] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 193.558160][ T5757] do_syscall_64+0x41/0xc0 [ 193.562619][ T5757] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 193.568548][ T5757] RIP: 0033:0x7fd49ce20129 [ 193.572989][ T5757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.592634][ T5757] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.601082][ T5757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 193.609074][ T5757] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./46/cgroup.net") = 0 [pid 5073] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 193.617080][ T5757] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 193.625080][ T5757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 193.633074][ T5757] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002b [ 193.641146][ T5757] [ 193.646428][ T5757] memory: usage 8kB, limit 0kB, failcnt 55 [ 193.652536][ T5757] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 193.665898][ T5757] Memory cgroup stats for /syz1: [ 193.667418][ T5757] anon 0 [ 193.667418][ T5757] file 0 [ 193.667418][ T5757] kernel 8192 [ 193.667418][ T5757] kernel_stack 0 [ 193.667418][ T5757] pagetables 0 [ 193.667418][ T5757] sec_pagetables 0 [ 193.667418][ T5757] percpu 0 [ 193.667418][ T5757] sock 0 [ 193.667418][ T5757] vmalloc 0 [ 193.667418][ T5757] shmem 0 [ 193.667418][ T5757] zswap 0 [ 193.667418][ T5757] zswapped 0 [ 193.667418][ T5757] file_mapped 0 [ 193.667418][ T5757] file_dirty 0 [ 193.667418][ T5757] file_writeback 0 [ 193.667418][ T5757] swapcached 0 [pid 5073] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./46/file0") = 0 [ 193.667418][ T5757] anon_thp 0 [ 193.667418][ T5757] file_thp 0 [ 193.667418][ T5757] shmem_thp 0 [ 193.667418][ T5757] inactive_anon 0 [ 193.667418][ T5757] active_anon 0 [ 193.667418][ T5757] inactive_file 0 [ 193.667418][ T5757] active_file 0 [ 193.667418][ T5757] unevictable 0 [ 193.667418][ T5757] slab_reclaimable 6752 [ 193.667418][ T5757] slab_unreclaimable 0 [ 193.667418][ T5757] slab 6752 [ 193.667418][ T5757] workingset_refault_anon 0 [ 193.763743][ T5757] Tasks state (memory values in pages): [pid 5073] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./46/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./46") = 0 [pid 5073] mkdir("./47", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5761 attached [pid 5757] <... write resumed>) = 18 [pid 5761] chdir("./47" [pid 5757] close(3 [pid 5761] <... chdir resumed>) = 0 [pid 5757] <... close resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 49 [pid 5761] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5757] close(4 [pid 5761] <... prctl resumed>) = 0 [pid 5757] <... close resumed>) = 0 [pid 5761] setpgid(0, 0 [pid 5757] close(5 [pid 5761] <... setpgid resumed>) = 0 [pid 5757] <... close resumed>) = 0 [pid 5761] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5757] close(6 [pid 5761] <... symlink resumed>) = 0 [pid 5757] <... close resumed>) = 0 [pid 5761] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5757] close(7 [pid 5761] <... symlink resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5757] close(8 [pid 5761] <... symlink resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 193.775171][ T5757] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 193.785127][ T5757] Out of memory and no killable processes... [ 193.792310][ T5758] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 193.803169][ T5758] CPU: 0 PID: 5758 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 193.813646][ T5758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5757] close(9 [pid 5761] <... openat resumed>) = 3 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] write(3, "1000", 4 [pid 5757] close(10 [pid 5761] <... write resumed>) = 4 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] close(3 [pid 5757] close(11 [pid 5761] <... close resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] symlink("/dev/binderfs", "./binderfs" [pid 5757] close(12 [pid 5761] <... symlink resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] mkdir("./file0", 000 [pid 5757] close(13 [pid 5761] <... mkdir resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] open("./file0", O_RDONLY [pid 5757] close(14 [pid 5761] <... open resumed>) = 3 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5757] close(15 [pid 5761] <... mount resumed>) = 0 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5757] close(16 [pid 5761] <... openat resumed>) = 4 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] openat(4, "syz1", O_RDWR|O_PATH [pid 5757] close(17 [pid 5761] <... openat resumed>) = 5 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] openat(5, "memory.max", O_RDWR [pid 5757] close(18 [pid 5761] <... openat resumed>) = 6 [pid 5757] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] write(6, "0x000000000000040e", 18 [pid 5757] close(19) = -1 EBADF (Bad file descriptor) [pid 5757] close(20) = -1 EBADF (Bad file descriptor) [pid 5757] close(21) = -1 EBADF (Bad file descriptor) [pid 5757] close(22) = -1 EBADF (Bad file descriptor) [pid 5757] close(23) = -1 EBADF (Bad file descriptor) [ 193.823744][ T5758] Call Trace: [ 193.827066][ T5758] [ 193.830038][ T5758] dump_stack_lvl+0x1e7/0x2d0 [ 193.834886][ T5758] ? nf_tcp_handle_invalid+0x640/0x640 [ 193.840420][ T5758] ? panic+0x770/0x770 [ 193.844576][ T5758] dump_header+0xdc/0x940 [ 193.848978][ T5758] out_of_memory+0xf21/0x12c0 [ 193.853721][ T5758] ? mutex_lock_io_nested+0x60/0x60 [ 193.858983][ T5758] ? preempt_schedule+0xdd/0xf0 [ 193.863895][ T5758] ? unregister_oom_notifier+0x20/0x20 [ 193.869413][ T5758] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5757] close(24) = -1 EBADF (Bad file descriptor) [pid 5757] close(25) = -1 EBADF (Bad file descriptor) [pid 5757] close(26) = -1 EBADF (Bad file descriptor) [pid 5757] close(27) = -1 EBADF (Bad file descriptor) [pid 5757] close(28) = -1 EBADF (Bad file descriptor) [pid 5757] close(29) = -1 EBADF (Bad file descriptor) [pid 5757] exit_group(0) = ? [pid 5757] +++ exited with 0 +++ [ 193.875473][ T5758] mem_cgroup_out_of_memory+0x263/0x3b0 [ 193.881081][ T5758] ? preempt_schedule_thunk+0x1a/0x20 [ 193.886518][ T5758] ? mem_cgroup_oom_trylock+0x210/0x210 [ 193.892141][ T5758] ? cgroup_file_notify+0x127/0x190 [ 193.897411][ T5758] memory_max_write+0x355/0x470 [ 193.902334][ T5758] ? memory_max_show+0xa0/0xa0 [ 193.907159][ T5758] ? read_lock_is_recursive+0x20/0x20 [ 193.912614][ T5758] ? memory_max_show+0xa0/0xa0 [ 193.917440][ T5758] cgroup_file_write+0x2b1/0x780 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./43/binderfs") = 0 [pid 5072] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./43/cgroup") = 0 [pid 5072] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./43/cgroup.net") = 0 [ 193.922440][ T5758] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.927605][ T5758] ? __virt_addr_valid+0x22f/0x2e0 [ 193.932791][ T5758] ? cgroup_seqfile_stop+0xd0/0xd0 [ 193.937960][ T5758] kernfs_fop_write_iter+0x3a6/0x4f0 [ 193.943325][ T5758] vfs_write+0x7b2/0xbb0 [ 193.947722][ T5758] ? file_end_write+0x240/0x240 [ 193.952645][ T5758] ? do_raw_spin_unlock+0x13b/0x8b0 [ 193.957901][ T5758] ? lockdep_hardirqs_on+0x98/0x140 [ 193.963164][ T5758] ? __fdget_pos+0x265/0x2f0 [ 193.968006][ T5758] ksys_write+0x1a0/0x2c0 [ 193.972401][ T5758] ? __ia32_sys_read+0x90/0x90 [ 193.977237][ T5758] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 193.983387][ T5758] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 193.989440][ T5758] do_syscall_64+0x41/0xc0 [ 193.993918][ T5758] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 193.999903][ T5758] RIP: 0033:0x7fd49ce20129 [ 194.004380][ T5758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5072] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 194.024123][ T5758] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.032947][ T5758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 194.040962][ T5758] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 194.048983][ T5758] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 194.057071][ T5758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 194.065094][ T5758] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000031 [ 194.073133][ T5758] [pid 5072] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./43/file0") = 0 [pid 5072] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./43/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./43") = 0 [pid 5072] mkdir("./44", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 46 [ 194.086685][ T5758] memory: usage 8kB, limit 0kB, failcnt 55 [ 194.092569][ T5758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 194.099925][ T5758] Memory cgroup stats for /syz1: [ 194.100124][ T5758] anon 0 [ 194.100124][ T5758] file 0 [ 194.100124][ T5758] kernel 8192 [ 194.100124][ T5758] kernel_stack 0 [ 194.100124][ T5758] pagetables 0 [ 194.100124][ T5758] sec_pagetables 0 [ 194.100124][ T5758] percpu 0 [ 194.100124][ T5758] sock 0 [ 194.100124][ T5758] vmalloc 0 [ 194.100124][ T5758] shmem 0 ./strace-static-x86_64: Process 5762 attached [ 194.100124][ T5758] zswap 0 [ 194.100124][ T5758] zswapped 0 [ 194.100124][ T5758] file_mapped 0 [ 194.100124][ T5758] file_dirty 0 [ 194.100124][ T5758] file_writeback 0 [ 194.100124][ T5758] swapcached 0 [ 194.100124][ T5758] anon_thp 0 [ 194.100124][ T5758] file_thp 0 [ 194.100124][ T5758] shmem_thp 0 [ 194.100124][ T5758] inactive_anon 0 [ 194.100124][ T5758] active_anon 0 [ 194.100124][ T5758] inactive_file 0 [ 194.100124][ T5758] active_file 0 [ 194.100124][ T5758] unevictable 0 [ 194.100124][ T5758] slab_reclaimable 6752 [pid 5762] chdir("./44") = 0 [pid 5762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5762] setpgid(0, 0) = 0 [pid 5762] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5762] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5762] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5762] write(3, "1000", 4) = 4 [pid 5762] close(3) = 0 [pid 5762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5762] mkdir("./file0", 000) = 0 [pid 5762] open("./file0", O_RDONLY) = 3 [pid 5762] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5762] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5762] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5762] openat(5, "memory.max", O_RDWR) = 6 [ 194.100124][ T5758] slab_unreclaimable 0 [ 194.100124][ T5758] slab 6752 [ 194.100124][ T5758] workingset_refault_anon 0 [ 194.200513][ T5758] Tasks state (memory values in pages): [ 194.206121][ T5758] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 194.226436][ T5758] Out of memory and no killable processes... [pid 5762] write(6, "0x000000000000040e", 18 [pid 5758] <... write resumed>) = 18 [pid 5758] close(3) = 0 [pid 5758] close(4) = 0 [pid 5758] close(5) = 0 [pid 5758] close(6) = 0 [pid 5758] close(7) = -1 EBADF (Bad file descriptor) [pid 5758] close(8) = -1 EBADF (Bad file descriptor) [pid 5758] close(9) = -1 EBADF (Bad file descriptor) [pid 5758] close(10) = -1 EBADF (Bad file descriptor) [pid 5758] close(11) = -1 EBADF (Bad file descriptor) [pid 5758] close(12) = -1 EBADF (Bad file descriptor) [pid 5758] close(13) = -1 EBADF (Bad file descriptor) [pid 5758] close(14) = -1 EBADF (Bad file descriptor) [pid 5758] close(15) = -1 EBADF (Bad file descriptor) [pid 5758] close(16) = -1 EBADF (Bad file descriptor) [pid 5758] close(17) = -1 EBADF (Bad file descriptor) [ 194.233309][ T5759] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 194.244666][ T5759] CPU: 0 PID: 5759 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 194.255149][ T5759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 194.265261][ T5759] Call Trace: [ 194.268586][ T5759] [ 194.271552][ T5759] dump_stack_lvl+0x1e7/0x2d0 [ 194.276289][ T5759] ? nf_tcp_handle_invalid+0x640/0x640 [ 194.281808][ T5759] ? panic+0x770/0x770 [pid 5758] close(18) = -1 EBADF (Bad file descriptor) [pid 5758] close(19) = -1 EBADF (Bad file descriptor) [pid 5758] close(20) = -1 EBADF (Bad file descriptor) [pid 5758] close(21) = -1 EBADF (Bad file descriptor) [pid 5758] close(22) = -1 EBADF (Bad file descriptor) [pid 5758] close(23) = -1 EBADF (Bad file descriptor) [pid 5758] close(24) = -1 EBADF (Bad file descriptor) [pid 5758] close(25) = -1 EBADF (Bad file descriptor) [pid 5758] close(26) = -1 EBADF (Bad file descriptor) [pid 5758] close(27) = -1 EBADF (Bad file descriptor) [pid 5758] close(28) = -1 EBADF (Bad file descriptor) [pid 5758] close(29) = -1 EBADF (Bad file descriptor) [pid 5758] exit_group(0) = ? [pid 5758] +++ exited with 0 +++ [ 194.285944][ T5759] dump_header+0xdc/0x940 [ 194.290353][ T5759] out_of_memory+0xf21/0x12c0 [ 194.295094][ T5759] ? mutex_lock_io_nested+0x60/0x60 [ 194.300362][ T5759] ? mark_lock+0x9a/0x340 [ 194.304735][ T5759] ? unregister_oom_notifier+0x20/0x20 [ 194.310260][ T5759] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 194.316312][ T5759] mem_cgroup_out_of_memory+0x263/0x3b0 [ 194.321919][ T5759] ? mem_cgroup_oom_trylock+0x210/0x210 [ 194.327559][ T5759] ? cgroup_file_notify+0x127/0x190 [ 194.332812][ T5759] memory_max_write+0x355/0x470 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./49/binderfs") = 0 [ 194.337726][ T5759] ? memory_max_show+0xa0/0xa0 [ 194.342541][ T5759] ? read_lock_is_recursive+0x20/0x20 [ 194.347968][ T5759] ? memory_max_show+0xa0/0xa0 [ 194.352813][ T5759] cgroup_file_write+0x2b1/0x780 [ 194.357799][ T5759] ? cgroup_seqfile_stop+0xd0/0xd0 [ 194.362948][ T5759] ? __virt_addr_valid+0x22f/0x2e0 [ 194.368128][ T5759] ? cgroup_seqfile_stop+0xd0/0xd0 [ 194.373309][ T5759] kernfs_fop_write_iter+0x3a6/0x4f0 [ 194.378649][ T5759] vfs_write+0x7b2/0xbb0 [ 194.382946][ T5759] ? file_end_write+0x240/0x240 [pid 5075] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./49/cgroup") = 0 [pid 5075] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./49/cgroup.net") = 0 [ 194.387859][ T5759] ? do_raw_spin_unlock+0x13b/0x8b0 [ 194.393105][ T5759] ? lockdep_hardirqs_on+0x98/0x140 [ 194.398361][ T5759] ? __fdget_pos+0x265/0x2f0 [ 194.403103][ T5759] ksys_write+0x1a0/0x2c0 [ 194.407515][ T5759] ? __ia32_sys_read+0x90/0x90 [ 194.412321][ T5759] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 194.418362][ T5759] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 194.424407][ T5759] do_syscall_64+0x41/0xc0 [ 194.428901][ T5759] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 194.434832][ T5759] RIP: 0033:0x7fd49ce20129 [ 194.439279][ T5759] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 194.458924][ T5759] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.467385][ T5759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 194.475394][ T5759] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./49/file0") = 0 [pid 5075] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 194.483397][ T5759] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 194.491402][ T5759] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 194.499415][ T5759] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002b [ 194.507472][ T5759] [ 194.518865][ T5759] memory: usage 8kB, limit 0kB, failcnt 55 [ 194.524826][ T5759] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 194.532287][ T5759] Memory cgroup stats for /syz1: [pid 5075] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./49/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./49") = 0 [pid 5075] mkdir("./50", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 52 [ 194.532511][ T5759] anon 0 [ 194.532511][ T5759] file 0 [ 194.532511][ T5759] kernel 8192 [ 194.532511][ T5759] kernel_stack 0 [ 194.532511][ T5759] pagetables 0 [ 194.532511][ T5759] sec_pagetables 0 [ 194.532511][ T5759] percpu 0 [ 194.532511][ T5759] sock 0 [ 194.532511][ T5759] vmalloc 0 [ 194.532511][ T5759] shmem 0 [ 194.532511][ T5759] zswap 0 [ 194.532511][ T5759] zswapped 0 [ 194.532511][ T5759] file_mapped 0 [ 194.532511][ T5759] file_dirty 0 [ 194.532511][ T5759] file_writeback 0 [ 194.532511][ T5759] swapcached 0 ./strace-static-x86_64: Process 5763 attached [pid 5763] chdir("./50") = 0 [ 194.532511][ T5759] anon_thp 0 [ 194.532511][ T5759] file_thp 0 [ 194.532511][ T5759] shmem_thp 0 [ 194.532511][ T5759] inactive_anon 0 [ 194.532511][ T5759] active_anon 0 [ 194.532511][ T5759] inactive_file 0 [ 194.532511][ T5759] active_file 0 [ 194.532511][ T5759] unevictable 0 [ 194.532511][ T5759] slab_reclaimable 6752 [ 194.532511][ T5759] slab_unreclaimable 0 [ 194.532511][ T5759] slab 6752 [ 194.532511][ T5759] workingset_refault_anon 0 [pid 5763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5763] setpgid(0, 0) = 0 [pid 5759] <... write resumed>) = 18 [ 194.634799][ T5759] Tasks state (memory values in pages): [ 194.641617][ T5759] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 194.651513][ T5759] Out of memory and no killable processes... [ 194.657957][ T5760] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 194.668718][ T5760] CPU: 0 PID: 5760 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 194.679186][ T5760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 194.689269][ T5760] Call Trace: [ 194.692591][ T5760] [ 194.695533][ T5760] dump_stack_lvl+0x1e7/0x2d0 [ 194.700237][ T5760] ? nf_tcp_handle_invalid+0x640/0x640 [ 194.705710][ T5760] ? panic+0x770/0x770 [ 194.709823][ T5760] dump_header+0xdc/0x940 [ 194.714198][ T5760] out_of_memory+0xf21/0x12c0 [ 194.718914][ T5760] ? mutex_lock_io_nested+0x60/0x60 [ 194.724145][ T5760] ? preempt_schedule+0xdd/0xf0 [ 194.729024][ T5760] ? unregister_oom_notifier+0x20/0x20 [ 194.734526][ T5760] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 194.740555][ T5760] mem_cgroup_out_of_memory+0x263/0x3b0 [ 194.746196][ T5760] ? preempt_schedule_thunk+0x1a/0x20 [ 194.751610][ T5760] ? mem_cgroup_oom_trylock+0x210/0x210 [ 194.757199][ T5760] ? cgroup_file_notify+0x127/0x190 [ 194.762423][ T5760] memory_max_write+0x355/0x470 [ 194.767307][ T5760] ? memory_max_show+0xa0/0xa0 [ 194.772204][ T5760] ? read_lock_is_recursive+0x20/0x20 [ 194.777615][ T5760] ? memory_max_show+0xa0/0xa0 [ 194.782404][ T5760] cgroup_file_write+0x2b1/0x780 [ 194.787380][ T5760] ? cgroup_seqfile_stop+0xd0/0xd0 [ 194.792522][ T5760] ? __virt_addr_valid+0x22f/0x2e0 [ 194.797683][ T5760] ? cgroup_seqfile_stop+0xd0/0xd0 [ 194.802818][ T5760] kernfs_fop_write_iter+0x3a6/0x4f0 [ 194.808129][ T5760] vfs_write+0x7b2/0xbb0 [ 194.812413][ T5760] ? file_end_write+0x240/0x240 [ 194.817315][ T5760] ? do_raw_spin_unlock+0x13b/0x8b0 [ 194.822534][ T5760] ? lockdep_hardirqs_on+0x98/0x140 [ 194.827764][ T5760] ? __fdget_pos+0x265/0x2f0 [ 194.832394][ T5760] ksys_write+0x1a0/0x2c0 [ 194.836747][ T5760] ? __ia32_sys_read+0x90/0x90 [ 194.841535][ T5760] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 194.847583][ T5760] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 194.853588][ T5760] do_syscall_64+0x41/0xc0 [ 194.858026][ T5760] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 194.864073][ T5760] RIP: 0033:0x7fd49ce20129 [ 194.868519][ T5760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5763] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5759] close(3 [pid 5763] <... symlink resumed>) = 0 [pid 5759] <... close resumed>) = 0 [ 194.888143][ T5760] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.896581][ T5760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 194.904565][ T5760] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 194.912551][ T5760] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 194.920538][ T5760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 194.928526][ T5760] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000033 [ 194.936540][ T5760] [pid 5763] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5759] close(4) = 0 [pid 5763] <... symlink resumed>) = 0 [ 194.947783][ T5760] memory: usage 8kB, limit 0kB, failcnt 55 [ 194.953775][ T5760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 194.961730][ T5760] Memory cgroup stats for /syz1: [ 194.962001][ T5760] anon 0 [ 194.962001][ T5760] file 0 [ 194.962001][ T5760] kernel 8192 [ 194.962001][ T5760] kernel_stack 0 [ 194.962001][ T5760] pagetables 0 [ 194.962001][ T5760] sec_pagetables 0 [ 194.962001][ T5760] percpu 0 [ 194.962001][ T5760] sock 0 [ 194.962001][ T5760] vmalloc 0 [ 194.962001][ T5760] shmem 0 [ 194.962001][ T5760] zswap 0 [ 194.962001][ T5760] zswapped 0 [ 194.962001][ T5760] file_mapped 0 [ 194.962001][ T5760] file_dirty 0 [ 194.962001][ T5760] file_writeback 0 [ 194.962001][ T5760] swapcached 0 [ 194.962001][ T5760] anon_thp 0 [ 194.962001][ T5760] file_thp 0 [ 194.962001][ T5760] shmem_thp 0 [ 194.962001][ T5760] inactive_anon 0 [ 194.962001][ T5760] active_anon 0 [ 194.962001][ T5760] inactive_file 0 [ 194.962001][ T5760] active_file 0 [ 194.962001][ T5760] unevictable 0 [ 194.962001][ T5760] slab_reclaimable 6752 [pid 5759] close(5 [pid 5763] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5759] <... close resumed>) = 0 [pid 5763] <... symlink resumed>) = 0 [pid 5759] close(6 [pid 5763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5759] <... close resumed>) = 0 [pid 5763] <... openat resumed>) = 3 [pid 5760] <... write resumed>) = 18 [pid 5759] close(7) = -1 EBADF (Bad file descriptor) [pid 5759] close(8) = -1 EBADF (Bad file descriptor) [pid 5759] close(9) = -1 EBADF (Bad file descriptor) [pid 5759] close(10) = -1 EBADF (Bad file descriptor) [pid 5759] close(11) = -1 EBADF (Bad file descriptor) [pid 5760] close(3 [pid 5759] close(12 [pid 5760] <... close resumed>) = 0 [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(4 [pid 5759] close(13 [pid 5760] <... close resumed>) = 0 [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(5 [pid 5759] close(14 [pid 5760] <... close resumed>) = 0 [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(6 [pid 5759] close(15 [pid 5760] <... close resumed>) = 0 [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(7 [pid 5759] close(16 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(8 [pid 5759] close(17 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(9 [pid 5759] close(18 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(10 [pid 5759] close(19 [pid 5763] write(3, "1000", 4 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5763] <... write resumed>) = 4 [pid 5760] close(11 [pid 5759] close(20 [pid 5763] close(3 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5763] <... close resumed>) = 0 [pid 5760] close(12 [pid 5759] close(21 [pid 5763] symlink("/dev/binderfs", "./binderfs" [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5763] <... symlink resumed>) = 0 [pid 5760] close(13 [pid 5759] close(22 [pid 5763] mkdir("./file0", 000 [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5760] close(14 [pid 5759] close(23 [pid 5763] <... mkdir resumed>) = 0 [pid 5763] open("./file0", O_RDONLY [pid 5760] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5759] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 194.962001][ T5760] slab_unreclaimable 0 [ 194.962001][ T5760] slab 6752 [ 194.962001][ T5760] workingset_refault_anon 0 [ 195.060838][ T5760] Tasks state (memory values in pages): [ 195.066428][ T5760] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 195.077854][ T5760] Out of memory and no killable processes... [ 195.084531][ T5761] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5763] <... open resumed>) = 3 [pid 5759] close(24) = -1 EBADF (Bad file descriptor) [pid 5759] close(25) = -1 EBADF (Bad file descriptor) [pid 5759] close(26) = -1 EBADF (Bad file descriptor) [pid 5759] close(27) = -1 EBADF (Bad file descriptor) [pid 5759] close(28) = -1 EBADF (Bad file descriptor) [pid 5759] close(29) = -1 EBADF (Bad file descriptor) [pid 5759] exit_group(0) = ? [pid 5759] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 195.105868][ T5761] CPU: 0 PID: 5761 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 195.116374][ T5761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 195.126482][ T5761] Call Trace: [ 195.129813][ T5761] [ 195.132791][ T5761] dump_stack_lvl+0x1e7/0x2d0 [ 195.137538][ T5761] ? nf_tcp_handle_invalid+0x640/0x640 [ 195.143060][ T5761] ? panic+0x770/0x770 [ 195.147207][ T5761] dump_header+0xdc/0x940 [ 195.151605][ T5761] out_of_memory+0xf21/0x12c0 [pid 5070] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./43/binderfs") = 0 [pid 5070] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./43/cgroup") = 0 [pid 5070] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./43/cgroup.net") = 0 [ 195.156347][ T5761] ? mutex_lock_io_nested+0x60/0x60 [ 195.161613][ T5761] ? preempt_schedule+0xdd/0xf0 [ 195.166529][ T5761] ? unregister_oom_notifier+0x20/0x20 [ 195.172044][ T5761] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 195.178095][ T5761] mem_cgroup_out_of_memory+0x263/0x3b0 [ 195.183699][ T5761] ? preempt_schedule_thunk+0x1a/0x20 [ 195.189130][ T5761] ? mem_cgroup_oom_trylock+0x210/0x210 [ 195.194744][ T5761] ? cgroup_file_notify+0x127/0x190 [ 195.199999][ T5761] memory_max_write+0x355/0x470 [pid 5070] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5760] close(15) = -1 EBADF (Bad file descriptor) [pid 5760] close(16) = -1 EBADF (Bad file descriptor) [pid 5760] close(17) = -1 EBADF (Bad file descriptor) [pid 5760] close(18) = -1 EBADF (Bad file descriptor) [pid 5760] close(19) = -1 EBADF (Bad file descriptor) [pid 5760] close(20) = -1 EBADF (Bad file descriptor) [pid 5760] close(21) = -1 EBADF (Bad file descriptor) [pid 5760] close(22) = -1 EBADF (Bad file descriptor) [pid 5760] close(23) = -1 EBADF (Bad file descriptor) [pid 5760] close(24) = -1 EBADF (Bad file descriptor) [pid 5760] close(25) = -1 EBADF (Bad file descriptor) [pid 5760] close(26) = -1 EBADF (Bad file descriptor) [pid 5760] close(27) = -1 EBADF (Bad file descriptor) [pid 5760] close(28) = -1 EBADF (Bad file descriptor) [pid 5760] close(29) = -1 EBADF (Bad file descriptor) [pid 5760] exit_group(0) = ? [pid 5760] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5763] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5763] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5763] openat(4, "syz1", O_RDWR|O_PATH [pid 5074] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5763] <... openat resumed>) = 5 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5763] openat(5, "memory.max", O_RDWR [pid 5074] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5763] <... openat resumed>) = 6 [ 195.204910][ T5761] ? memory_max_show+0xa0/0xa0 [ 195.209728][ T5761] ? read_lock_is_recursive+0x20/0x20 [ 195.215156][ T5761] ? memory_max_show+0xa0/0xa0 [ 195.219972][ T5761] cgroup_file_write+0x2b1/0x780 [ 195.224970][ T5761] ? cgroup_seqfile_stop+0xd0/0xd0 [ 195.230132][ T5761] ? __virt_addr_valid+0x22f/0x2e0 [ 195.235321][ T5761] ? cgroup_seqfile_stop+0xd0/0xd0 [ 195.240487][ T5761] kernfs_fop_write_iter+0x3a6/0x4f0 [ 195.245836][ T5761] vfs_write+0x7b2/0xbb0 [ 195.250152][ T5761] ? file_end_write+0x240/0x240 [pid 5074] <... openat resumed>) = 3 [pid 5763] write(6, "0x000000000000040e", 18 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./51/binderfs") = 0 [pid 5074] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./51/cgroup") = 0 [pid 5074] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./51/cgroup.net") = 0 [ 195.255072][ T5761] ? do_raw_spin_unlock+0x13b/0x8b0 [ 195.260332][ T5761] ? lockdep_hardirqs_on+0x98/0x140 [ 195.265588][ T5761] ? __fdget_pos+0x265/0x2f0 [ 195.270238][ T5761] ksys_write+0x1a0/0x2c0 [ 195.274629][ T5761] ? __ia32_sys_read+0x90/0x90 [ 195.279452][ T5761] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 195.285515][ T5761] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 195.291559][ T5761] do_syscall_64+0x41/0xc0 [ 195.295999][ T5761] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 195.301922][ T5761] RIP: 0033:0x7fd49ce20129 [ 195.306377][ T5761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.326033][ T5761] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 195.334506][ T5761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 195.342522][ T5761] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5074] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./51/file0", [pid 5070] lstat("./43/file0", [pid 5074] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 195.350522][ T5761] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 195.358508][ T5761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 195.366503][ T5761] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002f [ 195.374625][ T5761] [ 195.393972][ T5761] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] <... openat resumed>) = 4 [pid 5070] <... openat resumed>) = 4 [pid 5074] fstat(4, [pid 5070] fstat(4, [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, [pid 5070] getdents64(4, [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, [pid 5070] getdents64(4, [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4 [pid 5070] close(4 [pid 5074] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5074] rmdir("./51/file0" [pid 5070] rmdir("./43/file0" [pid 5074] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5074] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./51/cgroup.cpu", [pid 5070] lstat("./43/cgroup.cpu", [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./51/cgroup.cpu" [pid 5070] unlink("./43/cgroup.cpu" [pid 5074] <... unlink resumed>) = 0 [pid 5070] <... unlink resumed>) = 0 [pid 5074] getdents64(3, [pid 5070] getdents64(3, [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [pid 5070] close(3 [pid 5074] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5074] rmdir("./51" [pid 5070] rmdir("./43" [pid 5074] <... rmdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5074] mkdir("./52", 0777 [pid 5070] mkdir("./44", 0777 [pid 5074] <... mkdir resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5765 attached [pid 5765] chdir("./44" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 54 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 46 [pid 5765] <... chdir resumed>) = 0 [ 195.407185][ T5761] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 195.414117][ T5761] Memory cgroup stats for /syz1: [ 195.414326][ T5761] anon 0 [ 195.414326][ T5761] file 0 [ 195.414326][ T5761] kernel 8192 [ 195.414326][ T5761] kernel_stack 0 [ 195.414326][ T5761] pagetables 0 [ 195.414326][ T5761] sec_pagetables 0 [ 195.414326][ T5761] percpu 0 [ 195.414326][ T5761] sock 0 [ 195.414326][ T5761] vmalloc 0 [ 195.414326][ T5761] shmem 0 [ 195.414326][ T5761] zswap 0 [ 195.414326][ T5761] zswapped 0 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5765] setpgid(0, 0) = 0 [pid 5765] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5765] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5765] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5765] write(3, "1000", 4) = 4 [pid 5765] close(3) = 0 [pid 5765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5765] mkdir("./file0", 000) = 0 [pid 5765] open("./file0", O_RDONLY) = 3 [pid 5765] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5765] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5765] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5765] openat(5, "memory.max", O_RDWR) = 6 [ 195.414326][ T5761] file_mapped 0 [ 195.414326][ T5761] file_dirty 0 [ 195.414326][ T5761] file_writeback 0 [ 195.414326][ T5761] swapcached 0 [ 195.414326][ T5761] anon_thp 0 [ 195.414326][ T5761] file_thp 0 [ 195.414326][ T5761] shmem_thp 0 [ 195.414326][ T5761] inactive_anon 0 [ 195.414326][ T5761] active_anon 0 [ 195.414326][ T5761] inactive_file 0 [ 195.414326][ T5761] active_file 0 [ 195.414326][ T5761] unevictable 0 [ 195.414326][ T5761] slab_reclaimable 6752 [ 195.414326][ T5761] slab_unreclaimable 0 [ 195.414326][ T5761] slab 6752 [pid 5765] write(6, "0x000000000000040e", 18./strace-static-x86_64: Process 5764 attached [pid 5764] chdir("./52") = 0 [pid 5764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5761] <... write resumed>) = 18 [pid 5764] setpgid(0, 0) = 0 [pid 5761] close(3 [pid 5764] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5761] <... close resumed>) = 0 [pid 5764] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5761] close(4 [pid 5764] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5761] <... close resumed>) = 0 [pid 5764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5761] close(5 [pid 5764] write(3, "1000", 4) = 4 [pid 5761] <... close resumed>) = 0 [pid 5764] close(3) = 0 [pid 5761] close(6 [pid 5764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5761] <... close resumed>) = 0 [pid 5764] mkdir("./file0", 000) = 0 [pid 5761] close(7 [pid 5764] open("./file0", O_RDONLY [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] <... open resumed>) = 3 [pid 5761] close(8 [pid 5764] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] <... mount resumed>) = 0 [pid 5761] close(9 [pid 5764] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] <... openat resumed>) = 4 [pid 5761] close(10 [pid 5764] openat(4, "syz1", O_RDWR|O_PATH [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] <... openat resumed>) = 5 [pid 5761] close(11 [pid 5764] openat(5, "memory.max", O_RDWR [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] <... openat resumed>) = 6 [pid 5761] close(12 [pid 5764] write(6, "0x000000000000040e", 18 [pid 5761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5761] close(13) = -1 EBADF (Bad file descriptor) [pid 5761] close(14) = -1 EBADF (Bad file descriptor) [pid 5761] close(15) = -1 EBADF (Bad file descriptor) [pid 5761] close(16) = -1 EBADF (Bad file descriptor) [pid 5761] close(17) = -1 EBADF (Bad file descriptor) [pid 5761] close(18) = -1 EBADF (Bad file descriptor) [pid 5761] close(19) = -1 EBADF (Bad file descriptor) [pid 5761] close(20) = -1 EBADF (Bad file descriptor) [pid 5761] close(21) = -1 EBADF (Bad file descriptor) [pid 5761] close(22) = -1 EBADF (Bad file descriptor) [pid 5761] close(23) = -1 EBADF (Bad file descriptor) [pid 5761] close(24) = -1 EBADF (Bad file descriptor) [pid 5761] close(25) = -1 EBADF (Bad file descriptor) [pid 5761] close(26) = -1 EBADF (Bad file descriptor) [pid 5761] close(27) = -1 EBADF (Bad file descriptor) [pid 5761] close(28) = -1 EBADF (Bad file descriptor) [pid 5761] close(29) = -1 EBADF (Bad file descriptor) [ 195.414326][ T5761] workingset_refault_anon 0 [ 195.515079][ T5761] Tasks state (memory values in pages): [ 195.520882][ T5761] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 195.530642][ T5761] Out of memory and no killable processes... [ 195.536927][ T5762] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5761] exit_group(0) = ? [pid 5761] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./47/binderfs") = 0 [pid 5073] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./47/cgroup") = 0 [pid 5073] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./47/cgroup.net") = 0 [ 195.564354][ T5762] CPU: 1 PID: 5762 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 195.574836][ T5762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 195.584939][ T5762] Call Trace: [ 195.588258][ T5762] [ 195.591223][ T5762] dump_stack_lvl+0x1e7/0x2d0 [ 195.595960][ T5762] ? nf_tcp_handle_invalid+0x640/0x640 [ 195.601481][ T5762] ? panic+0x770/0x770 [ 195.605615][ T5762] dump_header+0xdc/0x940 [ 195.610010][ T5762] out_of_memory+0xf21/0x12c0 [ 195.614728][ T5762] ? mutex_lock_io_nested+0x60/0x60 [ 195.619970][ T5762] ? preempt_schedule+0xdd/0xf0 [ 195.624884][ T5762] ? unregister_oom_notifier+0x20/0x20 [ 195.630392][ T5762] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 195.636416][ T5762] mem_cgroup_out_of_memory+0x263/0x3b0 [ 195.642023][ T5762] ? preempt_schedule_thunk+0x1a/0x20 [ 195.647502][ T5762] ? mem_cgroup_oom_trylock+0x210/0x210 [ 195.653115][ T5762] ? cgroup_file_notify+0x127/0x190 [ 195.658347][ T5762] memory_max_write+0x355/0x470 [ 195.663260][ T5762] ? memory_max_show+0xa0/0xa0 [ 195.668058][ T5762] ? read_lock_is_recursive+0x20/0x20 [ 195.673472][ T5762] ? memory_max_show+0xa0/0xa0 [ 195.678272][ T5762] cgroup_file_write+0x2b1/0x780 [ 195.683261][ T5762] ? cgroup_seqfile_stop+0xd0/0xd0 [ 195.688393][ T5762] ? __virt_addr_valid+0x22f/0x2e0 [ 195.693541][ T5762] ? cgroup_seqfile_stop+0xd0/0xd0 [ 195.698673][ T5762] kernfs_fop_write_iter+0x3a6/0x4f0 [ 195.704018][ T5762] vfs_write+0x7b2/0xbb0 [ 195.708324][ T5762] ? file_end_write+0x240/0x240 [ 195.713234][ T5762] ? do_raw_spin_unlock+0x13b/0x8b0 [ 195.718481][ T5762] ? lockdep_hardirqs_on+0x98/0x140 [ 195.723749][ T5762] ? __fdget_pos+0x265/0x2f0 [ 195.728427][ T5762] ksys_write+0x1a0/0x2c0 [ 195.732810][ T5762] ? __ia32_sys_read+0x90/0x90 [ 195.737605][ T5762] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 195.743719][ T5762] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 195.749742][ T5762] do_syscall_64+0x41/0xc0 [ 195.754180][ T5762] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 195.760107][ T5762] RIP: 0033:0x7fd49ce20129 [ 195.764547][ T5762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.784185][ T5762] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 195.792620][ T5762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 195.800622][ T5762] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./47/file0") = 0 [pid 5073] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 195.808621][ T5762] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 195.816606][ T5762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 195.824611][ T5762] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002c [ 195.832648][ T5762] [ 195.846315][ T5762] memory: usage 8kB, limit 0kB, failcnt 55 [ 195.852736][ T5762] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 195.860687][ T5762] Memory cgroup stats for /syz1: [pid 5073] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./47/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./47") = 0 [pid 5073] mkdir("./48", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 50 ./strace-static-x86_64: Process 5766 attached [pid 5766] chdir("./48") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5766] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5766] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5766] mkdir("./file0", 000) = 0 [ 195.860886][ T5762] anon 0 [ 195.860886][ T5762] file 0 [ 195.860886][ T5762] kernel 8192 [ 195.860886][ T5762] kernel_stack 0 [ 195.860886][ T5762] pagetables 0 [ 195.860886][ T5762] sec_pagetables 0 [ 195.860886][ T5762] percpu 0 [ 195.860886][ T5762] sock 0 [ 195.860886][ T5762] vmalloc 0 [ 195.860886][ T5762] shmem 0 [ 195.860886][ T5762] zswap 0 [ 195.860886][ T5762] zswapped 0 [ 195.860886][ T5762] file_mapped 0 [ 195.860886][ T5762] file_dirty 0 [ 195.860886][ T5762] file_writeback 0 [ 195.860886][ T5762] swapcached 0 [pid 5766] open("./file0", O_RDONLY) = 3 [pid 5766] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5766] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5766] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5766] openat(5, "memory.max", O_RDWR) = 6 [ 195.860886][ T5762] anon_thp 0 [ 195.860886][ T5762] file_thp 0 [ 195.860886][ T5762] shmem_thp 0 [ 195.860886][ T5762] inactive_anon 0 [ 195.860886][ T5762] active_anon 0 [ 195.860886][ T5762] inactive_file 0 [ 195.860886][ T5762] active_file 0 [ 195.860886][ T5762] unevictable 0 [ 195.860886][ T5762] slab_reclaimable 6752 [ 195.860886][ T5762] slab_unreclaimable 0 [ 195.860886][ T5762] slab 6752 [ 195.860886][ T5762] workingset_refault_anon 0 [ 195.959231][ T5762] Tasks state (memory values in pages): [pid 5766] write(6, "0x000000000000040e", 18 [pid 5762] <... write resumed>) = 18 [pid 5762] close(3) = 0 [pid 5762] close(4) = 0 [pid 5762] close(5) = 0 [pid 5762] close(6) = 0 [pid 5762] close(7) = -1 EBADF (Bad file descriptor) [pid 5762] close(8) = -1 EBADF (Bad file descriptor) [pid 5762] close(9) = -1 EBADF (Bad file descriptor) [pid 5762] close(10) = -1 EBADF (Bad file descriptor) [pid 5762] close(11) = -1 EBADF (Bad file descriptor) [pid 5762] close(12) = -1 EBADF (Bad file descriptor) [pid 5762] close(13) = -1 EBADF (Bad file descriptor) [pid 5762] close(14) = -1 EBADF (Bad file descriptor) [pid 5762] close(15) = -1 EBADF (Bad file descriptor) [pid 5762] close(16) = -1 EBADF (Bad file descriptor) [pid 5762] close(17) = -1 EBADF (Bad file descriptor) [pid 5762] close(18) = -1 EBADF (Bad file descriptor) [pid 5762] close(19) = -1 EBADF (Bad file descriptor) [pid 5762] close(20) = -1 EBADF (Bad file descriptor) [pid 5762] close(21) = -1 EBADF (Bad file descriptor) [pid 5762] close(22) = -1 EBADF (Bad file descriptor) [pid 5762] close(23) = -1 EBADF (Bad file descriptor) [pid 5762] close(24) = -1 EBADF (Bad file descriptor) [pid 5762] close(25) = -1 EBADF (Bad file descriptor) [pid 5762] close(26) = -1 EBADF (Bad file descriptor) [pid 5762] close(27) = -1 EBADF (Bad file descriptor) [ 195.964995][ T5762] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 195.975633][ T5762] Out of memory and no killable processes... [ 195.982147][ T5763] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 195.993790][ T5763] CPU: 0 PID: 5763 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 196.004290][ T5763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 196.014385][ T5763] Call Trace: [pid 5762] close(28) = -1 EBADF (Bad file descriptor) [pid 5762] close(29) = -1 EBADF (Bad file descriptor) [pid 5762] exit_group(0) = ? [pid 5762] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./44/binderfs") = 0 [pid 5072] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./44/cgroup") = 0 [pid 5072] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./44/cgroup.net") = 0 [ 196.017704][ T5763] [ 196.020675][ T5763] dump_stack_lvl+0x1e7/0x2d0 [ 196.025406][ T5763] ? nf_tcp_handle_invalid+0x640/0x640 [ 196.030913][ T5763] ? panic+0x770/0x770 [ 196.035093][ T5763] dump_header+0xdc/0x940 [ 196.039483][ T5763] out_of_memory+0xf21/0x12c0 [ 196.044244][ T5763] ? mutex_lock_io_nested+0x60/0x60 [ 196.049502][ T5763] ? mark_lock+0x9a/0x340 [ 196.053867][ T5763] ? unregister_oom_notifier+0x20/0x20 [ 196.059354][ T5763] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 196.065385][ T5763] mem_cgroup_out_of_memory+0x263/0x3b0 [ 196.070969][ T5763] ? mem_cgroup_oom_trylock+0x210/0x210 [ 196.076583][ T5763] ? cgroup_file_notify+0x127/0x190 [ 196.081830][ T5763] memory_max_write+0x355/0x470 [ 196.086725][ T5763] ? memory_max_show+0xa0/0xa0 [ 196.091525][ T5763] ? read_lock_is_recursive+0x20/0x20 [ 196.096926][ T5763] ? memory_max_show+0xa0/0xa0 [ 196.101741][ T5763] cgroup_file_write+0x2b1/0x780 [ 196.106729][ T5763] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.111871][ T5763] ? __virt_addr_valid+0x22f/0x2e0 [ 196.117029][ T5763] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.122178][ T5763] kernfs_fop_write_iter+0x3a6/0x4f0 [ 196.127528][ T5763] vfs_write+0x7b2/0xbb0 [ 196.131835][ T5763] ? file_end_write+0x240/0x240 [ 196.136744][ T5763] ? do_raw_spin_unlock+0x13b/0x8b0 [ 196.141979][ T5763] ? lockdep_hardirqs_on+0x98/0x140 [ 196.147212][ T5763] ? __fdget_pos+0x265/0x2f0 [ 196.151842][ T5763] ksys_write+0x1a0/0x2c0 [ 196.156193][ T5763] ? __ia32_sys_read+0x90/0x90 [ 196.160982][ T5763] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 196.167002][ T5763] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 196.173021][ T5763] do_syscall_64+0x41/0xc0 [ 196.177481][ T5763] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 196.183424][ T5763] RIP: 0033:0x7fd49ce20129 [ 196.187859][ T5763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 196.207508][ T5763] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5072] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 196.215985][ T5763] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 196.224009][ T5763] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 196.232021][ T5763] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 196.240029][ T5763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 196.248040][ T5763] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000032 [ 196.256061][ T5763] [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./44/file0") = 0 [pid 5072] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./44/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./44") = 0 [pid 5072] mkdir("./45", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 47 [ 196.268697][ T5763] memory: usage 8kB, limit 0kB, failcnt 55 [ 196.274706][ T5763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 196.282155][ T5763] Memory cgroup stats for /syz1: [ 196.282418][ T5763] anon 0 [ 196.282418][ T5763] file 0 [ 196.282418][ T5763] kernel 8192 [ 196.282418][ T5763] kernel_stack 0 [ 196.282418][ T5763] pagetables 0 [ 196.282418][ T5763] sec_pagetables 0 [ 196.282418][ T5763] percpu 0 [ 196.282418][ T5763] sock 0 [ 196.282418][ T5763] vmalloc 0 [ 196.282418][ T5763] shmem 0 ./strace-static-x86_64: Process 5767 attached [pid 5767] chdir("./45") = 0 [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5767] setpgid(0, 0) = 0 [pid 5767] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5767] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5767] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [pid 5767] symlink("/dev/binderfs", "./binderfs") = 0 [ 196.282418][ T5763] zswap 0 [ 196.282418][ T5763] zswapped 0 [ 196.282418][ T5763] file_mapped 0 [ 196.282418][ T5763] file_dirty 0 [ 196.282418][ T5763] file_writeback 0 [ 196.282418][ T5763] swapcached 0 [ 196.282418][ T5763] anon_thp 0 [ 196.282418][ T5763] file_thp 0 [ 196.282418][ T5763] shmem_thp 0 [ 196.282418][ T5763] inactive_anon 0 [ 196.282418][ T5763] active_anon 0 [ 196.282418][ T5763] inactive_file 0 [ 196.282418][ T5763] active_file 0 [ 196.282418][ T5763] unevictable 0 [ 196.282418][ T5763] slab_reclaimable 6752 [pid 5767] mkdir("./file0", 000) = 0 [pid 5767] open("./file0", O_RDONLY) = 3 [pid 5767] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5767] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5767] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5767] openat(5, "memory.max", O_RDWR) = 6 [ 196.282418][ T5763] slab_unreclaimable 0 [ 196.282418][ T5763] slab 6752 [ 196.282418][ T5763] workingset_refault_anon 0 [ 196.389551][ T5763] Tasks state (memory values in pages): [ 196.395165][ T5763] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 196.409446][ T5763] Out of memory and no killable processes... [pid 5767] write(6, "0x000000000000040e", 18 [pid 5763] <... write resumed>) = 18 [pid 5763] close(3) = 0 [pid 5763] close(4) = 0 [pid 5763] close(5) = 0 [pid 5763] close(6) = 0 [pid 5763] close(7) = -1 EBADF (Bad file descriptor) [pid 5763] close(8) = -1 EBADF (Bad file descriptor) [pid 5763] close(9) = -1 EBADF (Bad file descriptor) [pid 5763] close(10) = -1 EBADF (Bad file descriptor) [pid 5763] close(11) = -1 EBADF (Bad file descriptor) [pid 5763] close(12) = -1 EBADF (Bad file descriptor) [pid 5763] close(13) = -1 EBADF (Bad file descriptor) [pid 5763] close(14) = -1 EBADF (Bad file descriptor) [pid 5763] close(15) = -1 EBADF (Bad file descriptor) [pid 5763] close(16) = -1 EBADF (Bad file descriptor) [pid 5763] close(17) = -1 EBADF (Bad file descriptor) [pid 5763] close(18) = -1 EBADF (Bad file descriptor) [pid 5763] close(19) = -1 EBADF (Bad file descriptor) [pid 5763] close(20) = -1 EBADF (Bad file descriptor) [pid 5763] close(21) = -1 EBADF (Bad file descriptor) [pid 5763] close(22) = -1 EBADF (Bad file descriptor) [pid 5763] close(23) = -1 EBADF (Bad file descriptor) [pid 5763] close(24) = -1 EBADF (Bad file descriptor) [pid 5763] close(25) = -1 EBADF (Bad file descriptor) [pid 5763] close(26) = -1 EBADF (Bad file descriptor) [ 196.415532][ T5765] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 196.430527][ T5765] CPU: 0 PID: 5765 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 196.441010][ T5765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 196.451109][ T5765] Call Trace: [ 196.454429][ T5765] [ 196.457402][ T5765] dump_stack_lvl+0x1e7/0x2d0 [ 196.462144][ T5765] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5763] close(27) = -1 EBADF (Bad file descriptor) [pid 5763] close(28) = -1 EBADF (Bad file descriptor) [pid 5763] close(29) = -1 EBADF (Bad file descriptor) [pid 5763] exit_group(0) = ? [pid 5763] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5075] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./50/binderfs") = 0 [pid 5075] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./50/cgroup") = 0 [pid 5075] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./50/cgroup.net") = 0 [ 196.467664][ T5765] ? panic+0x770/0x770 [ 196.471822][ T5765] dump_header+0xdc/0x940 [ 196.476268][ T5765] out_of_memory+0xf21/0x12c0 [ 196.481037][ T5765] ? mutex_lock_io_nested+0x60/0x60 [ 196.486297][ T5765] ? mark_lock+0x9a/0x340 [ 196.490691][ T5765] ? unregister_oom_notifier+0x20/0x20 [ 196.496202][ T5765] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 196.502277][ T5765] mem_cgroup_out_of_memory+0x263/0x3b0 [ 196.507895][ T5765] ? mem_cgroup_oom_trylock+0x210/0x210 [ 196.513527][ T5765] ? cgroup_file_notify+0x127/0x190 [ 196.518783][ T5765] memory_max_write+0x355/0x470 [ 196.523696][ T5765] ? memory_max_show+0xa0/0xa0 [ 196.528501][ T5765] ? read_lock_is_recursive+0x20/0x20 [ 196.533932][ T5765] ? memory_max_show+0xa0/0xa0 [ 196.538750][ T5765] cgroup_file_write+0x2b1/0x780 [ 196.543740][ T5765] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.548906][ T5765] ? __virt_addr_valid+0x22f/0x2e0 [ 196.554066][ T5765] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.559196][ T5765] kernfs_fop_write_iter+0x3a6/0x4f0 [ 196.564539][ T5765] vfs_write+0x7b2/0xbb0 [ 196.568846][ T5765] ? file_end_write+0x240/0x240 [ 196.573756][ T5765] ? do_raw_spin_unlock+0x13b/0x8b0 [ 196.579001][ T5765] ? lockdep_hardirqs_on+0x98/0x140 [ 196.584259][ T5765] ? __fdget_pos+0x265/0x2f0 [ 196.588906][ T5765] ksys_write+0x1a0/0x2c0 [ 196.593377][ T5765] ? __ia32_sys_read+0x90/0x90 [ 196.598189][ T5765] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 196.604224][ T5765] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 196.610272][ T5765] do_syscall_64+0x41/0xc0 [ 196.614744][ T5765] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 196.620692][ T5765] RIP: 0033:0x7fd49ce20129 [ 196.625127][ T5765] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 196.644774][ T5765] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 196.653243][ T5765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 196.661264][ T5765] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 196.669256][ T5765] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 196.677289][ T5765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 196.685315][ T5765] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002c [ 196.693376][ T5765] [ 196.699356][ T5765] memory: usage 8kB, limit 0kB, failcnt 55 [ 196.705405][ T5765] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 196.717762][ T5765] Memory cgroup stats for /syz1: [ 196.717985][ T5765] anon 0 [ 196.717985][ T5765] file 0 [ 196.717985][ T5765] kernel 8192 [ 196.717985][ T5765] kernel_stack 0 [ 196.717985][ T5765] pagetables 0 [ 196.717985][ T5765] sec_pagetables 0 [ 196.717985][ T5765] percpu 0 [ 196.717985][ T5765] sock 0 [ 196.717985][ T5765] vmalloc 0 [ 196.717985][ T5765] shmem 0 [ 196.717985][ T5765] zswap 0 [ 196.717985][ T5765] zswapped 0 [ 196.717985][ T5765] file_mapped 0 [ 196.717985][ T5765] file_dirty 0 [ 196.717985][ T5765] file_writeback 0 [pid 5075] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./50/file0") = 0 [pid 5075] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./50/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./50") = 0 [pid 5075] mkdir("./51", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5768 attached [pid 5768] chdir("./51" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 53 [pid 5768] <... chdir resumed>) = 0 [pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5768] setpgid(0, 0) = 0 [pid 5768] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5768] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5768] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] write(3, "1000", 4) = 4 [pid 5768] close(3) = 0 [pid 5768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5768] mkdir("./file0", 000) = 0 [pid 5768] open("./file0", O_RDONLY) = 3 [pid 5768] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5768] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5768] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5768] openat(5, "memory.max", O_RDWR) = 6 [ 196.717985][ T5765] swapcached 0 [ 196.717985][ T5765] anon_thp 0 [ 196.717985][ T5765] file_thp 0 [ 196.717985][ T5765] shmem_thp 0 [ 196.717985][ T5765] inactive_anon 0 [ 196.717985][ T5765] active_anon 0 [ 196.717985][ T5765] inactive_file 0 [ 196.717985][ T5765] active_file 0 [ 196.717985][ T5765] unevictable 0 [ 196.717985][ T5765] slab_reclaimable 6752 [ 196.717985][ T5765] slab_unreclaimable 0 [ 196.717985][ T5765] slab 6752 [ 196.717985][ T5765] workingset_refault_anon 0 [pid 5768] write(6, "0x000000000000040e", 18 [pid 5765] <... write resumed>) = 18 [pid 5765] close(3) = 0 [pid 5765] close(4) = 0 [pid 5765] close(5) = 0 [pid 5765] close(6) = 0 [pid 5765] close(7) = -1 EBADF (Bad file descriptor) [pid 5765] close(8) = -1 EBADF (Bad file descriptor) [pid 5765] close(9) = -1 EBADF (Bad file descriptor) [pid 5765] close(10) = -1 EBADF (Bad file descriptor) [pid 5765] close(11) = -1 EBADF (Bad file descriptor) [pid 5765] close(12) = -1 EBADF (Bad file descriptor) [pid 5765] close(13) = -1 EBADF (Bad file descriptor) [pid 5765] close(14) = -1 EBADF (Bad file descriptor) [pid 5765] close(15) = -1 EBADF (Bad file descriptor) [pid 5765] close(16) = -1 EBADF (Bad file descriptor) [pid 5765] close(17) = -1 EBADF (Bad file descriptor) [pid 5765] close(18) = -1 EBADF (Bad file descriptor) [pid 5765] close(19) = -1 EBADF (Bad file descriptor) [pid 5765] close(20) = -1 EBADF (Bad file descriptor) [pid 5765] close(21) = -1 EBADF (Bad file descriptor) [pid 5765] close(22) = -1 EBADF (Bad file descriptor) [pid 5765] close(23) = -1 EBADF (Bad file descriptor) [pid 5765] close(24) = -1 EBADF (Bad file descriptor) [pid 5765] close(25) = -1 EBADF (Bad file descriptor) [pid 5765] close(26) = -1 EBADF (Bad file descriptor) [pid 5765] close(27) = -1 EBADF (Bad file descriptor) [pid 5765] close(28) = -1 EBADF (Bad file descriptor) [pid 5765] close(29) = -1 EBADF (Bad file descriptor) [pid 5765] exit_group(0) = ? [pid 5765] +++ exited with 0 +++ [ 196.817488][ T5765] Tasks state (memory values in pages): [ 196.823091][ T5765] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 196.834262][ T5765] Out of memory and no killable processes... [ 196.841056][ T5764] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./44/binderfs") = 0 [pid 5070] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./44/cgroup") = 0 [pid 5070] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./44/cgroup.net") = 0 [ 196.863379][ T5764] CPU: 0 PID: 5764 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 196.873886][ T5764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 196.883986][ T5764] Call Trace: [ 196.887306][ T5764] [ 196.890277][ T5764] dump_stack_lvl+0x1e7/0x2d0 [ 196.895014][ T5764] ? nf_tcp_handle_invalid+0x640/0x640 [ 196.900529][ T5764] ? panic+0x770/0x770 [ 196.904666][ T5764] dump_header+0xdc/0x940 [ 196.909063][ T5764] out_of_memory+0xf21/0x12c0 [ 196.913808][ T5764] ? mutex_lock_io_nested+0x60/0x60 [ 196.919078][ T5764] ? preempt_schedule+0xdd/0xf0 [ 196.923984][ T5764] ? unregister_oom_notifier+0x20/0x20 [ 196.929496][ T5764] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 196.935558][ T5764] mem_cgroup_out_of_memory+0x263/0x3b0 [ 196.941140][ T5764] ? preempt_schedule_thunk+0x1a/0x20 [ 196.946567][ T5764] ? mem_cgroup_oom_trylock+0x210/0x210 [ 196.952185][ T5764] ? cgroup_file_notify+0x127/0x190 [ 196.957458][ T5764] memory_max_write+0x355/0x470 [ 196.962377][ T5764] ? memory_max_show+0xa0/0xa0 [ 196.967194][ T5764] ? read_lock_is_recursive+0x20/0x20 [ 196.972709][ T5764] ? memory_max_show+0xa0/0xa0 [ 196.977535][ T5764] cgroup_file_write+0x2b1/0x780 [ 196.982525][ T5764] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.987681][ T5764] ? __virt_addr_valid+0x22f/0x2e0 [ 196.992839][ T5764] ? cgroup_seqfile_stop+0xd0/0xd0 [ 196.997960][ T5764] kernfs_fop_write_iter+0x3a6/0x4f0 [ 197.003265][ T5764] vfs_write+0x7b2/0xbb0 [ 197.007547][ T5764] ? file_end_write+0x240/0x240 [ 197.012473][ T5764] ? do_raw_spin_unlock+0x13b/0x8b0 [ 197.017724][ T5764] ? lockdep_hardirqs_on+0x98/0x140 [ 197.022987][ T5764] ? __fdget_pos+0x265/0x2f0 [ 197.027637][ T5764] ksys_write+0x1a0/0x2c0 [ 197.032024][ T5764] ? __ia32_sys_read+0x90/0x90 [ 197.036838][ T5764] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 197.042873][ T5764] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 197.048908][ T5764] do_syscall_64+0x41/0xc0 [ 197.053363][ T5764] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 197.059291][ T5764] RIP: 0033:0x7fd49ce20129 [ 197.063748][ T5764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.083389][ T5764] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.091861][ T5764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 197.099875][ T5764] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 197.107878][ T5764] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 197.115873][ T5764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 197.123883][ T5764] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000034 [ 197.131924][ T5764] [ 197.138539][ T5764] memory: usage 8kB, limit 0kB, failcnt 55 [ 197.144507][ T5764] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 197.153263][ T5764] Memory cgroup stats for /syz1: [ 197.153488][ T5764] anon 0 [ 197.153488][ T5764] file 0 [ 197.153488][ T5764] kernel 8192 [ 197.153488][ T5764] kernel_stack 0 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./44/file0") = 0 [pid 5070] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./44/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./44") = 0 [pid 5070] mkdir("./45", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 47 [ 197.153488][ T5764] pagetables 0 [ 197.153488][ T5764] sec_pagetables 0 [ 197.153488][ T5764] percpu 0 [ 197.153488][ T5764] sock 0 [ 197.153488][ T5764] vmalloc 0 [ 197.153488][ T5764] shmem 0 [ 197.153488][ T5764] zswap 0 [ 197.153488][ T5764] zswapped 0 [ 197.153488][ T5764] file_mapped 0 [ 197.153488][ T5764] file_dirty 0 [ 197.153488][ T5764] file_writeback 0 [ 197.153488][ T5764] swapcached 0 [ 197.153488][ T5764] anon_thp 0 [ 197.153488][ T5764] file_thp 0 [ 197.153488][ T5764] shmem_thp 0 [ 197.153488][ T5764] inactive_anon 0 ./strace-static-x86_64: Process 5769 attached [pid 5769] chdir("./45") = 0 [ 197.153488][ T5764] active_anon 0 [ 197.153488][ T5764] inactive_file 0 [ 197.153488][ T5764] active_file 0 [ 197.153488][ T5764] unevictable 0 [ 197.153488][ T5764] slab_reclaimable 6752 [ 197.153488][ T5764] slab_unreclaimable 0 [ 197.153488][ T5764] slab 6752 [ 197.153488][ T5764] workingset_refault_anon 0 [ 197.254426][ T5764] Tasks state (memory values in pages): [ 197.260267][ T5764] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5764] <... write resumed>) = 18 [ 197.270105][ T5764] Out of memory and no killable processes... [ 197.276341][ T5766] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 197.289863][ T5766] CPU: 1 PID: 5766 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 197.300344][ T5766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 197.310442][ T5766] Call Trace: [ 197.313784][ T5766] [ 197.316764][ T5766] dump_stack_lvl+0x1e7/0x2d0 [pid 5769] setpgid(0, 0 [pid 5764] close(3 [pid 5769] <... setpgid resumed>) = 0 [pid 5764] <... close resumed>) = 0 [pid 5769] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5764] close(4) = 0 [pid 5764] close(5 [pid 5769] <... symlink resumed>) = 0 [pid 5764] <... close resumed>) = 0 [pid 5764] close(6) = 0 [pid 5764] close(7) = -1 EBADF (Bad file descriptor) [pid 5764] close(8) = -1 EBADF (Bad file descriptor) [pid 5764] close(9) = -1 EBADF (Bad file descriptor) [pid 5769] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5764] close(10 [pid 5769] <... symlink resumed>) = 0 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] close(11) = -1 EBADF (Bad file descriptor) [pid 5764] close(12 [pid 5769] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] <... symlink resumed>) = 0 [pid 5764] close(13) = -1 EBADF (Bad file descriptor) [pid 5764] close(14) = -1 EBADF (Bad file descriptor) [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5764] close(15 [pid 5769] <... openat resumed>) = 3 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] close(16) = -1 EBADF (Bad file descriptor) [pid 5764] close(17 [pid 5769] write(3, "1000", 4 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] <... write resumed>) = 4 [pid 5764] close(18 [pid 5769] close(3 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] <... close resumed>) = 0 [pid 5764] close(19 [pid 5769] symlink("/dev/binderfs", "./binderfs" [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] <... symlink resumed>) = 0 [pid 5764] close(20 [pid 5769] mkdir("./file0", 000 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] <... mkdir resumed>) = 0 [pid 5764] close(21) = -1 EBADF (Bad file descriptor) [pid 5764] close(22) = -1 EBADF (Bad file descriptor) [pid 5764] close(23) = -1 EBADF (Bad file descriptor) [pid 5764] close(24) = -1 EBADF (Bad file descriptor) [pid 5764] close(25) = -1 EBADF (Bad file descriptor) [pid 5764] close(26) = -1 EBADF (Bad file descriptor) [pid 5769] open("./file0", O_RDONLY [pid 5764] close(27 [pid 5769] <... open resumed>) = 3 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5769] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5764] close(28 [pid 5769] <... mount resumed>) = 0 [pid 5764] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5764] close(29) = -1 EBADF (Bad file descriptor) [pid 5769] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5764] exit_group(0 [pid 5769] <... openat resumed>) = 4 [pid 5764] <... exit_group resumed>) = ? [pid 5769] openat(4, "syz1", O_RDWR|O_PATH [pid 5764] +++ exited with 0 +++ [pid 5769] <... openat resumed>) = 5 [pid 5769] openat(5, "memory.max", O_RDWR) = 6 [pid 5769] write(6, "0x000000000000040e", 18 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./52/binderfs") = 0 [ 197.321499][ T5766] ? nf_tcp_handle_invalid+0x640/0x640 [ 197.327010][ T5766] ? panic+0x770/0x770 [ 197.331142][ T5766] dump_header+0xdc/0x940 [ 197.335532][ T5766] out_of_memory+0xf21/0x12c0 [ 197.340274][ T5766] ? mutex_lock_io_nested+0x60/0x60 [ 197.345530][ T5766] ? mark_lock+0x9a/0x340 [ 197.349896][ T5766] ? unregister_oom_notifier+0x20/0x20 [ 197.355370][ T5766] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 197.361374][ T5766] mem_cgroup_out_of_memory+0x263/0x3b0 [ 197.366936][ T5766] ? mem_cgroup_oom_trylock+0x210/0x210 [pid 5074] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./52/cgroup") = 0 [pid 5074] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./52/cgroup.net") = 0 [ 197.372504][ T5766] ? cgroup_file_notify+0x127/0x190 [ 197.377717][ T5766] memory_max_write+0x355/0x470 [ 197.382584][ T5766] ? memory_max_show+0xa0/0xa0 [ 197.387371][ T5766] ? read_lock_is_recursive+0x20/0x20 [ 197.392797][ T5766] ? memory_max_show+0xa0/0xa0 [ 197.397595][ T5766] cgroup_file_write+0x2b1/0x780 [ 197.402547][ T5766] ? cgroup_seqfile_stop+0xd0/0xd0 [ 197.407680][ T5766] ? __virt_addr_valid+0x22f/0x2e0 [ 197.412811][ T5766] ? cgroup_seqfile_stop+0xd0/0xd0 [ 197.417929][ T5766] kernfs_fop_write_iter+0x3a6/0x4f0 [ 197.423239][ T5766] vfs_write+0x7b2/0xbb0 [ 197.427499][ T5766] ? file_end_write+0x240/0x240 [ 197.432362][ T5766] ? do_raw_spin_unlock+0x13b/0x8b0 [ 197.437588][ T5766] ? lockdep_hardirqs_on+0x98/0x140 [ 197.442840][ T5766] ? __fdget_pos+0x265/0x2f0 [ 197.447465][ T5766] ksys_write+0x1a0/0x2c0 [ 197.451805][ T5766] ? __ia32_sys_read+0x90/0x90 [ 197.456583][ T5766] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 197.462575][ T5766] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 197.468570][ T5766] do_syscall_64+0x41/0xc0 [ 197.473003][ T5766] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 197.478907][ T5766] RIP: 0033:0x7fd49ce20129 [ 197.483327][ T5766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.502943][ T5766] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.511363][ T5766] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5074] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 197.519337][ T5766] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 197.527308][ T5766] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 197.535280][ T5766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 197.543271][ T5766] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000030 [ 197.551286][ T5766] [ 197.558337][ T5766] memory: usage 8kB, limit 0kB, failcnt 55 [ 197.567537][ T5766] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5074] rmdir("./52/file0") = 0 [pid 5074] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./52/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./52") = 0 [pid 5074] mkdir("./53", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 55 ./strace-static-x86_64: Process 5770 attached [ 197.575243][ T5766] Memory cgroup stats for /syz1: [ 197.575459][ T5766] anon 0 [ 197.575459][ T5766] file 0 [ 197.575459][ T5766] kernel 8192 [ 197.575459][ T5766] kernel_stack 0 [ 197.575459][ T5766] pagetables 0 [ 197.575459][ T5766] sec_pagetables 0 [ 197.575459][ T5766] percpu 0 [ 197.575459][ T5766] sock 0 [ 197.575459][ T5766] vmalloc 0 [ 197.575459][ T5766] shmem 0 [ 197.575459][ T5766] zswap 0 [ 197.575459][ T5766] zswapped 0 [ 197.575459][ T5766] file_mapped 0 [ 197.575459][ T5766] file_dirty 0 [pid 5770] chdir("./53") = 0 [pid 5770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5770] setpgid(0, 0) = 0 [pid 5770] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5770] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5770] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5770] write(3, "1000", 4) = 4 [pid 5770] close(3) = 0 [pid 5770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5770] mkdir("./file0", 000) = 0 [pid 5770] open("./file0", O_RDONLY) = 3 [pid 5770] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5770] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5770] openat(5, "memory.max", O_RDWR) = 6 [ 197.575459][ T5766] file_writeback 0 [ 197.575459][ T5766] swapcached 0 [ 197.575459][ T5766] anon_thp 0 [ 197.575459][ T5766] file_thp 0 [ 197.575459][ T5766] shmem_thp 0 [ 197.575459][ T5766] inactive_anon 0 [ 197.575459][ T5766] active_anon 0 [ 197.575459][ T5766] inactive_file 0 [ 197.575459][ T5766] active_file 0 [ 197.575459][ T5766] unevictable 0 [ 197.575459][ T5766] slab_reclaimable 6752 [ 197.575459][ T5766] slab_unreclaimable 0 [ 197.575459][ T5766] slab 6752 [ 197.575459][ T5766] workingset_refault_anon 0 [pid 5770] write(6, "0x000000000000040e", 18 [pid 5766] <... write resumed>) = 18 [pid 5766] close(3) = 0 [pid 5766] close(4) = 0 [pid 5766] close(5) = 0 [pid 5766] close(6) = 0 [pid 5766] close(7) = -1 EBADF (Bad file descriptor) [pid 5766] close(8) = -1 EBADF (Bad file descriptor) [pid 5766] close(9) = -1 EBADF (Bad file descriptor) [pid 5766] close(10) = -1 EBADF (Bad file descriptor) [pid 5766] close(11) = -1 EBADF (Bad file descriptor) [ 197.678540][ T5766] Tasks state (memory values in pages): [ 197.684144][ T5766] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 197.695494][ T5766] Out of memory and no killable processes... [ 197.702107][ T5767] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 197.715454][ T5767] CPU: 0 PID: 5767 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5766] close(12) = -1 EBADF (Bad file descriptor) [pid 5766] close(13) = -1 EBADF (Bad file descriptor) [pid 5766] close(14) = -1 EBADF (Bad file descriptor) [pid 5766] close(15) = -1 EBADF (Bad file descriptor) [pid 5766] close(16) = -1 EBADF (Bad file descriptor) [pid 5766] close(17) = -1 EBADF (Bad file descriptor) [pid 5766] close(18) = -1 EBADF (Bad file descriptor) [pid 5766] close(19) = -1 EBADF (Bad file descriptor) [pid 5766] close(20) = -1 EBADF (Bad file descriptor) [pid 5766] close(21) = -1 EBADF (Bad file descriptor) [pid 5766] close(22) = -1 EBADF (Bad file descriptor) [pid 5766] close(23) = -1 EBADF (Bad file descriptor) [pid 5766] close(24) = -1 EBADF (Bad file descriptor) [pid 5766] close(25) = -1 EBADF (Bad file descriptor) [pid 5766] close(26) = -1 EBADF (Bad file descriptor) [pid 5766] close(27) = -1 EBADF (Bad file descriptor) [pid 5766] close(28) = -1 EBADF (Bad file descriptor) [pid 5766] close(29) = -1 EBADF (Bad file descriptor) [pid 5766] exit_group(0) = ? [pid 5766] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 197.725920][ T5767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 197.736013][ T5767] Call Trace: [ 197.739331][ T5767] [ 197.742302][ T5767] dump_stack_lvl+0x1e7/0x2d0 [ 197.747050][ T5767] ? nf_tcp_handle_invalid+0x640/0x640 [ 197.752561][ T5767] ? panic+0x770/0x770 [ 197.756700][ T5767] dump_header+0xdc/0x940 [ 197.761086][ T5767] out_of_memory+0xf21/0x12c0 [ 197.765820][ T5767] ? mutex_lock_io_nested+0x60/0x60 [ 197.771081][ T5767] ? preempt_schedule+0xdd/0xf0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./48/binderfs") = 0 [pid 5073] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./48/cgroup") = 0 [pid 5073] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./48/cgroup.net") = 0 [ 197.775985][ T5767] ? unregister_oom_notifier+0x20/0x20 [ 197.781494][ T5767] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 197.787543][ T5767] mem_cgroup_out_of_memory+0x263/0x3b0 [ 197.793144][ T5767] ? preempt_schedule_thunk+0x1a/0x20 [ 197.798576][ T5767] ? mem_cgroup_oom_trylock+0x210/0x210 [ 197.804201][ T5767] ? cgroup_file_notify+0x127/0x190 [ 197.809467][ T5767] memory_max_write+0x355/0x470 [ 197.814385][ T5767] ? memory_max_show+0xa0/0xa0 [ 197.819202][ T5767] ? read_lock_is_recursive+0x20/0x20 [ 197.824623][ T5767] ? memory_max_show+0xa0/0xa0 [ 197.829418][ T5767] cgroup_file_write+0x2b1/0x780 [ 197.834412][ T5767] ? cgroup_seqfile_stop+0xd0/0xd0 [ 197.839578][ T5767] ? __virt_addr_valid+0x22f/0x2e0 [ 197.844738][ T5767] ? cgroup_seqfile_stop+0xd0/0xd0 [ 197.849860][ T5767] kernfs_fop_write_iter+0x3a6/0x4f0 [ 197.855166][ T5767] vfs_write+0x7b2/0xbb0 [ 197.859450][ T5767] ? file_end_write+0x240/0x240 [ 197.864358][ T5767] ? do_raw_spin_unlock+0x13b/0x8b0 [ 197.869615][ T5767] ? lockdep_hardirqs_on+0x98/0x140 [ 197.874888][ T5767] ? __fdget_pos+0x265/0x2f0 [ 197.879522][ T5767] ksys_write+0x1a0/0x2c0 [ 197.883884][ T5767] ? __ia32_sys_read+0x90/0x90 [ 197.888697][ T5767] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 197.894730][ T5767] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 197.900747][ T5767] do_syscall_64+0x41/0xc0 [ 197.905302][ T5767] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 197.911244][ T5767] RIP: 0033:0x7fd49ce20129 [ 197.915697][ T5767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.935374][ T5767] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.943826][ T5767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 197.951824][ T5767] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 197.959838][ T5767] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 197.967849][ T5767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./48/file0") = 0 [ 197.975861][ T5767] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002d [ 197.983908][ T5767] [ 198.000340][ T5767] memory: usage 8kB, limit 0kB, failcnt 55 [ 198.006231][ T5767] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.013217][ T5767] Memory cgroup stats for /syz1: [ 198.013422][ T5767] anon 0 [ 198.013422][ T5767] file 0 [ 198.013422][ T5767] kernel 8192 [ 198.013422][ T5767] kernel_stack 0 [pid 5073] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./48/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./48") = 0 [pid 5073] mkdir("./49", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 51 [ 198.013422][ T5767] pagetables 0 [ 198.013422][ T5767] sec_pagetables 0 [ 198.013422][ T5767] percpu 0 [ 198.013422][ T5767] sock 0 [ 198.013422][ T5767] vmalloc 0 [ 198.013422][ T5767] shmem 0 [ 198.013422][ T5767] zswap 0 [ 198.013422][ T5767] zswapped 0 [ 198.013422][ T5767] file_mapped 0 [ 198.013422][ T5767] file_dirty 0 [ 198.013422][ T5767] file_writeback 0 [ 198.013422][ T5767] swapcached 0 [ 198.013422][ T5767] anon_thp 0 [ 198.013422][ T5767] file_thp 0 [ 198.013422][ T5767] shmem_thp 0 [ 198.013422][ T5767] inactive_anon 0 ./strace-static-x86_64: Process 5771 attached [pid 5771] chdir("./49") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5771] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5771] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5771] write(3, "1000", 4) = 4 [pid 5771] close(3) = 0 [pid 5771] symlink("/dev/binderfs", "./binderfs") = 0 [ 198.013422][ T5767] active_anon 0 [ 198.013422][ T5767] inactive_file 0 [ 198.013422][ T5767] active_file 0 [ 198.013422][ T5767] unevictable 0 [ 198.013422][ T5767] slab_reclaimable 6752 [ 198.013422][ T5767] slab_unreclaimable 0 [ 198.013422][ T5767] slab 6752 [ 198.013422][ T5767] workingset_refault_anon 0 [ 198.111707][ T5767] Tasks state (memory values in pages): [ 198.117552][ T5767] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5771] mkdir("./file0", 000) = 0 [pid 5771] open("./file0", O_RDONLY) = 3 [pid 5771] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5771] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5771] openat(4, "syz1", O_RDWR|O_PATH [pid 5767] <... write resumed>) = 18 [pid 5771] <... openat resumed>) = 5 [pid 5767] close(3 [pid 5771] openat(5, "memory.max", O_RDWR [pid 5767] <... close resumed>) = 0 [pid 5767] close(4) = 0 [pid 5767] close(5) = 0 [pid 5767] close(6) = 0 [pid 5767] close(7) = -1 EBADF (Bad file descriptor) [pid 5767] close(8) = -1 EBADF (Bad file descriptor) [pid 5767] close(9) = -1 EBADF (Bad file descriptor) [pid 5767] close(10) = -1 EBADF (Bad file descriptor) [pid 5767] close(11) = -1 EBADF (Bad file descriptor) [pid 5767] close(12) = -1 EBADF (Bad file descriptor) [pid 5767] close(13) = -1 EBADF (Bad file descriptor) [pid 5767] close(14) = -1 EBADF (Bad file descriptor) [pid 5767] close(15) = -1 EBADF (Bad file descriptor) [pid 5767] close(16) = -1 EBADF (Bad file descriptor) [pid 5767] close(17) = -1 EBADF (Bad file descriptor) [pid 5767] close(18) = -1 EBADF (Bad file descriptor) [pid 5767] close(19) = -1 EBADF (Bad file descriptor) [pid 5767] close(20) = -1 EBADF (Bad file descriptor) [pid 5767] close(21) = -1 EBADF (Bad file descriptor) [pid 5767] close(22) = -1 EBADF (Bad file descriptor) [pid 5767] close(23) = -1 EBADF (Bad file descriptor) [pid 5767] close(24) = -1 EBADF (Bad file descriptor) [pid 5767] close(25) = -1 EBADF (Bad file descriptor) [pid 5767] close(26) = -1 EBADF (Bad file descriptor) [pid 5767] close(27) = -1 EBADF (Bad file descriptor) [pid 5767] close(28) = -1 EBADF (Bad file descriptor) [pid 5767] close(29) = -1 EBADF (Bad file descriptor) [pid 5767] exit_group(0) = ? [pid 5767] +++ exited with 0 +++ [pid 5771] <... openat resumed>) = 6 [pid 5771] write(6, "0x000000000000040e", 18 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./45/binderfs") = 0 [pid 5072] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./45/cgroup") = 0 [pid 5072] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./45/cgroup.net") = 0 [ 198.127173][ T5767] Out of memory and no killable processes... [ 198.133247][ T5768] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 198.147199][ T5768] CPU: 1 PID: 5768 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 198.157679][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 198.167772][ T5768] Call Trace: [ 198.171094][ T5768] [ 198.174069][ T5768] dump_stack_lvl+0x1e7/0x2d0 [ 198.178821][ T5768] ? nf_tcp_handle_invalid+0x640/0x640 [ 198.184343][ T5768] ? panic+0x770/0x770 [ 198.188480][ T5768] dump_header+0xdc/0x940 [ 198.192868][ T5768] out_of_memory+0xf21/0x12c0 [ 198.197589][ T5768] ? mutex_lock_io_nested+0x60/0x60 [ 198.202828][ T5768] ? preempt_schedule+0xdd/0xf0 [ 198.207746][ T5768] ? unregister_oom_notifier+0x20/0x20 [ 198.213256][ T5768] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 198.219304][ T5768] mem_cgroup_out_of_memory+0x263/0x3b0 [ 198.224892][ T5768] ? preempt_schedule_thunk+0x1a/0x20 [ 198.230298][ T5768] ? mem_cgroup_oom_trylock+0x210/0x210 [ 198.235918][ T5768] ? cgroup_file_notify+0x127/0x190 [ 198.241181][ T5768] memory_max_write+0x355/0x470 [ 198.246087][ T5768] ? memory_max_show+0xa0/0xa0 [ 198.250885][ T5768] ? read_lock_is_recursive+0x20/0x20 [ 198.256313][ T5768] ? memory_max_show+0xa0/0xa0 [ 198.261118][ T5768] cgroup_file_write+0x2b1/0x780 [ 198.266081][ T5768] ? cgroup_seqfile_stop+0xd0/0xd0 [ 198.271209][ T5768] ? __virt_addr_valid+0x22f/0x2e0 [ 198.276359][ T5768] ? cgroup_seqfile_stop+0xd0/0xd0 [ 198.281487][ T5768] kernfs_fop_write_iter+0x3a6/0x4f0 [ 198.286796][ T5768] vfs_write+0x7b2/0xbb0 [ 198.291066][ T5768] ? file_end_write+0x240/0x240 [ 198.295939][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 198.301156][ T5768] ? lockdep_hardirqs_on+0x98/0x140 [ 198.306378][ T5768] ? __fdget_pos+0x265/0x2f0 [ 198.310988][ T5768] ksys_write+0x1a0/0x2c0 [ 198.315340][ T5768] ? __ia32_sys_read+0x90/0x90 [ 198.320119][ T5768] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 198.326126][ T5768] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 198.332134][ T5768] do_syscall_64+0x41/0xc0 [ 198.336568][ T5768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 198.342490][ T5768] RIP: 0033:0x7fd49ce20129 [ 198.346919][ T5768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.366547][ T5768] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 198.374976][ T5768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 198.382957][ T5768] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 198.390940][ T5768] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 198.398923][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 198.406914][ T5768] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000033 [ 198.414919][ T5768] [pid 5072] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./45/file0") = 0 [pid 5072] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./45/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./45") = 0 [pid 5072] mkdir("./46", 0777) = 0 [ 198.428858][ T5768] memory: usage 8kB, limit 0kB, failcnt 55 [ 198.434734][ T5768] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.444213][ T5768] Memory cgroup stats for /syz1: [ 198.445048][ T5768] anon 0 [ 198.445048][ T5768] file 0 [ 198.445048][ T5768] kernel 8192 [ 198.445048][ T5768] kernel_stack 0 [ 198.445048][ T5768] pagetables 0 [ 198.445048][ T5768] sec_pagetables 0 [ 198.445048][ T5768] percpu 0 [ 198.445048][ T5768] sock 0 [ 198.445048][ T5768] vmalloc 0 [ 198.445048][ T5768] shmem 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5772 attached , child_tidptr=0x5555574ac5d0) = 48 [pid 5772] chdir("./46") = 0 [pid 5772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5772] setpgid(0, 0) = 0 [pid 5772] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5772] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5772] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5772] write(3, "1000", 4) = 4 [pid 5772] close(3) = 0 [pid 5772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5772] mkdir("./file0", 000) = 0 [pid 5772] open("./file0", O_RDONLY) = 3 [ 198.445048][ T5768] zswap 0 [ 198.445048][ T5768] zswapped 0 [ 198.445048][ T5768] file_mapped 0 [ 198.445048][ T5768] file_dirty 0 [ 198.445048][ T5768] file_writeback 0 [ 198.445048][ T5768] swapcached 0 [ 198.445048][ T5768] anon_thp 0 [ 198.445048][ T5768] file_thp 0 [ 198.445048][ T5768] shmem_thp 0 [ 198.445048][ T5768] inactive_anon 0 [ 198.445048][ T5768] active_anon 0 [ 198.445048][ T5768] inactive_file 0 [ 198.445048][ T5768] active_file 0 [ 198.445048][ T5768] unevictable 0 [ 198.445048][ T5768] slab_reclaimable 6752 [pid 5772] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5772] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5772] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5772] openat(5, "memory.max", O_RDWR) = 6 [pid 5772] write(6, "0x000000000000040e", 18 [pid 5768] <... write resumed>) = 18 [ 198.445048][ T5768] slab_unreclaimable 0 [ 198.445048][ T5768] slab 6752 [ 198.445048][ T5768] workingset_refault_anon 0 [ 198.544590][ T5768] Tasks state (memory values in pages): [ 198.550411][ T5768] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 198.560127][ T5768] Out of memory and no killable processes... [ 198.566276][ T5769] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 198.577119][ T5769] CPU: 0 PID: 5769 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 198.587590][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 198.597685][ T5769] Call Trace: [ 198.600992][ T5769] [ 198.603936][ T5769] dump_stack_lvl+0x1e7/0x2d0 [ 198.608640][ T5769] ? nf_tcp_handle_invalid+0x640/0x640 [ 198.614120][ T5769] ? panic+0x770/0x770 [ 198.618220][ T5769] dump_header+0xdc/0x940 [ 198.622571][ T5769] out_of_memory+0xf21/0x12c0 [ 198.627269][ T5769] ? mutex_lock_io_nested+0x60/0x60 [ 198.632496][ T5769] ? preempt_schedule+0xdd/0xf0 [ 198.637377][ T5769] ? unregister_oom_notifier+0x20/0x20 [ 198.642853][ T5769] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 198.648863][ T5769] mem_cgroup_out_of_memory+0x263/0x3b0 [ 198.654427][ T5769] ? preempt_schedule_thunk+0x1a/0x20 [ 198.659822][ T5769] ? mem_cgroup_oom_trylock+0x210/0x210 [ 198.665398][ T5769] ? cgroup_file_notify+0x127/0x190 [ 198.670617][ T5769] memory_max_write+0x355/0x470 [ 198.675494][ T5769] ? memory_max_show+0xa0/0xa0 [ 198.680275][ T5769] ? read_lock_is_recursive+0x20/0x20 [ 198.685676][ T5769] ? memory_max_show+0xa0/0xa0 [ 198.690456][ T5769] cgroup_file_write+0x2b1/0x780 [ 198.695413][ T5769] ? cgroup_seqfile_stop+0xd0/0xd0 [ 198.700533][ T5769] ? __virt_addr_valid+0x22f/0x2e0 [ 198.705668][ T5769] ? cgroup_seqfile_stop+0xd0/0xd0 [ 198.710793][ T5769] kernfs_fop_write_iter+0x3a6/0x4f0 [ 198.716113][ T5769] vfs_write+0x7b2/0xbb0 [ 198.720379][ T5769] ? file_end_write+0x240/0x240 [ 198.725251][ T5769] ? do_raw_spin_unlock+0x13b/0x8b0 [ 198.730468][ T5769] ? lockdep_hardirqs_on+0x98/0x140 [ 198.735691][ T5769] ? __fdget_pos+0x265/0x2f0 [ 198.740305][ T5769] ksys_write+0x1a0/0x2c0 [ 198.744651][ T5769] ? __ia32_sys_read+0x90/0x90 [ 198.749429][ T5769] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 198.755435][ T5769] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 198.761440][ T5769] do_syscall_64+0x41/0xc0 [ 198.765876][ T5769] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 198.771794][ T5769] RIP: 0033:0x7fd49ce20129 [ 198.776227][ T5769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.795845][ T5769] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 198.804284][ T5769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 198.812270][ T5769] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 198.820260][ T5769] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5768] close(3) = 0 [pid 5768] close(4) = 0 [pid 5768] close(5) = 0 [pid 5768] close(6) = 0 [pid 5768] close(7) = -1 EBADF (Bad file descriptor) [pid 5768] close(8) = -1 EBADF (Bad file descriptor) [pid 5768] close(9) = -1 EBADF (Bad file descriptor) [pid 5768] close(10) = -1 EBADF (Bad file descriptor) [pid 5768] close(11) = -1 EBADF (Bad file descriptor) [pid 5768] close(12) = -1 EBADF (Bad file descriptor) [pid 5768] close(13) = -1 EBADF (Bad file descriptor) [pid 5768] close(14) = -1 EBADF (Bad file descriptor) [pid 5768] close(15) = -1 EBADF (Bad file descriptor) [pid 5768] close(16) = -1 EBADF (Bad file descriptor) [pid 5768] close(17) = -1 EBADF (Bad file descriptor) [pid 5768] close(18) = -1 EBADF (Bad file descriptor) [pid 5768] close(19) = -1 EBADF (Bad file descriptor) [pid 5768] close(20) = -1 EBADF (Bad file descriptor) [pid 5768] close(21) = -1 EBADF (Bad file descriptor) [pid 5768] close(22) = -1 EBADF (Bad file descriptor) [pid 5768] close(23) = -1 EBADF (Bad file descriptor) [pid 5768] close(24) = -1 EBADF (Bad file descriptor) [pid 5768] close(25) = -1 EBADF (Bad file descriptor) [pid 5768] close(26) = -1 EBADF (Bad file descriptor) [pid 5768] close(27) = -1 EBADF (Bad file descriptor) [pid 5768] close(28) = -1 EBADF (Bad file descriptor) [pid 5768] close(29) = -1 EBADF (Bad file descriptor) [pid 5768] exit_group(0) = ? [ 198.828276][ T5769] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 198.836286][ T5769] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002d [ 198.844297][ T5769] [ 198.850247][ T5769] memory: usage 8kB, limit 0kB, failcnt 55 [ 198.865545][ T5769] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.877268][ T5769] Memory cgroup stats for /syz1: [pid 5768] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./51/binderfs") = 0 [pid 5075] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.877482][ T5769] anon 0 [ 198.877482][ T5769] file 0 [ 198.877482][ T5769] kernel 8192 [ 198.877482][ T5769] kernel_stack 0 [ 198.877482][ T5769] pagetables 0 [ 198.877482][ T5769] sec_pagetables 0 [ 198.877482][ T5769] percpu 0 [ 198.877482][ T5769] sock 0 [ 198.877482][ T5769] vmalloc 0 [ 198.877482][ T5769] shmem 0 [ 198.877482][ T5769] zswap 0 [ 198.877482][ T5769] zswapped 0 [ 198.877482][ T5769] file_mapped 0 [ 198.877482][ T5769] file_dirty 0 [ 198.877482][ T5769] file_writeback 0 [ 198.877482][ T5769] swapcached 0 [pid 5075] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./51/cgroup") = 0 [pid 5075] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./51/cgroup.net") = 0 [pid 5075] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.877482][ T5769] anon_thp 0 [ 198.877482][ T5769] file_thp 0 [ 198.877482][ T5769] shmem_thp 0 [ 198.877482][ T5769] inactive_anon 0 [ 198.877482][ T5769] active_anon 0 [ 198.877482][ T5769] inactive_file 0 [ 198.877482][ T5769] active_file 0 [ 198.877482][ T5769] unevictable 0 [ 198.877482][ T5769] slab_reclaimable 6752 [ 198.877482][ T5769] slab_unreclaimable 0 [ 198.877482][ T5769] slab 6752 [ 198.877482][ T5769] workingset_refault_anon 0 [pid 5075] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./51/file0") = 0 [pid 5075] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./51/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./51") = 0 [pid 5769] <... write resumed>) = 18 [pid 5075] mkdir("./52", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 54 [ 198.980717][ T5769] Tasks state (memory values in pages): [ 198.986330][ T5769] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 198.997437][ T5769] Out of memory and no killable processes... [ 199.003522][ T5770] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 199.016099][ T5770] CPU: 1 PID: 5770 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5769] close(3) = 0 [pid 5769] close(4) = 0 [pid 5769] close(5) = 0 [pid 5769] close(6) = 0 [pid 5769] close(7) = -1 EBADF (Bad file descriptor) [pid 5769] close(8) = -1 EBADF (Bad file descriptor) [pid 5769] close(9) = -1 EBADF (Bad file descriptor) [pid 5769] close(10) = -1 EBADF (Bad file descriptor) [pid 5769] close(11) = -1 EBADF (Bad file descriptor) [pid 5769] close(12) = -1 EBADF (Bad file descriptor) [pid 5769] close(13) = -1 EBADF (Bad file descriptor) [pid 5769] close(14) = -1 EBADF (Bad file descriptor) [pid 5769] close(15) = -1 EBADF (Bad file descriptor) [pid 5769] close(16) = -1 EBADF (Bad file descriptor) [pid 5769] close(17) = -1 EBADF (Bad file descriptor) [pid 5769] close(18) = -1 EBADF (Bad file descriptor) [pid 5769] close(19) = -1 EBADF (Bad file descriptor) [ 199.026584][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 199.036687][ T5770] Call Trace: [ 199.040007][ T5770] [ 199.042984][ T5770] dump_stack_lvl+0x1e7/0x2d0 [ 199.047730][ T5770] ? nf_tcp_handle_invalid+0x640/0x640 [ 199.053247][ T5770] ? panic+0x770/0x770 [ 199.057390][ T5770] dump_header+0xdc/0x940 [ 199.061778][ T5770] out_of_memory+0xf21/0x12c0 [ 199.066517][ T5770] ? mutex_lock_io_nested+0x60/0x60 [ 199.071780][ T5770] ? mark_lock+0x9a/0x340 [ 199.076159][ T5770] ? unregister_oom_notifier+0x20/0x20 [ 199.081674][ T5770] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 199.087723][ T5770] mem_cgroup_out_of_memory+0x263/0x3b0 [ 199.093336][ T5770] ? mem_cgroup_oom_trylock+0x210/0x210 [ 199.098962][ T5770] ? cgroup_file_notify+0x127/0x190 [ 199.104235][ T5770] memory_max_write+0x355/0x470 [ 199.109154][ T5770] ? memory_max_show+0xa0/0xa0 [ 199.113992][ T5770] ? read_lock_is_recursive+0x20/0x20 [ 199.119448][ T5770] ? memory_max_show+0xa0/0xa0 [ 199.124257][ T5770] cgroup_file_write+0x2b1/0x780 [ 199.129246][ T5770] ? cgroup_seqfile_stop+0xd0/0xd0 [ 199.134402][ T5770] ? __virt_addr_valid+0x22f/0x2e0 [ 199.139586][ T5770] ? cgroup_seqfile_stop+0xd0/0xd0 [ 199.144746][ T5770] kernfs_fop_write_iter+0x3a6/0x4f0 [ 199.150098][ T5770] vfs_write+0x7b2/0xbb0 [ 199.154410][ T5770] ? file_end_write+0x240/0x240 [ 199.159324][ T5770] ? do_raw_spin_unlock+0x13b/0x8b0 [ 199.164580][ T5770] ? lockdep_hardirqs_on+0x98/0x140 [ 199.169839][ T5770] ? __fdget_pos+0x265/0x2f0 [ 199.174482][ T5770] ksys_write+0x1a0/0x2c0 [ 199.178909][ T5770] ? __ia32_sys_read+0x90/0x90 [ 199.183731][ T5770] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 199.189776][ T5770] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 199.195838][ T5770] do_syscall_64+0x41/0xc0 [ 199.200296][ T5770] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 199.206228][ T5770] RIP: 0033:0x7fd49ce20129 [ 199.210696][ T5770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5769] close(20) = -1 EBADF (Bad file descriptor) [pid 5769] close(21) = -1 EBADF (Bad file descriptor) [pid 5769] close(22) = -1 EBADF (Bad file descriptor) [pid 5769] close(23) = -1 EBADF (Bad file descriptor) [pid 5769] close(24) = -1 EBADF (Bad file descriptor) [pid 5769] close(25) = -1 EBADF (Bad file descriptor) [pid 5769] close(26) = -1 EBADF (Bad file descriptor) [pid 5769] close(27) = -1 EBADF (Bad file descriptor) [pid 5769] close(28) = -1 EBADF (Bad file descriptor) [pid 5769] close(29) = -1 EBADF (Bad file descriptor) [pid 5769] exit_group(0) = ? [pid 5769] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./45/binderfs") = 0 [pid 5070] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./45/cgroup") = 0 [pid 5070] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./45/cgroup.net") = 0 [pid 5070] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5773 attached [pid 5773] chdir("./52") = 0 [pid 5773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5773] setpgid(0, 0) = 0 [pid 5773] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5773] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5773] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5773] write(3, "1000", 4) = 4 [pid 5773] close(3) = 0 [pid 5773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5773] mkdir("./file0", 000) = 0 [pid 5773] open("./file0", O_RDONLY) = 3 [pid 5773] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5773] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5773] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5773] openat(5, "memory.max", O_RDWR) = 6 [pid 5773] write(6, "0x000000000000040e", 18 [pid 5070] <... umount2 resumed>) = 0 [pid 5070] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 199.230371][ T5770] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.238827][ T5770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 199.246846][ T5770] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 199.254860][ T5770] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 199.262864][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 199.270869][ T5770] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000035 [ 199.279004][ T5770] [pid 5070] close(4) = 0 [pid 5070] rmdir("./45/file0") = 0 [pid 5070] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./45/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./45") = 0 [pid 5070] mkdir("./46", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached [pid 5774] chdir("./46" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 48 [pid 5774] <... chdir resumed>) = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5774] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5774] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] mkdir("./file0", 000) = 0 [pid 5774] open("./file0", O_RDONLY) = 3 [pid 5774] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5774] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5774] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5774] openat(5, "memory.max", O_RDWR) = 6 [ 199.417867][ T5770] memory: usage 8kB, limit 0kB, failcnt 55 [ 199.425834][ T5770] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 199.451152][ T5770] Memory cgroup stats for /syz1: [ 199.451321][ T5770] anon 0 [ 199.451321][ T5770] file 0 [ 199.451321][ T5770] kernel 8192 [ 199.451321][ T5770] kernel_stack 0 [ 199.451321][ T5770] pagetables 0 [ 199.451321][ T5770] sec_pagetables 0 [ 199.451321][ T5770] percpu 0 [ 199.451321][ T5770] sock 0 [ 199.451321][ T5770] vmalloc 0 [ 199.451321][ T5770] shmem 0 [ 199.451321][ T5770] zswap 0 [ 199.451321][ T5770] zswapped 0 [ 199.451321][ T5770] file_mapped 0 [ 199.451321][ T5770] file_dirty 0 [ 199.451321][ T5770] file_writeback 0 [ 199.451321][ T5770] swapcached 0 [ 199.451321][ T5770] anon_thp 0 [ 199.451321][ T5770] file_thp 0 [ 199.451321][ T5770] shmem_thp 0 [ 199.451321][ T5770] inactive_anon 0 [ 199.451321][ T5770] active_anon 0 [ 199.451321][ T5770] inactive_file 0 [ 199.451321][ T5770] active_file 0 [ 199.451321][ T5770] unevictable 0 [ 199.451321][ T5770] slab_reclaimable 6752 [ 199.451321][ T5770] slab_unreclaimable 0 [ 199.451321][ T5770] slab 6752 [ 199.451321][ T5770] workingset_refault_anon 0 [ 199.552928][ T5770] Tasks state (memory values in pages): [ 199.559017][ T5770] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5774] write(6, "0x000000000000040e", 18 [pid 5770] <... write resumed>) = 18 [pid 5770] close(3) = 0 [pid 5770] close(4) = 0 [pid 5770] close(5) = 0 [pid 5770] close(6) = 0 [pid 5770] close(7) = -1 EBADF (Bad file descriptor) [pid 5770] close(8) = -1 EBADF (Bad file descriptor) [pid 5770] close(9) = -1 EBADF (Bad file descriptor) [pid 5770] close(10) = -1 EBADF (Bad file descriptor) [pid 5770] close(11) = -1 EBADF (Bad file descriptor) [pid 5770] close(12) = -1 EBADF (Bad file descriptor) [pid 5770] close(13) = -1 EBADF (Bad file descriptor) [ 199.568971][ T5770] Out of memory and no killable processes... [ 199.575176][ T5771] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 199.606909][ T5771] CPU: 0 PID: 5771 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 199.617395][ T5771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 199.627485][ T5771] Call Trace: [ 199.630799][ T5771] [ 199.633760][ T5771] dump_stack_lvl+0x1e7/0x2d0 [ 199.638492][ T5771] ? nf_tcp_handle_invalid+0x640/0x640 [ 199.644000][ T5771] ? panic+0x770/0x770 [ 199.648134][ T5771] dump_header+0xdc/0x940 [ 199.652514][ T5771] out_of_memory+0xf21/0x12c0 [ 199.657246][ T5771] ? mutex_lock_io_nested+0x60/0x60 [ 199.662516][ T5771] ? mark_lock+0x9a/0x340 [ 199.666898][ T5771] ? unregister_oom_notifier+0x20/0x20 [ 199.672409][ T5771] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 199.678461][ T5771] mem_cgroup_out_of_memory+0x263/0x3b0 [ 199.684075][ T5771] ? mem_cgroup_oom_trylock+0x210/0x210 [ 199.689689][ T5771] ? cgroup_file_notify+0x127/0x190 [ 199.694942][ T5771] memory_max_write+0x355/0x470 [ 199.699851][ T5771] ? memory_max_show+0xa0/0xa0 [ 199.704662][ T5771] ? read_lock_is_recursive+0x20/0x20 [ 199.710093][ T5771] ? memory_max_show+0xa0/0xa0 [ 199.714908][ T5771] cgroup_file_write+0x2b1/0x780 [ 199.719896][ T5771] ? cgroup_seqfile_stop+0xd0/0xd0 [ 199.725062][ T5771] ? __virt_addr_valid+0x22f/0x2e0 [ 199.730250][ T5771] ? cgroup_seqfile_stop+0xd0/0xd0 [ 199.735411][ T5771] kernfs_fop_write_iter+0x3a6/0x4f0 [ 199.740758][ T5771] vfs_write+0x7b2/0xbb0 [ 199.745061][ T5771] ? file_end_write+0x240/0x240 [ 199.749963][ T5771] ? do_raw_spin_unlock+0x13b/0x8b0 [ 199.755210][ T5771] ? lockdep_hardirqs_on+0x98/0x140 [ 199.760463][ T5771] ? __fdget_pos+0x265/0x2f0 [ 199.765107][ T5771] ksys_write+0x1a0/0x2c0 [ 199.769488][ T5771] ? __ia32_sys_read+0x90/0x90 [ 199.774317][ T5771] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 199.780443][ T5771] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 199.786483][ T5771] do_syscall_64+0x41/0xc0 [ 199.790948][ T5771] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 199.796893][ T5771] RIP: 0033:0x7fd49ce20129 [ 199.801349][ T5771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 199.820994][ T5771] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.829457][ T5771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 199.837469][ T5771] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 199.845478][ T5771] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 199.853522][ T5771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 199.861544][ T5771] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000031 [pid 5770] close(14) = -1 EBADF (Bad file descriptor) [pid 5770] close(15) = -1 EBADF (Bad file descriptor) [pid 5770] close(16) = -1 EBADF (Bad file descriptor) [pid 5770] close(17) = -1 EBADF (Bad file descriptor) [pid 5770] close(18) = -1 EBADF (Bad file descriptor) [ 199.869586][ T5771] [ 199.882770][ T5771] memory: usage 8kB, limit 0kB, failcnt 55 [ 199.888985][ T5771] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 199.895999][ T5771] Memory cgroup stats for /syz1: [ 199.896155][ T5771] anon 0 [ 199.896155][ T5771] file 0 [ 199.896155][ T5771] kernel 8192 [ 199.896155][ T5771] kernel_stack 0 [ 199.896155][ T5771] pagetables 0 [ 199.896155][ T5771] sec_pagetables 0 [ 199.896155][ T5771] percpu 0 [ 199.896155][ T5771] sock 0 [ 199.896155][ T5771] vmalloc 0 [ 199.896155][ T5771] shmem 0 [ 199.896155][ T5771] zswap 0 [ 199.896155][ T5771] zswapped 0 [ 199.896155][ T5771] file_mapped 0 [ 199.896155][ T5771] file_dirty 0 [ 199.896155][ T5771] file_writeback 0 [ 199.896155][ T5771] swapcached 0 [ 199.896155][ T5771] anon_thp 0 [ 199.896155][ T5771] file_thp 0 [ 199.896155][ T5771] shmem_thp 0 [ 199.896155][ T5771] inactive_anon 0 [ 199.896155][ T5771] active_anon 0 [ 199.896155][ T5771] inactive_file 0 [pid 5770] close(19) = -1 EBADF (Bad file descriptor) [pid 5770] close(20) = -1 EBADF (Bad file descriptor) [pid 5770] close(21) = -1 EBADF (Bad file descriptor) [pid 5770] close(22) = -1 EBADF (Bad file descriptor) [ 199.896155][ T5771] active_file 0 [ 199.896155][ T5771] unevictable 0 [ 199.896155][ T5771] slab_reclaimable 6752 [ 199.896155][ T5771] slab_unreclaimable 0 [ 199.896155][ T5771] slab 6752 [ 199.896155][ T5771] workingset_refault_anon 0 [ 200.005454][ T5771] Tasks state (memory values in pages): [pid 5770] close(23) = -1 EBADF (Bad file descriptor) [pid 5770] close(24 [pid 5771] <... write resumed>) = 18 [pid 5770] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] close(3 [pid 5770] close(25 [pid 5771] <... close resumed>) = 0 [pid 5770] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 200.014018][ T5771] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 200.029901][ T5771] Out of memory and no killable processes... [ 200.037087][ T5772] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 200.048314][ T5772] CPU: 0 PID: 5772 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 200.058875][ T5772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5771] close(4 [pid 5770] close(26) = -1 EBADF (Bad file descriptor) [pid 5770] close(27) = -1 EBADF (Bad file descriptor) [pid 5770] close(28) = -1 EBADF (Bad file descriptor) [pid 5770] close(29) = -1 EBADF (Bad file descriptor) [pid 5770] exit_group(0) = ? [pid 5770] +++ exited with 0 +++ [ 200.068972][ T5772] Call Trace: [ 200.072282][ T5772] [ 200.075243][ T5772] dump_stack_lvl+0x1e7/0x2d0 [ 200.079976][ T5772] ? nf_tcp_handle_invalid+0x640/0x640 [ 200.085480][ T5772] ? panic+0x770/0x770 [ 200.089633][ T5772] dump_header+0xdc/0x940 [ 200.094040][ T5772] out_of_memory+0xf21/0x12c0 [ 200.098773][ T5772] ? mutex_lock_io_nested+0x60/0x60 [ 200.104023][ T5772] ? preempt_schedule+0xdd/0xf0 [ 200.108915][ T5772] ? unregister_oom_notifier+0x20/0x20 [ 200.114429][ T5772] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 200.120470][ T5772] mem_cgroup_out_of_memory+0x263/0x3b0 [ 200.126099][ T5772] ? preempt_schedule_thunk+0x1a/0x20 [ 200.131528][ T5772] ? mem_cgroup_oom_trylock+0x210/0x210 [ 200.137146][ T5772] ? cgroup_file_notify+0x127/0x190 [ 200.142409][ T5772] memory_max_write+0x355/0x470 [ 200.147332][ T5772] ? memory_max_show+0xa0/0xa0 [ 200.152146][ T5772] ? read_lock_is_recursive+0x20/0x20 [ 200.157577][ T5772] ? memory_max_show+0xa0/0xa0 [ 200.162384][ T5772] cgroup_file_write+0x2b1/0x780 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./53/binderfs") = 0 [pid 5074] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./53/cgroup") = 0 [pid 5074] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./53/cgroup.net") = 0 [ 200.167370][ T5772] ? cgroup_seqfile_stop+0xd0/0xd0 [ 200.172520][ T5772] ? __virt_addr_valid+0x22f/0x2e0 [ 200.177704][ T5772] ? cgroup_seqfile_stop+0xd0/0xd0 [ 200.182865][ T5772] kernfs_fop_write_iter+0x3a6/0x4f0 [ 200.188209][ T5772] vfs_write+0x7b2/0xbb0 [ 200.192504][ T5772] ? file_end_write+0x240/0x240 [ 200.197404][ T5772] ? do_raw_spin_unlock+0x13b/0x8b0 [ 200.202660][ T5772] ? lockdep_hardirqs_on+0x98/0x140 [ 200.207926][ T5772] ? __fdget_pos+0x265/0x2f0 [ 200.212587][ T5772] ksys_write+0x1a0/0x2c0 [ 200.216987][ T5772] ? __ia32_sys_read+0x90/0x90 [ 200.221826][ T5772] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 200.227871][ T5772] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 200.233913][ T5772] do_syscall_64+0x41/0xc0 [ 200.238410][ T5772] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 200.244362][ T5772] RIP: 0033:0x7fd49ce20129 [ 200.248821][ T5772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5771] <... close resumed>) = 0 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5771] close(5 [pid 5074] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.268467][ T5772] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.276925][ T5772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 200.284934][ T5772] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 200.292950][ T5772] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 200.300965][ T5772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 200.308978][ T5772] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002e [ 200.317029][ T5772] [pid 5074] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5771] <... close resumed>) = 0 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./53/file0") = 0 [pid 5074] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./53/cgroup.cpu") = 0 [ 200.334914][ T5772] memory: usage 8kB, limit 0kB, failcnt 55 [ 200.340941][ T5772] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 200.348049][ T5772] Memory cgroup stats for /syz1: [ 200.348723][ T5772] anon 0 [ 200.348723][ T5772] file 0 [ 200.348723][ T5772] kernel 8192 [ 200.348723][ T5772] kernel_stack 0 [ 200.348723][ T5772] pagetables 0 [ 200.348723][ T5772] sec_pagetables 0 [ 200.348723][ T5772] percpu 0 [ 200.348723][ T5772] sock 0 [ 200.348723][ T5772] vmalloc 0 [ 200.348723][ T5772] shmem 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./53") = 0 [pid 5074] mkdir("./54", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 56 [ 200.348723][ T5772] zswap 0 [ 200.348723][ T5772] zswapped 0 [ 200.348723][ T5772] file_mapped 0 [ 200.348723][ T5772] file_dirty 0 [ 200.348723][ T5772] file_writeback 0 [ 200.348723][ T5772] swapcached 0 [ 200.348723][ T5772] anon_thp 0 [ 200.348723][ T5772] file_thp 0 [ 200.348723][ T5772] shmem_thp 0 [ 200.348723][ T5772] inactive_anon 0 [ 200.348723][ T5772] active_anon 0 [ 200.348723][ T5772] inactive_file 0 [ 200.348723][ T5772] active_file 0 [ 200.348723][ T5772] unevictable 0 [ 200.348723][ T5772] slab_reclaimable 6752 ./strace-static-x86_64: Process 5775 attached [pid 5771] close(6 [pid 5775] chdir("./54" [pid 5771] <... close resumed>) = 0 [pid 5775] <... chdir resumed>) = 0 [pid 5771] close(7 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] <... write resumed>) = 18 [ 200.348723][ T5772] slab_unreclaimable 0 [ 200.348723][ T5772] slab 6752 [ 200.348723][ T5772] workingset_refault_anon 0 [ 200.447931][ T5772] Tasks state (memory values in pages): [ 200.453536][ T5772] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 200.463142][ T5772] Out of memory and no killable processes... [ 200.470887][ T5773] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 200.481693][ T5773] CPU: 0 PID: 5773 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 200.492160][ T5773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 200.502254][ T5773] Call Trace: [ 200.505566][ T5773] [ 200.508531][ T5773] dump_stack_lvl+0x1e7/0x2d0 [ 200.513269][ T5773] ? nf_tcp_handle_invalid+0x640/0x640 [ 200.518770][ T5773] ? panic+0x770/0x770 [ 200.522897][ T5773] dump_header+0xdc/0x940 [ 200.527285][ T5773] out_of_memory+0xf21/0x12c0 [ 200.532018][ T5773] ? mutex_lock_io_nested+0x60/0x60 [ 200.537272][ T5773] ? mark_lock+0x9a/0x340 [ 200.541646][ T5773] ? unregister_oom_notifier+0x20/0x20 [ 200.547150][ T5773] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 200.553200][ T5773] mem_cgroup_out_of_memory+0x263/0x3b0 [ 200.558812][ T5773] ? mem_cgroup_oom_trylock+0x210/0x210 [ 200.564437][ T5773] ? cgroup_file_notify+0x127/0x190 [ 200.569697][ T5773] memory_max_write+0x355/0x470 [ 200.574602][ T5773] ? memory_max_show+0xa0/0xa0 [ 200.579414][ T5773] ? read_lock_is_recursive+0x20/0x20 [ 200.584836][ T5773] ? memory_max_show+0xa0/0xa0 [ 200.589636][ T5773] cgroup_file_write+0x2b1/0x780 [ 200.594594][ T5773] ? cgroup_seqfile_stop+0xd0/0xd0 [ 200.599720][ T5773] ? __virt_addr_valid+0x22f/0x2e0 [ 200.604858][ T5773] ? cgroup_seqfile_stop+0xd0/0xd0 [ 200.609987][ T5773] kernfs_fop_write_iter+0x3a6/0x4f0 [ 200.615294][ T5773] vfs_write+0x7b2/0xbb0 [ 200.619562][ T5773] ? file_end_write+0x240/0x240 [ 200.624434][ T5773] ? do_raw_spin_unlock+0x13b/0x8b0 [ 200.629653][ T5773] ? lockdep_hardirqs_on+0x98/0x140 [ 200.634874][ T5773] ? __fdget_pos+0x265/0x2f0 [ 200.639507][ T5773] ksys_write+0x1a0/0x2c0 [ 200.643858][ T5773] ? __ia32_sys_read+0x90/0x90 [ 200.648636][ T5773] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 200.654637][ T5773] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 200.660641][ T5773] do_syscall_64+0x41/0xc0 [ 200.665093][ T5773] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 200.671009][ T5773] RIP: 0033:0x7fd49ce20129 [ 200.675448][ T5773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 200.695065][ T5773] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.703508][ T5773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 200.711489][ T5773] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 200.719470][ T5773] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 200.727466][ T5773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5775] <... prctl resumed>) = 0 [pid 5772] close(3 [pid 5771] close(8 [pid 5775] setpgid(0, 0 [pid 5772] <... close resumed>) = 0 [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... setpgid resumed>) = 0 [pid 5772] close(4 [pid 5771] close(9 [pid 5775] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5772] <... close resumed>) = 0 [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... symlink resumed>) = 0 [pid 5772] close(5 [pid 5771] close(10 [pid 5775] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5772] <... close resumed>) = 0 [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... symlink resumed>) = 0 [pid 5772] close(6 [pid 5771] close(11 [pid 5775] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5772] <... close resumed>) = 0 [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... symlink resumed>) = 0 [pid 5772] close(7 [pid 5771] close(12 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... openat resumed>) = 3 [pid 5772] close(8 [pid 5771] close(13 [pid 5775] write(3, "1000", 4 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... write resumed>) = 4 [pid 5772] close(9 [pid 5771] close(14 [pid 5775] close(3 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... close resumed>) = 0 [pid 5772] close(10 [pid 5771] close(15 [pid 5775] symlink("/dev/binderfs", "./binderfs" [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... symlink resumed>) = 0 [pid 5772] close(11 [pid 5771] close(16 [pid 5775] mkdir("./file0", 000 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] <... mkdir resumed>) = 0 [pid 5772] close(12 [pid 5771] close(17 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(13 [pid 5771] close(18 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(14 [pid 5771] close(19 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(15 [pid 5771] close(20 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] open("./file0", O_RDONLY [pid 5772] close(16 [pid 5771] close(21 [pid 5775] <... open resumed>) = 3 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5772] close(17 [pid 5771] close(22 [pid 5775] <... mount resumed>) = 0 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5772] close(18 [pid 5771] close(23 [pid 5775] <... openat resumed>) = 4 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] openat(4, "syz1", O_RDWR|O_PATH [pid 5772] close(19 [pid 5771] close(24 [pid 5775] <... openat resumed>) = 5 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] openat(5, "memory.max", O_RDWR [pid 5772] close(20 [pid 5771] close(25 [pid 5775] <... openat resumed>) = 6 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5775] write(6, "0x000000000000040e", 18 [ 200.735458][ T5773] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000034 [ 200.743478][ T5773] [pid 5772] close(21 [pid 5771] close(26 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(22 [pid 5771] close(27 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(23 [pid 5771] close(28 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(24 [pid 5771] close(29 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(25 [pid 5771] exit_group(0 [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5771] <... exit_group resumed>) = ? [pid 5772] close(26 [pid 5771] +++ exited with 0 +++ [pid 5772] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5772] close(27) = -1 EBADF (Bad file descriptor) [pid 5772] close(28) = -1 EBADF (Bad file descriptor) [pid 5772] close(29) = -1 EBADF (Bad file descriptor) [pid 5772] exit_group(0) = ? [pid 5772] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5073] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] <... openat resumed>) = 3 [pid 5073] fstat(3, [pid 5072] <... openat resumed>) = 3 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] fstat(3, [pid 5073] getdents64(3, [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [ 200.820416][ T5773] memory: usage 8kB, limit 0kB, failcnt 55 [ 200.828197][ T5773] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 200.835681][ T5773] Memory cgroup stats for /syz1: [ 200.838368][ T5773] anon 0 [ 200.838368][ T5773] file 0 [ 200.838368][ T5773] kernel 8192 [ 200.838368][ T5773] kernel_stack 0 [ 200.838368][ T5773] pagetables 0 [ 200.838368][ T5773] sec_pagetables 0 [ 200.838368][ T5773] percpu 0 [ 200.838368][ T5773] sock 0 [ 200.838368][ T5773] vmalloc 0 [ 200.838368][ T5773] shmem 0 [ 200.838368][ T5773] zswap 0 [ 200.838368][ T5773] zswapped 0 [ 200.838368][ T5773] file_mapped 0 [ 200.838368][ T5773] file_dirty 0 [ 200.838368][ T5773] file_writeback 0 [ 200.838368][ T5773] swapcached 0 [ 200.838368][ T5773] anon_thp 0 [ 200.838368][ T5773] file_thp 0 [ 200.838368][ T5773] shmem_thp 0 [ 200.838368][ T5773] inactive_anon 0 [ 200.838368][ T5773] active_anon 0 [ 200.838368][ T5773] inactive_file 0 [ 200.838368][ T5773] active_file 0 [ 200.838368][ T5773] unevictable 0 [pid 5072] getdents64(3, [pid 5073] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./49/binderfs") = 0 [pid 5073] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./49/cgroup") = 0 [pid 5073] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./49/cgroup.net") = 0 [pid 5073] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./46/binderfs", [pid 5073] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] <... close resumed>) = 0 [pid 5073] rmdir("./49/file0") = 0 [pid 5073] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./49/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 200.838368][ T5773] slab_reclaimable 6752 [ 200.838368][ T5773] slab_unreclaimable 0 [ 200.838368][ T5773] slab 6752 [ 200.838368][ T5773] workingset_refault_anon 0 [ 200.938129][ T5773] Tasks state (memory values in pages): [ 200.944728][ T5773] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 200.957003][ T5773] Out of memory and no killable processes... [pid 5073] close(3) = 0 [pid 5073] rmdir("./49") = 0 [pid 5073] mkdir("./50", 0777) = 0 [pid 5773] <... write resumed>) = 18 [pid 5072] unlink("./46/binderfs" [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 52 [pid 5773] close(3) = 0 [pid 5773] close(4) = 0 [pid 5773] close(5) = 0 [pid 5773] close(6) = 0 [pid 5773] close(7) = -1 EBADF (Bad file descriptor) [pid 5773] close(8) = -1 EBADF (Bad file descriptor) [pid 5773] close(9) = -1 EBADF (Bad file descriptor) [ 200.963876][ T5774] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 200.975247][ T5774] CPU: 1 PID: 5774 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 200.985733][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 200.995834][ T5774] Call Trace: [ 200.999163][ T5774] [ 201.002136][ T5774] dump_stack_lvl+0x1e7/0x2d0 [ 201.006879][ T5774] ? nf_tcp_handle_invalid+0x640/0x640 [ 201.012403][ T5774] ? panic+0x770/0x770 [ 201.016542][ T5774] dump_header+0xdc/0x940 [pid 5773] close(10) = -1 EBADF (Bad file descriptor) [pid 5773] close(11) = -1 EBADF (Bad file descriptor) [pid 5773] close(12) = -1 EBADF (Bad file descriptor) [pid 5773] close(13) = -1 EBADF (Bad file descriptor) [pid 5773] close(14) = -1 EBADF (Bad file descriptor) [pid 5773] close(15) = -1 EBADF (Bad file descriptor) [pid 5773] close(16) = -1 EBADF (Bad file descriptor) [pid 5773] close(17) = -1 EBADF (Bad file descriptor) [pid 5773] close(18) = -1 EBADF (Bad file descriptor) [ 201.020940][ T5774] out_of_memory+0xf21/0x12c0 [ 201.025678][ T5774] ? mutex_lock_io_nested+0x60/0x60 [ 201.030945][ T5774] ? preempt_schedule+0xdd/0xf0 [ 201.035846][ T5774] ? unregister_oom_notifier+0x20/0x20 [ 201.041364][ T5774] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 201.047423][ T5774] mem_cgroup_out_of_memory+0x263/0x3b0 [ 201.053029][ T5774] ? preempt_schedule_thunk+0x1a/0x20 [ 201.058460][ T5774] ? mem_cgroup_oom_trylock+0x210/0x210 [ 201.064085][ T5774] ? cgroup_file_notify+0x127/0x190 [ 201.069346][ T5774] memory_max_write+0x355/0x470 [ 201.074263][ T5774] ? memory_max_show+0xa0/0xa0 [ 201.079082][ T5774] ? read_lock_is_recursive+0x20/0x20 [ 201.084514][ T5774] ? memory_max_show+0xa0/0xa0 [ 201.089302][ T5774] cgroup_file_write+0x2b1/0x780 [ 201.094261][ T5774] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.099407][ T5774] ? __virt_addr_valid+0x22f/0x2e0 [ 201.104590][ T5774] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.109732][ T5774] kernfs_fop_write_iter+0x3a6/0x4f0 [ 201.115057][ T5774] vfs_write+0x7b2/0xbb0 [ 201.119327][ T5774] ? file_end_write+0x240/0x240 [ 201.124200][ T5774] ? do_raw_spin_unlock+0x13b/0x8b0 [ 201.129428][ T5774] ? lockdep_hardirqs_on+0x98/0x140 [ 201.134670][ T5774] ? __fdget_pos+0x265/0x2f0 [ 201.139281][ T5774] ksys_write+0x1a0/0x2c0 [ 201.143630][ T5774] ? __ia32_sys_read+0x90/0x90 [ 201.148410][ T5774] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 201.154414][ T5774] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 201.160418][ T5774] do_syscall_64+0x41/0xc0 [ 201.164854][ T5774] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 201.170768][ T5774] RIP: 0033:0x7fd49ce20129 [ 201.175194][ T5774] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.194811][ T5774] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.203241][ T5774] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 201.211223][ T5774] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5773] close(19) = -1 EBADF (Bad file descriptor) [pid 5773] close(20) = -1 EBADF (Bad file descriptor) [pid 5773] close(21) = -1 EBADF (Bad file descriptor) [pid 5773] close(22) = -1 EBADF (Bad file descriptor) [pid 5773] close(23) = -1 EBADF (Bad file descriptor) [pid 5773] close(24) = -1 EBADF (Bad file descriptor) [pid 5773] close(25) = -1 EBADF (Bad file descriptor) [pid 5773] close(26) = -1 EBADF (Bad file descriptor) [pid 5773] close(27) = -1 EBADF (Bad file descriptor) [pid 5773] close(28) = -1 EBADF (Bad file descriptor) [pid 5773] close(29) = -1 EBADF (Bad file descriptor) [pid 5773] exit_group(0) = ? [pid 5773] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./52/binderfs") = 0 [pid 5075] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./52/cgroup") = 0 [pid 5075] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./52/cgroup.net") = 0 [pid 5075] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./46/cgroup") = 0 [pid 5072] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./46/cgroup.net") = 0 [pid 5072] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5776 attached [pid 5776] chdir("./50") = 0 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5776] setpgid(0, 0) = 0 [pid 5776] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5776] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5776] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5776] write(3, "1000", 4) = 4 [pid 5776] close(3) = 0 [pid 5776] symlink("/dev/binderfs", "./binderfs" [pid 5075] <... umount2 resumed>) = 0 [pid 5072] <... umount2 resumed>) = 0 [pid 5776] <... symlink resumed>) = 0 [pid 5075] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5776] mkdir("./file0", 000 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 201.219211][ T5774] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 201.227194][ T5774] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 201.235177][ T5774] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002e [ 201.243183][ T5774] [ 201.256332][ T5774] memory: usage 8kB, limit 0kB, failcnt 55 [ 201.263072][ T5774] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5776] <... mkdir resumed>) = 0 [pid 5776] open("./file0", O_RDONLY) = 3 [pid 5776] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5075] lstat("./52/file0", [pid 5072] lstat("./46/file0", [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5776] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5776] <... openat resumed>) = 4 [pid 5075] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5776] openat(4, "syz1", O_RDWR|O_PATH [pid 5075] <... openat resumed>) = 4 [pid 5072] <... openat resumed>) = 4 [pid 5776] <... openat resumed>) = 5 [pid 5075] fstat(4, [pid 5072] fstat(4, [pid 5776] openat(5, "memory.max", O_RDWR [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5776] <... openat resumed>) = 6 [pid 5075] getdents64(4, [pid 5072] getdents64(4, [pid 5776] write(6, "0x000000000000040e", 18 [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, [pid 5072] getdents64(4, [pid 5075] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4 [pid 5072] close(4 [pid 5075] <... close resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5075] rmdir("./52/file0" [pid 5072] rmdir("./46/file0" [pid 5075] <... rmdir resumed>) = 0 [pid 5072] <... rmdir resumed>) = 0 [pid 5075] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./52/cgroup.cpu", [pid 5072] lstat("./46/cgroup.cpu", [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./52/cgroup.cpu" [pid 5072] unlink("./46/cgroup.cpu" [pid 5075] <... unlink resumed>) = 0 [pid 5072] <... unlink resumed>) = 0 [pid 5075] getdents64(3, [pid 5072] getdents64(3, [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3 [pid 5072] close(3 [pid 5075] <... close resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5075] rmdir("./52" [pid 5072] rmdir("./46" [pid 5075] <... rmdir resumed>) = 0 [pid 5072] <... rmdir resumed>) = 0 [pid 5075] mkdir("./53", 0777 [ 201.270344][ T5774] Memory cgroup stats for /syz1: [ 201.270559][ T5774] anon 0 [ 201.270559][ T5774] file 0 [ 201.270559][ T5774] kernel 8192 [ 201.270559][ T5774] kernel_stack 0 [ 201.270559][ T5774] pagetables 0 [ 201.270559][ T5774] sec_pagetables 0 [ 201.270559][ T5774] percpu 0 [ 201.270559][ T5774] sock 0 [ 201.270559][ T5774] vmalloc 0 [ 201.270559][ T5774] shmem 0 [ 201.270559][ T5774] zswap 0 [ 201.270559][ T5774] zswapped 0 [ 201.270559][ T5774] file_mapped 0 [ 201.270559][ T5774] file_dirty 0 [ 201.270559][ T5774] file_writeback 0 [pid 5072] mkdir("./47", 0777 [pid 5075] <... mkdir resumed>) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5778 attached [pid 5778] chdir("./47" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 55 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 49 [pid 5778] <... chdir resumed>) = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5778] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5778] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4) = 4 [pid 5778] close(3) = 0 [pid 5778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5778] mkdir("./file0", 000) = 0 [pid 5778] open("./file0", O_RDONLY) = 3 [pid 5778] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5778] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5778] openat(4, "syz1", O_RDWR|O_PATH./strace-static-x86_64: Process 5777 attached ) = 5 [pid 5778] openat(5, "memory.max", O_RDWR) = 6 [pid 5778] write(6, "0x000000000000040e", 18 [ 201.270559][ T5774] swapcached 0 [ 201.270559][ T5774] anon_thp 0 [ 201.270559][ T5774] file_thp 0 [ 201.270559][ T5774] shmem_thp 0 [ 201.270559][ T5774] inactive_anon 0 [ 201.270559][ T5774] active_anon 0 [ 201.270559][ T5774] inactive_file 0 [ 201.270559][ T5774] active_file 0 [ 201.270559][ T5774] unevictable 0 [ 201.270559][ T5774] slab_reclaimable 6752 [ 201.270559][ T5774] slab_unreclaimable 0 [ 201.270559][ T5774] slab 6752 [ 201.270559][ T5774] workingset_refault_anon 0 [pid 5777] chdir("./53") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5777] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5777] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] <... write resumed>) = 18 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] close(3) = 0 [pid 5774] close(4) = 0 [pid 5774] close(5) = 0 [pid 5774] close(6) = 0 [pid 5774] close(7 [pid 5777] mkdir("./file0", 000 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5774] close(8) = -1 EBADF (Bad file descriptor) [pid 5774] close(9 [pid 5777] <... mkdir resumed>) = 0 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5774] close(10) = -1 EBADF (Bad file descriptor) [pid 5774] close(11) = -1 EBADF (Bad file descriptor) [pid 5774] close(12) = -1 EBADF (Bad file descriptor) [pid 5774] close(13) = -1 EBADF (Bad file descriptor) [pid 5774] close(14) = -1 EBADF (Bad file descriptor) [pid 5774] close(15) = -1 EBADF (Bad file descriptor) [pid 5774] close(16) = -1 EBADF (Bad file descriptor) [pid 5774] close(17) = -1 EBADF (Bad file descriptor) [pid 5777] open("./file0", O_RDONLY [pid 5774] close(18 [pid 5777] <... open resumed>) = 3 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5774] close(19) = -1 EBADF (Bad file descriptor) [pid 5774] close(20) = -1 EBADF (Bad file descriptor) [pid 5777] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5774] close(21 [pid 5777] <... mount resumed>) = 0 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5777] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5774] close(22 [pid 5777] <... openat resumed>) = 4 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5777] openat(4, "syz1", O_RDWR|O_PATH [pid 5774] close(23 [pid 5777] <... openat resumed>) = 5 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5777] openat(5, "memory.max", O_RDWR [pid 5774] close(24 [pid 5777] <... openat resumed>) = 6 [pid 5774] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5777] write(6, "0x000000000000040e", 18 [pid 5774] close(25) = -1 EBADF (Bad file descriptor) [pid 5774] close(26) = -1 EBADF (Bad file descriptor) [pid 5774] close(27) = -1 EBADF (Bad file descriptor) [pid 5774] close(28) = -1 EBADF (Bad file descriptor) [ 201.377720][ T5774] Tasks state (memory values in pages): [ 201.383591][ T5774] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 201.397662][ T5774] Out of memory and no killable processes... [ 201.404045][ T5775] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5774] close(29) = -1 EBADF (Bad file descriptor) [pid 5774] exit_group(0) = ? [pid 5774] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./46/binderfs") = 0 [pid 5070] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./46/cgroup") = 0 [pid 5070] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./46/cgroup.net") = 0 [ 201.435734][ T5775] CPU: 0 PID: 5775 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 201.446233][ T5775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 201.456334][ T5775] Call Trace: [ 201.459655][ T5775] [ 201.462625][ T5775] dump_stack_lvl+0x1e7/0x2d0 [ 201.467365][ T5775] ? nf_tcp_handle_invalid+0x640/0x640 [ 201.472892][ T5775] ? panic+0x770/0x770 [ 201.477037][ T5775] dump_header+0xdc/0x940 [ 201.481434][ T5775] out_of_memory+0xf21/0x12c0 [ 201.486189][ T5775] ? mutex_lock_io_nested+0x60/0x60 [ 201.491470][ T5775] ? preempt_schedule+0xdd/0xf0 [ 201.496387][ T5775] ? unregister_oom_notifier+0x20/0x20 [ 201.501905][ T5775] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 201.507939][ T5775] mem_cgroup_out_of_memory+0x263/0x3b0 [ 201.513513][ T5775] ? preempt_schedule_thunk+0x1a/0x20 [ 201.518943][ T5775] ? mem_cgroup_oom_trylock+0x210/0x210 [ 201.524556][ T5775] ? cgroup_file_notify+0x127/0x190 [ 201.529801][ T5775] memory_max_write+0x355/0x470 [ 201.534716][ T5775] ? memory_max_show+0xa0/0xa0 [ 201.539535][ T5775] ? read_lock_is_recursive+0x20/0x20 [ 201.544956][ T5775] ? memory_max_show+0xa0/0xa0 [ 201.549749][ T5775] cgroup_file_write+0x2b1/0x780 [ 201.554730][ T5775] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.559860][ T5775] ? __virt_addr_valid+0x22f/0x2e0 [ 201.564999][ T5775] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.570135][ T5775] kernfs_fop_write_iter+0x3a6/0x4f0 [ 201.575462][ T5775] vfs_write+0x7b2/0xbb0 [ 201.579747][ T5775] ? file_end_write+0x240/0x240 [ 201.584657][ T5775] ? do_raw_spin_unlock+0x13b/0x8b0 [ 201.589912][ T5775] ? lockdep_hardirqs_on+0x98/0x140 [ 201.595169][ T5775] ? __fdget_pos+0x265/0x2f0 [ 201.599792][ T5775] ksys_write+0x1a0/0x2c0 [ 201.604174][ T5775] ? __ia32_sys_read+0x90/0x90 [ 201.608988][ T5775] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 201.615024][ T5775] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 201.621036][ T5775] do_syscall_64+0x41/0xc0 [ 201.625484][ T5775] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 201.631410][ T5775] RIP: 0033:0x7fd49ce20129 [ 201.635874][ T5775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.655508][ T5775] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.663979][ T5775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 201.672004][ T5775] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5070] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 201.680008][ T5775] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 201.688008][ T5775] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 201.696019][ T5775] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000036 [ 201.704067][ T5775] [ 201.713396][ T5775] memory: usage 8kB, limit 0kB, failcnt 55 [ 201.720403][ T5775] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 201.727572][ T5775] Memory cgroup stats for /syz1: [ 201.727773][ T5775] anon 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./46/file0") = 0 [pid 5070] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./46/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./46") = 0 [pid 5070] mkdir("./47", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 49 [ 201.727773][ T5775] file 0 [ 201.727773][ T5775] kernel 8192 [ 201.727773][ T5775] kernel_stack 0 [ 201.727773][ T5775] pagetables 0 [ 201.727773][ T5775] sec_pagetables 0 [ 201.727773][ T5775] percpu 0 [ 201.727773][ T5775] sock 0 [ 201.727773][ T5775] vmalloc 0 [ 201.727773][ T5775] shmem 0 [ 201.727773][ T5775] zswap 0 [ 201.727773][ T5775] zswapped 0 [ 201.727773][ T5775] file_mapped 0 [ 201.727773][ T5775] file_dirty 0 [ 201.727773][ T5775] file_writeback 0 [ 201.727773][ T5775] swapcached 0 [ 201.727773][ T5775] anon_thp 0 ./strace-static-x86_64: Process 5779 attached [pid 5779] chdir("./47") = 0 [pid 5779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5779] setpgid(0, 0) = 0 [pid 5779] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5779] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5779] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 201.727773][ T5775] file_thp 0 [ 201.727773][ T5775] shmem_thp 0 [ 201.727773][ T5775] inactive_anon 0 [ 201.727773][ T5775] active_anon 0 [ 201.727773][ T5775] inactive_file 0 [ 201.727773][ T5775] active_file 0 [ 201.727773][ T5775] unevictable 0 [ 201.727773][ T5775] slab_reclaimable 6752 [ 201.727773][ T5775] slab_unreclaimable 0 [ 201.727773][ T5775] slab 6752 [ 201.727773][ T5775] workingset_refault_anon 0 [ 201.828144][ T5775] Tasks state (memory values in pages): [pid 5779] write(3, "1000", 4) = 4 [pid 5779] close(3) = 0 [pid 5779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] mkdir("./file0", 000) = 0 [pid 5779] open("./file0", O_RDONLY) = 3 [pid 5779] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5775] <... write resumed>) = 18 [pid 5775] close(3) = 0 [pid 5775] close(4) = 0 [pid 5775] close(5) = 0 [pid 5775] close(6) = 0 [pid 5775] close(7) = -1 EBADF (Bad file descriptor) [pid 5775] close(8) = -1 EBADF (Bad file descriptor) [pid 5775] close(9) = -1 EBADF (Bad file descriptor) [pid 5775] close(10) = -1 EBADF (Bad file descriptor) [pid 5775] close(11) = -1 EBADF (Bad file descriptor) [pid 5775] close(12) = -1 EBADF (Bad file descriptor) [pid 5775] close(13) = -1 EBADF (Bad file descriptor) [pid 5775] close(14) = -1 EBADF (Bad file descriptor) [pid 5775] close(15) = -1 EBADF (Bad file descriptor) [pid 5775] close(16) = -1 EBADF (Bad file descriptor) [pid 5775] close(17) = -1 EBADF (Bad file descriptor) [pid 5775] close(18) = -1 EBADF (Bad file descriptor) [pid 5775] close(19) = -1 EBADF (Bad file descriptor) [pid 5775] close(20) = -1 EBADF (Bad file descriptor) [pid 5775] close(21) = -1 EBADF (Bad file descriptor) [pid 5775] close(22) = -1 EBADF (Bad file descriptor) [pid 5775] close(23) = -1 EBADF (Bad file descriptor) [pid 5775] close(24) = -1 EBADF (Bad file descriptor) [pid 5775] close(25) = -1 EBADF (Bad file descriptor) [pid 5775] close(26) = -1 EBADF (Bad file descriptor) [pid 5775] close(27) = -1 EBADF (Bad file descriptor) [pid 5775] close(28) = -1 EBADF (Bad file descriptor) [pid 5775] close(29) = -1 EBADF (Bad file descriptor) [pid 5775] exit_group(0) = ? [pid 5779] <... mount resumed>) = 0 [pid 5775] +++ exited with 0 +++ [pid 5779] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5779] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5779] openat(5, "memory.max", O_RDWR) = 6 [pid 5779] write(6, "0x000000000000040e", 18 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 201.833756][ T5775] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 201.843656][ T5775] Out of memory and no killable processes... [ 201.850256][ T5776] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 201.865104][ T5776] CPU: 1 PID: 5776 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 201.875577][ T5776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./54/binderfs") = 0 [pid 5074] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./54/cgroup") = 0 [pid 5074] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 201.885670][ T5776] Call Trace: [ 201.888983][ T5776] [ 201.891963][ T5776] dump_stack_lvl+0x1e7/0x2d0 [ 201.896698][ T5776] ? nf_tcp_handle_invalid+0x640/0x640 [ 201.902218][ T5776] ? panic+0x770/0x770 [ 201.906361][ T5776] dump_header+0xdc/0x940 [ 201.910752][ T5776] out_of_memory+0xf21/0x12c0 [ 201.915506][ T5776] ? mutex_lock_io_nested+0x60/0x60 [ 201.920772][ T5776] ? preempt_schedule+0xdd/0xf0 [ 201.925796][ T5776] ? unregister_oom_notifier+0x20/0x20 [ 201.931324][ T5776] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 201.937361][ T5776] mem_cgroup_out_of_memory+0x263/0x3b0 [ 201.942941][ T5776] ? preempt_schedule_thunk+0x1a/0x20 [ 201.948378][ T5776] ? mem_cgroup_oom_trylock+0x210/0x210 [ 201.953996][ T5776] ? cgroup_file_notify+0x127/0x190 [ 201.959255][ T5776] memory_max_write+0x355/0x470 [ 201.964166][ T5776] ? memory_max_show+0xa0/0xa0 [ 201.968987][ T5776] ? read_lock_is_recursive+0x20/0x20 [ 201.974404][ T5776] ? memory_max_show+0xa0/0xa0 [ 201.979186][ T5776] cgroup_file_write+0x2b1/0x780 [ 201.984144][ T5776] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.989276][ T5776] ? __virt_addr_valid+0x22f/0x2e0 [ 201.994419][ T5776] ? cgroup_seqfile_stop+0xd0/0xd0 [ 201.999543][ T5776] kernfs_fop_write_iter+0x3a6/0x4f0 [ 202.004849][ T5776] vfs_write+0x7b2/0xbb0 [ 202.009116][ T5776] ? file_end_write+0x240/0x240 [ 202.013989][ T5776] ? do_raw_spin_unlock+0x13b/0x8b0 [ 202.019205][ T5776] ? lockdep_hardirqs_on+0x98/0x140 [ 202.024430][ T5776] ? __fdget_pos+0x265/0x2f0 [ 202.029042][ T5776] ksys_write+0x1a0/0x2c0 [ 202.033392][ T5776] ? __ia32_sys_read+0x90/0x90 [ 202.038194][ T5776] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 202.044201][ T5776] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 202.050209][ T5776] do_syscall_64+0x41/0xc0 [ 202.054647][ T5776] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 202.060562][ T5776] RIP: 0033:0x7fd49ce20129 [ 202.064989][ T5776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./54/cgroup.net") = 0 [ 202.084609][ T5776] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.093041][ T5776] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 202.101023][ T5776] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 202.109002][ T5776] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 202.116986][ T5776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 202.124970][ T5776] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000032 [ 202.132974][ T5776] [pid 5074] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./54/file0") = 0 [pid 5074] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./54/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./54") = 0 [pid 5074] mkdir("./55", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 57 [ 202.150837][ T5776] memory: usage 8kB, limit 0kB, failcnt 55 [ 202.160912][ T5776] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 202.171830][ T5776] Memory cgroup stats for /syz1: [ 202.172049][ T5776] anon 0 [ 202.172049][ T5776] file 0 [ 202.172049][ T5776] kernel 8192 [ 202.172049][ T5776] kernel_stack 0 [ 202.172049][ T5776] pagetables 0 [ 202.172049][ T5776] sec_pagetables 0 [ 202.172049][ T5776] percpu 0 ./strace-static-x86_64: Process 5781 attached [pid 5781] chdir("./55") = 0 [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5781] setpgid(0, 0) = 0 [pid 5781] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5781] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5781] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5781] write(3, "1000", 4) = 4 [pid 5781] close(3) = 0 [pid 5781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5781] mkdir("./file0", 000) = 0 [pid 5781] open("./file0", O_RDONLY) = 3 [pid 5781] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 202.172049][ T5776] sock 0 [ 202.172049][ T5776] vmalloc 0 [ 202.172049][ T5776] shmem 0 [ 202.172049][ T5776] zswap 0 [ 202.172049][ T5776] zswapped 0 [ 202.172049][ T5776] file_mapped 0 [ 202.172049][ T5776] file_dirty 0 [ 202.172049][ T5776] file_writeback 0 [ 202.172049][ T5776] swapcached 0 [ 202.172049][ T5776] anon_thp 0 [ 202.172049][ T5776] file_thp 0 [ 202.172049][ T5776] shmem_thp 0 [ 202.172049][ T5776] inactive_anon 0 [ 202.172049][ T5776] active_anon 0 [ 202.172049][ T5776] inactive_file 0 [ 202.172049][ T5776] active_file 0 [pid 5781] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5781] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5781] openat(5, "memory.max", O_RDWR) = 6 [ 202.172049][ T5776] unevictable 0 [ 202.172049][ T5776] slab_reclaimable 6752 [ 202.172049][ T5776] slab_unreclaimable 0 [ 202.172049][ T5776] slab 6752 [ 202.172049][ T5776] workingset_refault_anon 0 [ 202.275517][ T5776] Tasks state (memory values in pages): [ 202.281255][ T5776] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 202.291644][ T5776] Out of memory and no killable processes... [pid 5781] write(6, "0x000000000000040e", 18 [pid 5776] <... write resumed>) = 18 [pid 5776] close(3) = 0 [pid 5776] close(4) = 0 [pid 5776] close(5) = 0 [pid 5776] close(6) = 0 [pid 5776] close(7) = -1 EBADF (Bad file descriptor) [pid 5776] close(8) = -1 EBADF (Bad file descriptor) [pid 5776] close(9) = -1 EBADF (Bad file descriptor) [pid 5776] close(10) = -1 EBADF (Bad file descriptor) [pid 5776] close(11) = -1 EBADF (Bad file descriptor) [pid 5776] close(12) = -1 EBADF (Bad file descriptor) [pid 5776] close(13) = -1 EBADF (Bad file descriptor) [pid 5776] close(14) = -1 EBADF (Bad file descriptor) [pid 5776] close(15) = -1 EBADF (Bad file descriptor) [pid 5776] close(16) = -1 EBADF (Bad file descriptor) [pid 5776] close(17) = -1 EBADF (Bad file descriptor) [pid 5776] close(18) = -1 EBADF (Bad file descriptor) [pid 5776] close(19) = -1 EBADF (Bad file descriptor) [pid 5776] close(20) = -1 EBADF (Bad file descriptor) [pid 5776] close(21) = -1 EBADF (Bad file descriptor) [pid 5776] close(22) = -1 EBADF (Bad file descriptor) [pid 5776] close(23) = -1 EBADF (Bad file descriptor) [pid 5776] close(24) = -1 EBADF (Bad file descriptor) [pid 5776] close(25) = -1 EBADF (Bad file descriptor) [pid 5776] close(26) = -1 EBADF (Bad file descriptor) [pid 5776] close(27) = -1 EBADF (Bad file descriptor) [pid 5776] close(28) = -1 EBADF (Bad file descriptor) [pid 5776] close(29) = -1 EBADF (Bad file descriptor) [pid 5776] exit_group(0) = ? [pid 5776] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5073] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./50/binderfs") = 0 [pid 5073] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./50/cgroup") = 0 [pid 5073] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./50/cgroup.net") = 0 [ 202.298384][ T5778] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 202.316601][ T5778] CPU: 1 PID: 5778 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 202.327086][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 202.337178][ T5778] Call Trace: [ 202.340469][ T5778] [ 202.343409][ T5778] dump_stack_lvl+0x1e7/0x2d0 [ 202.348110][ T5778] ? nf_tcp_handle_invalid+0x640/0x640 [ 202.353585][ T5778] ? panic+0x770/0x770 [ 202.357681][ T5778] dump_header+0xdc/0x940 [ 202.362045][ T5778] out_of_memory+0xf21/0x12c0 [ 202.366775][ T5778] ? mutex_lock_io_nested+0x60/0x60 [ 202.372018][ T5778] ? preempt_schedule+0xdd/0xf0 [ 202.376894][ T5778] ? unregister_oom_notifier+0x20/0x20 [ 202.382399][ T5778] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 202.388440][ T5778] mem_cgroup_out_of_memory+0x263/0x3b0 [ 202.394029][ T5778] ? preempt_schedule_thunk+0x1a/0x20 [ 202.399424][ T5778] ? mem_cgroup_oom_trylock+0x210/0x210 [ 202.405017][ T5778] ? cgroup_file_notify+0x127/0x190 [ 202.410240][ T5778] memory_max_write+0x355/0x470 [ 202.415129][ T5778] ? memory_max_show+0xa0/0xa0 [ 202.419948][ T5778] ? read_lock_is_recursive+0x20/0x20 [ 202.425426][ T5778] ? memory_max_show+0xa0/0xa0 [ 202.430232][ T5778] cgroup_file_write+0x2b1/0x780 [ 202.435208][ T5778] ? cgroup_seqfile_stop+0xd0/0xd0 [ 202.440350][ T5778] ? __virt_addr_valid+0x22f/0x2e0 [ 202.445528][ T5778] ? cgroup_seqfile_stop+0xd0/0xd0 [ 202.450673][ T5778] kernfs_fop_write_iter+0x3a6/0x4f0 [ 202.455990][ T5778] vfs_write+0x7b2/0xbb0 [ 202.460263][ T5778] ? file_end_write+0x240/0x240 [ 202.465135][ T5778] ? do_raw_spin_unlock+0x13b/0x8b0 [ 202.470353][ T5778] ? lockdep_hardirqs_on+0x98/0x140 [ 202.475599][ T5778] ? __fdget_pos+0x265/0x2f0 [ 202.480248][ T5778] ksys_write+0x1a0/0x2c0 [ 202.484628][ T5778] ? __ia32_sys_read+0x90/0x90 [ 202.489436][ T5778] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 202.495576][ T5778] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 202.501711][ T5778] do_syscall_64+0x41/0xc0 [ 202.506159][ T5778] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 202.512093][ T5778] RIP: 0033:0x7fd49ce20129 [ 202.516532][ T5778] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.536170][ T5778] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.544614][ T5778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5073] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 202.552626][ T5778] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 202.560627][ T5778] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 202.568613][ T5778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 202.576607][ T5778] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002f [ 202.584633][ T5778] [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./50/file0") = 0 [pid 5073] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./50/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./50") = 0 [pid 5073] mkdir("./51", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5782 attached [pid 5782] chdir("./51" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 53 [pid 5782] <... chdir resumed>) = 0 [pid 5782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 202.599740][ T5778] memory: usage 8kB, limit 0kB, failcnt 55 [ 202.608344][ T5778] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 202.615909][ T5778] Memory cgroup stats for /syz1: [ 202.616245][ T5778] anon 0 [ 202.616245][ T5778] file 0 [ 202.616245][ T5778] kernel 8192 [ 202.616245][ T5778] kernel_stack 0 [ 202.616245][ T5778] pagetables 0 [ 202.616245][ T5778] sec_pagetables 0 [ 202.616245][ T5778] percpu 0 [ 202.616245][ T5778] sock 0 [ 202.616245][ T5778] vmalloc 0 [ 202.616245][ T5778] shmem 0 [ 202.616245][ T5778] zswap 0 [ 202.616245][ T5778] zswapped 0 [ 202.616245][ T5778] file_mapped 0 [ 202.616245][ T5778] file_dirty 0 [ 202.616245][ T5778] file_writeback 0 [ 202.616245][ T5778] swapcached 0 [ 202.616245][ T5778] anon_thp 0 [ 202.616245][ T5778] file_thp 0 [ 202.616245][ T5778] shmem_thp 0 [ 202.616245][ T5778] inactive_anon 0 [ 202.616245][ T5778] active_anon 0 [ 202.616245][ T5778] inactive_file 0 [ 202.616245][ T5778] active_file 0 [ 202.616245][ T5778] unevictable 0 [ 202.616245][ T5778] slab_reclaimable 6752 [pid 5782] setpgid(0, 0) = 0 [pid 5782] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5782] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5782] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1000", 4) = 4 [pid 5782] close(3) = 0 [pid 5782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5782] mkdir("./file0", 000) = 0 [pid 5782] open("./file0", O_RDONLY) = 3 [pid 5782] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5782] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5782] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5782] openat(5, "memory.max", O_RDWR) = 6 [pid 5782] write(6, "0x000000000000040e", 18 [pid 5778] <... write resumed>) = 18 [pid 5778] close(3) = 0 [pid 5778] close(4) = 0 [pid 5778] close(5) = 0 [pid 5778] close(6) = 0 [pid 5778] close(7) = -1 EBADF (Bad file descriptor) [pid 5778] close(8) = -1 EBADF (Bad file descriptor) [pid 5778] close(9) = -1 EBADF (Bad file descriptor) [ 202.616245][ T5778] slab_unreclaimable 0 [ 202.616245][ T5778] slab 6752 [ 202.616245][ T5778] workingset_refault_anon 0 [ 202.713908][ T5778] Tasks state (memory values in pages): [ 202.720717][ T5778] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 202.730421][ T5778] Out of memory and no killable processes... [ 202.736664][ T5777] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5778] close(10) = -1 EBADF (Bad file descriptor) [pid 5778] close(11) = -1 EBADF (Bad file descriptor) [pid 5778] close(12) = -1 EBADF (Bad file descriptor) [pid 5778] close(13) = -1 EBADF (Bad file descriptor) [pid 5778] close(14) = -1 EBADF (Bad file descriptor) [pid 5778] close(15) = -1 EBADF (Bad file descriptor) [pid 5778] close(16) = -1 EBADF (Bad file descriptor) [pid 5778] close(17) = -1 EBADF (Bad file descriptor) [pid 5778] close(18) = -1 EBADF (Bad file descriptor) [pid 5778] close(19) = -1 EBADF (Bad file descriptor) [pid 5778] close(20) = -1 EBADF (Bad file descriptor) [pid 5778] close(21) = -1 EBADF (Bad file descriptor) [pid 5778] close(22) = -1 EBADF (Bad file descriptor) [pid 5778] close(23) = -1 EBADF (Bad file descriptor) [pid 5778] close(24) = -1 EBADF (Bad file descriptor) [pid 5778] close(25) = -1 EBADF (Bad file descriptor) [pid 5778] close(26) = -1 EBADF (Bad file descriptor) [pid 5778] close(27) = -1 EBADF (Bad file descriptor) [ 202.747800][ T5777] CPU: 1 PID: 5777 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 202.758270][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 202.768386][ T5777] Call Trace: [ 202.771711][ T5777] [ 202.774685][ T5777] dump_stack_lvl+0x1e7/0x2d0 [ 202.779422][ T5777] ? nf_tcp_handle_invalid+0x640/0x640 [ 202.784938][ T5777] ? panic+0x770/0x770 [ 202.789080][ T5777] dump_header+0xdc/0x940 [ 202.793476][ T5777] out_of_memory+0xf21/0x12c0 [ 202.798235][ T5777] ? mutex_lock_io_nested+0x60/0x60 [ 202.803507][ T5777] ? preempt_schedule+0xdd/0xf0 [ 202.808415][ T5777] ? unregister_oom_notifier+0x20/0x20 [ 202.813921][ T5777] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 202.819972][ T5777] mem_cgroup_out_of_memory+0x263/0x3b0 [ 202.825571][ T5777] ? preempt_schedule_thunk+0x1a/0x20 [ 202.830998][ T5777] ? mem_cgroup_oom_trylock+0x210/0x210 [ 202.836601][ T5777] ? cgroup_file_notify+0x127/0x190 [ 202.841863][ T5777] memory_max_write+0x355/0x470 [ 202.846867][ T5777] ? memory_max_show+0xa0/0xa0 [ 202.851680][ T5777] ? read_lock_is_recursive+0x20/0x20 [ 202.857108][ T5777] ? memory_max_show+0xa0/0xa0 [ 202.861916][ T5777] cgroup_file_write+0x2b1/0x780 [ 202.866886][ T5777] ? cgroup_seqfile_stop+0xd0/0xd0 [ 202.872019][ T5777] ? __virt_addr_valid+0x22f/0x2e0 [ 202.877170][ T5777] ? cgroup_seqfile_stop+0xd0/0xd0 [ 202.882302][ T5777] kernfs_fop_write_iter+0x3a6/0x4f0 [ 202.887637][ T5777] vfs_write+0x7b2/0xbb0 [ 202.891905][ T5777] ? file_end_write+0x240/0x240 [ 202.896778][ T5777] ? do_raw_spin_unlock+0x13b/0x8b0 [pid 5778] close(28) = -1 EBADF (Bad file descriptor) [pid 5778] close(29) = -1 EBADF (Bad file descriptor) [pid 5778] exit_group(0) = ? [pid 5778] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 202.901997][ T5777] ? lockdep_hardirqs_on+0x98/0x140 [ 202.907236][ T5777] ? __fdget_pos+0x265/0x2f0 [ 202.911852][ T5777] ksys_write+0x1a0/0x2c0 [ 202.916202][ T5777] ? __ia32_sys_read+0x90/0x90 [ 202.920986][ T5777] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 202.927011][ T5777] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 202.933026][ T5777] do_syscall_64+0x41/0xc0 [ 202.937478][ T5777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 202.943428][ T5777] RIP: 0033:0x7fd49ce20129 [ 202.947865][ T5777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.967612][ T5777] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.976046][ T5777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 202.984029][ T5777] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 202.992012][ T5777] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./47/binderfs") = 0 [pid 5072] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./47/cgroup") = 0 [pid 5072] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./47/cgroup.net") = 0 [pid 5072] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./47/file0") = 0 [pid 5072] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 202.999995][ T5777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 203.007978][ T5777] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000035 [ 203.015984][ T5777] [ 203.026580][ T5777] memory: usage 8kB, limit 0kB, failcnt 55 [ 203.035440][ T5777] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 203.043330][ T5777] Memory cgroup stats for /syz1: [ 203.043536][ T5777] anon 0 [ 203.043536][ T5777] file 0 [pid 5072] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./47/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./47") = 0 [pid 5072] mkdir("./48", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5783 attached [pid 5783] chdir("./48" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 50 [pid 5783] <... chdir resumed>) = 0 [pid 5783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5783] setpgid(0, 0) = 0 [pid 5783] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5783] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5783] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5783] write(3, "1000", 4) = 4 [pid 5783] close(3) = 0 [pid 5783] symlink("/dev/binderfs", "./binderfs") = 0 [ 203.043536][ T5777] kernel 8192 [ 203.043536][ T5777] kernel_stack 0 [ 203.043536][ T5777] pagetables 0 [ 203.043536][ T5777] sec_pagetables 0 [ 203.043536][ T5777] percpu 0 [ 203.043536][ T5777] sock 0 [ 203.043536][ T5777] vmalloc 0 [ 203.043536][ T5777] shmem 0 [ 203.043536][ T5777] zswap 0 [ 203.043536][ T5777] zswapped 0 [ 203.043536][ T5777] file_mapped 0 [ 203.043536][ T5777] file_dirty 0 [ 203.043536][ T5777] file_writeback 0 [ 203.043536][ T5777] swapcached 0 [ 203.043536][ T5777] anon_thp 0 [ 203.043536][ T5777] file_thp 0 [pid 5783] mkdir("./file0", 000) = 0 [pid 5783] open("./file0", O_RDONLY) = 3 [pid 5783] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5783] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5783] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5783] openat(5, "memory.max", O_RDWR) = 6 [ 203.043536][ T5777] shmem_thp 0 [ 203.043536][ T5777] inactive_anon 0 [ 203.043536][ T5777] active_anon 0 [ 203.043536][ T5777] inactive_file 0 [ 203.043536][ T5777] active_file 0 [ 203.043536][ T5777] unevictable 0 [ 203.043536][ T5777] slab_reclaimable 6752 [ 203.043536][ T5777] slab_unreclaimable 0 [ 203.043536][ T5777] slab 6752 [ 203.043536][ T5777] workingset_refault_anon 0 [ 203.142139][ T5777] Tasks state (memory values in pages): [pid 5783] write(6, "0x000000000000040e", 18 [pid 5777] <... write resumed>) = 18 [pid 5777] close(3) = 0 [pid 5777] close(4) = 0 [pid 5777] close(5) = 0 [pid 5777] close(6) = 0 [pid 5777] close(7) = -1 EBADF (Bad file descriptor) [pid 5777] close(8) = -1 EBADF (Bad file descriptor) [pid 5777] close(9) = -1 EBADF (Bad file descriptor) [pid 5777] close(10) = -1 EBADF (Bad file descriptor) [pid 5777] close(11) = -1 EBADF (Bad file descriptor) [pid 5777] close(12) = -1 EBADF (Bad file descriptor) [pid 5777] close(13) = -1 EBADF (Bad file descriptor) [pid 5777] close(14) = -1 EBADF (Bad file descriptor) [pid 5777] close(15) = -1 EBADF (Bad file descriptor) [pid 5777] close(16) = -1 EBADF (Bad file descriptor) [pid 5777] close(17) = -1 EBADF (Bad file descriptor) [pid 5777] close(18) = -1 EBADF (Bad file descriptor) [pid 5777] close(19) = -1 EBADF (Bad file descriptor) [ 203.155318][ T5777] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 203.165330][ T5777] Out of memory and no killable processes... [ 203.172107][ T5779] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 203.193717][ T5779] CPU: 0 PID: 5779 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5777] close(20) = -1 EBADF (Bad file descriptor) [pid 5777] close(21) = -1 EBADF (Bad file descriptor) [pid 5777] close(22) = -1 EBADF (Bad file descriptor) [pid 5777] close(23) = -1 EBADF (Bad file descriptor) [pid 5777] close(24) = -1 EBADF (Bad file descriptor) [pid 5777] close(25) = -1 EBADF (Bad file descriptor) [pid 5777] close(26) = -1 EBADF (Bad file descriptor) [pid 5777] close(27) = -1 EBADF (Bad file descriptor) [pid 5777] close(28) = -1 EBADF (Bad file descriptor) [pid 5777] close(29) = -1 EBADF (Bad file descriptor) [pid 5777] exit_group(0) = ? [pid 5777] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5075] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./53/binderfs") = 0 [pid 5075] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./53/cgroup") = 0 [ 203.204295][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 203.214399][ T5779] Call Trace: [ 203.217719][ T5779] [ 203.220696][ T5779] dump_stack_lvl+0x1e7/0x2d0 [ 203.225432][ T5779] ? nf_tcp_handle_invalid+0x640/0x640 [ 203.230943][ T5779] ? panic+0x770/0x770 [ 203.235078][ T5779] dump_header+0xdc/0x940 [ 203.239470][ T5779] out_of_memory+0xf21/0x12c0 [ 203.244207][ T5779] ? mutex_lock_io_nested+0x60/0x60 [ 203.249480][ T5779] ? preempt_schedule+0xdd/0xf0 [pid 5075] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./53/cgroup.net") = 0 [ 203.254393][ T5779] ? unregister_oom_notifier+0x20/0x20 [ 203.259910][ T5779] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 203.265995][ T5779] mem_cgroup_out_of_memory+0x263/0x3b0 [ 203.271576][ T5779] ? preempt_schedule_thunk+0x1a/0x20 [ 203.277006][ T5779] ? mem_cgroup_oom_trylock+0x210/0x210 [ 203.282635][ T5779] ? cgroup_file_notify+0x127/0x190 [ 203.287892][ T5779] memory_max_write+0x355/0x470 [ 203.292778][ T5779] ? memory_max_show+0xa0/0xa0 [ 203.297565][ T5779] ? read_lock_is_recursive+0x20/0x20 [ 203.302967][ T5779] ? memory_max_show+0xa0/0xa0 [ 203.307758][ T5779] cgroup_file_write+0x2b1/0x780 [ 203.312723][ T5779] ? cgroup_seqfile_stop+0xd0/0xd0 [ 203.317854][ T5779] ? __virt_addr_valid+0x22f/0x2e0 [ 203.323019][ T5779] ? cgroup_seqfile_stop+0xd0/0xd0 [ 203.328167][ T5779] kernfs_fop_write_iter+0x3a6/0x4f0 [ 203.333485][ T5779] vfs_write+0x7b2/0xbb0 [ 203.337788][ T5779] ? file_end_write+0x240/0x240 [ 203.342672][ T5779] ? do_raw_spin_unlock+0x13b/0x8b0 [ 203.347902][ T5779] ? lockdep_hardirqs_on+0x98/0x140 [ 203.353135][ T5779] ? __fdget_pos+0x265/0x2f0 [ 203.357751][ T5779] ksys_write+0x1a0/0x2c0 [ 203.362118][ T5779] ? __ia32_sys_read+0x90/0x90 [ 203.367013][ T5779] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 203.373022][ T5779] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 203.379030][ T5779] do_syscall_64+0x41/0xc0 [ 203.383466][ T5779] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 203.389383][ T5779] RIP: 0033:0x7fd49ce20129 [ 203.393812][ T5779] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 203.413432][ T5779] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 203.421860][ T5779] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 203.430886][ T5779] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 203.438887][ T5779] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 203.446886][ T5779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./53/file0") = 0 [pid 5075] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./53/cgroup.cpu") = 0 [ 203.454900][ T5779] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000002f [ 203.462930][ T5779] [ 203.472986][ T5779] memory: usage 8kB, limit 0kB, failcnt 55 [ 203.479022][ T5779] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 203.487785][ T5779] Memory cgroup stats for /syz1: [ 203.487993][ T5779] anon 0 [ 203.487993][ T5779] file 0 [ 203.487993][ T5779] kernel 8192 [ 203.487993][ T5779] kernel_stack 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./53") = 0 [pid 5075] mkdir("./54", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 56 ./strace-static-x86_64: Process 5784 attached [pid 5784] chdir("./54") = 0 [ 203.487993][ T5779] pagetables 0 [ 203.487993][ T5779] sec_pagetables 0 [ 203.487993][ T5779] percpu 0 [ 203.487993][ T5779] sock 0 [ 203.487993][ T5779] vmalloc 0 [ 203.487993][ T5779] shmem 0 [ 203.487993][ T5779] zswap 0 [ 203.487993][ T5779] zswapped 0 [ 203.487993][ T5779] file_mapped 0 [ 203.487993][ T5779] file_dirty 0 [ 203.487993][ T5779] file_writeback 0 [ 203.487993][ T5779] swapcached 0 [ 203.487993][ T5779] anon_thp 0 [ 203.487993][ T5779] file_thp 0 [ 203.487993][ T5779] shmem_thp 0 [ 203.487993][ T5779] inactive_anon 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5784] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5784] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] mkdir("./file0", 000) = 0 [pid 5784] open("./file0", O_RDONLY) = 3 [pid 5784] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5784] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5784] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5784] openat(5, "memory.max", O_RDWR) = 6 [ 203.487993][ T5779] active_anon 0 [ 203.487993][ T5779] inactive_file 0 [ 203.487993][ T5779] active_file 0 [ 203.487993][ T5779] unevictable 0 [ 203.487993][ T5779] slab_reclaimable 6752 [ 203.487993][ T5779] slab_unreclaimable 0 [ 203.487993][ T5779] slab 6752 [ 203.487993][ T5779] workingset_refault_anon 0 [ 203.591101][ T5779] Tasks state (memory values in pages): [ 203.597456][ T5779] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5784] write(6, "0x000000000000040e", 18 [pid 5779] <... write resumed>) = 18 [pid 5779] close(3) = 0 [pid 5779] close(4) = 0 [pid 5779] close(5) = 0 [pid 5779] close(6) = 0 [pid 5779] close(7) = -1 EBADF (Bad file descriptor) [pid 5779] close(8) = -1 EBADF (Bad file descriptor) [pid 5779] close(9) = -1 EBADF (Bad file descriptor) [pid 5779] close(10) = -1 EBADF (Bad file descriptor) [pid 5779] close(11) = -1 EBADF (Bad file descriptor) [pid 5779] close(12) = -1 EBADF (Bad file descriptor) [pid 5779] close(13) = -1 EBADF (Bad file descriptor) [pid 5779] close(14) = -1 EBADF (Bad file descriptor) [pid 5779] close(15) = -1 EBADF (Bad file descriptor) [ 203.607377][ T5779] Out of memory and no killable processes... [ 203.613446][ T5781] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 203.624666][ T5781] CPU: 1 PID: 5781 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 203.635136][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 203.645238][ T5781] Call Trace: [ 203.648562][ T5781] [ 203.651531][ T5781] dump_stack_lvl+0x1e7/0x2d0 [pid 5779] close(16) = -1 EBADF (Bad file descriptor) [pid 5779] close(17) = -1 EBADF (Bad file descriptor) [pid 5779] close(18) = -1 EBADF (Bad file descriptor) [pid 5779] close(19) = -1 EBADF (Bad file descriptor) [pid 5779] close(20) = -1 EBADF (Bad file descriptor) [pid 5779] close(21) = -1 EBADF (Bad file descriptor) [pid 5779] close(22) = -1 EBADF (Bad file descriptor) [pid 5779] close(23) = -1 EBADF (Bad file descriptor) [pid 5779] close(24) = -1 EBADF (Bad file descriptor) [ 203.656269][ T5781] ? nf_tcp_handle_invalid+0x640/0x640 [ 203.661783][ T5781] ? panic+0x770/0x770 [ 203.665919][ T5781] dump_header+0xdc/0x940 [ 203.670299][ T5781] out_of_memory+0xf21/0x12c0 [ 203.675030][ T5781] ? mutex_lock_io_nested+0x60/0x60 [ 203.680287][ T5781] ? preempt_schedule+0xdd/0xf0 [ 203.685179][ T5781] ? unregister_oom_notifier+0x20/0x20 [ 203.690738][ T5781] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 203.696805][ T5781] mem_cgroup_out_of_memory+0x263/0x3b0 [ 203.702408][ T5781] ? preempt_schedule_thunk+0x1a/0x20 [ 203.707849][ T5781] ? mem_cgroup_oom_trylock+0x210/0x210 [ 203.713471][ T5781] ? cgroup_file_notify+0x127/0x190 [ 203.718726][ T5781] memory_max_write+0x355/0x470 [ 203.723641][ T5781] ? memory_max_show+0xa0/0xa0 [ 203.728457][ T5781] ? read_lock_is_recursive+0x20/0x20 [ 203.733866][ T5781] ? memory_max_show+0xa0/0xa0 [ 203.738654][ T5781] cgroup_file_write+0x2b1/0x780 [ 203.743611][ T5781] ? cgroup_seqfile_stop+0xd0/0xd0 [ 203.748741][ T5781] ? __virt_addr_valid+0x22f/0x2e0 [ 203.753886][ T5781] ? cgroup_seqfile_stop+0xd0/0xd0 [ 203.759006][ T5781] kernfs_fop_write_iter+0x3a6/0x4f0 [ 203.764308][ T5781] vfs_write+0x7b2/0xbb0 [ 203.768571][ T5781] ? file_end_write+0x240/0x240 [ 203.773440][ T5781] ? do_raw_spin_unlock+0x13b/0x8b0 [ 203.778671][ T5781] ? lockdep_hardirqs_on+0x98/0x140 [ 203.783890][ T5781] ? __fdget_pos+0x265/0x2f0 [ 203.788497][ T5781] ksys_write+0x1a0/0x2c0 [ 203.792861][ T5781] ? __ia32_sys_read+0x90/0x90 [ 203.797638][ T5781] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 203.803642][ T5781] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 203.809649][ T5781] do_syscall_64+0x41/0xc0 [ 203.814094][ T5781] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 203.820013][ T5781] RIP: 0033:0x7fd49ce20129 [ 203.824436][ T5781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 203.844052][ T5781] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5779] close(25) = -1 EBADF (Bad file descriptor) [pid 5779] close(26) = -1 EBADF (Bad file descriptor) [pid 5779] close(27) = -1 EBADF (Bad file descriptor) [pid 5779] close(28) = -1 EBADF (Bad file descriptor) [pid 5779] close(29) = -1 EBADF (Bad file descriptor) [pid 5779] exit_group(0) = ? [pid 5779] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./47/binderfs") = 0 [pid 5070] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./47/cgroup") = 0 [pid 5070] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./47/cgroup.net") = 0 [ 203.852481][ T5781] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 203.860466][ T5781] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 203.868463][ T5781] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 203.876444][ T5781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 203.884441][ T5781] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000037 [ 203.892471][ T5781] [ 203.898525][ T5781] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./47/file0") = 0 [pid 5070] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./47/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./47") = 0 [pid 5070] mkdir("./48", 0777) = 0 [ 203.904382][ T5781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 203.913733][ T5781] Memory cgroup stats for /syz1: [ 203.914052][ T5781] anon 0 [ 203.914052][ T5781] file 0 [ 203.914052][ T5781] kernel 8192 [ 203.914052][ T5781] kernel_stack 0 [ 203.914052][ T5781] pagetables 0 [ 203.914052][ T5781] sec_pagetables 0 [ 203.914052][ T5781] percpu 0 [ 203.914052][ T5781] sock 0 [ 203.914052][ T5781] vmalloc 0 [ 203.914052][ T5781] shmem 0 [ 203.914052][ T5781] zswap 0 [ 203.914052][ T5781] zswapped 0 [ 203.914052][ T5781] file_mapped 0 [ 203.914052][ T5781] file_dirty 0 [ 203.914052][ T5781] file_writeback 0 [ 203.914052][ T5781] swapcached 0 [ 203.914052][ T5781] anon_thp 0 [ 203.914052][ T5781] file_thp 0 [ 203.914052][ T5781] shmem_thp 0 [ 203.914052][ T5781] inactive_anon 0 [ 203.914052][ T5781] active_anon 0 [ 203.914052][ T5781] inactive_file 0 [ 203.914052][ T5781] active_file 0 [ 203.914052][ T5781] unevictable 0 [ 203.914052][ T5781] slab_reclaimable 6752 [ 203.914052][ T5781] slab_unreclaimable 0 [ 203.914052][ T5781] slab 6752 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5785 attached [pid 5785] chdir("./48" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 50 [pid 5785] <... chdir resumed>) = 0 [pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5785] setpgid(0, 0) = 0 [pid 5785] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5785] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5785] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5785] write(3, "1000", 4) = 4 [pid 5785] close(3) = 0 [pid 5785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5785] mkdir("./file0", 000) = 0 [pid 5785] open("./file0", O_RDONLY) = 3 [pid 5785] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5785] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5785] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5785] openat(5, "memory.max", O_RDWR) = 6 [pid 5785] write(6, "0x000000000000040e", 18 [pid 5781] <... write resumed>) = 18 [pid 5781] close(3) = 0 [pid 5781] close(4) = 0 [pid 5781] close(5) = 0 [pid 5781] close(6) = 0 [pid 5781] close(7) = -1 EBADF (Bad file descriptor) [pid 5781] close(8) = -1 EBADF (Bad file descriptor) [ 203.914052][ T5781] workingset_refault_anon 0 [ 204.010559][ T5781] Tasks state (memory values in pages): [ 204.016311][ T5781] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 204.030053][ T5781] Out of memory and no killable processes... [ 204.036394][ T5782] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 204.048799][ T5782] CPU: 0 PID: 5782 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5781] close(9) = -1 EBADF (Bad file descriptor) [pid 5781] close(10) = -1 EBADF (Bad file descriptor) [pid 5781] close(11) = -1 EBADF (Bad file descriptor) [pid 5781] close(12) = -1 EBADF (Bad file descriptor) [pid 5781] close(13) = -1 EBADF (Bad file descriptor) [pid 5781] close(14) = -1 EBADF (Bad file descriptor) [pid 5781] close(15) = -1 EBADF (Bad file descriptor) [pid 5781] close(16) = -1 EBADF (Bad file descriptor) [pid 5781] close(17) = -1 EBADF (Bad file descriptor) [pid 5781] close(18) = -1 EBADF (Bad file descriptor) [pid 5781] close(19) = -1 EBADF (Bad file descriptor) [ 204.059275][ T5782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 204.069373][ T5782] Call Trace: [ 204.072685][ T5782] [ 204.075648][ T5782] dump_stack_lvl+0x1e7/0x2d0 [ 204.080379][ T5782] ? nf_tcp_handle_invalid+0x640/0x640 [ 204.085893][ T5782] ? panic+0x770/0x770 [ 204.090026][ T5782] dump_header+0xdc/0x940 [ 204.094411][ T5782] out_of_memory+0xf21/0x12c0 [ 204.099148][ T5782] ? mutex_lock_io_nested+0x60/0x60 [ 204.104419][ T5782] ? preempt_schedule+0xdd/0xf0 [pid 5781] close(20) = -1 EBADF (Bad file descriptor) [pid 5781] close(21) = -1 EBADF (Bad file descriptor) [pid 5781] close(22) = -1 EBADF (Bad file descriptor) [pid 5781] close(23) = -1 EBADF (Bad file descriptor) [pid 5781] close(24) = -1 EBADF (Bad file descriptor) [pid 5781] close(25) = -1 EBADF (Bad file descriptor) [pid 5781] close(26) = -1 EBADF (Bad file descriptor) [pid 5781] close(27) = -1 EBADF (Bad file descriptor) [pid 5781] close(28) = -1 EBADF (Bad file descriptor) [pid 5781] close(29) = -1 EBADF (Bad file descriptor) [pid 5781] exit_group(0) = ? [pid 5781] +++ exited with 0 +++ [ 204.109346][ T5782] ? unregister_oom_notifier+0x20/0x20 [ 204.114880][ T5782] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 204.120973][ T5782] mem_cgroup_out_of_memory+0x263/0x3b0 [ 204.126593][ T5782] ? preempt_schedule_thunk+0x1a/0x20 [ 204.132478][ T5782] ? mem_cgroup_oom_trylock+0x210/0x210 [ 204.138108][ T5782] ? cgroup_file_notify+0x127/0x190 [ 204.143362][ T5782] memory_max_write+0x355/0x470 [ 204.148269][ T5782] ? memory_max_show+0xa0/0xa0 [ 204.153072][ T5782] ? read_lock_is_recursive+0x20/0x20 [ 204.158486][ T5782] ? memory_max_show+0xa0/0xa0 [ 204.163359][ T5782] cgroup_file_write+0x2b1/0x780 [ 204.168326][ T5782] ? cgroup_seqfile_stop+0xd0/0xd0 [ 204.173454][ T5782] ? __virt_addr_valid+0x22f/0x2e0 [ 204.178599][ T5782] ? cgroup_seqfile_stop+0xd0/0xd0 [ 204.183728][ T5782] kernfs_fop_write_iter+0x3a6/0x4f0 [ 204.189179][ T5782] vfs_write+0x7b2/0xbb0 [ 204.193477][ T5782] ? file_end_write+0x240/0x240 [ 204.198384][ T5782] ? do_raw_spin_unlock+0x13b/0x8b0 [ 204.203618][ T5782] ? lockdep_hardirqs_on+0x98/0x140 [ 204.208891][ T5782] ? __fdget_pos+0x265/0x2f0 [ 204.213843][ T5782] ksys_write+0x1a0/0x2c0 [ 204.218256][ T5782] ? __ia32_sys_read+0x90/0x90 [ 204.223232][ T5782] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 204.229328][ T5782] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 204.235539][ T5782] do_syscall_64+0x41/0xc0 [ 204.239994][ T5782] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 204.246012][ T5782] RIP: 0033:0x7fd49ce20129 [ 204.250448][ T5782] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.270794][ T5782] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.279237][ T5782] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 204.287224][ T5782] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 204.295406][ T5782] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 204.303405][ T5782] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 204.311480][ T5782] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000033 [ 204.319489][ T5782] [ 204.340606][ T5782] memory: usage 8kB, limit 0kB, failcnt 55 [ 204.346950][ T5782] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 204.354010][ T5782] Memory cgroup stats for /syz1: [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 204.354227][ T5782] anon 0 [ 204.354227][ T5782] file 0 [ 204.354227][ T5782] kernel 8192 [ 204.354227][ T5782] kernel_stack 0 [ 204.354227][ T5782] pagetables 0 [ 204.354227][ T5782] sec_pagetables 0 [ 204.354227][ T5782] percpu 0 [ 204.354227][ T5782] sock 0 [ 204.354227][ T5782] vmalloc 0 [ 204.354227][ T5782] shmem 0 [ 204.354227][ T5782] zswap 0 [ 204.354227][ T5782] zswapped 0 [ 204.354227][ T5782] file_mapped 0 [ 204.354227][ T5782] file_dirty 0 [ 204.354227][ T5782] file_writeback 0 [ 204.354227][ T5782] swapcached 0 [pid 5074] unlink("./55/binderfs") = 0 [pid 5074] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./55/cgroup") = 0 [pid 5074] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./55/cgroup.net") = 0 [pid 5074] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 204.354227][ T5782] anon_thp 0 [ 204.354227][ T5782] file_thp 0 [ 204.354227][ T5782] shmem_thp 0 [ 204.354227][ T5782] inactive_anon 0 [ 204.354227][ T5782] active_anon 0 [ 204.354227][ T5782] inactive_file 0 [ 204.354227][ T5782] active_file 0 [ 204.354227][ T5782] unevictable 0 [ 204.354227][ T5782] slab_reclaimable 6752 [ 204.354227][ T5782] slab_unreclaimable 0 [ 204.354227][ T5782] slab 6752 [ 204.354227][ T5782] workingset_refault_anon 0 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./55/file0") = 0 [pid 5074] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./55/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./55") = 0 [pid 5074] mkdir("./56", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 58 ./strace-static-x86_64: Process 5786 attached [pid 5786] chdir("./56" [pid 5782] <... write resumed>) = 18 [pid 5786] <... chdir resumed>) = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5782] close(3 [pid 5786] <... prctl resumed>) = 0 [pid 5786] setpgid(0, 0 [pid 5782] <... close resumed>) = 0 [pid 5786] <... setpgid resumed>) = 0 [pid 5786] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5782] close(4 [pid 5786] <... symlink resumed>) = 0 [pid 5786] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5782] <... close resumed>) = 0 [pid 5786] <... symlink resumed>) = 0 [pid 5786] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5782] close(5 [pid 5786] <... symlink resumed>) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5782] <... close resumed>) = 0 [pid 5786] <... openat resumed>) = 3 [pid 5786] write(3, "1000", 4 [pid 5782] close(6 [pid 5786] <... write resumed>) = 4 [pid 5786] close(3 [pid 5782] <... close resumed>) = 0 [pid 5786] <... close resumed>) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs" [pid 5782] close(7 [pid 5786] <... symlink resumed>) = 0 [pid 5786] mkdir("./file0", 000 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] <... mkdir resumed>) = 0 [pid 5786] open("./file0", O_RDONLY [pid 5782] close(8 [pid 5786] <... open resumed>) = 3 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5782] close(9 [pid 5786] <... mount resumed>) = 0 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5782] close(10 [pid 5786] <... openat resumed>) = 4 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] openat(4, "syz1", O_RDWR|O_PATH [pid 5782] close(11 [pid 5786] <... openat resumed>) = 5 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] openat(5, "memory.max", O_RDWR [ 204.461084][ T5782] Tasks state (memory values in pages): [ 204.468365][ T5782] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 204.483937][ T5782] Out of memory and no killable processes... [ 204.492262][ T5783] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5782] close(12 [pid 5786] <... openat resumed>) = 6 [pid 5782] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5786] write(6, "0x000000000000040e", 18 [pid 5782] close(13) = -1 EBADF (Bad file descriptor) [pid 5782] close(14) = -1 EBADF (Bad file descriptor) [pid 5782] close(15) = -1 EBADF (Bad file descriptor) [pid 5782] close(16) = -1 EBADF (Bad file descriptor) [pid 5782] close(17) = -1 EBADF (Bad file descriptor) [pid 5782] close(18) = -1 EBADF (Bad file descriptor) [pid 5782] close(19) = -1 EBADF (Bad file descriptor) [pid 5782] close(20) = -1 EBADF (Bad file descriptor) [pid 5782] close(21) = -1 EBADF (Bad file descriptor) [pid 5782] close(22) = -1 EBADF (Bad file descriptor) [pid 5782] close(23) = -1 EBADF (Bad file descriptor) [pid 5782] close(24) = -1 EBADF (Bad file descriptor) [pid 5782] close(25) = -1 EBADF (Bad file descriptor) [pid 5782] close(26) = -1 EBADF (Bad file descriptor) [pid 5782] close(27) = -1 EBADF (Bad file descriptor) [pid 5782] close(28) = -1 EBADF (Bad file descriptor) [pid 5782] close(29) = -1 EBADF (Bad file descriptor) [pid 5782] exit_group(0) = ? [pid 5782] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./51/binderfs") = 0 [pid 5073] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./51/cgroup") = 0 [pid 5073] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./51/cgroup.net") = 0 [ 204.504947][ T5783] CPU: 1 PID: 5783 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 204.515429][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 204.525531][ T5783] Call Trace: [ 204.528848][ T5783] [ 204.531826][ T5783] dump_stack_lvl+0x1e7/0x2d0 [ 204.536563][ T5783] ? nf_tcp_handle_invalid+0x640/0x640 [ 204.542090][ T5783] ? panic+0x770/0x770 [ 204.546230][ T5783] dump_header+0xdc/0x940 [ 204.550631][ T5783] out_of_memory+0xf21/0x12c0 [ 204.555369][ T5783] ? mutex_lock_io_nested+0x60/0x60 [ 204.560624][ T5783] ? preempt_schedule+0xdd/0xf0 [ 204.565499][ T5783] ? unregister_oom_notifier+0x20/0x20 [ 204.570987][ T5783] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 204.576999][ T5783] mem_cgroup_out_of_memory+0x263/0x3b0 [ 204.582563][ T5783] ? preempt_schedule_thunk+0x1a/0x20 [ 204.587963][ T5783] ? mem_cgroup_oom_trylock+0x210/0x210 [ 204.593550][ T5783] ? cgroup_file_notify+0x127/0x190 [ 204.598775][ T5783] memory_max_write+0x355/0x470 [ 204.603649][ T5783] ? memory_max_show+0xa0/0xa0 [ 204.608431][ T5783] ? read_lock_is_recursive+0x20/0x20 [ 204.613831][ T5783] ? memory_max_show+0xa0/0xa0 [ 204.618616][ T5783] cgroup_file_write+0x2b1/0x780 [ 204.623576][ T5783] ? cgroup_seqfile_stop+0xd0/0xd0 [ 204.628712][ T5783] ? __virt_addr_valid+0x22f/0x2e0 [ 204.633853][ T5783] ? cgroup_seqfile_stop+0xd0/0xd0 [ 204.638977][ T5783] kernfs_fop_write_iter+0x3a6/0x4f0 [ 204.644290][ T5783] vfs_write+0x7b2/0xbb0 [ 204.648559][ T5783] ? file_end_write+0x240/0x240 [ 204.653448][ T5783] ? do_raw_spin_unlock+0x13b/0x8b0 [ 204.658668][ T5783] ? lockdep_hardirqs_on+0x98/0x140 [ 204.663906][ T5783] ? __fdget_pos+0x265/0x2f0 [ 204.668527][ T5783] ksys_write+0x1a0/0x2c0 [ 204.672883][ T5783] ? __ia32_sys_read+0x90/0x90 [ 204.677661][ T5783] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 204.683684][ T5783] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 204.689688][ T5783] do_syscall_64+0x41/0xc0 [ 204.694124][ T5783] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 204.700038][ T5783] RIP: 0033:0x7fd49ce20129 [ 204.704464][ T5783] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.724104][ T5783] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.732546][ T5783] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 204.740530][ T5783] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 204.748514][ T5783] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 204.756497][ T5783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 204.764482][ T5783] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000030 [ 204.772505][ T5783] [ 204.788247][ T5783] memory: usage 8kB, limit 0kB, failcnt 55 [ 204.794123][ T5783] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 204.805559][ T5783] Memory cgroup stats for /syz1: [ 204.806272][ T5783] anon 0 [ 204.806272][ T5783] file 0 [ 204.806272][ T5783] kernel 8192 [ 204.806272][ T5783] kernel_stack 0 [ 204.806272][ T5783] pagetables 0 [ 204.806272][ T5783] sec_pagetables 0 [ 204.806272][ T5783] percpu 0 [ 204.806272][ T5783] sock 0 [ 204.806272][ T5783] vmalloc 0 [ 204.806272][ T5783] shmem 0 [ 204.806272][ T5783] zswap 0 [ 204.806272][ T5783] zswapped 0 [ 204.806272][ T5783] file_mapped 0 [ 204.806272][ T5783] file_dirty 0 [ 204.806272][ T5783] file_writeback 0 [ 204.806272][ T5783] swapcached 0 [ 204.806272][ T5783] anon_thp 0 [ 204.806272][ T5783] file_thp 0 [ 204.806272][ T5783] shmem_thp 0 [ 204.806272][ T5783] inactive_anon 0 [ 204.806272][ T5783] active_anon 0 [ 204.806272][ T5783] inactive_file 0 [ 204.806272][ T5783] active_file 0 [ 204.806272][ T5783] unevictable 0 [ 204.806272][ T5783] slab_reclaimable 6752 [ 204.806272][ T5783] slab_unreclaimable 0 [ 204.806272][ T5783] slab 6752 [ 204.806272][ T5783] workingset_refault_anon 0 [pid 5073] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./51/file0") = 0 [pid 5073] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./51/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./51") = 0 [pid 5073] mkdir("./52", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 54 ./strace-static-x86_64: Process 5787 attached [pid 5783] <... write resumed>) = 18 [pid 5787] chdir("./52" [pid 5783] close(3 [pid 5787] <... chdir resumed>) = 0 [pid 5783] <... close resumed>) = 0 [pid 5787] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5783] close(4 [pid 5787] <... prctl resumed>) = 0 [pid 5783] <... close resumed>) = 0 [pid 5787] setpgid(0, 0 [pid 5783] close(5 [pid 5787] <... setpgid resumed>) = 0 [pid 5783] <... close resumed>) = 0 [pid 5787] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5783] close(6 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = 0 [pid 5787] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5783] close(7 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 204.909508][ T5783] Tasks state (memory values in pages): [ 204.916010][ T5783] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 204.926954][ T5783] Out of memory and no killable processes... [ 204.933689][ T5784] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 204.944271][ T5784] CPU: 0 PID: 5784 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5787] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5783] close(8 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5783] close(9 [pid 5787] <... openat resumed>) = 3 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] write(3, "1000", 4 [pid 5783] close(10 [pid 5787] <... write resumed>) = 4 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] close(3 [pid 5783] close(11 [pid 5787] <... close resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] symlink("/dev/binderfs", "./binderfs" [pid 5783] close(12 [pid 5787] <... symlink resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] mkdir("./file0", 000 [pid 5783] close(13 [pid 5787] <... mkdir resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] open("./file0", O_RDONLY [pid 5783] close(14 [pid 5787] <... open resumed>) = 3 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5783] close(15 [pid 5787] <... mount resumed>) = 0 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5783] close(16 [pid 5787] <... openat resumed>) = 4 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(4, "syz1", O_RDWR|O_PATH [pid 5783] close(17 [pid 5787] <... openat resumed>) = 5 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] openat(5, "memory.max", O_RDWR [pid 5783] close(18 [pid 5787] <... openat resumed>) = 6 [pid 5783] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5787] write(6, "0x000000000000040e", 18 [pid 5783] close(19) = -1 EBADF (Bad file descriptor) [pid 5783] close(20) = -1 EBADF (Bad file descriptor) [pid 5783] close(21) = -1 EBADF (Bad file descriptor) [ 204.954748][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 204.964930][ T5784] Call Trace: [ 204.968249][ T5784] [ 204.971219][ T5784] dump_stack_lvl+0x1e7/0x2d0 [ 204.975953][ T5784] ? nf_tcp_handle_invalid+0x640/0x640 [ 204.981462][ T5784] ? panic+0x770/0x770 [ 204.985598][ T5784] dump_header+0xdc/0x940 [ 204.989983][ T5784] out_of_memory+0xf21/0x12c0 [ 204.995613][ T5784] ? mutex_lock_io_nested+0x60/0x60 [ 205.000878][ T5784] ? mark_lock+0x9a/0x340 [ 205.005257][ T5784] ? unregister_oom_notifier+0x20/0x20 [pid 5783] close(22) = -1 EBADF (Bad file descriptor) [pid 5783] close(23) = -1 EBADF (Bad file descriptor) [pid 5783] close(24) = -1 EBADF (Bad file descriptor) [pid 5783] close(25) = -1 EBADF (Bad file descriptor) [pid 5783] close(26) = -1 EBADF (Bad file descriptor) [pid 5783] close(27) = -1 EBADF (Bad file descriptor) [ 205.010767][ T5784] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 205.016817][ T5784] mem_cgroup_out_of_memory+0x263/0x3b0 [ 205.022429][ T5784] ? mem_cgroup_oom_trylock+0x210/0x210 [ 205.028086][ T5784] ? cgroup_file_notify+0x127/0x190 [ 205.033323][ T5784] memory_max_write+0x355/0x470 [ 205.038210][ T5784] ? memory_max_show+0xa0/0xa0 [ 205.042996][ T5784] ? read_lock_is_recursive+0x20/0x20 [ 205.048391][ T5784] ? memory_max_show+0xa0/0xa0 [ 205.053172][ T5784] cgroup_file_write+0x2b1/0x780 [ 205.058147][ T5784] ? cgroup_seqfile_stop+0xd0/0xd0 [ 205.063273][ T5784] ? __virt_addr_valid+0x22f/0x2e0 [ 205.068422][ T5784] ? cgroup_seqfile_stop+0xd0/0xd0 [ 205.073543][ T5784] kernfs_fop_write_iter+0x3a6/0x4f0 [ 205.078854][ T5784] vfs_write+0x7b2/0xbb0 [ 205.083120][ T5784] ? file_end_write+0x240/0x240 [ 205.087998][ T5784] ? do_raw_spin_unlock+0x13b/0x8b0 [ 205.093217][ T5784] ? lockdep_hardirqs_on+0x98/0x140 [ 205.098439][ T5784] ? __fdget_pos+0x265/0x2f0 [ 205.103057][ T5784] ksys_write+0x1a0/0x2c0 [ 205.107419][ T5784] ? __ia32_sys_read+0x90/0x90 [ 205.112197][ T5784] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 205.118204][ T5784] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 205.124210][ T5784] do_syscall_64+0x41/0xc0 [ 205.128658][ T5784] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 205.134575][ T5784] RIP: 0033:0x7fd49ce20129 [ 205.139013][ T5784] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5783] close(28) = -1 EBADF (Bad file descriptor) [pid 5783] close(29) = -1 EBADF (Bad file descriptor) [pid 5783] exit_group(0) = ? [pid 5783] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 205.158718][ T5784] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.167161][ T5784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 205.175231][ T5784] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 205.183214][ T5784] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 205.191282][ T5784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 205.199267][ T5784] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000036 [ 205.207280][ T5784] [pid 5072] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./48/binderfs") = 0 [pid 5072] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./48/cgroup") = 0 [pid 5072] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./48/cgroup.net") = 0 [pid 5072] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./48/file0") = 0 [pid 5072] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./48/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./48") = 0 [pid 5072] mkdir("./49", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5789 attached [ 205.253743][ T5784] memory: usage 8kB, limit 0kB, failcnt 55 [ 205.262369][ T5784] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 205.271554][ T5784] Memory cgroup stats for /syz1: [ 205.271778][ T5784] anon 0 [ 205.271778][ T5784] file 0 [ 205.271778][ T5784] kernel 8192 [ 205.271778][ T5784] kernel_stack 0 [ 205.271778][ T5784] pagetables 0 [ 205.271778][ T5784] sec_pagetables 0 [ 205.271778][ T5784] percpu 0 [ 205.271778][ T5784] sock 0 [pid 5789] chdir("./49") = 0 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 51 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5789] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5789] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [ 205.271778][ T5784] vmalloc 0 [ 205.271778][ T5784] shmem 0 [ 205.271778][ T5784] zswap 0 [ 205.271778][ T5784] zswapped 0 [ 205.271778][ T5784] file_mapped 0 [ 205.271778][ T5784] file_dirty 0 [ 205.271778][ T5784] file_writeback 0 [ 205.271778][ T5784] swapcached 0 [ 205.271778][ T5784] anon_thp 0 [ 205.271778][ T5784] file_thp 0 [ 205.271778][ T5784] shmem_thp 0 [ 205.271778][ T5784] inactive_anon 0 [ 205.271778][ T5784] active_anon 0 [ 205.271778][ T5784] inactive_file 0 [ 205.271778][ T5784] active_file 0 [ 205.271778][ T5784] unevictable 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] mkdir("./file0", 000) = 0 [pid 5789] open("./file0", O_RDONLY) = 3 [pid 5789] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5789] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5789] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5789] openat(5, "memory.max", O_RDWR) = 6 [pid 5789] write(6, "0x000000000000040e", 18 [pid 5784] <... write resumed>) = 18 [pid 5784] close(3) = 0 [pid 5784] close(4) = 0 [pid 5784] close(5) = 0 [pid 5784] close(6) = 0 [pid 5784] close(7) = -1 EBADF (Bad file descriptor) [pid 5784] close(8) = -1 EBADF (Bad file descriptor) [pid 5784] close(9) = -1 EBADF (Bad file descriptor) [ 205.271778][ T5784] slab_reclaimable 6752 [ 205.271778][ T5784] slab_unreclaimable 0 [ 205.271778][ T5784] slab 6752 [ 205.271778][ T5784] workingset_refault_anon 0 [ 205.368559][ T5784] Tasks state (memory values in pages): [ 205.374463][ T5784] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 205.385955][ T5784] Out of memory and no killable processes... [ 205.394254][ T5785] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5784] close(10) = -1 EBADF (Bad file descriptor) [pid 5784] close(11) = -1 EBADF (Bad file descriptor) [pid 5784] close(12) = -1 EBADF (Bad file descriptor) [pid 5784] close(13) = -1 EBADF (Bad file descriptor) [pid 5784] close(14) = -1 EBADF (Bad file descriptor) [pid 5784] close(15) = -1 EBADF (Bad file descriptor) [pid 5784] close(16) = -1 EBADF (Bad file descriptor) [pid 5784] close(17) = -1 EBADF (Bad file descriptor) [pid 5784] close(18) = -1 EBADF (Bad file descriptor) [pid 5784] close(19) = -1 EBADF (Bad file descriptor) [pid 5784] close(20) = -1 EBADF (Bad file descriptor) [pid 5784] close(21) = -1 EBADF (Bad file descriptor) [pid 5784] close(22) = -1 EBADF (Bad file descriptor) [pid 5784] close(23) = -1 EBADF (Bad file descriptor) [pid 5784] close(24) = -1 EBADF (Bad file descriptor) [pid 5784] close(25) = -1 EBADF (Bad file descriptor) [pid 5784] close(26) = -1 EBADF (Bad file descriptor) [pid 5784] close(27) = -1 EBADF (Bad file descriptor) [pid 5784] close(28) = -1 EBADF (Bad file descriptor) [pid 5784] close(29) = -1 EBADF (Bad file descriptor) [pid 5784] exit_group(0) = ? [pid 5784] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./54/binderfs") = 0 [pid 5075] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./54/cgroup") = 0 [pid 5075] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./54/cgroup.net") = 0 [ 205.430489][ T5785] CPU: 0 PID: 5785 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 205.441020][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 205.451207][ T5785] Call Trace: [ 205.454513][ T5785] [ 205.457454][ T5785] dump_stack_lvl+0x1e7/0x2d0 [ 205.462151][ T5785] ? nf_tcp_handle_invalid+0x640/0x640 [ 205.467635][ T5785] ? panic+0x770/0x770 [ 205.471790][ T5785] dump_header+0xdc/0x940 [ 205.476172][ T5785] out_of_memory+0xf21/0x12c0 [ 205.480883][ T5785] ? mutex_lock_io_nested+0x60/0x60 [ 205.486104][ T5785] ? preempt_schedule+0xdd/0xf0 [ 205.490969][ T5785] ? unregister_oom_notifier+0x20/0x20 [ 205.496455][ T5785] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 205.502473][ T5785] mem_cgroup_out_of_memory+0x263/0x3b0 [ 205.508038][ T5785] ? preempt_schedule_thunk+0x1a/0x20 [ 205.513446][ T5785] ? mem_cgroup_oom_trylock+0x210/0x210 [ 205.519197][ T5785] ? cgroup_file_notify+0x127/0x190 [ 205.524425][ T5785] memory_max_write+0x355/0x470 [ 205.529320][ T5785] ? memory_max_show+0xa0/0xa0 [ 205.534105][ T5785] ? read_lock_is_recursive+0x20/0x20 [ 205.539500][ T5785] ? memory_max_show+0xa0/0xa0 [ 205.544284][ T5785] cgroup_file_write+0x2b1/0x780 [ 205.549246][ T5785] ? cgroup_seqfile_stop+0xd0/0xd0 [ 205.554372][ T5785] ? __virt_addr_valid+0x22f/0x2e0 [ 205.559517][ T5785] ? cgroup_seqfile_stop+0xd0/0xd0 [ 205.564640][ T5785] kernfs_fop_write_iter+0x3a6/0x4f0 [ 205.569948][ T5785] vfs_write+0x7b2/0xbb0 [ 205.574219][ T5785] ? file_end_write+0x240/0x240 [ 205.579092][ T5785] ? do_raw_spin_unlock+0x13b/0x8b0 [ 205.584394][ T5785] ? lockdep_hardirqs_on+0x98/0x140 [ 205.589624][ T5785] ? __fdget_pos+0x265/0x2f0 [ 205.594238][ T5785] ksys_write+0x1a0/0x2c0 [ 205.598592][ T5785] ? __ia32_sys_read+0x90/0x90 [ 205.603383][ T5785] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 205.609385][ T5785] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 205.615391][ T5785] do_syscall_64+0x41/0xc0 [ 205.619832][ T5785] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 205.625754][ T5785] RIP: 0033:0x7fd49ce20129 [ 205.630179][ T5785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.649797][ T5785] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.658239][ T5785] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 205.666245][ T5785] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./54/file0") = 0 [pid 5075] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./54/cgroup.cpu") = 0 [ 205.674230][ T5785] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 205.682212][ T5785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 205.690205][ T5785] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000030 [ 205.698215][ T5785] [ 205.716916][ T5785] memory: usage 8kB, limit 0kB, failcnt 55 [ 205.722815][ T5785] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./54") = 0 [pid 5075] mkdir("./55", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5790 attached [pid 5790] chdir("./55" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 57 [pid 5790] <... chdir resumed>) = 0 [pid 5790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5790] setpgid(0, 0) = 0 [pid 5790] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5790] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5790] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5790] write(3, "1000", 4) = 4 [pid 5790] close(3) = 0 [pid 5790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5790] mkdir("./file0", 000) = 0 [pid 5790] open("./file0", O_RDONLY) = 3 [pid 5790] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5790] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5790] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5790] openat(5, "memory.max", O_RDWR) = 6 [ 205.733461][ T5785] Memory cgroup stats for /syz1: [ 205.733671][ T5785] anon 0 [ 205.733671][ T5785] file 0 [ 205.733671][ T5785] kernel 8192 [ 205.733671][ T5785] kernel_stack 0 [ 205.733671][ T5785] pagetables 0 [ 205.733671][ T5785] sec_pagetables 0 [ 205.733671][ T5785] percpu 0 [ 205.733671][ T5785] sock 0 [ 205.733671][ T5785] vmalloc 0 [ 205.733671][ T5785] shmem 0 [ 205.733671][ T5785] zswap 0 [ 205.733671][ T5785] zswapped 0 [ 205.733671][ T5785] file_mapped 0 [ 205.733671][ T5785] file_dirty 0 [ 205.733671][ T5785] file_writeback 0 [ 205.733671][ T5785] swapcached 0 [ 205.733671][ T5785] anon_thp 0 [ 205.733671][ T5785] file_thp 0 [ 205.733671][ T5785] shmem_thp 0 [ 205.733671][ T5785] inactive_anon 0 [ 205.733671][ T5785] active_anon 0 [ 205.733671][ T5785] inactive_file 0 [ 205.733671][ T5785] active_file 0 [ 205.733671][ T5785] unevictable 0 [ 205.733671][ T5785] slab_reclaimable 6752 [ 205.733671][ T5785] slab_unreclaimable 0 [ 205.733671][ T5785] slab 6752 [ 205.733671][ T5785] workingset_refault_anon 0 [pid 5790] write(6, "0x000000000000040e", 18 [pid 5785] <... write resumed>) = 18 [ 205.843334][ T5785] Tasks state (memory values in pages): [ 205.849081][ T5785] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 205.858643][ T5785] Out of memory and no killable processes... [ 205.864724][ T5786] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 205.875449][ T5786] CPU: 0 PID: 5786 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5785] close(3) = 0 [pid 5785] close(4) = 0 [pid 5785] close(5) = 0 [pid 5785] close(6) = 0 [pid 5785] close(7) = -1 EBADF (Bad file descriptor) [pid 5785] close(8) = -1 EBADF (Bad file descriptor) [pid 5785] close(9) = -1 EBADF (Bad file descriptor) [pid 5785] close(10) = -1 EBADF (Bad file descriptor) [pid 5785] close(11) = -1 EBADF (Bad file descriptor) [pid 5785] close(12) = -1 EBADF (Bad file descriptor) [pid 5785] close(13) = -1 EBADF (Bad file descriptor) [pid 5785] close(14) = -1 EBADF (Bad file descriptor) [pid 5785] close(15) = -1 EBADF (Bad file descriptor) [pid 5785] close(16) = -1 EBADF (Bad file descriptor) [pid 5785] close(17) = -1 EBADF (Bad file descriptor) [pid 5785] close(18) = -1 EBADF (Bad file descriptor) [pid 5785] close(19) = -1 EBADF (Bad file descriptor) [pid 5785] close(20) = -1 EBADF (Bad file descriptor) [ 205.885922][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 205.896021][ T5786] Call Trace: [ 205.899339][ T5786] [ 205.902312][ T5786] dump_stack_lvl+0x1e7/0x2d0 [ 205.907059][ T5786] ? nf_tcp_handle_invalid+0x640/0x640 [ 205.912572][ T5786] ? panic+0x770/0x770 [ 205.916708][ T5786] dump_header+0xdc/0x940 [ 205.921111][ T5786] out_of_memory+0xf21/0x12c0 [ 205.925848][ T5786] ? mutex_lock_io_nested+0x60/0x60 [ 205.931102][ T5786] ? preempt_schedule+0xdd/0xf0 [ 205.936006][ T5786] ? unregister_oom_notifier+0x20/0x20 [pid 5785] close(21) = -1 EBADF (Bad file descriptor) [pid 5785] close(22) = -1 EBADF (Bad file descriptor) [pid 5785] close(23) = -1 EBADF (Bad file descriptor) [pid 5785] close(24) = -1 EBADF (Bad file descriptor) [pid 5785] close(25) = -1 EBADF (Bad file descriptor) [pid 5785] close(26) = -1 EBADF (Bad file descriptor) [pid 5785] close(27) = -1 EBADF (Bad file descriptor) [pid 5785] close(28) = -1 EBADF (Bad file descriptor) [pid 5785] close(29) = -1 EBADF (Bad file descriptor) [pid 5785] exit_group(0) = ? [pid 5785] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 205.941521][ T5786] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 205.947570][ T5786] mem_cgroup_out_of_memory+0x263/0x3b0 [ 205.953173][ T5786] ? preempt_schedule_thunk+0x1a/0x20 [ 205.958602][ T5786] ? mem_cgroup_oom_trylock+0x210/0x210 [ 205.964217][ T5786] ? cgroup_file_notify+0x127/0x190 [ 205.969476][ T5786] memory_max_write+0x355/0x470 [ 205.974388][ T5786] ? memory_max_show+0xa0/0xa0 [ 205.979208][ T5786] ? read_lock_is_recursive+0x20/0x20 [ 205.984649][ T5786] ? memory_max_show+0xa0/0xa0 [pid 5070] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./48/binderfs") = 0 [pid 5070] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./48/cgroup") = 0 [pid 5070] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./48/cgroup.net") = 0 [ 205.989464][ T5786] cgroup_file_write+0x2b1/0x780 [ 205.994465][ T5786] ? cgroup_seqfile_stop+0xd0/0xd0 [ 205.999625][ T5786] ? __virt_addr_valid+0x22f/0x2e0 [ 206.004808][ T5786] ? cgroup_seqfile_stop+0xd0/0xd0 [ 206.009962][ T5786] kernfs_fop_write_iter+0x3a6/0x4f0 [ 206.015349][ T5786] vfs_write+0x7b2/0xbb0 [ 206.019696][ T5786] ? file_end_write+0x240/0x240 [ 206.024609][ T5786] ? do_raw_spin_unlock+0x13b/0x8b0 [ 206.029870][ T5786] ? lockdep_hardirqs_on+0x98/0x140 [ 206.035128][ T5786] ? __fdget_pos+0x265/0x2f0 [ 206.039772][ T5786] ksys_write+0x1a0/0x2c0 [ 206.044159][ T5786] ? __ia32_sys_read+0x90/0x90 [ 206.048972][ T5786] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 206.055019][ T5786] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 206.061073][ T5786] do_syscall_64+0x41/0xc0 [ 206.066062][ T5786] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 206.072007][ T5786] RIP: 0033:0x7fd49ce20129 [ 206.076466][ T5786] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.096126][ T5786] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.104580][ T5786] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 206.112595][ T5786] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 206.120612][ T5786] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 206.128628][ T5786] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 206.136638][ T5786] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000038 [pid 5070] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./48/file0") = 0 [pid 5070] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./48/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./48") = 0 [pid 5070] mkdir("./49", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 51 [ 206.144672][ T5786] [ 206.154968][ T5786] memory: usage 8kB, limit 0kB, failcnt 55 [ 206.161066][ T5786] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.168257][ T5786] Memory cgroup stats for /syz1: [ 206.168522][ T5786] anon 0 [ 206.168522][ T5786] file 0 [ 206.168522][ T5786] kernel 8192 [ 206.168522][ T5786] kernel_stack 0 [ 206.168522][ T5786] pagetables 0 [ 206.168522][ T5786] sec_pagetables 0 ./strace-static-x86_64: Process 5791 attached [pid 5791] chdir("./49") = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 206.168522][ T5786] percpu 0 [ 206.168522][ T5786] sock 0 [ 206.168522][ T5786] vmalloc 0 [ 206.168522][ T5786] shmem 0 [ 206.168522][ T5786] zswap 0 [ 206.168522][ T5786] zswapped 0 [ 206.168522][ T5786] file_mapped 0 [ 206.168522][ T5786] file_dirty 0 [ 206.168522][ T5786] file_writeback 0 [ 206.168522][ T5786] swapcached 0 [ 206.168522][ T5786] anon_thp 0 [ 206.168522][ T5786] file_thp 0 [ 206.168522][ T5786] shmem_thp 0 [ 206.168522][ T5786] inactive_anon 0 [ 206.168522][ T5786] active_anon 0 [ 206.168522][ T5786] inactive_file 0 [pid 5791] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5791] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 [pid 5791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5791] mkdir("./file0", 000) = 0 [ 206.168522][ T5786] active_file 0 [ 206.168522][ T5786] unevictable 0 [ 206.168522][ T5786] slab_reclaimable 6752 [ 206.168522][ T5786] slab_unreclaimable 0 [ 206.168522][ T5786] slab 6752 [ 206.168522][ T5786] workingset_refault_anon 0 [ 206.268385][ T5786] Tasks state (memory values in pages): [ 206.274000][ T5786] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 206.283886][ T5786] Out of memory and no killable processes... [pid 5791] open("./file0", O_RDONLY) = 3 [pid 5786] <... write resumed>) = 18 [pid 5791] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5791] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5791] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5791] openat(5, "memory.max", O_RDWR) = 6 [ 206.290791][ T5787] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 206.301453][ T5787] CPU: 0 PID: 5787 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 206.311914][ T5787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 206.322022][ T5787] Call Trace: [ 206.325339][ T5787] [ 206.328307][ T5787] dump_stack_lvl+0x1e7/0x2d0 [ 206.333053][ T5787] ? nf_tcp_handle_invalid+0x640/0x640 [ 206.338577][ T5787] ? panic+0x770/0x770 [pid 5791] write(6, "0x000000000000040e", 18 [pid 5786] close(3) = 0 [pid 5786] close(4) = 0 [pid 5786] close(5) = 0 [pid 5786] close(6) = 0 [pid 5786] close(7) = -1 EBADF (Bad file descriptor) [pid 5786] close(8) = -1 EBADF (Bad file descriptor) [pid 5786] close(9) = -1 EBADF (Bad file descriptor) [pid 5786] close(10) = -1 EBADF (Bad file descriptor) [pid 5786] close(11) = -1 EBADF (Bad file descriptor) [pid 5786] close(12) = -1 EBADF (Bad file descriptor) [pid 5786] close(13) = -1 EBADF (Bad file descriptor) [pid 5786] close(14) = -1 EBADF (Bad file descriptor) [pid 5786] close(15) = -1 EBADF (Bad file descriptor) [pid 5786] close(16) = -1 EBADF (Bad file descriptor) [pid 5786] close(17) = -1 EBADF (Bad file descriptor) [pid 5786] close(18) = -1 EBADF (Bad file descriptor) [pid 5786] close(19) = -1 EBADF (Bad file descriptor) [pid 5786] close(20) = -1 EBADF (Bad file descriptor) [ 206.342709][ T5787] dump_header+0xdc/0x940 [ 206.347094][ T5787] out_of_memory+0xf21/0x12c0 [ 206.351816][ T5787] ? mutex_lock_io_nested+0x60/0x60 [ 206.357070][ T5787] ? mark_lock+0x9a/0x340 [ 206.361446][ T5787] ? unregister_oom_notifier+0x20/0x20 [ 206.366963][ T5787] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 206.373032][ T5787] mem_cgroup_out_of_memory+0x263/0x3b0 [ 206.378649][ T5787] ? mem_cgroup_oom_trylock+0x210/0x210 [ 206.384272][ T5787] ? cgroup_file_notify+0x127/0x190 [ 206.389533][ T5787] memory_max_write+0x355/0x470 [ 206.394438][ T5787] ? memory_max_show+0xa0/0xa0 [ 206.399227][ T5787] ? read_lock_is_recursive+0x20/0x20 [ 206.404621][ T5787] ? memory_max_show+0xa0/0xa0 [ 206.409407][ T5787] cgroup_file_write+0x2b1/0x780 [ 206.414364][ T5787] ? cgroup_seqfile_stop+0xd0/0xd0 [ 206.419492][ T5787] ? __virt_addr_valid+0x22f/0x2e0 [ 206.424651][ T5787] ? cgroup_seqfile_stop+0xd0/0xd0 [ 206.429773][ T5787] kernfs_fop_write_iter+0x3a6/0x4f0 [ 206.435083][ T5787] vfs_write+0x7b2/0xbb0 [ 206.439349][ T5787] ? file_end_write+0x240/0x240 [ 206.444214][ T5787] ? do_raw_spin_unlock+0x13b/0x8b0 [ 206.449428][ T5787] ? lockdep_hardirqs_on+0x98/0x140 [ 206.454650][ T5787] ? __fdget_pos+0x265/0x2f0 [ 206.459256][ T5787] ksys_write+0x1a0/0x2c0 [ 206.463607][ T5787] ? __ia32_sys_read+0x90/0x90 [ 206.468392][ T5787] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 206.474393][ T5787] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 206.480397][ T5787] do_syscall_64+0x41/0xc0 [ 206.484826][ T5787] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 206.490738][ T5787] RIP: 0033:0x7fd49ce20129 [ 206.495166][ T5787] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.514781][ T5787] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.523213][ T5787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 206.531213][ T5787] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5786] close(21) = -1 EBADF (Bad file descriptor) [pid 5786] close(22) = -1 EBADF (Bad file descriptor) [pid 5786] close(23) = -1 EBADF (Bad file descriptor) [pid 5786] close(24) = -1 EBADF (Bad file descriptor) [pid 5786] close(25) = -1 EBADF (Bad file descriptor) [pid 5786] close(26) = -1 EBADF (Bad file descriptor) [pid 5786] close(27) = -1 EBADF (Bad file descriptor) [pid 5786] close(28) = -1 EBADF (Bad file descriptor) [pid 5786] close(29) = -1 EBADF (Bad file descriptor) [pid 5786] exit_group(0) = ? [pid 5786] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 206.539201][ T5787] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 206.547185][ T5787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 206.555189][ T5787] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000034 [ 206.563210][ T5787] [ 206.585829][ T5787] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./56/binderfs") = 0 [pid 5074] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./56/cgroup") = 0 [pid 5074] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./56/cgroup.net") = 0 [ 206.599139][ T5787] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.606065][ T5787] Memory cgroup stats for /syz1: [ 206.606277][ T5787] anon 0 [ 206.606277][ T5787] file 0 [ 206.606277][ T5787] kernel 8192 [ 206.606277][ T5787] kernel_stack 0 [ 206.606277][ T5787] pagetables 0 [ 206.606277][ T5787] sec_pagetables 0 [ 206.606277][ T5787] percpu 0 [ 206.606277][ T5787] sock 0 [ 206.606277][ T5787] vmalloc 0 [ 206.606277][ T5787] shmem 0 [ 206.606277][ T5787] zswap 0 [ 206.606277][ T5787] zswapped 0 [ 206.606277][ T5787] file_mapped 0 [ 206.606277][ T5787] file_dirty 0 [ 206.606277][ T5787] file_writeback 0 [ 206.606277][ T5787] swapcached 0 [ 206.606277][ T5787] anon_thp 0 [ 206.606277][ T5787] file_thp 0 [ 206.606277][ T5787] shmem_thp 0 [ 206.606277][ T5787] inactive_anon 0 [ 206.606277][ T5787] active_anon 0 [ 206.606277][ T5787] inactive_file 0 [ 206.606277][ T5787] active_file 0 [ 206.606277][ T5787] unevictable 0 [ 206.606277][ T5787] slab_reclaimable 6752 [ 206.606277][ T5787] slab_unreclaimable 0 [ 206.606277][ T5787] slab 6752 [pid 5074] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./56/file0") = 0 [pid 5074] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./56/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./56") = 0 [pid 5074] mkdir("./57", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 59 ./strace-static-x86_64: Process 5792 attached [ 206.606277][ T5787] workingset_refault_anon 0 [ 206.712977][ T5787] Tasks state (memory values in pages): [ 206.719189][ T5787] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 206.736118][ T5787] Out of memory and no killable processes... [pid 5792] chdir("./57") = 0 [pid 5787] <... write resumed>) = 18 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5787] close(3 [pid 5792] <... prctl resumed>) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5792] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5792] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] mkdir("./file0", 000) = 0 [pid 5792] open("./file0", O_RDONLY) = 3 [pid 5792] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5792] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5792] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5792] openat(5, "memory.max", O_RDWR) = 6 [pid 5792] write(6, "0x000000000000040e", 18 [pid 5787] <... close resumed>) = 0 [pid 5787] close(4) = 0 [pid 5787] close(5) = 0 [pid 5787] close(6) = 0 [pid 5787] close(7) = -1 EBADF (Bad file descriptor) [pid 5787] close(8) = -1 EBADF (Bad file descriptor) [pid 5787] close(9) = -1 EBADF (Bad file descriptor) [pid 5787] close(10) = -1 EBADF (Bad file descriptor) [pid 5787] close(11) = -1 EBADF (Bad file descriptor) [pid 5787] close(12) = -1 EBADF (Bad file descriptor) [pid 5787] close(13) = -1 EBADF (Bad file descriptor) [pid 5787] close(14) = -1 EBADF (Bad file descriptor) [pid 5787] close(15) = -1 EBADF (Bad file descriptor) [pid 5787] close(16) = -1 EBADF (Bad file descriptor) [pid 5787] close(17) = -1 EBADF (Bad file descriptor) [pid 5787] close(18) = -1 EBADF (Bad file descriptor) [ 206.743173][ T5789] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 206.757065][ T5789] CPU: 1 PID: 5789 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 206.767543][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 206.777647][ T5789] Call Trace: [ 206.780968][ T5789] [ 206.783940][ T5789] dump_stack_lvl+0x1e7/0x2d0 [ 206.788684][ T5789] ? nf_tcp_handle_invalid+0x640/0x640 [ 206.794288][ T5789] ? panic+0x770/0x770 [pid 5787] close(19) = -1 EBADF (Bad file descriptor) [pid 5787] close(20) = -1 EBADF (Bad file descriptor) [pid 5787] close(21) = -1 EBADF (Bad file descriptor) [pid 5787] close(22) = -1 EBADF (Bad file descriptor) [pid 5787] close(23) = -1 EBADF (Bad file descriptor) [pid 5787] close(24) = -1 EBADF (Bad file descriptor) [pid 5787] close(25) = -1 EBADF (Bad file descriptor) [pid 5787] close(26) = -1 EBADF (Bad file descriptor) [pid 5787] close(27) = -1 EBADF (Bad file descriptor) [pid 5787] close(28) = -1 EBADF (Bad file descriptor) [pid 5787] close(29) = -1 EBADF (Bad file descriptor) [pid 5787] exit_group(0) = ? [ 206.798427][ T5789] dump_header+0xdc/0x940 [ 206.802826][ T5789] out_of_memory+0xf21/0x12c0 [ 206.807567][ T5789] ? mutex_lock_io_nested+0x60/0x60 [ 206.812834][ T5789] ? preempt_schedule+0xdd/0xf0 [ 206.817745][ T5789] ? unregister_oom_notifier+0x20/0x20 [ 206.823257][ T5789] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 206.829312][ T5789] mem_cgroup_out_of_memory+0x263/0x3b0 [ 206.834925][ T5789] ? preempt_schedule_thunk+0x1a/0x20 [ 206.840370][ T5789] ? mem_cgroup_oom_trylock+0x210/0x210 [ 206.846004][ T5789] ? cgroup_file_notify+0x127/0x190 [ 206.851275][ T5789] memory_max_write+0x355/0x470 [ 206.856161][ T5789] ? memory_max_show+0xa0/0xa0 [ 206.860962][ T5789] ? read_lock_is_recursive+0x20/0x20 [ 206.866490][ T5789] ? memory_max_show+0xa0/0xa0 [ 206.871309][ T5789] cgroup_file_write+0x2b1/0x780 [ 206.876304][ T5789] ? cgroup_seqfile_stop+0xd0/0xd0 [ 206.881456][ T5789] ? __virt_addr_valid+0x22f/0x2e0 [ 206.886623][ T5789] ? cgroup_seqfile_stop+0xd0/0xd0 [ 206.891767][ T5789] kernfs_fop_write_iter+0x3a6/0x4f0 [ 206.897109][ T5789] vfs_write+0x7b2/0xbb0 [ 206.901381][ T5789] ? file_end_write+0x240/0x240 [ 206.906271][ T5789] ? do_raw_spin_unlock+0x13b/0x8b0 [ 206.911514][ T5789] ? lockdep_hardirqs_on+0x98/0x140 [ 206.916749][ T5789] ? __fdget_pos+0x265/0x2f0 [ 206.921389][ T5789] ksys_write+0x1a0/0x2c0 [ 206.925755][ T5789] ? __ia32_sys_read+0x90/0x90 [ 206.930547][ T5789] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 206.936582][ T5789] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 206.942696][ T5789] do_syscall_64+0x41/0xc0 [ 206.947128][ T5789] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 206.953052][ T5789] RIP: 0033:0x7fd49ce20129 [ 206.957489][ T5789] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.977122][ T5789] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.985591][ T5789] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5787] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5073] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./52/binderfs") = 0 [pid 5073] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./52/cgroup") = 0 [pid 5073] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./52/cgroup.net") = 0 [pid 5073] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./52/file0") = 0 [pid 5073] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./52/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./52") = 0 [ 206.993607][ T5789] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 207.001611][ T5789] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 207.009630][ T5789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 207.017643][ T5789] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000031 [ 207.025659][ T5789] [ 207.040388][ T5789] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] mkdir("./53", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5793 attached [pid 5793] chdir("./53" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 55 [pid 5793] <... chdir resumed>) = 0 [pid 5793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5793] setpgid(0, 0) = 0 [pid 5793] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5793] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5793] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5793] write(3, "1000", 4) = 4 [pid 5793] close(3) = 0 [pid 5793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5793] mkdir("./file0", 000) = 0 [pid 5793] open("./file0", O_RDONLY) = 3 [pid 5793] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5793] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5793] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5793] openat(5, "memory.max", O_RDWR) = 6 [ 207.057389][ T5789] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 207.072388][ T5789] Memory cgroup stats for /syz1: [ 207.072658][ T5789] anon 0 [ 207.072658][ T5789] file 0 [ 207.072658][ T5789] kernel 8192 [ 207.072658][ T5789] kernel_stack 0 [ 207.072658][ T5789] pagetables 0 [ 207.072658][ T5789] sec_pagetables 0 [ 207.072658][ T5789] percpu 0 [ 207.072658][ T5789] sock 0 [ 207.072658][ T5789] vmalloc 0 [ 207.072658][ T5789] shmem 0 [ 207.072658][ T5789] zswap 0 [ 207.072658][ T5789] zswapped 0 [ 207.072658][ T5789] file_mapped 0 [ 207.072658][ T5789] file_dirty 0 [ 207.072658][ T5789] file_writeback 0 [ 207.072658][ T5789] swapcached 0 [ 207.072658][ T5789] anon_thp 0 [ 207.072658][ T5789] file_thp 0 [ 207.072658][ T5789] shmem_thp 0 [ 207.072658][ T5789] inactive_anon 0 [ 207.072658][ T5789] active_anon 0 [ 207.072658][ T5789] inactive_file 0 [ 207.072658][ T5789] active_file 0 [ 207.072658][ T5789] unevictable 0 [ 207.072658][ T5789] slab_reclaimable 6752 [pid 5793] write(6, "0x000000000000040e", 18 [pid 5789] <... write resumed>) = 18 [pid 5789] close(3) = 0 [ 207.072658][ T5789] slab_unreclaimable 0 [ 207.072658][ T5789] slab 6752 [ 207.072658][ T5789] workingset_refault_anon 0 [ 207.173138][ T5789] Tasks state (memory values in pages): [ 207.181105][ T5789] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 207.195008][ T5789] Out of memory and no killable processes... [pid 5789] close(4) = 0 [pid 5789] close(5) = 0 [pid 5789] close(6) = 0 [pid 5789] close(7) = -1 EBADF (Bad file descriptor) [pid 5789] close(8) = -1 EBADF (Bad file descriptor) [pid 5789] close(9) = -1 EBADF (Bad file descriptor) [pid 5789] close(10) = -1 EBADF (Bad file descriptor) [pid 5789] close(11) = -1 EBADF (Bad file descriptor) [pid 5789] close(12) = -1 EBADF (Bad file descriptor) [pid 5789] close(13) = -1 EBADF (Bad file descriptor) [pid 5789] close(14) = -1 EBADF (Bad file descriptor) [pid 5789] close(15) = -1 EBADF (Bad file descriptor) [pid 5789] close(16) = -1 EBADF (Bad file descriptor) [pid 5789] close(17) = -1 EBADF (Bad file descriptor) [pid 5789] close(18) = -1 EBADF (Bad file descriptor) [pid 5789] close(19) = -1 EBADF (Bad file descriptor) [pid 5789] close(20) = -1 EBADF (Bad file descriptor) [pid 5789] close(21) = -1 EBADF (Bad file descriptor) [pid 5789] close(22) = -1 EBADF (Bad file descriptor) [pid 5789] close(23) = -1 EBADF (Bad file descriptor) [pid 5789] close(24) = -1 EBADF (Bad file descriptor) [pid 5789] close(25) = -1 EBADF (Bad file descriptor) [ 207.204147][ T5790] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 207.222847][ T5790] CPU: 1 PID: 5790 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 207.233342][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 207.243450][ T5790] Call Trace: [ 207.246769][ T5790] [ 207.249737][ T5790] dump_stack_lvl+0x1e7/0x2d0 [pid 5789] close(26) = -1 EBADF (Bad file descriptor) [pid 5789] close(27) = -1 EBADF (Bad file descriptor) [pid 5789] close(28) = -1 EBADF (Bad file descriptor) [pid 5789] close(29) = -1 EBADF (Bad file descriptor) [pid 5789] exit_group(0) = ? [pid 5789] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 207.254488][ T5790] ? nf_tcp_handle_invalid+0x640/0x640 [ 207.260011][ T5790] ? panic+0x770/0x770 [ 207.264143][ T5790] dump_header+0xdc/0x940 [ 207.268530][ T5790] out_of_memory+0xf21/0x12c0 [ 207.273291][ T5790] ? mutex_lock_io_nested+0x60/0x60 [ 207.278632][ T5790] ? preempt_schedule+0xdd/0xf0 [ 207.283557][ T5790] ? unregister_oom_notifier+0x20/0x20 [ 207.289067][ T5790] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 207.295096][ T5790] mem_cgroup_out_of_memory+0x263/0x3b0 [ 207.300708][ T5790] ? preempt_schedule_thunk+0x1a/0x20 [ 207.306159][ T5790] ? mem_cgroup_oom_trylock+0x210/0x210 [ 207.311791][ T5790] ? cgroup_file_notify+0x127/0x190 [ 207.317043][ T5790] memory_max_write+0x355/0x470 [ 207.321933][ T5790] ? memory_max_show+0xa0/0xa0 [ 207.326734][ T5790] ? read_lock_is_recursive+0x20/0x20 [ 207.332156][ T5790] ? memory_max_show+0xa0/0xa0 [ 207.336943][ T5790] cgroup_file_write+0x2b1/0x780 [ 207.341903][ T5790] ? cgroup_seqfile_stop+0xd0/0xd0 [ 207.347031][ T5790] ? __virt_addr_valid+0x22f/0x2e0 [ 207.352175][ T5790] ? cgroup_seqfile_stop+0xd0/0xd0 [ 207.357304][ T5790] kernfs_fop_write_iter+0x3a6/0x4f0 [ 207.362631][ T5790] vfs_write+0x7b2/0xbb0 [ 207.366897][ T5790] ? file_end_write+0x240/0x240 [ 207.371767][ T5790] ? do_raw_spin_unlock+0x13b/0x8b0 [ 207.376986][ T5790] ? lockdep_hardirqs_on+0x98/0x140 [ 207.382208][ T5790] ? __fdget_pos+0x265/0x2f0 [ 207.386819][ T5790] ksys_write+0x1a0/0x2c0 [ 207.391170][ T5790] ? __ia32_sys_read+0x90/0x90 [ 207.395973][ T5790] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 207.402003][ T5790] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 207.408021][ T5790] do_syscall_64+0x41/0xc0 [ 207.412468][ T5790] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 207.418386][ T5790] RIP: 0033:0x7fd49ce20129 [ 207.422815][ T5790] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.442437][ T5790] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 207.450892][ T5790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./49/binderfs") = 0 [pid 5072] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./49/cgroup") = 0 [pid 5072] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./49/cgroup.net") = 0 [pid 5072] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 207.458889][ T5790] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 207.466876][ T5790] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 207.474864][ T5790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 207.482853][ T5790] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000037 [ 207.490857][ T5790] [ 207.501366][ T5790] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5072] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./49/file0") = 0 [pid 5072] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./49/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./49") = 0 [pid 5072] mkdir("./50", 0777) = 0 [ 207.509262][ T5790] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 207.518505][ T5790] Memory cgroup stats for /syz1: [ 207.518719][ T5790] anon 0 [ 207.518719][ T5790] file 0 [ 207.518719][ T5790] kernel 8192 [ 207.518719][ T5790] kernel_stack 0 [ 207.518719][ T5790] pagetables 0 [ 207.518719][ T5790] sec_pagetables 0 [ 207.518719][ T5790] percpu 0 [ 207.518719][ T5790] sock 0 [ 207.518719][ T5790] vmalloc 0 [ 207.518719][ T5790] shmem 0 [ 207.518719][ T5790] zswap 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached [pid 5794] chdir("./50" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 52 [pid 5794] <... chdir resumed>) = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 207.518719][ T5790] zswapped 0 [ 207.518719][ T5790] file_mapped 0 [ 207.518719][ T5790] file_dirty 0 [ 207.518719][ T5790] file_writeback 0 [ 207.518719][ T5790] swapcached 0 [ 207.518719][ T5790] anon_thp 0 [ 207.518719][ T5790] file_thp 0 [ 207.518719][ T5790] shmem_thp 0 [ 207.518719][ T5790] inactive_anon 0 [ 207.518719][ T5790] active_anon 0 [ 207.518719][ T5790] inactive_file 0 [ 207.518719][ T5790] active_file 0 [ 207.518719][ T5790] unevictable 0 [ 207.518719][ T5790] slab_reclaimable 6752 [ 207.518719][ T5790] slab_unreclaimable 0 [pid 5794] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5794] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] mkdir("./file0", 000) = 0 [pid 5794] open("./file0", O_RDONLY) = 3 [pid 5794] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5794] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5794] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5794] openat(5, "memory.max", O_RDWR) = 6 [pid 5794] write(6, "0x000000000000040e", 18 [pid 5790] <... write resumed>) = 18 [pid 5790] close(3) = 0 [pid 5790] close(4) = 0 [pid 5790] close(5) = 0 [pid 5790] close(6) = 0 [pid 5790] close(7) = -1 EBADF (Bad file descriptor) [pid 5790] close(8) = -1 EBADF (Bad file descriptor) [pid 5790] close(9) = -1 EBADF (Bad file descriptor) [pid 5790] close(10) = -1 EBADF (Bad file descriptor) [pid 5790] close(11) = -1 EBADF (Bad file descriptor) [pid 5790] close(12) = -1 EBADF (Bad file descriptor) [ 207.518719][ T5790] slab 6752 [ 207.518719][ T5790] workingset_refault_anon 0 [ 207.619213][ T5790] Tasks state (memory values in pages): [ 207.627555][ T5790] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 207.637557][ T5790] Out of memory and no killable processes... [ 207.643709][ T5791] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5790] close(13) = -1 EBADF (Bad file descriptor) [pid 5790] close(14) = -1 EBADF (Bad file descriptor) [pid 5790] close(15) = -1 EBADF (Bad file descriptor) [pid 5790] close(16) = -1 EBADF (Bad file descriptor) [pid 5790] close(17) = -1 EBADF (Bad file descriptor) [pid 5790] close(18) = -1 EBADF (Bad file descriptor) [pid 5790] close(19) = -1 EBADF (Bad file descriptor) [pid 5790] close(20) = -1 EBADF (Bad file descriptor) [pid 5790] close(21) = -1 EBADF (Bad file descriptor) [pid 5790] close(22) = -1 EBADF (Bad file descriptor) [pid 5790] close(23) = -1 EBADF (Bad file descriptor) [pid 5790] close(24) = -1 EBADF (Bad file descriptor) [pid 5790] close(25) = -1 EBADF (Bad file descriptor) [pid 5790] close(26) = -1 EBADF (Bad file descriptor) [pid 5790] close(27) = -1 EBADF (Bad file descriptor) [pid 5790] close(28) = -1 EBADF (Bad file descriptor) [pid 5790] close(29) = -1 EBADF (Bad file descriptor) [pid 5790] exit_group(0) = ? [pid 5790] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5075] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./55/binderfs") = 0 [pid 5075] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./55/cgroup") = 0 [pid 5075] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./55/cgroup.net") = 0 [ 207.656065][ T5791] CPU: 1 PID: 5791 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 207.666543][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 207.676648][ T5791] Call Trace: [ 207.679970][ T5791] [ 207.682942][ T5791] dump_stack_lvl+0x1e7/0x2d0 [ 207.687679][ T5791] ? nf_tcp_handle_invalid+0x640/0x640 [ 207.693188][ T5791] ? panic+0x770/0x770 [ 207.697340][ T5791] dump_header+0xdc/0x940 [ 207.701739][ T5791] out_of_memory+0xf21/0x12c0 [ 207.706491][ T5791] ? mutex_lock_io_nested+0x60/0x60 [ 207.711749][ T5791] ? preempt_schedule+0xdd/0xf0 [ 207.716642][ T5791] ? unregister_oom_notifier+0x20/0x20 [ 207.722130][ T5791] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 207.728174][ T5791] mem_cgroup_out_of_memory+0x263/0x3b0 [ 207.733765][ T5791] ? preempt_schedule_thunk+0x1a/0x20 [ 207.739183][ T5791] ? mem_cgroup_oom_trylock+0x210/0x210 [ 207.744777][ T5791] ? cgroup_file_notify+0x127/0x190 [ 207.750024][ T5791] memory_max_write+0x355/0x470 [ 207.754897][ T5791] ? memory_max_show+0xa0/0xa0 [ 207.759684][ T5791] ? read_lock_is_recursive+0x20/0x20 [ 207.765081][ T5791] ? memory_max_show+0xa0/0xa0 [ 207.769862][ T5791] cgroup_file_write+0x2b1/0x780 [ 207.774823][ T5791] ? cgroup_seqfile_stop+0xd0/0xd0 [ 207.779947][ T5791] ? __virt_addr_valid+0x22f/0x2e0 [ 207.785088][ T5791] ? cgroup_seqfile_stop+0xd0/0xd0 [ 207.790213][ T5791] kernfs_fop_write_iter+0x3a6/0x4f0 [ 207.795522][ T5791] vfs_write+0x7b2/0xbb0 [ 207.799788][ T5791] ? file_end_write+0x240/0x240 [ 207.804678][ T5791] ? do_raw_spin_unlock+0x13b/0x8b0 [ 207.809904][ T5791] ? lockdep_hardirqs_on+0x98/0x140 [ 207.815136][ T5791] ? __fdget_pos+0x265/0x2f0 [ 207.819763][ T5791] ksys_write+0x1a0/0x2c0 [ 207.824116][ T5791] ? __ia32_sys_read+0x90/0x90 [ 207.828899][ T5791] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 207.834906][ T5791] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 207.840912][ T5791] do_syscall_64+0x41/0xc0 [ 207.845347][ T5791] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 207.851294][ T5791] RIP: 0033:0x7fd49ce20129 [ 207.855742][ T5791] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.875380][ T5791] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 207.883811][ T5791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 207.891905][ T5791] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 207.899922][ T5791] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 207.907913][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 207.915918][ T5791] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000031 [ 207.923925][ T5791] [ 207.940708][ T5791] memory: usage 8kB, limit 0kB, failcnt 55 [ 207.949783][ T5791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./55/file0") = 0 [pid 5075] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./55/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./55") = 0 [pid 5075] mkdir("./56", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 58 [ 207.960099][ T5791] Memory cgroup stats for /syz1: [ 207.960510][ T5791] anon 0 [ 207.960510][ T5791] file 0 [ 207.960510][ T5791] kernel 8192 [ 207.960510][ T5791] kernel_stack 0 [ 207.960510][ T5791] pagetables 0 [ 207.960510][ T5791] sec_pagetables 0 [ 207.960510][ T5791] percpu 0 [ 207.960510][ T5791] sock 0 [ 207.960510][ T5791] vmalloc 0 [ 207.960510][ T5791] shmem 0 [ 207.960510][ T5791] zswap 0 [ 207.960510][ T5791] zswapped 0 [ 207.960510][ T5791] file_mapped 0 [ 207.960510][ T5791] file_dirty 0 [ 207.960510][ T5791] file_writeback 0 ./strace-static-x86_64: Process 5795 attached [pid 5795] chdir("./56") = 0 [pid 5795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5795] setpgid(0, 0) = 0 [pid 5795] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5795] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5795] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5795] write(3, "1000", 4) = 4 [pid 5795] close(3) = 0 [pid 5795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5795] mkdir("./file0", 000) = 0 [pid 5795] open("./file0", O_RDONLY) = 3 [pid 5795] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5795] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5795] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5795] openat(5, "memory.max", O_RDWR) = 6 [ 207.960510][ T5791] swapcached 0 [ 207.960510][ T5791] anon_thp 0 [ 207.960510][ T5791] file_thp 0 [ 207.960510][ T5791] shmem_thp 0 [ 207.960510][ T5791] inactive_anon 0 [ 207.960510][ T5791] active_anon 0 [ 207.960510][ T5791] inactive_file 0 [ 207.960510][ T5791] active_file 0 [ 207.960510][ T5791] unevictable 0 [ 207.960510][ T5791] slab_reclaimable 6752 [ 207.960510][ T5791] slab_unreclaimable 0 [ 207.960510][ T5791] slab 6752 [ 207.960510][ T5791] workingset_refault_anon 0 [pid 5795] write(6, "0x000000000000040e", 18 [pid 5791] <... write resumed>) = 18 [pid 5791] close(3) = 0 [pid 5791] close(4) = 0 [pid 5791] close(5) = 0 [pid 5791] close(6) = 0 [pid 5791] close(7) = -1 EBADF (Bad file descriptor) [pid 5791] close(8) = -1 EBADF (Bad file descriptor) [pid 5791] close(9) = -1 EBADF (Bad file descriptor) [pid 5791] close(10) = -1 EBADF (Bad file descriptor) [pid 5791] close(11) = -1 EBADF (Bad file descriptor) [pid 5791] close(12) = -1 EBADF (Bad file descriptor) [pid 5791] close(13) = -1 EBADF (Bad file descriptor) [pid 5791] close(14) = -1 EBADF (Bad file descriptor) [pid 5791] close(15) = -1 EBADF (Bad file descriptor) [pid 5791] close(16) = -1 EBADF (Bad file descriptor) [pid 5791] close(17) = -1 EBADF (Bad file descriptor) [pid 5791] close(18) = -1 EBADF (Bad file descriptor) [pid 5791] close(19) = -1 EBADF (Bad file descriptor) [pid 5791] close(20) = -1 EBADF (Bad file descriptor) [pid 5791] close(21) = -1 EBADF (Bad file descriptor) [pid 5791] close(22) = -1 EBADF (Bad file descriptor) [pid 5791] close(23) = -1 EBADF (Bad file descriptor) [pid 5791] close(24) = -1 EBADF (Bad file descriptor) [pid 5791] close(25) = -1 EBADF (Bad file descriptor) [pid 5791] close(26) = -1 EBADF (Bad file descriptor) [pid 5791] close(27) = -1 EBADF (Bad file descriptor) [pid 5791] close(28) = -1 EBADF (Bad file descriptor) [pid 5791] close(29) = -1 EBADF (Bad file descriptor) [pid 5791] exit_group(0) = ? [pid 5791] +++ exited with 0 +++ [ 208.067803][ T5791] Tasks state (memory values in pages): [ 208.074466][ T5791] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 208.084223][ T5791] Out of memory and no killable processes... [ 208.092313][ T5792] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 208.104018][ T5792] CPU: 0 PID: 5792 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./49/binderfs") = 0 [pid 5070] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./49/cgroup") = 0 [pid 5070] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./49/cgroup.net") = 0 [ 208.114488][ T5792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 208.124590][ T5792] Call Trace: [ 208.127910][ T5792] [ 208.130875][ T5792] dump_stack_lvl+0x1e7/0x2d0 [ 208.135600][ T5792] ? nf_tcp_handle_invalid+0x640/0x640 [ 208.141113][ T5792] ? panic+0x770/0x770 [ 208.145259][ T5792] dump_header+0xdc/0x940 [ 208.149652][ T5792] out_of_memory+0xf21/0x12c0 [ 208.154403][ T5792] ? mutex_lock_io_nested+0x60/0x60 [ 208.159676][ T5792] ? preempt_schedule+0xdd/0xf0 [ 208.164604][ T5792] ? unregister_oom_notifier+0x20/0x20 [ 208.170126][ T5792] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 208.176180][ T5792] mem_cgroup_out_of_memory+0x263/0x3b0 [ 208.181792][ T5792] ? preempt_schedule_thunk+0x1a/0x20 [ 208.187213][ T5792] ? mem_cgroup_oom_trylock+0x210/0x210 [ 208.192796][ T5792] ? cgroup_file_notify+0x127/0x190 [ 208.198022][ T5792] memory_max_write+0x355/0x470 [ 208.202901][ T5792] ? memory_max_show+0xa0/0xa0 [ 208.207689][ T5792] ? read_lock_is_recursive+0x20/0x20 [ 208.213088][ T5792] ? memory_max_show+0xa0/0xa0 [ 208.217871][ T5792] cgroup_file_write+0x2b1/0x780 [ 208.222826][ T5792] ? cgroup_seqfile_stop+0xd0/0xd0 [ 208.227973][ T5792] ? __virt_addr_valid+0x22f/0x2e0 [ 208.233114][ T5792] ? cgroup_seqfile_stop+0xd0/0xd0 [ 208.238239][ T5792] kernfs_fop_write_iter+0x3a6/0x4f0 [ 208.243544][ T5792] vfs_write+0x7b2/0xbb0 [ 208.247808][ T5792] ? file_end_write+0x240/0x240 [ 208.252678][ T5792] ? do_raw_spin_unlock+0x13b/0x8b0 [ 208.257909][ T5792] ? lockdep_hardirqs_on+0x98/0x140 [ 208.263129][ T5792] ? __fdget_pos+0x265/0x2f0 [ 208.267744][ T5792] ksys_write+0x1a0/0x2c0 [ 208.272118][ T5792] ? __ia32_sys_read+0x90/0x90 [ 208.276899][ T5792] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 208.282908][ T5792] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 208.288913][ T5792] do_syscall_64+0x41/0xc0 [ 208.293348][ T5792] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 208.299264][ T5792] RIP: 0033:0x7fd49ce20129 [ 208.303695][ T5792] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.323315][ T5792] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.331742][ T5792] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 208.339723][ T5792] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 208.347718][ T5792] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 208.355701][ T5792] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./49/file0") = 0 [pid 5070] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./49/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./49") = 0 [pid 5070] mkdir("./50", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5796 attached [ 208.363684][ T5792] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000039 [ 208.371693][ T5792] [ 208.387113][ T5792] memory: usage 8kB, limit 0kB, failcnt 55 [ 208.392990][ T5792] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 208.405904][ T5792] Memory cgroup stats for /syz1: [ 208.406114][ T5792] anon 0 [ 208.406114][ T5792] file 0 [pid 5796] chdir("./50" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 52 [pid 5796] <... chdir resumed>) = 0 [pid 5796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5796] setpgid(0, 0) = 0 [pid 5796] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5796] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5796] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5796] write(3, "1000", 4) = 4 [pid 5796] close(3) = 0 [pid 5796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5796] mkdir("./file0", 000) = 0 [pid 5796] open("./file0", O_RDONLY) = 3 [pid 5796] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5796] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5796] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5796] openat(5, "memory.max", O_RDWR) = 6 [ 208.406114][ T5792] kernel 8192 [ 208.406114][ T5792] kernel_stack 0 [ 208.406114][ T5792] pagetables 0 [ 208.406114][ T5792] sec_pagetables 0 [ 208.406114][ T5792] percpu 0 [ 208.406114][ T5792] sock 0 [ 208.406114][ T5792] vmalloc 0 [ 208.406114][ T5792] shmem 0 [ 208.406114][ T5792] zswap 0 [ 208.406114][ T5792] zswapped 0 [ 208.406114][ T5792] file_mapped 0 [ 208.406114][ T5792] file_dirty 0 [ 208.406114][ T5792] file_writeback 0 [ 208.406114][ T5792] swapcached 0 [ 208.406114][ T5792] anon_thp 0 [ 208.406114][ T5792] file_thp 0 [ 208.406114][ T5792] shmem_thp 0 [ 208.406114][ T5792] inactive_anon 0 [ 208.406114][ T5792] active_anon 0 [ 208.406114][ T5792] inactive_file 0 [ 208.406114][ T5792] active_file 0 [ 208.406114][ T5792] unevictable 0 [ 208.406114][ T5792] slab_reclaimable 6752 [ 208.406114][ T5792] slab_unreclaimable 0 [ 208.406114][ T5792] slab 6752 [ 208.406114][ T5792] workingset_refault_anon 0 [ 208.506920][ T5792] Tasks state (memory values in pages): [pid 5796] write(6, "0x000000000000040e", 18 [pid 5792] <... write resumed>) = 18 [ 208.512593][ T5792] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 208.522698][ T5792] Out of memory and no killable processes... [ 208.529625][ T5793] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 208.540499][ T5793] CPU: 0 PID: 5793 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 208.550965][ T5793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 208.561061][ T5793] Call Trace: [ 208.564372][ T5793] [pid 5792] close(3) = 0 [pid 5792] close(4) = 0 [pid 5792] close(5) = 0 [pid 5792] close(6) = 0 [pid 5792] close(7) = -1 EBADF (Bad file descriptor) [pid 5792] close(8) = -1 EBADF (Bad file descriptor) [pid 5792] close(9) = -1 EBADF (Bad file descriptor) [pid 5792] close(10) = -1 EBADF (Bad file descriptor) [pid 5792] close(11) = -1 EBADF (Bad file descriptor) [pid 5792] close(12) = -1 EBADF (Bad file descriptor) [pid 5792] close(13) = -1 EBADF (Bad file descriptor) [pid 5792] close(14) = -1 EBADF (Bad file descriptor) [pid 5792] close(15) = -1 EBADF (Bad file descriptor) [pid 5792] close(16) = -1 EBADF (Bad file descriptor) [pid 5792] close(17) = -1 EBADF (Bad file descriptor) [pid 5792] close(18) = -1 EBADF (Bad file descriptor) [pid 5792] close(19) = -1 EBADF (Bad file descriptor) [pid 5792] close(20) = -1 EBADF (Bad file descriptor) [pid 5792] close(21) = -1 EBADF (Bad file descriptor) [pid 5792] close(22) = -1 EBADF (Bad file descriptor) [ 208.567356][ T5793] dump_stack_lvl+0x1e7/0x2d0 [ 208.572084][ T5793] ? nf_tcp_handle_invalid+0x640/0x640 [ 208.577591][ T5793] ? panic+0x770/0x770 [ 208.581742][ T5793] dump_header+0xdc/0x940 [ 208.586125][ T5793] out_of_memory+0xf21/0x12c0 [ 208.590854][ T5793] ? mutex_lock_io_nested+0x60/0x60 [ 208.596106][ T5793] ? mark_lock+0x9a/0x340 [ 208.600480][ T5793] ? unregister_oom_notifier+0x20/0x20 [ 208.605990][ T5793] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 208.612033][ T5793] mem_cgroup_out_of_memory+0x263/0x3b0 [pid 5792] close(23) = -1 EBADF (Bad file descriptor) [pid 5792] close(24) = -1 EBADF (Bad file descriptor) [pid 5792] close(25) = -1 EBADF (Bad file descriptor) [pid 5792] close(26) = -1 EBADF (Bad file descriptor) [ 208.617644][ T5793] ? mem_cgroup_oom_trylock+0x210/0x210 [ 208.623278][ T5793] ? cgroup_file_notify+0x127/0x190 [ 208.628533][ T5793] memory_max_write+0x355/0x470 [ 208.633417][ T5793] ? memory_max_show+0xa0/0xa0 [ 208.638375][ T5793] ? read_lock_is_recursive+0x20/0x20 [ 208.643770][ T5793] ? memory_max_show+0xa0/0xa0 [ 208.648549][ T5793] cgroup_file_write+0x2b1/0x780 [ 208.653853][ T5793] ? cgroup_seqfile_stop+0xd0/0xd0 [ 208.658988][ T5793] ? __virt_addr_valid+0x22f/0x2e0 [ 208.664126][ T5793] ? cgroup_seqfile_stop+0xd0/0xd0 [ 208.669264][ T5793] kernfs_fop_write_iter+0x3a6/0x4f0 [ 208.674570][ T5793] vfs_write+0x7b2/0xbb0 [ 208.678845][ T5793] ? file_end_write+0x240/0x240 [ 208.683717][ T5793] ? do_raw_spin_unlock+0x13b/0x8b0 [ 208.688952][ T5793] ? lockdep_hardirqs_on+0x98/0x140 [ 208.694176][ T5793] ? __fdget_pos+0x265/0x2f0 [ 208.698783][ T5793] ksys_write+0x1a0/0x2c0 [ 208.703128][ T5793] ? __ia32_sys_read+0x90/0x90 [ 208.707928][ T5793] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 208.713929][ T5793] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 208.719931][ T5793] do_syscall_64+0x41/0xc0 [ 208.724367][ T5793] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 208.730290][ T5793] RIP: 0033:0x7fd49ce20129 [ 208.734723][ T5793] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.754345][ T5793] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.762777][ T5793] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5792] close(27) = -1 EBADF (Bad file descriptor) [pid 5792] close(28) = -1 EBADF (Bad file descriptor) [pid 5792] close(29) = -1 EBADF (Bad file descriptor) [pid 5792] exit_group(0) = ? [pid 5792] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./57/binderfs") = 0 [pid 5074] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 208.770761][ T5793] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 208.778740][ T5793] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 208.786722][ T5793] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 208.794725][ T5793] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000035 [ 208.802757][ T5793] [pid 5074] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./57/cgroup") = 0 [pid 5074] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./57/cgroup.net") = 0 [pid 5074] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./57/file0") = 0 [pid 5074] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./57/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./57") = 0 [pid 5074] mkdir("./58", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 60 [ 208.837788][ T5793] memory: usage 8kB, limit 0kB, failcnt 55 [ 208.843691][ T5793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 208.858490][ T5793] Memory cgroup stats for /syz1: [ 208.858712][ T5793] anon 0 [ 208.858712][ T5793] file 0 [ 208.858712][ T5793] kernel 8192 [ 208.858712][ T5793] kernel_stack 0 [ 208.858712][ T5793] pagetables 0 [ 208.858712][ T5793] sec_pagetables 0 [ 208.858712][ T5793] percpu 0 [ 208.858712][ T5793] sock 0 [ 208.858712][ T5793] vmalloc 0 [ 208.858712][ T5793] shmem 0 [ 208.858712][ T5793] zswap 0 [ 208.858712][ T5793] zswapped 0 [ 208.858712][ T5793] file_mapped 0 [ 208.858712][ T5793] file_dirty 0 [ 208.858712][ T5793] file_writeback 0 [ 208.858712][ T5793] swapcached 0 [ 208.858712][ T5793] anon_thp 0 [ 208.858712][ T5793] file_thp 0 [ 208.858712][ T5793] shmem_thp 0 [ 208.858712][ T5793] inactive_anon 0 [ 208.858712][ T5793] active_anon 0 [ 208.858712][ T5793] inactive_file 0 [ 208.858712][ T5793] active_file 0 ./strace-static-x86_64: Process 5797 attached [pid 5797] chdir("./58") = 0 [pid 5797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5797] setpgid(0, 0) = 0 [pid 5797] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5797] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5797] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 208.858712][ T5793] unevictable 0 [ 208.858712][ T5793] slab_reclaimable 6752 [ 208.858712][ T5793] slab_unreclaimable 0 [ 208.858712][ T5793] slab 6752 [ 208.858712][ T5793] workingset_refault_anon 0 [ 208.959144][ T5793] Tasks state (memory values in pages): [ 208.966672][ T5793] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 208.976456][ T5793] Out of memory and no killable processes... [pid 5797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5793] <... write resumed>) = 18 [pid 5793] close(3) = 0 [pid 5793] close(4) = 0 [pid 5793] close(5) = 0 [pid 5793] close(6) = 0 [pid 5793] close(7) = -1 EBADF (Bad file descriptor) [pid 5793] close(8) = -1 EBADF (Bad file descriptor) [pid 5793] close(9) = -1 EBADF (Bad file descriptor) [pid 5793] close(10) = -1 EBADF (Bad file descriptor) [pid 5793] close(11) = -1 EBADF (Bad file descriptor) [pid 5793] close(12) = -1 EBADF (Bad file descriptor) [pid 5793] close(13) = -1 EBADF (Bad file descriptor) [pid 5793] close(14) = -1 EBADF (Bad file descriptor) [pid 5793] close(15) = -1 EBADF (Bad file descriptor) [pid 5793] close(16) = -1 EBADF (Bad file descriptor) [pid 5793] close(17) = -1 EBADF (Bad file descriptor) [pid 5793] close(18) = -1 EBADF (Bad file descriptor) [pid 5793] close(19) = -1 EBADF (Bad file descriptor) [pid 5793] close(20) = -1 EBADF (Bad file descriptor) [pid 5793] close(21) = -1 EBADF (Bad file descriptor) [pid 5793] close(22) = -1 EBADF (Bad file descriptor) [pid 5793] close(23) = -1 EBADF (Bad file descriptor) [pid 5793] close(24) = -1 EBADF (Bad file descriptor) [pid 5793] close(25) = -1 EBADF (Bad file descriptor) [pid 5793] close(26 [pid 5797] <... openat resumed>) = 3 [pid 5793] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5793] close(27 [pid 5797] write(3, "1000", 4 [pid 5793] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5793] close(28) = -1 EBADF (Bad file descriptor) [pid 5793] close(29 [pid 5797] <... write resumed>) = 4 [pid 5793] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5797] close(3 [pid 5793] exit_group(0) = ? [pid 5793] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./53/binderfs") = 0 [pid 5073] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./53/cgroup") = 0 [pid 5073] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./53/cgroup.net") = 0 [pid 5073] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5797] <... close resumed>) = 0 [pid 5797] symlink("/dev/binderfs", "./binderfs") = 0 [ 208.991389][ T5794] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 209.007196][ T5794] CPU: 1 PID: 5794 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 209.017692][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 209.027799][ T5794] Call Trace: [ 209.031126][ T5794] [ 209.034103][ T5794] dump_stack_lvl+0x1e7/0x2d0 [pid 5797] mkdir("./file0", 000) = 0 [pid 5797] open("./file0", O_RDONLY) = 3 [pid 5797] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5797] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5797] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5797] openat(5, "memory.max", O_RDWR) = 6 [ 209.038853][ T5794] ? nf_tcp_handle_invalid+0x640/0x640 [ 209.044377][ T5794] ? panic+0x770/0x770 [ 209.048531][ T5794] dump_header+0xdc/0x940 [ 209.052933][ T5794] out_of_memory+0xf21/0x12c0 [ 209.057678][ T5794] ? mutex_lock_io_nested+0x60/0x60 [ 209.062952][ T5794] ? mark_lock+0x9a/0x340 [ 209.067339][ T5794] ? unregister_oom_notifier+0x20/0x20 [ 209.072848][ T5794] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 209.078885][ T5794] mem_cgroup_out_of_memory+0x263/0x3b0 [ 209.084476][ T5794] ? mem_cgroup_oom_trylock+0x210/0x210 [ 209.090077][ T5794] ? cgroup_file_notify+0x127/0x190 [ 209.095325][ T5794] memory_max_write+0x355/0x470 [ 209.100210][ T5794] ? memory_max_show+0xa0/0xa0 [ 209.105014][ T5794] ? read_lock_is_recursive+0x20/0x20 [ 209.110432][ T5794] ? memory_max_show+0xa0/0xa0 [ 209.115219][ T5794] cgroup_file_write+0x2b1/0x780 [ 209.120184][ T5794] ? cgroup_seqfile_stop+0xd0/0xd0 [ 209.125315][ T5794] ? __virt_addr_valid+0x22f/0x2e0 [ 209.130462][ T5794] ? cgroup_seqfile_stop+0xd0/0xd0 [ 209.135588][ T5794] kernfs_fop_write_iter+0x3a6/0x4f0 [ 209.140901][ T5794] vfs_write+0x7b2/0xbb0 [ 209.145178][ T5794] ? file_end_write+0x240/0x240 [ 209.150055][ T5794] ? do_raw_spin_unlock+0x13b/0x8b0 [ 209.155278][ T5794] ? lockdep_hardirqs_on+0x98/0x140 [ 209.160503][ T5794] ? __fdget_pos+0x265/0x2f0 [ 209.165118][ T5794] ksys_write+0x1a0/0x2c0 [ 209.169476][ T5794] ? __ia32_sys_read+0x90/0x90 [ 209.174262][ T5794] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 209.180275][ T5794] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 209.186284][ T5794] do_syscall_64+0x41/0xc0 [ 209.190727][ T5794] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 209.196644][ T5794] RIP: 0033:0x7fd49ce20129 [ 209.201079][ T5794] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.220704][ T5794] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.229138][ T5794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5797] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 209.237130][ T5794] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 209.245119][ T5794] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 209.253153][ T5794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 209.261159][ T5794] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000032 [ 209.269209][ T5794] [ 209.283940][ T5794] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 209.292293][ T5794] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 209.301379][ T5794] Memory cgroup stats for /syz1: [ 209.304569][ T5794] anon 0 [ 209.304569][ T5794] file 0 [ 209.304569][ T5794] kernel 8192 [ 209.304569][ T5794] kernel_stack 0 [ 209.304569][ T5794] pagetables 0 [ 209.304569][ T5794] sec_pagetables 0 [ 209.304569][ T5794] percpu 0 [ 209.304569][ T5794] sock 0 [ 209.304569][ T5794] vmalloc 0 [ 209.304569][ T5794] shmem 0 [ 209.304569][ T5794] zswap 0 [ 209.304569][ T5794] zswapped 0 [ 209.304569][ T5794] file_mapped 0 [ 209.304569][ T5794] file_dirty 0 [ 209.304569][ T5794] file_writeback 0 [ 209.304569][ T5794] swapcached 0 [ 209.304569][ T5794] anon_thp 0 [ 209.304569][ T5794] file_thp 0 [ 209.304569][ T5794] shmem_thp 0 [ 209.304569][ T5794] inactive_anon 0 [ 209.304569][ T5794] active_anon 0 [ 209.304569][ T5794] inactive_file 0 [ 209.304569][ T5794] active_file 0 [ 209.304569][ T5794] unevictable 0 [ 209.304569][ T5794] slab_reclaimable 6752 [ 209.304569][ T5794] slab_unreclaimable 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./53/file0") = 0 [pid 5073] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./53/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 209.304569][ T5794] slab 6752 [ 209.304569][ T5794] workingset_refault_anon 0 [ 209.415766][ T5794] Tasks state (memory values in pages): [ 209.422238][ T5794] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 209.432912][ T5794] Out of memory and no killable processes... [pid 5073] close(3 [pid 5794] <... write resumed>) = 18 [pid 5073] <... close resumed>) = 0 [pid 5794] close(3) = 0 [pid 5794] close(4) = 0 [pid 5794] close(5) = 0 [pid 5794] close(6) = 0 [pid 5794] close(7) = -1 EBADF (Bad file descriptor) [pid 5794] close(8) = -1 EBADF (Bad file descriptor) [pid 5794] close(9) = -1 EBADF (Bad file descriptor) [pid 5794] close(10) = -1 EBADF (Bad file descriptor) [pid 5794] close(11) = -1 EBADF (Bad file descriptor) [pid 5794] close(12) = -1 EBADF (Bad file descriptor) [pid 5794] close(13) = -1 EBADF (Bad file descriptor) [pid 5794] close(14) = -1 EBADF (Bad file descriptor) [pid 5794] close(15) = -1 EBADF (Bad file descriptor) [pid 5794] close(16) = -1 EBADF (Bad file descriptor) [pid 5794] close(17) = -1 EBADF (Bad file descriptor) [pid 5794] close(18) = -1 EBADF (Bad file descriptor) [pid 5794] close(19) = -1 EBADF (Bad file descriptor) [pid 5073] rmdir("./53" [pid 5794] close(20) = -1 EBADF (Bad file descriptor) [pid 5794] close(21) = -1 EBADF (Bad file descriptor) [pid 5794] close(22 [pid 5073] <... rmdir resumed>) = 0 [pid 5794] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] close(23) = -1 EBADF (Bad file descriptor) [pid 5073] mkdir("./54", 0777 [pid 5794] close(24) = -1 EBADF (Bad file descriptor) [pid 5794] close(25) = -1 EBADF (Bad file descriptor) [pid 5073] <... mkdir resumed>) = 0 [pid 5794] close(26) = -1 EBADF (Bad file descriptor) [pid 5794] close(27 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5794] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5794] close(28) = -1 EBADF (Bad file descriptor) [pid 5794] close(29) = -1 EBADF (Bad file descriptor) [pid 5794] exit_group(0) = ? ./strace-static-x86_64: Process 5798 attached [pid 5794] +++ exited with 0 +++ [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 56 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5798] chdir("./54") = 0 [pid 5072] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5798] <... prctl resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5798] setpgid(0, 0 [pid 5072] <... openat resumed>) = 3 [pid 5798] <... setpgid resumed>) = 0 [pid 5072] fstat(3, [pid 5798] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5798] <... symlink resumed>) = 0 [pid 5072] getdents64(3, [pid 5798] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5072] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5798] <... symlink resumed>) = 0 [pid 5072] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5798] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5798] <... symlink resumed>) = 0 [pid 5072] lstat("./50/binderfs", [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 209.440930][ T5795] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 209.463552][ T5795] CPU: 1 PID: 5795 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 209.474051][ T5795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 209.484158][ T5795] Call Trace: [ 209.487492][ T5795] [pid 5798] <... openat resumed>) = 3 [pid 5072] unlink("./50/binderfs" [pid 5798] write(3, "1000", 4 [pid 5072] <... unlink resumed>) = 0 [pid 5798] <... write resumed>) = 4 [pid 5072] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5798] close(3 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5798] <... close resumed>) = 0 [pid 5072] lstat("./50/cgroup", [pid 5798] symlink("/dev/binderfs", "./binderfs" [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 209.490472][ T5795] dump_stack_lvl+0x1e7/0x2d0 [ 209.495223][ T5795] ? nf_tcp_handle_invalid+0x640/0x640 [ 209.500762][ T5795] ? panic+0x770/0x770 [ 209.504902][ T5795] dump_header+0xdc/0x940 [ 209.509294][ T5795] out_of_memory+0xf21/0x12c0 [ 209.514038][ T5795] ? mutex_lock_io_nested+0x60/0x60 [ 209.519301][ T5795] ? preempt_schedule+0xdd/0xf0 [ 209.524208][ T5795] ? unregister_oom_notifier+0x20/0x20 [ 209.529711][ T5795] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 209.535746][ T5795] mem_cgroup_out_of_memory+0x263/0x3b0 [ 209.541328][ T5795] ? preempt_schedule_thunk+0x1a/0x20 [ 209.546767][ T5795] ? mem_cgroup_oom_trylock+0x210/0x210 [ 209.552373][ T5795] ? cgroup_file_notify+0x127/0x190 [ 209.557948][ T5795] memory_max_write+0x355/0x470 [ 209.562834][ T5795] ? memory_max_show+0xa0/0xa0 [ 209.567655][ T5795] ? read_lock_is_recursive+0x20/0x20 [ 209.573083][ T5795] ? memory_max_show+0xa0/0xa0 [ 209.577876][ T5795] cgroup_file_write+0x2b1/0x780 [ 209.582841][ T5795] ? cgroup_seqfile_stop+0xd0/0xd0 [ 209.587970][ T5795] ? __virt_addr_valid+0x22f/0x2e0 [ 209.593115][ T5795] ? cgroup_seqfile_stop+0xd0/0xd0 [ 209.598239][ T5795] kernfs_fop_write_iter+0x3a6/0x4f0 [ 209.603551][ T5795] vfs_write+0x7b2/0xbb0 [ 209.607821][ T5795] ? file_end_write+0x240/0x240 [ 209.612696][ T5795] ? do_raw_spin_unlock+0x13b/0x8b0 [ 209.617915][ T5795] ? lockdep_hardirqs_on+0x98/0x140 [ 209.623138][ T5795] ? __fdget_pos+0x265/0x2f0 [ 209.627755][ T5795] ksys_write+0x1a0/0x2c0 [ 209.632108][ T5795] ? __ia32_sys_read+0x90/0x90 [ 209.636892][ T5795] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 209.642988][ T5795] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 209.648997][ T5795] do_syscall_64+0x41/0xc0 [ 209.653525][ T5795] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 209.659442][ T5795] RIP: 0033:0x7fd49ce20129 [ 209.663872][ T5795] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.683493][ T5795] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.691927][ T5795] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 209.699916][ T5795] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 209.707916][ T5795] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 209.715927][ T5795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 209.723924][ T5795] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000038 [ 209.731933][ T5795] [ 209.738019][ T5795] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5798] <... symlink resumed>) = 0 [pid 5072] unlink("./50/cgroup" [pid 5798] mkdir("./file0", 000 [pid 5072] <... unlink resumed>) = 0 [pid 5798] <... mkdir resumed>) = 0 [pid 5072] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5798] open("./file0", O_RDONLY [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5798] <... open resumed>) = 3 [pid 5072] lstat("./50/cgroup.net", [pid 5798] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5798] <... mount resumed>) = 0 [pid 5072] unlink("./50/cgroup.net" [pid 5798] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5072] <... unlink resumed>) = 0 [pid 5798] <... openat resumed>) = 4 [pid 5072] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5798] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5798] openat(5, "memory.max", O_RDWR) = 6 [pid 5798] write(6, "0x000000000000040e", 18 [pid 5072] <... umount2 resumed>) = 0 [pid 5072] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 209.743892][ T5795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 209.758407][ T5795] Memory cgroup stats for /syz1: [ 209.758568][ T5795] anon 0 [ 209.758568][ T5795] file 0 [ 209.758568][ T5795] kernel 8192 [ 209.758568][ T5795] kernel_stack 0 [ 209.758568][ T5795] pagetables 0 [ 209.758568][ T5795] sec_pagetables 0 [ 209.758568][ T5795] percpu 0 [ 209.758568][ T5795] sock 0 [ 209.758568][ T5795] vmalloc 0 [ 209.758568][ T5795] shmem 0 [ 209.758568][ T5795] zswap 0 [ 209.758568][ T5795] zswapped 0 [ 209.758568][ T5795] file_mapped 0 [ 209.758568][ T5795] file_dirty 0 [ 209.758568][ T5795] file_writeback 0 [ 209.758568][ T5795] swapcached 0 [ 209.758568][ T5795] anon_thp 0 [ 209.758568][ T5795] file_thp 0 [ 209.758568][ T5795] shmem_thp 0 [ 209.758568][ T5795] inactive_anon 0 [ 209.758568][ T5795] active_anon 0 [ 209.758568][ T5795] inactive_file 0 [ 209.758568][ T5795] active_file 0 [ 209.758568][ T5795] unevictable 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./50/file0") = 0 [pid 5072] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./50/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./50") = 0 [pid 5072] mkdir("./51", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5799 attached [pid 5799] chdir("./51" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 53 [pid 5799] <... chdir resumed>) = 0 [pid 5799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 209.758568][ T5795] slab_reclaimable 6752 [ 209.758568][ T5795] slab_unreclaimable 0 [ 209.758568][ T5795] slab 6752 [ 209.758568][ T5795] workingset_refault_anon 0 [ 209.869172][ T5795] Tasks state (memory values in pages): [ 209.874955][ T5795] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5799] setpgid(0, 0) = 0 [pid 5799] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5799] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5799] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5799] write(3, "1000", 4) = 4 [pid 5799] close(3) = 0 [pid 5799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5799] mkdir("./file0", 000) = 0 [pid 5799] open("./file0", O_RDONLY) = 3 [pid 5799] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5795] <... write resumed>) = 18 [pid 5799] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5799] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5799] openat(5, "memory.max", O_RDWR) = 6 [ 209.890561][ T5795] Out of memory and no killable processes... [ 209.905280][ T5796] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 209.928889][ T5796] CPU: 0 PID: 5796 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5799] write(6, "0x000000000000040e", 18 [pid 5795] close(3) = 0 [pid 5795] close(4) = 0 [pid 5795] close(5) = 0 [pid 5795] close(6) = 0 [pid 5795] close(7) = -1 EBADF (Bad file descriptor) [pid 5795] close(8) = -1 EBADF (Bad file descriptor) [pid 5795] close(9) = -1 EBADF (Bad file descriptor) [pid 5795] close(10) = -1 EBADF (Bad file descriptor) [pid 5795] close(11) = -1 EBADF (Bad file descriptor) [pid 5795] close(12) = -1 EBADF (Bad file descriptor) [pid 5795] close(13) = -1 EBADF (Bad file descriptor) [pid 5795] close(14) = -1 EBADF (Bad file descriptor) [pid 5795] close(15) = -1 EBADF (Bad file descriptor) [pid 5795] close(16) = -1 EBADF (Bad file descriptor) [pid 5795] close(17) = -1 EBADF (Bad file descriptor) [pid 5795] close(18) = -1 EBADF (Bad file descriptor) [pid 5795] close(19) = -1 EBADF (Bad file descriptor) [pid 5795] close(20) = -1 EBADF (Bad file descriptor) [pid 5795] close(21) = -1 EBADF (Bad file descriptor) [pid 5795] close(22) = -1 EBADF (Bad file descriptor) [pid 5795] close(23) = -1 EBADF (Bad file descriptor) [pid 5795] close(24) = -1 EBADF (Bad file descriptor) [pid 5795] close(25) = -1 EBADF (Bad file descriptor) [pid 5795] close(26) = -1 EBADF (Bad file descriptor) [pid 5795] close(27) = -1 EBADF (Bad file descriptor) [pid 5795] close(28) = -1 EBADF (Bad file descriptor) [pid 5795] close(29) = -1 EBADF (Bad file descriptor) [pid 5795] exit_group(0) = ? [pid 5795] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./56/binderfs") = 0 [pid 5075] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 209.939393][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 209.949496][ T5796] Call Trace: [ 209.952818][ T5796] [ 209.955790][ T5796] dump_stack_lvl+0x1e7/0x2d0 [ 209.960545][ T5796] ? nf_tcp_handle_invalid+0x640/0x640 [ 209.966070][ T5796] ? panic+0x770/0x770 [ 209.970231][ T5796] dump_header+0xdc/0x940 [ 209.974645][ T5796] out_of_memory+0xf21/0x12c0 [ 209.979397][ T5796] ? mutex_lock_io_nested+0x60/0x60 [ 209.984630][ T5796] ? mark_lock+0x9a/0x340 [ 209.988980][ T5796] ? unregister_oom_notifier+0x20/0x20 [ 209.994478][ T5796] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 210.000491][ T5796] mem_cgroup_out_of_memory+0x263/0x3b0 [ 210.006117][ T5796] ? mem_cgroup_oom_trylock+0x210/0x210 [ 210.011707][ T5796] ? cgroup_file_notify+0x127/0x190 [ 210.016969][ T5796] memory_max_write+0x355/0x470 [ 210.021875][ T5796] ? memory_max_show+0xa0/0xa0 [ 210.026684][ T5796] ? read_lock_is_recursive+0x20/0x20 [ 210.032119][ T5796] ? memory_max_show+0xa0/0xa0 [ 210.036922][ T5796] cgroup_file_write+0x2b1/0x780 [ 210.041900][ T5796] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.047044][ T5796] ? __virt_addr_valid+0x22f/0x2e0 [ 210.052193][ T5796] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.057326][ T5796] kernfs_fop_write_iter+0x3a6/0x4f0 [ 210.062640][ T5796] vfs_write+0x7b2/0xbb0 [ 210.066911][ T5796] ? file_end_write+0x240/0x240 [ 210.071789][ T5796] ? do_raw_spin_unlock+0x13b/0x8b0 [ 210.077009][ T5796] ? lockdep_hardirqs_on+0x98/0x140 [ 210.082249][ T5796] ? __fdget_pos+0x265/0x2f0 [ 210.086863][ T5796] ksys_write+0x1a0/0x2c0 [ 210.091215][ T5796] ? __ia32_sys_read+0x90/0x90 [ 210.095999][ T5796] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 210.102011][ T5796] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 210.108033][ T5796] do_syscall_64+0x41/0xc0 [ 210.112476][ T5796] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 210.118394][ T5796] RIP: 0033:0x7fd49ce20129 [ 210.122821][ T5796] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.142442][ T5796] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 210.150877][ T5796] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 210.158864][ T5796] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 210.166856][ T5796] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 210.174870][ T5796] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 210.182885][ T5796] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000032 [ 210.190889][ T5796] [pid 5075] unlink("./56/cgroup") = 0 [pid 5075] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./56/cgroup.net") = 0 [pid 5075] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./56/file0") = 0 [pid 5075] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 210.204984][ T5796] memory: usage 8kB, limit 0kB, failcnt 55 [ 210.212851][ T5796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 210.220727][ T5796] Memory cgroup stats for /syz1: [ 210.220932][ T5796] anon 0 [ 210.220932][ T5796] file 0 [ 210.220932][ T5796] kernel 8192 [ 210.220932][ T5796] kernel_stack 0 [ 210.220932][ T5796] pagetables 0 [ 210.220932][ T5796] sec_pagetables 0 [ 210.220932][ T5796] percpu 0 [ 210.220932][ T5796] sock 0 [ 210.220932][ T5796] vmalloc 0 [pid 5075] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./56/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./56") = 0 [pid 5075] mkdir("./57", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5800 attached [pid 5800] chdir("./57" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 59 [pid 5800] <... chdir resumed>) = 0 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [ 210.220932][ T5796] shmem 0 [ 210.220932][ T5796] zswap 0 [ 210.220932][ T5796] zswapped 0 [ 210.220932][ T5796] file_mapped 0 [ 210.220932][ T5796] file_dirty 0 [ 210.220932][ T5796] file_writeback 0 [ 210.220932][ T5796] swapcached 0 [ 210.220932][ T5796] anon_thp 0 [ 210.220932][ T5796] file_thp 0 [ 210.220932][ T5796] shmem_thp 0 [ 210.220932][ T5796] inactive_anon 0 [ 210.220932][ T5796] active_anon 0 [ 210.220932][ T5796] inactive_file 0 [ 210.220932][ T5796] active_file 0 [ 210.220932][ T5796] unevictable 0 [ 210.220932][ T5796] slab_reclaimable 6752 [pid 5800] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5800] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5800] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5800] mkdir("./file0", 000) = 0 [pid 5800] open("./file0", O_RDONLY) = 3 [pid 5800] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5800] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5800] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5800] openat(5, "memory.max", O_RDWR) = 6 [ 210.220932][ T5796] slab_unreclaimable 0 [ 210.220932][ T5796] slab 6752 [ 210.220932][ T5796] workingset_refault_anon 0 [ 210.318027][ T5796] Tasks state (memory values in pages): [ 210.323644][ T5796] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 210.344722][ T5796] Out of memory and no killable processes... [pid 5800] write(6, "0x000000000000040e", 18 [pid 5796] <... write resumed>) = 18 [pid 5796] close(3) = 0 [pid 5796] close(4) = 0 [pid 5796] close(5) = 0 [pid 5796] close(6) = 0 [pid 5796] close(7) = -1 EBADF (Bad file descriptor) [pid 5796] close(8) = -1 EBADF (Bad file descriptor) [pid 5796] close(9) = -1 EBADF (Bad file descriptor) [pid 5796] close(10) = -1 EBADF (Bad file descriptor) [pid 5796] close(11) = -1 EBADF (Bad file descriptor) [pid 5796] close(12) = -1 EBADF (Bad file descriptor) [pid 5796] close(13) = -1 EBADF (Bad file descriptor) [pid 5796] close(14) = -1 EBADF (Bad file descriptor) [pid 5796] close(15) = -1 EBADF (Bad file descriptor) [pid 5796] close(16) = -1 EBADF (Bad file descriptor) [pid 5796] close(17) = -1 EBADF (Bad file descriptor) [pid 5796] close(18) = -1 EBADF (Bad file descriptor) [pid 5796] close(19) = -1 EBADF (Bad file descriptor) [pid 5796] close(20) = -1 EBADF (Bad file descriptor) [pid 5796] close(21) = -1 EBADF (Bad file descriptor) [pid 5796] close(22) = -1 EBADF (Bad file descriptor) [pid 5796] close(23) = -1 EBADF (Bad file descriptor) [pid 5796] close(24) = -1 EBADF (Bad file descriptor) [pid 5796] close(25) = -1 EBADF (Bad file descriptor) [pid 5796] close(26) = -1 EBADF (Bad file descriptor) [pid 5796] close(27) = -1 EBADF (Bad file descriptor) [pid 5796] close(28) = -1 EBADF (Bad file descriptor) [pid 5796] close(29) = -1 EBADF (Bad file descriptor) [pid 5796] exit_group(0) = ? [pid 5796] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 210.351288][ T5797] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 210.375090][ T5797] CPU: 0 PID: 5797 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 210.385606][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 210.395718][ T5797] Call Trace: [ 210.399048][ T5797] [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./50/binderfs") = 0 [pid 5070] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./50/cgroup") = 0 [pid 5070] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./50/cgroup.net") = 0 [ 210.402026][ T5797] dump_stack_lvl+0x1e7/0x2d0 [ 210.406852][ T5797] ? nf_tcp_handle_invalid+0x640/0x640 [ 210.412390][ T5797] ? panic+0x770/0x770 [ 210.416542][ T5797] dump_header+0xdc/0x940 [ 210.420943][ T5797] out_of_memory+0xf21/0x12c0 [ 210.425692][ T5797] ? mutex_lock_io_nested+0x60/0x60 [ 210.430987][ T5797] ? preempt_schedule+0xdd/0xf0 [ 210.435919][ T5797] ? unregister_oom_notifier+0x20/0x20 [ 210.441450][ T5797] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 210.447515][ T5797] mem_cgroup_out_of_memory+0x263/0x3b0 [ 210.453122][ T5797] ? preempt_schedule_thunk+0x1a/0x20 [ 210.458527][ T5797] ? mem_cgroup_oom_trylock+0x210/0x210 [ 210.464129][ T5797] ? cgroup_file_notify+0x127/0x190 [ 210.469515][ T5797] memory_max_write+0x355/0x470 [ 210.474469][ T5797] ? memory_max_show+0xa0/0xa0 [ 210.479285][ T5797] ? read_lock_is_recursive+0x20/0x20 [ 210.484709][ T5797] ? memory_max_show+0xa0/0xa0 [ 210.489532][ T5797] cgroup_file_write+0x2b1/0x780 [ 210.494547][ T5797] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.499714][ T5797] ? __virt_addr_valid+0x22f/0x2e0 [ 210.504900][ T5797] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.510072][ T5797] kernfs_fop_write_iter+0x3a6/0x4f0 [ 210.515425][ T5797] vfs_write+0x7b2/0xbb0 [ 210.519743][ T5797] ? file_end_write+0x240/0x240 [ 210.524654][ T5797] ? do_raw_spin_unlock+0x13b/0x8b0 [ 210.529910][ T5797] ? lockdep_hardirqs_on+0x98/0x140 [ 210.535171][ T5797] ? __fdget_pos+0x265/0x2f0 [ 210.539833][ T5797] ksys_write+0x1a0/0x2c0 [ 210.544227][ T5797] ? __ia32_sys_read+0x90/0x90 [ 210.549042][ T5797] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 210.555101][ T5797] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 210.561302][ T5797] do_syscall_64+0x41/0xc0 [ 210.565795][ T5797] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 210.571746][ T5797] RIP: 0033:0x7fd49ce20129 [ 210.576194][ T5797] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.595854][ T5797] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 210.604315][ T5797] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 210.612317][ T5797] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 210.620338][ T5797] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 210.628346][ T5797] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 210.636337][ T5797] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003a [ 210.644365][ T5797] [ 210.650714][ T5797] memory: usage 8kB, limit 0kB, failcnt 55 [ 210.656694][ T5797] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 210.663583][ T5797] Memory cgroup stats for /syz1: [ 210.663811][ T5797] anon 0 [ 210.663811][ T5797] file 0 [ 210.663811][ T5797] kernel 8192 [ 210.663811][ T5797] kernel_stack 0 [ 210.663811][ T5797] pagetables 0 [ 210.663811][ T5797] sec_pagetables 0 [ 210.663811][ T5797] percpu 0 [ 210.663811][ T5797] sock 0 [ 210.663811][ T5797] vmalloc 0 [ 210.663811][ T5797] shmem 0 [ 210.663811][ T5797] zswap 0 [ 210.663811][ T5797] zswapped 0 [ 210.663811][ T5797] file_mapped 0 [ 210.663811][ T5797] file_dirty 0 [ 210.663811][ T5797] file_writeback 0 [ 210.663811][ T5797] swapcached 0 [ 210.663811][ T5797] anon_thp 0 [ 210.663811][ T5797] file_thp 0 [ 210.663811][ T5797] shmem_thp 0 [ 210.663811][ T5797] inactive_anon 0 [ 210.663811][ T5797] active_anon 0 [ 210.663811][ T5797] inactive_file 0 [ 210.663811][ T5797] active_file 0 [ 210.663811][ T5797] unevictable 0 [ 210.663811][ T5797] slab_reclaimable 6752 [ 210.663811][ T5797] slab_unreclaimable 0 [ 210.663811][ T5797] slab 6752 [pid 5070] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5797] <... write resumed>) = 18 [pid 5070] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5797] close(3 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5797] <... close resumed>) = 0 [pid 5070] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5797] close(4 [pid 5070] <... openat resumed>) = 4 [pid 5797] <... close resumed>) = 0 [pid 5070] fstat(4, [pid 5797] close(5 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5797] <... close resumed>) = 0 [pid 5070] getdents64(4, [pid 5797] close(6 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [ 210.663811][ T5797] workingset_refault_anon 0 [ 210.762720][ T5797] Tasks state (memory values in pages): [ 210.769192][ T5797] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 210.780038][ T5797] Out of memory and no killable processes... [ 210.786326][ T5798] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 210.796976][ T5798] CPU: 0 PID: 5798 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5797] <... close resumed>) = 0 [pid 5070] getdents64(4, [pid 5797] close(7 [pid 5070] <... getdents64 resumed>0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] close(4 [pid 5797] close(8 [pid 5070] <... close resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] rmdir("./50/file0" [pid 5797] close(9 [pid 5070] <... rmdir resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5797] close(10 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] lstat("./50/cgroup.cpu", [pid 5797] close(11 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] unlink("./50/cgroup.cpu" [pid 5797] close(12 [pid 5070] <... unlink resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] getdents64(3, [pid 5797] close(13 [pid 5070] <... getdents64 resumed>0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] close(3 [pid 5797] close(14 [pid 5070] <... close resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] rmdir("./50" [pid 5797] close(15 [pid 5070] <... rmdir resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] mkdir("./51", 0777 [pid 5797] close(16 [pid 5070] <... mkdir resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5797] close(17) = -1 EBADF (Bad file descriptor) [ 210.807464][ T5798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 210.817575][ T5798] Call Trace: [ 210.820906][ T5798] [ 210.823904][ T5798] dump_stack_lvl+0x1e7/0x2d0 [ 210.828665][ T5798] ? nf_tcp_handle_invalid+0x640/0x640 [ 210.834302][ T5798] ? panic+0x770/0x770 [ 210.838457][ T5798] dump_header+0xdc/0x940 [ 210.842861][ T5798] out_of_memory+0xf21/0x12c0 [ 210.847629][ T5798] ? mutex_lock_io_nested+0x60/0x60 [ 210.852905][ T5798] ? mark_lock+0x9a/0x340 [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 53 [pid 5797] close(18) = -1 EBADF (Bad file descriptor) [pid 5797] close(19) = -1 EBADF (Bad file descriptor) [pid 5797] close(20) = -1 EBADF (Bad file descriptor) [pid 5797] close(21) = -1 EBADF (Bad file descriptor) [pid 5797] close(22) = -1 EBADF (Bad file descriptor) [pid 5797] close(23) = -1 EBADF (Bad file descriptor) [pid 5797] close(24) = -1 EBADF (Bad file descriptor) [pid 5797] close(25) = -1 EBADF (Bad file descriptor) [pid 5797] close(26) = -1 EBADF (Bad file descriptor) [ 210.857318][ T5798] ? unregister_oom_notifier+0x20/0x20 [ 210.862856][ T5798] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 210.869069][ T5798] mem_cgroup_out_of_memory+0x263/0x3b0 [ 210.874785][ T5798] ? mem_cgroup_oom_trylock+0x210/0x210 [ 210.880419][ T5798] ? cgroup_file_notify+0x127/0x190 [ 210.885709][ T5798] memory_max_write+0x355/0x470 [ 210.890623][ T5798] ? memory_max_show+0xa0/0xa0 [ 210.895418][ T5798] ? read_lock_is_recursive+0x20/0x20 [ 210.900823][ T5798] ? memory_max_show+0xa0/0xa0 [ 210.905608][ T5798] cgroup_file_write+0x2b1/0x780 [ 210.910580][ T5798] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.915901][ T5798] ? __virt_addr_valid+0x22f/0x2e0 [ 210.921057][ T5798] ? cgroup_seqfile_stop+0xd0/0xd0 [ 210.926219][ T5798] kernfs_fop_write_iter+0x3a6/0x4f0 [ 210.931554][ T5798] vfs_write+0x7b2/0xbb0 [ 210.935835][ T5798] ? file_end_write+0x240/0x240 [ 210.940740][ T5798] ? do_raw_spin_unlock+0x13b/0x8b0 [ 210.945987][ T5798] ? lockdep_hardirqs_on+0x98/0x140 [ 210.951218][ T5798] ? __fdget_pos+0x265/0x2f0 [ 210.955836][ T5798] ksys_write+0x1a0/0x2c0 [ 210.960189][ T5798] ? __ia32_sys_read+0x90/0x90 [ 210.964981][ T5798] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 210.971116][ T5798] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 210.977276][ T5798] do_syscall_64+0x41/0xc0 [ 210.981735][ T5798] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 210.987672][ T5798] RIP: 0033:0x7fd49ce20129 [ 210.992111][ T5798] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 211.011765][ T5798] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.020229][ T5798] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 211.028227][ T5798] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 211.036219][ T5798] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 211.044217][ T5798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c ./strace-static-x86_64: Process 5801 attached [pid 5797] close(27) = -1 EBADF (Bad file descriptor) [pid 5801] chdir("./51" [pid 5797] close(28 [pid 5801] <... chdir resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5797] close(29 [pid 5801] <... prctl resumed>) = 0 [pid 5797] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5801] setpgid(0, 0 [pid 5797] exit_group(0 [pid 5801] <... setpgid resumed>) = 0 [pid 5797] <... exit_group resumed>) = ? [pid 5801] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5797] +++ exited with 0 +++ [pid 5801] <... symlink resumed>) = 0 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5801] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5801] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] write(3, "1000", 4 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5801] <... write resumed>) = 4 [pid 5074] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5801] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5801] <... close resumed>) = 0 [pid 5074] fstat(3, [pid 5801] symlink("/dev/binderfs", "./binderfs" [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5801] <... symlink resumed>) = 0 [ 211.052202][ T5798] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000036 [ 211.060236][ T5798] [pid 5074] getdents64(3, [pid 5801] mkdir("./file0", 000 [pid 5074] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./58/binderfs" [pid 5801] <... mkdir resumed>) = 0 [pid 5074] <... unlink resumed>) = 0 [pid 5074] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5801] open("./file0", O_RDONLY [pid 5074] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./58/cgroup") = 0 [pid 5074] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5801] <... open resumed>) = 3 [pid 5074] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./58/cgroup.net") = 0 [pid 5801] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5074] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... mount resumed>) = 0 [pid 5074] <... umount2 resumed>) = 0 [pid 5801] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5074] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... openat resumed>) = 4 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./58/file0") = 0 [pid 5074] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./58/cgroup.cpu") = 0 [ 211.094643][ T5798] memory: usage 8kB, limit 0kB, failcnt 55 [ 211.104642][ T5798] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 211.120273][ T5798] Memory cgroup stats for /syz1: [ 211.120488][ T5798] anon 0 [ 211.120488][ T5798] file 0 [ 211.120488][ T5798] kernel 8192 [ 211.120488][ T5798] kernel_stack 0 [ 211.120488][ T5798] pagetables 0 [ 211.120488][ T5798] sec_pagetables 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./58") = 0 [pid 5074] mkdir("./59", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 61 [ 211.120488][ T5798] percpu 0 [ 211.120488][ T5798] sock 0 [ 211.120488][ T5798] vmalloc 0 [ 211.120488][ T5798] shmem 0 [ 211.120488][ T5798] zswap 0 [ 211.120488][ T5798] zswapped 0 [ 211.120488][ T5798] file_mapped 0 [ 211.120488][ T5798] file_dirty 0 [ 211.120488][ T5798] file_writeback 0 [ 211.120488][ T5798] swapcached 0 [ 211.120488][ T5798] anon_thp 0 [ 211.120488][ T5798] file_thp 0 [ 211.120488][ T5798] shmem_thp 0 [ 211.120488][ T5798] inactive_anon 0 [ 211.120488][ T5798] active_anon 0 [ 211.120488][ T5798] inactive_file 0 ./strace-static-x86_64: Process 5802 attached [pid 5801] openat(4, "syz1", O_RDWR|O_PATH [pid 5802] chdir("./59" [pid 5801] <... openat resumed>) = 5 [pid 5801] openat(5, "memory.max", O_RDWR [pid 5802] <... chdir resumed>) = 0 [pid 5801] <... openat resumed>) = 6 [pid 5801] write(6, "0x000000000000040e", 18 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5802] setpgid(0, 0) = 0 [ 211.120488][ T5798] active_file 0 [ 211.120488][ T5798] unevictable 0 [ 211.120488][ T5798] slab_reclaimable 6752 [ 211.120488][ T5798] slab_unreclaimable 0 [ 211.120488][ T5798] slab 6752 [ 211.120488][ T5798] workingset_refault_anon 0 [ 211.221060][ T5798] Tasks state (memory values in pages): [ 211.230997][ T5798] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5802] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5802] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5802] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5802] write(3, "1000", 4) = 4 [pid 5802] close(3) = 0 [pid 5802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5802] mkdir("./file0", 000) = 0 [pid 5802] open("./file0", O_RDONLY) = 3 [ 211.241176][ T5798] Out of memory and no killable processes... [pid 5798] <... write resumed>) = 18 [pid 5798] close(3) = 0 [pid 5798] close(4) = 0 [pid 5798] close(5) = 0 [pid 5798] close(6) = 0 [pid 5798] close(7) = -1 EBADF (Bad file descriptor) [pid 5798] close(8) = -1 EBADF (Bad file descriptor) [pid 5798] close(9) = -1 EBADF (Bad file descriptor) [pid 5798] close(10) = -1 EBADF (Bad file descriptor) [pid 5798] close(11) = -1 EBADF (Bad file descriptor) [pid 5798] close(12) = -1 EBADF (Bad file descriptor) [pid 5798] close(13) = -1 EBADF (Bad file descriptor) [pid 5798] close(14) = -1 EBADF (Bad file descriptor) [pid 5798] close(15) = -1 EBADF (Bad file descriptor) [pid 5798] close(16) = -1 EBADF (Bad file descriptor) [pid 5798] close(17) = -1 EBADF (Bad file descriptor) [pid 5798] close(18) = -1 EBADF (Bad file descriptor) [pid 5798] close(19) = -1 EBADF (Bad file descriptor) [pid 5798] close(20) = -1 EBADF (Bad file descriptor) [pid 5798] close(21) = -1 EBADF (Bad file descriptor) [pid 5798] close(22) = -1 EBADF (Bad file descriptor) [pid 5798] close(23) = -1 EBADF (Bad file descriptor) [pid 5798] close(24) = -1 EBADF (Bad file descriptor) [pid 5798] close(25) = -1 EBADF (Bad file descriptor) [pid 5798] close(26) = -1 EBADF (Bad file descriptor) [pid 5798] close(27) = -1 EBADF (Bad file descriptor) [pid 5798] close(28) = -1 EBADF (Bad file descriptor) [pid 5798] close(29) = -1 EBADF (Bad file descriptor) [pid 5802] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5798] exit_group(0) = ? [pid 5798] +++ exited with 0 +++ [pid 5802] <... mount resumed>) = 0 [pid 5802] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5802] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5802] openat(5, "memory.max", O_RDWR) = 6 [pid 5802] write(6, "0x000000000000040e", 18 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 211.267920][ T5799] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 211.279662][ T5799] CPU: 1 PID: 5799 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 211.290140][ T5799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 211.300253][ T5799] Call Trace: [ 211.303576][ T5799] [ 211.306562][ T5799] dump_stack_lvl+0x1e7/0x2d0 [ 211.311309][ T5799] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./54/binderfs") = 0 [pid 5073] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./54/cgroup") = 0 [pid 5073] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 211.316831][ T5799] ? panic+0x770/0x770 [ 211.320978][ T5799] dump_header+0xdc/0x940 [ 211.325391][ T5799] out_of_memory+0xf21/0x12c0 [ 211.330133][ T5799] ? mutex_lock_io_nested+0x60/0x60 [ 211.335400][ T5799] ? mark_lock+0x9a/0x340 [ 211.339781][ T5799] ? unregister_oom_notifier+0x20/0x20 [ 211.345303][ T5799] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 211.351348][ T5799] mem_cgroup_out_of_memory+0x263/0x3b0 [ 211.356962][ T5799] ? mem_cgroup_oom_trylock+0x210/0x210 [ 211.362590][ T5799] ? cgroup_file_notify+0x127/0x190 [ 211.367843][ T5799] memory_max_write+0x355/0x470 [ 211.372727][ T5799] ? memory_max_show+0xa0/0xa0 [ 211.377516][ T5799] ? read_lock_is_recursive+0x20/0x20 [ 211.382928][ T5799] ? memory_max_show+0xa0/0xa0 [ 211.387740][ T5799] cgroup_file_write+0x2b1/0x780 [ 211.392710][ T5799] ? cgroup_seqfile_stop+0xd0/0xd0 [ 211.397843][ T5799] ? __virt_addr_valid+0x22f/0x2e0 [ 211.402993][ T5799] ? cgroup_seqfile_stop+0xd0/0xd0 [ 211.408128][ T5799] kernfs_fop_write_iter+0x3a6/0x4f0 [ 211.413444][ T5799] vfs_write+0x7b2/0xbb0 [ 211.417719][ T5799] ? file_end_write+0x240/0x240 [ 211.422602][ T5799] ? do_raw_spin_unlock+0x13b/0x8b0 [ 211.427858][ T5799] ? lockdep_hardirqs_on+0x98/0x140 [ 211.433097][ T5799] ? __fdget_pos+0x265/0x2f0 [ 211.437751][ T5799] ksys_write+0x1a0/0x2c0 [ 211.442152][ T5799] ? __ia32_sys_read+0x90/0x90 [ 211.446953][ T5799] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 211.452975][ T5799] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 211.459012][ T5799] do_syscall_64+0x41/0xc0 [ 211.463470][ T5799] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 211.469416][ T5799] RIP: 0033:0x7fd49ce20129 [ 211.473857][ T5799] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 211.493488][ T5799] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.501956][ T5799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 211.509948][ T5799] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./54/cgroup.net") = 0 [ 211.517938][ T5799] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 211.525926][ T5799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 211.533918][ T5799] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000033 [ 211.541935][ T5799] [ 211.548143][ T5799] memory: usage 8kB, limit 0kB, failcnt 55 [ 211.554031][ T5799] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 211.562059][ T5799] Memory cgroup stats for /syz1: [ 211.562264][ T5799] anon 0 [ 211.562264][ T5799] file 0 [ 211.562264][ T5799] kernel 8192 [ 211.562264][ T5799] kernel_stack 0 [ 211.562264][ T5799] pagetables 0 [ 211.562264][ T5799] sec_pagetables 0 [ 211.562264][ T5799] percpu 0 [ 211.562264][ T5799] sock 0 [ 211.562264][ T5799] vmalloc 0 [ 211.562264][ T5799] shmem 0 [ 211.562264][ T5799] zswap 0 [ 211.562264][ T5799] zswapped 0 [ 211.562264][ T5799] file_mapped 0 [ 211.562264][ T5799] file_dirty 0 [ 211.562264][ T5799] file_writeback 0 [ 211.562264][ T5799] swapcached 0 [pid 5073] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 211.562264][ T5799] anon_thp 0 [ 211.562264][ T5799] file_thp 0 [ 211.562264][ T5799] shmem_thp 0 [ 211.562264][ T5799] inactive_anon 0 [ 211.562264][ T5799] active_anon 0 [ 211.562264][ T5799] inactive_file 0 [ 211.562264][ T5799] active_file 0 [ 211.562264][ T5799] unevictable 0 [ 211.562264][ T5799] slab_reclaimable 6752 [ 211.562264][ T5799] slab_unreclaimable 0 [ 211.562264][ T5799] slab 6752 [ 211.562264][ T5799] workingset_refault_anon 0 [ 211.662196][ T5799] Tasks state (memory values in pages): [pid 5073] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./54/file0", [pid 5799] <... write resumed>) = 18 [pid 5799] close(3) = 0 [pid 5799] close(4) = 0 [pid 5799] close(5) = 0 [pid 5799] close(6) = 0 [pid 5799] close(7) = -1 EBADF (Bad file descriptor) [pid 5799] close(8) = -1 EBADF (Bad file descriptor) [pid 5799] close(9) = -1 EBADF (Bad file descriptor) [pid 5799] close(10) = -1 EBADF (Bad file descriptor) [pid 5799] close(11) = -1 EBADF (Bad file descriptor) [pid 5799] close(12) = -1 EBADF (Bad file descriptor) [pid 5799] close(13) = -1 EBADF (Bad file descriptor) [pid 5799] close(14) = -1 EBADF (Bad file descriptor) [pid 5799] close(15) = -1 EBADF (Bad file descriptor) [pid 5799] close(16) = -1 EBADF (Bad file descriptor) [pid 5799] close(17) = -1 EBADF (Bad file descriptor) [pid 5799] close(18) = -1 EBADF (Bad file descriptor) [pid 5799] close(19 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./54/file0") = 0 [pid 5073] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./54/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./54") = 0 [pid 5073] mkdir("./55", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5803 attached [pid 5803] chdir("./55" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 57 [pid 5803] <... chdir resumed>) = 0 [ 211.667971][ T5799] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 211.678063][ T5799] Out of memory and no killable processes... [ 211.684137][ T5800] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 211.694811][ T5800] CPU: 1 PID: 5800 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 211.705289][ T5800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 211.715393][ T5800] Call Trace: [ 211.718712][ T5800] [ 211.721683][ T5800] dump_stack_lvl+0x1e7/0x2d0 [ 211.726420][ T5800] ? nf_tcp_handle_invalid+0x640/0x640 [ 211.731938][ T5800] ? panic+0x770/0x770 [ 211.736091][ T5800] dump_header+0xdc/0x940 [ 211.740484][ T5800] out_of_memory+0xf21/0x12c0 [ 211.745219][ T5800] ? mutex_lock_io_nested+0x60/0x60 [ 211.750478][ T5800] ? preempt_schedule+0xdd/0xf0 [ 211.755390][ T5800] ? unregister_oom_notifier+0x20/0x20 [ 211.760907][ T5800] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 211.766969][ T5800] mem_cgroup_out_of_memory+0x263/0x3b0 [ 211.772586][ T5800] ? preempt_schedule_thunk+0x1a/0x20 [ 211.778031][ T5800] ? mem_cgroup_oom_trylock+0x210/0x210 [ 211.783665][ T5800] ? cgroup_file_notify+0x127/0x190 [ 211.788937][ T5800] memory_max_write+0x355/0x470 [ 211.793865][ T5800] ? memory_max_show+0xa0/0xa0 [ 211.798684][ T5800] ? read_lock_is_recursive+0x20/0x20 [ 211.804087][ T5800] ? memory_max_show+0xa0/0xa0 [ 211.808875][ T5800] cgroup_file_write+0x2b1/0x780 [ 211.813843][ T5800] ? cgroup_seqfile_stop+0xd0/0xd0 [ 211.818995][ T5800] ? __virt_addr_valid+0x22f/0x2e0 [ 211.824164][ T5800] ? cgroup_seqfile_stop+0xd0/0xd0 [ 211.829303][ T5800] kernfs_fop_write_iter+0x3a6/0x4f0 [ 211.834618][ T5800] vfs_write+0x7b2/0xbb0 [ 211.838891][ T5800] ? file_end_write+0x240/0x240 [ 211.843768][ T5800] ? do_raw_spin_unlock+0x13b/0x8b0 [ 211.848980][ T5800] ? lockdep_hardirqs_on+0x98/0x140 [ 211.854205][ T5800] ? __fdget_pos+0x265/0x2f0 [ 211.858817][ T5800] ksys_write+0x1a0/0x2c0 [ 211.863172][ T5800] ? __ia32_sys_read+0x90/0x90 [ 211.867993][ T5800] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 211.874001][ T5800] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 211.880009][ T5800] do_syscall_64+0x41/0xc0 [ 211.884473][ T5800] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 211.890436][ T5800] RIP: 0033:0x7fd49ce20129 [ 211.894889][ T5800] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5803] setpgid(0, 0) = 0 [pid 5803] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5803] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5803] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5803] write(3, "1000", 4) = 4 [pid 5803] close(3) = 0 [pid 5803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5803] mkdir("./file0", 000) = 0 [pid 5803] open("./file0", O_RDONLY) = 3 [ 211.914523][ T5800] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.922967][ T5800] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 211.930955][ T5800] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 211.938943][ T5800] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 211.946929][ T5800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 211.954916][ T5800] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000039 [ 211.962924][ T5800] [pid 5803] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5803] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5803] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5803] openat(5, "memory.max", O_RDWR) = 6 [pid 5803] write(6, "0x000000000000040e", 18 [pid 5799] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5799] close(20) = -1 EBADF (Bad file descriptor) [pid 5799] close(21) = -1 EBADF (Bad file descriptor) [pid 5799] close(22) = -1 EBADF (Bad file descriptor) [pid 5799] close(23) = -1 EBADF (Bad file descriptor) [pid 5799] close(24) = -1 EBADF (Bad file descriptor) [pid 5799] close(25) = -1 EBADF (Bad file descriptor) [pid 5799] close(26) = -1 EBADF (Bad file descriptor) [pid 5799] close(27) = -1 EBADF (Bad file descriptor) [pid 5799] close(28) = -1 EBADF (Bad file descriptor) [pid 5799] close(29) = -1 EBADF (Bad file descriptor) [pid 5799] exit_group(0) = ? [pid 5799] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./51/binderfs") = 0 [pid 5072] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./51/cgroup") = 0 [pid 5072] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./51/cgroup.net") = 0 [ 211.968882][ T5800] memory: usage 8kB, limit 0kB, failcnt 55 [ 211.974756][ T5800] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 211.982629][ T5800] Memory cgroup stats for /syz1: [ 211.983133][ T5800] anon 0 [ 211.983133][ T5800] file 0 [ 211.983133][ T5800] kernel 8192 [ 211.983133][ T5800] kernel_stack 0 [ 211.983133][ T5800] pagetables 0 [ 211.983133][ T5800] sec_pagetables 0 [ 211.983133][ T5800] percpu 0 [ 211.983133][ T5800] sock 0 [ 211.983133][ T5800] vmalloc 0 [ 211.983133][ T5800] shmem 0 [ 211.983133][ T5800] zswap 0 [ 211.983133][ T5800] zswapped 0 [ 211.983133][ T5800] file_mapped 0 [ 211.983133][ T5800] file_dirty 0 [ 211.983133][ T5800] file_writeback 0 [ 211.983133][ T5800] swapcached 0 [ 211.983133][ T5800] anon_thp 0 [ 211.983133][ T5800] file_thp 0 [ 211.983133][ T5800] shmem_thp 0 [ 211.983133][ T5800] inactive_anon 0 [ 211.983133][ T5800] active_anon 0 [ 211.983133][ T5800] inactive_file 0 [ 211.983133][ T5800] active_file 0 [ 211.983133][ T5800] unevictable 0 [ 211.983133][ T5800] slab_reclaimable 6752 [ 211.983133][ T5800] slab_unreclaimable 0 [pid 5072] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./51/file0") = 0 [pid 5072] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./51/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./51") = 0 [pid 5072] mkdir("./52", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached [pid 5804] chdir("./52" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 54 [pid 5804] <... chdir resumed>) = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5804] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5804] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 211.983133][ T5800] slab 6752 [ 211.983133][ T5800] workingset_refault_anon 0 [ 212.102620][ T5800] Tasks state (memory values in pages): [ 212.110024][ T5800] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] mkdir("./file0", 000) = 0 [pid 5804] open("./file0", O_RDONLY) = 3 [pid 5804] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5804] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5804] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5804] openat(5, "memory.max", O_RDWR) = 6 [pid 5804] write(6, "0x000000000000040e", 18 [pid 5800] <... write resumed>) = 18 [pid 5800] close(3) = 0 [pid 5800] close(4) = 0 [pid 5800] close(5) = 0 [pid 5800] close(6) = 0 [pid 5800] close(7) = -1 EBADF (Bad file descriptor) [pid 5800] close(8) = -1 EBADF (Bad file descriptor) [pid 5800] close(9) = -1 EBADF (Bad file descriptor) [ 212.119915][ T5800] Out of memory and no killable processes... [ 212.126141][ T5801] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 212.153593][ T5801] CPU: 0 PID: 5801 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5800] close(10) = -1 EBADF (Bad file descriptor) [pid 5800] close(11) = -1 EBADF (Bad file descriptor) [pid 5800] close(12) = -1 EBADF (Bad file descriptor) [pid 5800] close(13) = -1 EBADF (Bad file descriptor) [pid 5800] close(14) = -1 EBADF (Bad file descriptor) [pid 5800] close(15) = -1 EBADF (Bad file descriptor) [pid 5800] close(16) = -1 EBADF (Bad file descriptor) [pid 5800] close(17) = -1 EBADF (Bad file descriptor) [pid 5800] close(18) = -1 EBADF (Bad file descriptor) [pid 5800] close(19) = -1 EBADF (Bad file descriptor) [pid 5800] close(20) = -1 EBADF (Bad file descriptor) [pid 5800] close(21) = -1 EBADF (Bad file descriptor) [pid 5800] close(22) = -1 EBADF (Bad file descriptor) [pid 5800] close(23) = -1 EBADF (Bad file descriptor) [pid 5800] close(24) = -1 EBADF (Bad file descriptor) [pid 5800] close(25) = -1 EBADF (Bad file descriptor) [pid 5800] close(26) = -1 EBADF (Bad file descriptor) [pid 5800] close(27) = -1 EBADF (Bad file descriptor) [pid 5800] close(28) = -1 EBADF (Bad file descriptor) [pid 5800] close(29) = -1 EBADF (Bad file descriptor) [pid 5800] exit_group(0) = ? [pid 5800] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./57/binderfs") = 0 [pid 5075] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./57/cgroup") = 0 [pid 5075] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./57/cgroup.net") = 0 [ 212.164092][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 212.174204][ T5801] Call Trace: [ 212.177533][ T5801] [ 212.180516][ T5801] dump_stack_lvl+0x1e7/0x2d0 [ 212.185265][ T5801] ? nf_tcp_handle_invalid+0x640/0x640 [ 212.190796][ T5801] ? panic+0x770/0x770 [ 212.194942][ T5801] dump_header+0xdc/0x940 [ 212.199337][ T5801] out_of_memory+0xf21/0x12c0 [ 212.204091][ T5801] ? mutex_lock_io_nested+0x60/0x60 [ 212.209367][ T5801] ? mark_lock+0x9a/0x340 [ 212.213755][ T5801] ? unregister_oom_notifier+0x20/0x20 [ 212.219283][ T5801] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 212.225329][ T5801] mem_cgroup_out_of_memory+0x263/0x3b0 [ 212.230914][ T5801] ? mem_cgroup_oom_trylock+0x210/0x210 [ 212.236509][ T5801] ? cgroup_file_notify+0x127/0x190 [ 212.241757][ T5801] memory_max_write+0x355/0x470 [ 212.246655][ T5801] ? memory_max_show+0xa0/0xa0 [ 212.251461][ T5801] ? read_lock_is_recursive+0x20/0x20 [ 212.256892][ T5801] ? memory_max_show+0xa0/0xa0 [ 212.261717][ T5801] cgroup_file_write+0x2b1/0x780 [ 212.266681][ T5801] ? cgroup_seqfile_stop+0xd0/0xd0 [ 212.271826][ T5801] ? __virt_addr_valid+0x22f/0x2e0 [ 212.277007][ T5801] ? cgroup_seqfile_stop+0xd0/0xd0 [ 212.282167][ T5801] kernfs_fop_write_iter+0x3a6/0x4f0 [ 212.287504][ T5801] vfs_write+0x7b2/0xbb0 [ 212.291790][ T5801] ? file_end_write+0x240/0x240 [ 212.296686][ T5801] ? do_raw_spin_unlock+0x13b/0x8b0 [ 212.301928][ T5801] ? lockdep_hardirqs_on+0x98/0x140 [ 212.307172][ T5801] ? __fdget_pos+0x265/0x2f0 [ 212.311807][ T5801] ksys_write+0x1a0/0x2c0 [ 212.316181][ T5801] ? __ia32_sys_read+0x90/0x90 [ 212.321004][ T5801] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 212.327052][ T5801] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 212.333137][ T5801] do_syscall_64+0x41/0xc0 [ 212.337603][ T5801] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 212.343553][ T5801] RIP: 0033:0x7fd49ce20129 [ 212.347990][ T5801] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.367648][ T5801] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 212.376139][ T5801] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 212.384146][ T5801] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 212.392151][ T5801] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 212.400155][ T5801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 212.408148][ T5801] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000033 [ 212.416187][ T5801] [pid 5075] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./57/file0") = 0 [pid 5075] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./57/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./57") = 0 [pid 5075] mkdir("./58", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 60 [ 212.431938][ T5801] memory: usage 8kB, limit 0kB, failcnt 55 [ 212.438004][ T5801] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 212.445013][ T5801] Memory cgroup stats for /syz1: [ 212.445230][ T5801] anon 0 [ 212.445230][ T5801] file 0 [ 212.445230][ T5801] kernel 8192 [ 212.445230][ T5801] kernel_stack 0 [ 212.445230][ T5801] pagetables 0 [ 212.445230][ T5801] sec_pagetables 0 [ 212.445230][ T5801] percpu 0 [ 212.445230][ T5801] sock 0 [ 212.445230][ T5801] vmalloc 0 [ 212.445230][ T5801] shmem 0 ./strace-static-x86_64: Process 5805 attached [pid 5805] chdir("./58") = 0 [pid 5805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5805] setpgid(0, 0) = 0 [pid 5805] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5805] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5805] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5805] write(3, "1000", 4) = 4 [pid 5805] close(3) = 0 [pid 5805] symlink("/dev/binderfs", "./binderfs") = 0 [ 212.445230][ T5801] zswap 0 [ 212.445230][ T5801] zswapped 0 [ 212.445230][ T5801] file_mapped 0 [ 212.445230][ T5801] file_dirty 0 [ 212.445230][ T5801] file_writeback 0 [ 212.445230][ T5801] swapcached 0 [ 212.445230][ T5801] anon_thp 0 [ 212.445230][ T5801] file_thp 0 [ 212.445230][ T5801] shmem_thp 0 [ 212.445230][ T5801] inactive_anon 0 [ 212.445230][ T5801] active_anon 0 [ 212.445230][ T5801] inactive_file 0 [ 212.445230][ T5801] active_file 0 [ 212.445230][ T5801] unevictable 0 [ 212.445230][ T5801] slab_reclaimable 6752 [pid 5805] mkdir("./file0", 000) = 0 [pid 5805] open("./file0", O_RDONLY) = 3 [pid 5805] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5805] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5805] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5805] openat(5, "memory.max", O_RDWR) = 6 [ 212.445230][ T5801] slab_unreclaimable 0 [ 212.445230][ T5801] slab 6752 [ 212.445230][ T5801] workingset_refault_anon 0 [ 212.559048][ T5801] Tasks state (memory values in pages): [ 212.564672][ T5801] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5805] write(6, "0x000000000000040e", 18 [pid 5801] <... write resumed>) = 18 [pid 5801] close(3) = 0 [pid 5801] close(4) = 0 [pid 5801] close(5) = 0 [pid 5801] close(6) = 0 [pid 5801] close(7) = -1 EBADF (Bad file descriptor) [pid 5801] close(8) = -1 EBADF (Bad file descriptor) [pid 5801] close(9) = -1 EBADF (Bad file descriptor) [pid 5801] close(10) = -1 EBADF (Bad file descriptor) [pid 5801] close(11) = -1 EBADF (Bad file descriptor) [pid 5801] close(12) = -1 EBADF (Bad file descriptor) [pid 5801] close(13) = -1 EBADF (Bad file descriptor) [pid 5801] close(14) = -1 EBADF (Bad file descriptor) [pid 5801] close(15) = -1 EBADF (Bad file descriptor) [pid 5801] close(16) = -1 EBADF (Bad file descriptor) [pid 5801] close(17) = -1 EBADF (Bad file descriptor) [pid 5801] close(18) = -1 EBADF (Bad file descriptor) [pid 5801] close(19) = -1 EBADF (Bad file descriptor) [pid 5801] close(20) = -1 EBADF (Bad file descriptor) [pid 5801] close(21) = -1 EBADF (Bad file descriptor) [pid 5801] close(22) = -1 EBADF (Bad file descriptor) [pid 5801] close(23) = -1 EBADF (Bad file descriptor) [pid 5801] close(24) = -1 EBADF (Bad file descriptor) [pid 5801] close(25) = -1 EBADF (Bad file descriptor) [pid 5801] close(26) = -1 EBADF (Bad file descriptor) [ 212.579040][ T5801] Out of memory and no killable processes... [ 212.585131][ T5802] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 212.600260][ T5802] CPU: 0 PID: 5802 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 212.610753][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 212.620864][ T5802] Call Trace: [ 212.624189][ T5802] [ 212.627160][ T5802] dump_stack_lvl+0x1e7/0x2d0 [pid 5801] close(27) = -1 EBADF (Bad file descriptor) [pid 5801] close(28) = -1 EBADF (Bad file descriptor) [pid 5801] close(29) = -1 EBADF (Bad file descriptor) [pid 5801] exit_group(0) = ? [pid 5801] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./51/binderfs") = 0 [pid 5070] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./51/cgroup") = 0 [pid 5070] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./51/cgroup.net") = 0 [ 212.631904][ T5802] ? nf_tcp_handle_invalid+0x640/0x640 [ 212.637423][ T5802] ? panic+0x770/0x770 [ 212.641567][ T5802] dump_header+0xdc/0x940 [ 212.645962][ T5802] out_of_memory+0xf21/0x12c0 [ 212.650794][ T5802] ? mutex_lock_io_nested+0x60/0x60 [ 212.656060][ T5802] ? preempt_schedule+0xdd/0xf0 [ 212.661040][ T5802] ? unregister_oom_notifier+0x20/0x20 [ 212.666561][ T5802] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 212.672789][ T5802] ? lockdep_hardirqs_on+0x98/0x140 [ 212.678068][ T5802] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 212.684272][ T5802] mem_cgroup_out_of_memory+0x263/0x3b0 [ 212.689863][ T5802] ? preempt_schedule_thunk+0x1a/0x20 [ 212.695270][ T5802] ? mem_cgroup_oom_trylock+0x210/0x210 [ 212.700859][ T5802] ? cgroup_file_notify+0x127/0x190 [ 212.706088][ T5802] memory_max_write+0x355/0x470 [ 212.710971][ T5802] ? memory_max_show+0xa0/0xa0 [ 212.715779][ T5802] ? read_lock_is_recursive+0x20/0x20 [ 212.721191][ T5802] ? memory_max_show+0xa0/0xa0 [ 212.725989][ T5802] cgroup_file_write+0x2b1/0x780 [ 212.730963][ T5802] ? cgroup_seqfile_stop+0xd0/0xd0 [ 212.736114][ T5802] ? __virt_addr_valid+0x22f/0x2e0 [ 212.741262][ T5802] ? cgroup_seqfile_stop+0xd0/0xd0 [ 212.746428][ T5802] kernfs_fop_write_iter+0x3a6/0x4f0 [ 212.751793][ T5802] vfs_write+0x7b2/0xbb0 [ 212.756082][ T5802] ? file_end_write+0x240/0x240 [ 212.760968][ T5802] ? do_raw_spin_unlock+0x13b/0x8b0 [ 212.766191][ T5802] ? lockdep_hardirqs_on+0x98/0x140 [ 212.771437][ T5802] ? __fdget_pos+0x265/0x2f0 [ 212.776066][ T5802] ksys_write+0x1a0/0x2c0 [ 212.780440][ T5802] ? __ia32_sys_read+0x90/0x90 [ 212.785239][ T5802] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 212.791273][ T5802] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 212.797289][ T5802] do_syscall_64+0x41/0xc0 [ 212.801732][ T5802] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 212.807652][ T5802] RIP: 0033:0x7fd49ce20129 [ 212.812082][ T5802] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.831704][ T5802] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 212.840180][ T5802] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 212.848196][ T5802] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 212.856191][ T5802] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 212.864184][ T5802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 212.872176][ T5802] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003b [ 212.880189][ T5802] [pid 5070] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 212.886598][ T5802] memory: usage 8kB, limit 0kB, failcnt 55 [ 212.892475][ T5802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 212.901493][ T5802] Memory cgroup stats for /syz1: [ 212.901705][ T5802] anon 0 [ 212.901705][ T5802] file 0 [ 212.901705][ T5802] kernel 8192 [ 212.901705][ T5802] kernel_stack 0 [ 212.901705][ T5802] pagetables 0 [ 212.901705][ T5802] sec_pagetables 0 [ 212.901705][ T5802] percpu 0 [ 212.901705][ T5802] sock 0 [ 212.901705][ T5802] vmalloc 0 [ 212.901705][ T5802] shmem 0 [ 212.901705][ T5802] zswap 0 [ 212.901705][ T5802] zswapped 0 [ 212.901705][ T5802] file_mapped 0 [ 212.901705][ T5802] file_dirty 0 [ 212.901705][ T5802] file_writeback 0 [ 212.901705][ T5802] swapcached 0 [ 212.901705][ T5802] anon_thp 0 [ 212.901705][ T5802] file_thp 0 [ 212.901705][ T5802] shmem_thp 0 [ 212.901705][ T5802] inactive_anon 0 [ 212.901705][ T5802] active_anon 0 [ 212.901705][ T5802] inactive_file 0 [ 212.901705][ T5802] active_file 0 [ 212.901705][ T5802] unevictable 0 [ 212.901705][ T5802] slab_reclaimable 6752 [pid 5070] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./51/file0") = 0 [pid 5070] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./51/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 212.901705][ T5802] slab_unreclaimable 0 [ 212.901705][ T5802] slab 6752 [ 212.901705][ T5802] workingset_refault_anon 0 [ 213.000333][ T5802] Tasks state (memory values in pages): [ 213.006238][ T5802] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 213.020280][ T5802] Out of memory and no killable processes... [pid 5070] close(3) = 0 [pid 5802] <... write resumed>) = 18 [pid 5802] close(3 [pid 5070] rmdir("./51") = 0 [pid 5070] mkdir("./52", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5806 attached , child_tidptr=0x5555574ac5d0) = 54 [pid 5806] chdir("./52") = 0 [pid 5806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5806] setpgid(0, 0) = 0 [pid 5806] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5806] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5806] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] write(3, "1000", 4) = 4 [pid 5806] close(3) = 0 [pid 5806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5806] mkdir("./file0", 000) = 0 [pid 5806] open("./file0", O_RDONLY) = 3 [pid 5806] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5806] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5806] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5806] openat(5, "memory.max", O_RDWR) = 6 [ 213.027929][ T5803] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 213.039592][ T5803] CPU: 1 PID: 5803 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 213.050082][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 213.060192][ T5803] Call Trace: [ 213.063515][ T5803] [ 213.066493][ T5803] dump_stack_lvl+0x1e7/0x2d0 [ 213.071235][ T5803] ? nf_tcp_handle_invalid+0x640/0x640 [ 213.076775][ T5803] ? panic+0x770/0x770 [ 213.080929][ T5803] dump_header+0xdc/0x940 [ 213.085319][ T5803] out_of_memory+0xf21/0x12c0 [ 213.090090][ T5803] ? mutex_lock_io_nested+0x60/0x60 [ 213.095369][ T5803] ? preempt_schedule+0xdd/0xf0 [ 213.100283][ T5803] ? unregister_oom_notifier+0x20/0x20 [ 213.105818][ T5803] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 213.112027][ T5803] ? lockdep_hardirqs_on+0x98/0x140 [ 213.117297][ T5803] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 213.123519][ T5803] mem_cgroup_out_of_memory+0x263/0x3b0 [ 213.129154][ T5803] ? preempt_schedule_thunk+0x1a/0x20 [ 213.134658][ T5803] ? mem_cgroup_oom_trylock+0x210/0x210 [ 213.140292][ T5803] ? cgroup_file_notify+0x127/0x190 [ 213.145568][ T5803] memory_max_write+0x355/0x470 [ 213.150491][ T5803] ? memory_max_show+0xa0/0xa0 [ 213.155669][ T5803] ? read_lock_is_recursive+0x20/0x20 [ 213.161108][ T5803] ? memory_max_show+0xa0/0xa0 [ 213.165952][ T5803] cgroup_file_write+0x2b1/0x780 [ 213.170977][ T5803] ? cgroup_seqfile_stop+0xd0/0xd0 [ 213.176149][ T5803] ? __virt_addr_valid+0x22f/0x2e0 [ 213.181352][ T5803] ? cgroup_seqfile_stop+0xd0/0xd0 [ 213.186516][ T5803] kernfs_fop_write_iter+0x3a6/0x4f0 [ 213.191867][ T5803] vfs_write+0x7b2/0xbb0 [ 213.196179][ T5803] ? file_end_write+0x240/0x240 [ 213.201100][ T5803] ? do_raw_spin_unlock+0x13b/0x8b0 [ 213.206362][ T5803] ? lockdep_hardirqs_on+0x98/0x140 [ 213.211630][ T5803] ? __fdget_pos+0x265/0x2f0 [ 213.216280][ T5803] ksys_write+0x1a0/0x2c0 [ 213.220678][ T5803] ? __ia32_sys_read+0x90/0x90 [ 213.225500][ T5803] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 213.231548][ T5803] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 213.237577][ T5803] do_syscall_64+0x41/0xc0 [ 213.242016][ T5803] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 213.247951][ T5803] RIP: 0033:0x7fd49ce20129 [ 213.252399][ T5803] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.272019][ T5803] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 213.280470][ T5803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5806] write(6, "0x000000000000040e", 18 [pid 5802] <... close resumed>) = 0 [pid 5802] close(4) = 0 [pid 5802] close(5) = 0 [pid 5802] close(6) = 0 [pid 5802] close(7) = -1 EBADF (Bad file descriptor) [pid 5802] close(8) = -1 EBADF (Bad file descriptor) [pid 5802] close(9) = -1 EBADF (Bad file descriptor) [pid 5802] close(10) = -1 EBADF (Bad file descriptor) [pid 5802] close(11) = -1 EBADF (Bad file descriptor) [pid 5802] close(12) = -1 EBADF (Bad file descriptor) [pid 5802] close(13) = -1 EBADF (Bad file descriptor) [pid 5802] close(14) = -1 EBADF (Bad file descriptor) [pid 5802] close(15) = -1 EBADF (Bad file descriptor) [pid 5802] close(16) = -1 EBADF (Bad file descriptor) [pid 5802] close(17) = -1 EBADF (Bad file descriptor) [pid 5802] close(18) = -1 EBADF (Bad file descriptor) [pid 5802] close(19) = -1 EBADF (Bad file descriptor) [pid 5802] close(20) = -1 EBADF (Bad file descriptor) [pid 5802] close(21) = -1 EBADF (Bad file descriptor) [pid 5802] close(22) = -1 EBADF (Bad file descriptor) [pid 5802] close(23) = -1 EBADF (Bad file descriptor) [pid 5802] close(24) = -1 EBADF (Bad file descriptor) [pid 5802] close(25) = -1 EBADF (Bad file descriptor) [pid 5802] close(26) = -1 EBADF (Bad file descriptor) [pid 5802] close(27) = -1 EBADF (Bad file descriptor) [pid 5802] close(28) = -1 EBADF (Bad file descriptor) [pid 5802] close(29) = -1 EBADF (Bad file descriptor) [pid 5802] exit_group(0) = ? [pid 5802] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./59/binderfs") = 0 [pid 5074] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./59/cgroup") = 0 [pid 5074] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./59/cgroup.net") = 0 [pid 5074] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 213.288489][ T5803] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 213.296503][ T5803] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 213.304545][ T5803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 213.312558][ T5803] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000037 [ 213.320598][ T5803] [pid 5074] rmdir("./59/file0") = 0 [pid 5074] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./59/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./59") = 0 [pid 5074] mkdir("./60", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5807 attached [pid 5807] chdir("./60" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 62 [pid 5807] <... chdir resumed>) = 0 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5807] setpgid(0, 0) = 0 [pid 5807] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5807] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5807] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5807] write(3, "1000", 4) = 4 [pid 5807] close(3) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5807] mkdir("./file0", 000) = 0 [pid 5807] open("./file0", O_RDONLY) = 3 [pid 5807] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5807] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5807] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5807] openat(5, "memory.max", O_RDWR) = 6 [ 213.338223][ T5803] memory: usage 8kB, limit 0kB, failcnt 55 [ 213.345097][ T5803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 213.360590][ T5803] Memory cgroup stats for /syz1: [ 213.360795][ T5803] anon 0 [ 213.360795][ T5803] file 0 [ 213.360795][ T5803] kernel 8192 [ 213.360795][ T5803] kernel_stack 0 [ 213.360795][ T5803] pagetables 0 [ 213.360795][ T5803] sec_pagetables 0 [ 213.360795][ T5803] percpu 0 [ 213.360795][ T5803] sock 0 [ 213.360795][ T5803] vmalloc 0 [ 213.360795][ T5803] shmem 0 [ 213.360795][ T5803] zswap 0 [ 213.360795][ T5803] zswapped 0 [ 213.360795][ T5803] file_mapped 0 [ 213.360795][ T5803] file_dirty 0 [ 213.360795][ T5803] file_writeback 0 [ 213.360795][ T5803] swapcached 0 [ 213.360795][ T5803] anon_thp 0 [ 213.360795][ T5803] file_thp 0 [ 213.360795][ T5803] shmem_thp 0 [ 213.360795][ T5803] inactive_anon 0 [ 213.360795][ T5803] active_anon 0 [ 213.360795][ T5803] inactive_file 0 [ 213.360795][ T5803] active_file 0 [ 213.360795][ T5803] unevictable 0 [ 213.360795][ T5803] slab_reclaimable 6752 [ 213.360795][ T5803] slab_unreclaimable 0 [ 213.360795][ T5803] slab 6752 [ 213.360795][ T5803] workingset_refault_anon 0 [ 213.461039][ T5803] Tasks state (memory values in pages): [ 213.467580][ T5803] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 213.479818][ T5803] Out of memory and no killable processes... [pid 5807] write(6, "0x000000000000040e", 18 [pid 5803] <... write resumed>) = 18 [pid 5803] close(3) = 0 [pid 5803] close(4) = 0 [pid 5803] close(5) = 0 [pid 5803] close(6) = 0 [pid 5803] close(7) = -1 EBADF (Bad file descriptor) [pid 5803] close(8) = -1 EBADF (Bad file descriptor) [pid 5803] close(9) = -1 EBADF (Bad file descriptor) [pid 5803] close(10) = -1 EBADF (Bad file descriptor) [pid 5803] close(11) = -1 EBADF (Bad file descriptor) [pid 5803] close(12) = -1 EBADF (Bad file descriptor) [pid 5803] close(13) = -1 EBADF (Bad file descriptor) [pid 5803] close(14) = -1 EBADF (Bad file descriptor) [pid 5803] close(15) = -1 EBADF (Bad file descriptor) [pid 5803] close(16) = -1 EBADF (Bad file descriptor) [ 213.489420][ T5804] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 213.506680][ T5804] CPU: 1 PID: 5804 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 213.517160][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 213.527261][ T5804] Call Trace: [ 213.530602][ T5804] [ 213.533574][ T5804] dump_stack_lvl+0x1e7/0x2d0 [ 213.538328][ T5804] ? nf_tcp_handle_invalid+0x640/0x640 [ 213.543844][ T5804] ? panic+0x770/0x770 [ 213.547983][ T5804] dump_header+0xdc/0x940 [ 213.552372][ T5804] out_of_memory+0xf21/0x12c0 [ 213.557110][ T5804] ? mutex_lock_io_nested+0x60/0x60 [ 213.562378][ T5804] ? preempt_schedule+0xdd/0xf0 [ 213.567297][ T5804] ? unregister_oom_notifier+0x20/0x20 [ 213.572817][ T5804] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 213.578868][ T5804] mem_cgroup_out_of_memory+0x263/0x3b0 [ 213.584461][ T5804] ? preempt_schedule_thunk+0x1a/0x20 [pid 5803] close(17) = -1 EBADF (Bad file descriptor) [pid 5803] close(18) = -1 EBADF (Bad file descriptor) [pid 5803] close(19) = -1 EBADF (Bad file descriptor) [pid 5803] close(20) = -1 EBADF (Bad file descriptor) [pid 5803] close(21) = -1 EBADF (Bad file descriptor) [pid 5803] close(22) = -1 EBADF (Bad file descriptor) [pid 5803] close(23) = -1 EBADF (Bad file descriptor) [pid 5803] close(24) = -1 EBADF (Bad file descriptor) [pid 5803] close(25) = -1 EBADF (Bad file descriptor) [ 213.589890][ T5804] ? mem_cgroup_oom_trylock+0x210/0x210 [ 213.595489][ T5804] ? cgroup_file_notify+0x127/0x190 [ 213.600722][ T5804] memory_max_write+0x355/0x470 [ 213.605632][ T5804] ? memory_max_show+0xa0/0xa0 [ 213.610441][ T5804] ? read_lock_is_recursive+0x20/0x20 [ 213.615845][ T5804] ? memory_max_show+0xa0/0xa0 [ 213.620628][ T5804] cgroup_file_write+0x2b1/0x780 [ 213.625587][ T5804] ? cgroup_seqfile_stop+0xd0/0xd0 [ 213.630716][ T5804] ? __virt_addr_valid+0x22f/0x2e0 [ 213.635892][ T5804] ? cgroup_seqfile_stop+0xd0/0xd0 [ 213.641018][ T5804] kernfs_fop_write_iter+0x3a6/0x4f0 [ 213.646331][ T5804] vfs_write+0x7b2/0xbb0 [ 213.650603][ T5804] ? file_end_write+0x240/0x240 [ 213.655473][ T5804] ? do_raw_spin_unlock+0x13b/0x8b0 [ 213.660691][ T5804] ? lockdep_hardirqs_on+0x98/0x140 [ 213.665918][ T5804] ? __fdget_pos+0x265/0x2f0 [ 213.670529][ T5804] ksys_write+0x1a0/0x2c0 [ 213.674899][ T5804] ? __ia32_sys_read+0x90/0x90 [ 213.679696][ T5804] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 213.685708][ T5804] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 213.691717][ T5804] do_syscall_64+0x41/0xc0 [ 213.696154][ T5804] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 213.702089][ T5804] RIP: 0033:0x7fd49ce20129 [ 213.706523][ T5804] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.726156][ T5804] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5803] close(26) = -1 EBADF (Bad file descriptor) [pid 5803] close(27) = -1 EBADF (Bad file descriptor) [pid 5803] close(28) = -1 EBADF (Bad file descriptor) [pid 5803] close(29) = -1 EBADF (Bad file descriptor) [pid 5803] exit_group(0) = ? [pid 5803] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./55/binderfs") = 0 [pid 5073] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./55/cgroup") = 0 [pid 5073] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./55/cgroup.net") = 0 [ 213.734615][ T5804] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 213.742662][ T5804] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 213.750661][ T5804] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 213.758662][ T5804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 213.766660][ T5804] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000034 [ 213.774675][ T5804] [ 213.780370][ T5804] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5073] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./55/file0") = 0 [pid 5073] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./55/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./55") = 0 [pid 5073] mkdir("./56", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5808 attached [ 213.786407][ T5804] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 213.793582][ T5804] Memory cgroup stats for /syz1: [ 213.793792][ T5804] anon 0 [ 213.793792][ T5804] file 0 [ 213.793792][ T5804] kernel 8192 [ 213.793792][ T5804] kernel_stack 0 [ 213.793792][ T5804] pagetables 0 [ 213.793792][ T5804] sec_pagetables 0 [ 213.793792][ T5804] percpu 0 [ 213.793792][ T5804] sock 0 [ 213.793792][ T5804] vmalloc 0 [ 213.793792][ T5804] shmem 0 [ 213.793792][ T5804] zswap 0 [ 213.793792][ T5804] zswapped 0 [ 213.793792][ T5804] file_mapped 0 [pid 5808] chdir("./56" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 58 [pid 5808] <... chdir resumed>) = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5808] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5808] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4) = 4 [pid 5808] close(3) = 0 [pid 5808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5808] mkdir("./file0", 000) = 0 [pid 5808] open("./file0", O_RDONLY) = 3 [pid 5808] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5808] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5808] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5808] openat(5, "memory.max", O_RDWR) = 6 [ 213.793792][ T5804] file_dirty 0 [ 213.793792][ T5804] file_writeback 0 [ 213.793792][ T5804] swapcached 0 [ 213.793792][ T5804] anon_thp 0 [ 213.793792][ T5804] file_thp 0 [ 213.793792][ T5804] shmem_thp 0 [ 213.793792][ T5804] inactive_anon 0 [ 213.793792][ T5804] active_anon 0 [ 213.793792][ T5804] inactive_file 0 [ 213.793792][ T5804] active_file 0 [ 213.793792][ T5804] unevictable 0 [ 213.793792][ T5804] slab_reclaimable 6752 [ 213.793792][ T5804] slab_unreclaimable 0 [ 213.793792][ T5804] slab 6752 [ 213.793792][ T5804] workingset_refault_anon 0 [pid 5808] write(6, "0x000000000000040e", 18 [pid 5804] <... write resumed>) = 18 [pid 5804] close(3) = 0 [ 213.892705][ T5804] Tasks state (memory values in pages): [ 213.900727][ T5804] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 213.910330][ T5804] Out of memory and no killable processes... [ 213.916409][ T5805] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 213.927149][ T5805] CPU: 0 PID: 5805 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5804] close(4) = 0 [pid 5804] close(5) = 0 [pid 5804] close(6) = 0 [pid 5804] close(7) = -1 EBADF (Bad file descriptor) [pid 5804] close(8) = -1 EBADF (Bad file descriptor) [pid 5804] close(9) = -1 EBADF (Bad file descriptor) [pid 5804] close(10) = -1 EBADF (Bad file descriptor) [pid 5804] close(11) = -1 EBADF (Bad file descriptor) [pid 5804] close(12) = -1 EBADF (Bad file descriptor) [pid 5804] close(13) = -1 EBADF (Bad file descriptor) [pid 5804] close(14) = -1 EBADF (Bad file descriptor) [pid 5804] close(15) = -1 EBADF (Bad file descriptor) [pid 5804] close(16) = -1 EBADF (Bad file descriptor) [pid 5804] close(17) = -1 EBADF (Bad file descriptor) [pid 5804] close(18) = -1 EBADF (Bad file descriptor) [pid 5804] close(19) = -1 EBADF (Bad file descriptor) [pid 5804] close(20) = -1 EBADF (Bad file descriptor) [pid 5804] close(21) = -1 EBADF (Bad file descriptor) [pid 5804] close(22) = -1 EBADF (Bad file descriptor) [pid 5804] close(23) = -1 EBADF (Bad file descriptor) [pid 5804] close(24) = -1 EBADF (Bad file descriptor) [pid 5804] close(25) = -1 EBADF (Bad file descriptor) [pid 5804] close(26) = -1 EBADF (Bad file descriptor) [pid 5804] close(27) = -1 EBADF (Bad file descriptor) [pid 5804] close(28) = -1 EBADF (Bad file descriptor) [pid 5804] close(29) = -1 EBADF (Bad file descriptor) [pid 5804] exit_group(0) = ? [pid 5804] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./52/binderfs") = 0 [pid 5072] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./52/cgroup") = 0 [pid 5072] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./52/cgroup.net") = 0 [ 213.937626][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 213.947737][ T5805] Call Trace: [ 213.951053][ T5805] [ 213.954023][ T5805] dump_stack_lvl+0x1e7/0x2d0 [ 213.958761][ T5805] ? nf_tcp_handle_invalid+0x640/0x640 [ 213.964273][ T5805] ? panic+0x770/0x770 [ 213.968411][ T5805] dump_header+0xdc/0x940 [ 213.972782][ T5805] out_of_memory+0xf21/0x12c0 [ 213.977478][ T5805] ? mutex_lock_io_nested+0x60/0x60 [ 213.982736][ T5805] ? preempt_schedule+0xdd/0xf0 [ 213.987657][ T5805] ? unregister_oom_notifier+0x20/0x20 [ 213.993171][ T5805] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 213.999218][ T5805] mem_cgroup_out_of_memory+0x263/0x3b0 [ 214.004823][ T5805] ? preempt_schedule_thunk+0x1a/0x20 [ 214.010254][ T5805] ? mem_cgroup_oom_trylock+0x210/0x210 [ 214.015843][ T5805] ? cgroup_file_notify+0x127/0x190 [ 214.021101][ T5805] memory_max_write+0x355/0x470 [ 214.025999][ T5805] ? memory_max_show+0xa0/0xa0 [ 214.030780][ T5805] ? read_lock_is_recursive+0x20/0x20 [ 214.036185][ T5805] ? memory_max_show+0xa0/0xa0 [ 214.041086][ T5805] cgroup_file_write+0x2b1/0x780 [ 214.046081][ T5805] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.051247][ T5805] ? __virt_addr_valid+0x22f/0x2e0 [ 214.056952][ T5805] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.062126][ T5805] kernfs_fop_write_iter+0x3a6/0x4f0 [ 214.067436][ T5805] vfs_write+0x7b2/0xbb0 [ 214.071748][ T5805] ? file_end_write+0x240/0x240 [ 214.076657][ T5805] ? do_raw_spin_unlock+0x13b/0x8b0 [ 214.081916][ T5805] ? lockdep_hardirqs_on+0x98/0x140 [ 214.087160][ T5805] ? __fdget_pos+0x265/0x2f0 [ 214.091785][ T5805] ksys_write+0x1a0/0x2c0 [ 214.096171][ T5805] ? __ia32_sys_read+0x90/0x90 [ 214.100984][ T5805] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 214.107022][ T5805] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 214.113045][ T5805] do_syscall_64+0x41/0xc0 [ 214.117518][ T5805] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 214.123464][ T5805] RIP: 0033:0x7fd49ce20129 [ 214.127927][ T5805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 214.147576][ T5805] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.156466][ T5805] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 214.164476][ T5805] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 214.172488][ T5805] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 214.180495][ T5805] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5072] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./52/file0") = 0 [pid 5072] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./52/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./52") = 0 [ 214.188491][ T5805] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003a [ 214.196511][ T5805] [ 214.207127][ T5805] memory: usage 8kB, limit 0kB, failcnt 55 [ 214.214008][ T5805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.223444][ T5805] Memory cgroup stats for /syz1: [ 214.235940][ T5805] anon 0 [pid 5072] mkdir("./53", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 55 ./strace-static-x86_64: Process 5809 attached [pid 5809] chdir("./53") = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5809] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5809] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5809] mkdir("./file0", 000) = 0 [pid 5809] open("./file0", O_RDONLY) = 3 [pid 5809] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 214.235940][ T5805] file 0 [ 214.235940][ T5805] kernel 8192 [ 214.235940][ T5805] kernel_stack 0 [ 214.235940][ T5805] pagetables 0 [ 214.235940][ T5805] sec_pagetables 0 [ 214.235940][ T5805] percpu 0 [ 214.235940][ T5805] sock 0 [ 214.235940][ T5805] vmalloc 0 [ 214.235940][ T5805] shmem 0 [ 214.235940][ T5805] zswap 0 [ 214.235940][ T5805] zswapped 0 [ 214.235940][ T5805] file_mapped 0 [ 214.235940][ T5805] file_dirty 0 [ 214.235940][ T5805] file_writeback 0 [ 214.235940][ T5805] swapcached 0 [ 214.235940][ T5805] anon_thp 0 [pid 5809] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5809] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5809] openat(5, "memory.max", O_RDWR) = 6 [ 214.235940][ T5805] file_thp 0 [ 214.235940][ T5805] shmem_thp 0 [ 214.235940][ T5805] inactive_anon 0 [ 214.235940][ T5805] active_anon 0 [ 214.235940][ T5805] inactive_file 0 [ 214.235940][ T5805] active_file 0 [ 214.235940][ T5805] unevictable 0 [ 214.235940][ T5805] slab_reclaimable 6752 [ 214.235940][ T5805] slab_unreclaimable 0 [ 214.235940][ T5805] slab 6752 [ 214.235940][ T5805] workingset_refault_anon 0 [pid 5809] write(6, "0x000000000000040e", 18 [pid 5805] <... write resumed>) = 18 [pid 5805] close(3) = 0 [pid 5805] close(4) = 0 [pid 5805] close(5) = 0 [pid 5805] close(6) = 0 [ 214.344276][ T5805] Tasks state (memory values in pages): [ 214.358556][ T5805] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 214.368787][ T5805] Out of memory and no killable processes... [ 214.374969][ T5806] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 214.386353][ T5806] CPU: 0 PID: 5806 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 214.396863][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 214.406927][ T5806] Call Trace: [ 214.410232][ T5806] [ 214.413178][ T5806] dump_stack_lvl+0x1e7/0x2d0 [ 214.417881][ T5806] ? nf_tcp_handle_invalid+0x640/0x640 [ 214.423363][ T5806] ? panic+0x770/0x770 [ 214.427457][ T5806] dump_header+0xdc/0x940 [ 214.431933][ T5806] out_of_memory+0xf21/0x12c0 [ 214.436628][ T5806] ? mutex_lock_io_nested+0x60/0x60 [ 214.441844][ T5806] ? preempt_schedule+0xdd/0xf0 [ 214.446721][ T5806] ? unregister_oom_notifier+0x20/0x20 [ 214.452233][ T5806] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 214.458274][ T5806] mem_cgroup_out_of_memory+0x263/0x3b0 [ 214.463838][ T5806] ? preempt_schedule_thunk+0x1a/0x20 [ 214.469230][ T5806] ? mem_cgroup_oom_trylock+0x210/0x210 [ 214.474807][ T5806] ? cgroup_file_notify+0x127/0x190 [ 214.480024][ T5806] memory_max_write+0x355/0x470 [ 214.484896][ T5806] ? memory_max_show+0xa0/0xa0 [ 214.489674][ T5806] ? read_lock_is_recursive+0x20/0x20 [ 214.495067][ T5806] ? memory_max_show+0xa0/0xa0 [ 214.499846][ T5806] cgroup_file_write+0x2b1/0x780 [ 214.504798][ T5806] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.509917][ T5806] ? __virt_addr_valid+0x22f/0x2e0 [ 214.515047][ T5806] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.520179][ T5806] kernfs_fop_write_iter+0x3a6/0x4f0 [ 214.525485][ T5806] vfs_write+0x7b2/0xbb0 [ 214.529752][ T5806] ? file_end_write+0x240/0x240 [ 214.534623][ T5806] ? do_raw_spin_unlock+0x13b/0x8b0 [ 214.539925][ T5806] ? lockdep_hardirqs_on+0x98/0x140 [ 214.545145][ T5806] ? __fdget_pos+0x265/0x2f0 [ 214.549750][ T5806] ksys_write+0x1a0/0x2c0 [ 214.554114][ T5806] ? __ia32_sys_read+0x90/0x90 [ 214.558905][ T5806] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 214.564929][ T5806] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 214.570929][ T5806] do_syscall_64+0x41/0xc0 [ 214.575380][ T5806] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 214.581294][ T5806] RIP: 0033:0x7fd49ce20129 [ 214.585718][ T5806] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 214.605335][ T5806] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.613773][ T5806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 214.621765][ T5806] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 214.629757][ T5806] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 214.637740][ T5806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5805] close(7) = -1 EBADF (Bad file descriptor) [pid 5805] close(8) = -1 EBADF (Bad file descriptor) [pid 5805] close(9) = -1 EBADF (Bad file descriptor) [pid 5805] close(10) = -1 EBADF (Bad file descriptor) [pid 5805] close(11) = -1 EBADF (Bad file descriptor) [pid 5805] close(12) = -1 EBADF (Bad file descriptor) [pid 5805] close(13) = -1 EBADF (Bad file descriptor) [pid 5805] close(14) = -1 EBADF (Bad file descriptor) [pid 5805] close(15) = -1 EBADF (Bad file descriptor) [pid 5805] close(16) = -1 EBADF (Bad file descriptor) [pid 5805] close(17) = -1 EBADF (Bad file descriptor) [pid 5805] close(18) = -1 EBADF (Bad file descriptor) [pid 5805] close(19) = -1 EBADF (Bad file descriptor) [ 214.645719][ T5806] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000034 [ 214.653731][ T5806] [ 214.684778][ T5806] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5805] close(20) = -1 EBADF (Bad file descriptor) [pid 5805] close(21) = -1 EBADF (Bad file descriptor) [pid 5805] close(22) = -1 EBADF (Bad file descriptor) [pid 5805] close(23) = -1 EBADF (Bad file descriptor) [pid 5805] close(24) = -1 EBADF (Bad file descriptor) [pid 5805] close(25) = -1 EBADF (Bad file descriptor) [pid 5805] close(26) = -1 EBADF (Bad file descriptor) [pid 5805] close(27) = -1 EBADF (Bad file descriptor) [pid 5805] close(28) = -1 EBADF (Bad file descriptor) [pid 5805] close(29) = -1 EBADF (Bad file descriptor) [pid 5805] exit_group(0) = ? [pid 5805] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./58/binderfs") = 0 [ 214.690823][ T5806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.699035][ T5806] Memory cgroup stats for /syz1: [ 214.699268][ T5806] anon 0 [ 214.699268][ T5806] file 0 [ 214.699268][ T5806] kernel 8192 [ 214.699268][ T5806] kernel_stack 0 [ 214.699268][ T5806] pagetables 0 [ 214.699268][ T5806] sec_pagetables 0 [ 214.699268][ T5806] percpu 0 [ 214.699268][ T5806] sock 0 [ 214.699268][ T5806] vmalloc 0 [ 214.699268][ T5806] shmem 0 [ 214.699268][ T5806] zswap 0 [ 214.699268][ T5806] zswapped 0 [ 214.699268][ T5806] file_mapped 0 [ 214.699268][ T5806] file_dirty 0 [pid 5075] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./58/cgroup") = 0 [pid 5075] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./58/cgroup.net") = 0 [pid 5075] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 214.699268][ T5806] file_writeback 0 [ 214.699268][ T5806] swapcached 0 [ 214.699268][ T5806] anon_thp 0 [ 214.699268][ T5806] file_thp 0 [ 214.699268][ T5806] shmem_thp 0 [ 214.699268][ T5806] inactive_anon 0 [ 214.699268][ T5806] active_anon 0 [ 214.699268][ T5806] inactive_file 0 [ 214.699268][ T5806] active_file 0 [ 214.699268][ T5806] unevictable 0 [ 214.699268][ T5806] slab_reclaimable 6752 [ 214.699268][ T5806] slab_unreclaimable 0 [ 214.699268][ T5806] slab 6752 [ 214.699268][ T5806] workingset_refault_anon 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./58/file0") = 0 [pid 5075] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./58/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./58") = 0 [pid 5075] mkdir("./59", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 61 ./strace-static-x86_64: Process 5810 attached [pid 5810] chdir("./59") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5810] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5810] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] <... write resumed>) = 18 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [ 214.807468][ T5806] Tasks state (memory values in pages): [ 214.813084][ T5806] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 214.828839][ T5806] Out of memory and no killable processes... [ 214.834955][ T5807] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5810] mkdir("./file0", 000) = 0 [pid 5810] open("./file0", O_RDONLY) = 3 [pid 5810] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5810] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5810] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5810] openat(5, "memory.max", O_RDWR) = 6 [pid 5810] write(6, "0x000000000000040e", 18 [pid 5806] close(3) = 0 [pid 5806] close(4) = 0 [pid 5806] close(5) = 0 [pid 5806] close(6) = 0 [pid 5806] close(7) = -1 EBADF (Bad file descriptor) [pid 5806] close(8) = -1 EBADF (Bad file descriptor) [pid 5806] close(9) = -1 EBADF (Bad file descriptor) [pid 5806] close(10) = -1 EBADF (Bad file descriptor) [pid 5806] close(11) = -1 EBADF (Bad file descriptor) [pid 5806] close(12) = -1 EBADF (Bad file descriptor) [ 214.850279][ T5807] CPU: 0 PID: 5807 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 214.860758][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 214.870853][ T5807] Call Trace: [ 214.874179][ T5807] [ 214.877150][ T5807] dump_stack_lvl+0x1e7/0x2d0 [ 214.881883][ T5807] ? nf_tcp_handle_invalid+0x640/0x640 [ 214.887403][ T5807] ? panic+0x770/0x770 [ 214.891551][ T5807] dump_header+0xdc/0x940 [ 214.895946][ T5807] out_of_memory+0xf21/0x12c0 [ 214.900691][ T5807] ? mutex_lock_io_nested+0x60/0x60 [pid 5806] close(13) = -1 EBADF (Bad file descriptor) [pid 5806] close(14) = -1 EBADF (Bad file descriptor) [pid 5806] close(15) = -1 EBADF (Bad file descriptor) [pid 5806] close(16) = -1 EBADF (Bad file descriptor) [pid 5806] close(17) = -1 EBADF (Bad file descriptor) [pid 5806] close(18) = -1 EBADF (Bad file descriptor) [pid 5806] close(19) = -1 EBADF (Bad file descriptor) [pid 5806] close(20) = -1 EBADF (Bad file descriptor) [pid 5806] close(21) = -1 EBADF (Bad file descriptor) [pid 5806] close(22) = -1 EBADF (Bad file descriptor) [pid 5806] close(23) = -1 EBADF (Bad file descriptor) [pid 5806] close(24) = -1 EBADF (Bad file descriptor) [pid 5806] close(25) = -1 EBADF (Bad file descriptor) [pid 5806] close(26) = -1 EBADF (Bad file descriptor) [pid 5806] close(27) = -1 EBADF (Bad file descriptor) [pid 5806] close(28) = -1 EBADF (Bad file descriptor) [pid 5806] close(29) = -1 EBADF (Bad file descriptor) [pid 5806] exit_group(0) = ? [pid 5806] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5070] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 214.905958][ T5807] ? preempt_schedule+0xdd/0xf0 [ 214.910875][ T5807] ? unregister_oom_notifier+0x20/0x20 [ 214.916389][ T5807] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 214.922448][ T5807] mem_cgroup_out_of_memory+0x263/0x3b0 [ 214.928059][ T5807] ? preempt_schedule_thunk+0x1a/0x20 [ 214.933512][ T5807] ? mem_cgroup_oom_trylock+0x210/0x210 [ 214.939143][ T5807] ? cgroup_file_notify+0x127/0x190 [ 214.944408][ T5807] memory_max_write+0x355/0x470 [ 214.949328][ T5807] ? memory_max_show+0xa0/0xa0 [pid 5070] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./52/binderfs") = 0 [pid 5070] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./52/cgroup") = 0 [pid 5070] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./52/cgroup.net") = 0 [ 214.954146][ T5807] ? read_lock_is_recursive+0x20/0x20 [ 214.959578][ T5807] ? memory_max_show+0xa0/0xa0 [ 214.964399][ T5807] cgroup_file_write+0x2b1/0x780 [ 214.969396][ T5807] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.974571][ T5807] ? __virt_addr_valid+0x22f/0x2e0 [ 214.979741][ T5807] ? cgroup_seqfile_stop+0xd0/0xd0 [ 214.984870][ T5807] kernfs_fop_write_iter+0x3a6/0x4f0 [ 214.990183][ T5807] vfs_write+0x7b2/0xbb0 [ 214.994474][ T5807] ? file_end_write+0x240/0x240 [ 214.999390][ T5807] ? do_raw_spin_unlock+0x13b/0x8b0 [ 215.004643][ T5807] ? lockdep_hardirqs_on+0x98/0x140 [ 215.009960][ T5807] ? __fdget_pos+0x265/0x2f0 [ 215.014595][ T5807] ksys_write+0x1a0/0x2c0 [ 215.018964][ T5807] ? __ia32_sys_read+0x90/0x90 [ 215.023785][ T5807] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 215.029824][ T5807] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 215.035861][ T5807] do_syscall_64+0x41/0xc0 [ 215.040345][ T5807] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.046306][ T5807] RIP: 0033:0x7fd49ce20129 [ 215.050775][ T5807] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.070435][ T5807] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.078896][ T5807] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 215.086895][ T5807] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 215.094913][ T5807] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./52/file0") = 0 [pid 5070] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./52/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./52") = 0 [ 215.102930][ T5807] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 215.110954][ T5807] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003c [ 215.119000][ T5807] [ 215.142890][ T5807] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] mkdir("./53", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5811 attached [pid 5811] chdir("./53" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 55 [pid 5811] <... chdir resumed>) = 0 [pid 5811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5811] setpgid(0, 0) = 0 [pid 5811] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5811] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5811] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5811] write(3, "1000", 4) = 4 [pid 5811] close(3) = 0 [pid 5811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5811] mkdir("./file0", 000) = 0 [pid 5811] open("./file0", O_RDONLY) = 3 [pid 5811] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5811] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5811] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5811] openat(5, "memory.max", O_RDWR) = 6 [ 215.153224][ T5807] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 215.163470][ T5807] Memory cgroup stats for /syz1: [ 215.163680][ T5807] anon 0 [ 215.163680][ T5807] file 0 [ 215.163680][ T5807] kernel 8192 [ 215.163680][ T5807] kernel_stack 0 [ 215.163680][ T5807] pagetables 0 [ 215.163680][ T5807] sec_pagetables 0 [ 215.163680][ T5807] percpu 0 [ 215.163680][ T5807] sock 0 [ 215.163680][ T5807] vmalloc 0 [ 215.163680][ T5807] shmem 0 [ 215.163680][ T5807] zswap 0 [ 215.163680][ T5807] zswapped 0 [ 215.163680][ T5807] file_mapped 0 [ 215.163680][ T5807] file_dirty 0 [ 215.163680][ T5807] file_writeback 0 [ 215.163680][ T5807] swapcached 0 [ 215.163680][ T5807] anon_thp 0 [ 215.163680][ T5807] file_thp 0 [ 215.163680][ T5807] shmem_thp 0 [ 215.163680][ T5807] inactive_anon 0 [ 215.163680][ T5807] active_anon 0 [ 215.163680][ T5807] inactive_file 0 [ 215.163680][ T5807] active_file 0 [ 215.163680][ T5807] unevictable 0 [ 215.163680][ T5807] slab_reclaimable 6752 [ 215.163680][ T5807] slab_unreclaimable 0 [ 215.163680][ T5807] slab 6752 [ 215.163680][ T5807] workingset_refault_anon 0 [ 215.260145][ T5807] Tasks state (memory values in pages): [ 215.266016][ T5807] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 215.278365][ T5807] Out of memory and no killable processes... [ 215.286625][ T5808] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 215.297009][ T5808] CPU: 0 PID: 5808 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5811] write(6, "0x000000000000040e", 18 [pid 5807] <... write resumed>) = 18 [pid 5807] close(3) = 0 [pid 5807] close(4) = 0 [pid 5807] close(5) = 0 [pid 5807] close(6) = 0 [pid 5807] close(7) = -1 EBADF (Bad file descriptor) [pid 5807] close(8) = -1 EBADF (Bad file descriptor) [pid 5807] close(9) = -1 EBADF (Bad file descriptor) [pid 5807] close(10) = -1 EBADF (Bad file descriptor) [pid 5807] close(11) = -1 EBADF (Bad file descriptor) [pid 5807] close(12) = -1 EBADF (Bad file descriptor) [pid 5807] close(13) = -1 EBADF (Bad file descriptor) [pid 5807] close(14) = -1 EBADF (Bad file descriptor) [pid 5807] close(15) = -1 EBADF (Bad file descriptor) [pid 5807] close(16) = -1 EBADF (Bad file descriptor) [pid 5807] close(17) = -1 EBADF (Bad file descriptor) [pid 5807] close(18) = -1 EBADF (Bad file descriptor) [pid 5807] close(19) = -1 EBADF (Bad file descriptor) [pid 5807] close(20) = -1 EBADF (Bad file descriptor) [ 215.307468][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 215.317578][ T5808] Call Trace: [ 215.320908][ T5808] [ 215.323880][ T5808] dump_stack_lvl+0x1e7/0x2d0 [ 215.328622][ T5808] ? nf_tcp_handle_invalid+0x640/0x640 [ 215.334134][ T5808] ? panic+0x770/0x770 [ 215.338285][ T5808] dump_header+0xdc/0x940 [ 215.342676][ T5808] out_of_memory+0xf21/0x12c0 [ 215.347425][ T5808] ? mutex_lock_io_nested+0x60/0x60 [ 215.352698][ T5808] ? preempt_schedule+0xdd/0xf0 [pid 5807] close(21) = -1 EBADF (Bad file descriptor) [pid 5807] close(22) = -1 EBADF (Bad file descriptor) [pid 5807] close(23) = -1 EBADF (Bad file descriptor) [pid 5807] close(24) = -1 EBADF (Bad file descriptor) [pid 5807] close(25) = -1 EBADF (Bad file descriptor) [pid 5807] close(26) = -1 EBADF (Bad file descriptor) [pid 5807] close(27) = -1 EBADF (Bad file descriptor) [pid 5807] close(28) = -1 EBADF (Bad file descriptor) [pid 5807] close(29) = -1 EBADF (Bad file descriptor) [pid 5807] exit_group(0) = ? [pid 5807] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./60/binderfs") = 0 [pid 5074] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 215.357608][ T5808] ? unregister_oom_notifier+0x20/0x20 [ 215.363115][ T5808] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 215.369166][ T5808] mem_cgroup_out_of_memory+0x263/0x3b0 [ 215.374948][ T5808] ? preempt_schedule_thunk+0x1a/0x20 [ 215.380392][ T5808] ? mem_cgroup_oom_trylock+0x210/0x210 [ 215.386026][ T5808] ? cgroup_file_notify+0x127/0x190 [ 215.391294][ T5808] memory_max_write+0x355/0x470 [ 215.396209][ T5808] ? memory_max_show+0xa0/0xa0 [ 215.401045][ T5808] ? read_lock_is_recursive+0x20/0x20 [pid 5074] unlink("./60/cgroup") = 0 [pid 5074] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 215.406490][ T5808] ? memory_max_show+0xa0/0xa0 [ 215.411336][ T5808] cgroup_file_write+0x2b1/0x780 [ 215.416340][ T5808] ? cgroup_seqfile_stop+0xd0/0xd0 [ 215.421511][ T5808] ? __virt_addr_valid+0x22f/0x2e0 [ 215.426678][ T5808] ? cgroup_seqfile_stop+0xd0/0xd0 [ 215.431816][ T5808] kernfs_fop_write_iter+0x3a6/0x4f0 [ 215.437141][ T5808] vfs_write+0x7b2/0xbb0 [ 215.441436][ T5808] ? file_end_write+0x240/0x240 [ 215.446321][ T5808] ? do_raw_spin_unlock+0x13b/0x8b0 [ 215.451547][ T5808] ? lockdep_hardirqs_on+0x98/0x140 [ 215.456778][ T5808] ? __fdget_pos+0x265/0x2f0 [ 215.461395][ T5808] ksys_write+0x1a0/0x2c0 [ 215.465754][ T5808] ? __ia32_sys_read+0x90/0x90 [ 215.470555][ T5808] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 215.476568][ T5808] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 215.482579][ T5808] do_syscall_64+0x41/0xc0 [ 215.487023][ T5808] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.492945][ T5808] RIP: 0033:0x7fd49ce20129 [ 215.497378][ T5808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.517029][ T5808] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.525475][ T5808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 215.533471][ T5808] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 215.541462][ T5808] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 215.549448][ T5808] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5074] unlink("./60/cgroup.net") = 0 [pid 5074] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./60/file0") = 0 [pid 5074] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./60/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./60") = 0 [pid 5074] mkdir("./61", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5812 attached [ 215.557436][ T5808] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000038 [ 215.565442][ T5808] [ 215.592618][ T5808] memory: usage 8kB, limit 0kB, failcnt 55 [ 215.601513][ T5808] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 , child_tidptr=0x5555574ac5d0) = 63 [ 215.613106][ T5808] Memory cgroup stats for /syz1: [ 215.613308][ T5808] anon 0 [ 215.613308][ T5808] file 0 [ 215.613308][ T5808] kernel 8192 [ 215.613308][ T5808] kernel_stack 0 [ 215.613308][ T5808] pagetables 0 [ 215.613308][ T5808] sec_pagetables 0 [ 215.613308][ T5808] percpu 0 [ 215.613308][ T5808] sock 0 [ 215.613308][ T5808] vmalloc 0 [ 215.613308][ T5808] shmem 0 [ 215.613308][ T5808] zswap 0 [ 215.613308][ T5808] zswapped 0 [ 215.613308][ T5808] file_mapped 0 [ 215.613308][ T5808] file_dirty 0 [pid 5812] chdir("./61") = 0 [ 215.613308][ T5808] file_writeback 0 [ 215.613308][ T5808] swapcached 0 [ 215.613308][ T5808] anon_thp 0 [ 215.613308][ T5808] file_thp 0 [ 215.613308][ T5808] shmem_thp 0 [ 215.613308][ T5808] inactive_anon 0 [ 215.613308][ T5808] active_anon 0 [ 215.613308][ T5808] inactive_file 0 [ 215.613308][ T5808] active_file 0 [ 215.613308][ T5808] unevictable 0 [ 215.613308][ T5808] slab_reclaimable 6752 [ 215.613308][ T5808] slab_unreclaimable 0 [ 215.613308][ T5808] slab 6752 [ 215.613308][ T5808] workingset_refault_anon 0 [pid 5812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5812] setpgid(0, 0) = 0 [pid 5812] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5812] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5812] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5808] <... write resumed>) = 18 [pid 5812] <... symlink resumed>) = 0 [pid 5808] close(3 [pid 5812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5808] <... close resumed>) = 0 [pid 5812] <... openat resumed>) = 3 [pid 5808] close(4 [pid 5812] write(3, "1000", 4 [pid 5808] <... close resumed>) = 0 [pid 5812] <... write resumed>) = 4 [pid 5808] close(5 [pid 5812] close(3 [pid 5808] <... close resumed>) = 0 [pid 5812] <... close resumed>) = 0 [pid 5808] close(6 [pid 5812] symlink("/dev/binderfs", "./binderfs" [pid 5808] <... close resumed>) = 0 [pid 5812] <... symlink resumed>) = 0 [pid 5808] close(7 [ 215.715660][ T5808] Tasks state (memory values in pages): [ 215.721746][ T5808] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 215.743091][ T5808] Out of memory and no killable processes... [ 215.750514][ T5809] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5812] mkdir("./file0", 000 [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... mkdir resumed>) = 0 [pid 5808] close(8 [pid 5812] open("./file0", O_RDONLY [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... open resumed>) = 3 [pid 5808] close(9 [pid 5812] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... mount resumed>) = 0 [pid 5808] close(10 [pid 5812] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... openat resumed>) = 4 [pid 5808] close(11 [pid 5812] openat(4, "syz1", O_RDWR|O_PATH [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... openat resumed>) = 5 [pid 5808] close(12 [pid 5812] openat(5, "memory.max", O_RDWR [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5812] <... openat resumed>) = 6 [pid 5808] close(13 [pid 5812] write(6, "0x000000000000040e", 18 [pid 5808] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5808] close(14) = -1 EBADF (Bad file descriptor) [pid 5808] close(15) = -1 EBADF (Bad file descriptor) [pid 5808] close(16) = -1 EBADF (Bad file descriptor) [pid 5808] close(17) = -1 EBADF (Bad file descriptor) [pid 5808] close(18) = -1 EBADF (Bad file descriptor) [pid 5808] close(19) = -1 EBADF (Bad file descriptor) [pid 5808] close(20) = -1 EBADF (Bad file descriptor) [pid 5808] close(21) = -1 EBADF (Bad file descriptor) [pid 5808] close(22) = -1 EBADF (Bad file descriptor) [pid 5808] close(23) = -1 EBADF (Bad file descriptor) [pid 5808] close(24) = -1 EBADF (Bad file descriptor) [pid 5808] close(25) = -1 EBADF (Bad file descriptor) [pid 5808] close(26) = -1 EBADF (Bad file descriptor) [pid 5808] close(27) = -1 EBADF (Bad file descriptor) [pid 5808] close(28) = -1 EBADF (Bad file descriptor) [pid 5808] close(29) = -1 EBADF (Bad file descriptor) [pid 5808] exit_group(0) = ? [pid 5808] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5073] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./56/binderfs") = 0 [ 215.761681][ T5809] CPU: 1 PID: 5809 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 215.772151][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 215.782251][ T5809] Call Trace: [ 215.785581][ T5809] [ 215.788554][ T5809] dump_stack_lvl+0x1e7/0x2d0 [ 215.793303][ T5809] ? nf_tcp_handle_invalid+0x640/0x640 [ 215.798820][ T5809] ? panic+0x770/0x770 [ 215.802974][ T5809] dump_header+0xdc/0x940 [ 215.807367][ T5809] out_of_memory+0xf21/0x12c0 [pid 5073] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./56/cgroup") = 0 [pid 5073] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./56/cgroup.net") = 0 [ 215.812110][ T5809] ? mutex_lock_io_nested+0x60/0x60 [ 215.817369][ T5809] ? preempt_schedule+0xdd/0xf0 [ 215.822363][ T5809] ? unregister_oom_notifier+0x20/0x20 [ 215.827872][ T5809] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 215.833911][ T5809] mem_cgroup_out_of_memory+0x263/0x3b0 [ 215.839493][ T5809] ? preempt_schedule_thunk+0x1a/0x20 [ 215.844950][ T5809] ? mem_cgroup_oom_trylock+0x210/0x210 [ 215.850600][ T5809] ? cgroup_file_notify+0x127/0x190 [ 215.855875][ T5809] memory_max_write+0x355/0x470 [ 215.860800][ T5809] ? memory_max_show+0xa0/0xa0 [ 215.865625][ T5809] ? read_lock_is_recursive+0x20/0x20 [ 215.871059][ T5809] ? memory_max_show+0xa0/0xa0 [ 215.875862][ T5809] cgroup_file_write+0x2b1/0x780 [ 215.880822][ T5809] ? cgroup_seqfile_stop+0xd0/0xd0 [ 215.885948][ T5809] ? __virt_addr_valid+0x22f/0x2e0 [ 215.891098][ T5809] ? cgroup_seqfile_stop+0xd0/0xd0 [ 215.896254][ T5809] kernfs_fop_write_iter+0x3a6/0x4f0 [ 215.901624][ T5809] vfs_write+0x7b2/0xbb0 [ 215.905927][ T5809] ? file_end_write+0x240/0x240 [ 215.910819][ T5809] ? do_raw_spin_unlock+0x13b/0x8b0 [ 215.916068][ T5809] ? lockdep_hardirqs_on+0x98/0x140 [ 215.921331][ T5809] ? __fdget_pos+0x265/0x2f0 [ 215.925977][ T5809] ksys_write+0x1a0/0x2c0 [ 215.930360][ T5809] ? __ia32_sys_read+0x90/0x90 [ 215.935147][ T5809] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 215.941172][ T5809] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 215.947226][ T5809] do_syscall_64+0x41/0xc0 [ 215.951711][ T5809] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.957661][ T5809] RIP: 0033:0x7fd49ce20129 [ 215.962109][ T5809] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.981761][ T5809] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.990303][ T5809] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 215.998324][ T5809] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 216.006330][ T5809] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./56/file0") = 0 [pid 5073] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./56/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./56") = 0 [ 216.014328][ T5809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 216.022341][ T5809] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000035 [ 216.030366][ T5809] [ 216.037995][ T5809] memory: usage 8kB, limit 0kB, failcnt 55 [ 216.045059][ T5809] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5073] mkdir("./57", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5813 attached [pid 5813] chdir("./57" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 59 [pid 5813] <... chdir resumed>) = 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5813] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5813] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [ 216.062287][ T5809] Memory cgroup stats for /syz1: [ 216.062620][ T5809] anon 0 [ 216.062620][ T5809] file 0 [ 216.062620][ T5809] kernel 8192 [ 216.062620][ T5809] kernel_stack 0 [ 216.062620][ T5809] pagetables 0 [ 216.062620][ T5809] sec_pagetables 0 [ 216.062620][ T5809] percpu 0 [ 216.062620][ T5809] sock 0 [ 216.062620][ T5809] vmalloc 0 [ 216.062620][ T5809] shmem 0 [ 216.062620][ T5809] zswap 0 [ 216.062620][ T5809] zswapped 0 [ 216.062620][ T5809] file_mapped 0 [ 216.062620][ T5809] file_dirty 0 [ 216.062620][ T5809] file_writeback 0 [ 216.062620][ T5809] swapcached 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5813] write(3, "1000", 4) = 4 [pid 5813] close(3) = 0 [pid 5813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5813] mkdir("./file0", 000) = 0 [pid 5813] open("./file0", O_RDONLY) = 3 [pid 5813] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5813] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5813] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5813] openat(5, "memory.max", O_RDWR) = 6 [ 216.062620][ T5809] anon_thp 0 [ 216.062620][ T5809] file_thp 0 [ 216.062620][ T5809] shmem_thp 0 [ 216.062620][ T5809] inactive_anon 0 [ 216.062620][ T5809] active_anon 0 [ 216.062620][ T5809] inactive_file 0 [ 216.062620][ T5809] active_file 0 [ 216.062620][ T5809] unevictable 0 [ 216.062620][ T5809] slab_reclaimable 6752 [ 216.062620][ T5809] slab_unreclaimable 0 [ 216.062620][ T5809] slab 6752 [ 216.062620][ T5809] workingset_refault_anon 0 [pid 5813] write(6, "0x000000000000040e", 18 [pid 5809] <... write resumed>) = 18 [pid 5809] close(3) = 0 [pid 5809] close(4) = 0 [pid 5809] close(5) = 0 [pid 5809] close(6) = 0 [pid 5809] close(7) = -1 EBADF (Bad file descriptor) [pid 5809] close(8) = -1 EBADF (Bad file descriptor) [pid 5809] close(9) = -1 EBADF (Bad file descriptor) [pid 5809] close(10) = -1 EBADF (Bad file descriptor) [pid 5809] close(11) = -1 EBADF (Bad file descriptor) [pid 5809] close(12) = -1 EBADF (Bad file descriptor) [pid 5809] close(13) = -1 EBADF (Bad file descriptor) [pid 5809] close(14) = -1 EBADF (Bad file descriptor) [pid 5809] close(15) = -1 EBADF (Bad file descriptor) [pid 5809] close(16) = -1 EBADF (Bad file descriptor) [ 216.163281][ T5809] Tasks state (memory values in pages): [ 216.169038][ T5809] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 216.178594][ T5809] Out of memory and no killable processes... [ 216.184662][ T5810] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 216.195512][ T5810] CPU: 1 PID: 5810 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 216.205992][ T5810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 216.216094][ T5810] Call Trace: [ 216.219413][ T5810] [ 216.222400][ T5810] dump_stack_lvl+0x1e7/0x2d0 [ 216.227154][ T5810] ? nf_tcp_handle_invalid+0x640/0x640 [ 216.232675][ T5810] ? panic+0x770/0x770 [ 216.236817][ T5810] dump_header+0xdc/0x940 [ 216.241211][ T5810] out_of_memory+0xf21/0x12c0 [ 216.245952][ T5810] ? mutex_lock_io_nested+0x60/0x60 [ 216.251224][ T5810] ? preempt_schedule+0xdd/0xf0 [ 216.256140][ T5810] ? unregister_oom_notifier+0x20/0x20 [ 216.261650][ T5810] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 216.267702][ T5810] mem_cgroup_out_of_memory+0x263/0x3b0 [ 216.273293][ T5810] ? preempt_schedule_thunk+0x1a/0x20 [ 216.278704][ T5810] ? mem_cgroup_oom_trylock+0x210/0x210 [ 216.284325][ T5810] ? cgroup_file_notify+0x127/0x190 [ 216.289584][ T5810] memory_max_write+0x355/0x470 [ 216.294501][ T5810] ? memory_max_show+0xa0/0xa0 [ 216.299311][ T5810] ? read_lock_is_recursive+0x20/0x20 [ 216.304714][ T5810] ? memory_max_show+0xa0/0xa0 [ 216.309502][ T5810] cgroup_file_write+0x2b1/0x780 [pid 5809] close(17) = -1 EBADF (Bad file descriptor) [pid 5809] close(18) = -1 EBADF (Bad file descriptor) [pid 5809] close(19) = -1 EBADF (Bad file descriptor) [pid 5809] close(20) = -1 EBADF (Bad file descriptor) [pid 5809] close(21) = -1 EBADF (Bad file descriptor) [pid 5809] close(22) = -1 EBADF (Bad file descriptor) [pid 5809] close(23) = -1 EBADF (Bad file descriptor) [pid 5809] close(24) = -1 EBADF (Bad file descriptor) [pid 5809] close(25) = -1 EBADF (Bad file descriptor) [ 216.314464][ T5810] ? cgroup_seqfile_stop+0xd0/0xd0 [ 216.319597][ T5810] ? __virt_addr_valid+0x22f/0x2e0 [ 216.324744][ T5810] ? cgroup_seqfile_stop+0xd0/0xd0 [ 216.329872][ T5810] kernfs_fop_write_iter+0x3a6/0x4f0 [ 216.335210][ T5810] vfs_write+0x7b2/0xbb0 [ 216.339486][ T5810] ? file_end_write+0x240/0x240 [ 216.344358][ T5810] ? do_raw_spin_unlock+0x13b/0x8b0 [ 216.349600][ T5810] ? lockdep_hardirqs_on+0x98/0x140 [ 216.354828][ T5810] ? __fdget_pos+0x265/0x2f0 [ 216.359442][ T5810] ksys_write+0x1a0/0x2c0 [ 216.363800][ T5810] ? __ia32_sys_read+0x90/0x90 [ 216.368589][ T5810] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 216.374603][ T5810] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 216.380641][ T5810] do_syscall_64+0x41/0xc0 [ 216.385090][ T5810] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.391013][ T5810] RIP: 0033:0x7fd49ce20129 [ 216.395442][ T5810] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.415061][ T5810] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 216.423515][ T5810] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 216.431891][ T5810] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 216.440033][ T5810] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 216.448042][ T5810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 216.456040][ T5810] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003b [ 216.464054][ T5810] [pid 5809] close(26) = -1 EBADF (Bad file descriptor) [pid 5809] close(27) = -1 EBADF (Bad file descriptor) [pid 5809] close(28) = -1 EBADF (Bad file descriptor) [pid 5809] close(29) = -1 EBADF (Bad file descriptor) [pid 5809] exit_group(0) = ? [pid 5809] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./53/binderfs") = 0 [pid 5072] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./53/cgroup") = 0 [pid 5072] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./53/cgroup.net") = 0 [pid 5072] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./53/file0") = 0 [pid 5072] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./53/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./53") = 0 [pid 5072] mkdir("./54", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5814 attached , child_tidptr=0x5555574ac5d0) = 56 [pid 5814] chdir("./54") = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0) = 0 [ 216.475500][ T5810] memory: usage 8kB, limit 0kB, failcnt 55 [ 216.481539][ T5810] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 216.490197][ T5810] Memory cgroup stats for /syz1: [ 216.491824][ T5810] anon 0 [ 216.491824][ T5810] file 0 [ 216.491824][ T5810] kernel 8192 [ 216.491824][ T5810] kernel_stack 0 [ 216.491824][ T5810] pagetables 0 [ 216.491824][ T5810] sec_pagetables 0 [ 216.491824][ T5810] percpu 0 [ 216.491824][ T5810] sock 0 [ 216.491824][ T5810] vmalloc 0 [pid 5814] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5814] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5814] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5814] mkdir("./file0", 000) = 0 [pid 5814] open("./file0", O_RDONLY) = 3 [pid 5814] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5814] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5814] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5814] openat(5, "memory.max", O_RDWR) = 6 [ 216.491824][ T5810] shmem 0 [ 216.491824][ T5810] zswap 0 [ 216.491824][ T5810] zswapped 0 [ 216.491824][ T5810] file_mapped 0 [ 216.491824][ T5810] file_dirty 0 [ 216.491824][ T5810] file_writeback 0 [ 216.491824][ T5810] swapcached 0 [ 216.491824][ T5810] anon_thp 0 [ 216.491824][ T5810] file_thp 0 [ 216.491824][ T5810] shmem_thp 0 [ 216.491824][ T5810] inactive_anon 0 [ 216.491824][ T5810] active_anon 0 [ 216.491824][ T5810] inactive_file 0 [ 216.491824][ T5810] active_file 0 [ 216.491824][ T5810] unevictable 0 [ 216.491824][ T5810] slab_reclaimable 6752 [ 216.491824][ T5810] slab_unreclaimable 0 [ 216.491824][ T5810] slab 6752 [ 216.491824][ T5810] workingset_refault_anon 0 [ 216.594835][ T5810] Tasks state (memory values in pages): [ 216.600909][ T5810] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 216.611559][ T5810] Out of memory and no killable processes... [pid 5814] write(6, "0x000000000000040e", 18 [pid 5810] <... write resumed>) = 18 [pid 5810] close(3) = 0 [pid 5810] close(4) = 0 [pid 5810] close(5) = 0 [pid 5810] close(6) = 0 [pid 5810] close(7) = -1 EBADF (Bad file descriptor) [pid 5810] close(8) = -1 EBADF (Bad file descriptor) [pid 5810] close(9) = -1 EBADF (Bad file descriptor) [pid 5810] close(10) = -1 EBADF (Bad file descriptor) [pid 5810] close(11) = -1 EBADF (Bad file descriptor) [pid 5810] close(12) = -1 EBADF (Bad file descriptor) [pid 5810] close(13) = -1 EBADF (Bad file descriptor) [pid 5810] close(14) = -1 EBADF (Bad file descriptor) [pid 5810] close(15) = -1 EBADF (Bad file descriptor) [pid 5810] close(16) = -1 EBADF (Bad file descriptor) [pid 5810] close(17) = -1 EBADF (Bad file descriptor) [pid 5810] close(18) = -1 EBADF (Bad file descriptor) [pid 5810] close(19) = -1 EBADF (Bad file descriptor) [pid 5810] close(20) = -1 EBADF (Bad file descriptor) [pid 5810] close(21) = -1 EBADF (Bad file descriptor) [pid 5810] close(22) = -1 EBADF (Bad file descriptor) [pid 5810] close(23) = -1 EBADF (Bad file descriptor) [pid 5810] close(24) = -1 EBADF (Bad file descriptor) [pid 5810] close(25) = -1 EBADF (Bad file descriptor) [pid 5810] close(26) = -1 EBADF (Bad file descriptor) [pid 5810] close(27) = -1 EBADF (Bad file descriptor) [pid 5810] close(28) = -1 EBADF (Bad file descriptor) [pid 5810] close(29) = -1 EBADF (Bad file descriptor) [ 216.618140][ T5811] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 216.639112][ T5811] CPU: 0 PID: 5811 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 216.649617][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 216.659816][ T5811] Call Trace: [ 216.663153][ T5811] [ 216.666136][ T5811] dump_stack_lvl+0x1e7/0x2d0 [ 216.670883][ T5811] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5810] exit_group(0) = ? [pid 5810] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./59/binderfs") = 0 [pid 5075] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./59/cgroup") = 0 [pid 5075] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./59/cgroup.net") = 0 [ 216.676415][ T5811] ? panic+0x770/0x770 [ 216.680590][ T5811] dump_header+0xdc/0x940 [ 216.685016][ T5811] out_of_memory+0xf21/0x12c0 [ 216.689768][ T5811] ? mutex_lock_io_nested+0x60/0x60 [ 216.695049][ T5811] ? mark_lock+0x9a/0x340 [ 216.699441][ T5811] ? unregister_oom_notifier+0x20/0x20 [ 216.704968][ T5811] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 216.711038][ T5811] mem_cgroup_out_of_memory+0x263/0x3b0 [ 216.716661][ T5811] ? mem_cgroup_oom_trylock+0x210/0x210 [ 216.722295][ T5811] ? cgroup_file_notify+0x127/0x190 [ 216.727576][ T5811] memory_max_write+0x355/0x470 [ 216.732521][ T5811] ? memory_max_show+0xa0/0xa0 [ 216.737354][ T5811] ? read_lock_is_recursive+0x20/0x20 [ 216.742790][ T5811] ? memory_max_show+0xa0/0xa0 [ 216.747623][ T5811] cgroup_file_write+0x2b1/0x780 [ 216.752633][ T5811] ? cgroup_seqfile_stop+0xd0/0xd0 [ 216.757812][ T5811] ? __virt_addr_valid+0x22f/0x2e0 [ 216.763002][ T5811] ? cgroup_seqfile_stop+0xd0/0xd0 [ 216.768189][ T5811] kernfs_fop_write_iter+0x3a6/0x4f0 [ 216.773528][ T5811] vfs_write+0x7b2/0xbb0 [ 216.777822][ T5811] ? file_end_write+0x240/0x240 [ 216.782735][ T5811] ? do_raw_spin_unlock+0x13b/0x8b0 [ 216.787988][ T5811] ? lockdep_hardirqs_on+0x98/0x140 [ 216.793274][ T5811] ? __fdget_pos+0x265/0x2f0 [ 216.797904][ T5811] ksys_write+0x1a0/0x2c0 [ 216.802295][ T5811] ? __ia32_sys_read+0x90/0x90 [ 216.807117][ T5811] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 216.813163][ T5811] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 216.819196][ T5811] do_syscall_64+0x41/0xc0 [ 216.823666][ T5811] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.829606][ T5811] RIP: 0033:0x7fd49ce20129 [ 216.834071][ T5811] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.853716][ T5811] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 216.862164][ T5811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [ 216.870184][ T5811] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 216.878205][ T5811] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 216.886216][ T5811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 216.894239][ T5811] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000035 [ 216.902290][ T5811] [pid 5075] rmdir("./59/file0") = 0 [pid 5075] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./59/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./59") = 0 [pid 5075] mkdir("./60", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5815 attached [pid 5815] chdir("./60" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 62 [pid 5815] <... chdir resumed>) = 0 [pid 5815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5815] setpgid(0, 0) = 0 [pid 5815] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5815] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5815] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5815] write(3, "1000", 4) = 4 [pid 5815] close(3) = 0 [pid 5815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5815] mkdir("./file0", 000) = 0 [pid 5815] open("./file0", O_RDONLY) = 3 [ 216.925453][ T5811] memory: usage 8kB, limit 0kB, failcnt 55 [ 216.936377][ T5811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 216.950885][ T5811] Memory cgroup stats for /syz1: [ 216.951101][ T5811] anon 0 [ 216.951101][ T5811] file 0 [ 216.951101][ T5811] kernel 8192 [ 216.951101][ T5811] kernel_stack 0 [ 216.951101][ T5811] pagetables 0 [ 216.951101][ T5811] sec_pagetables 0 [ 216.951101][ T5811] percpu 0 [pid 5815] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5815] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5815] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5815] openat(5, "memory.max", O_RDWR) = 6 [ 216.951101][ T5811] sock 0 [ 216.951101][ T5811] vmalloc 0 [ 216.951101][ T5811] shmem 0 [ 216.951101][ T5811] zswap 0 [ 216.951101][ T5811] zswapped 0 [ 216.951101][ T5811] file_mapped 0 [ 216.951101][ T5811] file_dirty 0 [ 216.951101][ T5811] file_writeback 0 [ 216.951101][ T5811] swapcached 0 [ 216.951101][ T5811] anon_thp 0 [ 216.951101][ T5811] file_thp 0 [ 216.951101][ T5811] shmem_thp 0 [ 216.951101][ T5811] inactive_anon 0 [ 216.951101][ T5811] active_anon 0 [ 216.951101][ T5811] inactive_file 0 [ 216.951101][ T5811] active_file 0 [pid 5815] write(6, "0x000000000000040e", 18 [pid 5811] <... write resumed>) = 18 [pid 5811] close(3) = 0 [pid 5811] close(4) = 0 [ 216.951101][ T5811] unevictable 0 [ 216.951101][ T5811] slab_reclaimable 6752 [ 216.951101][ T5811] slab_unreclaimable 0 [ 216.951101][ T5811] slab 6752 [ 216.951101][ T5811] workingset_refault_anon 0 [ 217.049275][ T5811] Tasks state (memory values in pages): [ 217.055211][ T5811] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 217.065252][ T5811] Out of memory and no killable processes... [pid 5811] close(5) = 0 [pid 5811] close(6) = 0 [pid 5811] close(7) = -1 EBADF (Bad file descriptor) [pid 5811] close(8) = -1 EBADF (Bad file descriptor) [pid 5811] close(9) = -1 EBADF (Bad file descriptor) [pid 5811] close(10) = -1 EBADF (Bad file descriptor) [pid 5811] close(11) = -1 EBADF (Bad file descriptor) [pid 5811] close(12) = -1 EBADF (Bad file descriptor) [pid 5811] close(13) = -1 EBADF (Bad file descriptor) [pid 5811] close(14) = -1 EBADF (Bad file descriptor) [pid 5811] close(15) = -1 EBADF (Bad file descriptor) [pid 5811] close(16) = -1 EBADF (Bad file descriptor) [pid 5811] close(17) = -1 EBADF (Bad file descriptor) [pid 5811] close(18) = -1 EBADF (Bad file descriptor) [pid 5811] close(19) = -1 EBADF (Bad file descriptor) [pid 5811] close(20) = -1 EBADF (Bad file descriptor) [pid 5811] close(21) = -1 EBADF (Bad file descriptor) [pid 5811] close(22) = -1 EBADF (Bad file descriptor) [pid 5811] close(23) = -1 EBADF (Bad file descriptor) [pid 5811] close(24) = -1 EBADF (Bad file descriptor) [pid 5811] close(25) = -1 EBADF (Bad file descriptor) [pid 5811] close(26) = -1 EBADF (Bad file descriptor) [pid 5811] close(27) = -1 EBADF (Bad file descriptor) [pid 5811] close(28) = -1 EBADF (Bad file descriptor) [pid 5811] close(29) = -1 EBADF (Bad file descriptor) [pid 5811] exit_group(0) = ? [ 217.072259][ T5812] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 217.089580][ T5812] CPU: 0 PID: 5812 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 217.100072][ T5812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 217.110182][ T5812] Call Trace: [ 217.113521][ T5812] [ 217.116509][ T5812] dump_stack_lvl+0x1e7/0x2d0 [ 217.121250][ T5812] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5811] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./53/binderfs") = 0 [pid 5070] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./53/cgroup") = 0 [pid 5070] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./53/cgroup.net") = 0 [ 217.126768][ T5812] ? panic+0x770/0x770 [ 217.130923][ T5812] dump_header+0xdc/0x940 [ 217.135318][ T5812] out_of_memory+0xf21/0x12c0 [ 217.140067][ T5812] ? mutex_lock_io_nested+0x60/0x60 [ 217.145341][ T5812] ? preempt_schedule+0xdd/0xf0 [ 217.150254][ T5812] ? unregister_oom_notifier+0x20/0x20 [ 217.155777][ T5812] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 217.161843][ T5812] mem_cgroup_out_of_memory+0x263/0x3b0 [ 217.167463][ T5812] ? preempt_schedule_thunk+0x1a/0x20 [ 217.172906][ T5812] ? mem_cgroup_oom_trylock+0x210/0x210 [ 217.178514][ T5812] ? cgroup_file_notify+0x127/0x190 [ 217.183741][ T5812] memory_max_write+0x355/0x470 [ 217.188623][ T5812] ? memory_max_show+0xa0/0xa0 [ 217.193410][ T5812] ? read_lock_is_recursive+0x20/0x20 [ 217.198813][ T5812] ? memory_max_show+0xa0/0xa0 [ 217.203606][ T5812] cgroup_file_write+0x2b1/0x780 [ 217.208565][ T5812] ? cgroup_seqfile_stop+0xd0/0xd0 [ 217.213727][ T5812] ? __virt_addr_valid+0x22f/0x2e0 [ 217.218871][ T5812] ? cgroup_seqfile_stop+0xd0/0xd0 [ 217.224009][ T5812] kernfs_fop_write_iter+0x3a6/0x4f0 [ 217.229361][ T5812] vfs_write+0x7b2/0xbb0 [ 217.233651][ T5812] ? file_end_write+0x240/0x240 [ 217.238526][ T5812] ? do_raw_spin_unlock+0x13b/0x8b0 [ 217.243746][ T5812] ? lockdep_hardirqs_on+0x98/0x140 [ 217.248989][ T5812] ? __fdget_pos+0x265/0x2f0 [ 217.253625][ T5812] ksys_write+0x1a0/0x2c0 [ 217.257977][ T5812] ? __ia32_sys_read+0x90/0x90 [ 217.262771][ T5812] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 217.268813][ T5812] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 217.274853][ T5812] do_syscall_64+0x41/0xc0 [ 217.279329][ T5812] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.285280][ T5812] RIP: 0033:0x7fd49ce20129 [ 217.289758][ T5812] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 217.309413][ T5812] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 217.317876][ T5812] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5070] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 217.325863][ T5812] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 217.333862][ T5812] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 217.341882][ T5812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 217.349896][ T5812] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003d [ 217.357934][ T5812] [ 217.366698][ T5812] memory: usage 8kB, limit 0kB, failcnt 55 [ 217.372566][ T5812] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./53/file0") = 0 [pid 5070] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./53/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./53") = 0 [pid 5070] mkdir("./54", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 56 [ 217.379589][ T5812] Memory cgroup stats for /syz1: [ 217.379787][ T5812] anon 0 [ 217.379787][ T5812] file 0 [ 217.379787][ T5812] kernel 8192 [ 217.379787][ T5812] kernel_stack 0 [ 217.379787][ T5812] pagetables 0 [ 217.379787][ T5812] sec_pagetables 0 [ 217.379787][ T5812] percpu 0 [ 217.379787][ T5812] sock 0 [ 217.379787][ T5812] vmalloc 0 [ 217.379787][ T5812] shmem 0 [ 217.379787][ T5812] zswap 0 [ 217.379787][ T5812] zswapped 0 [ 217.379787][ T5812] file_mapped 0 [ 217.379787][ T5812] file_dirty 0 ./strace-static-x86_64: Process 5816 attached [pid 5816] chdir("./54") = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5816] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5816] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 217.379787][ T5812] file_writeback 0 [ 217.379787][ T5812] swapcached 0 [ 217.379787][ T5812] anon_thp 0 [ 217.379787][ T5812] file_thp 0 [ 217.379787][ T5812] shmem_thp 0 [ 217.379787][ T5812] inactive_anon 0 [ 217.379787][ T5812] active_anon 0 [ 217.379787][ T5812] inactive_file 0 [ 217.379787][ T5812] active_file 0 [ 217.379787][ T5812] unevictable 0 [ 217.379787][ T5812] slab_reclaimable 6752 [ 217.379787][ T5812] slab_unreclaimable 0 [ 217.379787][ T5812] slab 6752 [ 217.379787][ T5812] workingset_refault_anon 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] mkdir("./file0", 000) = 0 [pid 5816] open("./file0", O_RDONLY) = 3 [pid 5816] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5816] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5816] openat(4, "syz1", O_RDWR|O_PATH [pid 5812] <... write resumed>) = 18 [pid 5816] <... openat resumed>) = 5 [pid 5816] openat(5, "memory.max", O_RDWR) = 6 [ 217.482428][ T5812] Tasks state (memory values in pages): [ 217.488495][ T5812] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 217.498392][ T5812] Out of memory and no killable processes... [ 217.504480][ T5813] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 217.515316][ T5813] CPU: 0 PID: 5813 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5816] write(6, "0x000000000000040e", 18 [pid 5812] close(3) = 0 [pid 5812] close(4) = 0 [pid 5812] close(5) = 0 [ 217.525807][ T5813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 217.535916][ T5813] Call Trace: [ 217.539239][ T5813] [ 217.542210][ T5813] dump_stack_lvl+0x1e7/0x2d0 [ 217.546946][ T5813] ? nf_tcp_handle_invalid+0x640/0x640 [ 217.552463][ T5813] ? panic+0x770/0x770 [ 217.556596][ T5813] dump_header+0xdc/0x940 [ 217.560985][ T5813] out_of_memory+0xf21/0x12c0 [ 217.565721][ T5813] ? mutex_lock_io_nested+0x60/0x60 [ 217.570990][ T5813] ? preempt_schedule+0xdd/0xf0 [ 217.575897][ T5813] ? unregister_oom_notifier+0x20/0x20 [pid 5812] close(6) = 0 [pid 5812] close(7) = -1 EBADF (Bad file descriptor) [pid 5812] close(8) = -1 EBADF (Bad file descriptor) [pid 5812] close(9) = -1 EBADF (Bad file descriptor) [pid 5812] close(10) = -1 EBADF (Bad file descriptor) [pid 5812] close(11) = -1 EBADF (Bad file descriptor) [pid 5812] close(12) = -1 EBADF (Bad file descriptor) [pid 5812] close(13) = -1 EBADF (Bad file descriptor) [pid 5812] close(14) = -1 EBADF (Bad file descriptor) [pid 5812] close(15) = -1 EBADF (Bad file descriptor) [pid 5812] close(16) = -1 EBADF (Bad file descriptor) [ 217.581417][ T5813] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 217.587483][ T5813] mem_cgroup_out_of_memory+0x263/0x3b0 [ 217.593095][ T5813] ? preempt_schedule_thunk+0x1a/0x20 [ 217.598536][ T5813] ? mem_cgroup_oom_trylock+0x210/0x210 [ 217.604169][ T5813] ? cgroup_file_notify+0x127/0x190 [ 217.609431][ T5813] memory_max_write+0x355/0x470 [ 217.614317][ T5813] ? memory_max_show+0xa0/0xa0 [ 217.619112][ T5813] ? read_lock_is_recursive+0x20/0x20 [ 217.624513][ T5813] ? memory_max_show+0xa0/0xa0 [ 217.629299][ T5813] cgroup_file_write+0x2b1/0x780 [ 217.634271][ T5813] ? cgroup_seqfile_stop+0xd0/0xd0 [ 217.639460][ T5813] ? __virt_addr_valid+0x22f/0x2e0 [ 217.644605][ T5813] ? cgroup_seqfile_stop+0xd0/0xd0 [ 217.649736][ T5813] kernfs_fop_write_iter+0x3a6/0x4f0 [ 217.655053][ T5813] vfs_write+0x7b2/0xbb0 [ 217.659330][ T5813] ? file_end_write+0x240/0x240 [ 217.664210][ T5813] ? do_raw_spin_unlock+0x13b/0x8b0 [ 217.669433][ T5813] ? lockdep_hardirqs_on+0x98/0x140 [ 217.674661][ T5813] ? __fdget_pos+0x265/0x2f0 [ 217.679274][ T5813] ksys_write+0x1a0/0x2c0 [ 217.683632][ T5813] ? __ia32_sys_read+0x90/0x90 [ 217.688441][ T5813] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 217.694476][ T5813] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 217.700503][ T5813] do_syscall_64+0x41/0xc0 [ 217.704975][ T5813] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.710922][ T5813] RIP: 0033:0x7fd49ce20129 [ 217.715365][ T5813] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 217.734998][ T5813] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 217.743455][ T5813] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 217.751449][ T5813] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 217.759434][ T5813] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 217.767425][ T5813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 217.775423][ T5813] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000039 [pid 5812] close(17) = -1 EBADF (Bad file descriptor) [pid 5812] close(18) = -1 EBADF (Bad file descriptor) [pid 5812] close(19) = -1 EBADF (Bad file descriptor) [pid 5812] close(20) = -1 EBADF (Bad file descriptor) [pid 5812] close(21) = -1 EBADF (Bad file descriptor) [pid 5812] close(22) = -1 EBADF (Bad file descriptor) [pid 5812] close(23) = -1 EBADF (Bad file descriptor) [pid 5812] close(24) = -1 EBADF (Bad file descriptor) [pid 5812] close(25) = -1 EBADF (Bad file descriptor) [pid 5812] close(26) = -1 EBADF (Bad file descriptor) [pid 5812] close(27) = -1 EBADF (Bad file descriptor) [pid 5812] close(28) = -1 EBADF (Bad file descriptor) [pid 5812] close(29) = -1 EBADF (Bad file descriptor) [pid 5812] exit_group(0) = ? [pid 5812] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 217.783430][ T5813] [pid 5074] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./61/binderfs") = 0 [pid 5074] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./61/cgroup") = 0 [pid 5074] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./61/cgroup.net") = 0 [ 217.824008][ T5813] memory: usage 8kB, limit 0kB, failcnt 55 [ 217.830188][ T5813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 217.837276][ T5813] Memory cgroup stats for /syz1: [ 217.837488][ T5813] anon 0 [ 217.837488][ T5813] file 0 [ 217.837488][ T5813] kernel 8192 [ 217.837488][ T5813] kernel_stack 0 [ 217.837488][ T5813] pagetables 0 [ 217.837488][ T5813] sec_pagetables 0 [ 217.837488][ T5813] percpu 0 [ 217.837488][ T5813] sock 0 [ 217.837488][ T5813] vmalloc 0 [ 217.837488][ T5813] shmem 0 [ 217.837488][ T5813] zswap 0 [ 217.837488][ T5813] zswapped 0 [ 217.837488][ T5813] file_mapped 0 [ 217.837488][ T5813] file_dirty 0 [ 217.837488][ T5813] file_writeback 0 [ 217.837488][ T5813] swapcached 0 [ 217.837488][ T5813] anon_thp 0 [ 217.837488][ T5813] file_thp 0 [ 217.837488][ T5813] shmem_thp 0 [ 217.837488][ T5813] inactive_anon 0 [ 217.837488][ T5813] active_anon 0 [ 217.837488][ T5813] inactive_file 0 [ 217.837488][ T5813] active_file 0 [ 217.837488][ T5813] unevictable 0 [ 217.837488][ T5813] slab_reclaimable 6752 [pid 5074] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./61/file0") = 0 [pid 5074] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./61/cgroup.cpu") = 0 [pid 5813] <... write resumed>) = 18 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [ 217.837488][ T5813] slab_unreclaimable 0 [ 217.837488][ T5813] slab 6752 [ 217.837488][ T5813] workingset_refault_anon 0 [ 217.936410][ T5813] Tasks state (memory values in pages): [ 217.942301][ T5813] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 217.952429][ T5813] Out of memory and no killable processes... [ 217.959606][ T5814] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5074] rmdir("./61") = 0 [pid 5074] mkdir("./62", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 64 [pid 5813] close(3) = 0 [pid 5813] close(4) = 0 [pid 5813] close(5) = 0 [pid 5813] close(6) = 0 [ 217.971198][ T5814] CPU: 1 PID: 5814 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 217.981677][ T5814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 217.991784][ T5814] Call Trace: [ 217.995106][ T5814] [ 217.998080][ T5814] dump_stack_lvl+0x1e7/0x2d0 [ 218.002817][ T5814] ? nf_tcp_handle_invalid+0x640/0x640 [ 218.008333][ T5814] ? panic+0x770/0x770 [ 218.012481][ T5814] dump_header+0xdc/0x940 [ 218.016880][ T5814] out_of_memory+0xf21/0x12c0 [pid 5813] close(7) = -1 EBADF (Bad file descriptor) [pid 5813] close(8) = -1 EBADF (Bad file descriptor) [pid 5813] close(9) = -1 EBADF (Bad file descriptor) [pid 5813] close(10) = -1 EBADF (Bad file descriptor) [pid 5813] close(11) = -1 EBADF (Bad file descriptor) [pid 5813] close(12) = -1 EBADF (Bad file descriptor) [pid 5813] close(13) = -1 EBADF (Bad file descriptor) [pid 5813] close(14) = -1 EBADF (Bad file descriptor) [pid 5813] close(15) = -1 EBADF (Bad file descriptor) [ 218.021619][ T5814] ? mutex_lock_io_nested+0x60/0x60 [ 218.026884][ T5814] ? preempt_schedule+0xdd/0xf0 [ 218.031796][ T5814] ? unregister_oom_notifier+0x20/0x20 [ 218.037310][ T5814] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 218.043379][ T5814] mem_cgroup_out_of_memory+0x263/0x3b0 [ 218.048989][ T5814] ? preempt_schedule_thunk+0x1a/0x20 [ 218.054431][ T5814] ? mem_cgroup_oom_trylock+0x210/0x210 [ 218.060062][ T5814] ? cgroup_file_notify+0x127/0x190 [ 218.065329][ T5814] memory_max_write+0x355/0x470 [ 218.070260][ T5814] ? memory_max_show+0xa0/0xa0 [ 218.075082][ T5814] ? read_lock_is_recursive+0x20/0x20 [ 218.080507][ T5814] ? memory_max_show+0xa0/0xa0 [ 218.085304][ T5814] cgroup_file_write+0x2b1/0x780 [ 218.090277][ T5814] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.095408][ T5814] ? __virt_addr_valid+0x22f/0x2e0 [ 218.100556][ T5814] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.105680][ T5814] kernfs_fop_write_iter+0x3a6/0x4f0 [ 218.110992][ T5814] vfs_write+0x7b2/0xbb0 [ 218.115269][ T5814] ? file_end_write+0x240/0x240 [ 218.120150][ T5814] ? do_raw_spin_unlock+0x13b/0x8b0 [ 218.125376][ T5814] ? lockdep_hardirqs_on+0x98/0x140 [ 218.130609][ T5814] ? __fdget_pos+0x265/0x2f0 [ 218.135224][ T5814] ksys_write+0x1a0/0x2c0 [ 218.139615][ T5814] ? __ia32_sys_read+0x90/0x90 [ 218.144402][ T5814] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 218.150416][ T5814] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 218.156426][ T5814] do_syscall_64+0x41/0xc0 [ 218.160866][ T5814] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 218.166786][ T5814] RIP: 0033:0x7fd49ce20129 [ 218.171219][ T5814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 218.190852][ T5814] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.199291][ T5814] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 218.207318][ T5814] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 218.215310][ T5814] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5813] close(16) = -1 EBADF (Bad file descriptor) [pid 5813] close(17) = -1 EBADF (Bad file descriptor) [pid 5813] close(18) = -1 EBADF (Bad file descriptor) [pid 5813] close(19) = -1 EBADF (Bad file descriptor) [pid 5813] close(20) = -1 EBADF (Bad file descriptor) [pid 5813] close(21) = -1 EBADF (Bad file descriptor) [pid 5813] close(22) = -1 EBADF (Bad file descriptor) [pid 5813] close(23) = -1 EBADF (Bad file descriptor) [pid 5813] close(24) = -1 EBADF (Bad file descriptor) [pid 5813] close(25) = -1 EBADF (Bad file descriptor) [pid 5813] close(26) = -1 EBADF (Bad file descriptor) [pid 5813] close(27) = -1 EBADF (Bad file descriptor) [pid 5813] close(28) = -1 EBADF (Bad file descriptor) [pid 5813] close(29) = -1 EBADF (Bad file descriptor) [pid 5813] exit_group(0) = ? [pid 5813] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./57/binderfs") = 0 [pid 5073] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./57/cgroup") = 0 [pid 5073] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./57/cgroup.net") = 0 [pid 5073] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5817 attached [pid 5817] chdir("./62") = 0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] setpgid(0, 0) = 0 [pid 5817] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5817] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5817] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5817] write(3, "1000", 4) = 4 [pid 5817] close(3) = 0 [pid 5817] symlink("/dev/binderfs", "./binderfs") = 0 [ 218.223301][ T5814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 218.231297][ T5814] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000036 [ 218.239313][ T5814] [ 218.245597][ T5814] memory: usage 8kB, limit 0kB, failcnt 55 [ 218.252314][ T5814] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 218.259411][ T5814] Memory cgroup stats for /syz1: [ 218.259620][ T5814] anon 0 [ 218.259620][ T5814] file 0 [ 218.259620][ T5814] kernel 8192 [pid 5817] mkdir("./file0", 000 [pid 5073] <... umount2 resumed>) = 0 [pid 5817] <... mkdir resumed>) = 0 [pid 5817] open("./file0", O_RDONLY) = 3 [pid 5817] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5817] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5817] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5817] openat(5, "memory.max", O_RDWR) = 6 [pid 5817] write(6, "0x000000000000040e", 18 [pid 5073] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./57/file0") = 0 [pid 5073] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./57/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 218.259620][ T5814] kernel_stack 0 [ 218.259620][ T5814] pagetables 0 [ 218.259620][ T5814] sec_pagetables 0 [ 218.259620][ T5814] percpu 0 [ 218.259620][ T5814] sock 0 [ 218.259620][ T5814] vmalloc 0 [ 218.259620][ T5814] shmem 0 [ 218.259620][ T5814] zswap 0 [ 218.259620][ T5814] zswapped 0 [ 218.259620][ T5814] file_mapped 0 [ 218.259620][ T5814] file_dirty 0 [ 218.259620][ T5814] file_writeback 0 [ 218.259620][ T5814] swapcached 0 [ 218.259620][ T5814] anon_thp 0 [ 218.259620][ T5814] file_thp 0 [ 218.259620][ T5814] shmem_thp 0 [ 218.259620][ T5814] inactive_anon 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./57") = 0 [pid 5073] mkdir("./58", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 60 ./strace-static-x86_64: Process 5818 attached [pid 5818] chdir("./58") = 0 [pid 5818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5818] setpgid(0, 0) = 0 [ 218.259620][ T5814] active_anon 0 [ 218.259620][ T5814] inactive_file 0 [ 218.259620][ T5814] active_file 0 [ 218.259620][ T5814] unevictable 0 [ 218.259620][ T5814] slab_reclaimable 6752 [ 218.259620][ T5814] slab_unreclaimable 0 [ 218.259620][ T5814] slab 6752 [ 218.259620][ T5814] workingset_refault_anon 0 [ 218.359168][ T5814] Tasks state (memory values in pages): [ 218.365255][ T5814] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5818] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5818] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5818] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5814] <... write resumed>) = 18 [pid 5814] close(3) = 0 [pid 5814] close(4) = 0 [pid 5814] close(5) = 0 [pid 5814] close(6) = 0 [pid 5814] close(7) = -1 EBADF (Bad file descriptor) [pid 5814] close(8) = -1 EBADF (Bad file descriptor) [pid 5814] close(9) = -1 EBADF (Bad file descriptor) [pid 5814] close(10) = -1 EBADF (Bad file descriptor) [pid 5814] close(11) = -1 EBADF (Bad file descriptor) [pid 5814] close(12) = -1 EBADF (Bad file descriptor) [pid 5814] close(13) = -1 EBADF (Bad file descriptor) [pid 5814] close(14) = -1 EBADF (Bad file descriptor) [pid 5814] close(15) = -1 EBADF (Bad file descriptor) [pid 5814] close(16) = -1 EBADF (Bad file descriptor) [pid 5814] close(17) = -1 EBADF (Bad file descriptor) [pid 5814] close(18) = -1 EBADF (Bad file descriptor) [pid 5814] close(19) = -1 EBADF (Bad file descriptor) [pid 5814] close(20) = -1 EBADF (Bad file descriptor) [pid 5814] close(21) = -1 EBADF (Bad file descriptor) [pid 5814] close(22) = -1 EBADF (Bad file descriptor) [pid 5814] close(23) = -1 EBADF (Bad file descriptor) [pid 5814] close(24) = -1 EBADF (Bad file descriptor) [pid 5814] close(25) = -1 EBADF (Bad file descriptor) [pid 5814] close(26) = -1 EBADF (Bad file descriptor) [pid 5814] close(27) = -1 EBADF (Bad file descriptor) [pid 5814] close(28) = -1 EBADF (Bad file descriptor) [pid 5814] close(29) = -1 EBADF (Bad file descriptor) [pid 5814] exit_group(0) = ? [pid 5818] <... symlink resumed>) = 0 [pid 5814] +++ exited with 0 +++ [pid 5818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5818] write(3, "1000", 4) = 4 [pid 5818] close(3) = 0 [pid 5818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5818] mkdir("./file0", 000) = 0 [pid 5818] open("./file0", O_RDONLY) = 3 [pid 5818] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5818] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5818] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5818] openat(5, "memory.max", O_RDWR) = 6 [ 218.375105][ T5814] Out of memory and no killable processes... [ 218.381290][ T5815] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 218.397406][ T5815] CPU: 1 PID: 5815 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 218.407885][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 218.417991][ T5815] Call Trace: [ 218.421306][ T5815] [pid 5818] write(6, "0x000000000000040e", 18 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5072] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./54/binderfs") = 0 [pid 5072] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./54/cgroup") = 0 [pid 5072] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./54/cgroup.net") = 0 [ 218.424282][ T5815] dump_stack_lvl+0x1e7/0x2d0 [ 218.429019][ T5815] ? nf_tcp_handle_invalid+0x640/0x640 [ 218.434539][ T5815] ? panic+0x770/0x770 [ 218.438689][ T5815] dump_header+0xdc/0x940 [ 218.443090][ T5815] out_of_memory+0xf21/0x12c0 [ 218.447821][ T5815] ? mutex_lock_io_nested+0x60/0x60 [ 218.453067][ T5815] ? mark_lock+0x9a/0x340 [ 218.457441][ T5815] ? unregister_oom_notifier+0x20/0x20 [ 218.462978][ T5815] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 218.469041][ T5815] mem_cgroup_out_of_memory+0x263/0x3b0 [ 218.474674][ T5815] ? mem_cgroup_oom_trylock+0x210/0x210 [ 218.480303][ T5815] ? cgroup_file_notify+0x127/0x190 [ 218.485583][ T5815] memory_max_write+0x355/0x470 [ 218.490487][ T5815] ? memory_max_show+0xa0/0xa0 [ 218.495286][ T5815] ? read_lock_is_recursive+0x20/0x20 [ 218.500686][ T5815] ? memory_max_show+0xa0/0xa0 [ 218.505488][ T5815] cgroup_file_write+0x2b1/0x780 [ 218.510474][ T5815] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.515612][ T5815] ? __virt_addr_valid+0x22f/0x2e0 [ 218.520762][ T5815] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.525893][ T5815] kernfs_fop_write_iter+0x3a6/0x4f0 [ 218.531219][ T5815] vfs_write+0x7b2/0xbb0 [ 218.535497][ T5815] ? file_end_write+0x240/0x240 [ 218.540386][ T5815] ? do_raw_spin_unlock+0x13b/0x8b0 [ 218.545624][ T5815] ? lockdep_hardirqs_on+0x98/0x140 [ 218.550951][ T5815] ? __fdget_pos+0x265/0x2f0 [ 218.555585][ T5815] ksys_write+0x1a0/0x2c0 [ 218.559954][ T5815] ? __ia32_sys_read+0x90/0x90 [ 218.564758][ T5815] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 218.570785][ T5815] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 218.576829][ T5815] do_syscall_64+0x41/0xc0 [ 218.581273][ T5815] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 218.587222][ T5815] RIP: 0033:0x7fd49ce20129 [ 218.591661][ T5815] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 218.611299][ T5815] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.619743][ T5815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 218.627769][ T5815] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 218.635788][ T5815] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 218.643785][ T5815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 218.651776][ T5815] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003c [ 218.659790][ T5815] [ 218.666822][ T5815] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5072] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./54/file0") = 0 [pid 5072] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./54/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 218.672713][ T5815] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] rmdir("./54") = 0 [pid 5072] mkdir("./55", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5819 attached [pid 5819] chdir("./55" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 57 [pid 5819] <... chdir resumed>) = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5819] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5819] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [ 218.705055][ T5815] Memory cgroup stats for /syz1: [ 218.705376][ T5815] anon 0 [ 218.705376][ T5815] file 0 [ 218.705376][ T5815] kernel 8192 [ 218.705376][ T5815] kernel_stack 0 [ 218.705376][ T5815] pagetables 0 [ 218.705376][ T5815] sec_pagetables 0 [ 218.705376][ T5815] percpu 0 [ 218.705376][ T5815] sock 0 [ 218.705376][ T5815] vmalloc 0 [ 218.705376][ T5815] shmem 0 [ 218.705376][ T5815] zswap 0 [ 218.705376][ T5815] zswapped 0 [ 218.705376][ T5815] file_mapped 0 [ 218.705376][ T5815] file_dirty 0 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] mkdir("./file0", 000) = 0 [pid 5819] open("./file0", O_RDONLY) = 3 [pid 5819] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5819] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5819] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5819] openat(5, "memory.max", O_RDWR) = 6 [ 218.705376][ T5815] file_writeback 0 [ 218.705376][ T5815] swapcached 0 [ 218.705376][ T5815] anon_thp 0 [ 218.705376][ T5815] file_thp 0 [ 218.705376][ T5815] shmem_thp 0 [ 218.705376][ T5815] inactive_anon 0 [ 218.705376][ T5815] active_anon 0 [ 218.705376][ T5815] inactive_file 0 [ 218.705376][ T5815] active_file 0 [ 218.705376][ T5815] unevictable 0 [ 218.705376][ T5815] slab_reclaimable 6752 [ 218.705376][ T5815] slab_unreclaimable 0 [ 218.705376][ T5815] slab 6752 [ 218.705376][ T5815] workingset_refault_anon 0 [pid 5819] write(6, "0x000000000000040e", 18 [pid 5815] <... write resumed>) = 18 [ 218.802206][ T5815] Tasks state (memory values in pages): [ 218.809336][ T5815] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 218.819487][ T5815] Out of memory and no killable processes... [ 218.825577][ T5816] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 218.836729][ T5816] CPU: 1 PID: 5816 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 218.847282][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 218.857386][ T5816] Call Trace: [ 218.860714][ T5816] [ 218.863658][ T5816] dump_stack_lvl+0x1e7/0x2d0 [ 218.868470][ T5816] ? nf_tcp_handle_invalid+0x640/0x640 [ 218.873962][ T5816] ? panic+0x770/0x770 [ 218.878103][ T5816] dump_header+0xdc/0x940 [ 218.882469][ T5816] out_of_memory+0xf21/0x12c0 [ 218.887175][ T5816] ? mutex_lock_io_nested+0x60/0x60 [ 218.892425][ T5816] ? preempt_schedule+0xdd/0xf0 [ 218.897319][ T5816] ? unregister_oom_notifier+0x20/0x20 [ 218.902832][ T5816] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 218.908868][ T5816] mem_cgroup_out_of_memory+0x263/0x3b0 [ 218.914440][ T5816] ? preempt_schedule_thunk+0x1a/0x20 [ 218.919834][ T5816] ? mem_cgroup_oom_trylock+0x210/0x210 [ 218.925429][ T5816] ? cgroup_file_notify+0x127/0x190 [ 218.930681][ T5816] memory_max_write+0x355/0x470 [ 218.935564][ T5816] ? memory_max_show+0xa0/0xa0 [ 218.940379][ T5816] ? read_lock_is_recursive+0x20/0x20 [ 218.945776][ T5816] ? memory_max_show+0xa0/0xa0 [ 218.950593][ T5816] cgroup_file_write+0x2b1/0x780 [ 218.955549][ T5816] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.960670][ T5816] ? __virt_addr_valid+0x22f/0x2e0 [ 218.965814][ T5816] ? cgroup_seqfile_stop+0xd0/0xd0 [ 218.970937][ T5816] kernfs_fop_write_iter+0x3a6/0x4f0 [ 218.976349][ T5816] vfs_write+0x7b2/0xbb0 [ 218.980630][ T5816] ? file_end_write+0x240/0x240 [ 218.985513][ T5816] ? do_raw_spin_unlock+0x13b/0x8b0 [ 218.990747][ T5816] ? lockdep_hardirqs_on+0x98/0x140 [ 218.995991][ T5816] ? __fdget_pos+0x265/0x2f0 [ 219.000622][ T5816] ksys_write+0x1a0/0x2c0 [ 219.004984][ T5816] ? __ia32_sys_read+0x90/0x90 [ 219.009768][ T5816] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 219.015792][ T5816] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 219.021825][ T5816] do_syscall_64+0x41/0xc0 [ 219.026334][ T5816] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 219.032299][ T5816] RIP: 0033:0x7fd49ce20129 [ 219.036803][ T5816] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 219.056548][ T5816] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 219.065029][ T5816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 219.073063][ T5816] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 219.081080][ T5816] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 219.089072][ T5816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 219.097057][ T5816] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000036 [pid 5815] close(3) = 0 [pid 5815] close(4) = 0 [pid 5815] close(5) = 0 [pid 5815] close(6) = 0 [pid 5815] close(7) = -1 EBADF (Bad file descriptor) [pid 5815] close(8) = -1 EBADF (Bad file descriptor) [pid 5815] close(9) = -1 EBADF (Bad file descriptor) [pid 5815] close(10) = -1 EBADF (Bad file descriptor) [pid 5815] close(11) = -1 EBADF (Bad file descriptor) [pid 5815] close(12) = -1 EBADF (Bad file descriptor) [pid 5815] close(13) = -1 EBADF (Bad file descriptor) [pid 5815] close(14) = -1 EBADF (Bad file descriptor) [pid 5815] close(15) = -1 EBADF (Bad file descriptor) [pid 5815] close(16) = -1 EBADF (Bad file descriptor) [pid 5815] close(17) = -1 EBADF (Bad file descriptor) [pid 5815] close(18) = -1 EBADF (Bad file descriptor) [pid 5815] close(19) = -1 EBADF (Bad file descriptor) [pid 5815] close(20) = -1 EBADF (Bad file descriptor) [pid 5815] close(21) = -1 EBADF (Bad file descriptor) [pid 5815] close(22) = -1 EBADF (Bad file descriptor) [pid 5815] close(23) = -1 EBADF (Bad file descriptor) [pid 5815] close(24) = -1 EBADF (Bad file descriptor) [pid 5815] close(25) = -1 EBADF (Bad file descriptor) [pid 5815] close(26) = -1 EBADF (Bad file descriptor) [pid 5815] close(27) = -1 EBADF (Bad file descriptor) [pid 5815] close(28) = -1 EBADF (Bad file descriptor) [pid 5815] close(29) = -1 EBADF (Bad file descriptor) [pid 5815] exit_group(0) = ? [pid 5815] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5075] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./60/binderfs") = 0 [pid 5075] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./60/cgroup") = 0 [pid 5075] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./60/cgroup.net") = 0 [pid 5075] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./60/file0") = 0 [ 219.105098][ T5816] [ 219.127191][ T5816] memory: usage 8kB, limit 0kB, failcnt 55 [ 219.133147][ T5816] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 219.152616][ T5816] Memory cgroup stats for /syz1: [ 219.152838][ T5816] anon 0 [ 219.152838][ T5816] file 0 [ 219.152838][ T5816] kernel 8192 [ 219.152838][ T5816] kernel_stack 0 [ 219.152838][ T5816] pagetables 0 [ 219.152838][ T5816] sec_pagetables 0 [ 219.152838][ T5816] percpu 0 [ 219.152838][ T5816] sock 0 [ 219.152838][ T5816] vmalloc 0 [ 219.152838][ T5816] shmem 0 [ 219.152838][ T5816] zswap 0 [ 219.152838][ T5816] zswapped 0 [ 219.152838][ T5816] file_mapped 0 [ 219.152838][ T5816] file_dirty 0 [ 219.152838][ T5816] file_writeback 0 [ 219.152838][ T5816] swapcached 0 [pid 5075] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./60/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./60") = 0 [pid 5075] mkdir("./61", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached [pid 5820] chdir("./61" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 63 [pid 5820] <... chdir resumed>) = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5820] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5820] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] mkdir("./file0", 000) = 0 [pid 5820] open("./file0", O_RDONLY) = 3 [pid 5820] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5820] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5820] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5820] openat(5, "memory.max", O_RDWR) = 6 [ 219.152838][ T5816] anon_thp 0 [ 219.152838][ T5816] file_thp 0 [ 219.152838][ T5816] shmem_thp 0 [ 219.152838][ T5816] inactive_anon 0 [ 219.152838][ T5816] active_anon 0 [ 219.152838][ T5816] inactive_file 0 [ 219.152838][ T5816] active_file 0 [ 219.152838][ T5816] unevictable 0 [ 219.152838][ T5816] slab_reclaimable 6752 [ 219.152838][ T5816] slab_unreclaimable 0 [ 219.152838][ T5816] slab 6752 [ 219.152838][ T5816] workingset_refault_anon 0 [ 219.251980][ T5816] Tasks state (memory values in pages): [pid 5820] write(6, "0x000000000000040e", 18 [pid 5816] <... write resumed>) = 18 [pid 5816] close(3) = 0 [pid 5816] close(4) = 0 [pid 5816] close(5) = 0 [pid 5816] close(6) = 0 [pid 5816] close(7) = -1 EBADF (Bad file descriptor) [pid 5816] close(8) = -1 EBADF (Bad file descriptor) [pid 5816] close(9) = -1 EBADF (Bad file descriptor) [pid 5816] close(10) = -1 EBADF (Bad file descriptor) [pid 5816] close(11) = -1 EBADF (Bad file descriptor) [pid 5816] close(12) = -1 EBADF (Bad file descriptor) [pid 5816] close(13) = -1 EBADF (Bad file descriptor) [pid 5816] close(14) = -1 EBADF (Bad file descriptor) [pid 5816] close(15) = -1 EBADF (Bad file descriptor) [pid 5816] close(16) = -1 EBADF (Bad file descriptor) [pid 5816] close(17) = -1 EBADF (Bad file descriptor) [pid 5816] close(18) = -1 EBADF (Bad file descriptor) [pid 5816] close(19) = -1 EBADF (Bad file descriptor) [pid 5816] close(20) = -1 EBADF (Bad file descriptor) [pid 5816] close(21) = -1 EBADF (Bad file descriptor) [pid 5816] close(22) = -1 EBADF (Bad file descriptor) [pid 5816] close(23) = -1 EBADF (Bad file descriptor) [pid 5816] close(24) = -1 EBADF (Bad file descriptor) [pid 5816] close(25) = -1 EBADF (Bad file descriptor) [pid 5816] close(26) = -1 EBADF (Bad file descriptor) [pid 5816] close(27) = -1 EBADF (Bad file descriptor) [pid 5816] close(28) = -1 EBADF (Bad file descriptor) [pid 5816] close(29) = -1 EBADF (Bad file descriptor) [pid 5816] exit_group(0) = ? [pid 5816] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./54/binderfs") = 0 [pid 5070] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 219.257773][ T5816] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 219.267351][ T5816] Out of memory and no killable processes... [ 219.273427][ T5817] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 219.285195][ T5817] CPU: 1 PID: 5817 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 219.295673][ T5817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5070] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./54/cgroup") = 0 [pid 5070] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./54/cgroup.net") = 0 [ 219.305773][ T5817] Call Trace: [ 219.309099][ T5817] [ 219.312075][ T5817] dump_stack_lvl+0x1e7/0x2d0 [ 219.316837][ T5817] ? nf_tcp_handle_invalid+0x640/0x640 [ 219.322335][ T5817] ? panic+0x770/0x770 [ 219.326453][ T5817] dump_header+0xdc/0x940 [ 219.330834][ T5817] out_of_memory+0xf21/0x12c0 [ 219.335569][ T5817] ? mutex_lock_io_nested+0x60/0x60 [ 219.340832][ T5817] ? preempt_schedule+0xdd/0xf0 [ 219.345728][ T5817] ? unregister_oom_notifier+0x20/0x20 [ 219.351222][ T5817] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 219.357271][ T5817] mem_cgroup_out_of_memory+0x263/0x3b0 [ 219.362869][ T5817] ? preempt_schedule_thunk+0x1a/0x20 [ 219.368264][ T5817] ? mem_cgroup_oom_trylock+0x210/0x210 [ 219.373885][ T5817] ? cgroup_file_notify+0x127/0x190 [ 219.379146][ T5817] memory_max_write+0x355/0x470 [ 219.384104][ T5817] ? memory_max_show+0xa0/0xa0 [ 219.388932][ T5817] ? read_lock_is_recursive+0x20/0x20 [ 219.394338][ T5817] ? memory_max_show+0xa0/0xa0 [ 219.399127][ T5817] cgroup_file_write+0x2b1/0x780 [ 219.404094][ T5817] ? cgroup_seqfile_stop+0xd0/0xd0 [ 219.409227][ T5817] ? __virt_addr_valid+0x22f/0x2e0 [ 219.414481][ T5817] ? cgroup_seqfile_stop+0xd0/0xd0 [ 219.419633][ T5817] kernfs_fop_write_iter+0x3a6/0x4f0 [ 219.424953][ T5817] vfs_write+0x7b2/0xbb0 [ 219.429227][ T5817] ? file_end_write+0x240/0x240 [ 219.434109][ T5817] ? do_raw_spin_unlock+0x13b/0x8b0 [ 219.439336][ T5817] ? lockdep_hardirqs_on+0x98/0x140 [ 219.444569][ T5817] ? __fdget_pos+0x265/0x2f0 [ 219.449181][ T5817] ksys_write+0x1a0/0x2c0 [ 219.453534][ T5817] ? __ia32_sys_read+0x90/0x90 [ 219.458312][ T5817] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 219.464317][ T5817] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 219.470335][ T5817] do_syscall_64+0x41/0xc0 [ 219.474810][ T5817] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 219.480743][ T5817] RIP: 0033:0x7fd49ce20129 [ 219.485190][ T5817] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 219.504822][ T5817] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 219.513263][ T5817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 219.521269][ T5817] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 219.529302][ T5817] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 219.537305][ T5817] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 219.545317][ T5817] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003e [ 219.553354][ T5817] [pid 5070] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./54/file0") = 0 [pid 5070] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./54/cgroup.cpu") = 0 [ 219.565758][ T5817] memory: usage 8kB, limit 0kB, failcnt 55 [ 219.577567][ T5817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 219.591549][ T5817] Memory cgroup stats for /syz1: [ 219.591759][ T5817] anon 0 [ 219.591759][ T5817] file 0 [ 219.591759][ T5817] kernel 8192 [ 219.591759][ T5817] kernel_stack 0 [ 219.591759][ T5817] pagetables 0 [ 219.591759][ T5817] sec_pagetables 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./54") = 0 [pid 5070] mkdir("./55", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 57 ./strace-static-x86_64: Process 5821 attached [pid 5821] chdir("./55") = 0 [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] setpgid(0, 0) = 0 [ 219.591759][ T5817] percpu 0 [ 219.591759][ T5817] sock 0 [ 219.591759][ T5817] vmalloc 0 [ 219.591759][ T5817] shmem 0 [ 219.591759][ T5817] zswap 0 [ 219.591759][ T5817] zswapped 0 [ 219.591759][ T5817] file_mapped 0 [ 219.591759][ T5817] file_dirty 0 [ 219.591759][ T5817] file_writeback 0 [ 219.591759][ T5817] swapcached 0 [ 219.591759][ T5817] anon_thp 0 [ 219.591759][ T5817] file_thp 0 [ 219.591759][ T5817] shmem_thp 0 [ 219.591759][ T5817] inactive_anon 0 [ 219.591759][ T5817] active_anon 0 [ 219.591759][ T5817] inactive_file 0 [pid 5821] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5821] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5821] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1000", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5821] mkdir("./file0", 000) = 0 [pid 5821] open("./file0", O_RDONLY) = 3 [pid 5821] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5821] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5821] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5821] openat(5, "memory.max", O_RDWR) = 6 [ 219.591759][ T5817] active_file 0 [ 219.591759][ T5817] unevictable 0 [ 219.591759][ T5817] slab_reclaimable 6752 [ 219.591759][ T5817] slab_unreclaimable 0 [ 219.591759][ T5817] slab 6752 [ 219.591759][ T5817] workingset_refault_anon 0 [ 219.690909][ T5817] Tasks state (memory values in pages): [ 219.696669][ T5817] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 219.706175][ T5817] Out of memory and no killable processes... [pid 5821] write(6, "0x000000000000040e", 18 [pid 5817] <... write resumed>) = 18 [ 219.712381][ T5818] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 219.723090][ T5818] CPU: 0 PID: 5818 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 219.733555][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 219.743649][ T5818] Call Trace: [ 219.746966][ T5818] [ 219.749932][ T5818] dump_stack_lvl+0x1e7/0x2d0 [ 219.754668][ T5818] ? nf_tcp_handle_invalid+0x640/0x640 [ 219.760188][ T5818] ? panic+0x770/0x770 [pid 5817] close(3) = 0 [pid 5817] close(4) = 0 [pid 5817] close(5) = 0 [pid 5817] close(6) = 0 [pid 5817] close(7) = -1 EBADF (Bad file descriptor) [pid 5817] close(8) = -1 EBADF (Bad file descriptor) [pid 5817] close(9) = -1 EBADF (Bad file descriptor) [pid 5817] close(10) = -1 EBADF (Bad file descriptor) [pid 5817] close(11) = -1 EBADF (Bad file descriptor) [pid 5817] close(12) = -1 EBADF (Bad file descriptor) [pid 5817] close(13) = -1 EBADF (Bad file descriptor) [pid 5817] close(14) = -1 EBADF (Bad file descriptor) [pid 5817] close(15) = -1 EBADF (Bad file descriptor) [pid 5817] close(16) = -1 EBADF (Bad file descriptor) [pid 5817] close(17) = -1 EBADF (Bad file descriptor) [pid 5817] close(18) = -1 EBADF (Bad file descriptor) [pid 5817] close(19) = -1 EBADF (Bad file descriptor) [pid 5817] close(20) = -1 EBADF (Bad file descriptor) [pid 5817] close(21) = -1 EBADF (Bad file descriptor) [pid 5817] close(22) = -1 EBADF (Bad file descriptor) [pid 5817] close(23) = -1 EBADF (Bad file descriptor) [pid 5817] close(24) = -1 EBADF (Bad file descriptor) [pid 5817] close(25) = -1 EBADF (Bad file descriptor) [pid 5817] close(26) = -1 EBADF (Bad file descriptor) [pid 5817] close(27) = -1 EBADF (Bad file descriptor) [ 219.764323][ T5818] dump_header+0xdc/0x940 [ 219.768705][ T5818] out_of_memory+0xf21/0x12c0 [ 219.773479][ T5818] ? mutex_lock_io_nested+0x60/0x60 [ 219.778743][ T5818] ? preempt_schedule+0xdd/0xf0 [ 219.783652][ T5818] ? unregister_oom_notifier+0x20/0x20 [ 219.789165][ T5818] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 219.795240][ T5818] mem_cgroup_out_of_memory+0x263/0x3b0 [ 219.800841][ T5818] ? preempt_schedule_thunk+0x1a/0x20 [ 219.806281][ T5818] ? mem_cgroup_oom_trylock+0x210/0x210 [ 219.811903][ T5818] ? cgroup_file_notify+0x127/0x190 [pid 5817] close(28) = -1 EBADF (Bad file descriptor) [pid 5817] close(29) = -1 EBADF (Bad file descriptor) [pid 5817] exit_group(0) = ? [pid 5817] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./62/binderfs") = 0 [pid 5074] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./62/cgroup") = 0 [pid 5074] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 219.817170][ T5818] memory_max_write+0x355/0x470 [ 219.822085][ T5818] ? memory_max_show+0xa0/0xa0 [ 219.826899][ T5818] ? read_lock_is_recursive+0x20/0x20 [ 219.832338][ T5818] ? memory_max_show+0xa0/0xa0 [ 219.837158][ T5818] cgroup_file_write+0x2b1/0x780 [ 219.842166][ T5818] ? cgroup_seqfile_stop+0xd0/0xd0 [ 219.847339][ T5818] ? __virt_addr_valid+0x22f/0x2e0 [ 219.852518][ T5818] ? cgroup_seqfile_stop+0xd0/0xd0 [ 219.857673][ T5818] kernfs_fop_write_iter+0x3a6/0x4f0 [ 219.863023][ T5818] vfs_write+0x7b2/0xbb0 [pid 5074] unlink("./62/cgroup.net") = 0 [ 219.867334][ T5818] ? file_end_write+0x240/0x240 [ 219.872253][ T5818] ? do_raw_spin_unlock+0x13b/0x8b0 [ 219.877501][ T5818] ? lockdep_hardirqs_on+0x98/0x140 [ 219.882764][ T5818] ? __fdget_pos+0x265/0x2f0 [ 219.887411][ T5818] ksys_write+0x1a0/0x2c0 [ 219.891811][ T5818] ? __ia32_sys_read+0x90/0x90 [ 219.896671][ T5818] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 219.902716][ T5818] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 219.908770][ T5818] do_syscall_64+0x41/0xc0 [ 219.913245][ T5818] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 219.919219][ T5818] RIP: 0033:0x7fd49ce20129 [ 219.923672][ T5818] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 219.943328][ T5818] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 219.951809][ T5818] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 219.959830][ T5818] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 219.967839][ T5818] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 219.975845][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 219.983850][ T5818] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003a [ 219.991893][ T5818] [ 219.998538][ T5818] memory: usage 8kB, limit 0kB, failcnt 55 [ 220.004934][ T5818] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5074] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 220.013373][ T5818] Memory cgroup stats for /syz1: [ 220.013574][ T5818] anon 0 [ 220.013574][ T5818] file 0 [ 220.013574][ T5818] kernel 8192 [ 220.013574][ T5818] kernel_stack 0 [ 220.013574][ T5818] pagetables 0 [ 220.013574][ T5818] sec_pagetables 0 [ 220.013574][ T5818] percpu 0 [ 220.013574][ T5818] sock 0 [ 220.013574][ T5818] vmalloc 0 [ 220.013574][ T5818] shmem 0 [ 220.013574][ T5818] zswap 0 [ 220.013574][ T5818] zswapped 0 [ 220.013574][ T5818] file_mapped 0 [ 220.013574][ T5818] file_dirty 0 [ 220.013574][ T5818] file_writeback 0 [ 220.013574][ T5818] swapcached 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 220.013574][ T5818] anon_thp 0 [ 220.013574][ T5818] file_thp 0 [ 220.013574][ T5818] shmem_thp 0 [ 220.013574][ T5818] inactive_anon 0 [ 220.013574][ T5818] active_anon 0 [ 220.013574][ T5818] inactive_file 0 [ 220.013574][ T5818] active_file 0 [ 220.013574][ T5818] unevictable 0 [ 220.013574][ T5818] slab_reclaimable 6752 [ 220.013574][ T5818] slab_unreclaimable 0 [ 220.013574][ T5818] slab 6752 [ 220.013574][ T5818] workingset_refault_anon 0 [ 220.111845][ T5818] Tasks state (memory values in pages): [pid 5074] close(4) = 0 [pid 5074] rmdir("./62/file0") = 0 [pid 5074] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./62/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./62") = 0 [pid 5074] mkdir("./63", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... write resumed>) = 18 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 65 ./strace-static-x86_64: Process 5822 attached [pid 5822] chdir("./63") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 220.118755][ T5818] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 220.129680][ T5818] Out of memory and no killable processes... [ 220.136136][ T5819] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 220.147953][ T5819] CPU: 1 PID: 5819 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 220.158430][ T5819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5822] setpgid(0, 0) = 0 [pid 5822] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5822] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5822] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] mkdir("./file0", 000) = 0 [pid 5822] open("./file0", O_RDONLY) = 3 [pid 5822] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5822] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5822] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5818] close(3 [pid 5822] openat(5, "memory.max", O_RDWR) = 6 [ 220.168528][ T5819] Call Trace: [ 220.171853][ T5819] [ 220.174827][ T5819] dump_stack_lvl+0x1e7/0x2d0 [ 220.179564][ T5819] ? nf_tcp_handle_invalid+0x640/0x640 [ 220.185086][ T5819] ? panic+0x770/0x770 [ 220.189235][ T5819] dump_header+0xdc/0x940 [ 220.193616][ T5819] out_of_memory+0xf21/0x12c0 [ 220.198313][ T5819] ? mutex_lock_io_nested+0x60/0x60 [ 220.203548][ T5819] ? preempt_schedule+0xdd/0xf0 [ 220.208482][ T5819] ? unregister_oom_notifier+0x20/0x20 [ 220.213981][ T5819] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 220.220020][ T5819] mem_cgroup_out_of_memory+0x263/0x3b0 [ 220.225624][ T5819] ? preempt_schedule_thunk+0x1a/0x20 [ 220.231052][ T5819] ? mem_cgroup_oom_trylock+0x210/0x210 [ 220.236669][ T5819] ? cgroup_file_notify+0x127/0x190 [ 220.241926][ T5819] memory_max_write+0x355/0x470 [ 220.246837][ T5819] ? memory_max_show+0xa0/0xa0 [ 220.251654][ T5819] ? read_lock_is_recursive+0x20/0x20 [ 220.257085][ T5819] ? memory_max_show+0xa0/0xa0 [ 220.261901][ T5819] cgroup_file_write+0x2b1/0x780 [ 220.266891][ T5819] ? cgroup_seqfile_stop+0xd0/0xd0 [ 220.272048][ T5819] ? __virt_addr_valid+0x22f/0x2e0 [ 220.277256][ T5819] ? cgroup_seqfile_stop+0xd0/0xd0 [ 220.282413][ T5819] kernfs_fop_write_iter+0x3a6/0x4f0 [ 220.287761][ T5819] vfs_write+0x7b2/0xbb0 [ 220.292091][ T5819] ? file_end_write+0x240/0x240 [ 220.297003][ T5819] ? do_raw_spin_unlock+0x13b/0x8b0 [ 220.302255][ T5819] ? lockdep_hardirqs_on+0x98/0x140 [ 220.307522][ T5819] ? __fdget_pos+0x265/0x2f0 [ 220.312164][ T5819] ksys_write+0x1a0/0x2c0 [ 220.316545][ T5819] ? __ia32_sys_read+0x90/0x90 [ 220.321359][ T5819] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 220.327394][ T5819] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 220.333433][ T5819] do_syscall_64+0x41/0xc0 [ 220.337905][ T5819] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.343824][ T5819] RIP: 0033:0x7fd49ce20129 [ 220.348276][ T5819] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5822] write(6, "0x000000000000040e", 18 [pid 5818] <... close resumed>) = 0 [pid 5818] close(4) = 0 [pid 5818] close(5) = 0 [pid 5818] close(6) = 0 [pid 5818] close(7) = -1 EBADF (Bad file descriptor) [pid 5818] close(8) = -1 EBADF (Bad file descriptor) [pid 5818] close(9) = -1 EBADF (Bad file descriptor) [pid 5818] close(10) = -1 EBADF (Bad file descriptor) [pid 5818] close(11) = -1 EBADF (Bad file descriptor) [pid 5818] close(12) = -1 EBADF (Bad file descriptor) [pid 5818] close(13) = -1 EBADF (Bad file descriptor) [pid 5818] close(14) = -1 EBADF (Bad file descriptor) [pid 5818] close(15) = -1 EBADF (Bad file descriptor) [pid 5818] close(16) = -1 EBADF (Bad file descriptor) [pid 5818] close(17) = -1 EBADF (Bad file descriptor) [pid 5818] close(18) = -1 EBADF (Bad file descriptor) [pid 5818] close(19) = -1 EBADF (Bad file descriptor) [pid 5818] close(20) = -1 EBADF (Bad file descriptor) [pid 5818] close(21) = -1 EBADF (Bad file descriptor) [pid 5818] close(22) = -1 EBADF (Bad file descriptor) [pid 5818] close(23) = -1 EBADF (Bad file descriptor) [pid 5818] close(24) = -1 EBADF (Bad file descriptor) [pid 5818] close(25) = -1 EBADF (Bad file descriptor) [pid 5818] close(26) = -1 EBADF (Bad file descriptor) [pid 5818] close(27) = -1 EBADF (Bad file descriptor) [pid 5818] close(28) = -1 EBADF (Bad file descriptor) [pid 5818] close(29) = -1 EBADF (Bad file descriptor) [pid 5818] exit_group(0) = ? [pid 5818] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./58/binderfs") = 0 [pid 5073] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./58/cgroup") = 0 [pid 5073] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./58/cgroup.net") = 0 [pid 5073] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [ 220.367918][ T5819] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 220.376382][ T5819] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 220.384410][ T5819] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 220.392417][ T5819] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 220.400403][ T5819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 220.408393][ T5819] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000037 [ 220.416413][ T5819] [pid 5073] rmdir("./58/file0") = 0 [pid 5073] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./58/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./58") = 0 [pid 5073] mkdir("./59", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached [pid 5823] chdir("./59" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 61 [pid 5823] <... chdir resumed>) = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5823] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5823] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5823] mkdir("./file0", 000) = 0 [pid 5823] open("./file0", O_RDONLY) = 3 [pid 5823] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 220.436610][ T5819] memory: usage 8kB, limit 0kB, failcnt 55 [ 220.443120][ T5819] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 220.457653][ T5819] Memory cgroup stats for /syz1: [ 220.457867][ T5819] anon 0 [ 220.457867][ T5819] file 0 [ 220.457867][ T5819] kernel 8192 [ 220.457867][ T5819] kernel_stack 0 [ 220.457867][ T5819] pagetables 0 [ 220.457867][ T5819] sec_pagetables 0 [ 220.457867][ T5819] percpu 0 [pid 5823] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5823] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5823] openat(5, "memory.max", O_RDWR) = 6 [ 220.457867][ T5819] sock 0 [ 220.457867][ T5819] vmalloc 0 [ 220.457867][ T5819] shmem 0 [ 220.457867][ T5819] zswap 0 [ 220.457867][ T5819] zswapped 0 [ 220.457867][ T5819] file_mapped 0 [ 220.457867][ T5819] file_dirty 0 [ 220.457867][ T5819] file_writeback 0 [ 220.457867][ T5819] swapcached 0 [ 220.457867][ T5819] anon_thp 0 [ 220.457867][ T5819] file_thp 0 [ 220.457867][ T5819] shmem_thp 0 [ 220.457867][ T5819] inactive_anon 0 [ 220.457867][ T5819] active_anon 0 [ 220.457867][ T5819] inactive_file 0 [ 220.457867][ T5819] active_file 0 [pid 5823] write(6, "0x000000000000040e", 18 [pid 5819] <... write resumed>) = 18 [pid 5819] close(3) = 0 [ 220.457867][ T5819] unevictable 0 [ 220.457867][ T5819] slab_reclaimable 6752 [ 220.457867][ T5819] slab_unreclaimable 0 [ 220.457867][ T5819] slab 6752 [ 220.457867][ T5819] workingset_refault_anon 0 [ 220.557588][ T5819] Tasks state (memory values in pages): [ 220.563595][ T5819] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 220.573691][ T5819] Out of memory and no killable processes... [pid 5819] close(4) = 0 [pid 5819] close(5) = 0 [pid 5819] close(6) = 0 [pid 5819] close(7) = -1 EBADF (Bad file descriptor) [pid 5819] close(8) = -1 EBADF (Bad file descriptor) [pid 5819] close(9) = -1 EBADF (Bad file descriptor) [pid 5819] close(10) = -1 EBADF (Bad file descriptor) [pid 5819] close(11) = -1 EBADF (Bad file descriptor) [pid 5819] close(12) = -1 EBADF (Bad file descriptor) [pid 5819] close(13) = -1 EBADF (Bad file descriptor) [pid 5819] close(14) = -1 EBADF (Bad file descriptor) [pid 5819] close(15) = -1 EBADF (Bad file descriptor) [pid 5819] close(16) = -1 EBADF (Bad file descriptor) [pid 5819] close(17) = -1 EBADF (Bad file descriptor) [pid 5819] close(18) = -1 EBADF (Bad file descriptor) [pid 5819] close(19) = -1 EBADF (Bad file descriptor) [pid 5819] close(20) = -1 EBADF (Bad file descriptor) [pid 5819] close(21) = -1 EBADF (Bad file descriptor) [pid 5819] close(22) = -1 EBADF (Bad file descriptor) [pid 5819] close(23) = -1 EBADF (Bad file descriptor) [pid 5819] close(24) = -1 EBADF (Bad file descriptor) [pid 5819] close(25) = -1 EBADF (Bad file descriptor) [pid 5819] close(26) = -1 EBADF (Bad file descriptor) [pid 5819] close(27) = -1 EBADF (Bad file descriptor) [pid 5819] close(28) = -1 EBADF (Bad file descriptor) [pid 5819] close(29) = -1 EBADF (Bad file descriptor) [pid 5819] exit_group(0) = ? [pid 5819] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 220.580649][ T5820] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 220.591236][ T5820] CPU: 0 PID: 5820 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 220.601730][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 220.611831][ T5820] Call Trace: [ 220.615154][ T5820] [ 220.618129][ T5820] dump_stack_lvl+0x1e7/0x2d0 [ 220.622864][ T5820] ? nf_tcp_handle_invalid+0x640/0x640 [ 220.628374][ T5820] ? panic+0x770/0x770 [ 220.632511][ T5820] dump_header+0xdc/0x940 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./55/binderfs") = 0 [pid 5072] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./55/cgroup") = 0 [pid 5072] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./55/cgroup.net") = 0 [ 220.636900][ T5820] out_of_memory+0xf21/0x12c0 [ 220.641636][ T5820] ? mutex_lock_io_nested+0x60/0x60 [ 220.646899][ T5820] ? preempt_schedule+0xdd/0xf0 [ 220.651804][ T5820] ? unregister_oom_notifier+0x20/0x20 [ 220.657318][ T5820] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 220.663368][ T5820] mem_cgroup_out_of_memory+0x263/0x3b0 [ 220.668962][ T5820] ? preempt_schedule_thunk+0x1a/0x20 [ 220.674398][ T5820] ? mem_cgroup_oom_trylock+0x210/0x210 [ 220.680009][ T5820] ? cgroup_file_notify+0x127/0x190 [ 220.685275][ T5820] memory_max_write+0x355/0x470 [ 220.690174][ T5820] ? memory_max_show+0xa0/0xa0 [ 220.694985][ T5820] ? read_lock_is_recursive+0x20/0x20 [ 220.700421][ T5820] ? memory_max_show+0xa0/0xa0 [ 220.705222][ T5820] cgroup_file_write+0x2b1/0x780 [ 220.710198][ T5820] ? cgroup_seqfile_stop+0xd0/0xd0 [ 220.715373][ T5820] ? __virt_addr_valid+0x22f/0x2e0 [ 220.720555][ T5820] ? cgroup_seqfile_stop+0xd0/0xd0 [ 220.725720][ T5820] kernfs_fop_write_iter+0x3a6/0x4f0 [ 220.731070][ T5820] vfs_write+0x7b2/0xbb0 [ 220.735376][ T5820] ? file_end_write+0x240/0x240 [ 220.740283][ T5820] ? do_raw_spin_unlock+0x13b/0x8b0 [ 220.745529][ T5820] ? lockdep_hardirqs_on+0x98/0x140 [ 220.750782][ T5820] ? __fdget_pos+0x265/0x2f0 [ 220.755427][ T5820] ksys_write+0x1a0/0x2c0 [ 220.759815][ T5820] ? __ia32_sys_read+0x90/0x90 [ 220.764626][ T5820] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 220.770665][ T5820] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 220.776708][ T5820] do_syscall_64+0x41/0xc0 [ 220.781174][ T5820] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.787124][ T5820] RIP: 0033:0x7fd49ce20129 [ 220.791577][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 220.811231][ T5820] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 220.819704][ T5820] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 220.827719][ T5820] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 220.835735][ T5820] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 220.843755][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 220.851764][ T5820] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003d [ 220.859788][ T5820] [ 220.871789][ T5820] memory: usage 8kB, limit 0kB, failcnt 55 [ 220.877797][ T5820] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./55/file0") = 0 [pid 5072] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./55/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./55") = 0 [pid 5072] mkdir("./56", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 58 ./strace-static-x86_64: Process 5824 attached [pid 5824] chdir("./56") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [ 220.884692][ T5820] Memory cgroup stats for /syz1: [ 220.884900][ T5820] anon 0 [ 220.884900][ T5820] file 0 [ 220.884900][ T5820] kernel 8192 [ 220.884900][ T5820] kernel_stack 0 [ 220.884900][ T5820] pagetables 0 [ 220.884900][ T5820] sec_pagetables 0 [ 220.884900][ T5820] percpu 0 [ 220.884900][ T5820] sock 0 [ 220.884900][ T5820] vmalloc 0 [ 220.884900][ T5820] shmem 0 [ 220.884900][ T5820] zswap 0 [ 220.884900][ T5820] zswapped 0 [ 220.884900][ T5820] file_mapped 0 [ 220.884900][ T5820] file_dirty 0 [ 220.884900][ T5820] file_writeback 0 [pid 5824] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5824] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5824] mkdir("./file0", 000) = 0 [pid 5824] open("./file0", O_RDONLY) = 3 [pid 5824] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5824] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5824] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5824] openat(5, "memory.max", O_RDWR) = 6 [ 220.884900][ T5820] swapcached 0 [ 220.884900][ T5820] anon_thp 0 [ 220.884900][ T5820] file_thp 0 [ 220.884900][ T5820] shmem_thp 0 [ 220.884900][ T5820] inactive_anon 0 [ 220.884900][ T5820] active_anon 0 [ 220.884900][ T5820] inactive_file 0 [ 220.884900][ T5820] active_file 0 [ 220.884900][ T5820] unevictable 0 [ 220.884900][ T5820] slab_reclaimable 6752 [ 220.884900][ T5820] slab_unreclaimable 0 [ 220.884900][ T5820] slab 6752 [ 220.884900][ T5820] workingset_refault_anon 0 [pid 5824] write(6, "0x000000000000040e", 18 [pid 5820] <... write resumed>) = 18 [ 220.986685][ T5820] Tasks state (memory values in pages): [ 220.992297][ T5820] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 221.002130][ T5820] Out of memory and no killable processes... [ 221.008591][ T5821] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 221.019276][ T5821] CPU: 0 PID: 5821 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 221.029729][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 221.039848][ T5821] Call Trace: [ 221.043160][ T5821] [ 221.046118][ T5821] dump_stack_lvl+0x1e7/0x2d0 [ 221.050830][ T5821] ? nf_tcp_handle_invalid+0x640/0x640 [ 221.056336][ T5821] ? panic+0x770/0x770 [ 221.060467][ T5821] dump_header+0xdc/0x940 [ 221.064851][ T5821] out_of_memory+0xf21/0x12c0 [ 221.069584][ T5821] ? mutex_lock_io_nested+0x60/0x60 [ 221.074862][ T5821] ? preempt_schedule+0xdd/0xf0 [ 221.079768][ T5821] ? unregister_oom_notifier+0x20/0x20 [ 221.085278][ T5821] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 221.091330][ T5821] mem_cgroup_out_of_memory+0x263/0x3b0 [ 221.096931][ T5821] ? preempt_schedule_thunk+0x1a/0x20 [ 221.102383][ T5821] ? mem_cgroup_oom_trylock+0x210/0x210 [ 221.108014][ T5821] ? cgroup_file_notify+0x127/0x190 [ 221.113282][ T5821] memory_max_write+0x355/0x470 [ 221.118201][ T5821] ? memory_max_show+0xa0/0xa0 [ 221.123018][ T5821] ? read_lock_is_recursive+0x20/0x20 [ 221.128448][ T5821] ? memory_max_show+0xa0/0xa0 [ 221.133265][ T5821] cgroup_file_write+0x2b1/0x780 [pid 5820] close(3) = 0 [pid 5820] close(4) = 0 [pid 5820] close(5) = 0 [pid 5820] close(6) = 0 [pid 5820] close(7) = -1 EBADF (Bad file descriptor) [pid 5820] close(8) = -1 EBADF (Bad file descriptor) [pid 5820] close(9) = -1 EBADF (Bad file descriptor) [pid 5820] close(10) = -1 EBADF (Bad file descriptor) [pid 5820] close(11) = -1 EBADF (Bad file descriptor) [pid 5820] close(12) = -1 EBADF (Bad file descriptor) [pid 5820] close(13) = -1 EBADF (Bad file descriptor) [pid 5820] close(14) = -1 EBADF (Bad file descriptor) [pid 5820] close(15) = -1 EBADF (Bad file descriptor) [ 221.138256][ T5821] ? cgroup_seqfile_stop+0xd0/0xd0 [ 221.143415][ T5821] ? __virt_addr_valid+0x22f/0x2e0 [ 221.148600][ T5821] ? cgroup_seqfile_stop+0xd0/0xd0 [ 221.153756][ T5821] kernfs_fop_write_iter+0x3a6/0x4f0 [ 221.159108][ T5821] vfs_write+0x7b2/0xbb0 [ 221.163425][ T5821] ? file_end_write+0x240/0x240 [ 221.168343][ T5821] ? do_raw_spin_unlock+0x13b/0x8b0 [ 221.173604][ T5821] ? lockdep_hardirqs_on+0x98/0x140 [ 221.178876][ T5821] ? __fdget_pos+0x265/0x2f0 [ 221.183536][ T5821] ksys_write+0x1a0/0x2c0 [pid 5820] close(16) = -1 EBADF (Bad file descriptor) [pid 5820] close(17) = -1 EBADF (Bad file descriptor) [pid 5820] close(18) = -1 EBADF (Bad file descriptor) [pid 5820] close(19) = -1 EBADF (Bad file descriptor) [pid 5820] close(20) = -1 EBADF (Bad file descriptor) [pid 5820] close(21) = -1 EBADF (Bad file descriptor) [pid 5820] close(22) = -1 EBADF (Bad file descriptor) [pid 5820] close(23) = -1 EBADF (Bad file descriptor) [pid 5820] close(24) = -1 EBADF (Bad file descriptor) [pid 5820] close(25) = -1 EBADF (Bad file descriptor) [pid 5820] close(26) = -1 EBADF (Bad file descriptor) [pid 5820] close(27) = -1 EBADF (Bad file descriptor) [pid 5820] close(28) = -1 EBADF (Bad file descriptor) [pid 5820] close(29) = -1 EBADF (Bad file descriptor) [pid 5820] exit_group(0) = ? [pid 5820] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 221.187945][ T5821] ? __ia32_sys_read+0x90/0x90 [ 221.192784][ T5821] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 221.198849][ T5821] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 221.204913][ T5821] do_syscall_64+0x41/0xc0 [ 221.209403][ T5821] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 221.215367][ T5821] RIP: 0033:0x7fd49ce20129 [ 221.219832][ T5821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./61/binderfs") = 0 [pid 5075] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./61/cgroup") = 0 [pid 5075] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./61/cgroup.net") = 0 [ 221.239492][ T5821] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.247976][ T5821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 221.256004][ T5821] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 221.264032][ T5821] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 221.272143][ T5821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 221.280163][ T5821] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000037 [pid 5075] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./61/file0") = 0 [pid 5075] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./61/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./61") = 0 [pid 5075] mkdir("./62", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 64 [ 221.288202][ T5821] [ 221.309273][ T5821] memory: usage 8kB, limit 0kB, failcnt 55 [ 221.315155][ T5821] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 221.322480][ T5821] Memory cgroup stats for /syz1: [ 221.322693][ T5821] anon 0 [ 221.322693][ T5821] file 0 [ 221.322693][ T5821] kernel 8192 [ 221.322693][ T5821] kernel_stack 0 ./strace-static-x86_64: Process 5825 attached [pid 5825] chdir("./62") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5825] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5825] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [ 221.322693][ T5821] pagetables 0 [ 221.322693][ T5821] sec_pagetables 0 [ 221.322693][ T5821] percpu 0 [ 221.322693][ T5821] sock 0 [ 221.322693][ T5821] vmalloc 0 [ 221.322693][ T5821] shmem 0 [ 221.322693][ T5821] zswap 0 [ 221.322693][ T5821] zswapped 0 [ 221.322693][ T5821] file_mapped 0 [ 221.322693][ T5821] file_dirty 0 [ 221.322693][ T5821] file_writeback 0 [ 221.322693][ T5821] swapcached 0 [ 221.322693][ T5821] anon_thp 0 [ 221.322693][ T5821] file_thp 0 [ 221.322693][ T5821] shmem_thp 0 [ 221.322693][ T5821] inactive_anon 0 [pid 5825] mkdir("./file0", 000) = 0 [pid 5825] open("./file0", O_RDONLY) = 3 [pid 5825] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5825] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5825] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5825] openat(5, "memory.max", O_RDWR) = 6 [ 221.322693][ T5821] active_anon 0 [ 221.322693][ T5821] inactive_file 0 [ 221.322693][ T5821] active_file 0 [ 221.322693][ T5821] unevictable 0 [ 221.322693][ T5821] slab_reclaimable 6752 [ 221.322693][ T5821] slab_unreclaimable 0 [ 221.322693][ T5821] slab 6752 [ 221.322693][ T5821] workingset_refault_anon 0 [ 221.423479][ T5821] Tasks state (memory values in pages): [ 221.429240][ T5821] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5825] write(6, "0x000000000000040e", 18 [pid 5821] <... write resumed>) = 18 [pid 5821] close(3) = 0 [pid 5821] close(4) = 0 [pid 5821] close(5) = 0 [pid 5821] close(6) = 0 [pid 5821] close(7) = -1 EBADF (Bad file descriptor) [pid 5821] close(8) = -1 EBADF (Bad file descriptor) [pid 5821] close(9) = -1 EBADF (Bad file descriptor) [pid 5821] close(10) = -1 EBADF (Bad file descriptor) [pid 5821] close(11) = -1 EBADF (Bad file descriptor) [pid 5821] close(12) = -1 EBADF (Bad file descriptor) [pid 5821] close(13) = -1 EBADF (Bad file descriptor) [pid 5821] close(14) = -1 EBADF (Bad file descriptor) [pid 5821] close(15) = -1 EBADF (Bad file descriptor) [pid 5821] close(16) = -1 EBADF (Bad file descriptor) [pid 5821] close(17) = -1 EBADF (Bad file descriptor) [pid 5821] close(18) = -1 EBADF (Bad file descriptor) [pid 5821] close(19) = -1 EBADF (Bad file descriptor) [pid 5821] close(20) = -1 EBADF (Bad file descriptor) [pid 5821] close(21) = -1 EBADF (Bad file descriptor) [pid 5821] close(22) = -1 EBADF (Bad file descriptor) [pid 5821] close(23) = -1 EBADF (Bad file descriptor) [pid 5821] close(24) = -1 EBADF (Bad file descriptor) [pid 5821] close(25) = -1 EBADF (Bad file descriptor) [pid 5821] close(26) = -1 EBADF (Bad file descriptor) [pid 5821] close(27) = -1 EBADF (Bad file descriptor) [pid 5821] close(28) = -1 EBADF (Bad file descriptor) [pid 5821] close(29) = -1 EBADF (Bad file descriptor) [pid 5821] exit_group(0) = ? [pid 5821] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 221.439055][ T5821] Out of memory and no killable processes... [ 221.445190][ T5822] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 221.456064][ T5822] CPU: 1 PID: 5822 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 221.466543][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 221.476644][ T5822] Call Trace: [ 221.479963][ T5822] [ 221.482934][ T5822] dump_stack_lvl+0x1e7/0x2d0 [pid 5070] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./55/binderfs") = 0 [pid 5070] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 221.487666][ T5822] ? nf_tcp_handle_invalid+0x640/0x640 [ 221.493194][ T5822] ? panic+0x770/0x770 [ 221.497335][ T5822] dump_header+0xdc/0x940 [ 221.501726][ T5822] out_of_memory+0xf21/0x12c0 [ 221.506469][ T5822] ? mutex_lock_io_nested+0x60/0x60 [ 221.511737][ T5822] ? preempt_schedule+0xdd/0xf0 [ 221.516669][ T5822] ? unregister_oom_notifier+0x20/0x20 [ 221.522183][ T5822] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 221.528214][ T5822] mem_cgroup_out_of_memory+0x263/0x3b0 [ 221.533789][ T5822] ? preempt_schedule_thunk+0x1a/0x20 [ 221.539218][ T5822] ? mem_cgroup_oom_trylock+0x210/0x210 [ 221.544838][ T5822] ? cgroup_file_notify+0x127/0x190 [ 221.550081][ T5822] memory_max_write+0x355/0x470 [ 221.554954][ T5822] ? memory_max_show+0xa0/0xa0 [ 221.559753][ T5822] ? read_lock_is_recursive+0x20/0x20 [ 221.565163][ T5822] ? memory_max_show+0xa0/0xa0 [ 221.569938][ T5822] cgroup_file_write+0x2b1/0x780 [ 221.574894][ T5822] ? cgroup_seqfile_stop+0xd0/0xd0 [ 221.580018][ T5822] ? __virt_addr_valid+0x22f/0x2e0 [ 221.585154][ T5822] ? cgroup_seqfile_stop+0xd0/0xd0 [ 221.590280][ T5822] kernfs_fop_write_iter+0x3a6/0x4f0 [ 221.595617][ T5822] vfs_write+0x7b2/0xbb0 [ 221.599913][ T5822] ? file_end_write+0x240/0x240 [ 221.604798][ T5822] ? do_raw_spin_unlock+0x13b/0x8b0 [ 221.610038][ T5822] ? lockdep_hardirqs_on+0x98/0x140 [ 221.615288][ T5822] ? __fdget_pos+0x265/0x2f0 [ 221.619939][ T5822] ksys_write+0x1a0/0x2c0 [ 221.624309][ T5822] ? __ia32_sys_read+0x90/0x90 [ 221.629104][ T5822] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 221.635117][ T5822] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 221.641148][ T5822] do_syscall_64+0x41/0xc0 [ 221.645597][ T5822] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 221.651546][ T5822] RIP: 0033:0x7fd49ce20129 [ 221.656006][ T5822] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 221.675645][ T5822] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.684089][ T5822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5070] unlink("./55/cgroup") = 0 [pid 5070] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./55/cgroup.net") = 0 [pid 5070] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 221.692087][ T5822] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 221.700115][ T5822] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 221.708141][ T5822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 221.716138][ T5822] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003f [ 221.724179][ T5822] [ 221.734264][ T5822] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5070] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./55/file0") = 0 [pid 5070] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./55/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./55") = 0 [pid 5070] mkdir("./56", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 58 ./strace-static-x86_64: Process 5826 attached [pid 5826] chdir("./56") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 221.742651][ T5822] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 221.750682][ T5822] Memory cgroup stats for /syz1: [ 221.750862][ T5822] anon 0 [ 221.750862][ T5822] file 0 [ 221.750862][ T5822] kernel 8192 [ 221.750862][ T5822] kernel_stack 0 [ 221.750862][ T5822] pagetables 0 [ 221.750862][ T5822] sec_pagetables 0 [ 221.750862][ T5822] percpu 0 [ 221.750862][ T5822] sock 0 [ 221.750862][ T5822] vmalloc 0 [ 221.750862][ T5822] shmem 0 [ 221.750862][ T5822] zswap 0 [ 221.750862][ T5822] zswapped 0 [ 221.750862][ T5822] file_mapped 0 [ 221.750862][ T5822] file_dirty 0 [ 221.750862][ T5822] file_writeback 0 [ 221.750862][ T5822] swapcached 0 [ 221.750862][ T5822] anon_thp 0 [ 221.750862][ T5822] file_thp 0 [ 221.750862][ T5822] shmem_thp 0 [ 221.750862][ T5822] inactive_anon 0 [ 221.750862][ T5822] active_anon 0 [ 221.750862][ T5822] inactive_file 0 [ 221.750862][ T5822] active_file 0 [ 221.750862][ T5822] unevictable 0 [ 221.750862][ T5822] slab_reclaimable 6752 [ 221.750862][ T5822] slab_unreclaimable 0 [ 221.750862][ T5822] slab 6752 [pid 5826] setpgid(0, 0) = 0 [pid 5826] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5826] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5826] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] mkdir("./file0", 000) = 0 [pid 5826] open("./file0", O_RDONLY) = 3 [pid 5826] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5826] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5826] openat(5, "memory.max", O_RDWR) = 6 [pid 5826] write(6, "0x000000000000040e", 18 [pid 5822] <... write resumed>) = 18 [pid 5822] close(3) = 0 [pid 5822] close(4) = 0 [pid 5822] close(5) = 0 [pid 5822] close(6) = 0 [pid 5822] close(7) = -1 EBADF (Bad file descriptor) [pid 5822] close(8) = -1 EBADF (Bad file descriptor) [pid 5822] close(9) = -1 EBADF (Bad file descriptor) [pid 5822] close(10) = -1 EBADF (Bad file descriptor) [pid 5822] close(11) = -1 EBADF (Bad file descriptor) [pid 5822] close(12) = -1 EBADF (Bad file descriptor) [pid 5822] close(13) = -1 EBADF (Bad file descriptor) [pid 5822] close(14) = -1 EBADF (Bad file descriptor) [pid 5822] close(15) = -1 EBADF (Bad file descriptor) [pid 5822] close(16) = -1 EBADF (Bad file descriptor) [pid 5822] close(17) = -1 EBADF (Bad file descriptor) [pid 5822] close(18) = -1 EBADF (Bad file descriptor) [pid 5822] close(19) = -1 EBADF (Bad file descriptor) [pid 5822] close(20) = -1 EBADF (Bad file descriptor) [pid 5822] close(21) = -1 EBADF (Bad file descriptor) [pid 5822] close(22) = -1 EBADF (Bad file descriptor) [pid 5822] close(23) = -1 EBADF (Bad file descriptor) [ 221.750862][ T5822] workingset_refault_anon 0 [ 221.850706][ T5822] Tasks state (memory values in pages): [ 221.857497][ T5822] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 221.869237][ T5822] Out of memory and no killable processes... [ 221.876188][ T5823] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5822] close(24) = -1 EBADF (Bad file descriptor) [pid 5822] close(25) = -1 EBADF (Bad file descriptor) [pid 5822] close(26) = -1 EBADF (Bad file descriptor) [pid 5822] close(27) = -1 EBADF (Bad file descriptor) [pid 5822] close(28) = -1 EBADF (Bad file descriptor) [pid 5822] close(29) = -1 EBADF (Bad file descriptor) [pid 5822] exit_group(0) = ? [pid 5822] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5074] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./63/binderfs") = 0 [pid 5074] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./63/cgroup") = 0 [pid 5074] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./63/cgroup.net") = 0 [ 221.887517][ T5823] CPU: 0 PID: 5823 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 221.897991][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 221.908116][ T5823] Call Trace: [ 221.911439][ T5823] [ 221.914406][ T5823] dump_stack_lvl+0x1e7/0x2d0 [ 221.919152][ T5823] ? nf_tcp_handle_invalid+0x640/0x640 [ 221.924659][ T5823] ? panic+0x770/0x770 [ 221.928791][ T5823] dump_header+0xdc/0x940 [ 221.933193][ T5823] out_of_memory+0xf21/0x12c0 [ 221.937926][ T5823] ? mutex_lock_io_nested+0x60/0x60 [ 221.943184][ T5823] ? preempt_schedule+0xdd/0xf0 [ 221.948080][ T5823] ? unregister_oom_notifier+0x20/0x20 [ 221.953585][ T5823] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 221.959630][ T5823] mem_cgroup_out_of_memory+0x263/0x3b0 [ 221.965250][ T5823] ? preempt_schedule_thunk+0x1a/0x20 [ 221.970672][ T5823] ? mem_cgroup_oom_trylock+0x210/0x210 [ 221.976279][ T5823] ? cgroup_file_notify+0x127/0x190 [ 221.981536][ T5823] memory_max_write+0x355/0x470 [ 221.986427][ T5823] ? memory_max_show+0xa0/0xa0 [ 221.991221][ T5823] ? read_lock_is_recursive+0x20/0x20 [ 221.996617][ T5823] ? memory_max_show+0xa0/0xa0 [ 222.001398][ T5823] cgroup_file_write+0x2b1/0x780 [ 222.006388][ T5823] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.011515][ T5823] ? __virt_addr_valid+0x22f/0x2e0 [ 222.016660][ T5823] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.021780][ T5823] kernfs_fop_write_iter+0x3a6/0x4f0 [ 222.027087][ T5823] vfs_write+0x7b2/0xbb0 [ 222.031373][ T5823] ? file_end_write+0x240/0x240 [ 222.036251][ T5823] ? do_raw_spin_unlock+0x13b/0x8b0 [ 222.041484][ T5823] ? lockdep_hardirqs_on+0x98/0x140 [ 222.046711][ T5823] ? __fdget_pos+0x265/0x2f0 [ 222.051342][ T5823] ksys_write+0x1a0/0x2c0 [ 222.055695][ T5823] ? __ia32_sys_read+0x90/0x90 [ 222.060477][ T5823] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 222.066485][ T5823] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 222.072501][ T5823] do_syscall_64+0x41/0xc0 [ 222.076937][ T5823] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 222.082853][ T5823] RIP: 0033:0x7fd49ce20129 [ 222.087281][ T5823] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 222.106905][ T5823] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.115352][ T5823] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 222.123334][ T5823] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 222.131317][ T5823] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5074] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./63/file0") = 0 [pid 5074] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./63/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 222.139301][ T5823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 222.147281][ T5823] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003b [ 222.155281][ T5823] [ 222.161694][ T5823] memory: usage 8kB, limit 0kB, failcnt 55 [ 222.168404][ T5823] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 222.175410][ T5823] Memory cgroup stats for /syz1: [ 222.175622][ T5823] anon 0 [ 222.175622][ T5823] file 0 [ 222.175622][ T5823] kernel 8192 [ 222.175622][ T5823] kernel_stack 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./63") = 0 [pid 5074] mkdir("./64", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached [pid 5827] chdir("./64" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 66 [pid 5827] <... chdir resumed>) = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 222.175622][ T5823] pagetables 0 [ 222.175622][ T5823] sec_pagetables 0 [ 222.175622][ T5823] percpu 0 [ 222.175622][ T5823] sock 0 [ 222.175622][ T5823] vmalloc 0 [ 222.175622][ T5823] shmem 0 [ 222.175622][ T5823] zswap 0 [ 222.175622][ T5823] zswapped 0 [ 222.175622][ T5823] file_mapped 0 [ 222.175622][ T5823] file_dirty 0 [ 222.175622][ T5823] file_writeback 0 [ 222.175622][ T5823] swapcached 0 [ 222.175622][ T5823] anon_thp 0 [ 222.175622][ T5823] file_thp 0 [ 222.175622][ T5823] shmem_thp 0 [ 222.175622][ T5823] inactive_anon 0 [pid 5827] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5827] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 [pid 5827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5827] mkdir("./file0", 000) = 0 [pid 5827] open("./file0", O_RDONLY) = 3 [pid 5827] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5827] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5827] openat(5, "memory.max", O_RDWR) = 6 [ 222.175622][ T5823] active_anon 0 [ 222.175622][ T5823] inactive_file 0 [ 222.175622][ T5823] active_file 0 [ 222.175622][ T5823] unevictable 0 [ 222.175622][ T5823] slab_reclaimable 6752 [ 222.175622][ T5823] slab_unreclaimable 0 [ 222.175622][ T5823] slab 6752 [ 222.175622][ T5823] workingset_refault_anon 0 [ 222.274766][ T5823] Tasks state (memory values in pages): [ 222.285254][ T5823] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5827] write(6, "0x000000000000040e", 18 [pid 5823] <... write resumed>) = 18 [pid 5823] close(3) = 0 [pid 5823] close(4) = 0 [pid 5823] close(5) = 0 [pid 5823] close(6) = 0 [pid 5823] close(7) = -1 EBADF (Bad file descriptor) [pid 5823] close(8) = -1 EBADF (Bad file descriptor) [pid 5823] close(9) = -1 EBADF (Bad file descriptor) [pid 5823] close(10) = -1 EBADF (Bad file descriptor) [pid 5823] close(11) = -1 EBADF (Bad file descriptor) [ 222.294846][ T5823] Out of memory and no killable processes... [ 222.301212][ T5824] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 222.312751][ T5824] CPU: 0 PID: 5824 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 222.323224][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 222.333315][ T5824] Call Trace: [ 222.336632][ T5824] [ 222.339605][ T5824] dump_stack_lvl+0x1e7/0x2d0 [pid 5823] close(12) = -1 EBADF (Bad file descriptor) [pid 5823] close(13) = -1 EBADF (Bad file descriptor) [pid 5823] close(14) = -1 EBADF (Bad file descriptor) [pid 5823] close(15) = -1 EBADF (Bad file descriptor) [pid 5823] close(16) = -1 EBADF (Bad file descriptor) [pid 5823] close(17) = -1 EBADF (Bad file descriptor) [pid 5823] close(18) = -1 EBADF (Bad file descriptor) [pid 5823] close(19) = -1 EBADF (Bad file descriptor) [pid 5823] close(20) = -1 EBADF (Bad file descriptor) [pid 5823] close(21) = -1 EBADF (Bad file descriptor) [pid 5823] close(22) = -1 EBADF (Bad file descriptor) [pid 5823] close(23) = -1 EBADF (Bad file descriptor) [pid 5823] close(24) = -1 EBADF (Bad file descriptor) [pid 5823] close(25) = -1 EBADF (Bad file descriptor) [pid 5823] close(26) = -1 EBADF (Bad file descriptor) [pid 5823] close(27) = -1 EBADF (Bad file descriptor) [pid 5823] close(28) = -1 EBADF (Bad file descriptor) [pid 5823] close(29) = -1 EBADF (Bad file descriptor) [pid 5823] exit_group(0) = ? [pid 5823] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./59/binderfs") = 0 [pid 5073] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./59/cgroup") = 0 [pid 5073] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./59/cgroup.net") = 0 [ 222.344338][ T5824] ? nf_tcp_handle_invalid+0x640/0x640 [ 222.349851][ T5824] ? panic+0x770/0x770 [ 222.353992][ T5824] dump_header+0xdc/0x940 [ 222.358386][ T5824] out_of_memory+0xf21/0x12c0 [ 222.363114][ T5824] ? mutex_lock_io_nested+0x60/0x60 [ 222.368372][ T5824] ? preempt_schedule+0xdd/0xf0 [ 222.373287][ T5824] ? unregister_oom_notifier+0x20/0x20 [ 222.378803][ T5824] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 222.384844][ T5824] mem_cgroup_out_of_memory+0x263/0x3b0 [ 222.390438][ T5824] ? preempt_schedule_thunk+0x1a/0x20 [ 222.395848][ T5824] ? mem_cgroup_oom_trylock+0x210/0x210 [ 222.401444][ T5824] ? cgroup_file_notify+0x127/0x190 [ 222.406696][ T5824] memory_max_write+0x355/0x470 [ 222.411607][ T5824] ? memory_max_show+0xa0/0xa0 [ 222.416423][ T5824] ? read_lock_is_recursive+0x20/0x20 [ 222.421847][ T5824] ? memory_max_show+0xa0/0xa0 [ 222.426658][ T5824] cgroup_file_write+0x2b1/0x780 [ 222.431649][ T5824] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.436801][ T5824] ? __virt_addr_valid+0x22f/0x2e0 [ 222.441980][ T5824] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.447131][ T5824] kernfs_fop_write_iter+0x3a6/0x4f0 [ 222.452472][ T5824] vfs_write+0x7b2/0xbb0 [ 222.456773][ T5824] ? file_end_write+0x240/0x240 [ 222.461680][ T5824] ? do_raw_spin_unlock+0x13b/0x8b0 [ 222.466928][ T5824] ? lockdep_hardirqs_on+0x98/0x140 [ 222.472185][ T5824] ? __fdget_pos+0x265/0x2f0 [ 222.476826][ T5824] ksys_write+0x1a0/0x2c0 [ 222.481207][ T5824] ? __ia32_sys_read+0x90/0x90 [ 222.486024][ T5824] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 222.492064][ T5824] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 222.498124][ T5824] do_syscall_64+0x41/0xc0 [ 222.502610][ T5824] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 222.508562][ T5824] RIP: 0033:0x7fd49ce20129 [ 222.513044][ T5824] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 222.532700][ T5824] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 222.541164][ T5824] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 222.549178][ T5824] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 222.557208][ T5824] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 222.565223][ T5824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 222.573230][ T5824] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000038 [ 222.581267][ T5824] [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./59/file0") = 0 [pid 5073] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./59/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./59") = 0 [pid 5073] mkdir("./60", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 62 [ 222.601489][ T5824] memory: usage 8kB, limit 0kB, failcnt 55 [ 222.609046][ T5824] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 222.615942][ T5824] Memory cgroup stats for /syz1: [ 222.616136][ T5824] anon 0 [ 222.616136][ T5824] file 0 [ 222.616136][ T5824] kernel 8192 [ 222.616136][ T5824] kernel_stack 0 [ 222.616136][ T5824] pagetables 0 [ 222.616136][ T5824] sec_pagetables 0 [ 222.616136][ T5824] percpu 0 [ 222.616136][ T5824] sock 0 [ 222.616136][ T5824] vmalloc 0 [ 222.616136][ T5824] shmem 0 ./strace-static-x86_64: Process 5828 attached [pid 5828] chdir("./60") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5828] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5828] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] mkdir("./file0", 000) = 0 [pid 5828] open("./file0", O_RDONLY) = 3 [ 222.616136][ T5824] zswap 0 [ 222.616136][ T5824] zswapped 0 [ 222.616136][ T5824] file_mapped 0 [ 222.616136][ T5824] file_dirty 0 [ 222.616136][ T5824] file_writeback 0 [ 222.616136][ T5824] swapcached 0 [ 222.616136][ T5824] anon_thp 0 [ 222.616136][ T5824] file_thp 0 [ 222.616136][ T5824] shmem_thp 0 [ 222.616136][ T5824] inactive_anon 0 [ 222.616136][ T5824] active_anon 0 [ 222.616136][ T5824] inactive_file 0 [ 222.616136][ T5824] active_file 0 [ 222.616136][ T5824] unevictable 0 [ 222.616136][ T5824] slab_reclaimable 6752 [pid 5828] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5828] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5828] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5828] openat(5, "memory.max", O_RDWR) = 6 [pid 5828] write(6, "0x000000000000040e", 18 [pid 5824] <... write resumed>) = 18 [ 222.616136][ T5824] slab_unreclaimable 0 [ 222.616136][ T5824] slab 6752 [ 222.616136][ T5824] workingset_refault_anon 0 [ 222.722586][ T5824] Tasks state (memory values in pages): [ 222.728331][ T5824] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 222.744883][ T5824] Out of memory and no killable processes... [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] close(5) = 0 [pid 5824] close(6) = 0 [pid 5824] close(7) = -1 EBADF (Bad file descriptor) [pid 5824] close(8) = -1 EBADF (Bad file descriptor) [pid 5824] close(9) = -1 EBADF (Bad file descriptor) [pid 5824] close(10) = -1 EBADF (Bad file descriptor) [pid 5824] close(11) = -1 EBADF (Bad file descriptor) [pid 5824] close(12) = -1 EBADF (Bad file descriptor) [pid 5824] close(13) = -1 EBADF (Bad file descriptor) [pid 5824] close(14) = -1 EBADF (Bad file descriptor) [pid 5824] close(15) = -1 EBADF (Bad file descriptor) [pid 5824] close(16) = -1 EBADF (Bad file descriptor) [pid 5824] close(17) = -1 EBADF (Bad file descriptor) [pid 5824] close(18) = -1 EBADF (Bad file descriptor) [pid 5824] close(19) = -1 EBADF (Bad file descriptor) [pid 5824] close(20) = -1 EBADF (Bad file descriptor) [pid 5824] close(21) = -1 EBADF (Bad file descriptor) [pid 5824] close(22) = -1 EBADF (Bad file descriptor) [pid 5824] close(23) = -1 EBADF (Bad file descriptor) [pid 5824] close(24) = -1 EBADF (Bad file descriptor) [pid 5824] close(25) = -1 EBADF (Bad file descriptor) [pid 5824] close(26) = -1 EBADF (Bad file descriptor) [pid 5824] close(27) = -1 EBADF (Bad file descriptor) [pid 5824] close(28) = -1 EBADF (Bad file descriptor) [pid 5824] close(29) = -1 EBADF (Bad file descriptor) [pid 5824] exit_group(0) = ? [ 222.751534][ T5825] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 222.770075][ T5825] CPU: 0 PID: 5825 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 222.780550][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 222.790653][ T5825] Call Trace: [ 222.793988][ T5825] [ 222.796959][ T5825] dump_stack_lvl+0x1e7/0x2d0 [pid 5824] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./56/binderfs") = 0 [pid 5072] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./56/cgroup") = 0 [pid 5072] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./56/cgroup.net") = 0 [ 222.801697][ T5825] ? nf_tcp_handle_invalid+0x640/0x640 [ 222.807211][ T5825] ? panic+0x770/0x770 [ 222.811366][ T5825] dump_header+0xdc/0x940 [ 222.815756][ T5825] out_of_memory+0xf21/0x12c0 [ 222.820488][ T5825] ? mutex_lock_io_nested+0x60/0x60 [ 222.825745][ T5825] ? mark_lock+0x9a/0x340 [ 222.830125][ T5825] ? unregister_oom_notifier+0x20/0x20 [ 222.835644][ T5825] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 222.841722][ T5825] mem_cgroup_out_of_memory+0x263/0x3b0 [ 222.847334][ T5825] ? mem_cgroup_oom_trylock+0x210/0x210 [ 222.852935][ T5825] ? cgroup_file_notify+0x127/0x190 [ 222.858171][ T5825] memory_max_write+0x355/0x470 [ 222.863073][ T5825] ? memory_max_show+0xa0/0xa0 [ 222.867881][ T5825] ? read_lock_is_recursive+0x20/0x20 [ 222.873310][ T5825] ? memory_max_show+0xa0/0xa0 [ 222.878118][ T5825] cgroup_file_write+0x2b1/0x780 [ 222.883118][ T5825] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.888254][ T5825] ? __virt_addr_valid+0x22f/0x2e0 [ 222.893433][ T5825] ? cgroup_seqfile_stop+0xd0/0xd0 [ 222.898585][ T5825] kernfs_fop_write_iter+0x3a6/0x4f0 [ 222.903934][ T5825] vfs_write+0x7b2/0xbb0 [ 222.908247][ T5825] ? file_end_write+0x240/0x240 [ 222.913159][ T5825] ? do_raw_spin_unlock+0x13b/0x8b0 [ 222.918395][ T5825] ? lockdep_hardirqs_on+0x98/0x140 [ 222.923626][ T5825] ? __fdget_pos+0x265/0x2f0 [ 222.928273][ T5825] ksys_write+0x1a0/0x2c0 [ 222.932657][ T5825] ? __ia32_sys_read+0x90/0x90 [ 222.937489][ T5825] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 222.943512][ T5825] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 222.949526][ T5825] do_syscall_64+0x41/0xc0 [ 222.953985][ T5825] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 222.959936][ T5825] RIP: 0033:0x7fd49ce20129 [ 222.964407][ T5825] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 222.984065][ T5825] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 222.992528][ T5825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 223.000532][ T5825] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 223.008512][ T5825] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 223.016505][ T5825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 223.024520][ T5825] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003e [ 223.032562][ T5825] [ 223.038848][ T5825] memory: usage 8kB, limit 0kB, failcnt 55 [ 223.044711][ T5825] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./56/file0") = 0 [pid 5072] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./56/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./56") = 0 [pid 5072] mkdir("./57", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 59 [ 223.051674][ T5825] Memory cgroup stats for /syz1: [ 223.051914][ T5825] anon 0 [ 223.051914][ T5825] file 0 [ 223.051914][ T5825] kernel 8192 [ 223.051914][ T5825] kernel_stack 0 [ 223.051914][ T5825] pagetables 0 [ 223.051914][ T5825] sec_pagetables 0 [ 223.051914][ T5825] percpu 0 [ 223.051914][ T5825] sock 0 [ 223.051914][ T5825] vmalloc 0 [ 223.051914][ T5825] shmem 0 [ 223.051914][ T5825] zswap 0 [ 223.051914][ T5825] zswapped 0 [ 223.051914][ T5825] file_mapped 0 [ 223.051914][ T5825] file_dirty 0 [ 223.051914][ T5825] file_writeback 0 ./strace-static-x86_64: Process 5829 attached [pid 5829] chdir("./57") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5829] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5829] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [ 223.051914][ T5825] swapcached 0 [ 223.051914][ T5825] anon_thp 0 [ 223.051914][ T5825] file_thp 0 [ 223.051914][ T5825] shmem_thp 0 [ 223.051914][ T5825] inactive_anon 0 [ 223.051914][ T5825] active_anon 0 [ 223.051914][ T5825] inactive_file 0 [ 223.051914][ T5825] active_file 0 [ 223.051914][ T5825] unevictable 0 [ 223.051914][ T5825] slab_reclaimable 6752 [ 223.051914][ T5825] slab_unreclaimable 0 [ 223.051914][ T5825] slab 6752 [ 223.051914][ T5825] workingset_refault_anon 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] mkdir("./file0", 000) = 0 [pid 5829] open("./file0", O_RDONLY) = 3 [pid 5829] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5829] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5829] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5829] openat(5, "memory.max", O_RDWR) = 6 [pid 5829] write(6, "0x000000000000040e", 18 [pid 5825] <... write resumed>) = 18 [pid 5825] close(3) = 0 [pid 5825] close(4) = 0 [pid 5825] close(5) = 0 [pid 5825] close(6) = 0 [pid 5825] close(7) = -1 EBADF (Bad file descriptor) [ 223.149962][ T5825] Tasks state (memory values in pages): [ 223.155556][ T5825] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 223.175156][ T5825] Out of memory and no killable processes... [ 223.181641][ T5826] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5825] close(8) = -1 EBADF (Bad file descriptor) [pid 5825] close(9) = -1 EBADF (Bad file descriptor) [pid 5825] close(10) = -1 EBADF (Bad file descriptor) [pid 5825] close(11) = -1 EBADF (Bad file descriptor) [pid 5825] close(12) = -1 EBADF (Bad file descriptor) [pid 5825] close(13) = -1 EBADF (Bad file descriptor) [pid 5825] close(14) = -1 EBADF (Bad file descriptor) [pid 5825] close(15) = -1 EBADF (Bad file descriptor) [pid 5825] close(16) = -1 EBADF (Bad file descriptor) [pid 5825] close(17) = -1 EBADF (Bad file descriptor) [pid 5825] close(18) = -1 EBADF (Bad file descriptor) [pid 5825] close(19) = -1 EBADF (Bad file descriptor) [pid 5825] close(20) = -1 EBADF (Bad file descriptor) [pid 5825] close(21) = -1 EBADF (Bad file descriptor) [pid 5825] close(22) = -1 EBADF (Bad file descriptor) [pid 5825] close(23) = -1 EBADF (Bad file descriptor) [pid 5825] close(24) = -1 EBADF (Bad file descriptor) [pid 5825] close(25) = -1 EBADF (Bad file descriptor) [pid 5825] close(26) = -1 EBADF (Bad file descriptor) [pid 5825] close(27) = -1 EBADF (Bad file descriptor) [pid 5825] close(28) = -1 EBADF (Bad file descriptor) [pid 5825] close(29) = -1 EBADF (Bad file descriptor) [pid 5825] exit_group(0) = ? [pid 5825] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 223.199553][ T5826] CPU: 0 PID: 5826 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 223.210042][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 223.220146][ T5826] Call Trace: [ 223.223467][ T5826] [ 223.226438][ T5826] dump_stack_lvl+0x1e7/0x2d0 [ 223.231176][ T5826] ? nf_tcp_handle_invalid+0x640/0x640 [ 223.236691][ T5826] ? panic+0x770/0x770 [ 223.240828][ T5826] dump_header+0xdc/0x940 [ 223.245222][ T5826] out_of_memory+0xf21/0x12c0 [pid 5075] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./62/binderfs") = 0 [pid 5075] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./62/cgroup") = 0 [pid 5075] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./62/cgroup.net") = 0 [ 223.249958][ T5826] ? mutex_lock_io_nested+0x60/0x60 [ 223.255218][ T5826] ? mark_lock+0x9a/0x340 [ 223.259587][ T5826] ? unregister_oom_notifier+0x20/0x20 [ 223.265099][ T5826] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 223.271146][ T5826] mem_cgroup_out_of_memory+0x263/0x3b0 [ 223.276758][ T5826] ? mem_cgroup_oom_trylock+0x210/0x210 [ 223.282378][ T5826] ? cgroup_file_notify+0x127/0x190 [ 223.287658][ T5826] memory_max_write+0x355/0x470 [ 223.292572][ T5826] ? memory_max_show+0xa0/0xa0 [ 223.297386][ T5826] ? read_lock_is_recursive+0x20/0x20 [ 223.302813][ T5826] ? memory_max_show+0xa0/0xa0 [ 223.307622][ T5826] cgroup_file_write+0x2b1/0x780 [ 223.312616][ T5826] ? cgroup_seqfile_stop+0xd0/0xd0 [ 223.317780][ T5826] ? __virt_addr_valid+0x22f/0x2e0 [ 223.322966][ T5826] ? cgroup_seqfile_stop+0xd0/0xd0 [ 223.328103][ T5826] kernfs_fop_write_iter+0x3a6/0x4f0 [ 223.333408][ T5826] vfs_write+0x7b2/0xbb0 [ 223.337690][ T5826] ? file_end_write+0x240/0x240 [ 223.342596][ T5826] ? do_raw_spin_unlock+0x13b/0x8b0 [ 223.347841][ T5826] ? lockdep_hardirqs_on+0x98/0x140 [ 223.353069][ T5826] ? __fdget_pos+0x265/0x2f0 [ 223.357683][ T5826] ksys_write+0x1a0/0x2c0 [ 223.362062][ T5826] ? __ia32_sys_read+0x90/0x90 [ 223.366878][ T5826] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 223.372904][ T5826] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 223.378927][ T5826] do_syscall_64+0x41/0xc0 [ 223.383398][ T5826] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 223.389366][ T5826] RIP: 0033:0x7fd49ce20129 [ 223.393819][ T5826] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 223.413576][ T5826] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 223.422028][ T5826] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 223.430024][ T5826] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 223.438031][ T5826] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 223.446025][ T5826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./62/file0") = 0 [pid 5075] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./62/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./62") = 0 [pid 5075] mkdir("./63", 0777) = 0 [ 223.454003][ T5826] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000038 [ 223.462039][ T5826] [ 223.478835][ T5826] memory: usage 8kB, limit 0kB, failcnt 55 [ 223.484703][ T5826] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 223.499065][ T5826] Memory cgroup stats for /syz1: [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 65 ./strace-static-x86_64: Process 5830 attached [pid 5830] chdir("./63") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5830] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5830] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] mkdir("./file0", 000) = 0 [pid 5830] open("./file0", O_RDONLY) = 3 [pid 5830] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5830] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5830] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5830] openat(5, "memory.max", O_RDWR) = 6 [ 223.499267][ T5826] anon 0 [ 223.499267][ T5826] file 0 [ 223.499267][ T5826] kernel 8192 [ 223.499267][ T5826] kernel_stack 0 [ 223.499267][ T5826] pagetables 0 [ 223.499267][ T5826] sec_pagetables 0 [ 223.499267][ T5826] percpu 0 [ 223.499267][ T5826] sock 0 [ 223.499267][ T5826] vmalloc 0 [ 223.499267][ T5826] shmem 0 [ 223.499267][ T5826] zswap 0 [ 223.499267][ T5826] zswapped 0 [ 223.499267][ T5826] file_mapped 0 [ 223.499267][ T5826] file_dirty 0 [ 223.499267][ T5826] file_writeback 0 [ 223.499267][ T5826] swapcached 0 [ 223.499267][ T5826] anon_thp 0 [ 223.499267][ T5826] file_thp 0 [ 223.499267][ T5826] shmem_thp 0 [ 223.499267][ T5826] inactive_anon 0 [ 223.499267][ T5826] active_anon 0 [ 223.499267][ T5826] inactive_file 0 [ 223.499267][ T5826] active_file 0 [ 223.499267][ T5826] unevictable 0 [ 223.499267][ T5826] slab_reclaimable 6752 [ 223.499267][ T5826] slab_unreclaimable 0 [ 223.499267][ T5826] slab 6752 [ 223.499267][ T5826] workingset_refault_anon 0 [ 223.596392][ T5826] Tasks state (memory values in pages): [pid 5830] write(6, "0x000000000000040e", 18 [pid 5826] <... write resumed>) = 18 [pid 5826] close(3) = 0 [pid 5826] close(4) = 0 [pid 5826] close(5) = 0 [pid 5826] close(6) = 0 [pid 5826] close(7) = -1 EBADF (Bad file descriptor) [pid 5826] close(8) = -1 EBADF (Bad file descriptor) [pid 5826] close(9) = -1 EBADF (Bad file descriptor) [pid 5826] close(10) = -1 EBADF (Bad file descriptor) [pid 5826] close(11) = -1 EBADF (Bad file descriptor) [pid 5826] close(12) = -1 EBADF (Bad file descriptor) [pid 5826] close(13) = -1 EBADF (Bad file descriptor) [pid 5826] close(14) = -1 EBADF (Bad file descriptor) [pid 5826] close(15) = -1 EBADF (Bad file descriptor) [pid 5826] close(16) = -1 EBADF (Bad file descriptor) [pid 5826] close(17) = -1 EBADF (Bad file descriptor) [pid 5826] close(18) = -1 EBADF (Bad file descriptor) [pid 5826] close(19) = -1 EBADF (Bad file descriptor) [pid 5826] close(20) = -1 EBADF (Bad file descriptor) [pid 5826] close(21) = -1 EBADF (Bad file descriptor) [pid 5826] close(22) = -1 EBADF (Bad file descriptor) [pid 5826] close(23) = -1 EBADF (Bad file descriptor) [pid 5826] close(24) = -1 EBADF (Bad file descriptor) [pid 5826] close(25) = -1 EBADF (Bad file descriptor) [pid 5826] close(26) = -1 EBADF (Bad file descriptor) [pid 5826] close(27) = -1 EBADF (Bad file descriptor) [pid 5826] close(28) = -1 EBADF (Bad file descriptor) [ 223.604451][ T5826] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 223.615122][ T5826] Out of memory and no killable processes... [ 223.621488][ T5827] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 223.640993][ T5827] CPU: 0 PID: 5827 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5826] close(29) = -1 EBADF (Bad file descriptor) [pid 5826] exit_group(0) = ? [pid 5826] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./56/binderfs") = 0 [pid 5070] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./56/cgroup") = 0 [pid 5070] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./56/cgroup.net") = 0 [ 223.651474][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 223.661580][ T5827] Call Trace: [ 223.664901][ T5827] [ 223.667873][ T5827] dump_stack_lvl+0x1e7/0x2d0 [ 223.672614][ T5827] ? nf_tcp_handle_invalid+0x640/0x640 [ 223.678131][ T5827] ? panic+0x770/0x770 [ 223.682289][ T5827] dump_header+0xdc/0x940 [ 223.686678][ T5827] out_of_memory+0xf21/0x12c0 [ 223.691419][ T5827] ? mutex_lock_io_nested+0x60/0x60 [ 223.696681][ T5827] ? preempt_schedule+0xdd/0xf0 [ 223.701585][ T5827] ? unregister_oom_notifier+0x20/0x20 [ 223.707090][ T5827] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 223.713136][ T5827] mem_cgroup_out_of_memory+0x263/0x3b0 [ 223.718745][ T5827] ? preempt_schedule_thunk+0x1a/0x20 [ 223.724146][ T5827] ? mem_cgroup_oom_trylock+0x210/0x210 [ 223.729739][ T5827] ? cgroup_file_notify+0x127/0x190 [ 223.734980][ T5827] memory_max_write+0x355/0x470 [ 223.739876][ T5827] ? memory_max_show+0xa0/0xa0 [ 223.744688][ T5827] ? read_lock_is_recursive+0x20/0x20 [ 223.750108][ T5827] ? memory_max_show+0xa0/0xa0 [ 223.754908][ T5827] cgroup_file_write+0x2b1/0x780 [ 223.759913][ T5827] ? cgroup_seqfile_stop+0xd0/0xd0 [ 223.765073][ T5827] ? __virt_addr_valid+0x22f/0x2e0 [ 223.770257][ T5827] ? cgroup_seqfile_stop+0xd0/0xd0 [ 223.775398][ T5827] kernfs_fop_write_iter+0x3a6/0x4f0 [ 223.780722][ T5827] vfs_write+0x7b2/0xbb0 [ 223.784995][ T5827] ? file_end_write+0x240/0x240 [ 223.789865][ T5827] ? do_raw_spin_unlock+0x13b/0x8b0 [ 223.795090][ T5827] ? lockdep_hardirqs_on+0x98/0x140 [ 223.800337][ T5827] ? __fdget_pos+0x265/0x2f0 [ 223.804958][ T5827] ksys_write+0x1a0/0x2c0 [ 223.809349][ T5827] ? __ia32_sys_read+0x90/0x90 [ 223.814152][ T5827] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 223.820170][ T5827] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 223.826212][ T5827] do_syscall_64+0x41/0xc0 [ 223.830685][ T5827] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 223.836615][ T5827] RIP: 0033:0x7fd49ce20129 [ 223.841061][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 223.860686][ T5827] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 223.869132][ T5827] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 223.877144][ T5827] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 223.885152][ T5827] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 223.893150][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./56/file0") = 0 [pid 5070] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./56/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./56") = 0 [ 223.901133][ T5827] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000040 [ 223.909154][ T5827] [ 223.916623][ T5827] memory: usage 8kB, limit 0kB, failcnt 55 [ 223.922489][ T5827] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 223.938491][ T5827] Memory cgroup stats for /syz1: [ 223.938808][ T5827] anon 0 [ 223.938808][ T5827] file 0 [ 223.938808][ T5827] kernel 8192 [ 223.938808][ T5827] kernel_stack 0 [pid 5070] mkdir("./57", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] chdir("./57" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 59 [pid 5831] <... chdir resumed>) = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5831] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5831] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] mkdir("./file0", 000) = 0 [pid 5831] open("./file0", O_RDONLY) = 3 [pid 5831] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5831] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5831] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5831] openat(5, "memory.max", O_RDWR) = 6 [ 223.938808][ T5827] pagetables 0 [ 223.938808][ T5827] sec_pagetables 0 [ 223.938808][ T5827] percpu 0 [ 223.938808][ T5827] sock 0 [ 223.938808][ T5827] vmalloc 0 [ 223.938808][ T5827] shmem 0 [ 223.938808][ T5827] zswap 0 [ 223.938808][ T5827] zswapped 0 [ 223.938808][ T5827] file_mapped 0 [ 223.938808][ T5827] file_dirty 0 [ 223.938808][ T5827] file_writeback 0 [ 223.938808][ T5827] swapcached 0 [ 223.938808][ T5827] anon_thp 0 [ 223.938808][ T5827] file_thp 0 [ 223.938808][ T5827] shmem_thp 0 [ 223.938808][ T5827] inactive_anon 0 [ 223.938808][ T5827] active_anon 0 [ 223.938808][ T5827] inactive_file 0 [ 223.938808][ T5827] active_file 0 [ 223.938808][ T5827] unevictable 0 [ 223.938808][ T5827] slab_reclaimable 6752 [ 223.938808][ T5827] slab_unreclaimable 0 [ 223.938808][ T5827] slab 6752 [ 223.938808][ T5827] workingset_refault_anon 0 [ 224.036232][ T5827] Tasks state (memory values in pages): [ 224.045494][ T5827] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5831] write(6, "0x000000000000040e", 18 [pid 5827] <... write resumed>) = 18 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] close(5) = 0 [pid 5827] close(6) = 0 [pid 5827] close(7) = -1 EBADF (Bad file descriptor) [pid 5827] close(8) = -1 EBADF (Bad file descriptor) [pid 5827] close(9) = -1 EBADF (Bad file descriptor) [pid 5827] close(10) = -1 EBADF (Bad file descriptor) [pid 5827] close(11) = -1 EBADF (Bad file descriptor) [pid 5827] close(12) = -1 EBADF (Bad file descriptor) [pid 5827] close(13) = -1 EBADF (Bad file descriptor) [pid 5827] close(14) = -1 EBADF (Bad file descriptor) [pid 5827] close(15) = -1 EBADF (Bad file descriptor) [pid 5827] close(16) = -1 EBADF (Bad file descriptor) [pid 5827] close(17) = -1 EBADF (Bad file descriptor) [pid 5827] close(18) = -1 EBADF (Bad file descriptor) [pid 5827] close(19) = -1 EBADF (Bad file descriptor) [pid 5827] close(20) = -1 EBADF (Bad file descriptor) [pid 5827] close(21) = -1 EBADF (Bad file descriptor) [pid 5827] close(22) = -1 EBADF (Bad file descriptor) [pid 5827] close(23) = -1 EBADF (Bad file descriptor) [pid 5827] close(24) = -1 EBADF (Bad file descriptor) [pid 5827] close(25) = -1 EBADF (Bad file descriptor) [ 224.057456][ T5827] Out of memory and no killable processes... [ 224.064646][ T5828] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 224.075486][ T5828] CPU: 0 PID: 5828 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 224.085948][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 224.096042][ T5828] Call Trace: [ 224.099363][ T5828] [ 224.102336][ T5828] dump_stack_lvl+0x1e7/0x2d0 [pid 5827] close(26) = -1 EBADF (Bad file descriptor) [pid 5827] close(27) = -1 EBADF (Bad file descriptor) [pid 5827] close(28) = -1 EBADF (Bad file descriptor) [pid 5827] close(29) = -1 EBADF (Bad file descriptor) [pid 5827] exit_group(0) = ? [pid 5827] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./64/binderfs") = 0 [pid 5074] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./64/cgroup") = 0 [pid 5074] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./64/cgroup.net") = 0 [ 224.107073][ T5828] ? nf_tcp_handle_invalid+0x640/0x640 [ 224.112591][ T5828] ? panic+0x770/0x770 [ 224.116728][ T5828] dump_header+0xdc/0x940 [ 224.121120][ T5828] out_of_memory+0xf21/0x12c0 [ 224.125857][ T5828] ? mutex_lock_io_nested+0x60/0x60 [ 224.131126][ T5828] ? preempt_schedule+0xdd/0xf0 [ 224.136031][ T5828] ? unregister_oom_notifier+0x20/0x20 [ 224.141557][ T5828] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 224.147607][ T5828] mem_cgroup_out_of_memory+0x263/0x3b0 [ 224.153217][ T5828] ? preempt_schedule_thunk+0x1a/0x20 [ 224.158647][ T5828] ? mem_cgroup_oom_trylock+0x210/0x210 [ 224.164260][ T5828] ? cgroup_file_notify+0x127/0x190 [ 224.169513][ T5828] memory_max_write+0x355/0x470 [ 224.174404][ T5828] ? memory_max_show+0xa0/0xa0 [ 224.179193][ T5828] ? read_lock_is_recursive+0x20/0x20 [ 224.184608][ T5828] ? memory_max_show+0xa0/0xa0 [ 224.189414][ T5828] cgroup_file_write+0x2b1/0x780 [ 224.194401][ T5828] ? cgroup_seqfile_stop+0xd0/0xd0 [ 224.199554][ T5828] ? __virt_addr_valid+0x22f/0x2e0 [ 224.204735][ T5828] ? cgroup_seqfile_stop+0xd0/0xd0 [ 224.209900][ T5828] kernfs_fop_write_iter+0x3a6/0x4f0 [ 224.215248][ T5828] vfs_write+0x7b2/0xbb0 [ 224.219554][ T5828] ? file_end_write+0x240/0x240 [ 224.224468][ T5828] ? do_raw_spin_unlock+0x13b/0x8b0 [ 224.229722][ T5828] ? lockdep_hardirqs_on+0x98/0x140 [ 224.234990][ T5828] ? __fdget_pos+0x265/0x2f0 [ 224.239642][ T5828] ksys_write+0x1a0/0x2c0 [ 224.244028][ T5828] ? __ia32_sys_read+0x90/0x90 [ 224.248829][ T5828] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 224.254859][ T5828] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 224.260909][ T5828] do_syscall_64+0x41/0xc0 [ 224.265360][ T5828] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 224.271296][ T5828] RIP: 0033:0x7fd49ce20129 [ 224.275748][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 224.295392][ T5828] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5074] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [ 224.303851][ T5828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 224.311885][ T5828] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 224.319908][ T5828] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 224.327911][ T5828] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 224.335893][ T5828] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003c [ 224.343914][ T5828] [pid 5074] rmdir("./64/file0") = 0 [pid 5074] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./64/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./64") = 0 [pid 5074] mkdir("./65", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached [pid 5832] chdir("./65" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 67 [pid 5832] <... chdir resumed>) = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5832] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5832] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [ 224.369751][ T5828] memory: usage 8kB, limit 0kB, failcnt 55 [ 224.375642][ T5828] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 224.383155][ T5828] Memory cgroup stats for /syz1: [ 224.383379][ T5828] anon 0 [ 224.383379][ T5828] file 0 [ 224.383379][ T5828] kernel 8192 [ 224.383379][ T5828] kernel_stack 0 [ 224.383379][ T5828] pagetables 0 [ 224.383379][ T5828] sec_pagetables 0 [ 224.383379][ T5828] percpu 0 [ 224.383379][ T5828] sock 0 [ 224.383379][ T5828] vmalloc 0 [ 224.383379][ T5828] shmem 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] mkdir("./file0", 000) = 0 [pid 5832] open("./file0", O_RDONLY) = 3 [pid 5832] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5832] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5832] openat(5, "memory.max", O_RDWR) = 6 [ 224.383379][ T5828] zswap 0 [ 224.383379][ T5828] zswapped 0 [ 224.383379][ T5828] file_mapped 0 [ 224.383379][ T5828] file_dirty 0 [ 224.383379][ T5828] file_writeback 0 [ 224.383379][ T5828] swapcached 0 [ 224.383379][ T5828] anon_thp 0 [ 224.383379][ T5828] file_thp 0 [ 224.383379][ T5828] shmem_thp 0 [ 224.383379][ T5828] inactive_anon 0 [ 224.383379][ T5828] active_anon 0 [ 224.383379][ T5828] inactive_file 0 [ 224.383379][ T5828] active_file 0 [ 224.383379][ T5828] unevictable 0 [ 224.383379][ T5828] slab_reclaimable 6752 [pid 5832] write(6, "0x000000000000040e", 18 [pid 5828] <... write resumed>) = 18 [pid 5828] close(3) = 0 [pid 5828] close(4) = 0 [pid 5828] close(5) = 0 [pid 5828] close(6) = 0 [pid 5828] close(7) = -1 EBADF (Bad file descriptor) [pid 5828] close(8) = -1 EBADF (Bad file descriptor) [pid 5828] close(9) = -1 EBADF (Bad file descriptor) [pid 5828] close(10) = -1 EBADF (Bad file descriptor) [pid 5828] close(11) = -1 EBADF (Bad file descriptor) [pid 5828] close(12) = -1 EBADF (Bad file descriptor) [pid 5828] close(13) = -1 EBADF (Bad file descriptor) [pid 5828] close(14) = -1 EBADF (Bad file descriptor) [pid 5828] close(15) = -1 EBADF (Bad file descriptor) [pid 5828] close(16) = -1 EBADF (Bad file descriptor) [pid 5828] close(17) = -1 EBADF (Bad file descriptor) [pid 5828] close(18) = -1 EBADF (Bad file descriptor) [pid 5828] close(19) = -1 EBADF (Bad file descriptor) [pid 5828] close(20) = -1 EBADF (Bad file descriptor) [pid 5828] close(21) = -1 EBADF (Bad file descriptor) [pid 5828] close(22) = -1 EBADF (Bad file descriptor) [pid 5828] close(23) = -1 EBADF (Bad file descriptor) [pid 5828] close(24) = -1 EBADF (Bad file descriptor) [pid 5828] close(25) = -1 EBADF (Bad file descriptor) [pid 5828] close(26) = -1 EBADF (Bad file descriptor) [pid 5828] close(27) = -1 EBADF (Bad file descriptor) [pid 5828] close(28) = -1 EBADF (Bad file descriptor) [pid 5828] close(29) = -1 EBADF (Bad file descriptor) [pid 5828] exit_group(0) = ? [pid 5828] +++ exited with 0 +++ [ 224.383379][ T5828] slab_unreclaimable 0 [ 224.383379][ T5828] slab 6752 [ 224.383379][ T5828] workingset_refault_anon 0 [ 224.484552][ T5828] Tasks state (memory values in pages): [ 224.490499][ T5828] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 224.500401][ T5828] Out of memory and no killable processes... [ 224.506858][ T5829] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 224.518137][ T5829] CPU: 1 PID: 5829 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 224.528608][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 224.538713][ T5829] Call Trace: [ 224.542039][ T5829] [ 224.545018][ T5829] dump_stack_lvl+0x1e7/0x2d0 [ 224.549871][ T5829] ? nf_tcp_handle_invalid+0x640/0x640 [ 224.555397][ T5829] ? panic+0x770/0x770 [ 224.559647][ T5829] dump_header+0xdc/0x940 [ 224.564076][ T5829] out_of_memory+0xf21/0x12c0 [pid 5073] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./60/binderfs") = 0 [pid 5073] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./60/cgroup") = 0 [pid 5073] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./60/cgroup.net") = 0 [ 224.568781][ T5829] ? mutex_lock_io_nested+0x60/0x60 [ 224.574039][ T5829] ? preempt_schedule+0xdd/0xf0 [ 224.578944][ T5829] ? unregister_oom_notifier+0x20/0x20 [ 224.584445][ T5829] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 224.590472][ T5829] mem_cgroup_out_of_memory+0x263/0x3b0 [ 224.596076][ T5829] ? preempt_schedule_thunk+0x1a/0x20 [ 224.601553][ T5829] ? mem_cgroup_oom_trylock+0x210/0x210 [ 224.607214][ T5829] ? cgroup_file_notify+0x127/0x190 [ 224.612478][ T5829] memory_max_write+0x355/0x470 [ 224.617372][ T5829] ? memory_max_show+0xa0/0xa0 [ 224.622202][ T5829] ? read_lock_is_recursive+0x20/0x20 [ 224.627635][ T5829] ? memory_max_show+0xa0/0xa0 [ 224.632460][ T5829] cgroup_file_write+0x2b1/0x780 [ 224.637548][ T5829] ? cgroup_seqfile_stop+0xd0/0xd0 [ 224.642727][ T5829] ? __virt_addr_valid+0x22f/0x2e0 [ 224.648048][ T5829] ? cgroup_seqfile_stop+0xd0/0xd0 [ 224.653344][ T5829] kernfs_fop_write_iter+0x3a6/0x4f0 [ 224.658784][ T5829] vfs_write+0x7b2/0xbb0 [ 224.663115][ T5829] ? file_end_write+0x240/0x240 [ 224.668026][ T5829] ? do_raw_spin_unlock+0x13b/0x8b0 [ 224.673286][ T5829] ? lockdep_hardirqs_on+0x98/0x140 [ 224.678554][ T5829] ? __fdget_pos+0x265/0x2f0 [ 224.683210][ T5829] ksys_write+0x1a0/0x2c0 [ 224.687601][ T5829] ? __ia32_sys_read+0x90/0x90 [ 224.692405][ T5829] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 224.698439][ T5829] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 224.704503][ T5829] do_syscall_64+0x41/0xc0 [ 224.708962][ T5829] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 224.714920][ T5829] RIP: 0033:0x7fd49ce20129 [ 224.719374][ T5829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 224.739029][ T5829] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 224.747479][ T5829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 224.755496][ T5829] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 224.763499][ T5829] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./60/file0") = 0 [ 224.771507][ T5829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 224.779514][ T5829] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000039 [ 224.787566][ T5829] [ 224.798098][ T5829] memory: usage 8kB, limit 0kB, failcnt 55 [ 224.804336][ T5829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 224.812058][ T5829] Memory cgroup stats for /syz1: [ 224.812278][ T5829] anon 0 [pid 5073] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./60/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./60") = 0 [ 224.812278][ T5829] file 0 [ 224.812278][ T5829] kernel 8192 [ 224.812278][ T5829] kernel_stack 0 [ 224.812278][ T5829] pagetables 0 [ 224.812278][ T5829] sec_pagetables 0 [ 224.812278][ T5829] percpu 0 [ 224.812278][ T5829] sock 0 [ 224.812278][ T5829] vmalloc 0 [ 224.812278][ T5829] shmem 0 [ 224.812278][ T5829] zswap 0 [ 224.812278][ T5829] zswapped 0 [ 224.812278][ T5829] file_mapped 0 [ 224.812278][ T5829] file_dirty 0 [ 224.812278][ T5829] file_writeback 0 [ 224.812278][ T5829] swapcached 0 [ 224.812278][ T5829] anon_thp 0 [pid 5073] mkdir("./61", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] chdir("./61" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 63 [pid 5833] <... chdir resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5833] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5833] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] mkdir("./file0", 000) = 0 [pid 5833] open("./file0", O_RDONLY) = 3 [pid 5833] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5833] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5833] openat(5, "memory.max", O_RDWR) = 6 [ 224.812278][ T5829] file_thp 0 [ 224.812278][ T5829] shmem_thp 0 [ 224.812278][ T5829] inactive_anon 0 [ 224.812278][ T5829] active_anon 0 [ 224.812278][ T5829] inactive_file 0 [ 224.812278][ T5829] active_file 0 [ 224.812278][ T5829] unevictable 0 [ 224.812278][ T5829] slab_reclaimable 6752 [ 224.812278][ T5829] slab_unreclaimable 0 [ 224.812278][ T5829] slab 6752 [ 224.812278][ T5829] workingset_refault_anon 0 [ 224.908778][ T5829] Tasks state (memory values in pages): [pid 5833] write(6, "0x000000000000040e", 18 [pid 5829] <... write resumed>) = 18 [pid 5829] close(3) = 0 [ 224.914639][ T5829] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 224.925225][ T5829] Out of memory and no killable processes... [ 224.932976][ T5830] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 224.943674][ T5830] CPU: 0 PID: 5830 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 224.954133][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 224.964192][ T5830] Call Trace: [ 224.967565][ T5830] [ 224.970500][ T5830] dump_stack_lvl+0x1e7/0x2d0 [ 224.975189][ T5830] ? nf_tcp_handle_invalid+0x640/0x640 [ 224.980664][ T5830] ? panic+0x770/0x770 [ 224.984762][ T5830] dump_header+0xdc/0x940 [ 224.989102][ T5830] out_of_memory+0xf21/0x12c0 [ 224.993793][ T5830] ? mutex_lock_io_nested+0x60/0x60 [ 224.999003][ T5830] ? mark_lock+0x9a/0x340 [ 225.003333][ T5830] ? unregister_oom_notifier+0x20/0x20 [ 225.008801][ T5830] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 225.014797][ T5830] mem_cgroup_out_of_memory+0x263/0x3b0 [ 225.020365][ T5830] ? mem_cgroup_oom_trylock+0x210/0x210 [ 225.025944][ T5830] ? cgroup_file_notify+0x127/0x190 [ 225.031164][ T5830] memory_max_write+0x355/0x470 [ 225.036043][ T5830] ? memory_max_show+0xa0/0xa0 [ 225.040828][ T5830] ? read_lock_is_recursive+0x20/0x20 [ 225.046220][ T5830] ? memory_max_show+0xa0/0xa0 [ 225.051025][ T5830] cgroup_file_write+0x2b1/0x780 [ 225.055982][ T5830] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.061106][ T5830] ? __virt_addr_valid+0x22f/0x2e0 [ 225.066249][ T5830] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.071385][ T5830] kernfs_fop_write_iter+0x3a6/0x4f0 [ 225.076695][ T5830] vfs_write+0x7b2/0xbb0 [ 225.080965][ T5830] ? file_end_write+0x240/0x240 [ 225.085834][ T5830] ? do_raw_spin_unlock+0x13b/0x8b0 [ 225.091052][ T5830] ? lockdep_hardirqs_on+0x98/0x140 [ 225.096278][ T5830] ? __fdget_pos+0x265/0x2f0 [ 225.100887][ T5830] ksys_write+0x1a0/0x2c0 [ 225.105238][ T5830] ? __ia32_sys_read+0x90/0x90 [ 225.110017][ T5830] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 225.116036][ T5830] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 225.122039][ T5830] do_syscall_64+0x41/0xc0 [ 225.126472][ T5830] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 225.132403][ T5830] RIP: 0033:0x7fd49ce20129 [ 225.136848][ T5830] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 225.156471][ T5830] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.164906][ T5830] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 225.172891][ T5830] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 225.180875][ T5830] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 225.188857][ T5830] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 225.196839][ T5830] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003f [ 225.204839][ T5830] [ 225.211107][ T5830] memory: usage 8kB, limit 0kB, failcnt 55 [ 225.217047][ T5830] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5829] close(4) = 0 [pid 5829] close(5) = 0 [pid 5829] close(6) = 0 [pid 5829] close(7) = -1 EBADF (Bad file descriptor) [pid 5829] close(8) = -1 EBADF (Bad file descriptor) [pid 5829] close(9) = -1 EBADF (Bad file descriptor) [pid 5829] close(10) = -1 EBADF (Bad file descriptor) [pid 5829] close(11) = -1 EBADF (Bad file descriptor) [pid 5829] close(12) = -1 EBADF (Bad file descriptor) [pid 5829] close(13) = -1 EBADF (Bad file descriptor) [pid 5829] close(14) = -1 EBADF (Bad file descriptor) [pid 5829] close(15) = -1 EBADF (Bad file descriptor) [pid 5829] close(16) = -1 EBADF (Bad file descriptor) [pid 5829] close(17) = -1 EBADF (Bad file descriptor) [pid 5829] close(18) = -1 EBADF (Bad file descriptor) [pid 5829] close(19) = -1 EBADF (Bad file descriptor) [pid 5829] close(20) = -1 EBADF (Bad file descriptor) [pid 5829] close(21) = -1 EBADF (Bad file descriptor) [pid 5829] close(22) = -1 EBADF (Bad file descriptor) [pid 5829] close(23) = -1 EBADF (Bad file descriptor) [pid 5829] close(24) = -1 EBADF (Bad file descriptor) [pid 5829] close(25) = -1 EBADF (Bad file descriptor) [pid 5829] close(26) = -1 EBADF (Bad file descriptor) [pid 5829] close(27) = -1 EBADF (Bad file descriptor) [pid 5829] close(28) = -1 EBADF (Bad file descriptor) [pid 5829] close(29) = -1 EBADF (Bad file descriptor) [pid 5829] exit_group(0) = ? [pid 5829] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5072] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 225.224148][ T5830] Memory cgroup stats for /syz1: [ 225.224791][ T5830] anon 0 [ 225.224791][ T5830] file 0 [ 225.224791][ T5830] kernel 8192 [ 225.224791][ T5830] kernel_stack 0 [ 225.224791][ T5830] pagetables 0 [ 225.224791][ T5830] sec_pagetables 0 [ 225.224791][ T5830] percpu 0 [ 225.224791][ T5830] sock 0 [ 225.224791][ T5830] vmalloc 0 [ 225.224791][ T5830] shmem 0 [ 225.224791][ T5830] zswap 0 [ 225.224791][ T5830] zswapped 0 [ 225.224791][ T5830] file_mapped 0 [ 225.224791][ T5830] file_dirty 0 [pid 5072] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./57/binderfs") = 0 [pid 5072] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./57/cgroup") = 0 [pid 5072] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./57/cgroup.net") = 0 [pid 5072] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 225.224791][ T5830] file_writeback 0 [ 225.224791][ T5830] swapcached 0 [ 225.224791][ T5830] anon_thp 0 [ 225.224791][ T5830] file_thp 0 [ 225.224791][ T5830] shmem_thp 0 [ 225.224791][ T5830] inactive_anon 0 [ 225.224791][ T5830] active_anon 0 [ 225.224791][ T5830] inactive_file 0 [ 225.224791][ T5830] active_file 0 [ 225.224791][ T5830] unevictable 0 [ 225.224791][ T5830] slab_reclaimable 6752 [ 225.224791][ T5830] slab_unreclaimable 0 [ 225.224791][ T5830] slab 6752 [ 225.224791][ T5830] workingset_refault_anon 0 [pid 5072] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./57/file0") = 0 [pid 5072] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./57/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./57") = 0 [pid 5072] mkdir("./58", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached [pid 5834] chdir("./58") = 0 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 60 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5830] <... write resumed>) = 18 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] close(5) = 0 [pid 5830] close(6) = 0 [pid 5830] close(7) = -1 EBADF (Bad file descriptor) [pid 5830] close(8) = -1 EBADF (Bad file descriptor) [pid 5830] close(9) = -1 EBADF (Bad file descriptor) [pid 5830] close(10) = -1 EBADF (Bad file descriptor) [pid 5830] close(11) = -1 EBADF (Bad file descriptor) [pid 5830] close(12) = -1 EBADF (Bad file descriptor) [pid 5830] close(13) = -1 EBADF (Bad file descriptor) [pid 5830] close(14) = -1 EBADF (Bad file descriptor) [pid 5830] close(15) = -1 EBADF (Bad file descriptor) [pid 5830] close(16) = -1 EBADF (Bad file descriptor) [pid 5830] close(17) = -1 EBADF (Bad file descriptor) [pid 5830] close(18) = -1 EBADF (Bad file descriptor) [pid 5830] close(19) = -1 EBADF (Bad file descriptor) [pid 5830] close(20) = -1 EBADF (Bad file descriptor) [pid 5830] close(21) = -1 EBADF (Bad file descriptor) [pid 5830] close(22) = -1 EBADF (Bad file descriptor) [pid 5830] close(23) = -1 EBADF (Bad file descriptor) [pid 5830] close(24) = -1 EBADF (Bad file descriptor) [pid 5830] close(25) = -1 EBADF (Bad file descriptor) [pid 5830] close(26) = -1 EBADF (Bad file descriptor) [pid 5830] close(27) = -1 EBADF (Bad file descriptor) [pid 5830] close(28) = -1 EBADF (Bad file descriptor) [pid 5830] close(29) = -1 EBADF (Bad file descriptor) [pid 5830] exit_group(0) = ? [pid 5834] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5830] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5834] <... symlink resumed>) = 0 [ 225.323847][ T5830] Tasks state (memory values in pages): [ 225.334122][ T5830] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 225.345434][ T5830] Out of memory and no killable processes... [ 225.352588][ T5831] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5834] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5834] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 5075] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... symlink resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... openat resumed>) = 3 [pid 5075] <... openat resumed>) = 3 [pid 5834] write(3, "1000", 4 [pid 5075] fstat(3, [pid 5834] <... write resumed>) = 4 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5834] close(3 [pid 5075] getdents64(3, [pid 5834] <... close resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5075] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... symlink resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] mkdir("./file0", 000 [ 225.373138][ T5831] CPU: 1 PID: 5831 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 225.383650][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 225.393762][ T5831] Call Trace: [ 225.397092][ T5831] [ 225.400085][ T5831] dump_stack_lvl+0x1e7/0x2d0 [ 225.404826][ T5831] ? nf_tcp_handle_invalid+0x640/0x640 [ 225.410344][ T5831] ? panic+0x770/0x770 [ 225.414495][ T5831] dump_header+0xdc/0x940 [ 225.418885][ T5831] out_of_memory+0xf21/0x12c0 [pid 5075] lstat("./63/binderfs", [pid 5834] <... mkdir resumed>) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5834] open("./file0", O_RDONLY [pid 5075] unlink("./63/binderfs" [pid 5834] <... open resumed>) = 3 [pid 5075] <... unlink resumed>) = 0 [pid 5834] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5075] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... mount resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [ 225.423655][ T5831] ? mutex_lock_io_nested+0x60/0x60 [ 225.428932][ T5831] ? preempt_schedule+0xdd/0xf0 [ 225.433846][ T5831] ? unregister_oom_notifier+0x20/0x20 [ 225.439360][ T5831] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 225.445399][ T5831] mem_cgroup_out_of_memory+0x263/0x3b0 [ 225.450984][ T5831] ? preempt_schedule_thunk+0x1a/0x20 [ 225.456404][ T5831] ? mem_cgroup_oom_trylock+0x210/0x210 [ 225.462010][ T5831] ? cgroup_file_notify+0x127/0x190 [ 225.467252][ T5831] memory_max_write+0x355/0x470 [ 225.472143][ T5831] ? memory_max_show+0xa0/0xa0 [ 225.476943][ T5831] ? read_lock_is_recursive+0x20/0x20 [ 225.482347][ T5831] ? memory_max_show+0xa0/0xa0 [ 225.487143][ T5831] cgroup_file_write+0x2b1/0x780 [ 225.492107][ T5831] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.497240][ T5831] ? __virt_addr_valid+0x22f/0x2e0 [ 225.502386][ T5831] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.507514][ T5831] kernfs_fop_write_iter+0x3a6/0x4f0 [ 225.512831][ T5831] vfs_write+0x7b2/0xbb0 [ 225.517102][ T5831] ? file_end_write+0x240/0x240 [ 225.521980][ T5831] ? do_raw_spin_unlock+0x13b/0x8b0 [ 225.527217][ T5831] ? lockdep_hardirqs_on+0x98/0x140 [ 225.532441][ T5831] ? __fdget_pos+0x265/0x2f0 [ 225.537050][ T5831] ksys_write+0x1a0/0x2c0 [ 225.541402][ T5831] ? __ia32_sys_read+0x90/0x90 [ 225.546180][ T5831] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 225.552184][ T5831] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 225.558187][ T5831] do_syscall_64+0x41/0xc0 [ 225.562624][ T5831] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 225.568540][ T5831] RIP: 0033:0x7fd49ce20129 [ 225.572967][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 225.592607][ T5831] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 225.601085][ T5831] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 225.609083][ T5831] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 225.617075][ T5831] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] lstat("./63/cgroup", [pid 5834] <... openat resumed>) = 4 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5834] openat(4, "syz1", O_RDWR|O_PATH [pid 5075] unlink("./63/cgroup" [pid 5834] <... openat resumed>) = 5 [pid 5075] <... unlink resumed>) = 0 [pid 5834] openat(5, "memory.max", O_RDWR [pid 5075] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... openat resumed>) = 6 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] write(6, "0x000000000000040e", 18 [pid 5075] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./63/cgroup.net") = 0 [pid 5075] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [ 225.625068][ T5831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 225.633056][ T5831] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000039 [ 225.641073][ T5831] [ 225.647620][ T5831] memory: usage 8kB, limit 0kB, failcnt 55 [ 225.653497][ T5831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] rmdir("./63/file0") = 0 [pid 5075] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./63/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./63") = 0 [pid 5075] mkdir("./64", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached [pid 5835] chdir("./64" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 66 [pid 5835] <... chdir resumed>) = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5835] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5835] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5835] mkdir("./file0", 000) = 0 [pid 5835] open("./file0", O_RDONLY) = 3 [pid 5835] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5835] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5835] openat(5, "memory.max", O_RDWR) = 6 [ 225.676384][ T5831] Memory cgroup stats for /syz1: [ 225.676734][ T5831] anon 0 [ 225.676734][ T5831] file 0 [ 225.676734][ T5831] kernel 8192 [ 225.676734][ T5831] kernel_stack 0 [ 225.676734][ T5831] pagetables 0 [ 225.676734][ T5831] sec_pagetables 0 [ 225.676734][ T5831] percpu 0 [ 225.676734][ T5831] sock 0 [ 225.676734][ T5831] vmalloc 0 [ 225.676734][ T5831] shmem 0 [ 225.676734][ T5831] zswap 0 [ 225.676734][ T5831] zswapped 0 [ 225.676734][ T5831] file_mapped 0 [ 225.676734][ T5831] file_dirty 0 [ 225.676734][ T5831] file_writeback 0 [ 225.676734][ T5831] swapcached 0 [ 225.676734][ T5831] anon_thp 0 [ 225.676734][ T5831] file_thp 0 [ 225.676734][ T5831] shmem_thp 0 [ 225.676734][ T5831] inactive_anon 0 [ 225.676734][ T5831] active_anon 0 [ 225.676734][ T5831] inactive_file 0 [ 225.676734][ T5831] active_file 0 [ 225.676734][ T5831] unevictable 0 [ 225.676734][ T5831] slab_reclaimable 6752 [ 225.676734][ T5831] slab_unreclaimable 0 [ 225.676734][ T5831] slab 6752 [ 225.676734][ T5831] workingset_refault_anon 0 [pid 5835] write(6, "0x000000000000040e", 18 [pid 5831] <... write resumed>) = 18 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] close(5) = 0 [pid 5831] close(6) = 0 [pid 5831] close(7) = -1 EBADF (Bad file descriptor) [pid 5831] close(8) = -1 EBADF (Bad file descriptor) [pid 5831] close(9) = -1 EBADF (Bad file descriptor) [pid 5831] close(10) = -1 EBADF (Bad file descriptor) [pid 5831] close(11) = -1 EBADF (Bad file descriptor) [pid 5831] close(12) = -1 EBADF (Bad file descriptor) [pid 5831] close(13) = -1 EBADF (Bad file descriptor) [pid 5831] close(14) = -1 EBADF (Bad file descriptor) [pid 5831] close(15) = -1 EBADF (Bad file descriptor) [pid 5831] close(16) = -1 EBADF (Bad file descriptor) [ 225.778443][ T5831] Tasks state (memory values in pages): [ 225.784039][ T5831] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 225.793611][ T5831] Out of memory and no killable processes... [ 225.799793][ T5832] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 225.811025][ T5832] CPU: 1 PID: 5832 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5831] close(17) = -1 EBADF (Bad file descriptor) [pid 5831] close(18) = -1 EBADF (Bad file descriptor) [pid 5831] close(19) = -1 EBADF (Bad file descriptor) [pid 5831] close(20) = -1 EBADF (Bad file descriptor) [pid 5831] close(21) = -1 EBADF (Bad file descriptor) [pid 5831] close(22) = -1 EBADF (Bad file descriptor) [ 225.821508][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 225.831620][ T5832] Call Trace: [ 225.834947][ T5832] [ 225.837926][ T5832] dump_stack_lvl+0x1e7/0x2d0 [ 225.842669][ T5832] ? nf_tcp_handle_invalid+0x640/0x640 [ 225.848184][ T5832] ? panic+0x770/0x770 [ 225.852321][ T5832] dump_header+0xdc/0x940 [ 225.856711][ T5832] out_of_memory+0xf21/0x12c0 [ 225.861446][ T5832] ? mutex_lock_io_nested+0x60/0x60 [ 225.866709][ T5832] ? preempt_schedule+0xdd/0xf0 [ 225.871608][ T5832] ? unregister_oom_notifier+0x20/0x20 [pid 5831] close(23) = -1 EBADF (Bad file descriptor) [pid 5831] close(24) = -1 EBADF (Bad file descriptor) [pid 5831] close(25) = -1 EBADF (Bad file descriptor) [pid 5831] close(26) = -1 EBADF (Bad file descriptor) [pid 5831] close(27) = -1 EBADF (Bad file descriptor) [pid 5831] close(28) = -1 EBADF (Bad file descriptor) [pid 5831] close(29) = -1 EBADF (Bad file descriptor) [pid 5831] exit_group(0) = ? [pid 5831] +++ exited with 0 +++ [ 225.877110][ T5832] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 225.883153][ T5832] mem_cgroup_out_of_memory+0x263/0x3b0 [ 225.888716][ T5832] ? preempt_schedule_thunk+0x1a/0x20 [ 225.894116][ T5832] ? mem_cgroup_oom_trylock+0x210/0x210 [ 225.899740][ T5832] ? cgroup_file_notify+0x127/0x190 [ 225.905000][ T5832] memory_max_write+0x355/0x470 [ 225.909908][ T5832] ? memory_max_show+0xa0/0xa0 [ 225.914740][ T5832] ? read_lock_is_recursive+0x20/0x20 [ 225.920170][ T5832] ? memory_max_show+0xa0/0xa0 [ 225.924955][ T5832] cgroup_file_write+0x2b1/0x780 [ 225.929927][ T5832] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.935057][ T5832] ? __virt_addr_valid+0x22f/0x2e0 [ 225.940202][ T5832] ? cgroup_seqfile_stop+0xd0/0xd0 [ 225.945328][ T5832] kernfs_fop_write_iter+0x3a6/0x4f0 [ 225.950652][ T5832] vfs_write+0x7b2/0xbb0 [ 225.954925][ T5832] ? file_end_write+0x240/0x240 [ 225.959799][ T5832] ? do_raw_spin_unlock+0x13b/0x8b0 [ 225.965020][ T5832] ? lockdep_hardirqs_on+0x98/0x140 [ 225.970247][ T5832] ? __fdget_pos+0x265/0x2f0 [ 225.974858][ T5832] ksys_write+0x1a0/0x2c0 [ 225.979208][ T5832] ? __ia32_sys_read+0x90/0x90 [ 225.984003][ T5832] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 225.990041][ T5832] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 225.996060][ T5832] do_syscall_64+0x41/0xc0 [ 226.000520][ T5832] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 226.006454][ T5832] RIP: 0033:0x7fd49ce20129 [ 226.010891][ T5832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 226.030533][ T5832] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.038983][ T5832] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 226.046986][ T5832] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 226.054978][ T5832] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 226.062983][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 226.070975][ T5832] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000041 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./57/binderfs") = 0 [pid 5070] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./57/cgroup") = 0 [pid 5070] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./57/cgroup.net") = 0 [pid 5070] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./57/file0") = 0 [pid 5070] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./57/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./57") = 0 [ 226.078997][ T5832] [ 226.086966][ T5832] memory: usage 8kB, limit 0kB, failcnt 55 [ 226.094997][ T5832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.105011][ T5832] Memory cgroup stats for /syz1: [ 226.106042][ T5832] anon 0 [ 226.106042][ T5832] file 0 [ 226.106042][ T5832] kernel 8192 [ 226.106042][ T5832] kernel_stack 0 [ 226.106042][ T5832] pagetables 0 [ 226.106042][ T5832] sec_pagetables 0 [pid 5070] mkdir("./58", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached [pid 5836] chdir("./58" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 60 [pid 5836] <... chdir resumed>) = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 226.106042][ T5832] percpu 0 [ 226.106042][ T5832] sock 0 [ 226.106042][ T5832] vmalloc 0 [ 226.106042][ T5832] shmem 0 [ 226.106042][ T5832] zswap 0 [ 226.106042][ T5832] zswapped 0 [ 226.106042][ T5832] file_mapped 0 [ 226.106042][ T5832] file_dirty 0 [ 226.106042][ T5832] file_writeback 0 [ 226.106042][ T5832] swapcached 0 [ 226.106042][ T5832] anon_thp 0 [ 226.106042][ T5832] file_thp 0 [ 226.106042][ T5832] shmem_thp 0 [ 226.106042][ T5832] inactive_anon 0 [ 226.106042][ T5832] active_anon 0 [ 226.106042][ T5832] inactive_file 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5836] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5836] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] mkdir("./file0", 000) = 0 [pid 5836] open("./file0", O_RDONLY) = 3 [pid 5836] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5836] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5836] openat(5, "memory.max", O_RDWR) = 6 [ 226.106042][ T5832] active_file 0 [ 226.106042][ T5832] unevictable 0 [ 226.106042][ T5832] slab_reclaimable 6752 [ 226.106042][ T5832] slab_unreclaimable 0 [ 226.106042][ T5832] slab 6752 [ 226.106042][ T5832] workingset_refault_anon 0 [ 226.205167][ T5832] Tasks state (memory values in pages): [ 226.214067][ T5832] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5836] write(6, "0x000000000000040e", 18 [pid 5832] <... write resumed>) = 18 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] close(5) = 0 [pid 5832] close(6) = 0 [pid 5832] close(7) = -1 EBADF (Bad file descriptor) [pid 5832] close(8) = -1 EBADF (Bad file descriptor) [pid 5832] close(9) = -1 EBADF (Bad file descriptor) [pid 5832] close(10) = -1 EBADF (Bad file descriptor) [pid 5832] close(11) = -1 EBADF (Bad file descriptor) [pid 5832] close(12) = -1 EBADF (Bad file descriptor) [pid 5832] close(13) = -1 EBADF (Bad file descriptor) [pid 5832] close(14) = -1 EBADF (Bad file descriptor) [pid 5832] close(15) = -1 EBADF (Bad file descriptor) [pid 5832] close(16) = -1 EBADF (Bad file descriptor) [pid 5832] close(17) = -1 EBADF (Bad file descriptor) [pid 5832] close(18) = -1 EBADF (Bad file descriptor) [pid 5832] close(19) = -1 EBADF (Bad file descriptor) [pid 5832] close(20) = -1 EBADF (Bad file descriptor) [pid 5832] close(21) = -1 EBADF (Bad file descriptor) [pid 5832] close(22) = -1 EBADF (Bad file descriptor) [pid 5832] close(23) = -1 EBADF (Bad file descriptor) [pid 5832] close(24) = -1 EBADF (Bad file descriptor) [pid 5832] close(25) = -1 EBADF (Bad file descriptor) [pid 5832] close(26) = -1 EBADF (Bad file descriptor) [pid 5832] close(27) = -1 EBADF (Bad file descriptor) [pid 5832] close(28) = -1 EBADF (Bad file descriptor) [pid 5832] close(29) = -1 EBADF (Bad file descriptor) [pid 5832] exit_group(0) = ? [pid 5832] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./65/binderfs") = 0 [pid 5074] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./65/cgroup") = 0 [pid 5074] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./65/cgroup.net") = 0 [ 226.225277][ T5832] Out of memory and no killable processes... [ 226.233801][ T5833] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 226.246968][ T5833] CPU: 0 PID: 5833 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 226.257484][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 226.267621][ T5833] Call Trace: [ 226.270944][ T5833] [ 226.273916][ T5833] dump_stack_lvl+0x1e7/0x2d0 [ 226.278663][ T5833] ? nf_tcp_handle_invalid+0x640/0x640 [ 226.284179][ T5833] ? panic+0x770/0x770 [ 226.288322][ T5833] dump_header+0xdc/0x940 [ 226.292735][ T5833] out_of_memory+0xf21/0x12c0 [ 226.297474][ T5833] ? mutex_lock_io_nested+0x60/0x60 [ 226.302752][ T5833] ? preempt_schedule+0xdd/0xf0 [ 226.307664][ T5833] ? unregister_oom_notifier+0x20/0x20 [ 226.313219][ T5833] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 226.319266][ T5833] mem_cgroup_out_of_memory+0x263/0x3b0 [ 226.324861][ T5833] ? preempt_schedule_thunk+0x1a/0x20 [ 226.330282][ T5833] ? mem_cgroup_oom_trylock+0x210/0x210 [ 226.335866][ T5833] ? cgroup_file_notify+0x127/0x190 [ 226.341091][ T5833] memory_max_write+0x355/0x470 [ 226.345970][ T5833] ? memory_max_show+0xa0/0xa0 [ 226.350755][ T5833] ? read_lock_is_recursive+0x20/0x20 [ 226.356148][ T5833] ? memory_max_show+0xa0/0xa0 [ 226.360928][ T5833] cgroup_file_write+0x2b1/0x780 [ 226.365884][ T5833] ? cgroup_seqfile_stop+0xd0/0xd0 [ 226.371011][ T5833] ? __virt_addr_valid+0x22f/0x2e0 [ 226.376155][ T5833] ? cgroup_seqfile_stop+0xd0/0xd0 [ 226.381279][ T5833] kernfs_fop_write_iter+0x3a6/0x4f0 [ 226.386607][ T5833] vfs_write+0x7b2/0xbb0 [ 226.390969][ T5833] ? file_end_write+0x240/0x240 [ 226.395858][ T5833] ? do_raw_spin_unlock+0x13b/0x8b0 [ 226.401090][ T5833] ? lockdep_hardirqs_on+0x98/0x140 [ 226.406323][ T5833] ? __fdget_pos+0x265/0x2f0 [ 226.410941][ T5833] ksys_write+0x1a0/0x2c0 [ 226.415297][ T5833] ? __ia32_sys_read+0x90/0x90 [ 226.420080][ T5833] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 226.426086][ T5833] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 226.432097][ T5833] do_syscall_64+0x41/0xc0 [ 226.436556][ T5833] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 226.442514][ T5833] RIP: 0033:0x7fd49ce20129 [ 226.446954][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 226.466582][ T5833] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.475038][ T5833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 226.483021][ T5833] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 226.491000][ T5833] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 226.498982][ T5833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 226.506972][ T5833] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003d [ 226.514973][ T5833] [ 226.521255][ T5833] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./65/file0") = 0 [pid 5074] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./65/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./65") = 0 [ 226.527345][ T5833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.535211][ T5833] Memory cgroup stats for /syz1: [ 226.535416][ T5833] anon 0 [ 226.535416][ T5833] file 0 [ 226.535416][ T5833] kernel 8192 [ 226.535416][ T5833] kernel_stack 0 [ 226.535416][ T5833] pagetables 0 [ 226.535416][ T5833] sec_pagetables 0 [ 226.535416][ T5833] percpu 0 [ 226.535416][ T5833] sock 0 [ 226.535416][ T5833] vmalloc 0 [ 226.535416][ T5833] shmem 0 [ 226.535416][ T5833] zswap 0 [ 226.535416][ T5833] zswapped 0 [ 226.535416][ T5833] file_mapped 0 [pid 5074] mkdir("./66", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached [pid 5837] chdir("./66" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 68 [pid 5837] <... chdir resumed>) = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5837] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5837] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] mkdir("./file0", 000) = 0 [pid 5837] open("./file0", O_RDONLY) = 3 [pid 5837] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5837] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5837] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5837] openat(5, "memory.max", O_RDWR) = 6 [ 226.535416][ T5833] file_dirty 0 [ 226.535416][ T5833] file_writeback 0 [ 226.535416][ T5833] swapcached 0 [ 226.535416][ T5833] anon_thp 0 [ 226.535416][ T5833] file_thp 0 [ 226.535416][ T5833] shmem_thp 0 [ 226.535416][ T5833] inactive_anon 0 [ 226.535416][ T5833] active_anon 0 [ 226.535416][ T5833] inactive_file 0 [ 226.535416][ T5833] active_file 0 [ 226.535416][ T5833] unevictable 0 [ 226.535416][ T5833] slab_reclaimable 6752 [ 226.535416][ T5833] slab_unreclaimable 0 [ 226.535416][ T5833] slab 6752 [ 226.535416][ T5833] workingset_refault_anon 0 [pid 5837] write(6, "0x000000000000040e", 18 [pid 5833] <... write resumed>) = 18 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] close(5) = 0 [pid 5833] close(6) = 0 [pid 5833] close(7) = -1 EBADF (Bad file descriptor) [pid 5833] close(8) = -1 EBADF (Bad file descriptor) [pid 5833] close(9) = -1 EBADF (Bad file descriptor) [pid 5833] close(10) = -1 EBADF (Bad file descriptor) [pid 5833] close(11) = -1 EBADF (Bad file descriptor) [pid 5833] close(12) = -1 EBADF (Bad file descriptor) [ 226.635734][ T5833] Tasks state (memory values in pages): [ 226.649209][ T5833] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 226.659373][ T5833] Out of memory and no killable processes... [ 226.665596][ T5834] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5833] close(13) = -1 EBADF (Bad file descriptor) [pid 5833] close(14) = -1 EBADF (Bad file descriptor) [pid 5833] close(15) = -1 EBADF (Bad file descriptor) [pid 5833] close(16) = -1 EBADF (Bad file descriptor) [pid 5833] close(17) = -1 EBADF (Bad file descriptor) [pid 5833] close(18) = -1 EBADF (Bad file descriptor) [pid 5833] close(19) = -1 EBADF (Bad file descriptor) [pid 5833] close(20) = -1 EBADF (Bad file descriptor) [pid 5833] close(21) = -1 EBADF (Bad file descriptor) [pid 5833] close(22) = -1 EBADF (Bad file descriptor) [pid 5833] close(23) = -1 EBADF (Bad file descriptor) [pid 5833] close(24) = -1 EBADF (Bad file descriptor) [pid 5833] close(25) = -1 EBADF (Bad file descriptor) [pid 5833] close(26) = -1 EBADF (Bad file descriptor) [pid 5833] close(27) = -1 EBADF (Bad file descriptor) [pid 5833] close(28) = -1 EBADF (Bad file descriptor) [pid 5833] close(29) = -1 EBADF (Bad file descriptor) [pid 5833] exit_group(0) = ? [pid 5833] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./61/binderfs") = 0 [pid 5073] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./61/cgroup") = 0 [pid 5073] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./61/cgroup.net") = 0 [ 226.677116][ T5834] CPU: 0 PID: 5834 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 226.687589][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 226.697689][ T5834] Call Trace: [ 226.701013][ T5834] [ 226.704000][ T5834] dump_stack_lvl+0x1e7/0x2d0 [ 226.708743][ T5834] ? nf_tcp_handle_invalid+0x640/0x640 [ 226.714264][ T5834] ? panic+0x770/0x770 [ 226.718397][ T5834] dump_header+0xdc/0x940 [ 226.722782][ T5834] out_of_memory+0xf21/0x12c0 [ 226.727573][ T5834] ? mutex_lock_io_nested+0x60/0x60 [ 226.732864][ T5834] ? preempt_schedule+0xdd/0xf0 [ 226.737795][ T5834] ? unregister_oom_notifier+0x20/0x20 [ 226.743285][ T5834] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 226.749308][ T5834] mem_cgroup_out_of_memory+0x263/0x3b0 [ 226.754891][ T5834] ? preempt_schedule_thunk+0x1a/0x20 [ 226.760295][ T5834] ? mem_cgroup_oom_trylock+0x210/0x210 [ 226.765873][ T5834] ? cgroup_file_notify+0x127/0x190 [ 226.771098][ T5834] memory_max_write+0x355/0x470 [ 226.775973][ T5834] ? memory_max_show+0xa0/0xa0 [ 226.780778][ T5834] ? read_lock_is_recursive+0x20/0x20 [ 226.786169][ T5834] ? memory_max_show+0xa0/0xa0 [ 226.790956][ T5834] cgroup_file_write+0x2b1/0x780 [ 226.795921][ T5834] ? cgroup_seqfile_stop+0xd0/0xd0 [ 226.801044][ T5834] ? __virt_addr_valid+0x22f/0x2e0 [ 226.806175][ T5834] ? cgroup_seqfile_stop+0xd0/0xd0 [ 226.811312][ T5834] kernfs_fop_write_iter+0x3a6/0x4f0 [ 226.816641][ T5834] vfs_write+0x7b2/0xbb0 [ 226.820913][ T5834] ? file_end_write+0x240/0x240 [ 226.825777][ T5834] ? do_raw_spin_unlock+0x13b/0x8b0 [ 226.830989][ T5834] ? lockdep_hardirqs_on+0x98/0x140 [ 226.836217][ T5834] ? __fdget_pos+0x265/0x2f0 [ 226.840827][ T5834] ksys_write+0x1a0/0x2c0 [ 226.845177][ T5834] ? __ia32_sys_read+0x90/0x90 [ 226.849968][ T5834] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 226.856008][ T5834] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 226.862034][ T5834] do_syscall_64+0x41/0xc0 [ 226.866486][ T5834] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 226.872423][ T5834] RIP: 0033:0x7fd49ce20129 [ 226.876858][ T5834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 226.896484][ T5834] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.904924][ T5834] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 226.912905][ T5834] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 226.920894][ T5834] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 226.928893][ T5834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5073] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./61/file0") = 0 [pid 5073] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./61/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [ 226.936874][ T5834] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003a [ 226.944871][ T5834] [ 226.950698][ T5834] memory: usage 8kB, limit 0kB, failcnt 55 [ 226.957357][ T5834] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.965096][ T5834] Memory cgroup stats for /syz1: [ 226.971161][ T5834] anon 0 [ 226.971161][ T5834] file 0 [ 226.971161][ T5834] kernel 8192 [pid 5073] rmdir("./61") = 0 [pid 5073] mkdir("./62", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached [pid 5838] chdir("./62" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 64 [pid 5838] <... chdir resumed>) = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5838] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5838] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] mkdir("./file0", 000) = 0 [pid 5838] open("./file0", O_RDONLY) = 3 [pid 5838] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5838] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 226.971161][ T5834] kernel_stack 0 [ 226.971161][ T5834] pagetables 0 [ 226.971161][ T5834] sec_pagetables 0 [ 226.971161][ T5834] percpu 0 [ 226.971161][ T5834] sock 0 [ 226.971161][ T5834] vmalloc 0 [ 226.971161][ T5834] shmem 0 [ 226.971161][ T5834] zswap 0 [ 226.971161][ T5834] zswapped 0 [ 226.971161][ T5834] file_mapped 0 [ 226.971161][ T5834] file_dirty 0 [ 226.971161][ T5834] file_writeback 0 [ 226.971161][ T5834] swapcached 0 [ 226.971161][ T5834] anon_thp 0 [ 226.971161][ T5834] file_thp 0 [ 226.971161][ T5834] shmem_thp 0 [pid 5838] openat(5, "memory.max", O_RDWR) = 6 [ 226.971161][ T5834] inactive_anon 0 [ 226.971161][ T5834] active_anon 0 [ 226.971161][ T5834] inactive_file 0 [ 226.971161][ T5834] active_file 0 [ 226.971161][ T5834] unevictable 0 [ 226.971161][ T5834] slab_reclaimable 6752 [ 226.971161][ T5834] slab_unreclaimable 0 [ 226.971161][ T5834] slab 6752 [ 226.971161][ T5834] workingset_refault_anon 0 [ 227.067661][ T5834] Tasks state (memory values in pages): [ 227.073899][ T5834] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5838] write(6, "0x000000000000040e", 18 [pid 5834] <... write resumed>) = 18 [ 227.086714][ T5834] Out of memory and no killable processes... [ 227.093231][ T5835] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 227.104162][ T5835] CPU: 0 PID: 5835 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 227.114632][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 227.124732][ T5835] Call Trace: [ 227.128050][ T5835] [ 227.131014][ T5835] dump_stack_lvl+0x1e7/0x2d0 [pid 5834] close(3) = 0 [pid 5834] close(4) = 0 [pid 5834] close(5) = 0 [pid 5834] close(6) = 0 [pid 5834] close(7) = -1 EBADF (Bad file descriptor) [pid 5834] close(8) = -1 EBADF (Bad file descriptor) [pid 5834] close(9) = -1 EBADF (Bad file descriptor) [pid 5834] close(10) = -1 EBADF (Bad file descriptor) [pid 5834] close(11) = -1 EBADF (Bad file descriptor) [pid 5834] close(12) = -1 EBADF (Bad file descriptor) [pid 5834] close(13) = -1 EBADF (Bad file descriptor) [pid 5834] close(14) = -1 EBADF (Bad file descriptor) [pid 5834] close(15) = -1 EBADF (Bad file descriptor) [pid 5834] close(16) = -1 EBADF (Bad file descriptor) [pid 5834] close(17) = -1 EBADF (Bad file descriptor) [pid 5834] close(18) = -1 EBADF (Bad file descriptor) [pid 5834] close(19) = -1 EBADF (Bad file descriptor) [pid 5834] close(20) = -1 EBADF (Bad file descriptor) [pid 5834] close(21) = -1 EBADF (Bad file descriptor) [ 227.135746][ T5835] ? nf_tcp_handle_invalid+0x640/0x640 [ 227.141260][ T5835] ? panic+0x770/0x770 [ 227.145397][ T5835] dump_header+0xdc/0x940 [ 227.149786][ T5835] out_of_memory+0xf21/0x12c0 [ 227.154529][ T5835] ? mutex_lock_io_nested+0x60/0x60 [ 227.159801][ T5835] ? preempt_schedule+0xdd/0xf0 [ 227.164716][ T5835] ? unregister_oom_notifier+0x20/0x20 [ 227.170228][ T5835] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 227.176283][ T5835] mem_cgroup_out_of_memory+0x263/0x3b0 [ 227.181889][ T5835] ? preempt_schedule_thunk+0x1a/0x20 [ 227.187316][ T5835] ? mem_cgroup_oom_trylock+0x210/0x210 [ 227.192900][ T5835] ? cgroup_file_notify+0x127/0x190 [ 227.198125][ T5835] memory_max_write+0x355/0x470 [ 227.203005][ T5835] ? memory_max_show+0xa0/0xa0 [ 227.207790][ T5835] ? read_lock_is_recursive+0x20/0x20 [ 227.213190][ T5835] ? memory_max_show+0xa0/0xa0 [ 227.217974][ T5835] cgroup_file_write+0x2b1/0x780 [ 227.222933][ T5835] ? cgroup_seqfile_stop+0xd0/0xd0 [ 227.228095][ T5835] ? __virt_addr_valid+0x22f/0x2e0 [ 227.233237][ T5835] ? cgroup_seqfile_stop+0xd0/0xd0 [ 227.238362][ T5835] kernfs_fop_write_iter+0x3a6/0x4f0 [ 227.243671][ T5835] vfs_write+0x7b2/0xbb0 [ 227.247938][ T5835] ? file_end_write+0x240/0x240 [ 227.252827][ T5835] ? do_raw_spin_unlock+0x13b/0x8b0 [ 227.258043][ T5835] ? lockdep_hardirqs_on+0x98/0x140 [ 227.263268][ T5835] ? __fdget_pos+0x265/0x2f0 [ 227.267880][ T5835] ksys_write+0x1a0/0x2c0 [ 227.272233][ T5835] ? __ia32_sys_read+0x90/0x90 [ 227.277015][ T5835] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 227.283028][ T5835] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 227.289058][ T5835] do_syscall_64+0x41/0xc0 [ 227.293563][ T5835] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 227.299500][ T5835] RIP: 0033:0x7fd49ce20129 [ 227.303951][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 227.323578][ T5835] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5834] close(22) = -1 EBADF (Bad file descriptor) [pid 5834] close(23) = -1 EBADF (Bad file descriptor) [pid 5834] close(24) = -1 EBADF (Bad file descriptor) [pid 5834] close(25) = -1 EBADF (Bad file descriptor) [pid 5834] close(26) = -1 EBADF (Bad file descriptor) [pid 5834] close(27) = -1 EBADF (Bad file descriptor) [pid 5834] close(28) = -1 EBADF (Bad file descriptor) [ 227.332014][ T5835] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 227.340110][ T5835] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 227.348123][ T5835] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 227.356114][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 227.364096][ T5835] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000040 [ 227.372098][ T5835] [pid 5834] close(29) = -1 EBADF (Bad file descriptor) [pid 5834] exit_group(0) = ? [pid 5834] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5072] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./58/binderfs") = 0 [pid 5072] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./58/cgroup") = 0 [pid 5072] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./58/cgroup.net") = 0 [ 227.387070][ T5835] memory: usage 8kB, limit 0kB, failcnt 55 [ 227.393864][ T5835] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 227.408466][ T5835] Memory cgroup stats for /syz1: [ 227.408790][ T5835] anon 0 [ 227.408790][ T5835] file 0 [ 227.408790][ T5835] kernel 8192 [ 227.408790][ T5835] kernel_stack 0 [ 227.408790][ T5835] pagetables 0 [ 227.408790][ T5835] sec_pagetables 0 [ 227.408790][ T5835] percpu 0 [ 227.408790][ T5835] sock 0 [ 227.408790][ T5835] vmalloc 0 [ 227.408790][ T5835] shmem 0 [ 227.408790][ T5835] zswap 0 [ 227.408790][ T5835] zswapped 0 [ 227.408790][ T5835] file_mapped 0 [ 227.408790][ T5835] file_dirty 0 [ 227.408790][ T5835] file_writeback 0 [ 227.408790][ T5835] swapcached 0 [ 227.408790][ T5835] anon_thp 0 [ 227.408790][ T5835] file_thp 0 [ 227.408790][ T5835] shmem_thp 0 [ 227.408790][ T5835] inactive_anon 0 [ 227.408790][ T5835] active_anon 0 [ 227.408790][ T5835] inactive_file 0 [ 227.408790][ T5835] active_file 0 [ 227.408790][ T5835] unevictable 0 [pid 5072] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./58/file0") = 0 [pid 5072] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./58/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./58") = 0 [pid 5072] mkdir("./59", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached [pid 5839] chdir("./59" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 61 [ 227.408790][ T5835] slab_reclaimable 6752 [ 227.408790][ T5835] slab_unreclaimable 0 [ 227.408790][ T5835] slab 6752 [ 227.408790][ T5835] workingset_refault_anon 0 [ 227.515684][ T5835] Tasks state (memory values in pages): [ 227.523243][ T5835] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5839] <... chdir resumed>) = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5839] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5839] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] mkdir("./file0", 000) = 0 [pid 5835] <... write resumed>) = 18 [pid 5839] open("./file0", O_RDONLY) = 3 [pid 5839] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5839] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5839] openat(5, "memory.max", O_RDWR) = 6 [ 227.540414][ T5835] Out of memory and no killable processes... [ 227.549773][ T5836] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 227.564941][ T5836] CPU: 0 PID: 5836 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 227.575417][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 227.585526][ T5836] Call Trace: [ 227.588842][ T5836] [ 227.591807][ T5836] dump_stack_lvl+0x1e7/0x2d0 [ 227.596540][ T5836] ? nf_tcp_handle_invalid+0x640/0x640 [ 227.602045][ T5836] ? panic+0x770/0x770 [ 227.606173][ T5836] dump_header+0xdc/0x940 [ 227.610529][ T5836] out_of_memory+0xf21/0x12c0 [ 227.615226][ T5836] ? mutex_lock_io_nested+0x60/0x60 [ 227.620452][ T5836] ? preempt_schedule+0xdd/0xf0 [ 227.625321][ T5836] ? unregister_oom_notifier+0x20/0x20 [ 227.630793][ T5836] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 227.636800][ T5836] mem_cgroup_out_of_memory+0x263/0x3b0 [ 227.642368][ T5836] ? preempt_schedule_thunk+0x1a/0x20 [ 227.647767][ T5836] ? mem_cgroup_oom_trylock+0x210/0x210 [ 227.653344][ T5836] ? cgroup_file_notify+0x127/0x190 [ 227.658567][ T5836] memory_max_write+0x355/0x470 [ 227.663449][ T5836] ? memory_max_show+0xa0/0xa0 [ 227.668256][ T5836] ? read_lock_is_recursive+0x20/0x20 [ 227.673761][ T5836] ? memory_max_show+0xa0/0xa0 [ 227.678559][ T5836] cgroup_file_write+0x2b1/0x780 [ 227.683531][ T5836] ? cgroup_seqfile_stop+0xd0/0xd0 [ 227.688665][ T5836] ? __virt_addr_valid+0x22f/0x2e0 [ 227.693820][ T5836] ? cgroup_seqfile_stop+0xd0/0xd0 [ 227.698964][ T5836] kernfs_fop_write_iter+0x3a6/0x4f0 [ 227.704283][ T5836] vfs_write+0x7b2/0xbb0 [ 227.708563][ T5836] ? file_end_write+0x240/0x240 [ 227.713445][ T5836] ? do_raw_spin_unlock+0x13b/0x8b0 [ 227.718664][ T5836] ? lockdep_hardirqs_on+0x98/0x140 [ 227.723886][ T5836] ? __fdget_pos+0x265/0x2f0 [ 227.728500][ T5836] ksys_write+0x1a0/0x2c0 [ 227.732853][ T5836] ? __ia32_sys_read+0x90/0x90 [ 227.737650][ T5836] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 227.743651][ T5836] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 227.749663][ T5836] do_syscall_64+0x41/0xc0 [ 227.754100][ T5836] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 227.760101][ T5836] RIP: 0033:0x7fd49ce20129 [ 227.764527][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 227.784155][ T5836] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 227.792584][ T5836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 227.800568][ T5836] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 227.808559][ T5836] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 227.816560][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 227.824565][ T5836] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003a [ 227.832581][ T5836] [pid 5839] write(6, "0x000000000000040e", 18 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] close(5) = 0 [pid 5835] close(6) = 0 [pid 5835] close(7) = -1 EBADF (Bad file descriptor) [pid 5835] close(8) = -1 EBADF (Bad file descriptor) [pid 5835] close(9) = -1 EBADF (Bad file descriptor) [pid 5835] close(10) = -1 EBADF (Bad file descriptor) [pid 5835] close(11) = -1 EBADF (Bad file descriptor) [pid 5835] close(12) = -1 EBADF (Bad file descriptor) [pid 5835] close(13) = -1 EBADF (Bad file descriptor) [pid 5835] close(14) = -1 EBADF (Bad file descriptor) [pid 5835] close(15) = -1 EBADF (Bad file descriptor) [pid 5835] close(16) = -1 EBADF (Bad file descriptor) [pid 5835] close(17) = -1 EBADF (Bad file descriptor) [pid 5835] close(18) = -1 EBADF (Bad file descriptor) [pid 5835] close(19) = -1 EBADF (Bad file descriptor) [pid 5835] close(20) = -1 EBADF (Bad file descriptor) [pid 5835] close(21) = -1 EBADF (Bad file descriptor) [pid 5835] close(22) = -1 EBADF (Bad file descriptor) [pid 5835] close(23) = -1 EBADF (Bad file descriptor) [pid 5835] close(24) = -1 EBADF (Bad file descriptor) [pid 5835] close(25) = -1 EBADF (Bad file descriptor) [pid 5835] close(26) = -1 EBADF (Bad file descriptor) [pid 5835] close(27) = -1 EBADF (Bad file descriptor) [pid 5835] close(28) = -1 EBADF (Bad file descriptor) [pid 5835] close(29) = -1 EBADF (Bad file descriptor) [ 227.838214][ T5836] memory: usage 8kB, limit 0kB, failcnt 55 [ 227.844077][ T5836] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 227.880879][ T5836] Memory cgroup stats for /syz1: [ 227.881096][ T5836] anon 0 [ 227.881096][ T5836] file 0 [pid 5835] exit_group(0) = ? [pid 5835] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./64/binderfs") = 0 [pid 5075] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./64/cgroup") = 0 [pid 5075] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./64/cgroup.net") = 0 [ 227.881096][ T5836] kernel 8192 [ 227.881096][ T5836] kernel_stack 0 [ 227.881096][ T5836] pagetables 0 [ 227.881096][ T5836] sec_pagetables 0 [ 227.881096][ T5836] percpu 0 [ 227.881096][ T5836] sock 0 [ 227.881096][ T5836] vmalloc 0 [ 227.881096][ T5836] shmem 0 [ 227.881096][ T5836] zswap 0 [ 227.881096][ T5836] zswapped 0 [ 227.881096][ T5836] file_mapped 0 [ 227.881096][ T5836] file_dirty 0 [ 227.881096][ T5836] file_writeback 0 [ 227.881096][ T5836] swapcached 0 [ 227.881096][ T5836] anon_thp 0 [ 227.881096][ T5836] file_thp 0 [pid 5075] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./64/file0") = 0 [pid 5075] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 227.881096][ T5836] shmem_thp 0 [ 227.881096][ T5836] inactive_anon 0 [ 227.881096][ T5836] active_anon 0 [ 227.881096][ T5836] inactive_file 0 [ 227.881096][ T5836] active_file 0 [ 227.881096][ T5836] unevictable 0 [ 227.881096][ T5836] slab_reclaimable 6752 [ 227.881096][ T5836] slab_unreclaimable 0 [ 227.881096][ T5836] slab 6752 [ 227.881096][ T5836] workingset_refault_anon 0 [pid 5075] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./64/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./64") = 0 [pid 5075] mkdir("./65", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached [pid 5840] chdir("./65" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 67 [pid 5840] <... chdir resumed>) = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5840] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5840] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] mkdir("./file0", 000) = 0 [pid 5840] open("./file0", O_RDONLY [pid 5836] <... write resumed>) = 18 [pid 5840] <... open resumed>) = 3 [pid 5840] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 227.996833][ T5836] Tasks state (memory values in pages): [ 228.002550][ T5836] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 228.018339][ T5836] Out of memory and no killable processes... [ 228.024507][ T5837] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5840] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5840] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5840] openat(5, "memory.max", O_RDWR) = 6 [pid 5840] write(6, "0x000000000000040e", 18 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] close(5) = 0 [pid 5836] close(6) = 0 [pid 5836] close(7) = -1 EBADF (Bad file descriptor) [pid 5836] close(8) = -1 EBADF (Bad file descriptor) [pid 5836] close(9) = -1 EBADF (Bad file descriptor) [pid 5836] close(10) = -1 EBADF (Bad file descriptor) [pid 5836] close(11) = -1 EBADF (Bad file descriptor) [pid 5836] close(12) = -1 EBADF (Bad file descriptor) [pid 5836] close(13) = -1 EBADF (Bad file descriptor) [pid 5836] close(14) = -1 EBADF (Bad file descriptor) [ 228.040852][ T5837] CPU: 0 PID: 5837 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 228.051351][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 228.061459][ T5837] Call Trace: [ 228.064776][ T5837] [ 228.067740][ T5837] dump_stack_lvl+0x1e7/0x2d0 [ 228.072473][ T5837] ? nf_tcp_handle_invalid+0x640/0x640 [ 228.077990][ T5837] ? panic+0x770/0x770 [ 228.082128][ T5837] dump_header+0xdc/0x940 [ 228.086519][ T5837] out_of_memory+0xf21/0x12c0 [ 228.091270][ T5837] ? mutex_lock_io_nested+0x60/0x60 [pid 5836] close(15) = -1 EBADF (Bad file descriptor) [pid 5836] close(16) = -1 EBADF (Bad file descriptor) [pid 5836] close(17) = -1 EBADF (Bad file descriptor) [pid 5836] close(18) = -1 EBADF (Bad file descriptor) [pid 5836] close(19) = -1 EBADF (Bad file descriptor) [pid 5836] close(20) = -1 EBADF (Bad file descriptor) [pid 5836] close(21) = -1 EBADF (Bad file descriptor) [pid 5836] close(22) = -1 EBADF (Bad file descriptor) [pid 5836] close(23) = -1 EBADF (Bad file descriptor) [pid 5836] close(24) = -1 EBADF (Bad file descriptor) [pid 5836] close(25) = -1 EBADF (Bad file descriptor) [pid 5836] close(26) = -1 EBADF (Bad file descriptor) [pid 5836] close(27) = -1 EBADF (Bad file descriptor) [pid 5836] close(28) = -1 EBADF (Bad file descriptor) [pid 5836] close(29) = -1 EBADF (Bad file descriptor) [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./58/binderfs") = 0 [pid 5070] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./58/cgroup") = 0 [pid 5070] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.096550][ T5837] ? preempt_schedule+0xdd/0xf0 [ 228.101457][ T5837] ? unregister_oom_notifier+0x20/0x20 [ 228.106972][ T5837] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 228.113030][ T5837] mem_cgroup_out_of_memory+0x263/0x3b0 [ 228.118636][ T5837] ? preempt_schedule_thunk+0x1a/0x20 [ 228.124073][ T5837] ? mem_cgroup_oom_trylock+0x210/0x210 [ 228.129782][ T5837] ? cgroup_file_notify+0x127/0x190 [ 228.135035][ T5837] memory_max_write+0x355/0x470 [ 228.139945][ T5837] ? memory_max_show+0xa0/0xa0 [pid 5070] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./58/cgroup.net") = 0 [ 228.144764][ T5837] ? read_lock_is_recursive+0x20/0x20 [ 228.150199][ T5837] ? memory_max_show+0xa0/0xa0 [ 228.155015][ T5837] cgroup_file_write+0x2b1/0x780 [ 228.160002][ T5837] ? cgroup_seqfile_stop+0xd0/0xd0 [ 228.165140][ T5837] ? __virt_addr_valid+0x22f/0x2e0 [ 228.170277][ T5837] ? cgroup_seqfile_stop+0xd0/0xd0 [ 228.175435][ T5837] kernfs_fop_write_iter+0x3a6/0x4f0 [ 228.180760][ T5837] vfs_write+0x7b2/0xbb0 [ 228.185042][ T5837] ? file_end_write+0x240/0x240 [ 228.189909][ T5837] ? do_raw_spin_unlock+0x13b/0x8b0 [ 228.195126][ T5837] ? lockdep_hardirqs_on+0x98/0x140 [ 228.200359][ T5837] ? __fdget_pos+0x265/0x2f0 [ 228.204998][ T5837] ksys_write+0x1a0/0x2c0 [ 228.209378][ T5837] ? __ia32_sys_read+0x90/0x90 [ 228.214328][ T5837] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 228.220388][ T5837] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 228.226437][ T5837] do_syscall_64+0x41/0xc0 [ 228.230908][ T5837] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 228.236861][ T5837] RIP: 0033:0x7fd49ce20129 [ 228.241307][ T5837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 228.260969][ T5837] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 228.269429][ T5837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 228.277430][ T5837] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 228.285446][ T5837] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 228.293449][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 228.301444][ T5837] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000042 [ 228.309487][ T5837] [ 228.315731][ T5837] memory: usage 8kB, limit 0kB, failcnt 55 [ 228.321672][ T5837] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 228.329095][ T5837] Memory cgroup stats for /syz1: [ 228.329284][ T5837] anon 0 [ 228.329284][ T5837] file 0 [ 228.329284][ T5837] kernel 8192 [ 228.329284][ T5837] kernel_stack 0 [ 228.329284][ T5837] pagetables 0 [ 228.329284][ T5837] sec_pagetables 0 [ 228.329284][ T5837] percpu 0 [ 228.329284][ T5837] sock 0 [ 228.329284][ T5837] vmalloc 0 [ 228.329284][ T5837] shmem 0 [ 228.329284][ T5837] zswap 0 [ 228.329284][ T5837] zswapped 0 [ 228.329284][ T5837] file_mapped 0 [ 228.329284][ T5837] file_dirty 0 [ 228.329284][ T5837] file_writeback 0 [ 228.329284][ T5837] swapcached 0 [ 228.329284][ T5837] anon_thp 0 [ 228.329284][ T5837] file_thp 0 [ 228.329284][ T5837] shmem_thp 0 [ 228.329284][ T5837] inactive_anon 0 [pid 5070] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./58/file0") = 0 [pid 5070] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./58/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [ 228.329284][ T5837] active_anon 0 [ 228.329284][ T5837] inactive_file 0 [ 228.329284][ T5837] active_file 0 [ 228.329284][ T5837] unevictable 0 [ 228.329284][ T5837] slab_reclaimable 6752 [ 228.329284][ T5837] slab_unreclaimable 0 [ 228.329284][ T5837] slab 6752 [ 228.329284][ T5837] workingset_refault_anon 0 [ 228.429452][ T5837] Tasks state (memory values in pages): [ 228.437357][ T5837] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5070] rmdir("./58") = 0 [pid 5070] mkdir("./59", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 61 [pid 5837] <... write resumed>) = 18 [pid 5837] close(3) = 0 [pid 5837] close(4) = 0 [pid 5837] close(5) = 0 [pid 5837] close(6) = 0 [pid 5837] close(7) = -1 EBADF (Bad file descriptor) [pid 5837] close(8) = -1 EBADF (Bad file descriptor) [pid 5837] close(9) = -1 EBADF (Bad file descriptor) [pid 5837] close(10) = -1 EBADF (Bad file descriptor) [pid 5837] close(11) = -1 EBADF (Bad file descriptor) [pid 5837] close(12) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 5841 attached [pid 5837] close(13) = -1 EBADF (Bad file descriptor) [pid 5837] close(14) = -1 EBADF (Bad file descriptor) [pid 5837] close(15) = -1 EBADF (Bad file descriptor) [pid 5837] close(16) = -1 EBADF (Bad file descriptor) [pid 5837] close(17) = -1 EBADF (Bad file descriptor) [pid 5837] close(18) = -1 EBADF (Bad file descriptor) [pid 5837] close(19) = -1 EBADF (Bad file descriptor) [pid 5837] close(20) = -1 EBADF (Bad file descriptor) [pid 5837] close(21) = -1 EBADF (Bad file descriptor) [pid 5837] close(22) = -1 EBADF (Bad file descriptor) [pid 5837] close(23) = -1 EBADF (Bad file descriptor) [pid 5841] chdir("./59" [pid 5837] close(24) = -1 EBADF (Bad file descriptor) [pid 5837] close(25) = -1 EBADF (Bad file descriptor) [pid 5837] close(26) = -1 EBADF (Bad file descriptor) [pid 5837] close(27) = -1 EBADF (Bad file descriptor) [pid 5837] close(28) = -1 EBADF (Bad file descriptor) [pid 5837] close(29) = -1 EBADF (Bad file descriptor) [pid 5837] exit_group(0) = ? [pid 5837] +++ exited with 0 +++ [pid 5841] <... chdir resumed>) = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5841] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5841] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 228.449077][ T5837] Out of memory and no killable processes... [ 228.455737][ T5838] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 228.475794][ T5838] CPU: 0 PID: 5838 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 228.486287][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] mkdir("./file0", 000) = 0 [pid 5841] open("./file0", O_RDONLY) = 3 [pid 5841] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5841] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5841] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5841] openat(5, "memory.max", O_RDWR) = 6 [pid 5841] write(6, "0x000000000000040e", 18 [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5074] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./66/binderfs") = 0 [pid 5074] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.496407][ T5838] Call Trace: [ 228.499730][ T5838] [ 228.502706][ T5838] dump_stack_lvl+0x1e7/0x2d0 [ 228.507453][ T5838] ? nf_tcp_handle_invalid+0x640/0x640 [ 228.512973][ T5838] ? panic+0x770/0x770 [ 228.517120][ T5838] dump_header+0xdc/0x940 [ 228.521517][ T5838] out_of_memory+0xf21/0x12c0 [ 228.526255][ T5838] ? mutex_lock_io_nested+0x60/0x60 [ 228.531532][ T5838] ? preempt_schedule+0xdd/0xf0 [ 228.536450][ T5838] ? unregister_oom_notifier+0x20/0x20 [ 228.541974][ T5838] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [pid 5074] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./66/cgroup") = 0 [pid 5074] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./66/cgroup.net") = 0 [ 228.548177][ T5838] ? lockdep_hardirqs_on+0x98/0x140 [ 228.553438][ T5838] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 228.559649][ T5838] mem_cgroup_out_of_memory+0x263/0x3b0 [ 228.565224][ T5838] ? preempt_schedule_thunk+0x1a/0x20 [ 228.570618][ T5838] ? mem_cgroup_oom_trylock+0x210/0x210 [ 228.576199][ T5838] ? cgroup_file_notify+0x127/0x190 [ 228.581424][ T5838] memory_max_write+0x355/0x470 [ 228.586358][ T5838] ? memory_max_show+0xa0/0xa0 [ 228.591140][ T5838] ? read_lock_is_recursive+0x20/0x20 [ 228.596547][ T5838] ? memory_max_show+0xa0/0xa0 [ 228.601328][ T5838] cgroup_file_write+0x2b1/0x780 [ 228.606290][ T5838] ? cgroup_seqfile_stop+0xd0/0xd0 [ 228.611420][ T5838] ? __virt_addr_valid+0x22f/0x2e0 [ 228.616566][ T5838] ? cgroup_seqfile_stop+0xd0/0xd0 [ 228.621692][ T5838] kernfs_fop_write_iter+0x3a6/0x4f0 [ 228.627001][ T5838] vfs_write+0x7b2/0xbb0 [ 228.631291][ T5838] ? file_end_write+0x240/0x240 [ 228.636180][ T5838] ? do_raw_spin_unlock+0x13b/0x8b0 [ 228.641399][ T5838] ? lockdep_hardirqs_on+0x98/0x140 [ 228.646627][ T5838] ? __fdget_pos+0x265/0x2f0 [ 228.651235][ T5838] ksys_write+0x1a0/0x2c0 [ 228.655597][ T5838] ? __ia32_sys_read+0x90/0x90 [ 228.660373][ T5838] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 228.666379][ T5838] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 228.672384][ T5838] do_syscall_64+0x41/0xc0 [ 228.676819][ T5838] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 228.682731][ T5838] RIP: 0033:0x7fd49ce20129 [ 228.687169][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 228.706788][ T5838] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 228.715238][ T5838] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 228.723233][ T5838] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 228.731226][ T5838] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 228.739230][ T5838] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 228.747229][ T5838] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003e [ 228.755252][ T5838] [ 228.761046][ T5838] memory: usage 8kB, limit 0kB, failcnt 55 [ 228.767124][ T5838] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 228.774015][ T5838] Memory cgroup stats for /syz1: [ 228.774202][ T5838] anon 0 [ 228.774202][ T5838] file 0 [ 228.774202][ T5838] kernel 8192 [ 228.774202][ T5838] kernel_stack 0 [ 228.774202][ T5838] pagetables 0 [ 228.774202][ T5838] sec_pagetables 0 [ 228.774202][ T5838] percpu 0 [ 228.774202][ T5838] sock 0 [ 228.774202][ T5838] vmalloc 0 [ 228.774202][ T5838] shmem 0 [ 228.774202][ T5838] zswap 0 [ 228.774202][ T5838] zswapped 0 [ 228.774202][ T5838] file_mapped 0 [ 228.774202][ T5838] file_dirty 0 [ 228.774202][ T5838] file_writeback 0 [ 228.774202][ T5838] swapcached 0 [ 228.774202][ T5838] anon_thp 0 [ 228.774202][ T5838] file_thp 0 [ 228.774202][ T5838] shmem_thp 0 [ 228.774202][ T5838] inactive_anon 0 [ 228.774202][ T5838] active_anon 0 [ 228.774202][ T5838] inactive_file 0 [pid 5074] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.774202][ T5838] active_file 0 [ 228.774202][ T5838] unevictable 0 [ 228.774202][ T5838] slab_reclaimable 6752 [ 228.774202][ T5838] slab_unreclaimable 0 [ 228.774202][ T5838] slab 6752 [ 228.774202][ T5838] workingset_refault_anon 0 [ 228.872564][ T5838] Tasks state (memory values in pages): [ 228.878786][ T5838] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 228.890282][ T5838] Out of memory and no killable processes... [pid 5074] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... write resumed>) = 18 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3) = 0 [pid 5838] close(4) = 0 [pid 5838] close(5) = 0 [pid 5838] close(6) = 0 [pid 5838] close(7) = -1 EBADF (Bad file descriptor) [pid 5838] close(8) = -1 EBADF (Bad file descriptor) [pid 5838] close(9) = -1 EBADF (Bad file descriptor) [pid 5838] close(10) = -1 EBADF (Bad file descriptor) [pid 5838] close(11) = -1 EBADF (Bad file descriptor) [pid 5838] close(12) = -1 EBADF (Bad file descriptor) [pid 5838] close(13) = -1 EBADF (Bad file descriptor) [pid 5838] close(14) = -1 EBADF (Bad file descriptor) [pid 5838] close(15) = -1 EBADF (Bad file descriptor) [pid 5838] close(16) = -1 EBADF (Bad file descriptor) [pid 5838] close(17) = -1 EBADF (Bad file descriptor) [pid 5838] close(18) = -1 EBADF (Bad file descriptor) [pid 5838] close(19) = -1 EBADF (Bad file descriptor) [pid 5838] close(20) = -1 EBADF (Bad file descriptor) [pid 5838] close(21) = -1 EBADF (Bad file descriptor) [pid 5838] close(22) = -1 EBADF (Bad file descriptor) [pid 5838] close(23) = -1 EBADF (Bad file descriptor) [pid 5838] close(24) = -1 EBADF (Bad file descriptor) [pid 5838] close(25) = -1 EBADF (Bad file descriptor) [pid 5838] close(26) = -1 EBADF (Bad file descriptor) [pid 5838] close(27) = -1 EBADF (Bad file descriptor) [pid 5074] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] close(28) = -1 EBADF (Bad file descriptor) [pid 5074] <... openat resumed>) = 4 [pid 5074] fstat(4, [pid 5838] close(29 [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5838] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5074] getdents64(4, [pid 5838] exit_group(0) = ? [pid 5074] <... getdents64 resumed>0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5838] +++ exited with 0 +++ [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./66/file0") = 0 [pid 5074] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./66/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./66") = 0 [pid 5074] mkdir("./67", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached [ 228.897313][ T5839] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 228.919568][ T5839] CPU: 1 PID: 5839 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 228.930066][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 228.940173][ T5839] Call Trace: [ 228.943501][ T5839] [ 228.946472][ T5839] dump_stack_lvl+0x1e7/0x2d0 , child_tidptr=0x5555574ac5d0) = 69 [pid 5842] chdir("./67" [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... chdir resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] <... openat resumed>) = 3 [pid 5842] <... prctl resumed>) = 0 [pid 5073] fstat(3, [pid 5842] setpgid(0, 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5842] <... setpgid resumed>) = 0 [ 228.951191][ T5839] ? nf_tcp_handle_invalid+0x640/0x640 [ 228.956693][ T5839] ? panic+0x770/0x770 [ 228.960832][ T5839] dump_header+0xdc/0x940 [ 228.965233][ T5839] out_of_memory+0xf21/0x12c0 [ 228.969978][ T5839] ? mutex_lock_io_nested+0x60/0x60 [ 228.975239][ T5839] ? preempt_schedule+0xdd/0xf0 [ 228.980140][ T5839] ? unregister_oom_notifier+0x20/0x20 [ 228.985651][ T5839] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 228.991706][ T5839] mem_cgroup_out_of_memory+0x263/0x3b0 [ 228.997312][ T5839] ? preempt_schedule_thunk+0x1a/0x20 [ 229.002757][ T5839] ? mem_cgroup_oom_trylock+0x210/0x210 [ 229.008390][ T5839] ? cgroup_file_notify+0x127/0x190 [ 229.013661][ T5839] memory_max_write+0x355/0x470 [ 229.018574][ T5839] ? memory_max_show+0xa0/0xa0 [ 229.023385][ T5839] ? read_lock_is_recursive+0x20/0x20 [ 229.028786][ T5839] ? memory_max_show+0xa0/0xa0 [ 229.033570][ T5839] cgroup_file_write+0x2b1/0x780 [ 229.038528][ T5839] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.043654][ T5839] ? __virt_addr_valid+0x22f/0x2e0 [ 229.048794][ T5839] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.054191][ T5839] kernfs_fop_write_iter+0x3a6/0x4f0 [ 229.059720][ T5839] vfs_write+0x7b2/0xbb0 [ 229.064023][ T5839] ? file_end_write+0x240/0x240 [ 229.068902][ T5839] ? do_raw_spin_unlock+0x13b/0x8b0 [ 229.074125][ T5839] ? lockdep_hardirqs_on+0x98/0x140 [ 229.079380][ T5839] ? __fdget_pos+0x265/0x2f0 [ 229.083995][ T5839] ksys_write+0x1a0/0x2c0 [ 229.088350][ T5839] ? __ia32_sys_read+0x90/0x90 [ 229.093129][ T5839] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 229.099134][ T5839] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 229.105159][ T5839] do_syscall_64+0x41/0xc0 [ 229.109607][ T5839] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 229.115532][ T5839] RIP: 0033:0x7fd49ce20129 [ 229.119966][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 229.139584][ T5839] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] getdents64(3, [pid 5842] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5073] <... getdents64 resumed>0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5842] <... symlink resumed>) = 0 [pid 5073] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... symlink resumed>) = 0 [pid 5073] lstat("./62/binderfs", [pid 5842] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5842] <... symlink resumed>) = 0 [pid 5073] unlink("./62/binderfs" [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5073] <... unlink resumed>) = 0 [pid 5842] <... openat resumed>) = 3 [pid 5073] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] write(3, "1000", 4 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... write resumed>) = 4 [pid 5073] lstat("./62/cgroup", [pid 5842] close(3 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5842] <... close resumed>) = 0 [pid 5073] unlink("./62/cgroup" [pid 5842] symlink("/dev/binderfs", "./binderfs" [pid 5073] <... unlink resumed>) = 0 [pid 5842] <... symlink resumed>) = 0 [pid 5073] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] mkdir("./file0", 000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... mkdir resumed>) = 0 [pid 5073] lstat("./62/cgroup.net", [pid 5842] open("./file0", O_RDONLY [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5842] <... open resumed>) = 3 [pid 5073] unlink("./62/cgroup.net" [pid 5842] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5073] <... unlink resumed>) = 0 [ 229.148030][ T5839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 229.156016][ T5839] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 229.164000][ T5839] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 229.171984][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 229.179968][ T5839] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003b [ 229.187968][ T5839] [ 229.194827][ T5839] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5842] <... mount resumed>) = 0 [pid 5073] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5073] <... umount2 resumed>) = 0 [pid 5842] openat(4, "syz1", O_RDWR|O_PATH [pid 5073] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5842] <... openat resumed>) = 5 [pid 5073] lstat("./62/file0", [pid 5842] openat(5, "memory.max", O_RDWR [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5842] <... openat resumed>) = 6 [pid 5073] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] write(6, "0x000000000000040e", 18 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./62/file0") = 0 [pid 5073] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./62/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./62") = 0 [pid 5073] mkdir("./63", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 65 ./strace-static-x86_64: Process 5843 attached [ 229.200934][ T5839] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 229.212115][ T5839] Memory cgroup stats for /syz1: [ 229.216748][ T5839] anon 0 [ 229.216748][ T5839] file 0 [ 229.216748][ T5839] kernel 8192 [ 229.216748][ T5839] kernel_stack 0 [ 229.216748][ T5839] pagetables 0 [ 229.216748][ T5839] sec_pagetables 0 [ 229.216748][ T5839] percpu 0 [ 229.216748][ T5839] sock 0 [ 229.216748][ T5839] vmalloc 0 [ 229.216748][ T5839] shmem 0 [pid 5843] chdir("./63") = 0 [ 229.216748][ T5839] zswap 0 [ 229.216748][ T5839] zswapped 0 [ 229.216748][ T5839] file_mapped 0 [ 229.216748][ T5839] file_dirty 0 [ 229.216748][ T5839] file_writeback 0 [ 229.216748][ T5839] swapcached 0 [ 229.216748][ T5839] anon_thp 0 [ 229.216748][ T5839] file_thp 0 [ 229.216748][ T5839] shmem_thp 0 [ 229.216748][ T5839] inactive_anon 0 [ 229.216748][ T5839] active_anon 0 [ 229.216748][ T5839] inactive_file 0 [ 229.216748][ T5839] active_file 0 [ 229.216748][ T5839] unevictable 0 [ 229.216748][ T5839] slab_reclaimable 6752 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5843] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5843] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] mkdir("./file0", 000) = 0 [pid 5843] open("./file0", O_RDONLY) = 3 [pid 5843] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5843] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5843] openat(5, "memory.max", O_RDWR) = 6 [pid 5843] write(6, "0x000000000000040e", 18 [pid 5839] <... write resumed>) = 18 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] close(5) = 0 [pid 5839] close(6) = 0 [pid 5839] close(7) = -1 EBADF (Bad file descriptor) [pid 5839] close(8) = -1 EBADF (Bad file descriptor) [pid 5839] close(9) = -1 EBADF (Bad file descriptor) [pid 5839] close(10) = -1 EBADF (Bad file descriptor) [pid 5839] close(11) = -1 EBADF (Bad file descriptor) [pid 5839] close(12) = -1 EBADF (Bad file descriptor) [pid 5839] close(13) = -1 EBADF (Bad file descriptor) [pid 5839] close(14) = -1 EBADF (Bad file descriptor) [pid 5839] close(15) = -1 EBADF (Bad file descriptor) [pid 5839] close(16) = -1 EBADF (Bad file descriptor) [pid 5839] close(17) = -1 EBADF (Bad file descriptor) [pid 5839] close(18) = -1 EBADF (Bad file descriptor) [pid 5839] close(19) = -1 EBADF (Bad file descriptor) [pid 5839] close(20) = -1 EBADF (Bad file descriptor) [pid 5839] close(21) = -1 EBADF (Bad file descriptor) [pid 5839] close(22) = -1 EBADF (Bad file descriptor) [pid 5839] close(23) = -1 EBADF (Bad file descriptor) [pid 5839] close(24) = -1 EBADF (Bad file descriptor) [ 229.216748][ T5839] slab_unreclaimable 0 [ 229.216748][ T5839] slab 6752 [ 229.216748][ T5839] workingset_refault_anon 0 [ 229.313309][ T5839] Tasks state (memory values in pages): [ 229.321908][ T5839] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 229.332220][ T5839] Out of memory and no killable processes... [ 229.338443][ T5840] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5839] close(25) = -1 EBADF (Bad file descriptor) [pid 5839] close(26) = -1 EBADF (Bad file descriptor) [pid 5839] close(27) = -1 EBADF (Bad file descriptor) [pid 5839] close(28) = -1 EBADF (Bad file descriptor) [pid 5839] close(29) = -1 EBADF (Bad file descriptor) [pid 5839] exit_group(0) = ? [pid 5839] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5072] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./59/binderfs") = 0 [pid 5072] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./59/cgroup") = 0 [pid 5072] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./59/cgroup.net") = 0 [ 229.361644][ T5840] CPU: 1 PID: 5840 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 229.372138][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 229.382241][ T5840] Call Trace: [ 229.385564][ T5840] [ 229.388544][ T5840] dump_stack_lvl+0x1e7/0x2d0 [ 229.393286][ T5840] ? nf_tcp_handle_invalid+0x640/0x640 [ 229.398786][ T5840] ? panic+0x770/0x770 [ 229.402937][ T5840] dump_header+0xdc/0x940 [ 229.407330][ T5840] out_of_memory+0xf21/0x12c0 [ 229.412073][ T5840] ? mutex_lock_io_nested+0x60/0x60 [ 229.417331][ T5840] ? preempt_schedule+0xdd/0xf0 [ 229.422242][ T5840] ? unregister_oom_notifier+0x20/0x20 [ 229.427746][ T5840] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 229.433770][ T5840] mem_cgroup_out_of_memory+0x263/0x3b0 [ 229.439333][ T5840] ? preempt_schedule_thunk+0x1a/0x20 [ 229.444725][ T5840] ? mem_cgroup_oom_trylock+0x210/0x210 [ 229.450312][ T5840] ? cgroup_file_notify+0x127/0x190 [ 229.455552][ T5840] memory_max_write+0x355/0x470 [ 229.460422][ T5840] ? memory_max_show+0xa0/0xa0 [ 229.465209][ T5840] ? read_lock_is_recursive+0x20/0x20 [ 229.470626][ T5840] ? memory_max_show+0xa0/0xa0 [ 229.475409][ T5840] cgroup_file_write+0x2b1/0x780 [ 229.480368][ T5840] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.485488][ T5840] ? __virt_addr_valid+0x22f/0x2e0 [ 229.490628][ T5840] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.495750][ T5840] kernfs_fop_write_iter+0x3a6/0x4f0 [ 229.501058][ T5840] vfs_write+0x7b2/0xbb0 [ 229.505323][ T5840] ? file_end_write+0x240/0x240 [ 229.510219][ T5840] ? do_raw_spin_unlock+0x13b/0x8b0 [ 229.515436][ T5840] ? lockdep_hardirqs_on+0x98/0x140 [ 229.520663][ T5840] ? __fdget_pos+0x265/0x2f0 [ 229.525268][ T5840] ksys_write+0x1a0/0x2c0 [ 229.529616][ T5840] ? __ia32_sys_read+0x90/0x90 [ 229.534392][ T5840] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 229.540391][ T5840] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 229.546395][ T5840] do_syscall_64+0x41/0xc0 [ 229.550847][ T5840] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 229.556762][ T5840] RIP: 0033:0x7fd49ce20129 [ 229.561185][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 229.580885][ T5840] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 229.589347][ T5840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 229.597350][ T5840] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 229.605335][ T5840] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 229.613319][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 229.621308][ T5840] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000041 [ 229.629328][ T5840] [ 229.635014][ T5840] memory: usage 8kB, limit 0kB, failcnt 55 [ 229.640975][ T5840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 229.648059][ T5840] Memory cgroup stats for /syz1: [ 229.648266][ T5840] anon 0 [ 229.648266][ T5840] file 0 [ 229.648266][ T5840] kernel 8192 [ 229.648266][ T5840] kernel_stack 0 [ 229.648266][ T5840] pagetables 0 [ 229.648266][ T5840] sec_pagetables 0 [ 229.648266][ T5840] percpu 0 [ 229.648266][ T5840] sock 0 [ 229.648266][ T5840] vmalloc 0 [ 229.648266][ T5840] shmem 0 [ 229.648266][ T5840] zswap 0 [ 229.648266][ T5840] zswapped 0 [ 229.648266][ T5840] file_mapped 0 [ 229.648266][ T5840] file_dirty 0 [ 229.648266][ T5840] file_writeback 0 [ 229.648266][ T5840] swapcached 0 [ 229.648266][ T5840] anon_thp 0 [ 229.648266][ T5840] file_thp 0 [ 229.648266][ T5840] shmem_thp 0 [pid 5072] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./59/file0") = 0 [pid 5072] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./59/cgroup.cpu") = 0 [ 229.648266][ T5840] inactive_anon 0 [ 229.648266][ T5840] active_anon 0 [ 229.648266][ T5840] inactive_file 0 [ 229.648266][ T5840] active_file 0 [ 229.648266][ T5840] unevictable 0 [ 229.648266][ T5840] slab_reclaimable 6752 [ 229.648266][ T5840] slab_unreclaimable 0 [ 229.648266][ T5840] slab 6752 [ 229.648266][ T5840] workingset_refault_anon 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./59") = 0 [pid 5072] mkdir("./60", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 62 ./strace-static-x86_64: Process 5844 attached [pid 5844] chdir("./60") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5844] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5844] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] mkdir("./file0", 000) = 0 [pid 5844] open("./file0", O_RDONLY) = 3 [pid 5844] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5840] <... write resumed>) = 18 [pid 5844] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5844] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 229.758598][ T5840] Tasks state (memory values in pages): [ 229.765318][ T5840] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 229.783552][ T5840] Out of memory and no killable processes... [ 229.790199][ T5841] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 229.801039][ T5841] CPU: 0 PID: 5841 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5844] openat(5, "memory.max", O_RDWR) = 6 [pid 5844] write(6, "0x000000000000040e", 18 [pid 5840] close(3) = 0 [pid 5840] close(4) = 0 [pid 5840] close(5) = 0 [pid 5840] close(6) = 0 [pid 5840] close(7) = -1 EBADF (Bad file descriptor) [pid 5840] close(8) = -1 EBADF (Bad file descriptor) [pid 5840] close(9) = -1 EBADF (Bad file descriptor) [pid 5840] close(10) = -1 EBADF (Bad file descriptor) [pid 5840] close(11) = -1 EBADF (Bad file descriptor) [ 229.811509][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 229.821649][ T5841] Call Trace: [ 229.824964][ T5841] [ 229.827932][ T5841] dump_stack_lvl+0x1e7/0x2d0 [ 229.832665][ T5841] ? nf_tcp_handle_invalid+0x640/0x640 [ 229.838175][ T5841] ? panic+0x770/0x770 [ 229.842311][ T5841] dump_header+0xdc/0x940 [ 229.846700][ T5841] out_of_memory+0xf21/0x12c0 [ 229.851439][ T5841] ? mutex_lock_io_nested+0x60/0x60 [ 229.856704][ T5841] ? mark_lock+0x9a/0x340 [ 229.861073][ T5841] ? unregister_oom_notifier+0x20/0x20 [ 229.866582][ T5841] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 229.872649][ T5841] mem_cgroup_out_of_memory+0x263/0x3b0 [ 229.878232][ T5841] ? mem_cgroup_oom_trylock+0x210/0x210 [ 229.883816][ T5841] ? cgroup_file_notify+0x127/0x190 [ 229.889055][ T5841] memory_max_write+0x355/0x470 [ 229.893934][ T5841] ? memory_max_show+0xa0/0xa0 [ 229.898738][ T5841] ? read_lock_is_recursive+0x20/0x20 [ 229.904130][ T5841] ? memory_max_show+0xa0/0xa0 [ 229.908911][ T5841] cgroup_file_write+0x2b1/0x780 [ 229.913863][ T5841] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.918986][ T5841] ? __virt_addr_valid+0x22f/0x2e0 [ 229.924120][ T5841] ? cgroup_seqfile_stop+0xd0/0xd0 [ 229.929247][ T5841] kernfs_fop_write_iter+0x3a6/0x4f0 [ 229.934554][ T5841] vfs_write+0x7b2/0xbb0 [ 229.938822][ T5841] ? file_end_write+0x240/0x240 [ 229.943689][ T5841] ? do_raw_spin_unlock+0x13b/0x8b0 [ 229.948904][ T5841] ? lockdep_hardirqs_on+0x98/0x140 [ 229.954125][ T5841] ? __fdget_pos+0x265/0x2f0 [ 229.958734][ T5841] ksys_write+0x1a0/0x2c0 [ 229.963084][ T5841] ? __ia32_sys_read+0x90/0x90 [ 229.967863][ T5841] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 229.973880][ T5841] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 229.979883][ T5841] do_syscall_64+0x41/0xc0 [ 229.984325][ T5841] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 229.990250][ T5841] RIP: 0033:0x7fd49ce20129 [ 229.994677][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 230.014289][ T5841] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 230.022714][ T5841] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 230.030694][ T5841] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 230.038678][ T5841] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 230.046661][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 230.054643][ T5841] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003b [pid 5840] close(12) = -1 EBADF (Bad file descriptor) [pid 5840] close(13) = -1 EBADF (Bad file descriptor) [pid 5840] close(14) = -1 EBADF (Bad file descriptor) [pid 5840] close(15) = -1 EBADF (Bad file descriptor) [pid 5840] close(16) = -1 EBADF (Bad file descriptor) [pid 5840] close(17) = -1 EBADF (Bad file descriptor) [pid 5840] close(18) = -1 EBADF (Bad file descriptor) [pid 5840] close(19) = -1 EBADF (Bad file descriptor) [pid 5840] close(20) = -1 EBADF (Bad file descriptor) [pid 5840] close(21) = -1 EBADF (Bad file descriptor) [pid 5840] close(22) = -1 EBADF (Bad file descriptor) [pid 5840] close(23) = -1 EBADF (Bad file descriptor) [pid 5840] close(24) = -1 EBADF (Bad file descriptor) [pid 5840] close(25) = -1 EBADF (Bad file descriptor) [pid 5840] close(26) = -1 EBADF (Bad file descriptor) [pid 5840] close(27) = -1 EBADF (Bad file descriptor) [pid 5840] close(28) = -1 EBADF (Bad file descriptor) [pid 5840] close(29) = -1 EBADF (Bad file descriptor) [pid 5840] exit_group(0) = ? [pid 5840] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 230.062639][ T5841] [pid 5075] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./65/binderfs") = 0 [pid 5075] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./65/cgroup") = 0 [pid 5075] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./65/cgroup.net") = 0 [pid 5075] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./65/file0") = 0 [pid 5075] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./65/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./65") = 0 [ 230.093549][ T5841] memory: usage 8kB, limit 0kB, failcnt 55 [ 230.117016][ T5841] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 230.124326][ T5841] Memory cgroup stats for /syz1: [ 230.124560][ T5841] anon 0 [ 230.124560][ T5841] file 0 [ 230.124560][ T5841] kernel 8192 [ 230.124560][ T5841] kernel_stack 0 [pid 5075] mkdir("./66", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 68 ./strace-static-x86_64: Process 5845 attached [pid 5845] chdir("./66") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5845] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5845] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] mkdir("./file0", 000) = 0 [pid 5845] open("./file0", O_RDONLY) = 3 [pid 5845] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5845] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 230.124560][ T5841] pagetables 0 [ 230.124560][ T5841] sec_pagetables 0 [ 230.124560][ T5841] percpu 0 [ 230.124560][ T5841] sock 0 [ 230.124560][ T5841] vmalloc 0 [ 230.124560][ T5841] shmem 0 [ 230.124560][ T5841] zswap 0 [ 230.124560][ T5841] zswapped 0 [ 230.124560][ T5841] file_mapped 0 [ 230.124560][ T5841] file_dirty 0 [ 230.124560][ T5841] file_writeback 0 [ 230.124560][ T5841] swapcached 0 [ 230.124560][ T5841] anon_thp 0 [ 230.124560][ T5841] file_thp 0 [ 230.124560][ T5841] shmem_thp 0 [ 230.124560][ T5841] inactive_anon 0 [pid 5845] openat(5, "memory.max", O_RDWR) = 6 [ 230.124560][ T5841] active_anon 0 [ 230.124560][ T5841] inactive_file 0 [ 230.124560][ T5841] active_file 0 [ 230.124560][ T5841] unevictable 0 [ 230.124560][ T5841] slab_reclaimable 6752 [ 230.124560][ T5841] slab_unreclaimable 0 [ 230.124560][ T5841] slab 6752 [ 230.124560][ T5841] workingset_refault_anon 0 [ 230.223946][ T5841] Tasks state (memory values in pages): [ 230.230255][ T5841] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5845] write(6, "0x000000000000040e", 18 [pid 5841] <... write resumed>) = 18 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] close(5) = 0 [pid 5841] close(6) = 0 [pid 5841] close(7) = -1 EBADF (Bad file descriptor) [pid 5841] close(8) = -1 EBADF (Bad file descriptor) [pid 5841] close(9) = -1 EBADF (Bad file descriptor) [pid 5841] close(10) = -1 EBADF (Bad file descriptor) [pid 5841] close(11) = -1 EBADF (Bad file descriptor) [pid 5841] close(12) = -1 EBADF (Bad file descriptor) [pid 5841] close(13) = -1 EBADF (Bad file descriptor) [pid 5841] close(14) = -1 EBADF (Bad file descriptor) [pid 5841] close(15) = -1 EBADF (Bad file descriptor) [pid 5841] close(16) = -1 EBADF (Bad file descriptor) [pid 5841] close(17) = -1 EBADF (Bad file descriptor) [pid 5841] close(18) = -1 EBADF (Bad file descriptor) [pid 5841] close(19) = -1 EBADF (Bad file descriptor) [pid 5841] close(20) = -1 EBADF (Bad file descriptor) [pid 5841] close(21) = -1 EBADF (Bad file descriptor) [pid 5841] close(22) = -1 EBADF (Bad file descriptor) [pid 5841] close(23) = -1 EBADF (Bad file descriptor) [pid 5841] close(24) = -1 EBADF (Bad file descriptor) [pid 5841] close(25) = -1 EBADF (Bad file descriptor) [ 230.239972][ T5841] Out of memory and no killable processes... [ 230.246074][ T5842] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 230.258535][ T5842] CPU: 1 PID: 5842 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 230.269012][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 230.279153][ T5842] Call Trace: [ 230.282476][ T5842] [ 230.285451][ T5842] dump_stack_lvl+0x1e7/0x2d0 [pid 5841] close(26) = -1 EBADF (Bad file descriptor) [ 230.290198][ T5842] ? nf_tcp_handle_invalid+0x640/0x640 [ 230.295721][ T5842] ? panic+0x770/0x770 [ 230.299865][ T5842] dump_header+0xdc/0x940 [ 230.304259][ T5842] out_of_memory+0xf21/0x12c0 [ 230.309002][ T5842] ? mutex_lock_io_nested+0x60/0x60 [ 230.314271][ T5842] ? preempt_schedule+0xdd/0xf0 [ 230.319178][ T5842] ? unregister_oom_notifier+0x20/0x20 [ 230.324681][ T5842] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 230.330733][ T5842] mem_cgroup_out_of_memory+0x263/0x3b0 [ 230.336353][ T5842] ? preempt_schedule_thunk+0x1a/0x20 [pid 5841] close(27) = -1 EBADF (Bad file descriptor) [pid 5841] close(28) = -1 EBADF (Bad file descriptor) [pid 5841] close(29) = -1 EBADF (Bad file descriptor) [pid 5841] exit_group(0) = ? [pid 5841] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 230.341779][ T5842] ? mem_cgroup_oom_trylock+0x210/0x210 [ 230.347480][ T5842] ? cgroup_file_notify+0x127/0x190 [ 230.352747][ T5842] memory_max_write+0x355/0x470 [ 230.357667][ T5842] ? memory_max_show+0xa0/0xa0 [ 230.362483][ T5842] ? read_lock_is_recursive+0x20/0x20 [ 230.367906][ T5842] ? memory_max_show+0xa0/0xa0 [ 230.372696][ T5842] cgroup_file_write+0x2b1/0x780 [ 230.377656][ T5842] ? cgroup_seqfile_stop+0xd0/0xd0 [ 230.382803][ T5842] ? __virt_addr_valid+0x22f/0x2e0 [ 230.387968][ T5842] ? cgroup_seqfile_stop+0xd0/0xd0 [ 230.393100][ T5842] kernfs_fop_write_iter+0x3a6/0x4f0 [ 230.398427][ T5842] vfs_write+0x7b2/0xbb0 [ 230.402707][ T5842] ? file_end_write+0x240/0x240 [ 230.407589][ T5842] ? do_raw_spin_unlock+0x13b/0x8b0 [ 230.412838][ T5842] ? lockdep_hardirqs_on+0x98/0x140 [ 230.418091][ T5842] ? __fdget_pos+0x265/0x2f0 [ 230.422722][ T5842] ksys_write+0x1a0/0x2c0 [ 230.427083][ T5842] ? __ia32_sys_read+0x90/0x90 [ 230.431868][ T5842] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 230.437886][ T5842] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 230.443894][ T5842] do_syscall_64+0x41/0xc0 [ 230.448330][ T5842] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 230.454246][ T5842] RIP: 0033:0x7fd49ce20129 [ 230.458695][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 230.478330][ T5842] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 230.486783][ T5842] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./59/binderfs") = 0 [pid 5070] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./59/cgroup") = 0 [pid 5070] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./59/cgroup.net") = 0 [pid 5070] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.494765][ T5842] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 230.502744][ T5842] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 230.510723][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 230.518703][ T5842] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000043 [ 230.526706][ T5842] [pid 5070] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./59/file0") = 0 [pid 5070] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./59/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./59") = 0 [pid 5070] mkdir("./60", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached [pid 5846] chdir("./60" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 62 [pid 5846] <... chdir resumed>) = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5846] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5846] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] mkdir("./file0", 000) = 0 [pid 5846] open("./file0", O_RDONLY) = 3 [pid 5846] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5846] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5846] openat(5, "memory.max", O_RDWR) = 6 [ 230.542882][ T5842] memory: usage 8kB, limit 0kB, failcnt 55 [ 230.549653][ T5842] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 230.557925][ T5842] Memory cgroup stats for /syz1: [ 230.558139][ T5842] anon 0 [ 230.558139][ T5842] file 0 [ 230.558139][ T5842] kernel 8192 [ 230.558139][ T5842] kernel_stack 0 [ 230.558139][ T5842] pagetables 0 [ 230.558139][ T5842] sec_pagetables 0 [ 230.558139][ T5842] percpu 0 [ 230.558139][ T5842] sock 0 [ 230.558139][ T5842] vmalloc 0 [ 230.558139][ T5842] shmem 0 [ 230.558139][ T5842] zswap 0 [ 230.558139][ T5842] zswapped 0 [ 230.558139][ T5842] file_mapped 0 [ 230.558139][ T5842] file_dirty 0 [ 230.558139][ T5842] file_writeback 0 [ 230.558139][ T5842] swapcached 0 [ 230.558139][ T5842] anon_thp 0 [ 230.558139][ T5842] file_thp 0 [ 230.558139][ T5842] shmem_thp 0 [ 230.558139][ T5842] inactive_anon 0 [ 230.558139][ T5842] active_anon 0 [ 230.558139][ T5842] inactive_file 0 [ 230.558139][ T5842] active_file 0 [ 230.558139][ T5842] unevictable 0 [ 230.558139][ T5842] slab_reclaimable 6752 [pid 5846] write(6, "0x000000000000040e", 18 [pid 5842] <... write resumed>) = 18 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] close(5) = 0 [pid 5842] close(6) = 0 [pid 5842] close(7) = -1 EBADF (Bad file descriptor) [pid 5842] close(8) = -1 EBADF (Bad file descriptor) [pid 5842] close(9) = -1 EBADF (Bad file descriptor) [ 230.558139][ T5842] slab_unreclaimable 0 [ 230.558139][ T5842] slab 6752 [ 230.558139][ T5842] workingset_refault_anon 0 [ 230.663715][ T5842] Tasks state (memory values in pages): [ 230.669527][ T5842] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 230.679588][ T5842] Out of memory and no killable processes... [ 230.685663][ T5843] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5842] close(10) = -1 EBADF (Bad file descriptor) [pid 5842] close(11) = -1 EBADF (Bad file descriptor) [pid 5842] close(12) = -1 EBADF (Bad file descriptor) [pid 5842] close(13) = -1 EBADF (Bad file descriptor) [pid 5842] close(14) = -1 EBADF (Bad file descriptor) [pid 5842] close(15) = -1 EBADF (Bad file descriptor) [pid 5842] close(16) = -1 EBADF (Bad file descriptor) [pid 5842] close(17) = -1 EBADF (Bad file descriptor) [pid 5842] close(18) = -1 EBADF (Bad file descriptor) [pid 5842] close(19) = -1 EBADF (Bad file descriptor) [pid 5842] close(20) = -1 EBADF (Bad file descriptor) [pid 5842] close(21) = -1 EBADF (Bad file descriptor) [pid 5842] close(22) = -1 EBADF (Bad file descriptor) [pid 5842] close(23) = -1 EBADF (Bad file descriptor) [pid 5842] close(24) = -1 EBADF (Bad file descriptor) [pid 5842] close(25) = -1 EBADF (Bad file descriptor) [pid 5842] close(26) = -1 EBADF (Bad file descriptor) [pid 5842] close(27) = -1 EBADF (Bad file descriptor) [pid 5842] close(28) = -1 EBADF (Bad file descriptor) [pid 5842] close(29) = -1 EBADF (Bad file descriptor) [pid 5842] exit_group(0) = ? [pid 5842] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./67/binderfs") = 0 [pid 5074] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.699637][ T5843] CPU: 0 PID: 5843 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 230.710127][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 230.720247][ T5843] Call Trace: [ 230.723567][ T5843] [ 230.726529][ T5843] dump_stack_lvl+0x1e7/0x2d0 [ 230.731270][ T5843] ? nf_tcp_handle_invalid+0x640/0x640 [ 230.736800][ T5843] ? panic+0x770/0x770 [ 230.740940][ T5843] dump_header+0xdc/0x940 [ 230.745342][ T5843] out_of_memory+0xf21/0x12c0 [pid 5074] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./67/cgroup") = 0 [pid 5074] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./67/cgroup.net") = 0 [ 230.750083][ T5843] ? mutex_lock_io_nested+0x60/0x60 [ 230.755351][ T5843] ? preempt_schedule+0xdd/0xf0 [ 230.760258][ T5843] ? unregister_oom_notifier+0x20/0x20 [ 230.765776][ T5843] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 230.771831][ T5843] mem_cgroup_out_of_memory+0x263/0x3b0 [ 230.777417][ T5843] ? preempt_schedule_thunk+0x1a/0x20 [ 230.782827][ T5843] ? mem_cgroup_oom_trylock+0x210/0x210 [ 230.788444][ T5843] ? cgroup_file_notify+0x127/0x190 [ 230.793722][ T5843] memory_max_write+0x355/0x470 [ 230.798634][ T5843] ? memory_max_show+0xa0/0xa0 [ 230.803459][ T5843] ? read_lock_is_recursive+0x20/0x20 [ 230.808883][ T5843] ? memory_max_show+0xa0/0xa0 [ 230.813691][ T5843] cgroup_file_write+0x2b1/0x780 [ 230.818678][ T5843] ? cgroup_seqfile_stop+0xd0/0xd0 [ 230.823841][ T5843] ? __virt_addr_valid+0x22f/0x2e0 [ 230.829905][ T5843] ? cgroup_seqfile_stop+0xd0/0xd0 [ 230.835060][ T5843] kernfs_fop_write_iter+0x3a6/0x4f0 [ 230.840404][ T5843] vfs_write+0x7b2/0xbb0 [ 230.844699][ T5843] ? file_end_write+0x240/0x240 [ 230.849592][ T5843] ? do_raw_spin_unlock+0x13b/0x8b0 [ 230.854842][ T5843] ? lockdep_hardirqs_on+0x98/0x140 [ 230.860093][ T5843] ? __fdget_pos+0x265/0x2f0 [ 230.864734][ T5843] ksys_write+0x1a0/0x2c0 [ 230.869117][ T5843] ? __ia32_sys_read+0x90/0x90 [ 230.873930][ T5843] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 230.879974][ T5843] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 230.886018][ T5843] do_syscall_64+0x41/0xc0 [ 230.890497][ T5843] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 230.896453][ T5843] RIP: 0033:0x7fd49ce20129 [ 230.900907][ T5843] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 230.920565][ T5843] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 230.929032][ T5843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 230.937051][ T5843] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5074] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./67/file0") = 0 [pid 5074] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./67/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./67") = 0 [pid 5074] mkdir("./68", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 70 ./strace-static-x86_64: Process 5847 attached [ 230.945063][ T5843] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 230.953100][ T5843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 230.961112][ T5843] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003f [ 230.969160][ T5843] [ 230.978167][ T5843] memory: usage 8kB, limit 0kB, failcnt 55 [ 230.984228][ T5843] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 230.991537][ T5843] Memory cgroup stats for /syz1: [ 230.991797][ T5843] anon 0 [pid 5847] chdir("./68") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5847] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5847] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] mkdir("./file0", 000) = 0 [pid 5847] open("./file0", O_RDONLY) = 3 [pid 5847] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5847] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [ 230.991797][ T5843] file 0 [ 230.991797][ T5843] kernel 8192 [ 230.991797][ T5843] kernel_stack 0 [ 230.991797][ T5843] pagetables 0 [ 230.991797][ T5843] sec_pagetables 0 [ 230.991797][ T5843] percpu 0 [ 230.991797][ T5843] sock 0 [ 230.991797][ T5843] vmalloc 0 [ 230.991797][ T5843] shmem 0 [ 230.991797][ T5843] zswap 0 [ 230.991797][ T5843] zswapped 0 [ 230.991797][ T5843] file_mapped 0 [ 230.991797][ T5843] file_dirty 0 [ 230.991797][ T5843] file_writeback 0 [ 230.991797][ T5843] swapcached 0 [ 230.991797][ T5843] anon_thp 0 [pid 5847] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5847] openat(5, "memory.max", O_RDWR) = 6 [ 230.991797][ T5843] file_thp 0 [ 230.991797][ T5843] shmem_thp 0 [ 230.991797][ T5843] inactive_anon 0 [ 230.991797][ T5843] active_anon 0 [ 230.991797][ T5843] inactive_file 0 [ 230.991797][ T5843] active_file 0 [ 230.991797][ T5843] unevictable 0 [ 230.991797][ T5843] slab_reclaimable 6752 [ 230.991797][ T5843] slab_unreclaimable 0 [ 230.991797][ T5843] slab 6752 [ 230.991797][ T5843] workingset_refault_anon 0 [ 231.090701][ T5843] Tasks state (memory values in pages): [pid 5847] write(6, "0x000000000000040e", 18 [pid 5843] <... write resumed>) = 18 [pid 5843] close(3) = 0 [ 231.096355][ T5843] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 231.106028][ T5843] Out of memory and no killable processes... [ 231.112303][ T5844] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 231.123003][ T5844] CPU: 0 PID: 5844 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 231.133480][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 231.143578][ T5844] Call Trace: [ 231.146892][ T5844] [pid 5843] close(4) = 0 [pid 5843] close(5) = 0 [pid 5843] close(6) = 0 [pid 5843] close(7) = -1 EBADF (Bad file descriptor) [pid 5843] close(8) = -1 EBADF (Bad file descriptor) [pid 5843] close(9) = -1 EBADF (Bad file descriptor) [pid 5843] close(10) = -1 EBADF (Bad file descriptor) [pid 5843] close(11) = -1 EBADF (Bad file descriptor) [pid 5843] close(12) = -1 EBADF (Bad file descriptor) [pid 5843] close(13) = -1 EBADF (Bad file descriptor) [pid 5843] close(14) = -1 EBADF (Bad file descriptor) [pid 5843] close(15) = -1 EBADF (Bad file descriptor) [pid 5843] close(16) = -1 EBADF (Bad file descriptor) [pid 5843] close(17) = -1 EBADF (Bad file descriptor) [pid 5843] close(18) = -1 EBADF (Bad file descriptor) [pid 5843] close(19) = -1 EBADF (Bad file descriptor) [pid 5843] close(20) = -1 EBADF (Bad file descriptor) [pid 5843] close(21) = -1 EBADF (Bad file descriptor) [pid 5843] close(22) = -1 EBADF (Bad file descriptor) [ 231.149859][ T5844] dump_stack_lvl+0x1e7/0x2d0 [ 231.154597][ T5844] ? nf_tcp_handle_invalid+0x640/0x640 [ 231.160120][ T5844] ? panic+0x770/0x770 [ 231.164263][ T5844] dump_header+0xdc/0x940 [ 231.168643][ T5844] out_of_memory+0xf21/0x12c0 [ 231.173373][ T5844] ? mutex_lock_io_nested+0x60/0x60 [ 231.178632][ T5844] ? mark_lock+0x9a/0x340 [ 231.183011][ T5844] ? unregister_oom_notifier+0x20/0x20 [ 231.188527][ T5844] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 231.194588][ T5844] mem_cgroup_out_of_memory+0x263/0x3b0 [pid 5843] close(23) = -1 EBADF (Bad file descriptor) [pid 5843] close(24) = -1 EBADF (Bad file descriptor) [pid 5843] close(25) = -1 EBADF (Bad file descriptor) [pid 5843] close(26) = -1 EBADF (Bad file descriptor) [pid 5843] close(27) = -1 EBADF (Bad file descriptor) [pid 5843] close(28) = -1 EBADF (Bad file descriptor) [pid 5843] close(29) = -1 EBADF (Bad file descriptor) [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./63/binderfs") = 0 [pid 5073] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 231.200204][ T5844] ? mem_cgroup_oom_trylock+0x210/0x210 [ 231.205824][ T5844] ? cgroup_file_notify+0x127/0x190 [ 231.211119][ T5844] memory_max_write+0x355/0x470 [ 231.216050][ T5844] ? memory_max_show+0xa0/0xa0 [ 231.220889][ T5844] ? read_lock_is_recursive+0x20/0x20 [ 231.226326][ T5844] ? memory_max_show+0xa0/0xa0 [ 231.231153][ T5844] cgroup_file_write+0x2b1/0x780 [ 231.236145][ T5844] ? cgroup_seqfile_stop+0xd0/0xd0 [ 231.241306][ T5844] ? __virt_addr_valid+0x22f/0x2e0 [ 231.246493][ T5844] ? cgroup_seqfile_stop+0xd0/0xd0 [pid 5073] unlink("./63/cgroup") = 0 [pid 5073] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./63/cgroup.net") = 0 [ 231.251656][ T5844] kernfs_fop_write_iter+0x3a6/0x4f0 [ 231.257014][ T5844] vfs_write+0x7b2/0xbb0 [ 231.261339][ T5844] ? file_end_write+0x240/0x240 [ 231.266256][ T5844] ? do_raw_spin_unlock+0x13b/0x8b0 [ 231.271505][ T5844] ? lockdep_hardirqs_on+0x98/0x140 [ 231.276749][ T5844] ? __fdget_pos+0x265/0x2f0 [ 231.281384][ T5844] ksys_write+0x1a0/0x2c0 [ 231.285754][ T5844] ? __ia32_sys_read+0x90/0x90 [ 231.290567][ T5844] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 231.296607][ T5844] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 231.302652][ T5844] do_syscall_64+0x41/0xc0 [ 231.307122][ T5844] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 231.313070][ T5844] RIP: 0033:0x7fd49ce20129 [ 231.317523][ T5844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 231.337173][ T5844] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5073] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 231.345632][ T5844] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 231.353643][ T5844] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 231.361653][ T5844] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 231.369662][ T5844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 231.377673][ T5844] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003c [ 231.385716][ T5844] [pid 5073] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./63/file0") = 0 [pid 5073] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./63/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./63") = 0 [pid 5073] mkdir("./64", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 66 [ 231.404010][ T5844] memory: usage 8kB, limit 0kB, failcnt 55 [ 231.410052][ T5844] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 231.417224][ T5844] Memory cgroup stats for /syz1: [ 231.417435][ T5844] anon 0 [ 231.417435][ T5844] file 0 [ 231.417435][ T5844] kernel 8192 [ 231.417435][ T5844] kernel_stack 0 [ 231.417435][ T5844] pagetables 0 [ 231.417435][ T5844] sec_pagetables 0 [ 231.417435][ T5844] percpu 0 [ 231.417435][ T5844] sock 0 [ 231.417435][ T5844] vmalloc 0 [ 231.417435][ T5844] shmem 0 ./strace-static-x86_64: Process 5848 attached [pid 5848] chdir("./64") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5848] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [ 231.417435][ T5844] zswap 0 [ 231.417435][ T5844] zswapped 0 [ 231.417435][ T5844] file_mapped 0 [ 231.417435][ T5844] file_dirty 0 [ 231.417435][ T5844] file_writeback 0 [ 231.417435][ T5844] swapcached 0 [ 231.417435][ T5844] anon_thp 0 [ 231.417435][ T5844] file_thp 0 [ 231.417435][ T5844] shmem_thp 0 [ 231.417435][ T5844] inactive_anon 0 [ 231.417435][ T5844] active_anon 0 [ 231.417435][ T5844] inactive_file 0 [ 231.417435][ T5844] active_file 0 [ 231.417435][ T5844] unevictable 0 [ 231.417435][ T5844] slab_reclaimable 6752 [pid 5848] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] mkdir("./file0", 000) = 0 [pid 5848] open("./file0", O_RDONLY) = 3 [pid 5848] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5848] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5848] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5848] openat(5, "memory.max", O_RDWR) = 6 [ 231.417435][ T5844] slab_unreclaimable 0 [ 231.417435][ T5844] slab 6752 [ 231.417435][ T5844] workingset_refault_anon 0 [ 231.524394][ T5844] Tasks state (memory values in pages): [ 231.530534][ T5844] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 231.547684][ T5844] Out of memory and no killable processes... [pid 5848] write(6, "0x000000000000040e", 18 [pid 5844] <... write resumed>) = 18 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] close(5) = 0 [pid 5844] close(6) = 0 [pid 5844] close(7) = -1 EBADF (Bad file descriptor) [pid 5844] close(8) = -1 EBADF (Bad file descriptor) [pid 5844] close(9) = -1 EBADF (Bad file descriptor) [pid 5844] close(10) = -1 EBADF (Bad file descriptor) [pid 5844] close(11) = -1 EBADF (Bad file descriptor) [pid 5844] close(12) = -1 EBADF (Bad file descriptor) [pid 5844] close(13) = -1 EBADF (Bad file descriptor) [pid 5844] close(14) = -1 EBADF (Bad file descriptor) [pid 5844] close(15) = -1 EBADF (Bad file descriptor) [pid 5844] close(16) = -1 EBADF (Bad file descriptor) [pid 5844] close(17) = -1 EBADF (Bad file descriptor) [pid 5844] close(18) = -1 EBADF (Bad file descriptor) [pid 5844] close(19) = -1 EBADF (Bad file descriptor) [pid 5844] close(20) = -1 EBADF (Bad file descriptor) [pid 5844] close(21) = -1 EBADF (Bad file descriptor) [pid 5844] close(22) = -1 EBADF (Bad file descriptor) [pid 5844] close(23) = -1 EBADF (Bad file descriptor) [pid 5844] close(24) = -1 EBADF (Bad file descriptor) [pid 5844] close(25) = -1 EBADF (Bad file descriptor) [pid 5844] close(26) = -1 EBADF (Bad file descriptor) [pid 5844] close(27) = -1 EBADF (Bad file descriptor) [pid 5844] close(28) = -1 EBADF (Bad file descriptor) [pid 5844] close(29) = -1 EBADF (Bad file descriptor) [ 231.553786][ T5845] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 231.570298][ T5845] CPU: 0 PID: 5845 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 231.580798][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 231.590905][ T5845] Call Trace: [ 231.594229][ T5845] [ 231.597207][ T5845] dump_stack_lvl+0x1e7/0x2d0 [pid 5844] exit_group(0) = ? [pid 5844] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5072] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./60/binderfs") = 0 [pid 5072] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./60/cgroup") = 0 [pid 5072] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./60/cgroup.net") = 0 [ 231.601947][ T5845] ? nf_tcp_handle_invalid+0x640/0x640 [ 231.607475][ T5845] ? panic+0x770/0x770 [ 231.611628][ T5845] dump_header+0xdc/0x940 [ 231.616030][ T5845] out_of_memory+0xf21/0x12c0 [ 231.620775][ T5845] ? mutex_lock_io_nested+0x60/0x60 [ 231.626050][ T5845] ? preempt_schedule+0xdd/0xf0 [ 231.630961][ T5845] ? unregister_oom_notifier+0x20/0x20 [ 231.636503][ T5845] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 231.642559][ T5845] mem_cgroup_out_of_memory+0x263/0x3b0 [ 231.648263][ T5845] ? preempt_schedule_thunk+0x1a/0x20 [ 231.653699][ T5845] ? mem_cgroup_oom_trylock+0x210/0x210 [ 231.659323][ T5845] ? cgroup_file_notify+0x127/0x190 [ 231.664581][ T5845] memory_max_write+0x355/0x470 [ 231.669498][ T5845] ? memory_max_show+0xa0/0xa0 [ 231.674333][ T5845] ? read_lock_is_recursive+0x20/0x20 [ 231.679738][ T5845] ? memory_max_show+0xa0/0xa0 [ 231.684554][ T5845] cgroup_file_write+0x2b1/0x780 [ 231.689551][ T5845] ? cgroup_seqfile_stop+0xd0/0xd0 [ 231.694726][ T5845] ? cgroup_seqfile_stop+0xd0/0xd0 [ 231.699882][ T5845] kernfs_fop_write_iter+0x3a6/0x4f0 [ 231.705238][ T5845] vfs_write+0x7b2/0xbb0 [ 231.709522][ T5845] ? file_end_write+0x240/0x240 [ 231.714413][ T5845] ? do_raw_spin_unlock+0x13b/0x8b0 [ 231.719647][ T5845] ? lockdep_hardirqs_on+0x98/0x140 [ 231.724912][ T5845] ? __fdget_pos+0x265/0x2f0 [ 231.729565][ T5845] ksys_write+0x1a0/0x2c0 [ 231.734008][ T5845] ? __ia32_sys_read+0x90/0x90 [ 231.738826][ T5845] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 231.744876][ T5845] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 231.750911][ T5845] do_syscall_64+0x41/0xc0 [ 231.755352][ T5845] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 231.761294][ T5845] RIP: 0033:0x7fd49ce20129 [ 231.765751][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 231.785409][ T5845] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 231.793880][ T5845] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5072] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 231.801897][ T5845] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 231.810004][ T5845] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 231.818041][ T5845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 231.826133][ T5845] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000042 [ 231.834160][ T5845] [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./60/file0") = 0 [pid 5072] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./60/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./60") = 0 [pid 5072] mkdir("./61", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 63 ./strace-static-x86_64: Process 5849 attached [pid 5849] chdir("./61") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5849] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5849] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 231.853634][ T5845] memory: usage 8kB, limit 0kB, failcnt 55 [ 231.859630][ T5845] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 231.873735][ T5845] Memory cgroup stats for /syz1: [ 231.873958][ T5845] anon 0 [ 231.873958][ T5845] file 0 [ 231.873958][ T5845] kernel 8192 [ 231.873958][ T5845] kernel_stack 0 [ 231.873958][ T5845] pagetables 0 [ 231.873958][ T5845] sec_pagetables 0 [ 231.873958][ T5845] percpu 0 [ 231.873958][ T5845] sock 0 [ 231.873958][ T5845] vmalloc 0 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] mkdir("./file0", 000) = 0 [pid 5849] open("./file0", O_RDONLY) = 3 [pid 5849] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5849] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5849] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5849] openat(5, "memory.max", O_RDWR) = 6 [ 231.873958][ T5845] shmem 0 [ 231.873958][ T5845] zswap 0 [ 231.873958][ T5845] zswapped 0 [ 231.873958][ T5845] file_mapped 0 [ 231.873958][ T5845] file_dirty 0 [ 231.873958][ T5845] file_writeback 0 [ 231.873958][ T5845] swapcached 0 [ 231.873958][ T5845] anon_thp 0 [ 231.873958][ T5845] file_thp 0 [ 231.873958][ T5845] shmem_thp 0 [ 231.873958][ T5845] inactive_anon 0 [ 231.873958][ T5845] active_anon 0 [ 231.873958][ T5845] inactive_file 0 [ 231.873958][ T5845] active_file 0 [ 231.873958][ T5845] unevictable 0 [pid 5849] write(6, "0x000000000000040e", 18 [pid 5845] <... write resumed>) = 18 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] close(5) = 0 [pid 5845] close(6) = 0 [pid 5845] close(7) = -1 EBADF (Bad file descriptor) [pid 5845] close(8) = -1 EBADF (Bad file descriptor) [pid 5845] close(9) = -1 EBADF (Bad file descriptor) [pid 5845] close(10) = -1 EBADF (Bad file descriptor) [ 231.873958][ T5845] slab_reclaimable 6752 [ 231.873958][ T5845] slab_unreclaimable 0 [ 231.873958][ T5845] slab 6752 [ 231.873958][ T5845] workingset_refault_anon 0 [ 231.970666][ T5845] Tasks state (memory values in pages): [ 231.979643][ T5845] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 231.989584][ T5845] Out of memory and no killable processes... [ 231.995631][ T5846] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5845] close(11) = -1 EBADF (Bad file descriptor) [pid 5845] close(12) = -1 EBADF (Bad file descriptor) [pid 5845] close(13) = -1 EBADF (Bad file descriptor) [pid 5845] close(14) = -1 EBADF (Bad file descriptor) [pid 5845] close(15) = -1 EBADF (Bad file descriptor) [pid 5845] close(16) = -1 EBADF (Bad file descriptor) [pid 5845] close(17) = -1 EBADF (Bad file descriptor) [pid 5845] close(18) = -1 EBADF (Bad file descriptor) [pid 5845] close(19) = -1 EBADF (Bad file descriptor) [pid 5845] close(20) = -1 EBADF (Bad file descriptor) [pid 5845] close(21) = -1 EBADF (Bad file descriptor) [pid 5845] close(22) = -1 EBADF (Bad file descriptor) [pid 5845] close(23) = -1 EBADF (Bad file descriptor) [pid 5845] close(24) = -1 EBADF (Bad file descriptor) [pid 5845] close(25) = -1 EBADF (Bad file descriptor) [pid 5845] close(26) = -1 EBADF (Bad file descriptor) [pid 5845] close(27) = -1 EBADF (Bad file descriptor) [pid 5845] close(28) = -1 EBADF (Bad file descriptor) [pid 5845] close(29) = -1 EBADF (Bad file descriptor) [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 232.013537][ T5846] CPU: 0 PID: 5846 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 232.024025][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 232.034141][ T5846] Call Trace: [ 232.037462][ T5846] [ 232.040437][ T5846] dump_stack_lvl+0x1e7/0x2d0 [ 232.045178][ T5846] ? nf_tcp_handle_invalid+0x640/0x640 [ 232.050689][ T5846] ? panic+0x770/0x770 [ 232.054832][ T5846] dump_header+0xdc/0x940 [ 232.059220][ T5846] out_of_memory+0xf21/0x12c0 [pid 5075] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./66/binderfs") = 0 [pid 5075] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./66/cgroup") = 0 [pid 5075] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./66/cgroup.net") = 0 [ 232.063953][ T5846] ? mutex_lock_io_nested+0x60/0x60 [ 232.069222][ T5846] ? preempt_schedule+0xdd/0xf0 [ 232.074133][ T5846] ? unregister_oom_notifier+0x20/0x20 [ 232.079652][ T5846] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 232.085688][ T5846] mem_cgroup_out_of_memory+0x263/0x3b0 [ 232.091269][ T5846] ? preempt_schedule_thunk+0x1a/0x20 [ 232.096700][ T5846] ? mem_cgroup_oom_trylock+0x210/0x210 [ 232.102322][ T5846] ? cgroup_file_notify+0x127/0x190 [ 232.107566][ T5846] memory_max_write+0x355/0x470 [ 232.112455][ T5846] ? memory_max_show+0xa0/0xa0 [ 232.117253][ T5846] ? read_lock_is_recursive+0x20/0x20 [ 232.122669][ T5846] ? memory_max_show+0xa0/0xa0 [ 232.127461][ T5846] cgroup_file_write+0x2b1/0x780 [ 232.132455][ T5846] ? cgroup_seqfile_stop+0xd0/0xd0 [ 232.137608][ T5846] ? __virt_addr_valid+0x22f/0x2e0 [ 232.142786][ T5846] ? cgroup_seqfile_stop+0xd0/0xd0 [ 232.147942][ T5846] kernfs_fop_write_iter+0x3a6/0x4f0 [ 232.153290][ T5846] vfs_write+0x7b2/0xbb0 [ 232.157579][ T5846] ? file_end_write+0x240/0x240 [ 232.162487][ T5846] ? do_raw_spin_unlock+0x13b/0x8b0 [ 232.167739][ T5846] ? lockdep_hardirqs_on+0x98/0x140 [ 232.172984][ T5846] ? __fdget_pos+0x265/0x2f0 [ 232.177607][ T5846] ksys_write+0x1a0/0x2c0 [ 232.181991][ T5846] ? __ia32_sys_read+0x90/0x90 [ 232.186803][ T5846] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 232.192845][ T5846] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 232.198867][ T5846] do_syscall_64+0x41/0xc0 [ 232.203336][ T5846] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 232.209270][ T5846] RIP: 0033:0x7fd49ce20129 [ 232.213731][ T5846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 232.233407][ T5846] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 232.241868][ T5846] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 232.249877][ T5846] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5075] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 232.257899][ T5846] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 232.265907][ T5846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 232.273895][ T5846] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003c [ 232.281925][ T5846] [ 232.291987][ T5846] memory: usage 8kB, limit 0kB, failcnt 55 [ 232.298071][ T5846] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 232.304958][ T5846] Memory cgroup stats for /syz1: [ 232.305117][ T5846] anon 0 [pid 5075] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./66/file0") = 0 [pid 5075] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./66/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./66") = 0 [pid 5075] mkdir("./67", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached [pid 5850] chdir("./67" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 69 [pid 5850] <... chdir resumed>) = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5850] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [ 232.305117][ T5846] file 0 [ 232.305117][ T5846] kernel 8192 [ 232.305117][ T5846] kernel_stack 0 [ 232.305117][ T5846] pagetables 0 [ 232.305117][ T5846] sec_pagetables 0 [ 232.305117][ T5846] percpu 0 [ 232.305117][ T5846] sock 0 [ 232.305117][ T5846] vmalloc 0 [ 232.305117][ T5846] shmem 0 [ 232.305117][ T5846] zswap 0 [ 232.305117][ T5846] zswapped 0 [ 232.305117][ T5846] file_mapped 0 [ 232.305117][ T5846] file_dirty 0 [ 232.305117][ T5846] file_writeback 0 [ 232.305117][ T5846] swapcached 0 [ 232.305117][ T5846] anon_thp 0 [ 232.305117][ T5846] file_thp 0 [pid 5850] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] mkdir("./file0", 000) = 0 [pid 5850] open("./file0", O_RDONLY) = 3 [pid 5850] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5850] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5850] openat(5, "memory.max", O_RDWR) = 6 [ 232.305117][ T5846] shmem_thp 0 [ 232.305117][ T5846] inactive_anon 0 [ 232.305117][ T5846] active_anon 0 [ 232.305117][ T5846] inactive_file 0 [ 232.305117][ T5846] active_file 0 [ 232.305117][ T5846] unevictable 0 [ 232.305117][ T5846] slab_reclaimable 6752 [ 232.305117][ T5846] slab_unreclaimable 0 [ 232.305117][ T5846] slab 6752 [ 232.305117][ T5846] workingset_refault_anon 0 [ 232.407531][ T5846] Tasks state (memory values in pages): [pid 5850] write(6, "0x000000000000040e", 18 [pid 5846] <... write resumed>) = 18 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] close(5) = 0 [pid 5846] close(6) = 0 [pid 5846] close(7) = -1 EBADF (Bad file descriptor) [pid 5846] close(8) = -1 EBADF (Bad file descriptor) [pid 5846] close(9) = -1 EBADF (Bad file descriptor) [pid 5846] close(10) = -1 EBADF (Bad file descriptor) [pid 5846] close(11) = -1 EBADF (Bad file descriptor) [pid 5846] close(12) = -1 EBADF (Bad file descriptor) [pid 5846] close(13) = -1 EBADF (Bad file descriptor) [pid 5846] close(14) = -1 EBADF (Bad file descriptor) [pid 5846] close(15) = -1 EBADF (Bad file descriptor) [pid 5846] close(16) = -1 EBADF (Bad file descriptor) [pid 5846] close(17) = -1 EBADF (Bad file descriptor) [pid 5846] close(18) = -1 EBADF (Bad file descriptor) [pid 5846] close(19) = -1 EBADF (Bad file descriptor) [pid 5846] close(20) = -1 EBADF (Bad file descriptor) [pid 5846] close(21) = -1 EBADF (Bad file descriptor) [pid 5846] close(22) = -1 EBADF (Bad file descriptor) [pid 5846] close(23) = -1 EBADF (Bad file descriptor) [pid 5846] close(24) = -1 EBADF (Bad file descriptor) [ 232.413142][ T5846] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 232.423068][ T5846] Out of memory and no killable processes... [ 232.430173][ T5847] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5846] close(25) = -1 EBADF (Bad file descriptor) [pid 5846] close(26) = -1 EBADF (Bad file descriptor) [pid 5846] close(27) = -1 EBADF (Bad file descriptor) [pid 5846] close(28) = -1 EBADF (Bad file descriptor) [pid 5846] close(29) = -1 EBADF (Bad file descriptor) [pid 5846] exit_group(0) = ? [pid 5846] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./60/binderfs") = 0 [pid 5070] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./60/cgroup") = 0 [pid 5070] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./60/cgroup.net") = 0 [ 232.456592][ T5847] CPU: 1 PID: 5847 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 232.467095][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 232.477207][ T5847] Call Trace: [ 232.480539][ T5847] [ 232.483521][ T5847] dump_stack_lvl+0x1e7/0x2d0 [ 232.488261][ T5847] ? nf_tcp_handle_invalid+0x640/0x640 [ 232.493787][ T5847] ? panic+0x770/0x770 [ 232.497939][ T5847] dump_header+0xdc/0x940 [ 232.502336][ T5847] out_of_memory+0xf21/0x12c0 [ 232.507078][ T5847] ? mutex_lock_io_nested+0x60/0x60 [ 232.512357][ T5847] ? preempt_schedule+0xdd/0xf0 [ 232.517263][ T5847] ? unregister_oom_notifier+0x20/0x20 [ 232.522759][ T5847] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 232.528784][ T5847] mem_cgroup_out_of_memory+0x263/0x3b0 [ 232.534400][ T5847] ? preempt_schedule_thunk+0x1a/0x20 [ 232.539857][ T5847] ? mem_cgroup_oom_trylock+0x210/0x210 [ 232.545495][ T5847] ? cgroup_file_notify+0x127/0x190 [ 232.550722][ T5847] memory_max_write+0x355/0x470 [ 232.555607][ T5847] ? memory_max_show+0xa0/0xa0 [ 232.560397][ T5847] ? read_lock_is_recursive+0x20/0x20 [ 232.565795][ T5847] ? memory_max_show+0xa0/0xa0 [ 232.570579][ T5847] cgroup_file_write+0x2b1/0x780 [ 232.575540][ T5847] ? cgroup_seqfile_stop+0xd0/0xd0 [ 232.580669][ T5847] ? __virt_addr_valid+0x22f/0x2e0 [ 232.585811][ T5847] ? cgroup_seqfile_stop+0xd0/0xd0 [ 232.590952][ T5847] kernfs_fop_write_iter+0x3a6/0x4f0 [ 232.596265][ T5847] vfs_write+0x7b2/0xbb0 [ 232.600532][ T5847] ? file_end_write+0x240/0x240 [ 232.605402][ T5847] ? do_raw_spin_unlock+0x13b/0x8b0 [ 232.610623][ T5847] ? lockdep_hardirqs_on+0x98/0x140 [ 232.615849][ T5847] ? __fdget_pos+0x265/0x2f0 [ 232.620458][ T5847] ksys_write+0x1a0/0x2c0 [ 232.624806][ T5847] ? __ia32_sys_read+0x90/0x90 [ 232.629583][ T5847] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 232.635587][ T5847] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 232.641592][ T5847] do_syscall_64+0x41/0xc0 [ 232.646028][ T5847] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 232.651944][ T5847] RIP: 0033:0x7fd49ce20129 [ 232.656370][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 232.676002][ T5847] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 232.684447][ T5847] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 232.692453][ T5847] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5070] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 232.700455][ T5847] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 232.708443][ T5847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 232.716430][ T5847] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000044 [ 232.724433][ T5847] [ 232.730914][ T5847] memory: usage 8kB, limit 0kB, failcnt 55 [ 232.737364][ T5847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 232.744460][ T5847] Memory cgroup stats for /syz1: [ 232.744683][ T5847] anon 0 [ 232.744683][ T5847] file 0 [pid 5070] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./60/file0") = 0 [pid 5070] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./60/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./60") = 0 [pid 5070] mkdir("./61", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] chdir("./61" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 63 [pid 5851] <... chdir resumed>) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [ 232.744683][ T5847] kernel 8192 [ 232.744683][ T5847] kernel_stack 0 [ 232.744683][ T5847] pagetables 0 [ 232.744683][ T5847] sec_pagetables 0 [ 232.744683][ T5847] percpu 0 [ 232.744683][ T5847] sock 0 [ 232.744683][ T5847] vmalloc 0 [ 232.744683][ T5847] shmem 0 [ 232.744683][ T5847] zswap 0 [ 232.744683][ T5847] zswapped 0 [ 232.744683][ T5847] file_mapped 0 [ 232.744683][ T5847] file_dirty 0 [ 232.744683][ T5847] file_writeback 0 [ 232.744683][ T5847] swapcached 0 [ 232.744683][ T5847] anon_thp 0 [ 232.744683][ T5847] file_thp 0 [ 232.744683][ T5847] shmem_thp 0 [pid 5851] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5851] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5851] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] mkdir("./file0", 000) = 0 [pid 5851] open("./file0", O_RDONLY) = 3 [pid 5851] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5851] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5851] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5851] openat(5, "memory.max", O_RDWR) = 6 [ 232.744683][ T5847] inactive_anon 0 [ 232.744683][ T5847] active_anon 0 [ 232.744683][ T5847] inactive_file 0 [ 232.744683][ T5847] active_file 0 [ 232.744683][ T5847] unevictable 0 [ 232.744683][ T5847] slab_reclaimable 6752 [ 232.744683][ T5847] slab_unreclaimable 0 [ 232.744683][ T5847] slab 6752 [ 232.744683][ T5847] workingset_refault_anon 0 [pid 5851] write(6, "0x000000000000040e", 18 [pid 5847] <... write resumed>) = 18 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] close(5) = 0 [pid 5847] close(6) = 0 [pid 5847] close(7) = -1 EBADF (Bad file descriptor) [pid 5847] close(8) = -1 EBADF (Bad file descriptor) [pid 5847] close(9) = -1 EBADF (Bad file descriptor) [pid 5847] close(10) = -1 EBADF (Bad file descriptor) [pid 5847] close(11) = -1 EBADF (Bad file descriptor) [pid 5847] close(12) = -1 EBADF (Bad file descriptor) [pid 5847] close(13) = -1 EBADF (Bad file descriptor) [pid 5847] close(14) = -1 EBADF (Bad file descriptor) [pid 5847] close(15) = -1 EBADF (Bad file descriptor) [pid 5847] close(16) = -1 EBADF (Bad file descriptor) [pid 5847] close(17) = -1 EBADF (Bad file descriptor) [pid 5847] close(18) = -1 EBADF (Bad file descriptor) [pid 5847] close(19) = -1 EBADF (Bad file descriptor) [pid 5847] close(20) = -1 EBADF (Bad file descriptor) [pid 5847] close(21) = -1 EBADF (Bad file descriptor) [pid 5847] close(22) = -1 EBADF (Bad file descriptor) [pid 5847] close(23) = -1 EBADF (Bad file descriptor) [pid 5847] close(24) = -1 EBADF (Bad file descriptor) [pid 5847] close(25) = -1 EBADF (Bad file descriptor) [pid 5847] close(26) = -1 EBADF (Bad file descriptor) [pid 5847] close(27) = -1 EBADF (Bad file descriptor) [pid 5847] close(28) = -1 EBADF (Bad file descriptor) [pid 5847] close(29) = -1 EBADF (Bad file descriptor) [pid 5847] exit_group(0) = ? [pid 5847] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 232.853744][ T5847] Tasks state (memory values in pages): [ 232.865828][ T5847] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 232.878319][ T5847] Out of memory and no killable processes... [ 232.884598][ T5848] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 232.896770][ T5848] CPU: 0 PID: 5848 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./68/binderfs") = 0 [pid 5074] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./68/cgroup") = 0 [pid 5074] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./68/cgroup.net") = 0 [ 232.907252][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 232.917356][ T5848] Call Trace: [ 232.920664][ T5848] [ 232.923630][ T5848] dump_stack_lvl+0x1e7/0x2d0 [ 232.928367][ T5848] ? nf_tcp_handle_invalid+0x640/0x640 [ 232.933887][ T5848] ? panic+0x770/0x770 [ 232.938040][ T5848] dump_header+0xdc/0x940 [ 232.942420][ T5848] out_of_memory+0xf21/0x12c0 [ 232.947153][ T5848] ? mutex_lock_io_nested+0x60/0x60 [ 232.952406][ T5848] ? mark_lock+0x9a/0x340 [ 232.956764][ T5848] ? unregister_oom_notifier+0x20/0x20 [ 232.962247][ T5848] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 232.968259][ T5848] mem_cgroup_out_of_memory+0x263/0x3b0 [ 232.973834][ T5848] ? mem_cgroup_oom_trylock+0x210/0x210 [ 232.979417][ T5848] ? cgroup_file_notify+0x127/0x190 [ 232.984638][ T5848] memory_max_write+0x355/0x470 [ 232.989509][ T5848] ? memory_max_show+0xa0/0xa0 [ 232.994290][ T5848] ? read_lock_is_recursive+0x20/0x20 [ 232.999681][ T5848] ? memory_max_show+0xa0/0xa0 [ 233.004459][ T5848] cgroup_file_write+0x2b1/0x780 [ 233.009420][ T5848] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.014546][ T5848] ? __virt_addr_valid+0x22f/0x2e0 [ 233.019685][ T5848] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.024805][ T5848] kernfs_fop_write_iter+0x3a6/0x4f0 [ 233.030117][ T5848] vfs_write+0x7b2/0xbb0 [ 233.034387][ T5848] ? file_end_write+0x240/0x240 [ 233.039259][ T5848] ? do_raw_spin_unlock+0x13b/0x8b0 [ 233.044478][ T5848] ? lockdep_hardirqs_on+0x98/0x140 [ 233.049703][ T5848] ? __fdget_pos+0x265/0x2f0 [ 233.054324][ T5848] ksys_write+0x1a0/0x2c0 [ 233.058676][ T5848] ? __ia32_sys_read+0x90/0x90 [ 233.063455][ T5848] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 233.069459][ T5848] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 233.075463][ T5848] do_syscall_64+0x41/0xc0 [ 233.079906][ T5848] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 233.085824][ T5848] RIP: 0033:0x7fd49ce20129 [ 233.090250][ T5848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 233.109891][ T5848] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.118340][ T5848] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 233.126325][ T5848] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 233.134306][ T5848] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 233.142286][ T5848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 233.150266][ T5848] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000040 [pid 5074] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./68/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./68/file0") = 0 [pid 5074] umount2("./68/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./68/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./68/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./68") = 0 [pid 5074] mkdir("./69", 0777) = 0 [ 233.158265][ T5848] [ 233.168030][ T5848] memory: usage 8kB, limit 0kB, failcnt 55 [ 233.173899][ T5848] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 233.191789][ T5848] Memory cgroup stats for /syz1: [ 233.192579][ T5848] anon 0 [ 233.192579][ T5848] file 0 [ 233.192579][ T5848] kernel 8192 [ 233.192579][ T5848] kernel_stack 0 [ 233.192579][ T5848] pagetables 0 [ 233.192579][ T5848] sec_pagetables 0 [ 233.192579][ T5848] percpu 0 [ 233.192579][ T5848] sock 0 [ 233.192579][ T5848] vmalloc 0 [ 233.192579][ T5848] shmem 0 [ 233.192579][ T5848] zswap 0 [ 233.192579][ T5848] zswapped 0 [ 233.192579][ T5848] file_mapped 0 [ 233.192579][ T5848] file_dirty 0 [ 233.192579][ T5848] file_writeback 0 [ 233.192579][ T5848] swapcached 0 [ 233.192579][ T5848] anon_thp 0 [ 233.192579][ T5848] file_thp 0 [ 233.192579][ T5848] shmem_thp 0 [ 233.192579][ T5848] inactive_anon 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5852] chdir("./69") = 0 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 71 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5852] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5852] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] mkdir("./file0", 000) = 0 [pid 5852] open("./file0", O_RDONLY) = 3 [pid 5852] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5852] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5852] openat(5, "memory.max", O_RDWR) = 6 [ 233.192579][ T5848] active_anon 0 [ 233.192579][ T5848] inactive_file 0 [ 233.192579][ T5848] active_file 0 [ 233.192579][ T5848] unevictable 0 [ 233.192579][ T5848] slab_reclaimable 6752 [ 233.192579][ T5848] slab_unreclaimable 0 [ 233.192579][ T5848] slab 6752 [ 233.192579][ T5848] workingset_refault_anon 0 [ 233.294184][ T5848] Tasks state (memory values in pages): [ 233.300708][ T5848] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5852] write(6, "0x000000000000040e", 18 [pid 5848] <... write resumed>) = 18 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] close(5) = 0 [pid 5848] close(6) = 0 [pid 5848] close(7) = -1 EBADF (Bad file descriptor) [pid 5848] close(8) = -1 EBADF (Bad file descriptor) [pid 5848] close(9) = -1 EBADF (Bad file descriptor) [pid 5848] close(10) = -1 EBADF (Bad file descriptor) [pid 5848] close(11) = -1 EBADF (Bad file descriptor) [pid 5848] close(12) = -1 EBADF (Bad file descriptor) [pid 5848] close(13) = -1 EBADF (Bad file descriptor) [pid 5848] close(14) = -1 EBADF (Bad file descriptor) [pid 5848] close(15) = -1 EBADF (Bad file descriptor) [pid 5848] close(16) = -1 EBADF (Bad file descriptor) [pid 5848] close(17) = -1 EBADF (Bad file descriptor) [pid 5848] close(18) = -1 EBADF (Bad file descriptor) [pid 5848] close(19) = -1 EBADF (Bad file descriptor) [pid 5848] close(20) = -1 EBADF (Bad file descriptor) [pid 5848] close(21) = -1 EBADF (Bad file descriptor) [pid 5848] close(22) = -1 EBADF (Bad file descriptor) [pid 5848] close(23) = -1 EBADF (Bad file descriptor) [pid 5848] close(24) = -1 EBADF (Bad file descriptor) [pid 5848] close(25) = -1 EBADF (Bad file descriptor) [pid 5848] close(26) = -1 EBADF (Bad file descriptor) [pid 5848] close(27) = -1 EBADF (Bad file descriptor) [pid 5848] close(28) = -1 EBADF (Bad file descriptor) [pid 5848] close(29) = -1 EBADF (Bad file descriptor) [pid 5848] exit_group(0) = ? [ 233.310721][ T5848] Out of memory and no killable processes... [ 233.317623][ T5849] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 233.329022][ T5849] CPU: 0 PID: 5849 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 233.339495][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 233.349612][ T5849] Call Trace: [ 233.352936][ T5849] [ 233.355914][ T5849] dump_stack_lvl+0x1e7/0x2d0 [pid 5848] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./64/binderfs") = 0 [pid 5073] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./64/cgroup") = 0 [pid 5073] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./64/cgroup.net") = 0 [ 233.360654][ T5849] ? nf_tcp_handle_invalid+0x640/0x640 [ 233.366162][ T5849] ? panic+0x770/0x770 [ 233.370300][ T5849] dump_header+0xdc/0x940 [ 233.374689][ T5849] out_of_memory+0xf21/0x12c0 [ 233.379512][ T5849] ? mutex_lock_io_nested+0x60/0x60 [ 233.384776][ T5849] ? mark_lock+0x9a/0x340 [ 233.389156][ T5849] ? unregister_oom_notifier+0x20/0x20 [ 233.394659][ T5849] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 233.400710][ T5849] mem_cgroup_out_of_memory+0x263/0x3b0 [ 233.406321][ T5849] ? mem_cgroup_oom_trylock+0x210/0x210 [ 233.411938][ T5849] ? cgroup_file_notify+0x127/0x190 [ 233.417196][ T5849] memory_max_write+0x355/0x470 [ 233.422111][ T5849] ? memory_max_show+0xa0/0xa0 [ 233.426925][ T5849] ? read_lock_is_recursive+0x20/0x20 [ 233.432355][ T5849] ? memory_max_show+0xa0/0xa0 [ 233.437171][ T5849] cgroup_file_write+0x2b1/0x780 [ 233.442160][ T5849] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.447319][ T5849] ? __virt_addr_valid+0x22f/0x2e0 [ 233.452494][ T5849] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.457648][ T5849] kernfs_fop_write_iter+0x3a6/0x4f0 [ 233.462991][ T5849] vfs_write+0x7b2/0xbb0 [ 233.467294][ T5849] ? file_end_write+0x240/0x240 [ 233.472199][ T5849] ? do_raw_spin_unlock+0x13b/0x8b0 [ 233.477461][ T5849] ? lockdep_hardirqs_on+0x98/0x140 [ 233.482715][ T5849] ? __fdget_pos+0x265/0x2f0 [ 233.487356][ T5849] ksys_write+0x1a0/0x2c0 [ 233.491739][ T5849] ? __ia32_sys_read+0x90/0x90 [ 233.496552][ T5849] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 233.502588][ T5849] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 233.508624][ T5849] do_syscall_64+0x41/0xc0 [ 233.513090][ T5849] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 233.519036][ T5849] RIP: 0033:0x7fd49ce20129 [ 233.523492][ T5849] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 233.543146][ T5849] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.551610][ T5849] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5073] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 233.559626][ T5849] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 233.567636][ T5849] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 233.575644][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 233.583654][ T5849] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003d [ 233.591689][ T5849] [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./64/file0") = 0 [pid 5073] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./64/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./64") = 0 [pid 5073] mkdir("./65", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5853] chdir("./65" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 67 [pid 5853] <... chdir resumed>) = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5853] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5853] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [ 233.609516][ T5849] memory: usage 8kB, limit 0kB, failcnt 55 [ 233.615385][ T5849] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 233.623636][ T5849] Memory cgroup stats for /syz1: [ 233.623909][ T5849] anon 0 [ 233.623909][ T5849] file 0 [ 233.623909][ T5849] kernel 8192 [ 233.623909][ T5849] kernel_stack 0 [ 233.623909][ T5849] pagetables 0 [ 233.623909][ T5849] sec_pagetables 0 [ 233.623909][ T5849] percpu 0 [ 233.623909][ T5849] sock 0 [ 233.623909][ T5849] vmalloc 0 [ 233.623909][ T5849] shmem 0 [ 233.623909][ T5849] zswap 0 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] mkdir("./file0", 000) = 0 [pid 5853] open("./file0", O_RDONLY) = 3 [pid 5853] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5853] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5853] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5853] openat(5, "memory.max", O_RDWR) = 6 [ 233.623909][ T5849] zswapped 0 [ 233.623909][ T5849] file_mapped 0 [ 233.623909][ T5849] file_dirty 0 [ 233.623909][ T5849] file_writeback 0 [ 233.623909][ T5849] swapcached 0 [ 233.623909][ T5849] anon_thp 0 [ 233.623909][ T5849] file_thp 0 [ 233.623909][ T5849] shmem_thp 0 [ 233.623909][ T5849] inactive_anon 0 [ 233.623909][ T5849] active_anon 0 [ 233.623909][ T5849] inactive_file 0 [ 233.623909][ T5849] active_file 0 [ 233.623909][ T5849] unevictable 0 [ 233.623909][ T5849] slab_reclaimable 6752 [ 233.623909][ T5849] slab_unreclaimable 0 [pid 5853] write(6, "0x000000000000040e", 18 [pid 5849] <... write resumed>) = 18 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] close(5) = 0 [pid 5849] close(6) = 0 [pid 5849] close(7) = -1 EBADF (Bad file descriptor) [pid 5849] close(8) = -1 EBADF (Bad file descriptor) [pid 5849] close(9) = -1 EBADF (Bad file descriptor) [pid 5849] close(10) = -1 EBADF (Bad file descriptor) [pid 5849] close(11) = -1 EBADF (Bad file descriptor) [pid 5849] close(12) = -1 EBADF (Bad file descriptor) [pid 5849] close(13) = -1 EBADF (Bad file descriptor) [pid 5849] close(14) = -1 EBADF (Bad file descriptor) [pid 5849] close(15) = -1 EBADF (Bad file descriptor) [pid 5849] close(16) = -1 EBADF (Bad file descriptor) [pid 5849] close(17) = -1 EBADF (Bad file descriptor) [pid 5849] close(18) = -1 EBADF (Bad file descriptor) [pid 5849] close(19) = -1 EBADF (Bad file descriptor) [pid 5849] close(20) = -1 EBADF (Bad file descriptor) [pid 5849] close(21) = -1 EBADF (Bad file descriptor) [pid 5849] close(22) = -1 EBADF (Bad file descriptor) [pid 5849] close(23) = -1 EBADF (Bad file descriptor) [pid 5849] close(24) = -1 EBADF (Bad file descriptor) [pid 5849] close(25) = -1 EBADF (Bad file descriptor) [pid 5849] close(26) = -1 EBADF (Bad file descriptor) [pid 5849] close(27) = -1 EBADF (Bad file descriptor) [pid 5849] close(28) = -1 EBADF (Bad file descriptor) [pid 5849] close(29) = -1 EBADF (Bad file descriptor) [pid 5849] exit_group(0) = ? [pid 5849] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./61/binderfs") = 0 [pid 5072] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./61/cgroup") = 0 [pid 5072] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./61/cgroup.net") = 0 [ 233.623909][ T5849] slab 6752 [ 233.623909][ T5849] workingset_refault_anon 0 [ 233.724050][ T5849] Tasks state (memory values in pages): [ 233.729828][ T5849] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 233.739668][ T5849] Out of memory and no killable processes... [ 233.745805][ T5850] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 233.767458][ T5850] CPU: 0 PID: 5850 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 233.778030][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 233.788121][ T5850] Call Trace: [ 233.791432][ T5850] [ 233.794394][ T5850] dump_stack_lvl+0x1e7/0x2d0 [ 233.799127][ T5850] ? nf_tcp_handle_invalid+0x640/0x640 [ 233.804634][ T5850] ? panic+0x770/0x770 [ 233.808769][ T5850] dump_header+0xdc/0x940 [ 233.813153][ T5850] out_of_memory+0xf21/0x12c0 [ 233.817884][ T5850] ? mutex_lock_io_nested+0x60/0x60 [ 233.823148][ T5850] ? preempt_schedule+0xdd/0xf0 [ 233.828043][ T5850] ? unregister_oom_notifier+0x20/0x20 [ 233.833545][ T5850] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 233.839603][ T5850] mem_cgroup_out_of_memory+0x263/0x3b0 [ 233.845205][ T5850] ? preempt_schedule_thunk+0x1a/0x20 [ 233.850634][ T5850] ? mem_cgroup_oom_trylock+0x210/0x210 [ 233.856245][ T5850] ? cgroup_file_notify+0x127/0x190 [ 233.861516][ T5850] memory_max_write+0x355/0x470 [ 233.866433][ T5850] ? memory_max_show+0xa0/0xa0 [ 233.871248][ T5850] ? read_lock_is_recursive+0x20/0x20 [ 233.876674][ T5850] ? memory_max_show+0xa0/0xa0 [ 233.881485][ T5850] cgroup_file_write+0x2b1/0x780 [ 233.886479][ T5850] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.891629][ T5850] ? __virt_addr_valid+0x22f/0x2e0 [ 233.896811][ T5850] ? cgroup_seqfile_stop+0xd0/0xd0 [ 233.901980][ T5850] kernfs_fop_write_iter+0x3a6/0x4f0 [ 233.907332][ T5850] vfs_write+0x7b2/0xbb0 [ 233.911659][ T5850] ? file_end_write+0x240/0x240 [ 233.916564][ T5850] ? do_raw_spin_unlock+0x13b/0x8b0 [ 233.921817][ T5850] ? lockdep_hardirqs_on+0x98/0x140 [ 233.927079][ T5850] ? __fdget_pos+0x265/0x2f0 [ 233.931727][ T5850] ksys_write+0x1a0/0x2c0 [ 233.936111][ T5850] ? __ia32_sys_read+0x90/0x90 [ 233.940921][ T5850] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 233.946960][ T5850] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 233.953003][ T5850] do_syscall_64+0x41/0xc0 [ 233.957469][ T5850] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 233.963423][ T5850] RIP: 0033:0x7fd49ce20129 [ 233.967875][ T5850] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 233.987534][ T5850] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 233.996005][ T5850] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 234.004012][ T5850] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5072] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./61/file0") = 0 [pid 5072] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./61/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./61") = 0 [pid 5072] mkdir("./62", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 64 ./strace-static-x86_64: Process 5854 attached [pid 5854] chdir("./62") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 234.012016][ T5850] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 234.020025][ T5850] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 234.028030][ T5850] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000043 [ 234.036066][ T5850] [ 234.041205][ T5850] memory: usage 8kB, limit 0kB, failcnt 55 [ 234.052002][ T5850] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5854] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5854] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] mkdir("./file0", 000) = 0 [pid 5854] open("./file0", O_RDONLY) = 3 [pid 5854] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5854] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5854] openat(5, "memory.max", O_RDWR) = 6 [ 234.066067][ T5850] Memory cgroup stats for /syz1: [ 234.066260][ T5850] anon 0 [ 234.066260][ T5850] file 0 [ 234.066260][ T5850] kernel 8192 [ 234.066260][ T5850] kernel_stack 0 [ 234.066260][ T5850] pagetables 0 [ 234.066260][ T5850] sec_pagetables 0 [ 234.066260][ T5850] percpu 0 [ 234.066260][ T5850] sock 0 [ 234.066260][ T5850] vmalloc 0 [ 234.066260][ T5850] shmem 0 [ 234.066260][ T5850] zswap 0 [ 234.066260][ T5850] zswapped 0 [ 234.066260][ T5850] file_mapped 0 [ 234.066260][ T5850] file_dirty 0 [ 234.066260][ T5850] file_writeback 0 [ 234.066260][ T5850] swapcached 0 [ 234.066260][ T5850] anon_thp 0 [ 234.066260][ T5850] file_thp 0 [ 234.066260][ T5850] shmem_thp 0 [ 234.066260][ T5850] inactive_anon 0 [ 234.066260][ T5850] active_anon 0 [ 234.066260][ T5850] inactive_file 0 [ 234.066260][ T5850] active_file 0 [ 234.066260][ T5850] unevictable 0 [ 234.066260][ T5850] slab_reclaimable 6752 [ 234.066260][ T5850] slab_unreclaimable 0 [ 234.066260][ T5850] slab 6752 [ 234.066260][ T5850] workingset_refault_anon 0 [pid 5854] write(6, "0x000000000000040e", 18 [pid 5850] <... write resumed>) = 18 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] close(5) = 0 [pid 5850] close(6) = 0 [pid 5850] close(7) = -1 EBADF (Bad file descriptor) [pid 5850] close(8) = -1 EBADF (Bad file descriptor) [pid 5850] close(9) = -1 EBADF (Bad file descriptor) [pid 5850] close(10) = -1 EBADF (Bad file descriptor) [pid 5850] close(11) = -1 EBADF (Bad file descriptor) [pid 5850] close(12) = -1 EBADF (Bad file descriptor) [pid 5850] close(13) = -1 EBADF (Bad file descriptor) [pid 5850] close(14) = -1 EBADF (Bad file descriptor) [pid 5850] close(15) = -1 EBADF (Bad file descriptor) [pid 5850] close(16) = -1 EBADF (Bad file descriptor) [pid 5850] close(17) = -1 EBADF (Bad file descriptor) [pid 5850] close(18) = -1 EBADF (Bad file descriptor) [pid 5850] close(19) = -1 EBADF (Bad file descriptor) [pid 5850] close(20) = -1 EBADF (Bad file descriptor) [pid 5850] close(21) = -1 EBADF (Bad file descriptor) [pid 5850] close(22) = -1 EBADF (Bad file descriptor) [pid 5850] close(23) = -1 EBADF (Bad file descriptor) [pid 5850] close(24) = -1 EBADF (Bad file descriptor) [pid 5850] close(25) = -1 EBADF (Bad file descriptor) [pid 5850] close(26) = -1 EBADF (Bad file descriptor) [pid 5850] close(27) = -1 EBADF (Bad file descriptor) [pid 5850] close(28) = -1 EBADF (Bad file descriptor) [pid 5850] close(29) = -1 EBADF (Bad file descriptor) [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5075] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./67/binderfs") = 0 [ 234.166568][ T5850] Tasks state (memory values in pages): [ 234.173018][ T5850] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 234.182680][ T5850] Out of memory and no killable processes... [ 234.189136][ T5851] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 234.200723][ T5851] CPU: 1 PID: 5851 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5075] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./67/cgroup") = 0 [pid 5075] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./67/cgroup.net") = 0 [ 234.211208][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 234.221317][ T5851] Call Trace: [ 234.224641][ T5851] [ 234.227606][ T5851] dump_stack_lvl+0x1e7/0x2d0 [ 234.232344][ T5851] ? nf_tcp_handle_invalid+0x640/0x640 [ 234.237861][ T5851] ? panic+0x770/0x770 [ 234.242005][ T5851] dump_header+0xdc/0x940 [ 234.246398][ T5851] out_of_memory+0xf21/0x12c0 [ 234.251140][ T5851] ? mutex_lock_io_nested+0x60/0x60 [ 234.256403][ T5851] ? preempt_schedule+0xdd/0xf0 [ 234.261312][ T5851] ? unregister_oom_notifier+0x20/0x20 [ 234.266835][ T5851] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 234.272871][ T5851] mem_cgroup_out_of_memory+0x263/0x3b0 [ 234.278458][ T5851] ? preempt_schedule_thunk+0x1a/0x20 [ 234.283891][ T5851] ? mem_cgroup_oom_trylock+0x210/0x210 [ 234.289511][ T5851] ? cgroup_file_notify+0x127/0x190 [ 234.294756][ T5851] memory_max_write+0x355/0x470 [ 234.299654][ T5851] ? memory_max_show+0xa0/0xa0 [ 234.304454][ T5851] ? read_lock_is_recursive+0x20/0x20 [ 234.309877][ T5851] ? memory_max_show+0xa0/0xa0 [ 234.314662][ T5851] cgroup_file_write+0x2b1/0x780 [ 234.319619][ T5851] ? cgroup_seqfile_stop+0xd0/0xd0 [ 234.324742][ T5851] ? __virt_addr_valid+0x22f/0x2e0 [ 234.329901][ T5851] ? cgroup_seqfile_stop+0xd0/0xd0 [ 234.335020][ T5851] kernfs_fop_write_iter+0x3a6/0x4f0 [ 234.340343][ T5851] vfs_write+0x7b2/0xbb0 [ 234.344612][ T5851] ? file_end_write+0x240/0x240 [ 234.349484][ T5851] ? do_raw_spin_unlock+0x13b/0x8b0 [ 234.354701][ T5851] ? lockdep_hardirqs_on+0x98/0x140 [ 234.359924][ T5851] ? __fdget_pos+0x265/0x2f0 [ 234.364529][ T5851] ksys_write+0x1a0/0x2c0 [ 234.368880][ T5851] ? __ia32_sys_read+0x90/0x90 [ 234.373660][ T5851] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 234.379665][ T5851] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 234.385668][ T5851] do_syscall_64+0x41/0xc0 [ 234.390102][ T5851] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 234.396018][ T5851] RIP: 0033:0x7fd49ce20129 [ 234.400446][ T5851] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 234.420064][ T5851] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 234.428509][ T5851] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 234.436514][ T5851] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 234.444513][ T5851] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 234.452499][ T5851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 234.460482][ T5851] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003d [pid 5075] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./67/file0") = 0 [pid 5075] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./67/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [ 234.468511][ T5851] [ 234.475461][ T5851] memory: usage 8kB, limit 0kB, failcnt 55 [ 234.486000][ T5851] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.493344][ T5851] Memory cgroup stats for /syz1: [ 234.493504][ T5851] anon 0 [ 234.493504][ T5851] file 0 [ 234.493504][ T5851] kernel 8192 [ 234.493504][ T5851] kernel_stack 0 [ 234.493504][ T5851] pagetables 0 [ 234.493504][ T5851] sec_pagetables 0 [ 234.493504][ T5851] percpu 0 [ 234.493504][ T5851] sock 0 [ 234.493504][ T5851] vmalloc 0 [ 234.493504][ T5851] shmem 0 [ 234.493504][ T5851] zswap 0 [ 234.493504][ T5851] zswapped 0 [ 234.493504][ T5851] file_mapped 0 [ 234.493504][ T5851] file_dirty 0 [ 234.493504][ T5851] file_writeback 0 [ 234.493504][ T5851] swapcached 0 [ 234.493504][ T5851] anon_thp 0 [ 234.493504][ T5851] file_thp 0 [ 234.493504][ T5851] shmem_thp 0 [ 234.493504][ T5851] inactive_anon 0 [ 234.493504][ T5851] active_anon 0 [ 234.493504][ T5851] inactive_file 0 [ 234.493504][ T5851] active_file 0 [pid 5075] rmdir("./67") = 0 [pid 5075] mkdir("./68", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5855 attached [pid 5855] chdir("./68" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 70 [pid 5855] <... chdir resumed>) = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5855] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5855] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5855] mkdir("./file0", 000) = 0 [pid 5855] open("./file0", O_RDONLY) = 3 [pid 5855] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5855] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5855] openat(5, "memory.max", O_RDWR) = 6 [pid 5855] write(6, "0x000000000000040e", 18 [pid 5851] <... write resumed>) = 18 [pid 5851] close(3) = 0 [ 234.493504][ T5851] unevictable 0 [ 234.493504][ T5851] slab_reclaimable 6752 [ 234.493504][ T5851] slab_unreclaimable 0 [ 234.493504][ T5851] slab 6752 [ 234.493504][ T5851] workingset_refault_anon 0 [ 234.589605][ T5851] Tasks state (memory values in pages): [ 234.595350][ T5851] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 234.605139][ T5851] Out of memory and no killable processes... [pid 5851] close(4) = 0 [pid 5851] close(5) = 0 [pid 5851] close(6) = 0 [pid 5851] close(7) = -1 EBADF (Bad file descriptor) [pid 5851] close(8) = -1 EBADF (Bad file descriptor) [pid 5851] close(9) = -1 EBADF (Bad file descriptor) [pid 5851] close(10) = -1 EBADF (Bad file descriptor) [pid 5851] close(11) = -1 EBADF (Bad file descriptor) [pid 5851] close(12) = -1 EBADF (Bad file descriptor) [pid 5851] close(13) = -1 EBADF (Bad file descriptor) [pid 5851] close(14) = -1 EBADF (Bad file descriptor) [pid 5851] close(15) = -1 EBADF (Bad file descriptor) [pid 5851] close(16) = -1 EBADF (Bad file descriptor) [pid 5851] close(17) = -1 EBADF (Bad file descriptor) [pid 5851] close(18) = -1 EBADF (Bad file descriptor) [pid 5851] close(19) = -1 EBADF (Bad file descriptor) [pid 5851] close(20) = -1 EBADF (Bad file descriptor) [pid 5851] close(21) = -1 EBADF (Bad file descriptor) [pid 5851] close(22) = -1 EBADF (Bad file descriptor) [pid 5851] close(23) = -1 EBADF (Bad file descriptor) [pid 5851] close(24) = -1 EBADF (Bad file descriptor) [pid 5851] close(25) = -1 EBADF (Bad file descriptor) [pid 5851] close(26) = -1 EBADF (Bad file descriptor) [pid 5851] close(27) = -1 EBADF (Bad file descriptor) [pid 5851] close(28) = -1 EBADF (Bad file descriptor) [pid 5851] close(29) = -1 EBADF (Bad file descriptor) [pid 5851] exit_group(0) = ? [pid 5851] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5070] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./61/binderfs") = 0 [pid 5070] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./61/cgroup") = 0 [pid 5070] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./61/cgroup.net") = 0 [pid 5070] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./61/file0") = 0 [ 234.612431][ T5852] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 234.644631][ T5852] CPU: 0 PID: 5852 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 234.655128][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 234.665227][ T5852] Call Trace: [ 234.668545][ T5852] [ 234.671514][ T5852] dump_stack_lvl+0x1e7/0x2d0 [ 234.676247][ T5852] ? nf_tcp_handle_invalid+0x640/0x640 [ 234.681771][ T5852] ? panic+0x770/0x770 [ 234.685908][ T5852] dump_header+0xdc/0x940 [ 234.690288][ T5852] out_of_memory+0xf21/0x12c0 [ 234.695018][ T5852] ? mutex_lock_io_nested+0x60/0x60 [ 234.700269][ T5852] ? preempt_schedule+0xdd/0xf0 [ 234.705163][ T5852] ? unregister_oom_notifier+0x20/0x20 [ 234.710657][ T5852] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 234.716682][ T5852] mem_cgroup_out_of_memory+0x263/0x3b0 [ 234.722249][ T5852] ? preempt_schedule_thunk+0x1a/0x20 [ 234.727643][ T5852] ? mem_cgroup_oom_trylock+0x210/0x210 [ 234.733216][ T5852] ? cgroup_file_notify+0x127/0x190 [ 234.738434][ T5852] memory_max_write+0x355/0x470 [ 234.743305][ T5852] ? memory_max_show+0xa0/0xa0 [ 234.748083][ T5852] ? read_lock_is_recursive+0x20/0x20 [ 234.753466][ T5852] ? memory_max_show+0xa0/0xa0 [ 234.758245][ T5852] cgroup_file_write+0x2b1/0x780 [ 234.763199][ T5852] ? cgroup_seqfile_stop+0xd0/0xd0 [ 234.768321][ T5852] ? __virt_addr_valid+0x22f/0x2e0 [ 234.773459][ T5852] ? cgroup_seqfile_stop+0xd0/0xd0 [ 234.778580][ T5852] kernfs_fop_write_iter+0x3a6/0x4f0 [ 234.783892][ T5852] vfs_write+0x7b2/0xbb0 [ 234.788158][ T5852] ? file_end_write+0x240/0x240 [ 234.793027][ T5852] ? do_raw_spin_unlock+0x13b/0x8b0 [ 234.798240][ T5852] ? lockdep_hardirqs_on+0x98/0x140 [ 234.803461][ T5852] ? __fdget_pos+0x265/0x2f0 [ 234.808073][ T5852] ksys_write+0x1a0/0x2c0 [ 234.812454][ T5852] ? __ia32_sys_read+0x90/0x90 [ 234.817231][ T5852] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 234.823237][ T5852] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 234.829239][ T5852] do_syscall_64+0x41/0xc0 [ 234.833694][ T5852] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 234.839614][ T5852] RIP: 0033:0x7fd49ce20129 [ 234.844046][ T5852] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 234.863773][ T5852] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 234.872219][ T5852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 234.880218][ T5852] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 234.888224][ T5852] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./61/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./61") = 0 [pid 5070] mkdir("./62", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached [pid 5856] chdir("./62" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 64 [pid 5856] <... chdir resumed>) = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5856] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5856] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] mkdir("./file0", 000) = 0 [pid 5856] open("./file0", O_RDONLY) = 3 [pid 5856] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5856] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5856] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5856] openat(5, "memory.max", O_RDWR) = 6 [ 234.896252][ T5852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 234.904269][ T5852] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000045 [ 234.912278][ T5852] [ 234.938323][ T5852] memory: usage 8kB, limit 0kB, failcnt 55 [ 234.944388][ T5852] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 234.951958][ T5852] Memory cgroup stats for /syz1: [ 234.952360][ T5852] anon 0 [ 234.952360][ T5852] file 0 [ 234.952360][ T5852] kernel 8192 [ 234.952360][ T5852] kernel_stack 0 [ 234.952360][ T5852] pagetables 0 [ 234.952360][ T5852] sec_pagetables 0 [ 234.952360][ T5852] percpu 0 [ 234.952360][ T5852] sock 0 [ 234.952360][ T5852] vmalloc 0 [ 234.952360][ T5852] shmem 0 [ 234.952360][ T5852] zswap 0 [ 234.952360][ T5852] zswapped 0 [ 234.952360][ T5852] file_mapped 0 [ 234.952360][ T5852] file_dirty 0 [ 234.952360][ T5852] file_writeback 0 [ 234.952360][ T5852] swapcached 0 [ 234.952360][ T5852] anon_thp 0 [ 234.952360][ T5852] file_thp 0 [ 234.952360][ T5852] shmem_thp 0 [ 234.952360][ T5852] inactive_anon 0 [ 234.952360][ T5852] active_anon 0 [ 234.952360][ T5852] inactive_file 0 [ 234.952360][ T5852] active_file 0 [ 234.952360][ T5852] unevictable 0 [ 234.952360][ T5852] slab_reclaimable 6752 [pid 5856] write(6, "0x000000000000040e", 18 [pid 5852] <... write resumed>) = 18 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] close(5) = 0 [pid 5852] close(6) = 0 [pid 5852] close(7) = -1 EBADF (Bad file descriptor) [pid 5852] close(8) = -1 EBADF (Bad file descriptor) [ 234.952360][ T5852] slab_unreclaimable 0 [ 234.952360][ T5852] slab 6752 [ 234.952360][ T5852] workingset_refault_anon 0 [ 235.050517][ T5852] Tasks state (memory values in pages): [ 235.056115][ T5852] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 235.065879][ T5852] Out of memory and no killable processes... [ 235.072008][ T5853] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5852] close(9) = -1 EBADF (Bad file descriptor) [pid 5852] close(10) = -1 EBADF (Bad file descriptor) [pid 5852] close(11) = -1 EBADF (Bad file descriptor) [pid 5852] close(12) = -1 EBADF (Bad file descriptor) [pid 5852] close(13) = -1 EBADF (Bad file descriptor) [pid 5852] close(14) = -1 EBADF (Bad file descriptor) [pid 5852] close(15) = -1 EBADF (Bad file descriptor) [pid 5852] close(16) = -1 EBADF (Bad file descriptor) [pid 5852] close(17) = -1 EBADF (Bad file descriptor) [pid 5852] close(18) = -1 EBADF (Bad file descriptor) [ 235.083411][ T5853] CPU: 1 PID: 5853 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 235.093917][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 235.104017][ T5853] Call Trace: [ 235.107335][ T5853] [ 235.110307][ T5853] dump_stack_lvl+0x1e7/0x2d0 [ 235.115049][ T5853] ? nf_tcp_handle_invalid+0x640/0x640 [ 235.120594][ T5853] ? panic+0x770/0x770 [ 235.124726][ T5853] dump_header+0xdc/0x940 [ 235.129115][ T5853] out_of_memory+0xf21/0x12c0 [ 235.133859][ T5853] ? mutex_lock_io_nested+0x60/0x60 [ 235.139117][ T5853] ? preempt_schedule+0xdd/0xf0 [ 235.144014][ T5853] ? unregister_oom_notifier+0x20/0x20 [ 235.149520][ T5853] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 235.155569][ T5853] mem_cgroup_out_of_memory+0x263/0x3b0 [ 235.161174][ T5853] ? preempt_schedule_thunk+0x1a/0x20 [ 235.166614][ T5853] ? mem_cgroup_oom_trylock+0x210/0x210 [ 235.172238][ T5853] ? cgroup_file_notify+0x127/0x190 [ 235.177484][ T5853] memory_max_write+0x355/0x470 [ 235.182361][ T5853] ? memory_max_show+0xa0/0xa0 [ 235.187160][ T5853] ? read_lock_is_recursive+0x20/0x20 [ 235.192583][ T5853] ? memory_max_show+0xa0/0xa0 [ 235.197379][ T5853] cgroup_file_write+0x2b1/0x780 [ 235.202339][ T5853] ? cgroup_seqfile_stop+0xd0/0xd0 [ 235.207462][ T5853] ? __virt_addr_valid+0x22f/0x2e0 [ 235.212605][ T5853] ? cgroup_seqfile_stop+0xd0/0xd0 [ 235.217731][ T5853] kernfs_fop_write_iter+0x3a6/0x4f0 [ 235.223060][ T5853] vfs_write+0x7b2/0xbb0 [ 235.227346][ T5853] ? file_end_write+0x240/0x240 [ 235.232217][ T5853] ? do_raw_spin_unlock+0x13b/0x8b0 [ 235.237448][ T5853] ? lockdep_hardirqs_on+0x98/0x140 [ 235.242699][ T5853] ? __fdget_pos+0x265/0x2f0 [ 235.247341][ T5853] ksys_write+0x1a0/0x2c0 [ 235.251715][ T5853] ? __ia32_sys_read+0x90/0x90 [ 235.256532][ T5853] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 235.262559][ T5853] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 235.268576][ T5853] do_syscall_64+0x41/0xc0 [ 235.273047][ T5853] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 235.278994][ T5853] RIP: 0033:0x7fd49ce20129 [ 235.283447][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 235.303105][ T5853] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.311559][ T5853] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 235.319551][ T5853] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 235.327559][ T5853] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5852] close(19) = -1 EBADF (Bad file descriptor) [pid 5852] close(20) = -1 EBADF (Bad file descriptor) [pid 5852] close(21) = -1 EBADF (Bad file descriptor) [pid 5852] close(22) = -1 EBADF (Bad file descriptor) [pid 5852] close(23) = -1 EBADF (Bad file descriptor) [pid 5852] close(24) = -1 EBADF (Bad file descriptor) [pid 5852] close(25) = -1 EBADF (Bad file descriptor) [pid 5852] close(26) = -1 EBADF (Bad file descriptor) [pid 5852] close(27) = -1 EBADF (Bad file descriptor) [pid 5852] close(28) = -1 EBADF (Bad file descriptor) [pid 5852] close(29) = -1 EBADF (Bad file descriptor) [pid 5852] exit_group(0) = ? [pid 5852] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5074] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./69/binderfs") = 0 [pid 5074] umount2("./69/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./69/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./69/cgroup") = 0 [pid 5074] umount2("./69/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./69/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./69/cgroup.net") = 0 [pid 5074] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./69/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./69/file0") = 0 [pid 5074] umount2("./69/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./69/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./69/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./69") = 0 [pid 5074] mkdir("./70", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached [pid 5857] chdir("./70" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 72 [pid 5857] <... chdir resumed>) = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 235.335564][ T5853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 235.343582][ T5853] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000041 [ 235.351614][ T5853] [ 235.373494][ T5853] memory: usage 8kB, limit 0kB, failcnt 55 [ 235.380419][ T5853] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5857] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5857] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [ 235.396069][ T5853] Memory cgroup stats for /syz1: [ 235.396303][ T5853] anon 0 [ 235.396303][ T5853] file 0 [ 235.396303][ T5853] kernel 8192 [ 235.396303][ T5853] kernel_stack 0 [ 235.396303][ T5853] pagetables 0 [ 235.396303][ T5853] sec_pagetables 0 [ 235.396303][ T5853] percpu 0 [ 235.396303][ T5853] sock 0 [ 235.396303][ T5853] vmalloc 0 [ 235.396303][ T5853] shmem 0 [ 235.396303][ T5853] zswap 0 [ 235.396303][ T5853] zswapped 0 [ 235.396303][ T5853] file_mapped 0 [ 235.396303][ T5853] file_dirty 0 [pid 5857] mkdir("./file0", 000) = 0 [pid 5857] open("./file0", O_RDONLY) = 3 [pid 5857] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5857] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5857] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5857] openat(5, "memory.max", O_RDWR) = 6 [ 235.396303][ T5853] file_writeback 0 [ 235.396303][ T5853] swapcached 0 [ 235.396303][ T5853] anon_thp 0 [ 235.396303][ T5853] file_thp 0 [ 235.396303][ T5853] shmem_thp 0 [ 235.396303][ T5853] inactive_anon 0 [ 235.396303][ T5853] active_anon 0 [ 235.396303][ T5853] inactive_file 0 [ 235.396303][ T5853] active_file 0 [ 235.396303][ T5853] unevictable 0 [ 235.396303][ T5853] slab_reclaimable 6752 [ 235.396303][ T5853] slab_unreclaimable 0 [ 235.396303][ T5853] slab 6752 [ 235.396303][ T5853] workingset_refault_anon 0 [pid 5857] write(6, "0x000000000000040e", 18 [pid 5853] <... write resumed>) = 18 [pid 5853] close(3) = 0 [ 235.493969][ T5853] Tasks state (memory values in pages): [ 235.500762][ T5853] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 235.510994][ T5853] Out of memory and no killable processes... [ 235.517439][ T5854] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 235.528525][ T5854] CPU: 0 PID: 5854 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5853] close(4) = 0 [pid 5853] close(5) = 0 [pid 5853] close(6) = 0 [pid 5853] close(7) = -1 EBADF (Bad file descriptor) [pid 5853] close(8) = -1 EBADF (Bad file descriptor) [pid 5853] close(9) = -1 EBADF (Bad file descriptor) [pid 5853] close(10) = -1 EBADF (Bad file descriptor) [pid 5853] close(11) = -1 EBADF (Bad file descriptor) [pid 5853] close(12) = -1 EBADF (Bad file descriptor) [pid 5853] close(13) = -1 EBADF (Bad file descriptor) [pid 5853] close(14) = -1 EBADF (Bad file descriptor) [pid 5853] close(15) = -1 EBADF (Bad file descriptor) [pid 5853] close(16) = -1 EBADF (Bad file descriptor) [pid 5853] close(17) = -1 EBADF (Bad file descriptor) [pid 5853] close(18) = -1 EBADF (Bad file descriptor) [pid 5853] close(19) = -1 EBADF (Bad file descriptor) [pid 5853] close(20) = -1 EBADF (Bad file descriptor) [pid 5853] close(21) = -1 EBADF (Bad file descriptor) [pid 5853] close(22) = -1 EBADF (Bad file descriptor) [pid 5853] close(23) = -1 EBADF (Bad file descriptor) [pid 5853] close(24) = -1 EBADF (Bad file descriptor) [pid 5853] close(25) = -1 EBADF (Bad file descriptor) [pid 5853] close(26) = -1 EBADF (Bad file descriptor) [pid 5853] close(27) = -1 EBADF (Bad file descriptor) [pid 5853] close(28) = -1 EBADF (Bad file descriptor) [pid 5853] close(29) = -1 EBADF (Bad file descriptor) [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5073] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./65/binderfs") = 0 [pid 5073] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./65/cgroup") = 0 [pid 5073] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 235.538986][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 235.549080][ T5854] Call Trace: [ 235.552397][ T5854] [ 235.555361][ T5854] dump_stack_lvl+0x1e7/0x2d0 [ 235.560092][ T5854] ? nf_tcp_handle_invalid+0x640/0x640 [ 235.565598][ T5854] ? panic+0x770/0x770 [ 235.569756][ T5854] dump_header+0xdc/0x940 [ 235.574140][ T5854] out_of_memory+0xf21/0x12c0 [ 235.578875][ T5854] ? mutex_lock_io_nested+0x60/0x60 [ 235.584137][ T5854] ? preempt_schedule+0xdd/0xf0 [ 235.589127][ T5854] ? unregister_oom_notifier+0x20/0x20 [pid 5073] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./65/cgroup.net") = 0 [ 235.594660][ T5854] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 235.600716][ T5854] mem_cgroup_out_of_memory+0x263/0x3b0 [ 235.606321][ T5854] ? preempt_schedule_thunk+0x1a/0x20 [ 235.611740][ T5854] ? mem_cgroup_oom_trylock+0x210/0x210 [ 235.617325][ T5854] ? cgroup_file_notify+0x127/0x190 [ 235.622568][ T5854] memory_max_write+0x355/0x470 [ 235.627449][ T5854] ? memory_max_show+0xa0/0xa0 [ 235.632240][ T5854] ? read_lock_is_recursive+0x20/0x20 [ 235.637633][ T5854] ? memory_max_show+0xa0/0xa0 [ 235.642409][ T5854] cgroup_file_write+0x2b1/0x780 [ 235.647368][ T5854] ? cgroup_seqfile_stop+0xd0/0xd0 [ 235.652500][ T5854] ? __virt_addr_valid+0x22f/0x2e0 [ 235.657639][ T5854] ? cgroup_seqfile_stop+0xd0/0xd0 [ 235.662759][ T5854] kernfs_fop_write_iter+0x3a6/0x4f0 [ 235.668063][ T5854] vfs_write+0x7b2/0xbb0 [ 235.672325][ T5854] ? file_end_write+0x240/0x240 [ 235.677202][ T5854] ? do_raw_spin_unlock+0x13b/0x8b0 [ 235.682421][ T5854] ? lockdep_hardirqs_on+0x98/0x140 [ 235.687670][ T5854] ? __fdget_pos+0x265/0x2f0 [ 235.692323][ T5854] ksys_write+0x1a0/0x2c0 [ 235.696692][ T5854] ? __ia32_sys_read+0x90/0x90 [ 235.701497][ T5854] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 235.707510][ T5854] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 235.713535][ T5854] do_syscall_64+0x41/0xc0 [ 235.717980][ T5854] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 235.723896][ T5854] RIP: 0033:0x7fd49ce20129 [ 235.728373][ T5854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 235.748018][ T5854] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.756462][ T5854] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 235.764451][ T5854] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 235.772433][ T5854] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 235.780411][ T5854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 235.788476][ T5854] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003e [pid 5073] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./65/file0") = 0 [pid 5073] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./65/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./65") = 0 [pid 5073] mkdir("./66", 0777) = 0 [ 235.796478][ T5854] [ 235.802208][ T5854] memory: usage 8kB, limit 0kB, failcnt 55 [ 235.809052][ T5854] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 235.818541][ T5854] Memory cgroup stats for /syz1: [ 235.818792][ T5854] anon 0 [ 235.818792][ T5854] file 0 [ 235.818792][ T5854] kernel 8192 [ 235.818792][ T5854] kernel_stack 0 [ 235.818792][ T5854] pagetables 0 [ 235.818792][ T5854] sec_pagetables 0 [ 235.818792][ T5854] percpu 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached [pid 5858] chdir("./66" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 68 [pid 5858] <... chdir resumed>) = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5858] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5858] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 235.818792][ T5854] sock 0 [ 235.818792][ T5854] vmalloc 0 [ 235.818792][ T5854] shmem 0 [ 235.818792][ T5854] zswap 0 [ 235.818792][ T5854] zswapped 0 [ 235.818792][ T5854] file_mapped 0 [ 235.818792][ T5854] file_dirty 0 [ 235.818792][ T5854] file_writeback 0 [ 235.818792][ T5854] swapcached 0 [ 235.818792][ T5854] anon_thp 0 [ 235.818792][ T5854] file_thp 0 [ 235.818792][ T5854] shmem_thp 0 [ 235.818792][ T5854] inactive_anon 0 [ 235.818792][ T5854] active_anon 0 [ 235.818792][ T5854] inactive_file 0 [ 235.818792][ T5854] active_file 0 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] mkdir("./file0", 000) = 0 [pid 5858] open("./file0", O_RDONLY) = 3 [pid 5858] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5858] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5858] openat(5, "memory.max", O_RDWR) = 6 [ 235.818792][ T5854] unevictable 0 [ 235.818792][ T5854] slab_reclaimable 6752 [ 235.818792][ T5854] slab_unreclaimable 0 [ 235.818792][ T5854] slab 6752 [ 235.818792][ T5854] workingset_refault_anon 0 [ 235.920620][ T5854] Tasks state (memory values in pages): [ 235.926454][ T5854] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 235.936039][ T5854] Out of memory and no killable processes... [pid 5858] write(6, "0x000000000000040e", 18 [pid 5854] <... write resumed>) = 18 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] close(5) = 0 [pid 5854] close(6) = 0 [pid 5854] close(7) = -1 EBADF (Bad file descriptor) [pid 5854] close(8) = -1 EBADF (Bad file descriptor) [pid 5854] close(9) = -1 EBADF (Bad file descriptor) [pid 5854] close(10) = -1 EBADF (Bad file descriptor) [pid 5854] close(11) = -1 EBADF (Bad file descriptor) [pid 5854] close(12) = -1 EBADF (Bad file descriptor) [pid 5854] close(13) = -1 EBADF (Bad file descriptor) [pid 5854] close(14) = -1 EBADF (Bad file descriptor) [pid 5854] close(15) = -1 EBADF (Bad file descriptor) [pid 5854] close(16) = -1 EBADF (Bad file descriptor) [pid 5854] close(17) = -1 EBADF (Bad file descriptor) [pid 5854] close(18) = -1 EBADF (Bad file descriptor) [ 235.942511][ T5855] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 235.953761][ T5855] CPU: 1 PID: 5855 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 235.964237][ T5855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 235.974336][ T5855] Call Trace: [ 235.977653][ T5855] [ 235.980627][ T5855] dump_stack_lvl+0x1e7/0x2d0 [ 235.985367][ T5855] ? nf_tcp_handle_invalid+0x640/0x640 [ 235.990883][ T5855] ? panic+0x770/0x770 [ 235.995020][ T5855] dump_header+0xdc/0x940 [ 235.999413][ T5855] out_of_memory+0xf21/0x12c0 [ 236.004138][ T5855] ? mutex_lock_io_nested+0x60/0x60 [ 236.009396][ T5855] ? preempt_schedule+0xdd/0xf0 [ 236.014286][ T5855] ? unregister_oom_notifier+0x20/0x20 [ 236.019800][ T5855] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 236.025849][ T5855] mem_cgroup_out_of_memory+0x263/0x3b0 [ 236.031433][ T5855] ? preempt_schedule_thunk+0x1a/0x20 [ 236.036833][ T5855] ? mem_cgroup_oom_trylock+0x210/0x210 [ 236.042429][ T5855] ? cgroup_file_notify+0x127/0x190 [ 236.047699][ T5855] memory_max_write+0x355/0x470 [ 236.052628][ T5855] ? memory_max_show+0xa0/0xa0 [ 236.057470][ T5855] ? read_lock_is_recursive+0x20/0x20 [ 236.062898][ T5855] ? memory_max_show+0xa0/0xa0 [ 236.067696][ T5855] cgroup_file_write+0x2b1/0x780 [ 236.072672][ T5855] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.077823][ T5855] ? __virt_addr_valid+0x22f/0x2e0 [ 236.082991][ T5855] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.088133][ T5855] kernfs_fop_write_iter+0x3a6/0x4f0 [ 236.093451][ T5855] vfs_write+0x7b2/0xbb0 [pid 5854] close(19) = -1 EBADF (Bad file descriptor) [pid 5854] close(20) = -1 EBADF (Bad file descriptor) [pid 5854] close(21) = -1 EBADF (Bad file descriptor) [pid 5854] close(22) = -1 EBADF (Bad file descriptor) [pid 5854] close(23) = -1 EBADF (Bad file descriptor) [pid 5854] close(24) = -1 EBADF (Bad file descriptor) [pid 5854] close(25) = -1 EBADF (Bad file descriptor) [pid 5854] close(26) = -1 EBADF (Bad file descriptor) [pid 5854] close(27) = -1 EBADF (Bad file descriptor) [ 236.097732][ T5855] ? file_end_write+0x240/0x240 [ 236.102607][ T5855] ? do_raw_spin_unlock+0x13b/0x8b0 [ 236.107861][ T5855] ? lockdep_hardirqs_on+0x98/0x140 [ 236.113157][ T5855] ? __fdget_pos+0x265/0x2f0 [ 236.117786][ T5855] ksys_write+0x1a0/0x2c0 [ 236.122146][ T5855] ? __ia32_sys_read+0x90/0x90 [ 236.126929][ T5855] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 236.132941][ T5855] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 236.138947][ T5855] do_syscall_64+0x41/0xc0 [ 236.143385][ T5855] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 236.149400][ T5855] RIP: 0033:0x7fd49ce20129 [ 236.153839][ T5855] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 236.173492][ T5855] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 236.181919][ T5855] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 236.189930][ T5855] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5854] close(28) = -1 EBADF (Bad file descriptor) [pid 5854] close(29) = -1 EBADF (Bad file descriptor) [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5072] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./62/binderfs") = 0 [pid 5072] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./62/cgroup") = 0 [pid 5072] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./62/cgroup.net") = 0 [pid 5072] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 236.197954][ T5855] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 236.205946][ T5855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 236.213932][ T5855] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000044 [ 236.221967][ T5855] [ 236.235075][ T5855] memory: usage 8kB, limit 0kB, failcnt 55 [ 236.242280][ T5855] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./62/file0") = 0 [pid 5072] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./62/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./62") = 0 [pid 5072] mkdir("./63", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached [ 236.249837][ T5855] Memory cgroup stats for /syz1: [ 236.250054][ T5855] anon 0 [ 236.250054][ T5855] file 0 [ 236.250054][ T5855] kernel 8192 [ 236.250054][ T5855] kernel_stack 0 [ 236.250054][ T5855] pagetables 0 [ 236.250054][ T5855] sec_pagetables 0 [ 236.250054][ T5855] percpu 0 [ 236.250054][ T5855] sock 0 [ 236.250054][ T5855] vmalloc 0 [ 236.250054][ T5855] shmem 0 [ 236.250054][ T5855] zswap 0 [ 236.250054][ T5855] zswapped 0 [ 236.250054][ T5855] file_mapped 0 [ 236.250054][ T5855] file_dirty 0 [pid 5859] chdir("./63") = 0 [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 65 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5859] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5859] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5859] mkdir("./file0", 000) = 0 [pid 5859] open("./file0", O_RDONLY) = 3 [pid 5859] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5859] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5859] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5859] openat(5, "memory.max", O_RDWR) = 6 [ 236.250054][ T5855] file_writeback 0 [ 236.250054][ T5855] swapcached 0 [ 236.250054][ T5855] anon_thp 0 [ 236.250054][ T5855] file_thp 0 [ 236.250054][ T5855] shmem_thp 0 [ 236.250054][ T5855] inactive_anon 0 [ 236.250054][ T5855] active_anon 0 [ 236.250054][ T5855] inactive_file 0 [ 236.250054][ T5855] active_file 0 [ 236.250054][ T5855] unevictable 0 [ 236.250054][ T5855] slab_reclaimable 6752 [ 236.250054][ T5855] slab_unreclaimable 0 [ 236.250054][ T5855] slab 6752 [ 236.250054][ T5855] workingset_refault_anon 0 [pid 5859] write(6, "0x000000000000040e", 18 [pid 5855] <... write resumed>) = 18 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] close(5) = 0 [pid 5855] close(6) = 0 [pid 5855] close(7) = -1 EBADF (Bad file descriptor) [pid 5855] close(8) = -1 EBADF (Bad file descriptor) [pid 5855] close(9) = -1 EBADF (Bad file descriptor) [pid 5855] close(10) = -1 EBADF (Bad file descriptor) [pid 5855] close(11) = -1 EBADF (Bad file descriptor) [pid 5855] close(12) = -1 EBADF (Bad file descriptor) [pid 5855] close(13) = -1 EBADF (Bad file descriptor) [pid 5855] close(14) = -1 EBADF (Bad file descriptor) [pid 5855] close(15) = -1 EBADF (Bad file descriptor) [pid 5855] close(16) = -1 EBADF (Bad file descriptor) [ 236.346346][ T5855] Tasks state (memory values in pages): [ 236.352911][ T5855] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 236.362859][ T5855] Out of memory and no killable processes... [ 236.369838][ T5856] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 236.381394][ T5856] CPU: 1 PID: 5856 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5855] close(17) = -1 EBADF (Bad file descriptor) [pid 5855] close(18) = -1 EBADF (Bad file descriptor) [pid 5855] close(19) = -1 EBADF (Bad file descriptor) [pid 5855] close(20) = -1 EBADF (Bad file descriptor) [ 236.391862][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 236.401955][ T5856] Call Trace: [ 236.405277][ T5856] [ 236.408249][ T5856] dump_stack_lvl+0x1e7/0x2d0 [ 236.412988][ T5856] ? nf_tcp_handle_invalid+0x640/0x640 [ 236.418499][ T5856] ? panic+0x770/0x770 [ 236.422637][ T5856] dump_header+0xdc/0x940 [ 236.427035][ T5856] out_of_memory+0xf21/0x12c0 [ 236.431775][ T5856] ? mutex_lock_io_nested+0x60/0x60 [ 236.437039][ T5856] ? preempt_schedule+0xdd/0xf0 [ 236.441938][ T5856] ? unregister_oom_notifier+0x20/0x20 [pid 5855] close(21) = -1 EBADF (Bad file descriptor) [pid 5855] close(22) = -1 EBADF (Bad file descriptor) [pid 5855] close(23) = -1 EBADF (Bad file descriptor) [pid 5855] close(24) = -1 EBADF (Bad file descriptor) [pid 5855] close(25) = -1 EBADF (Bad file descriptor) [pid 5855] close(26) = -1 EBADF (Bad file descriptor) [pid 5855] close(27) = -1 EBADF (Bad file descriptor) [pid 5855] close(28) = -1 EBADF (Bad file descriptor) [pid 5855] close(29) = -1 EBADF (Bad file descriptor) [ 236.447445][ T5856] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 236.453485][ T5856] mem_cgroup_out_of_memory+0x263/0x3b0 [ 236.459059][ T5856] ? preempt_schedule_thunk+0x1a/0x20 [ 236.464464][ T5856] ? mem_cgroup_oom_trylock+0x210/0x210 [ 236.470073][ T5856] ? cgroup_file_notify+0x127/0x190 [ 236.475302][ T5856] memory_max_write+0x355/0x470 [ 236.480203][ T5856] ? memory_max_show+0xa0/0xa0 [ 236.485009][ T5856] ? read_lock_is_recursive+0x20/0x20 [ 236.490411][ T5856] ? memory_max_show+0xa0/0xa0 [ 236.495199][ T5856] cgroup_file_write+0x2b1/0x780 [ 236.500169][ T5856] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.505299][ T5856] ? __virt_addr_valid+0x22f/0x2e0 [ 236.510439][ T5856] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.515569][ T5856] kernfs_fop_write_iter+0x3a6/0x4f0 [ 236.520902][ T5856] vfs_write+0x7b2/0xbb0 [ 236.525170][ T5856] ? file_end_write+0x240/0x240 [ 236.530043][ T5856] ? do_raw_spin_unlock+0x13b/0x8b0 [ 236.535257][ T5856] ? lockdep_hardirqs_on+0x98/0x140 [ 236.540479][ T5856] ? __fdget_pos+0x265/0x2f0 [ 236.545089][ T5856] ksys_write+0x1a0/0x2c0 [ 236.549443][ T5856] ? __ia32_sys_read+0x90/0x90 [ 236.554229][ T5856] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 236.560239][ T5856] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 236.566254][ T5856] do_syscall_64+0x41/0xc0 [ 236.570689][ T5856] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 236.576612][ T5856] RIP: 0033:0x7fd49ce20129 [ 236.581047][ T5856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5855] exit_group(0) = ? [pid 5855] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5075] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./68/binderfs") = 0 [pid 5075] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./68/cgroup") = 0 [pid 5075] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./68/cgroup.net") = 0 [pid 5075] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./68/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 236.600664][ T5856] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 236.609118][ T5856] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 236.617125][ T5856] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 236.625115][ T5856] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 236.633099][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 236.641085][ T5856] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003e [ 236.649113][ T5856] [pid 5075] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./68/file0") = 0 [pid 5075] umount2("./68/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./68/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./68/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./68") = 0 [pid 5075] mkdir("./69", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached [pid 5860] chdir("./69" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 71 [pid 5860] <... chdir resumed>) = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5860] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5860] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] mkdir("./file0", 000) = 0 [pid 5860] open("./file0", O_RDONLY) = 3 [ 236.666213][ T5856] memory: usage 8kB, limit 0kB, failcnt 55 [ 236.674835][ T5856] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 236.690969][ T5856] Memory cgroup stats for /syz1: [ 236.691308][ T5856] anon 0 [ 236.691308][ T5856] file 0 [ 236.691308][ T5856] kernel 8192 [ 236.691308][ T5856] kernel_stack 0 [ 236.691308][ T5856] pagetables 0 [ 236.691308][ T5856] sec_pagetables 0 [pid 5860] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5860] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5860] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5860] openat(5, "memory.max", O_RDWR) = 6 [ 236.691308][ T5856] percpu 0 [ 236.691308][ T5856] sock 0 [ 236.691308][ T5856] vmalloc 0 [ 236.691308][ T5856] shmem 0 [ 236.691308][ T5856] zswap 0 [ 236.691308][ T5856] zswapped 0 [ 236.691308][ T5856] file_mapped 0 [ 236.691308][ T5856] file_dirty 0 [ 236.691308][ T5856] file_writeback 0 [ 236.691308][ T5856] swapcached 0 [ 236.691308][ T5856] anon_thp 0 [ 236.691308][ T5856] file_thp 0 [ 236.691308][ T5856] shmem_thp 0 [ 236.691308][ T5856] inactive_anon 0 [ 236.691308][ T5856] active_anon 0 [ 236.691308][ T5856] inactive_file 0 [ 236.691308][ T5856] active_file 0 [ 236.691308][ T5856] unevictable 0 [ 236.691308][ T5856] slab_reclaimable 6752 [ 236.691308][ T5856] slab_unreclaimable 0 [ 236.691308][ T5856] slab 6752 [ 236.691308][ T5856] workingset_refault_anon 0 [pid 5860] write(6, "0x000000000000040e", 18 [pid 5856] <... write resumed>) = 18 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] close(5) = 0 [pid 5856] close(6) = 0 [pid 5856] close(7) = -1 EBADF (Bad file descriptor) [pid 5856] close(8) = -1 EBADF (Bad file descriptor) [pid 5856] close(9) = -1 EBADF (Bad file descriptor) [pid 5856] close(10) = -1 EBADF (Bad file descriptor) [pid 5856] close(11) = -1 EBADF (Bad file descriptor) [pid 5856] close(12) = -1 EBADF (Bad file descriptor) [pid 5856] close(13) = -1 EBADF (Bad file descriptor) [pid 5856] close(14) = -1 EBADF (Bad file descriptor) [pid 5856] close(15) = -1 EBADF (Bad file descriptor) [pid 5856] close(16) = -1 EBADF (Bad file descriptor) [pid 5856] close(17) = -1 EBADF (Bad file descriptor) [pid 5856] close(18) = -1 EBADF (Bad file descriptor) [pid 5856] close(19) = -1 EBADF (Bad file descriptor) [pid 5856] close(20) = -1 EBADF (Bad file descriptor) [pid 5856] close(21) = -1 EBADF (Bad file descriptor) [pid 5856] close(22) = -1 EBADF (Bad file descriptor) [pid 5856] close(23) = -1 EBADF (Bad file descriptor) [pid 5856] close(24) = -1 EBADF (Bad file descriptor) [pid 5856] close(25) = -1 EBADF (Bad file descriptor) [ 236.813121][ T5856] Tasks state (memory values in pages): [ 236.818933][ T5856] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 236.828754][ T5856] Out of memory and no killable processes... [ 236.834819][ T5857] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 236.852599][ T5857] CPU: 0 PID: 5857 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5856] close(26) = -1 EBADF (Bad file descriptor) [pid 5856] close(27) = -1 EBADF (Bad file descriptor) [pid 5856] close(28) = -1 EBADF (Bad file descriptor) [pid 5856] close(29) = -1 EBADF (Bad file descriptor) [pid 5856] exit_group(0) = ? [pid 5856] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./62/binderfs") = 0 [pid 5070] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./62/cgroup") = 0 [pid 5070] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./62/cgroup.net") = 0 [ 236.863092][ T5857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 236.873198][ T5857] Call Trace: [ 236.876529][ T5857] [ 236.879502][ T5857] dump_stack_lvl+0x1e7/0x2d0 [ 236.884251][ T5857] ? nf_tcp_handle_invalid+0x640/0x640 [ 236.889769][ T5857] ? panic+0x770/0x770 [ 236.893912][ T5857] dump_header+0xdc/0x940 [ 236.898303][ T5857] out_of_memory+0xf21/0x12c0 [ 236.903047][ T5857] ? mutex_lock_io_nested+0x60/0x60 [ 236.908308][ T5857] ? mark_lock+0x9a/0x340 [ 236.912693][ T5857] ? unregister_oom_notifier+0x20/0x20 [ 236.918197][ T5857] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 236.924228][ T5857] mem_cgroup_out_of_memory+0x263/0x3b0 [ 236.929810][ T5857] ? mem_cgroup_oom_trylock+0x210/0x210 [ 236.935432][ T5857] ? cgroup_file_notify+0x127/0x190 [ 236.940697][ T5857] memory_max_write+0x355/0x470 [ 236.945616][ T5857] ? memory_max_show+0xa0/0xa0 [ 236.950441][ T5857] ? read_lock_is_recursive+0x20/0x20 [ 236.955885][ T5857] ? memory_max_show+0xa0/0xa0 [ 236.960701][ T5857] cgroup_file_write+0x2b1/0x780 [ 236.965697][ T5857] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.970853][ T5857] ? __virt_addr_valid+0x22f/0x2e0 [ 236.976027][ T5857] ? cgroup_seqfile_stop+0xd0/0xd0 [ 236.981177][ T5857] kernfs_fop_write_iter+0x3a6/0x4f0 [ 236.986492][ T5857] vfs_write+0x7b2/0xbb0 [ 236.990795][ T5857] ? file_end_write+0x240/0x240 [ 236.995708][ T5857] ? do_raw_spin_unlock+0x13b/0x8b0 [ 237.000960][ T5857] ? lockdep_hardirqs_on+0x98/0x140 [ 237.006184][ T5857] ? __fdget_pos+0x265/0x2f0 [ 237.010807][ T5857] ksys_write+0x1a0/0x2c0 [ 237.015193][ T5857] ? __ia32_sys_read+0x90/0x90 [ 237.020007][ T5857] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 237.026051][ T5857] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 237.032072][ T5857] do_syscall_64+0x41/0xc0 [ 237.036544][ T5857] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 237.042496][ T5857] RIP: 0033:0x7fd49ce20129 [ 237.046955][ T5857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 237.066621][ T5857] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.075101][ T5857] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 237.083123][ T5857] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 237.091218][ T5857] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 237.099206][ T5857] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5070] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 237.107206][ T5857] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000046 [ 237.115245][ T5857] [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./62/file0") = 0 [pid 5070] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./62/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./62") = 0 [pid 5070] mkdir("./63", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 65 ./strace-static-x86_64: Process 5863 attached [pid 5863] chdir("./63") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [ 237.135200][ T5857] memory: usage 8kB, limit 0kB, failcnt 55 [ 237.145701][ T5857] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 237.160499][ T5857] Memory cgroup stats for /syz1: [ 237.160719][ T5857] anon 0 [ 237.160719][ T5857] file 0 [ 237.160719][ T5857] kernel 8192 [ 237.160719][ T5857] kernel_stack 0 [ 237.160719][ T5857] pagetables 0 [ 237.160719][ T5857] sec_pagetables 0 [pid 5863] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5863] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] mkdir("./file0", 000) = 0 [pid 5863] open("./file0", O_RDONLY) = 3 [pid 5863] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5863] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5863] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5863] openat(5, "memory.max", O_RDWR) = 6 [ 237.160719][ T5857] percpu 0 [ 237.160719][ T5857] sock 0 [ 237.160719][ T5857] vmalloc 0 [ 237.160719][ T5857] shmem 0 [ 237.160719][ T5857] zswap 0 [ 237.160719][ T5857] zswapped 0 [ 237.160719][ T5857] file_mapped 0 [ 237.160719][ T5857] file_dirty 0 [ 237.160719][ T5857] file_writeback 0 [ 237.160719][ T5857] swapcached 0 [ 237.160719][ T5857] anon_thp 0 [ 237.160719][ T5857] file_thp 0 [ 237.160719][ T5857] shmem_thp 0 [ 237.160719][ T5857] inactive_anon 0 [ 237.160719][ T5857] active_anon 0 [ 237.160719][ T5857] inactive_file 0 [pid 5863] write(6, "0x000000000000040e", 18 [pid 5857] <... write resumed>) = 18 [ 237.160719][ T5857] active_file 0 [ 237.160719][ T5857] unevictable 0 [ 237.160719][ T5857] slab_reclaimable 6752 [ 237.160719][ T5857] slab_unreclaimable 0 [ 237.160719][ T5857] slab 6752 [ 237.160719][ T5857] workingset_refault_anon 0 [ 237.257081][ T5857] Tasks state (memory values in pages): [ 237.262674][ T5857] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 237.273615][ T5857] Out of memory and no killable processes... [pid 5857] close(3) = 0 [pid 5857] close(4) = 0 [pid 5857] close(5) = 0 [pid 5857] close(6) = 0 [pid 5857] close(7) = -1 EBADF (Bad file descriptor) [pid 5857] close(8) = -1 EBADF (Bad file descriptor) [pid 5857] close(9) = -1 EBADF (Bad file descriptor) [pid 5857] close(10) = -1 EBADF (Bad file descriptor) [pid 5857] close(11) = -1 EBADF (Bad file descriptor) [pid 5857] close(12) = -1 EBADF (Bad file descriptor) [pid 5857] close(13) = -1 EBADF (Bad file descriptor) [pid 5857] close(14) = -1 EBADF (Bad file descriptor) [pid 5857] close(15) = -1 EBADF (Bad file descriptor) [pid 5857] close(16) = -1 EBADF (Bad file descriptor) [pid 5857] close(17) = -1 EBADF (Bad file descriptor) [pid 5857] close(18) = -1 EBADF (Bad file descriptor) [pid 5857] close(19) = -1 EBADF (Bad file descriptor) [pid 5857] close(20) = -1 EBADF (Bad file descriptor) [pid 5857] close(21) = -1 EBADF (Bad file descriptor) [pid 5857] close(22) = -1 EBADF (Bad file descriptor) [pid 5857] close(23) = -1 EBADF (Bad file descriptor) [pid 5857] close(24) = -1 EBADF (Bad file descriptor) [pid 5857] close(25) = -1 EBADF (Bad file descriptor) [pid 5857] close(26) = -1 EBADF (Bad file descriptor) [pid 5857] close(27) = -1 EBADF (Bad file descriptor) [pid 5857] close(28) = -1 EBADF (Bad file descriptor) [pid 5857] close(29) = -1 EBADF (Bad file descriptor) [pid 5857] exit_group(0) = ? [pid 5857] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=72, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5074] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5074] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 237.280793][ T5858] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 237.294856][ T5858] CPU: 1 PID: 5858 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 237.305345][ T5858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 237.315452][ T5858] Call Trace: [ 237.318778][ T5858] [ 237.321751][ T5858] dump_stack_lvl+0x1e7/0x2d0 [ 237.326491][ T5858] ? nf_tcp_handle_invalid+0x640/0x640 [ 237.331983][ T5858] ? panic+0x770/0x770 [pid 5074] unlink("./70/binderfs") = 0 [pid 5074] umount2("./70/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./70/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./70/cgroup") = 0 [pid 5074] umount2("./70/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./70/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./70/cgroup.net") = 0 [ 237.336074][ T5858] dump_header+0xdc/0x940 [ 237.340438][ T5858] out_of_memory+0xf21/0x12c0 [ 237.345169][ T5858] ? mutex_lock_io_nested+0x60/0x60 [ 237.350422][ T5858] ? preempt_schedule+0xdd/0xf0 [ 237.355338][ T5858] ? unregister_oom_notifier+0x20/0x20 [ 237.360831][ T5858] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 237.366835][ T5858] mem_cgroup_out_of_memory+0x263/0x3b0 [ 237.372397][ T5858] ? preempt_schedule_thunk+0x1a/0x20 [ 237.377812][ T5858] ? mem_cgroup_oom_trylock+0x210/0x210 [ 237.383379][ T5858] ? cgroup_file_notify+0x127/0x190 [ 237.388610][ T5858] memory_max_write+0x355/0x470 [ 237.393505][ T5858] ? memory_max_show+0xa0/0xa0 [ 237.398306][ T5858] ? read_lock_is_recursive+0x20/0x20 [ 237.403700][ T5858] ? memory_max_show+0xa0/0xa0 [ 237.408479][ T5858] cgroup_file_write+0x2b1/0x780 [ 237.413455][ T5858] ? cgroup_seqfile_stop+0xd0/0xd0 [ 237.418670][ T5858] ? __virt_addr_valid+0x22f/0x2e0 [ 237.423808][ T5858] ? cgroup_seqfile_stop+0xd0/0xd0 [ 237.428927][ T5858] kernfs_fop_write_iter+0x3a6/0x4f0 [ 237.434238][ T5858] vfs_write+0x7b2/0xbb0 [ 237.438513][ T5858] ? file_end_write+0x240/0x240 [ 237.443389][ T5858] ? do_raw_spin_unlock+0x13b/0x8b0 [ 237.448608][ T5858] ? lockdep_hardirqs_on+0x98/0x140 [ 237.453830][ T5858] ? __fdget_pos+0x265/0x2f0 [ 237.458439][ T5858] ksys_write+0x1a0/0x2c0 [ 237.462789][ T5858] ? __ia32_sys_read+0x90/0x90 [ 237.467570][ T5858] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 237.473577][ T5858] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 237.479582][ T5858] do_syscall_64+0x41/0xc0 [ 237.484022][ T5858] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 237.489940][ T5858] RIP: 0033:0x7fd49ce20129 [ 237.494373][ T5858] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 237.513990][ T5858] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.522422][ T5858] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5074] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./70/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./70/file0") = 0 [pid 5074] umount2("./70/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./70/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./70/cgroup.cpu") = 0 [ 237.530403][ T5858] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 237.538397][ T5858] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 237.546376][ T5858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 237.554356][ T5858] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000042 [ 237.562355][ T5858] [ 237.572733][ T5858] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./70") = 0 [pid 5074] mkdir("./71", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5864] chdir("./71" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 73 [pid 5864] <... chdir resumed>) = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5864] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5864] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] mkdir("./file0", 000) = 0 [pid 5864] open("./file0", O_RDONLY) = 3 [pid 5864] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5864] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5864] openat(5, "memory.max", O_RDWR) = 6 [ 237.588318][ T5858] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 237.606180][ T5858] Memory cgroup stats for /syz1: [ 237.607346][ T5858] anon 0 [ 237.607346][ T5858] file 0 [ 237.607346][ T5858] kernel 8192 [ 237.607346][ T5858] kernel_stack 0 [ 237.607346][ T5858] pagetables 0 [ 237.607346][ T5858] sec_pagetables 0 [ 237.607346][ T5858] percpu 0 [ 237.607346][ T5858] sock 0 [ 237.607346][ T5858] vmalloc 0 [ 237.607346][ T5858] shmem 0 [ 237.607346][ T5858] zswap 0 [ 237.607346][ T5858] zswapped 0 [ 237.607346][ T5858] file_mapped 0 [ 237.607346][ T5858] file_dirty 0 [ 237.607346][ T5858] file_writeback 0 [ 237.607346][ T5858] swapcached 0 [ 237.607346][ T5858] anon_thp 0 [ 237.607346][ T5858] file_thp 0 [ 237.607346][ T5858] shmem_thp 0 [ 237.607346][ T5858] inactive_anon 0 [ 237.607346][ T5858] active_anon 0 [ 237.607346][ T5858] inactive_file 0 [ 237.607346][ T5858] active_file 0 [ 237.607346][ T5858] unevictable 0 [pid 5864] write(6, "0x000000000000040e", 18 [pid 5858] <... write resumed>) = 18 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [ 237.607346][ T5858] slab_reclaimable 6752 [ 237.607346][ T5858] slab_unreclaimable 0 [ 237.607346][ T5858] slab 6752 [ 237.607346][ T5858] workingset_refault_anon 0 [ 237.707322][ T5858] Tasks state (memory values in pages): [ 237.713113][ T5858] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 237.722870][ T5858] Out of memory and no killable processes... [pid 5858] close(5) = 0 [pid 5858] close(6) = 0 [pid 5858] close(7) = -1 EBADF (Bad file descriptor) [pid 5858] close(8) = -1 EBADF (Bad file descriptor) [pid 5858] close(9) = -1 EBADF (Bad file descriptor) [pid 5858] close(10) = -1 EBADF (Bad file descriptor) [pid 5858] close(11) = -1 EBADF (Bad file descriptor) [pid 5858] close(12) = -1 EBADF (Bad file descriptor) [pid 5858] close(13) = -1 EBADF (Bad file descriptor) [pid 5858] close(14) = -1 EBADF (Bad file descriptor) [pid 5858] close(15) = -1 EBADF (Bad file descriptor) [pid 5858] close(16) = -1 EBADF (Bad file descriptor) [pid 5858] close(17) = -1 EBADF (Bad file descriptor) [pid 5858] close(18) = -1 EBADF (Bad file descriptor) [pid 5858] close(19) = -1 EBADF (Bad file descriptor) [pid 5858] close(20) = -1 EBADF (Bad file descriptor) [pid 5858] close(21) = -1 EBADF (Bad file descriptor) [pid 5858] close(22) = -1 EBADF (Bad file descriptor) [pid 5858] close(23) = -1 EBADF (Bad file descriptor) [pid 5858] close(24) = -1 EBADF (Bad file descriptor) [pid 5858] close(25) = -1 EBADF (Bad file descriptor) [pid 5858] close(26) = -1 EBADF (Bad file descriptor) [pid 5858] close(27) = -1 EBADF (Bad file descriptor) [pid 5858] close(28) = -1 EBADF (Bad file descriptor) [pid 5858] close(29) = -1 EBADF (Bad file descriptor) [pid 5858] exit_group(0) = ? [ 237.730482][ T5859] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 237.741523][ T5859] CPU: 0 PID: 5859 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 237.751992][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 237.762094][ T5859] Call Trace: [ 237.765412][ T5859] [ 237.768390][ T5859] dump_stack_lvl+0x1e7/0x2d0 [ 237.773140][ T5859] ? nf_tcp_handle_invalid+0x640/0x640 [ 237.778659][ T5859] ? panic+0x770/0x770 [ 237.782803][ T5859] dump_header+0xdc/0x940 [pid 5858] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5073] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./66/binderfs") = 0 [pid 5073] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./66/cgroup") = 0 [pid 5073] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./66/cgroup.net") = 0 [ 237.787187][ T5859] out_of_memory+0xf21/0x12c0 [ 237.791924][ T5859] ? mutex_lock_io_nested+0x60/0x60 [ 237.797186][ T5859] ? preempt_schedule+0xdd/0xf0 [ 237.802096][ T5859] ? unregister_oom_notifier+0x20/0x20 [ 237.807610][ T5859] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 237.813664][ T5859] mem_cgroup_out_of_memory+0x263/0x3b0 [ 237.819286][ T5859] ? preempt_schedule_thunk+0x1a/0x20 [ 237.824720][ T5859] ? mem_cgroup_oom_trylock+0x210/0x210 [ 237.830343][ T5859] ? cgroup_file_notify+0x127/0x190 [ 237.835632][ T5859] memory_max_write+0x355/0x470 [ 237.840552][ T5859] ? memory_max_show+0xa0/0xa0 [ 237.845373][ T5859] ? read_lock_is_recursive+0x20/0x20 [ 237.850811][ T5859] ? memory_max_show+0xa0/0xa0 [ 237.855625][ T5859] cgroup_file_write+0x2b1/0x780 [ 237.860610][ T5859] ? cgroup_seqfile_stop+0xd0/0xd0 [ 237.865751][ T5859] ? __virt_addr_valid+0x22f/0x2e0 [ 237.870933][ T5859] ? cgroup_seqfile_stop+0xd0/0xd0 [ 237.876085][ T5859] kernfs_fop_write_iter+0x3a6/0x4f0 [ 237.881428][ T5859] vfs_write+0x7b2/0xbb0 [ 237.885732][ T5859] ? file_end_write+0x240/0x240 [ 237.890637][ T5859] ? do_raw_spin_unlock+0x13b/0x8b0 [ 237.895883][ T5859] ? lockdep_hardirqs_on+0x98/0x140 [ 237.901143][ T5859] ? __fdget_pos+0x265/0x2f0 [ 237.905788][ T5859] ksys_write+0x1a0/0x2c0 [ 237.910174][ T5859] ? __ia32_sys_read+0x90/0x90 [ 237.914985][ T5859] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 237.921025][ T5859] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 237.927070][ T5859] do_syscall_64+0x41/0xc0 [ 237.931544][ T5859] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 237.937492][ T5859] RIP: 0033:0x7fd49ce20129 [ 237.941965][ T5859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 237.961613][ T5859] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.970079][ T5859] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 237.978096][ T5859] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 237.986105][ T5859] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 237.994117][ T5859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 238.002131][ T5859] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003f [ 238.010178][ T5859] [ 238.021664][ T5859] memory: usage 8kB, limit 0kB, failcnt 55 [ 238.027684][ T5859] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.034750][ T5859] Memory cgroup stats for /syz1: [pid 5073] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./66/file0") = 0 [pid 5073] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./66/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./66") = 0 [ 238.034966][ T5859] anon 0 [ 238.034966][ T5859] file 0 [ 238.034966][ T5859] kernel 8192 [ 238.034966][ T5859] kernel_stack 0 [ 238.034966][ T5859] pagetables 0 [ 238.034966][ T5859] sec_pagetables 0 [ 238.034966][ T5859] percpu 0 [ 238.034966][ T5859] sock 0 [ 238.034966][ T5859] vmalloc 0 [ 238.034966][ T5859] shmem 0 [ 238.034966][ T5859] zswap 0 [ 238.034966][ T5859] zswapped 0 [ 238.034966][ T5859] file_mapped 0 [ 238.034966][ T5859] file_dirty 0 [ 238.034966][ T5859] file_writeback 0 [ 238.034966][ T5859] swapcached 0 [pid 5073] mkdir("./67", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 69 ./strace-static-x86_64: Process 5867 attached [ 238.034966][ T5859] anon_thp 0 [ 238.034966][ T5859] file_thp 0 [ 238.034966][ T5859] shmem_thp 0 [ 238.034966][ T5859] inactive_anon 0 [ 238.034966][ T5859] active_anon 0 [ 238.034966][ T5859] inactive_file 0 [ 238.034966][ T5859] active_file 0 [ 238.034966][ T5859] unevictable 0 [ 238.034966][ T5859] slab_reclaimable 6752 [ 238.034966][ T5859] slab_unreclaimable 0 [ 238.034966][ T5859] slab 6752 [ 238.034966][ T5859] workingset_refault_anon 0 [ 238.134389][ T5859] Tasks state (memory values in pages): [pid 5867] chdir("./67") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] <... write resumed>) = 18 [ 238.140744][ T5859] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 238.150788][ T5859] Out of memory and no killable processes... [ 238.157343][ T5860] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 238.168592][ T5860] CPU: 0 PID: 5860 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 238.179063][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5867] setpgid(0, 0) = 0 [pid 5867] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5867] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5867] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5867] mkdir("./file0", 000) = 0 [ 238.189170][ T5860] Call Trace: [ 238.192498][ T5860] [ 238.195469][ T5860] dump_stack_lvl+0x1e7/0x2d0 [ 238.200211][ T5860] ? nf_tcp_handle_invalid+0x640/0x640 [ 238.205734][ T5860] ? panic+0x770/0x770 [ 238.209871][ T5860] dump_header+0xdc/0x940 [ 238.214271][ T5860] out_of_memory+0xf21/0x12c0 [ 238.219009][ T5860] ? mutex_lock_io_nested+0x60/0x60 [ 238.224270][ T5860] ? preempt_schedule+0xdd/0xf0 [ 238.229185][ T5860] ? unregister_oom_notifier+0x20/0x20 [ 238.234702][ T5860] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [pid 5867] open("./file0", O_RDONLY) = 3 [pid 5867] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5867] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5867] openat(5, "memory.max", O_RDWR) = 6 [pid 5867] write(6, "0x000000000000040e", 18 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] close(5) = 0 [pid 5859] close(6) = 0 [ 238.240754][ T5860] mem_cgroup_out_of_memory+0x263/0x3b0 [ 238.246370][ T5860] ? preempt_schedule_thunk+0x1a/0x20 [ 238.251814][ T5860] ? mem_cgroup_oom_trylock+0x210/0x210 [ 238.257445][ T5860] ? cgroup_file_notify+0x127/0x190 [ 238.262703][ T5860] memory_max_write+0x355/0x470 [ 238.267615][ T5860] ? memory_max_show+0xa0/0xa0 [ 238.272432][ T5860] ? read_lock_is_recursive+0x20/0x20 [ 238.277859][ T5860] ? memory_max_show+0xa0/0xa0 [ 238.282675][ T5860] cgroup_file_write+0x2b1/0x780 [pid 5859] close(7) = -1 EBADF (Bad file descriptor) [pid 5859] close(8) = -1 EBADF (Bad file descriptor) [pid 5859] close(9) = -1 EBADF (Bad file descriptor) [pid 5859] close(10) = -1 EBADF (Bad file descriptor) [pid 5859] close(11) = -1 EBADF (Bad file descriptor) [pid 5859] close(12) = -1 EBADF (Bad file descriptor) [pid 5859] close(13) = -1 EBADF (Bad file descriptor) [pid 5859] close(14) = -1 EBADF (Bad file descriptor) [pid 5859] close(15) = -1 EBADF (Bad file descriptor) [pid 5859] close(16) = -1 EBADF (Bad file descriptor) [pid 5859] close(17) = -1 EBADF (Bad file descriptor) [pid 5859] close(18) = -1 EBADF (Bad file descriptor) [pid 5859] close(19) = -1 EBADF (Bad file descriptor) [pid 5859] close(20) = -1 EBADF (Bad file descriptor) [pid 5859] close(21) = -1 EBADF (Bad file descriptor) [pid 5859] close(22) = -1 EBADF (Bad file descriptor) [pid 5859] close(23) = -1 EBADF (Bad file descriptor) [pid 5859] close(24) = -1 EBADF (Bad file descriptor) [ 238.287679][ T5860] ? cgroup_seqfile_stop+0xd0/0xd0 [ 238.292842][ T5860] ? __virt_addr_valid+0x22f/0x2e0 [ 238.298039][ T5860] ? cgroup_seqfile_stop+0xd0/0xd0 [ 238.303200][ T5860] kernfs_fop_write_iter+0x3a6/0x4f0 [ 238.308555][ T5860] vfs_write+0x7b2/0xbb0 [ 238.312866][ T5860] ? file_end_write+0x240/0x240 [ 238.317787][ T5860] ? do_raw_spin_unlock+0x13b/0x8b0 [ 238.323049][ T5860] ? lockdep_hardirqs_on+0x98/0x140 [ 238.328317][ T5860] ? __fdget_pos+0x265/0x2f0 [ 238.332971][ T5860] ksys_write+0x1a0/0x2c0 [ 238.337357][ T5860] ? __ia32_sys_read+0x90/0x90 [pid 5859] close(25) = -1 EBADF (Bad file descriptor) [pid 5859] close(26) = -1 EBADF (Bad file descriptor) [pid 5859] close(27) = -1 EBADF (Bad file descriptor) [pid 5859] close(28) = -1 EBADF (Bad file descriptor) [pid 5859] close(29) = -1 EBADF (Bad file descriptor) [pid 5859] exit_group(0) = ? [pid 5859] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5072] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./63/binderfs") = 0 [pid 5072] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 238.342177][ T5860] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 238.348227][ T5860] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 238.354285][ T5860] do_syscall_64+0x41/0xc0 [ 238.358766][ T5860] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 238.364754][ T5860] RIP: 0033:0x7fd49ce20129 [ 238.369225][ T5860] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5072] unlink("./63/cgroup") = 0 [pid 5072] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./63/cgroup.net") = 0 [pid 5072] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 238.388886][ T5860] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.397376][ T5860] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 238.405402][ T5860] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 238.413439][ T5860] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 238.421458][ T5860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 238.429527][ T5860] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000045 [ 238.437570][ T5860] [pid 5072] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./63/file0") = 0 [pid 5072] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./63/cgroup.cpu") = 0 [ 238.455049][ T5860] memory: usage 8kB, limit 0kB, failcnt 55 [ 238.461621][ T5860] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.468954][ T5860] Memory cgroup stats for /syz1: [ 238.469351][ T5860] anon 0 [ 238.469351][ T5860] file 0 [ 238.469351][ T5860] kernel 8192 [ 238.469351][ T5860] kernel_stack 0 [ 238.469351][ T5860] pagetables 0 [ 238.469351][ T5860] sec_pagetables 0 [ 238.469351][ T5860] percpu 0 [ 238.469351][ T5860] sock 0 [ 238.469351][ T5860] vmalloc 0 [ 238.469351][ T5860] shmem 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./63") = 0 [pid 5072] mkdir("./64", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 66 [ 238.469351][ T5860] zswap 0 [ 238.469351][ T5860] zswapped 0 [ 238.469351][ T5860] file_mapped 0 [ 238.469351][ T5860] file_dirty 0 [ 238.469351][ T5860] file_writeback 0 [ 238.469351][ T5860] swapcached 0 [ 238.469351][ T5860] anon_thp 0 [ 238.469351][ T5860] file_thp 0 [ 238.469351][ T5860] shmem_thp 0 [ 238.469351][ T5860] inactive_anon 0 [ 238.469351][ T5860] active_anon 0 [ 238.469351][ T5860] inactive_file 0 [ 238.469351][ T5860] active_file 0 [ 238.469351][ T5860] unevictable 0 [ 238.469351][ T5860] slab_reclaimable 6752 ./strace-static-x86_64: Process 5868 attached [pid 5868] chdir("./64") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5868] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5868] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] mkdir("./file0", 000) = 0 [pid 5868] open("./file0", O_RDONLY) = 3 [pid 5868] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5868] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5868] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5868] openat(5, "memory.max", O_RDWR) = 6 [pid 5868] write(6, "0x000000000000040e", 18 [pid 5860] <... write resumed>) = 18 [ 238.469351][ T5860] slab_unreclaimable 0 [ 238.469351][ T5860] slab 6752 [ 238.469351][ T5860] workingset_refault_anon 0 [ 238.570698][ T5860] Tasks state (memory values in pages): [ 238.577945][ T5860] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 238.598788][ T5860] Out of memory and no killable processes... [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] close(5) = 0 [pid 5860] close(6) = 0 [pid 5860] close(7) = -1 EBADF (Bad file descriptor) [pid 5860] close(8) = -1 EBADF (Bad file descriptor) [pid 5860] close(9) = -1 EBADF (Bad file descriptor) [pid 5860] close(10) = -1 EBADF (Bad file descriptor) [pid 5860] close(11) = -1 EBADF (Bad file descriptor) [pid 5860] close(12) = -1 EBADF (Bad file descriptor) [pid 5860] close(13) = -1 EBADF (Bad file descriptor) [pid 5860] close(14) = -1 EBADF (Bad file descriptor) [pid 5860] close(15) = -1 EBADF (Bad file descriptor) [pid 5860] close(16) = -1 EBADF (Bad file descriptor) [pid 5860] close(17) = -1 EBADF (Bad file descriptor) [pid 5860] close(18) = -1 EBADF (Bad file descriptor) [pid 5860] close(19) = -1 EBADF (Bad file descriptor) [pid 5860] close(20) = -1 EBADF (Bad file descriptor) [pid 5860] close(21) = -1 EBADF (Bad file descriptor) [pid 5860] close(22) = -1 EBADF (Bad file descriptor) [pid 5860] close(23) = -1 EBADF (Bad file descriptor) [pid 5860] close(24) = -1 EBADF (Bad file descriptor) [pid 5860] close(25) = -1 EBADF (Bad file descriptor) [pid 5860] close(26) = -1 EBADF (Bad file descriptor) [pid 5860] close(27) = -1 EBADF (Bad file descriptor) [pid 5860] close(28) = -1 EBADF (Bad file descriptor) [pid 5860] close(29) = -1 EBADF (Bad file descriptor) [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ [ 238.605802][ T5863] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 238.641686][ T5863] CPU: 1 PID: 5863 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5075] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./69/binderfs") = 0 [pid 5075] umount2("./69/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./69/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./69/cgroup") = 0 [pid 5075] umount2("./69/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./69/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./69/cgroup.net") = 0 [ 238.652185][ T5863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 238.662283][ T5863] Call Trace: [ 238.665603][ T5863] [ 238.668575][ T5863] dump_stack_lvl+0x1e7/0x2d0 [ 238.673334][ T5863] ? nf_tcp_handle_invalid+0x640/0x640 [ 238.678876][ T5863] ? panic+0x770/0x770 [ 238.683016][ T5863] dump_header+0xdc/0x940 [ 238.687427][ T5863] out_of_memory+0xf21/0x12c0 [ 238.692154][ T5863] ? mutex_lock_io_nested+0x60/0x60 [ 238.697410][ T5863] ? preempt_schedule+0xdd/0xf0 [ 238.702291][ T5863] ? unregister_oom_notifier+0x20/0x20 [ 238.707790][ T5863] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 238.713844][ T5863] mem_cgroup_out_of_memory+0x263/0x3b0 [ 238.719435][ T5863] ? preempt_schedule_thunk+0x1a/0x20 [ 238.724850][ T5863] ? mem_cgroup_oom_trylock+0x210/0x210 [ 238.730456][ T5863] ? cgroup_file_notify+0x127/0x190 [ 238.735697][ T5863] memory_max_write+0x355/0x470 [ 238.740615][ T5863] ? memory_max_show+0xa0/0xa0 [ 238.745414][ T5863] ? read_lock_is_recursive+0x20/0x20 [ 238.750820][ T5863] ? memory_max_show+0xa0/0xa0 [ 238.755621][ T5863] cgroup_file_write+0x2b1/0x780 [ 238.760582][ T5863] ? cgroup_seqfile_stop+0xd0/0xd0 [ 238.765734][ T5863] ? __virt_addr_valid+0x22f/0x2e0 [ 238.770894][ T5863] ? cgroup_seqfile_stop+0xd0/0xd0 [ 238.776057][ T5863] kernfs_fop_write_iter+0x3a6/0x4f0 [ 238.781386][ T5863] vfs_write+0x7b2/0xbb0 [ 238.785653][ T5863] ? file_end_write+0x240/0x240 [ 238.790541][ T5863] ? do_raw_spin_unlock+0x13b/0x8b0 [ 238.795795][ T5863] ? lockdep_hardirqs_on+0x98/0x140 [ 238.801040][ T5863] ? __fdget_pos+0x265/0x2f0 [ 238.805651][ T5863] ksys_write+0x1a0/0x2c0 [ 238.810036][ T5863] ? __ia32_sys_read+0x90/0x90 [ 238.814850][ T5863] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 238.820897][ T5863] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 238.826944][ T5863] do_syscall_64+0x41/0xc0 [ 238.831423][ T5863] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 238.837375][ T5863] RIP: 0033:0x7fd49ce20129 [ 238.841829][ T5863] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 238.861477][ T5863] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.869940][ T5863] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 238.877957][ T5863] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 238.885968][ T5863] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 238.893972][ T5863] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5075] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./69/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./69/file0") = 0 [pid 5075] umount2("./69/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./69/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 238.901987][ T5863] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000003f [ 238.910014][ T5863] [ 238.918369][ T5863] memory: usage 8kB, limit 0kB, failcnt 55 [ 238.924414][ T5863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.937496][ T5863] Memory cgroup stats for /syz1: [ 238.937712][ T5863] anon 0 [ 238.937712][ T5863] file 0 [ 238.937712][ T5863] kernel 8192 [ 238.937712][ T5863] kernel_stack 0 [pid 5075] unlink("./69/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [ 238.937712][ T5863] pagetables 0 [ 238.937712][ T5863] sec_pagetables 0 [ 238.937712][ T5863] percpu 0 [ 238.937712][ T5863] sock 0 [ 238.937712][ T5863] vmalloc 0 [ 238.937712][ T5863] shmem 0 [ 238.937712][ T5863] zswap 0 [ 238.937712][ T5863] zswapped 0 [ 238.937712][ T5863] file_mapped 0 [ 238.937712][ T5863] file_dirty 0 [ 238.937712][ T5863] file_writeback 0 [ 238.937712][ T5863] swapcached 0 [ 238.937712][ T5863] anon_thp 0 [ 238.937712][ T5863] file_thp 0 [ 238.937712][ T5863] shmem_thp 0 [ 238.937712][ T5863] inactive_anon 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./69") = 0 [pid 5075] mkdir("./70", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached [pid 5870] chdir("./70" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 72 [pid 5870] <... chdir resumed>) = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5870] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5870] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] mkdir("./file0", 000) = 0 [pid 5870] open("./file0", O_RDONLY) = 3 [pid 5870] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5870] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5870] openat(5, "memory.max", O_RDWR) = 6 [ 238.937712][ T5863] active_anon 0 [ 238.937712][ T5863] inactive_file 0 [ 238.937712][ T5863] active_file 0 [ 238.937712][ T5863] unevictable 0 [ 238.937712][ T5863] slab_reclaimable 6752 [ 238.937712][ T5863] slab_unreclaimable 0 [ 238.937712][ T5863] slab 6752 [ 238.937712][ T5863] workingset_refault_anon 0 [ 239.035449][ T5863] Tasks state (memory values in pages): [ 239.041660][ T5863] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5870] write(6, "0x000000000000040e", 18 [pid 5863] <... write resumed>) = 18 [pid 5863] close(3) = 0 [pid 5863] close(4) = 0 [pid 5863] close(5) = 0 [pid 5863] close(6) = 0 [pid 5863] close(7) = -1 EBADF (Bad file descriptor) [pid 5863] close(8) = -1 EBADF (Bad file descriptor) [pid 5863] close(9) = -1 EBADF (Bad file descriptor) [pid 5863] close(10) = -1 EBADF (Bad file descriptor) [pid 5863] close(11) = -1 EBADF (Bad file descriptor) [pid 5863] close(12) = -1 EBADF (Bad file descriptor) [pid 5863] close(13) = -1 EBADF (Bad file descriptor) [pid 5863] close(14) = -1 EBADF (Bad file descriptor) [pid 5863] close(15) = -1 EBADF (Bad file descriptor) [pid 5863] close(16) = -1 EBADF (Bad file descriptor) [pid 5863] close(17) = -1 EBADF (Bad file descriptor) [pid 5863] close(18) = -1 EBADF (Bad file descriptor) [pid 5863] close(19) = -1 EBADF (Bad file descriptor) [pid 5863] close(20) = -1 EBADF (Bad file descriptor) [pid 5863] close(21) = -1 EBADF (Bad file descriptor) [pid 5863] close(22) = -1 EBADF (Bad file descriptor) [ 239.052883][ T5863] Out of memory and no killable processes... [ 239.060909][ T5864] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 239.094734][ T5864] CPU: 1 PID: 5864 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 239.105231][ T5864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 239.115311][ T5864] Call Trace: [ 239.118605][ T5864] [ 239.121545][ T5864] dump_stack_lvl+0x1e7/0x2d0 [ 239.126253][ T5864] ? nf_tcp_handle_invalid+0x640/0x640 [ 239.131737][ T5864] ? panic+0x770/0x770 [ 239.135847][ T5864] dump_header+0xdc/0x940 [ 239.140240][ T5864] out_of_memory+0xf21/0x12c0 [ 239.144947][ T5864] ? mutex_lock_io_nested+0x60/0x60 [ 239.150197][ T5864] ? preempt_schedule+0xdd/0xf0 [ 239.155086][ T5864] ? unregister_oom_notifier+0x20/0x20 [ 239.160570][ T5864] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 239.166589][ T5864] mem_cgroup_out_of_memory+0x263/0x3b0 [ 239.172162][ T5864] ? preempt_schedule_thunk+0x1a/0x20 [ 239.177563][ T5864] ? mem_cgroup_oom_trylock+0x210/0x210 [ 239.183161][ T5864] ? cgroup_file_notify+0x127/0x190 [ 239.188400][ T5864] memory_max_write+0x355/0x470 [ 239.193277][ T5864] ? memory_max_show+0xa0/0xa0 [ 239.198058][ T5864] ? read_lock_is_recursive+0x20/0x20 [ 239.203711][ T5864] ? memory_max_show+0xa0/0xa0 [ 239.208504][ T5864] cgroup_file_write+0x2b1/0x780 [ 239.213461][ T5864] ? cgroup_seqfile_stop+0xd0/0xd0 [ 239.218588][ T5864] ? __virt_addr_valid+0x22f/0x2e0 [ 239.223732][ T5864] ? cgroup_seqfile_stop+0xd0/0xd0 [ 239.228872][ T5864] kernfs_fop_write_iter+0x3a6/0x4f0 [ 239.234181][ T5864] vfs_write+0x7b2/0xbb0 [ 239.238457][ T5864] ? file_end_write+0x240/0x240 [ 239.243334][ T5864] ? do_raw_spin_unlock+0x13b/0x8b0 [ 239.248553][ T5864] ? lockdep_hardirqs_on+0x98/0x140 [ 239.253775][ T5864] ? __fdget_pos+0x265/0x2f0 [ 239.258399][ T5864] ksys_write+0x1a0/0x2c0 [ 239.262749][ T5864] ? __ia32_sys_read+0x90/0x90 [ 239.267546][ T5864] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 239.273551][ T5864] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 239.279555][ T5864] do_syscall_64+0x41/0xc0 [ 239.283989][ T5864] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 239.289910][ T5864] RIP: 0033:0x7fd49ce20129 [ 239.294340][ T5864] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 239.313961][ T5864] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 239.322395][ T5864] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 239.330381][ T5864] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 239.338367][ T5864] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 239.346357][ T5864] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5863] close(23) = -1 EBADF (Bad file descriptor) [pid 5863] close(24) = -1 EBADF (Bad file descriptor) [pid 5863] close(25) = -1 EBADF (Bad file descriptor) [pid 5863] close(26) = -1 EBADF (Bad file descriptor) [pid 5863] close(27) = -1 EBADF (Bad file descriptor) [pid 5863] close(28) = -1 EBADF (Bad file descriptor) [pid 5863] close(29) = -1 EBADF (Bad file descriptor) [pid 5863] exit_group(0) = ? [pid 5863] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5070] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./63/binderfs") = 0 [pid 5070] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./63/cgroup") = 0 [pid 5070] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./63/cgroup.net") = 0 [pid 5070] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 239.354344][ T5864] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000047 [ 239.362347][ T5864] [ 239.388555][ T5864] memory: usage 8kB, limit 0kB, failcnt 55 [ 239.394442][ T5864] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5070] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./63/file0") = 0 [pid 5070] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./63/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./63") = 0 [pid 5070] mkdir("./64", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 66 ./strace-static-x86_64: Process 5871 attached [pid 5871] chdir("./64") = 0 [ 239.414543][ T5864] Memory cgroup stats for /syz1: [ 239.414823][ T5864] anon 0 [ 239.414823][ T5864] file 0 [ 239.414823][ T5864] kernel 8192 [ 239.414823][ T5864] kernel_stack 0 [ 239.414823][ T5864] pagetables 0 [ 239.414823][ T5864] sec_pagetables 0 [ 239.414823][ T5864] percpu 0 [ 239.414823][ T5864] sock 0 [ 239.414823][ T5864] vmalloc 0 [ 239.414823][ T5864] shmem 0 [ 239.414823][ T5864] zswap 0 [ 239.414823][ T5864] zswapped 0 [ 239.414823][ T5864] file_mapped 0 [ 239.414823][ T5864] file_dirty 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5871] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5871] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] mkdir("./file0", 000) = 0 [pid 5871] open("./file0", O_RDONLY) = 3 [pid 5871] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5871] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5871] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5871] openat(5, "memory.max", O_RDWR) = 6 [ 239.414823][ T5864] file_writeback 0 [ 239.414823][ T5864] swapcached 0 [ 239.414823][ T5864] anon_thp 0 [ 239.414823][ T5864] file_thp 0 [ 239.414823][ T5864] shmem_thp 0 [ 239.414823][ T5864] inactive_anon 0 [ 239.414823][ T5864] active_anon 0 [ 239.414823][ T5864] inactive_file 0 [ 239.414823][ T5864] active_file 0 [ 239.414823][ T5864] unevictable 0 [ 239.414823][ T5864] slab_reclaimable 6752 [ 239.414823][ T5864] slab_unreclaimable 0 [ 239.414823][ T5864] slab 6752 [ 239.414823][ T5864] workingset_refault_anon 0 [pid 5871] write(6, "0x000000000000040e", 18 [pid 5864] <... write resumed>) = 18 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] close(5) = 0 [pid 5864] close(6) = 0 [ 239.542364][ T5864] Tasks state (memory values in pages): [ 239.548858][ T5864] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 239.558645][ T5864] Out of memory and no killable processes... [ 239.564722][ T5867] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 239.577072][ T5867] CPU: 1 PID: 5867 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5864] close(7) = -1 EBADF (Bad file descriptor) [pid 5864] close(8) = -1 EBADF (Bad file descriptor) [pid 5864] close(9) = -1 EBADF (Bad file descriptor) [pid 5864] close(10) = -1 EBADF (Bad file descriptor) [pid 5864] close(11) = -1 EBADF (Bad file descriptor) [pid 5864] close(12) = -1 EBADF (Bad file descriptor) [pid 5864] close(13) = -1 EBADF (Bad file descriptor) [pid 5864] close(14) = -1 EBADF (Bad file descriptor) [pid 5864] close(15) = -1 EBADF (Bad file descriptor) [pid 5864] close(16) = -1 EBADF (Bad file descriptor) [pid 5864] close(17) = -1 EBADF (Bad file descriptor) [pid 5864] close(18) = -1 EBADF (Bad file descriptor) [pid 5864] close(19) = -1 EBADF (Bad file descriptor) [pid 5864] close(20) = -1 EBADF (Bad file descriptor) [pid 5864] close(21) = -1 EBADF (Bad file descriptor) [pid 5864] close(22) = -1 EBADF (Bad file descriptor) [pid 5864] close(23) = -1 EBADF (Bad file descriptor) [pid 5864] close(24) = -1 EBADF (Bad file descriptor) [pid 5864] close(25) = -1 EBADF (Bad file descriptor) [pid 5864] close(26) = -1 EBADF (Bad file descriptor) [pid 5864] close(27) = -1 EBADF (Bad file descriptor) [pid 5864] close(28) = -1 EBADF (Bad file descriptor) [pid 5864] close(29) = -1 EBADF (Bad file descriptor) [pid 5864] exit_group(0) = ? [pid 5864] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./71/binderfs") = 0 [pid 5074] umount2("./71/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./71/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./71/cgroup") = 0 [pid 5074] umount2("./71/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./71/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./71/cgroup.net") = 0 [ 239.587545][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 239.597651][ T5867] Call Trace: [ 239.600974][ T5867] [ 239.603943][ T5867] dump_stack_lvl+0x1e7/0x2d0 [ 239.608691][ T5867] ? nf_tcp_handle_invalid+0x640/0x640 [ 239.614211][ T5867] ? panic+0x770/0x770 [ 239.618352][ T5867] dump_header+0xdc/0x940 [ 239.622753][ T5867] out_of_memory+0xf21/0x12c0 [ 239.627506][ T5867] ? mutex_lock_io_nested+0x60/0x60 [ 239.632765][ T5867] ? mark_lock+0x9a/0x340 [ 239.637140][ T5867] ? unregister_oom_notifier+0x20/0x20 [ 239.642638][ T5867] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 239.648668][ T5867] mem_cgroup_out_of_memory+0x263/0x3b0 [ 239.654259][ T5867] ? mem_cgroup_oom_trylock+0x210/0x210 [ 239.659849][ T5867] ? cgroup_file_notify+0x127/0x190 [ 239.665081][ T5867] memory_max_write+0x355/0x470 [ 239.669967][ T5867] ? memory_max_show+0xa0/0xa0 [ 239.674750][ T5867] ? read_lock_is_recursive+0x20/0x20 [ 239.680150][ T5867] ? memory_max_show+0xa0/0xa0 [ 239.684930][ T5867] cgroup_file_write+0x2b1/0x780 [ 239.689887][ T5867] ? cgroup_seqfile_stop+0xd0/0xd0 [ 239.695013][ T5867] ? __virt_addr_valid+0x22f/0x2e0 [ 239.700173][ T5867] ? cgroup_seqfile_stop+0xd0/0xd0 [ 239.705295][ T5867] kernfs_fop_write_iter+0x3a6/0x4f0 [ 239.710604][ T5867] vfs_write+0x7b2/0xbb0 [ 239.714875][ T5867] ? file_end_write+0x240/0x240 [ 239.719746][ T5867] ? do_raw_spin_unlock+0x13b/0x8b0 [ 239.724961][ T5867] ? lockdep_hardirqs_on+0x98/0x140 [ 239.730206][ T5867] ? __fdget_pos+0x265/0x2f0 [ 239.734826][ T5867] ksys_write+0x1a0/0x2c0 [ 239.739184][ T5867] ? __ia32_sys_read+0x90/0x90 [ 239.743968][ T5867] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 239.749973][ T5867] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 239.755978][ T5867] do_syscall_64+0x41/0xc0 [ 239.760413][ T5867] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 239.766328][ T5867] RIP: 0033:0x7fd49ce20129 [ 239.770763][ T5867] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 239.790380][ T5867] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 239.798815][ T5867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 239.806800][ T5867] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 239.814779][ T5867] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 239.822759][ T5867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 239.830739][ T5867] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000043 [ 239.838744][ T5867] [pid 5074] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./71/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./71/file0") = 0 [pid 5074] umount2("./71/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./71/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 239.845448][ T5867] memory: usage 8kB, limit 0kB, failcnt 55 [ 239.853265][ T5867] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 239.861497][ T5867] Memory cgroup stats for /syz1: [ 239.861841][ T5867] anon 0 [ 239.861841][ T5867] file 0 [ 239.861841][ T5867] kernel 8192 [ 239.861841][ T5867] kernel_stack 0 [ 239.861841][ T5867] pagetables 0 [ 239.861841][ T5867] sec_pagetables 0 [ 239.861841][ T5867] percpu 0 [ 239.861841][ T5867] sock 0 [ 239.861841][ T5867] vmalloc 0 [ 239.861841][ T5867] shmem 0 [ 239.861841][ T5867] zswap 0 [ 239.861841][ T5867] zswapped 0 [ 239.861841][ T5867] file_mapped 0 [ 239.861841][ T5867] file_dirty 0 [ 239.861841][ T5867] file_writeback 0 [ 239.861841][ T5867] swapcached 0 [ 239.861841][ T5867] anon_thp 0 [ 239.861841][ T5867] file_thp 0 [ 239.861841][ T5867] shmem_thp 0 [ 239.861841][ T5867] inactive_anon 0 [ 239.861841][ T5867] active_anon 0 [ 239.861841][ T5867] inactive_file 0 [ 239.861841][ T5867] active_file 0 [ 239.861841][ T5867] unevictable 0 [pid 5074] unlink("./71/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./71") = 0 [pid 5074] mkdir("./72", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached [pid 5873] chdir("./72") = 0 [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 74 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5873] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5873] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] mkdir("./file0", 000) = 0 [pid 5873] open("./file0", O_RDONLY) = 3 [pid 5873] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5873] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5873] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5873] openat(5, "memory.max", O_RDWR) = 6 [pid 5873] write(6, "0x000000000000040e", 18 [pid 5867] <... write resumed>) = 18 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] close(5) = 0 [pid 5867] close(6) = 0 [pid 5867] close(7) = -1 EBADF (Bad file descriptor) [pid 5867] close(8) = -1 EBADF (Bad file descriptor) [pid 5867] close(9) = -1 EBADF (Bad file descriptor) [pid 5867] close(10) = -1 EBADF (Bad file descriptor) [ 239.861841][ T5867] slab_reclaimable 6752 [ 239.861841][ T5867] slab_unreclaimable 0 [ 239.861841][ T5867] slab 6752 [ 239.861841][ T5867] workingset_refault_anon 0 [ 239.960187][ T5867] Tasks state (memory values in pages): [ 239.966017][ T5867] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 239.979194][ T5867] Out of memory and no killable processes... [ 239.986074][ T5868] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5867] close(11) = -1 EBADF (Bad file descriptor) [pid 5867] close(12) = -1 EBADF (Bad file descriptor) [pid 5867] close(13) = -1 EBADF (Bad file descriptor) [pid 5867] close(14) = -1 EBADF (Bad file descriptor) [pid 5867] close(15) = -1 EBADF (Bad file descriptor) [pid 5867] close(16) = -1 EBADF (Bad file descriptor) [pid 5867] close(17) = -1 EBADF (Bad file descriptor) [pid 5867] close(18) = -1 EBADF (Bad file descriptor) [pid 5867] close(19) = -1 EBADF (Bad file descriptor) [pid 5867] close(20) = -1 EBADF (Bad file descriptor) [pid 5867] close(21) = -1 EBADF (Bad file descriptor) [pid 5867] close(22) = -1 EBADF (Bad file descriptor) [pid 5867] close(23) = -1 EBADF (Bad file descriptor) [pid 5867] close(24) = -1 EBADF (Bad file descriptor) [pid 5867] close(25) = -1 EBADF (Bad file descriptor) [pid 5867] close(26) = -1 EBADF (Bad file descriptor) [pid 5867] close(27) = -1 EBADF (Bad file descriptor) [pid 5867] close(28) = -1 EBADF (Bad file descriptor) [pid 5867] close(29) = -1 EBADF (Bad file descriptor) [pid 5867] exit_group(0) = ? [pid 5867] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 239.997468][ T5868] CPU: 0 PID: 5868 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 240.007954][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 240.018059][ T5868] Call Trace: [ 240.021379][ T5868] [ 240.024343][ T5868] dump_stack_lvl+0x1e7/0x2d0 [ 240.029079][ T5868] ? nf_tcp_handle_invalid+0x640/0x640 [ 240.034605][ T5868] ? panic+0x770/0x770 [ 240.038767][ T5868] dump_header+0xdc/0x940 [ 240.043164][ T5868] out_of_memory+0xf21/0x12c0 [pid 5073] unlink("./67/binderfs") = 0 [pid 5073] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./67/cgroup") = 0 [pid 5073] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./67/cgroup.net") = 0 [ 240.047911][ T5868] ? mutex_lock_io_nested+0x60/0x60 [ 240.053184][ T5868] ? preempt_schedule+0xdd/0xf0 [ 240.058092][ T5868] ? unregister_oom_notifier+0x20/0x20 [ 240.063618][ T5868] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 240.069678][ T5868] mem_cgroup_out_of_memory+0x263/0x3b0 [ 240.075293][ T5868] ? preempt_schedule_thunk+0x1a/0x20 [ 240.080738][ T5868] ? mem_cgroup_oom_trylock+0x210/0x210 [ 240.086365][ T5868] ? cgroup_file_notify+0x127/0x190 [ 240.091607][ T5868] memory_max_write+0x355/0x470 [ 240.096489][ T5868] ? memory_max_show+0xa0/0xa0 [ 240.101285][ T5868] ? read_lock_is_recursive+0x20/0x20 [ 240.106695][ T5868] ? memory_max_show+0xa0/0xa0 [ 240.111487][ T5868] cgroup_file_write+0x2b1/0x780 [ 240.116451][ T5868] ? cgroup_seqfile_stop+0xd0/0xd0 [ 240.121588][ T5868] ? __virt_addr_valid+0x22f/0x2e0 [ 240.126743][ T5868] ? cgroup_seqfile_stop+0xd0/0xd0 [ 240.131875][ T5868] kernfs_fop_write_iter+0x3a6/0x4f0 [ 240.137187][ T5868] vfs_write+0x7b2/0xbb0 [ 240.141455][ T5868] ? file_end_write+0x240/0x240 [ 240.146331][ T5868] ? do_raw_spin_unlock+0x13b/0x8b0 [ 240.151551][ T5868] ? lockdep_hardirqs_on+0x98/0x140 [ 240.156779][ T5868] ? __fdget_pos+0x265/0x2f0 [ 240.161425][ T5868] ksys_write+0x1a0/0x2c0 [ 240.165779][ T5868] ? __ia32_sys_read+0x90/0x90 [ 240.170566][ T5868] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 240.176579][ T5868] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 240.182597][ T5868] do_syscall_64+0x41/0xc0 [ 240.187035][ T5868] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.192949][ T5868] RIP: 0033:0x7fd49ce20129 [ 240.197379][ T5868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 240.217281][ T5868] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 240.225737][ T5868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 240.233726][ T5868] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5073] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 240.241716][ T5868] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 240.249702][ T5868] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 240.257683][ T5868] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000040 [ 240.265701][ T5868] [ 240.271755][ T5868] memory: usage 8kB, limit 0kB, failcnt 55 [ 240.273441][ T1065] unregister_netdevice: waiting for lo to become free. Usage count = 2 [ 240.277916][ T5868] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 240.293651][ T5868] Memory cgroup stats for /syz1: [ 240.295194][ T1065] leaked reference. [ 240.295894][ T5868] anon 0 [ 240.295894][ T5868] file 0 [ 240.295894][ T5868] kernel 8192 [ 240.295894][ T5868] kernel_stack 0 [ 240.295894][ T5868] pagetables 0 [ 240.295894][ T5868] sec_pagetables 0 [ 240.295894][ T5868] percpu 0 [ 240.295894][ T5868] sock 0 [ 240.295894][ T5868] vmalloc 0 [ 240.295894][ T5868] shmem 0 [ 240.295894][ T5868] zswap 0 [ 240.295894][ T5868] zswapped 0 [ 240.295894][ T5868] file_mapped 0 [ 240.295894][ T5868] file_dirty 0 [ 240.295894][ T5868] file_writeback 0 [ 240.295894][ T5868] swapcached 0 [ 240.295894][ T5868] anon_thp 0 [ 240.295894][ T5868] file_thp 0 [ 240.295894][ T5868] shmem_thp 0 [ 240.295894][ T5868] inactive_anon 0 [ 240.295894][ T5868] active_anon 0 [ 240.295894][ T5868] inactive_file 0 [ 240.295894][ T5868] active_file 0 [ 240.295894][ T5868] unevictable 0 [ 240.295894][ T5868] slab_reclaimable 6752 [ 240.295894][ T5868] slab_unreclaimable 0 [ 240.295894][ T5868] slab 6752 [ 240.295894][ T5868] workingset_refault_anon 0 [pid 5073] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [ 240.300472][ T1065] ipv6_add_dev+0x3e6/0x1190 [ 240.300526][ T1065] addrconf_notify+0x64d/0xfb0 [ 240.300550][ T1065] raw_notifier_call_chain+0xd4/0x170 [ 240.304414][ T5868] Tasks state (memory values in pages): [ 240.394793][ T1065] call_netdevice_notifiers+0x149/0x1c0 [ 240.394832][ T1065] register_netdevice+0x1349/0x1790 [ 240.394857][ T1065] register_netdev+0x3b/0x50 [ 240.394881][ T1065] loopback_net_init+0x73/0x150 [ 240.394906][ T1065] ops_init+0x341/0x5d0 [ 240.394927][ T1065] setup_net+0x619/0xd40 [ 240.394949][ T1065] copy_net_ns+0x353/0x590 [pid 5073] rmdir("./67/file0") = 0 [pid 5073] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./67/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./67") = 0 [pid 5073] mkdir("./68", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 70 ./strace-static-x86_64: Process 5874 attached [pid 5874] chdir("./68") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5874] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5874] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 240.394970][ T1065] create_new_namespaces+0x425/0x7a0 [ 240.395007][ T1065] unshare_nsproxy_namespaces+0x11d/0x170 [ 240.395033][ T1065] ksys_unshare+0x584/0xb20 [ 240.395054][ T1065] __x64_sys_unshare+0x38/0x40 [ 240.395075][ T1065] do_syscall_64+0x41/0xc0 [ 240.395101][ T1065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.483658][ T5868] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5874] write(3, "1000", 4) = 4 [pid 5868] <... write resumed>) = 18 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] close(5) = 0 [pid 5868] close(6) = 0 [pid 5868] close(7) = -1 EBADF (Bad file descriptor) [pid 5868] close(8) = -1 EBADF (Bad file descriptor) [pid 5868] close(9) = -1 EBADF (Bad file descriptor) [pid 5868] close(10) = -1 EBADF (Bad file descriptor) [pid 5868] close(11) = -1 EBADF (Bad file descriptor) [pid 5868] close(12) = -1 EBADF (Bad file descriptor) [pid 5868] close(13) = -1 EBADF (Bad file descriptor) [pid 5868] close(14) = -1 EBADF (Bad file descriptor) [pid 5868] close(15) = -1 EBADF (Bad file descriptor) [pid 5868] close(16) = -1 EBADF (Bad file descriptor) [pid 5868] close(17) = -1 EBADF (Bad file descriptor) [pid 5868] close(18) = -1 EBADF (Bad file descriptor) [pid 5868] close(19) = -1 EBADF (Bad file descriptor) [pid 5868] close(20) = -1 EBADF (Bad file descriptor) [pid 5868] close(21) = -1 EBADF (Bad file descriptor) [pid 5868] close(22) = -1 EBADF (Bad file descriptor) [pid 5868] close(23) = -1 EBADF (Bad file descriptor) [pid 5868] close(24) = -1 EBADF (Bad file descriptor) [pid 5868] close(25) = -1 EBADF (Bad file descriptor) [pid 5868] close(26) = -1 EBADF (Bad file descriptor) [pid 5874] close(3 [pid 5868] close(27 [pid 5874] <... close resumed>) = 0 [pid 5868] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5874] symlink("/dev/binderfs", "./binderfs" [ 240.494558][ T5868] Out of memory and no killable processes... [ 240.501261][ T5870] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 240.517566][ T5870] CPU: 0 PID: 5870 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 240.528034][ T5870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 240.538124][ T5870] Call Trace: [ 240.541437][ T5870] [ 240.544405][ T5870] dump_stack_lvl+0x1e7/0x2d0 [pid 5868] close(28 [pid 5874] <... symlink resumed>) = 0 [pid 5868] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5868] close(29) = -1 EBADF (Bad file descriptor) [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5072] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./64/binderfs") = 0 [pid 5072] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./64/cgroup") = 0 [pid 5072] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./64/cgroup.net") = 0 [pid 5072] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] mkdir("./file0", 000) = 0 [pid 5874] open("./file0", O_RDONLY) = 3 [pid 5874] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5874] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5874] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5874] openat(5, "memory.max", O_RDWR) = 6 [ 240.549131][ T5870] ? nf_tcp_handle_invalid+0x640/0x640 [ 240.554636][ T5870] ? panic+0x770/0x770 [ 240.558792][ T5870] dump_header+0xdc/0x940 [ 240.563207][ T5870] out_of_memory+0xf21/0x12c0 [ 240.567931][ T5870] ? mutex_lock_io_nested+0x60/0x60 [ 240.573184][ T5870] ? preempt_schedule+0xdd/0xf0 [ 240.578077][ T5870] ? unregister_oom_notifier+0x20/0x20 [ 240.583585][ T5870] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 240.589618][ T5870] mem_cgroup_out_of_memory+0x263/0x3b0 [ 240.595217][ T5870] ? preempt_schedule_thunk+0x1a/0x20 [ 240.600650][ T5870] ? mem_cgroup_oom_trylock+0x210/0x210 [ 240.606273][ T5870] ? cgroup_file_notify+0x127/0x190 [ 240.611532][ T5870] memory_max_write+0x355/0x470 [ 240.616440][ T5870] ? memory_max_show+0xa0/0xa0 [ 240.621260][ T5870] ? read_lock_is_recursive+0x20/0x20 [ 240.626684][ T5870] ? memory_max_show+0xa0/0xa0 [ 240.631498][ T5870] cgroup_file_write+0x2b1/0x780 [ 240.636482][ T5870] ? cgroup_seqfile_stop+0xd0/0xd0 [ 240.641638][ T5870] ? __virt_addr_valid+0x22f/0x2e0 [ 240.646824][ T5870] ? cgroup_seqfile_stop+0xd0/0xd0 [ 240.651970][ T5870] kernfs_fop_write_iter+0x3a6/0x4f0 [ 240.657312][ T5870] vfs_write+0x7b2/0xbb0 [ 240.661614][ T5870] ? file_end_write+0x240/0x240 [ 240.666517][ T5870] ? do_raw_spin_unlock+0x13b/0x8b0 [ 240.671767][ T5870] ? lockdep_hardirqs_on+0x98/0x140 [ 240.677032][ T5870] ? __fdget_pos+0x265/0x2f0 [ 240.681686][ T5870] ksys_write+0x1a0/0x2c0 [ 240.686060][ T5870] ? __ia32_sys_read+0x90/0x90 [ 240.690853][ T5870] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 240.696902][ T5870] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 240.702949][ T5870] do_syscall_64+0x41/0xc0 [ 240.707437][ T5870] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 240.713403][ T5870] RIP: 0033:0x7fd49ce20129 [ 240.717860][ T5870] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 240.737511][ T5870] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5874] write(6, "0x000000000000040e", 18 [pid 5072] <... umount2 resumed>) = 0 [pid 5072] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 240.745978][ T5870] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 240.753997][ T5870] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 240.762014][ T5870] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 240.770021][ T5870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 240.778035][ T5870] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000046 [ 240.786053][ T5870] [pid 5072] close(4) = 0 [pid 5072] rmdir("./64/file0") = 0 [pid 5072] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./64/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./64") = 0 [pid 5072] mkdir("./65", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 67 [ 240.803456][ T5870] memory: usage 8kB, limit 0kB, failcnt 55 [ 240.817677][ T5870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 240.824685][ T5870] Memory cgroup stats for /syz1: [ 240.824959][ T5870] anon 0 [ 240.824959][ T5870] file 0 [ 240.824959][ T5870] kernel 8192 [ 240.824959][ T5870] kernel_stack 0 [ 240.824959][ T5870] pagetables 0 [ 240.824959][ T5870] sec_pagetables 0 [ 240.824959][ T5870] percpu 0 [ 240.824959][ T5870] sock 0 ./strace-static-x86_64: Process 5875 attached [pid 5875] chdir("./65") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5875] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5875] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [ 240.824959][ T5870] vmalloc 0 [ 240.824959][ T5870] shmem 0 [ 240.824959][ T5870] zswap 0 [ 240.824959][ T5870] zswapped 0 [ 240.824959][ T5870] file_mapped 0 [ 240.824959][ T5870] file_dirty 0 [ 240.824959][ T5870] file_writeback 0 [ 240.824959][ T5870] swapcached 0 [ 240.824959][ T5870] anon_thp 0 [ 240.824959][ T5870] file_thp 0 [ 240.824959][ T5870] shmem_thp 0 [ 240.824959][ T5870] inactive_anon 0 [ 240.824959][ T5870] active_anon 0 [ 240.824959][ T5870] inactive_file 0 [ 240.824959][ T5870] active_file 0 [ 240.824959][ T5870] unevictable 0 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5875] mkdir("./file0", 000) = 0 [pid 5875] open("./file0", O_RDONLY) = 3 [pid 5875] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5875] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5875] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5875] openat(5, "memory.max", O_RDWR) = 6 [ 240.824959][ T5870] slab_reclaimable 6752 [ 240.824959][ T5870] slab_unreclaimable 0 [ 240.824959][ T5870] slab 6752 [ 240.824959][ T5870] workingset_refault_anon 0 [ 240.931677][ T5870] Tasks state (memory values in pages): [ 240.940713][ T5870] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5875] write(6, "0x000000000000040e", 18 [pid 5870] <... write resumed>) = 18 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5870] close(5) = 0 [pid 5870] close(6) = 0 [pid 5870] close(7) = -1 EBADF (Bad file descriptor) [pid 5870] close(8) = -1 EBADF (Bad file descriptor) [pid 5870] close(9) = -1 EBADF (Bad file descriptor) [pid 5870] close(10) = -1 EBADF (Bad file descriptor) [pid 5870] close(11) = -1 EBADF (Bad file descriptor) [pid 5870] close(12) = -1 EBADF (Bad file descriptor) [pid 5870] close(13) = -1 EBADF (Bad file descriptor) [pid 5870] close(14) = -1 EBADF (Bad file descriptor) [pid 5870] close(15) = -1 EBADF (Bad file descriptor) [pid 5870] close(16) = -1 EBADF (Bad file descriptor) [pid 5870] close(17) = -1 EBADF (Bad file descriptor) [pid 5870] close(18) = -1 EBADF (Bad file descriptor) [pid 5870] close(19) = -1 EBADF (Bad file descriptor) [pid 5870] close(20) = -1 EBADF (Bad file descriptor) [pid 5870] close(21) = -1 EBADF (Bad file descriptor) [pid 5870] close(22) = -1 EBADF (Bad file descriptor) [pid 5870] close(23) = -1 EBADF (Bad file descriptor) [pid 5870] close(24) = -1 EBADF (Bad file descriptor) [pid 5870] close(25) = -1 EBADF (Bad file descriptor) [pid 5870] close(26) = -1 EBADF (Bad file descriptor) [pid 5870] close(27) = -1 EBADF (Bad file descriptor) [pid 5870] close(28) = -1 EBADF (Bad file descriptor) [pid 5870] close(29) = -1 EBADF (Bad file descriptor) [pid 5870] exit_group(0) = ? [pid 5870] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=72, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5075] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./70/binderfs") = 0 [pid 5075] umount2("./70/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./70/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./70/cgroup") = 0 [pid 5075] umount2("./70/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./70/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./70/cgroup.net") = 0 [ 240.951191][ T5870] Out of memory and no killable processes... [ 240.957892][ T5871] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 240.969251][ T5871] CPU: 1 PID: 5871 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 240.979723][ T5871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 240.989824][ T5871] Call Trace: [ 240.993143][ T5871] [ 240.996099][ T5871] dump_stack_lvl+0x1e7/0x2d0 [ 241.000813][ T5871] ? nf_tcp_handle_invalid+0x640/0x640 [ 241.006327][ T5871] ? panic+0x770/0x770 [ 241.010466][ T5871] dump_header+0xdc/0x940 [ 241.014834][ T5871] out_of_memory+0xf21/0x12c0 [ 241.019569][ T5871] ? mutex_lock_io_nested+0x60/0x60 [ 241.024829][ T5871] ? preempt_schedule+0xdd/0xf0 [ 241.029744][ T5871] ? unregister_oom_notifier+0x20/0x20 [ 241.035248][ T5871] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 241.041299][ T5871] mem_cgroup_out_of_memory+0x263/0x3b0 [ 241.046899][ T5871] ? preempt_schedule_thunk+0x1a/0x20 [ 241.052335][ T5871] ? mem_cgroup_oom_trylock+0x210/0x210 [ 241.057940][ T5871] ? cgroup_file_notify+0x127/0x190 [ 241.063202][ T5871] memory_max_write+0x355/0x470 [ 241.068114][ T5871] ? memory_max_show+0xa0/0xa0 [ 241.072929][ T5871] ? read_lock_is_recursive+0x20/0x20 [ 241.078354][ T5871] ? memory_max_show+0xa0/0xa0 [ 241.083165][ T5871] cgroup_file_write+0x2b1/0x780 [ 241.088152][ T5871] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.093310][ T5871] ? __virt_addr_valid+0x22f/0x2e0 [ 241.098487][ T5871] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.103642][ T5871] kernfs_fop_write_iter+0x3a6/0x4f0 [ 241.109001][ T5871] vfs_write+0x7b2/0xbb0 [ 241.113309][ T5871] ? file_end_write+0x240/0x240 [ 241.118232][ T5871] ? do_raw_spin_unlock+0x13b/0x8b0 [ 241.123482][ T5871] ? lockdep_hardirqs_on+0x98/0x140 [ 241.128734][ T5871] ? __fdget_pos+0x265/0x2f0 [ 241.133372][ T5871] ksys_write+0x1a0/0x2c0 [ 241.137754][ T5871] ? __ia32_sys_read+0x90/0x90 [ 241.142569][ T5871] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 241.148611][ T5871] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 241.154641][ T5871] do_syscall_64+0x41/0xc0 [ 241.159099][ T5871] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 241.165026][ T5871] RIP: 0033:0x7fd49ce20129 [ 241.169469][ T5871] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 241.189121][ T5871] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.197592][ T5871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [pid 5075] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./70/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 241.205593][ T5871] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 241.213588][ T5871] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 241.221599][ T5871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 241.229616][ T5871] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000040 [ 241.237636][ T5871] [ 241.249963][ T5871] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./70/file0") = 0 [pid 5075] umount2("./70/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./70/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./70/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./70") = 0 [pid 5075] mkdir("./71", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5876] chdir("./71" [pid 5075] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 73 [ 241.256095][ T5871] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 241.264533][ T5871] Memory cgroup stats for /syz1: [ 241.264866][ T5871] anon 0 [ 241.264866][ T5871] file 0 [ 241.264866][ T5871] kernel 8192 [ 241.264866][ T5871] kernel_stack 0 [ 241.264866][ T5871] pagetables 0 [ 241.264866][ T5871] sec_pagetables 0 [ 241.264866][ T5871] percpu 0 [ 241.264866][ T5871] sock 0 [ 241.264866][ T5871] vmalloc 0 [ 241.264866][ T5871] shmem 0 [ 241.264866][ T5871] zswap 0 [ 241.264866][ T5871] zswapped 0 [pid 5876] <... chdir resumed>) = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5876] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5876] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [ 241.264866][ T5871] file_mapped 0 [ 241.264866][ T5871] file_dirty 0 [ 241.264866][ T5871] file_writeback 0 [ 241.264866][ T5871] swapcached 0 [ 241.264866][ T5871] anon_thp 0 [ 241.264866][ T5871] file_thp 0 [ 241.264866][ T5871] shmem_thp 0 [ 241.264866][ T5871] inactive_anon 0 [ 241.264866][ T5871] active_anon 0 [ 241.264866][ T5871] inactive_file 0 [ 241.264866][ T5871] active_file 0 [ 241.264866][ T5871] unevictable 0 [ 241.264866][ T5871] slab_reclaimable 6752 [ 241.264866][ T5871] slab_unreclaimable 0 [ 241.264866][ T5871] slab 6752 [pid 5876] mkdir("./file0", 000) = 0 [pid 5876] open("./file0", O_RDONLY) = 3 [pid 5876] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5876] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5876] openat(5, "memory.max", O_RDWR) = 6 [pid 5876] write(6, "0x000000000000040e", 18 [pid 5871] <... write resumed>) = 18 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] close(5) = 0 [pid 5871] close(6) = 0 [pid 5871] close(7) = -1 EBADF (Bad file descriptor) [pid 5871] close(8) = -1 EBADF (Bad file descriptor) [pid 5871] close(9) = -1 EBADF (Bad file descriptor) [pid 5871] close(10) = -1 EBADF (Bad file descriptor) [pid 5871] close(11) = -1 EBADF (Bad file descriptor) [pid 5871] close(12) = -1 EBADF (Bad file descriptor) [pid 5871] close(13) = -1 EBADF (Bad file descriptor) [pid 5871] close(14) = -1 EBADF (Bad file descriptor) [pid 5871] close(15) = -1 EBADF (Bad file descriptor) [pid 5871] close(16) = -1 EBADF (Bad file descriptor) [pid 5871] close(17) = -1 EBADF (Bad file descriptor) [pid 5871] close(18) = -1 EBADF (Bad file descriptor) [pid 5871] close(19) = -1 EBADF (Bad file descriptor) [pid 5871] close(20) = -1 EBADF (Bad file descriptor) [pid 5871] close(21) = -1 EBADF (Bad file descriptor) [pid 5871] close(22) = -1 EBADF (Bad file descriptor) [ 241.264866][ T5871] workingset_refault_anon 0 [ 241.362791][ T5871] Tasks state (memory values in pages): [ 241.368887][ T5871] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 241.379349][ T5871] Out of memory and no killable processes... [ 241.385432][ T5873] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5871] close(23) = -1 EBADF (Bad file descriptor) [pid 5871] close(24) = -1 EBADF (Bad file descriptor) [pid 5871] close(25) = -1 EBADF (Bad file descriptor) [pid 5871] close(26) = -1 EBADF (Bad file descriptor) [pid 5871] close(27) = -1 EBADF (Bad file descriptor) [pid 5871] close(28) = -1 EBADF (Bad file descriptor) [pid 5871] close(29) = -1 EBADF (Bad file descriptor) [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./64/binderfs") = 0 [pid 5070] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./64/cgroup") = 0 [pid 5070] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./64/cgroup.net") = 0 [ 241.405047][ T5873] CPU: 0 PID: 5873 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 241.415532][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 241.425635][ T5873] Call Trace: [ 241.428954][ T5873] [ 241.431921][ T5873] dump_stack_lvl+0x1e7/0x2d0 [ 241.436655][ T5873] ? nf_tcp_handle_invalid+0x640/0x640 [ 241.442168][ T5873] ? panic+0x770/0x770 [ 241.446292][ T5873] dump_header+0xdc/0x940 [ 241.450680][ T5873] out_of_memory+0xf21/0x12c0 [ 241.455410][ T5873] ? mutex_lock_io_nested+0x60/0x60 [ 241.460670][ T5873] ? preempt_schedule+0xdd/0xf0 [ 241.465571][ T5873] ? unregister_oom_notifier+0x20/0x20 [ 241.471078][ T5873] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 241.477113][ T5873] mem_cgroup_out_of_memory+0x263/0x3b0 [ 241.482690][ T5873] ? preempt_schedule_thunk+0x1a/0x20 [ 241.488120][ T5873] ? mem_cgroup_oom_trylock+0x210/0x210 [ 241.493744][ T5873] ? cgroup_file_notify+0x127/0x190 [ 241.499000][ T5873] memory_max_write+0x355/0x470 [ 241.503912][ T5873] ? memory_max_show+0xa0/0xa0 [ 241.508727][ T5873] ? read_lock_is_recursive+0x20/0x20 [ 241.514166][ T5873] ? memory_max_show+0xa0/0xa0 [ 241.518979][ T5873] cgroup_file_write+0x2b1/0x780 [ 241.523971][ T5873] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.529127][ T5873] ? __virt_addr_valid+0x22f/0x2e0 [ 241.534312][ T5873] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.539463][ T5873] kernfs_fop_write_iter+0x3a6/0x4f0 [ 241.544805][ T5873] vfs_write+0x7b2/0xbb0 [ 241.549108][ T5873] ? file_end_write+0x240/0x240 [ 241.554022][ T5873] ? do_raw_spin_unlock+0x13b/0x8b0 [ 241.559275][ T5873] ? lockdep_hardirqs_on+0x98/0x140 [ 241.564538][ T5873] ? __fdget_pos+0x265/0x2f0 [ 241.569187][ T5873] ksys_write+0x1a0/0x2c0 [ 241.573575][ T5873] ? __ia32_sys_read+0x90/0x90 [ 241.578401][ T5873] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 241.584446][ T5873] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 241.590486][ T5873] do_syscall_64+0x41/0xc0 [ 241.595254][ T5873] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 241.601229][ T5873] RIP: 0033:0x7fd49ce20129 [ 241.605697][ T5873] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 241.625465][ T5873] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 241.633938][ T5873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 241.641957][ T5873] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 241.649975][ T5873] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./64/file0") = 0 [ 241.657989][ T5873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 241.666009][ T5873] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000048 [ 241.674053][ T5873] [ 241.686282][ T5873] memory: usage 8kB, limit 0kB, failcnt 55 [ 241.692263][ T5873] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 241.699686][ T5873] Memory cgroup stats for /syz1: [ 241.699907][ T5873] anon 0 [pid 5070] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./64/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./64") = 0 [pid 5070] mkdir("./65", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 67 ./strace-static-x86_64: Process 5877 attached [pid 5877] chdir("./65") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5877] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5877] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 241.699907][ T5873] file 0 [ 241.699907][ T5873] kernel 8192 [ 241.699907][ T5873] kernel_stack 0 [ 241.699907][ T5873] pagetables 0 [ 241.699907][ T5873] sec_pagetables 0 [ 241.699907][ T5873] percpu 0 [ 241.699907][ T5873] sock 0 [ 241.699907][ T5873] vmalloc 0 [ 241.699907][ T5873] shmem 0 [ 241.699907][ T5873] zswap 0 [ 241.699907][ T5873] zswapped 0 [ 241.699907][ T5873] file_mapped 0 [ 241.699907][ T5873] file_dirty 0 [ 241.699907][ T5873] file_writeback 0 [ 241.699907][ T5873] swapcached 0 [ 241.699907][ T5873] anon_thp 0 [ 241.699907][ T5873] file_thp 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] mkdir("./file0", 000) = 0 [pid 5877] open("./file0", O_RDONLY) = 3 [pid 5877] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5877] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5877] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5877] openat(5, "memory.max", O_RDWR) = 6 [ 241.699907][ T5873] shmem_thp 0 [ 241.699907][ T5873] inactive_anon 0 [ 241.699907][ T5873] active_anon 0 [ 241.699907][ T5873] inactive_file 0 [ 241.699907][ T5873] active_file 0 [ 241.699907][ T5873] unevictable 0 [ 241.699907][ T5873] slab_reclaimable 6752 [ 241.699907][ T5873] slab_unreclaimable 0 [ 241.699907][ T5873] slab 6752 [ 241.699907][ T5873] workingset_refault_anon 0 [ 241.801128][ T5873] Tasks state (memory values in pages): [pid 5877] write(6, "0x000000000000040e", 18 [pid 5873] <... write resumed>) = 18 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] close(5) = 0 [pid 5873] close(6) = 0 [pid 5873] close(7) = -1 EBADF (Bad file descriptor) [pid 5873] close(8) = -1 EBADF (Bad file descriptor) [pid 5873] close(9) = -1 EBADF (Bad file descriptor) [pid 5873] close(10) = -1 EBADF (Bad file descriptor) [pid 5873] close(11) = -1 EBADF (Bad file descriptor) [pid 5873] close(12) = -1 EBADF (Bad file descriptor) [pid 5873] close(13) = -1 EBADF (Bad file descriptor) [pid 5873] close(14) = -1 EBADF (Bad file descriptor) [pid 5873] close(15) = -1 EBADF (Bad file descriptor) [pid 5873] close(16) = -1 EBADF (Bad file descriptor) [pid 5873] close(17) = -1 EBADF (Bad file descriptor) [pid 5873] close(18) = -1 EBADF (Bad file descriptor) [pid 5873] close(19) = -1 EBADF (Bad file descriptor) [pid 5873] close(20) = -1 EBADF (Bad file descriptor) [pid 5873] close(21) = -1 EBADF (Bad file descriptor) [pid 5873] close(22) = -1 EBADF (Bad file descriptor) [pid 5873] close(23) = -1 EBADF (Bad file descriptor) [pid 5873] close(24) = -1 EBADF (Bad file descriptor) [pid 5873] close(25) = -1 EBADF (Bad file descriptor) [pid 5873] close(26) = -1 EBADF (Bad file descriptor) [pid 5873] close(27) = -1 EBADF (Bad file descriptor) [pid 5873] close(28) = -1 EBADF (Bad file descriptor) [pid 5873] close(29) = -1 EBADF (Bad file descriptor) [pid 5873] exit_group(0) = ? [pid 5873] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=74, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./72/binderfs") = 0 [pid 5074] umount2("./72/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 241.807407][ T5873] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 241.817318][ T5873] Out of memory and no killable processes... [ 241.823399][ T5874] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 241.834340][ T5874] CPU: 0 PID: 5874 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 241.844835][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 241.854948][ T5874] Call Trace: [pid 5074] lstat("./72/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./72/cgroup") = 0 [pid 5074] umount2("./72/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./72/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./72/cgroup.net") = 0 [ 241.858276][ T5874] [ 241.861260][ T5874] dump_stack_lvl+0x1e7/0x2d0 [ 241.866014][ T5874] ? nf_tcp_handle_invalid+0x640/0x640 [ 241.871546][ T5874] ? panic+0x770/0x770 [ 241.875679][ T5874] dump_header+0xdc/0x940 [ 241.880057][ T5874] out_of_memory+0xf21/0x12c0 [ 241.884796][ T5874] ? mutex_lock_io_nested+0x60/0x60 [ 241.890082][ T5874] ? preempt_schedule+0xdd/0xf0 [ 241.895101][ T5874] ? unregister_oom_notifier+0x20/0x20 [ 241.900634][ T5874] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 241.906680][ T5874] mem_cgroup_out_of_memory+0x263/0x3b0 [ 241.912261][ T5874] ? preempt_schedule_thunk+0x1a/0x20 [ 241.917675][ T5874] ? mem_cgroup_oom_trylock+0x210/0x210 [ 241.923280][ T5874] ? cgroup_file_notify+0x127/0x190 [ 241.928549][ T5874] memory_max_write+0x355/0x470 [ 241.933460][ T5874] ? memory_max_show+0xa0/0xa0 [ 241.938293][ T5874] ? read_lock_is_recursive+0x20/0x20 [ 241.943764][ T5874] ? memory_max_show+0xa0/0xa0 [ 241.948590][ T5874] cgroup_file_write+0x2b1/0x780 [ 241.953605][ T5874] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.958771][ T5874] ? __virt_addr_valid+0x22f/0x2e0 [ 241.963965][ T5874] ? cgroup_seqfile_stop+0xd0/0xd0 [ 241.969124][ T5874] kernfs_fop_write_iter+0x3a6/0x4f0 [ 241.974471][ T5874] vfs_write+0x7b2/0xbb0 [ 241.978774][ T5874] ? file_end_write+0x240/0x240 [ 241.983670][ T5874] ? do_raw_spin_unlock+0x13b/0x8b0 [ 241.988926][ T5874] ? lockdep_hardirqs_on+0x98/0x140 [ 241.994190][ T5874] ? __fdget_pos+0x265/0x2f0 [ 241.998848][ T5874] ksys_write+0x1a0/0x2c0 [ 242.003252][ T5874] ? __ia32_sys_read+0x90/0x90 [ 242.008067][ T5874] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 242.014111][ T5874] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 242.020141][ T5874] do_syscall_64+0x41/0xc0 [ 242.024578][ T5874] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 242.030510][ T5874] RIP: 0033:0x7fd49ce20129 [ 242.034965][ T5874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./72/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./72/file0") = 0 [pid 5074] umount2("./72/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./72/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./72/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [ 242.054605][ T5874] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 242.063048][ T5874] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 242.071066][ T5874] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 242.079088][ T5874] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 242.087095][ T5874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 242.095084][ T5874] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000044 [ 242.103090][ T5874] [pid 5074] rmdir("./72") = 0 [pid 5074] mkdir("./73", 0777) = 0 [ 242.136592][ T5874] memory: usage 8kB, limit 0kB, failcnt 55 [ 242.142493][ T5874] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 242.150362][ T5874] Memory cgroup stats for /syz1: [ 242.150760][ T5874] anon 0 [ 242.150760][ T5874] file 0 [ 242.150760][ T5874] kernel 8192 [ 242.150760][ T5874] kernel_stack 0 [ 242.150760][ T5874] pagetables 0 [ 242.150760][ T5874] sec_pagetables 0 [ 242.150760][ T5874] percpu 0 [ 242.150760][ T5874] sock 0 [ 242.150760][ T5874] vmalloc 0 [ 242.150760][ T5874] shmem 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 75 ./strace-static-x86_64: Process 5878 attached [pid 5878] chdir("./73") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5878] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5878] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] mkdir("./file0", 000) = 0 [pid 5878] open("./file0", O_RDONLY) = 3 [pid 5878] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5878] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5878] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5878] openat(5, "memory.max", O_RDWR) = 6 [ 242.150760][ T5874] zswap 0 [ 242.150760][ T5874] zswapped 0 [ 242.150760][ T5874] file_mapped 0 [ 242.150760][ T5874] file_dirty 0 [ 242.150760][ T5874] file_writeback 0 [ 242.150760][ T5874] swapcached 0 [ 242.150760][ T5874] anon_thp 0 [ 242.150760][ T5874] file_thp 0 [ 242.150760][ T5874] shmem_thp 0 [ 242.150760][ T5874] inactive_anon 0 [ 242.150760][ T5874] active_anon 0 [ 242.150760][ T5874] inactive_file 0 [ 242.150760][ T5874] active_file 0 [ 242.150760][ T5874] unevictable 0 [ 242.150760][ T5874] slab_reclaimable 6752 [pid 5878] write(6, "0x000000000000040e", 18 [pid 5874] <... write resumed>) = 18 [pid 5874] close(3) = 0 [ 242.150760][ T5874] slab_unreclaimable 0 [ 242.150760][ T5874] slab 6752 [ 242.150760][ T5874] workingset_refault_anon 0 [ 242.247381][ T5874] Tasks state (memory values in pages): [ 242.253044][ T5874] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 242.262799][ T5874] Out of memory and no killable processes... [ 242.269121][ T5875] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5874] close(4) = 0 [pid 5874] close(5) = 0 [pid 5874] close(6) = 0 [pid 5874] close(7) = -1 EBADF (Bad file descriptor) [pid 5874] close(8) = -1 EBADF (Bad file descriptor) [pid 5874] close(9) = -1 EBADF (Bad file descriptor) [pid 5874] close(10) = -1 EBADF (Bad file descriptor) [pid 5874] close(11) = -1 EBADF (Bad file descriptor) [pid 5874] close(12) = -1 EBADF (Bad file descriptor) [pid 5874] close(13) = -1 EBADF (Bad file descriptor) [pid 5874] close(14) = -1 EBADF (Bad file descriptor) [pid 5874] close(15) = -1 EBADF (Bad file descriptor) [ 242.280465][ T5875] CPU: 1 PID: 5875 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 242.290930][ T5875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 242.301031][ T5875] Call Trace: [ 242.304346][ T5875] [ 242.307310][ T5875] dump_stack_lvl+0x1e7/0x2d0 [ 242.312046][ T5875] ? nf_tcp_handle_invalid+0x640/0x640 [ 242.317558][ T5875] ? panic+0x770/0x770 [ 242.321702][ T5875] dump_header+0xdc/0x940 [ 242.326093][ T5875] out_of_memory+0xf21/0x12c0 [ 242.330829][ T5875] ? mutex_lock_io_nested+0x60/0x60 [ 242.336086][ T5875] ? preempt_schedule+0xdd/0xf0 [ 242.340999][ T5875] ? unregister_oom_notifier+0x20/0x20 [ 242.346505][ T5875] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 242.352548][ T5875] mem_cgroup_out_of_memory+0x263/0x3b0 [ 242.358155][ T5875] ? preempt_schedule_thunk+0x1a/0x20 [ 242.363596][ T5875] ? mem_cgroup_oom_trylock+0x210/0x210 [ 242.369223][ T5875] ? cgroup_file_notify+0x127/0x190 [ 242.374475][ T5875] memory_max_write+0x355/0x470 [ 242.379384][ T5875] ? memory_max_show+0xa0/0xa0 [ 242.384208][ T5875] ? read_lock_is_recursive+0x20/0x20 [ 242.389634][ T5875] ? memory_max_show+0xa0/0xa0 [ 242.394426][ T5875] cgroup_file_write+0x2b1/0x780 [ 242.399387][ T5875] ? cgroup_seqfile_stop+0xd0/0xd0 [ 242.404510][ T5875] ? __virt_addr_valid+0x22f/0x2e0 [ 242.409650][ T5875] ? cgroup_seqfile_stop+0xd0/0xd0 [ 242.414805][ T5875] kernfs_fop_write_iter+0x3a6/0x4f0 [ 242.420115][ T5875] vfs_write+0x7b2/0xbb0 [ 242.424381][ T5875] ? file_end_write+0x240/0x240 [ 242.429251][ T5875] ? do_raw_spin_unlock+0x13b/0x8b0 [ 242.434466][ T5875] ? lockdep_hardirqs_on+0x98/0x140 [ 242.439691][ T5875] ? __fdget_pos+0x265/0x2f0 [ 242.444312][ T5875] ksys_write+0x1a0/0x2c0 [ 242.448691][ T5875] ? __ia32_sys_read+0x90/0x90 [ 242.453471][ T5875] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 242.459487][ T5875] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 242.465498][ T5875] do_syscall_64+0x41/0xc0 [ 242.469937][ T5875] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 242.475864][ T5875] RIP: 0033:0x7fd49ce20129 [ 242.480295][ T5875] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 242.499919][ T5875] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 242.508350][ T5875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 242.516364][ T5875] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 242.524344][ T5875] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5874] close(16) = -1 EBADF (Bad file descriptor) [pid 5874] close(17) = -1 EBADF (Bad file descriptor) [pid 5874] close(18) = -1 EBADF (Bad file descriptor) [pid 5874] close(19) = -1 EBADF (Bad file descriptor) [pid 5874] close(20) = -1 EBADF (Bad file descriptor) [pid 5874] close(21) = -1 EBADF (Bad file descriptor) [pid 5874] close(22) = -1 EBADF (Bad file descriptor) [pid 5874] close(23) = -1 EBADF (Bad file descriptor) [pid 5874] close(24) = -1 EBADF (Bad file descriptor) [pid 5874] close(25) = -1 EBADF (Bad file descriptor) [pid 5874] close(26) = -1 EBADF (Bad file descriptor) [pid 5874] close(27) = -1 EBADF (Bad file descriptor) [pid 5874] close(28) = -1 EBADF (Bad file descriptor) [pid 5874] close(29) = -1 EBADF (Bad file descriptor) [pid 5874] exit_group(0) = ? [pid 5874] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./68/binderfs") = 0 [pid 5073] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./68/cgroup") = 0 [pid 5073] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./68/cgroup.net") = 0 [pid 5073] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./68/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [ 242.532324][ T5875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 242.540308][ T5875] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000041 [ 242.548308][ T5875] [ 242.561249][ T5875] memory: usage 8kB, limit 0kB, failcnt 55 [ 242.567401][ T5875] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 242.574299][ T5875] Memory cgroup stats for /syz1: [ 242.574509][ T5875] anon 0 [ 242.574509][ T5875] file 0 [ 242.574509][ T5875] kernel 8192 [pid 5073] rmdir("./68/file0") = 0 [pid 5073] umount2("./68/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./68/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./68/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./68") = 0 [pid 5073] mkdir("./69", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached [pid 5879] chdir("./69" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 71 [pid 5879] <... chdir resumed>) = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5879] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5879] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] mkdir("./file0", 000) = 0 [ 242.574509][ T5875] kernel_stack 0 [ 242.574509][ T5875] pagetables 0 [ 242.574509][ T5875] sec_pagetables 0 [ 242.574509][ T5875] percpu 0 [ 242.574509][ T5875] sock 0 [ 242.574509][ T5875] vmalloc 0 [ 242.574509][ T5875] shmem 0 [ 242.574509][ T5875] zswap 0 [ 242.574509][ T5875] zswapped 0 [ 242.574509][ T5875] file_mapped 0 [ 242.574509][ T5875] file_dirty 0 [ 242.574509][ T5875] file_writeback 0 [ 242.574509][ T5875] swapcached 0 [ 242.574509][ T5875] anon_thp 0 [ 242.574509][ T5875] file_thp 0 [ 242.574509][ T5875] shmem_thp 0 [pid 5879] open("./file0", O_RDONLY) = 3 [pid 5879] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5879] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5879] openat(5, "memory.max", O_RDWR) = 6 [ 242.574509][ T5875] inactive_anon 0 [ 242.574509][ T5875] active_anon 0 [ 242.574509][ T5875] inactive_file 0 [ 242.574509][ T5875] active_file 0 [ 242.574509][ T5875] unevictable 0 [ 242.574509][ T5875] slab_reclaimable 6752 [ 242.574509][ T5875] slab_unreclaimable 0 [ 242.574509][ T5875] slab 6752 [ 242.574509][ T5875] workingset_refault_anon 0 [ 242.674410][ T5875] Tasks state (memory values in pages): [pid 5879] write(6, "0x000000000000040e", 18 [pid 5875] <... write resumed>) = 18 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] close(5) = 0 [pid 5875] close(6) = 0 [pid 5875] close(7) = -1 EBADF (Bad file descriptor) [pid 5875] close(8) = -1 EBADF (Bad file descriptor) [pid 5875] close(9) = -1 EBADF (Bad file descriptor) [pid 5875] close(10) = -1 EBADF (Bad file descriptor) [pid 5875] close(11) = -1 EBADF (Bad file descriptor) [pid 5875] close(12) = -1 EBADF (Bad file descriptor) [pid 5875] close(13) = -1 EBADF (Bad file descriptor) [pid 5875] close(14) = -1 EBADF (Bad file descriptor) [pid 5875] close(15) = -1 EBADF (Bad file descriptor) [pid 5875] close(16) = -1 EBADF (Bad file descriptor) [pid 5875] close(17) = -1 EBADF (Bad file descriptor) [pid 5875] close(18) = -1 EBADF (Bad file descriptor) [pid 5875] close(19) = -1 EBADF (Bad file descriptor) [pid 5875] close(20) = -1 EBADF (Bad file descriptor) [pid 5875] close(21) = -1 EBADF (Bad file descriptor) [pid 5875] close(22) = -1 EBADF (Bad file descriptor) [pid 5875] close(23) = -1 EBADF (Bad file descriptor) [pid 5875] close(24) = -1 EBADF (Bad file descriptor) [pid 5875] close(25) = -1 EBADF (Bad file descriptor) [pid 5875] close(26) = -1 EBADF (Bad file descriptor) [pid 5875] close(27) = -1 EBADF (Bad file descriptor) [pid 5875] close(28) = -1 EBADF (Bad file descriptor) [pid 5875] close(29) = -1 EBADF (Bad file descriptor) [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 242.684594][ T5875] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 242.695173][ T5875] Out of memory and no killable processes... [ 242.702185][ T5876] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 242.717316][ T5876] CPU: 1 PID: 5876 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 242.727805][ T5876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5072] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./65/binderfs") = 0 [pid 5072] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./65/cgroup") = 0 [pid 5072] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./65/cgroup.net") = 0 [ 242.737904][ T5876] Call Trace: [ 242.741223][ T5876] [ 242.744203][ T5876] dump_stack_lvl+0x1e7/0x2d0 [ 242.748941][ T5876] ? nf_tcp_handle_invalid+0x640/0x640 [ 242.754453][ T5876] ? panic+0x770/0x770 [ 242.758595][ T5876] dump_header+0xdc/0x940 [ 242.762982][ T5876] out_of_memory+0xf21/0x12c0 [ 242.767713][ T5876] ? mutex_lock_io_nested+0x60/0x60 [ 242.772968][ T5876] ? mark_lock+0x9a/0x340 [ 242.777331][ T5876] ? unregister_oom_notifier+0x20/0x20 [ 242.782809][ T5876] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 242.788822][ T5876] mem_cgroup_out_of_memory+0x263/0x3b0 [ 242.794411][ T5876] ? mem_cgroup_oom_trylock+0x210/0x210 [ 242.799990][ T5876] ? cgroup_file_notify+0x127/0x190 [ 242.805214][ T5876] memory_max_write+0x355/0x470 [ 242.810087][ T5876] ? memory_max_show+0xa0/0xa0 [ 242.814876][ T5876] ? read_lock_is_recursive+0x20/0x20 [ 242.820270][ T5876] ? memory_max_show+0xa0/0xa0 [ 242.825047][ T5876] cgroup_file_write+0x2b1/0x780 [ 242.830023][ T5876] ? cgroup_seqfile_stop+0xd0/0xd0 [ 242.835150][ T5876] ? __virt_addr_valid+0x22f/0x2e0 [ 242.840293][ T5876] ? cgroup_seqfile_stop+0xd0/0xd0 [ 242.845413][ T5876] kernfs_fop_write_iter+0x3a6/0x4f0 [ 242.850721][ T5876] vfs_write+0x7b2/0xbb0 [ 242.855014][ T5876] ? file_end_write+0x240/0x240 [ 242.859915][ T5876] ? do_raw_spin_unlock+0x13b/0x8b0 [ 242.865145][ T5876] ? lockdep_hardirqs_on+0x98/0x140 [ 242.870374][ T5876] ? __fdget_pos+0x265/0x2f0 [ 242.874990][ T5876] ksys_write+0x1a0/0x2c0 [ 242.879340][ T5876] ? __ia32_sys_read+0x90/0x90 [ 242.884127][ T5876] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 242.890137][ T5876] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 242.896144][ T5876] do_syscall_64+0x41/0xc0 [ 242.900583][ T5876] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 242.906504][ T5876] RIP: 0033:0x7fd49ce20129 [ 242.910936][ T5876] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 242.930575][ T5876] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5072] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 242.939051][ T5876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 242.947037][ T5876] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 242.955026][ T5876] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 242.963011][ T5876] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 242.970997][ T5876] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000047 [ 242.979003][ T5876] [ 242.984179][ T5876] memory: usage 8kB, limit 0kB, failcnt 55 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./65/file0") = 0 [pid 5072] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./65/cgroup.cpu") = 0 [ 242.999332][ T5876] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 243.010051][ T5876] Memory cgroup stats for /syz1: [ 243.010405][ T5876] anon 0 [ 243.010405][ T5876] file 0 [ 243.010405][ T5876] kernel 8192 [ 243.010405][ T5876] kernel_stack 0 [ 243.010405][ T5876] pagetables 0 [ 243.010405][ T5876] sec_pagetables 0 [ 243.010405][ T5876] percpu 0 [ 243.010405][ T5876] sock 0 [ 243.010405][ T5876] vmalloc 0 [ 243.010405][ T5876] shmem 0 [ 243.010405][ T5876] zswap 0 [ 243.010405][ T5876] zswapped 0 [ 243.010405][ T5876] file_mapped 0 [ 243.010405][ T5876] file_dirty 0 [ 243.010405][ T5876] file_writeback 0 [ 243.010405][ T5876] swapcached 0 [ 243.010405][ T5876] anon_thp 0 [ 243.010405][ T5876] file_thp 0 [ 243.010405][ T5876] shmem_thp 0 [ 243.010405][ T5876] inactive_anon 0 [ 243.010405][ T5876] active_anon 0 [ 243.010405][ T5876] inactive_file 0 [ 243.010405][ T5876] active_file 0 [ 243.010405][ T5876] unevictable 0 [ 243.010405][ T5876] slab_reclaimable 6752 [ 243.010405][ T5876] slab_unreclaimable 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./65") = 0 [pid 5072] mkdir("./66", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 68 ./strace-static-x86_64: Process 5880 attached [pid 5880] chdir("./66") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5880] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5880] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 243.010405][ T5876] slab 6752 [ 243.010405][ T5876] workingset_refault_anon 0 [ 243.110631][ T5876] Tasks state (memory values in pages): [ 243.118454][ T5876] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 243.137373][ T5876] Out of memory and no killable processes... [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] mkdir("./file0", 000) = 0 [pid 5880] open("./file0", O_RDONLY) = 3 [pid 5880] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5880] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5880] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5880] openat(5, "memory.max", O_RDWR) = 6 [pid 5880] write(6, "0x000000000000040e", 18 [pid 5876] <... write resumed>) = 18 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] close(5) = 0 [pid 5876] close(6) = 0 [pid 5876] close(7) = -1 EBADF (Bad file descriptor) [pid 5876] close(8) = -1 EBADF (Bad file descriptor) [pid 5876] close(9) = -1 EBADF (Bad file descriptor) [pid 5876] close(10) = -1 EBADF (Bad file descriptor) [pid 5876] close(11) = -1 EBADF (Bad file descriptor) [pid 5876] close(12) = -1 EBADF (Bad file descriptor) [pid 5876] close(13) = -1 EBADF (Bad file descriptor) [pid 5876] close(14) = -1 EBADF (Bad file descriptor) [ 243.144993][ T5877] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 243.162613][ T5877] CPU: 1 PID: 5877 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 243.173128][ T5877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 243.183230][ T5877] Call Trace: [ 243.186551][ T5877] [ 243.189523][ T5877] dump_stack_lvl+0x1e7/0x2d0 [ 243.194274][ T5877] ? nf_tcp_handle_invalid+0x640/0x640 [pid 5876] close(15) = -1 EBADF (Bad file descriptor) [pid 5876] close(16) = -1 EBADF (Bad file descriptor) [pid 5876] close(17) = -1 EBADF (Bad file descriptor) [pid 5876] close(18) = -1 EBADF (Bad file descriptor) [pid 5876] close(19) = -1 EBADF (Bad file descriptor) [pid 5876] close(20) = -1 EBADF (Bad file descriptor) [pid 5876] close(21) = -1 EBADF (Bad file descriptor) [pid 5876] close(22) = -1 EBADF (Bad file descriptor) [pid 5876] close(23) = -1 EBADF (Bad file descriptor) [ 243.199794][ T5877] ? panic+0x770/0x770 [ 243.203944][ T5877] dump_header+0xdc/0x940 [ 243.208339][ T5877] out_of_memory+0xf21/0x12c0 [ 243.213086][ T5877] ? mutex_lock_io_nested+0x60/0x60 [ 243.218356][ T5877] ? mark_lock+0x9a/0x340 [ 243.222734][ T5877] ? unregister_oom_notifier+0x20/0x20 [ 243.228255][ T5877] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 243.234305][ T5877] mem_cgroup_out_of_memory+0x263/0x3b0 [ 243.239921][ T5877] ? mem_cgroup_oom_trylock+0x210/0x210 [ 243.245540][ T5877] ? cgroup_file_notify+0x127/0x190 [ 243.250778][ T5877] memory_max_write+0x355/0x470 [ 243.255695][ T5877] ? memory_max_show+0xa0/0xa0 [ 243.260495][ T5877] ? read_lock_is_recursive+0x20/0x20 [ 243.265905][ T5877] ? memory_max_show+0xa0/0xa0 [ 243.270718][ T5877] cgroup_file_write+0x2b1/0x780 [ 243.275711][ T5877] ? cgroup_seqfile_stop+0xd0/0xd0 [ 243.280863][ T5877] ? __virt_addr_valid+0x22f/0x2e0 [ 243.286046][ T5877] ? cgroup_seqfile_stop+0xd0/0xd0 [ 243.291198][ T5877] kernfs_fop_write_iter+0x3a6/0x4f0 [ 243.296546][ T5877] vfs_write+0x7b2/0xbb0 [ 243.300846][ T5877] ? file_end_write+0x240/0x240 [ 243.305745][ T5877] ? do_raw_spin_unlock+0x13b/0x8b0 [ 243.310991][ T5877] ? lockdep_hardirqs_on+0x98/0x140 [ 243.316250][ T5877] ? __fdget_pos+0x265/0x2f0 [ 243.320899][ T5877] ksys_write+0x1a0/0x2c0 [ 243.325268][ T5877] ? __ia32_sys_read+0x90/0x90 [ 243.330062][ T5877] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 243.336110][ T5877] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 243.342130][ T5877] do_syscall_64+0x41/0xc0 [ 243.346597][ T5877] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 243.352541][ T5877] RIP: 0033:0x7fd49ce20129 [ 243.356979][ T5877] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 243.376630][ T5877] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 243.385112][ T5877] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 243.393106][ T5877] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [pid 5876] close(24) = -1 EBADF (Bad file descriptor) [pid 5876] close(25) = -1 EBADF (Bad file descriptor) [pid 5876] close(26) = -1 EBADF (Bad file descriptor) [pid 5876] close(27) = -1 EBADF (Bad file descriptor) [pid 5876] close(28) = -1 EBADF (Bad file descriptor) [pid 5876] close(29) = -1 EBADF (Bad file descriptor) [pid 5876] exit_group(0) = ? [pid 5876] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5075] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./71/binderfs") = 0 [pid 5075] umount2("./71/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./71/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./71/cgroup") = 0 [pid 5075] umount2("./71/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./71/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./71/cgroup.net") = 0 [pid 5075] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 243.401123][ T5877] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 243.409135][ T5877] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 243.417147][ T5877] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000041 [ 243.425166][ T5877] [ 243.433652][ T5877] memory: usage 8kB, limit 0kB, failcnt 55 [ 243.439590][ T5877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5075] lstat("./71/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./71/file0") = 0 [pid 5075] umount2("./71/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./71/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 243.447080][ T5877] Memory cgroup stats for /syz1: [ 243.447287][ T5877] anon 0 [ 243.447287][ T5877] file 0 [ 243.447287][ T5877] kernel 8192 [ 243.447287][ T5877] kernel_stack 0 [ 243.447287][ T5877] pagetables 0 [ 243.447287][ T5877] sec_pagetables 0 [ 243.447287][ T5877] percpu 0 [ 243.447287][ T5877] sock 0 [ 243.447287][ T5877] vmalloc 0 [ 243.447287][ T5877] shmem 0 [ 243.447287][ T5877] zswap 0 [ 243.447287][ T5877] zswapped 0 [ 243.447287][ T5877] file_mapped 0 [ 243.447287][ T5877] file_dirty 0 [ 243.447287][ T5877] file_writeback 0 [ 243.447287][ T5877] swapcached 0 [pid 5075] unlink("./71/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./71") = 0 [pid 5075] mkdir("./72", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 74 ./strace-static-x86_64: Process 5881 attached [ 243.447287][ T5877] anon_thp 0 [ 243.447287][ T5877] file_thp 0 [ 243.447287][ T5877] shmem_thp 0 [ 243.447287][ T5877] inactive_anon 0 [ 243.447287][ T5877] active_anon 0 [ 243.447287][ T5877] inactive_file 0 [ 243.447287][ T5877] active_file 0 [ 243.447287][ T5877] unevictable 0 [ 243.447287][ T5877] slab_reclaimable 6752 [ 243.447287][ T5877] slab_unreclaimable 0 [ 243.447287][ T5877] slab 6752 [ 243.447287][ T5877] workingset_refault_anon 0 [pid 5881] chdir("./72") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0 [pid 5877] <... write resumed>) = 18 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] close(5) = 0 [pid 5877] close(6) = 0 [pid 5877] close(7) = -1 EBADF (Bad file descriptor) [pid 5877] close(8) = -1 EBADF (Bad file descriptor) [pid 5877] close(9) = -1 EBADF (Bad file descriptor) [pid 5877] close(10) = -1 EBADF (Bad file descriptor) [pid 5877] close(11) = -1 EBADF (Bad file descriptor) [pid 5877] close(12) = -1 EBADF (Bad file descriptor) [pid 5877] close(13) = -1 EBADF (Bad file descriptor) [pid 5877] close(14) = -1 EBADF (Bad file descriptor) [pid 5877] close(15) = -1 EBADF (Bad file descriptor) [pid 5877] close(16) = -1 EBADF (Bad file descriptor) [pid 5877] close(17) = -1 EBADF (Bad file descriptor) [pid 5877] close(18) = -1 EBADF (Bad file descriptor) [pid 5877] close(19) = -1 EBADF (Bad file descriptor) [pid 5877] close(20) = -1 EBADF (Bad file descriptor) [pid 5877] close(21) = -1 EBADF (Bad file descriptor) [pid 5877] close(22) = -1 EBADF (Bad file descriptor) [pid 5877] close(23) = -1 EBADF (Bad file descriptor) [pid 5877] close(24) = -1 EBADF (Bad file descriptor) [pid 5877] close(25) = -1 EBADF (Bad file descriptor) [pid 5877] close(26) = -1 EBADF (Bad file descriptor) [pid 5877] close(27) = -1 EBADF (Bad file descriptor) [pid 5877] close(28) = -1 EBADF (Bad file descriptor) [pid 5877] close(29) = -1 EBADF (Bad file descriptor) [pid 5877] exit_group(0) = ? [pid 5877] +++ exited with 0 +++ [pid 5881] <... setpgid resumed>) = 0 [pid 5881] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5881] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5881] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] mkdir("./file0", 000) = 0 [pid 5881] open("./file0", O_RDONLY) = 3 [pid 5881] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 243.549121][ T5877] Tasks state (memory values in pages): [ 243.554764][ T5877] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 243.564872][ T5877] Out of memory and no killable processes... [ 243.572874][ T5878] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 243.584064][ T5878] CPU: 0 PID: 5878 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5881] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5881] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5881] openat(5, "memory.max", O_RDWR) = 6 [pid 5881] write(6, "0x000000000000040e", 18 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./65/binderfs") = 0 [pid 5070] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./65/cgroup") = 0 [pid 5070] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 243.594530][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 243.604635][ T5878] Call Trace: [ 243.607959][ T5878] [ 243.610934][ T5878] dump_stack_lvl+0x1e7/0x2d0 [ 243.615667][ T5878] ? nf_tcp_handle_invalid+0x640/0x640 [ 243.621184][ T5878] ? panic+0x770/0x770 [ 243.625335][ T5878] dump_header+0xdc/0x940 [ 243.629744][ T5878] out_of_memory+0xf21/0x12c0 [ 243.634488][ T5878] ? mutex_lock_io_nested+0x60/0x60 [ 243.639752][ T5878] ? preempt_schedule+0xdd/0xf0 [ 243.644664][ T5878] ? unregister_oom_notifier+0x20/0x20 [pid 5070] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./65/cgroup.net") = 0 [ 243.650183][ T5878] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 243.656328][ T5878] mem_cgroup_out_of_memory+0x263/0x3b0 [ 243.661956][ T5878] ? preempt_schedule_thunk+0x1a/0x20 [ 243.667391][ T5878] ? mem_cgroup_oom_trylock+0x210/0x210 [ 243.673005][ T5878] ? cgroup_file_notify+0x127/0x190 [ 243.678231][ T5878] memory_max_write+0x355/0x470 [ 243.683113][ T5878] ? memory_max_show+0xa0/0xa0 [ 243.687911][ T5878] ? read_lock_is_recursive+0x20/0x20 [ 243.693346][ T5878] ? memory_max_show+0xa0/0xa0 [ 243.698176][ T5878] cgroup_file_write+0x2b1/0x780 [ 243.703164][ T5878] ? cgroup_seqfile_stop+0xd0/0xd0 [ 243.708320][ T5878] ? __virt_addr_valid+0x22f/0x2e0 [ 243.713503][ T5878] ? cgroup_seqfile_stop+0xd0/0xd0 [ 243.718667][ T5878] kernfs_fop_write_iter+0x3a6/0x4f0 [ 243.723999][ T5878] vfs_write+0x7b2/0xbb0 [ 243.728281][ T5878] ? file_end_write+0x240/0x240 [ 243.733181][ T5878] ? do_raw_spin_unlock+0x13b/0x8b0 [ 243.738434][ T5878] ? lockdep_hardirqs_on+0x98/0x140 [ 243.743690][ T5878] ? __fdget_pos+0x265/0x2f0 [ 243.748337][ T5878] ksys_write+0x1a0/0x2c0 [ 243.752729][ T5878] ? __ia32_sys_read+0x90/0x90 [ 243.757507][ T5878] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 243.763529][ T5878] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 243.769578][ T5878] do_syscall_64+0x41/0xc0 [ 243.774055][ T5878] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 243.780004][ T5878] RIP: 0033:0x7fd49ce20129 [ 243.784470][ T5878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 243.804126][ T5878] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 243.812592][ T5878] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 243.820620][ T5878] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 243.828636][ T5878] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 243.836644][ T5878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 243.844663][ T5878] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000049 [pid 5070] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./65/file0") = 0 [pid 5070] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./65/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./65") = 0 [pid 5070] mkdir("./66", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 68 [ 243.852716][ T5878] [ 243.868789][ T5878] memory: usage 8kB, limit 0kB, failcnt 55 [ 243.874675][ T5878] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 243.893259][ T5878] Memory cgroup stats for /syz1: [ 243.893460][ T5878] anon 0 ./strace-static-x86_64: Process 5882 attached [pid 5882] chdir("./66") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5882] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5882] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] mkdir("./file0", 000) = 0 [pid 5882] open("./file0", O_RDONLY) = 3 [pid 5882] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5882] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5882] openat(5, "memory.max", O_RDWR) = 6 [ 243.893460][ T5878] file 0 [ 243.893460][ T5878] kernel 8192 [ 243.893460][ T5878] kernel_stack 0 [ 243.893460][ T5878] pagetables 0 [ 243.893460][ T5878] sec_pagetables 0 [ 243.893460][ T5878] percpu 0 [ 243.893460][ T5878] sock 0 [ 243.893460][ T5878] vmalloc 0 [ 243.893460][ T5878] shmem 0 [ 243.893460][ T5878] zswap 0 [ 243.893460][ T5878] zswapped 0 [ 243.893460][ T5878] file_mapped 0 [ 243.893460][ T5878] file_dirty 0 [ 243.893460][ T5878] file_writeback 0 [ 243.893460][ T5878] swapcached 0 [ 243.893460][ T5878] anon_thp 0 [ 243.893460][ T5878] file_thp 0 [ 243.893460][ T5878] shmem_thp 0 [ 243.893460][ T5878] inactive_anon 0 [ 243.893460][ T5878] active_anon 0 [ 243.893460][ T5878] inactive_file 0 [ 243.893460][ T5878] active_file 0 [ 243.893460][ T5878] unevictable 0 [ 243.893460][ T5878] slab_reclaimable 6752 [ 243.893460][ T5878] slab_unreclaimable 0 [ 243.893460][ T5878] slab 6752 [ 243.893460][ T5878] workingset_refault_anon 0 [ 243.991175][ T5878] Tasks state (memory values in pages): [pid 5882] write(6, "0x000000000000040e", 18 [pid 5878] <... write resumed>) = 18 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] close(5) = 0 [pid 5878] close(6) = 0 [pid 5878] close(7) = -1 EBADF (Bad file descriptor) [pid 5878] close(8) = -1 EBADF (Bad file descriptor) [pid 5878] close(9) = -1 EBADF (Bad file descriptor) [pid 5878] close(10) = -1 EBADF (Bad file descriptor) [pid 5878] close(11) = -1 EBADF (Bad file descriptor) [pid 5878] close(12) = -1 EBADF (Bad file descriptor) [pid 5878] close(13) = -1 EBADF (Bad file descriptor) [pid 5878] close(14) = -1 EBADF (Bad file descriptor) [pid 5878] close(15) = -1 EBADF (Bad file descriptor) [pid 5878] close(16) = -1 EBADF (Bad file descriptor) [pid 5878] close(17) = -1 EBADF (Bad file descriptor) [pid 5878] close(18) = -1 EBADF (Bad file descriptor) [pid 5878] close(19) = -1 EBADF (Bad file descriptor) [pid 5878] close(20) = -1 EBADF (Bad file descriptor) [pid 5878] close(21) = -1 EBADF (Bad file descriptor) [pid 5878] close(22) = -1 EBADF (Bad file descriptor) [pid 5878] close(23) = -1 EBADF (Bad file descriptor) [pid 5878] close(24) = -1 EBADF (Bad file descriptor) [pid 5878] close(25) = -1 EBADF (Bad file descriptor) [pid 5878] close(26) = -1 EBADF (Bad file descriptor) [pid 5878] close(27) = -1 EBADF (Bad file descriptor) [pid 5878] close(28) = -1 EBADF (Bad file descriptor) [pid 5878] close(29) = -1 EBADF (Bad file descriptor) [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=75, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [ 243.999968][ T5878] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 244.011097][ T5878] Out of memory and no killable processes... [ 244.019472][ T5879] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 244.033273][ T5879] CPU: 1 PID: 5879 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 244.043750][ T5879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [pid 5074] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./73/binderfs") = 0 [pid 5074] umount2("./73/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./73/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./73/cgroup") = 0 [pid 5074] umount2("./73/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./73/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./73/cgroup.net") = 0 [ 244.053856][ T5879] Call Trace: [ 244.057178][ T5879] [ 244.060146][ T5879] dump_stack_lvl+0x1e7/0x2d0 [ 244.064879][ T5879] ? nf_tcp_handle_invalid+0x640/0x640 [ 244.070387][ T5879] ? panic+0x770/0x770 [ 244.074534][ T5879] dump_header+0xdc/0x940 [ 244.078928][ T5879] out_of_memory+0xf21/0x12c0 [ 244.083667][ T5879] ? mutex_lock_io_nested+0x60/0x60 [ 244.088924][ T5879] ? preempt_schedule+0xdd/0xf0 [ 244.093823][ T5879] ? unregister_oom_notifier+0x20/0x20 [ 244.099332][ T5879] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 244.105378][ T5879] mem_cgroup_out_of_memory+0x263/0x3b0 [ 244.110982][ T5879] ? preempt_schedule_thunk+0x1a/0x20 [ 244.116416][ T5879] ? mem_cgroup_oom_trylock+0x210/0x210 [ 244.122017][ T5879] ? cgroup_file_notify+0x127/0x190 [ 244.127245][ T5879] memory_max_write+0x355/0x470 [ 244.132126][ T5879] ? memory_max_show+0xa0/0xa0 [ 244.136909][ T5879] ? read_lock_is_recursive+0x20/0x20 [ 244.142306][ T5879] ? memory_max_show+0xa0/0xa0 [ 244.147087][ T5879] cgroup_file_write+0x2b1/0x780 [ 244.152043][ T5879] ? cgroup_seqfile_stop+0xd0/0xd0 [ 244.157169][ T5879] ? __virt_addr_valid+0x22f/0x2e0 [ 244.162309][ T5879] ? cgroup_seqfile_stop+0xd0/0xd0 [ 244.167435][ T5879] kernfs_fop_write_iter+0x3a6/0x4f0 [ 244.172749][ T5879] vfs_write+0x7b2/0xbb0 [ 244.177020][ T5879] ? file_end_write+0x240/0x240 [ 244.181897][ T5879] ? do_raw_spin_unlock+0x13b/0x8b0 [ 244.187129][ T5879] ? lockdep_hardirqs_on+0x98/0x140 [ 244.192372][ T5879] ? __fdget_pos+0x265/0x2f0 [ 244.197003][ T5879] ksys_write+0x1a0/0x2c0 [ 244.201366][ T5879] ? __ia32_sys_read+0x90/0x90 [ 244.206149][ T5879] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 244.212156][ T5879] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 244.218161][ T5879] do_syscall_64+0x41/0xc0 [ 244.222690][ T5879] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 244.228652][ T5879] RIP: 0033:0x7fd49ce20129 [ 244.233098][ T5879] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5074] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 244.252724][ T5879] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 244.261155][ T5879] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 244.269138][ T5879] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 244.277119][ T5879] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 244.285102][ T5879] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 244.293084][ T5879] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000045 [ 244.301096][ T5879] [pid 5074] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./73/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./73/file0") = 0 [pid 5074] umount2("./73/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./73/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 244.318530][ T5879] memory: usage 8kB, limit 0kB, failcnt 55 [ 244.325583][ T5879] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 244.333861][ T5879] Memory cgroup stats for /syz1: [ 244.334194][ T5879] anon 0 [ 244.334194][ T5879] file 0 [ 244.334194][ T5879] kernel 8192 [ 244.334194][ T5879] kernel_stack 0 [ 244.334194][ T5879] pagetables 0 [ 244.334194][ T5879] sec_pagetables 0 [ 244.334194][ T5879] percpu 0 [ 244.334194][ T5879] sock 0 [ 244.334194][ T5879] vmalloc 0 [ 244.334194][ T5879] shmem 0 [ 244.334194][ T5879] zswap 0 [ 244.334194][ T5879] zswapped 0 [ 244.334194][ T5879] file_mapped 0 [ 244.334194][ T5879] file_dirty 0 [ 244.334194][ T5879] file_writeback 0 [ 244.334194][ T5879] swapcached 0 [ 244.334194][ T5879] anon_thp 0 [ 244.334194][ T5879] file_thp 0 [ 244.334194][ T5879] shmem_thp 0 [ 244.334194][ T5879] inactive_anon 0 [ 244.334194][ T5879] active_anon 0 [ 244.334194][ T5879] inactive_file 0 [ 244.334194][ T5879] active_file 0 [ 244.334194][ T5879] unevictable 0 [ 244.334194][ T5879] slab_reclaimable 6752 [pid 5074] unlink("./73/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./73") = 0 [pid 5074] mkdir("./74", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 76 ./strace-static-x86_64: Process 5883 attached [pid 5883] chdir("./74") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5883] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5883] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] mkdir("./file0", 000) = 0 [pid 5883] open("./file0", O_RDONLY) = 3 [pid 5883] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5883] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5883] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5883] openat(5, "memory.max", O_RDWR) = 6 [pid 5883] write(6, "0x000000000000040e", 18 [pid 5879] <... write resumed>) = 18 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] close(5) = 0 [pid 5879] close(6) = 0 [pid 5879] close(7) = -1 EBADF (Bad file descriptor) [pid 5879] close(8) = -1 EBADF (Bad file descriptor) [pid 5879] close(9) = -1 EBADF (Bad file descriptor) [pid 5879] close(10) = -1 EBADF (Bad file descriptor) [pid 5879] close(11) = -1 EBADF (Bad file descriptor) [pid 5879] close(12) = -1 EBADF (Bad file descriptor) [pid 5879] close(13) = -1 EBADF (Bad file descriptor) [pid 5879] close(14) = -1 EBADF (Bad file descriptor) [pid 5879] close(15) = -1 EBADF (Bad file descriptor) [pid 5879] close(16) = -1 EBADF (Bad file descriptor) [pid 5879] close(17) = -1 EBADF (Bad file descriptor) [pid 5879] close(18) = -1 EBADF (Bad file descriptor) [pid 5879] close(19) = -1 EBADF (Bad file descriptor) [pid 5879] close(20) = -1 EBADF (Bad file descriptor) [pid 5879] close(21) = -1 EBADF (Bad file descriptor) [pid 5879] close(22) = -1 EBADF (Bad file descriptor) [pid 5879] close(23) = -1 EBADF (Bad file descriptor) [pid 5879] close(24) = -1 EBADF (Bad file descriptor) [pid 5879] close(25) = -1 EBADF (Bad file descriptor) [pid 5879] close(26) = -1 EBADF (Bad file descriptor) [pid 5879] close(27) = -1 EBADF (Bad file descriptor) [pid 5879] close(28) = -1 EBADF (Bad file descriptor) [pid 5879] close(29) = -1 EBADF (Bad file descriptor) [pid 5879] exit_group(0) = ? [ 244.334194][ T5879] slab_unreclaimable 0 [ 244.334194][ T5879] slab 6752 [ 244.334194][ T5879] workingset_refault_anon 0 [ 244.434341][ T5879] Tasks state (memory values in pages): [ 244.440262][ T5879] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 244.450582][ T5879] Out of memory and no killable processes... [ 244.456928][ T5880] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5879] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./69/binderfs") = 0 [pid 5073] umount2("./69/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./69/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./69/cgroup") = 0 [pid 5073] umount2("./69/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./69/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./69/cgroup.net") = 0 [ 244.475216][ T5880] CPU: 0 PID: 5880 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 244.485714][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 244.495822][ T5880] Call Trace: [ 244.499151][ T5880] [ 244.502126][ T5880] dump_stack_lvl+0x1e7/0x2d0 [ 244.506874][ T5880] ? nf_tcp_handle_invalid+0x640/0x640 [ 244.512419][ T5880] ? panic+0x770/0x770 [ 244.516533][ T5880] dump_header+0xdc/0x940 [ 244.520898][ T5880] out_of_memory+0xf21/0x12c0 [ 244.525617][ T5880] ? mutex_lock_io_nested+0x60/0x60 [ 244.530877][ T5880] ? mark_lock+0x9a/0x340 [ 244.535242][ T5880] ? unregister_oom_notifier+0x20/0x20 [ 244.540729][ T5880] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 244.546775][ T5880] mem_cgroup_out_of_memory+0x263/0x3b0 [ 244.552374][ T5880] ? mem_cgroup_oom_trylock+0x210/0x210 [ 244.557966][ T5880] ? cgroup_file_notify+0x127/0x190 [ 244.563207][ T5880] memory_max_write+0x355/0x470 [ 244.568110][ T5880] ? memory_max_show+0xa0/0xa0 [ 244.572927][ T5880] ? read_lock_is_recursive+0x20/0x20 [ 244.578376][ T5880] ? memory_max_show+0xa0/0xa0 [ 244.583181][ T5880] cgroup_file_write+0x2b1/0x780 [ 244.588147][ T5880] ? cgroup_seqfile_stop+0xd0/0xd0 [ 244.593269][ T5880] ? __virt_addr_valid+0x22f/0x2e0 [ 244.598409][ T5880] ? cgroup_seqfile_stop+0xd0/0xd0 [ 244.603535][ T5880] kernfs_fop_write_iter+0x3a6/0x4f0 [ 244.608844][ T5880] vfs_write+0x7b2/0xbb0 [ 244.613116][ T5880] ? file_end_write+0x240/0x240 [ 244.617991][ T5880] ? do_raw_spin_unlock+0x13b/0x8b0 [ 244.623206][ T5880] ? lockdep_hardirqs_on+0x98/0x140 [ 244.628436][ T5880] ? __fdget_pos+0x265/0x2f0 [ 244.633046][ T5880] ksys_write+0x1a0/0x2c0 [ 244.637400][ T5880] ? __ia32_sys_read+0x90/0x90 [ 244.642184][ T5880] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 244.648188][ T5880] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 244.654195][ T5880] do_syscall_64+0x41/0xc0 [ 244.658631][ T5880] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 244.664545][ T5880] RIP: 0033:0x7fd49ce20129 [ 244.668975][ T5880] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 244.688590][ T5880] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 244.697019][ T5880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 244.705001][ T5880] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 244.713004][ T5880] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5073] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./69/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [ 244.721017][ T5880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 244.729017][ T5880] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000042 [ 244.737034][ T5880] [ 244.751546][ T5880] memory: usage 8kB, limit 0kB, failcnt 55 [ 244.757660][ T5880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 244.764744][ T5880] Memory cgroup stats for /syz1: [ 244.764952][ T5880] anon 0 [ 244.764952][ T5880] file 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./69/file0") = 0 [pid 5073] umount2("./69/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./69/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./69/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./69") = 0 [pid 5073] mkdir("./70", 0777) = 0 [ 244.764952][ T5880] kernel 8192 [ 244.764952][ T5880] kernel_stack 0 [ 244.764952][ T5880] pagetables 0 [ 244.764952][ T5880] sec_pagetables 0 [ 244.764952][ T5880] percpu 0 [ 244.764952][ T5880] sock 0 [ 244.764952][ T5880] vmalloc 0 [ 244.764952][ T5880] shmem 0 [ 244.764952][ T5880] zswap 0 [ 244.764952][ T5880] zswapped 0 [ 244.764952][ T5880] file_mapped 0 [ 244.764952][ T5880] file_dirty 0 [ 244.764952][ T5880] file_writeback 0 [ 244.764952][ T5880] swapcached 0 [ 244.764952][ T5880] anon_thp 0 [ 244.764952][ T5880] file_thp 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached [pid 5884] chdir("./70" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 72 [pid 5884] <... chdir resumed>) = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5884] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5884] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] mkdir("./file0", 000) = 0 [pid 5884] open("./file0", O_RDONLY) = 3 [pid 5884] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5884] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5884] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5884] openat(5, "memory.max", O_RDWR) = 6 [ 244.764952][ T5880] shmem_thp 0 [ 244.764952][ T5880] inactive_anon 0 [ 244.764952][ T5880] active_anon 0 [ 244.764952][ T5880] inactive_file 0 [ 244.764952][ T5880] active_file 0 [ 244.764952][ T5880] unevictable 0 [ 244.764952][ T5880] slab_reclaimable 6752 [ 244.764952][ T5880] slab_unreclaimable 0 [ 244.764952][ T5880] slab 6752 [ 244.764952][ T5880] workingset_refault_anon 0 [ 244.864254][ T5880] Tasks state (memory values in pages): [pid 5884] write(6, "0x000000000000040e", 18 [pid 5880] <... write resumed>) = 18 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] close(5) = 0 [pid 5880] close(6) = 0 [pid 5880] close(7) = -1 EBADF (Bad file descriptor) [pid 5880] close(8) = -1 EBADF (Bad file descriptor) [pid 5880] close(9) = -1 EBADF (Bad file descriptor) [pid 5880] close(10) = -1 EBADF (Bad file descriptor) [pid 5880] close(11) = -1 EBADF (Bad file descriptor) [pid 5880] close(12) = -1 EBADF (Bad file descriptor) [pid 5880] close(13) = -1 EBADF (Bad file descriptor) [pid 5880] close(14) = -1 EBADF (Bad file descriptor) [ 244.870766][ T5880] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 244.882701][ T5880] Out of memory and no killable processes... [ 244.890665][ T5881] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 244.909242][ T5881] CPU: 1 PID: 5881 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 244.919750][ T5881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 244.929847][ T5881] Call Trace: [ 244.933161][ T5881] [ 244.936149][ T5881] dump_stack_lvl+0x1e7/0x2d0 [ 244.940888][ T5881] ? nf_tcp_handle_invalid+0x640/0x640 [ 244.946403][ T5881] ? panic+0x770/0x770 [ 244.950541][ T5881] dump_header+0xdc/0x940 [ 244.954931][ T5881] out_of_memory+0xf21/0x12c0 [ 244.959666][ T5881] ? mutex_lock_io_nested+0x60/0x60 [ 244.965014][ T5881] ? preempt_schedule+0xdd/0xf0 [ 244.969912][ T5881] ? unregister_oom_notifier+0x20/0x20 [pid 5880] close(15) = -1 EBADF (Bad file descriptor) [pid 5880] close(16) = -1 EBADF (Bad file descriptor) [pid 5880] close(17) = -1 EBADF (Bad file descriptor) [pid 5880] close(18) = -1 EBADF (Bad file descriptor) [pid 5880] close(19) = -1 EBADF (Bad file descriptor) [pid 5880] close(20) = -1 EBADF (Bad file descriptor) [pid 5880] close(21) = -1 EBADF (Bad file descriptor) [pid 5880] close(22) = -1 EBADF (Bad file descriptor) [pid 5880] close(23) = -1 EBADF (Bad file descriptor) [ 244.975415][ T5881] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 244.981463][ T5881] mem_cgroup_out_of_memory+0x263/0x3b0 [ 244.987037][ T5881] ? preempt_schedule_thunk+0x1a/0x20 [ 244.992449][ T5881] ? mem_cgroup_oom_trylock+0x210/0x210 [ 244.998078][ T5881] ? cgroup_file_notify+0x127/0x190 [ 245.003337][ T5881] memory_max_write+0x355/0x470 [ 245.008242][ T5881] ? memory_max_show+0xa0/0xa0 [ 245.013061][ T5881] ? read_lock_is_recursive+0x20/0x20 [ 245.018470][ T5881] ? memory_max_show+0xa0/0xa0 [ 245.023257][ T5881] cgroup_file_write+0x2b1/0x780 [ 245.028223][ T5881] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.033350][ T5881] ? __virt_addr_valid+0x22f/0x2e0 [ 245.038490][ T5881] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.043643][ T5881] kernfs_fop_write_iter+0x3a6/0x4f0 [ 245.048961][ T5881] vfs_write+0x7b2/0xbb0 [ 245.053244][ T5881] ? file_end_write+0x240/0x240 [ 245.058132][ T5881] ? do_raw_spin_unlock+0x13b/0x8b0 [ 245.063361][ T5881] ? lockdep_hardirqs_on+0x98/0x140 [ 245.068602][ T5881] ? __fdget_pos+0x265/0x2f0 [ 245.073234][ T5881] ksys_write+0x1a0/0x2c0 [ 245.077613][ T5881] ? __ia32_sys_read+0x90/0x90 [ 245.082442][ T5881] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 245.088524][ T5881] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 245.094560][ T5881] do_syscall_64+0x41/0xc0 [ 245.099023][ T5881] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 245.105025][ T5881] RIP: 0033:0x7fd49ce20129 [ 245.109492][ T5881] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 245.129157][ T5881] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 245.137805][ T5881] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 245.145823][ T5881] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 245.153927][ T5881] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 245.161943][ T5881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 245.170048][ T5881] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000048 [pid 5880] close(24) = -1 EBADF (Bad file descriptor) [pid 5880] close(25) = -1 EBADF (Bad file descriptor) [pid 5880] close(26) = -1 EBADF (Bad file descriptor) [pid 5880] close(27) = -1 EBADF (Bad file descriptor) [pid 5880] close(28) = -1 EBADF (Bad file descriptor) [pid 5880] close(29) = -1 EBADF (Bad file descriptor) [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./66/binderfs") = 0 [pid 5072] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./66/cgroup") = 0 [pid 5072] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./66/cgroup.net") = 0 [pid 5072] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./66/file0") = 0 [pid 5072] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./66/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./66") = 0 [pid 5072] mkdir("./67", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached [pid 5885] chdir("./67" [pid 5072] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 69 [pid 5885] <... chdir resumed>) = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5885] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 245.178089][ T5881] [ 245.195709][ T5881] memory: usage 8kB, limit 0kB, failcnt 55 [ 245.204337][ T5881] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 245.218552][ T5881] Memory cgroup stats for /syz1: [ 245.218757][ T5881] anon 0 [pid 5885] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5885] mkdir("./file0", 000) = 0 [pid 5885] open("./file0", O_RDONLY) = 3 [pid 5885] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5885] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5885] openat(5, "memory.max", O_RDWR) = 6 [ 245.218757][ T5881] file 0 [ 245.218757][ T5881] kernel 8192 [ 245.218757][ T5881] kernel_stack 0 [ 245.218757][ T5881] pagetables 0 [ 245.218757][ T5881] sec_pagetables 0 [ 245.218757][ T5881] percpu 0 [ 245.218757][ T5881] sock 0 [ 245.218757][ T5881] vmalloc 0 [ 245.218757][ T5881] shmem 0 [ 245.218757][ T5881] zswap 0 [ 245.218757][ T5881] zswapped 0 [ 245.218757][ T5881] file_mapped 0 [ 245.218757][ T5881] file_dirty 0 [ 245.218757][ T5881] file_writeback 0 [ 245.218757][ T5881] swapcached 0 [ 245.218757][ T5881] anon_thp 0 [ 245.218757][ T5881] file_thp 0 [ 245.218757][ T5881] shmem_thp 0 [ 245.218757][ T5881] inactive_anon 0 [ 245.218757][ T5881] active_anon 0 [ 245.218757][ T5881] inactive_file 0 [ 245.218757][ T5881] active_file 0 [ 245.218757][ T5881] unevictable 0 [ 245.218757][ T5881] slab_reclaimable 6752 [ 245.218757][ T5881] slab_unreclaimable 0 [ 245.218757][ T5881] slab 6752 [ 245.218757][ T5881] workingset_refault_anon 0 [ 245.319443][ T5881] Tasks state (memory values in pages): [pid 5885] write(6, "0x000000000000040e", 18 [pid 5881] <... write resumed>) = 18 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] close(5) = 0 [pid 5881] close(6) = 0 [pid 5881] close(7) = -1 EBADF (Bad file descriptor) [ 245.325302][ T5881] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 245.347428][ T5881] Out of memory and no killable processes... [ 245.353837][ T5882] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 245.365221][ T5882] CPU: 0 PID: 5882 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [pid 5881] close(8) = -1 EBADF (Bad file descriptor) [pid 5881] close(9) = -1 EBADF (Bad file descriptor) [pid 5881] close(10) = -1 EBADF (Bad file descriptor) [pid 5881] close(11) = -1 EBADF (Bad file descriptor) [pid 5881] close(12) = -1 EBADF (Bad file descriptor) [pid 5881] close(13) = -1 EBADF (Bad file descriptor) [pid 5881] close(14) = -1 EBADF (Bad file descriptor) [pid 5881] close(15) = -1 EBADF (Bad file descriptor) [pid 5881] close(16) = -1 EBADF (Bad file descriptor) [pid 5881] close(17) = -1 EBADF (Bad file descriptor) [pid 5881] close(18) = -1 EBADF (Bad file descriptor) [pid 5881] close(19) = -1 EBADF (Bad file descriptor) [pid 5881] close(20) = -1 EBADF (Bad file descriptor) [pid 5881] close(21) = -1 EBADF (Bad file descriptor) [pid 5881] close(22) = -1 EBADF (Bad file descriptor) [pid 5881] close(23) = -1 EBADF (Bad file descriptor) [pid 5881] close(24) = -1 EBADF (Bad file descriptor) [pid 5881] close(25) = -1 EBADF (Bad file descriptor) [pid 5881] close(26) = -1 EBADF (Bad file descriptor) [pid 5881] close(27) = -1 EBADF (Bad file descriptor) [pid 5881] close(28) = -1 EBADF (Bad file descriptor) [ 245.375701][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 245.385830][ T5882] Call Trace: [ 245.389157][ T5882] [ 245.392140][ T5882] dump_stack_lvl+0x1e7/0x2d0 [ 245.396880][ T5882] ? nf_tcp_handle_invalid+0x640/0x640 [ 245.402399][ T5882] ? panic+0x770/0x770 [ 245.406539][ T5882] dump_header+0xdc/0x940 [ 245.410931][ T5882] out_of_memory+0xf21/0x12c0 [ 245.415681][ T5882] ? mutex_lock_io_nested+0x60/0x60 [ 245.420942][ T5882] ? mark_lock+0x9a/0x340 [pid 5881] close(29) = -1 EBADF (Bad file descriptor) [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=74, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./72/binderfs") = 0 [pid 5075] umount2("./72/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./72/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./72/cgroup") = 0 [pid 5075] umount2("./72/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./72/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./72/cgroup.net") = 0 [ 245.425310][ T5882] ? unregister_oom_notifier+0x20/0x20 [ 245.430838][ T5882] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 245.436889][ T5882] mem_cgroup_out_of_memory+0x263/0x3b0 [ 245.442497][ T5882] ? mem_cgroup_oom_trylock+0x210/0x210 [ 245.448113][ T5882] ? cgroup_file_notify+0x127/0x190 [ 245.453373][ T5882] memory_max_write+0x355/0x470 [ 245.458286][ T5882] ? memory_max_show+0xa0/0xa0 [ 245.463108][ T5882] ? read_lock_is_recursive+0x20/0x20 [ 245.468542][ T5882] ? memory_max_show+0xa0/0xa0 [ 245.473344][ T5882] cgroup_file_write+0x2b1/0x780 [ 245.478302][ T5882] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.483425][ T5882] ? __virt_addr_valid+0x22f/0x2e0 [ 245.488568][ T5882] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.493690][ T5882] kernfs_fop_write_iter+0x3a6/0x4f0 [ 245.498999][ T5882] vfs_write+0x7b2/0xbb0 [ 245.503267][ T5882] ? file_end_write+0x240/0x240 [ 245.508140][ T5882] ? do_raw_spin_unlock+0x13b/0x8b0 [ 245.513385][ T5882] ? lockdep_hardirqs_on+0x98/0x140 [ 245.518608][ T5882] ? __fdget_pos+0x265/0x2f0 [ 245.523219][ T5882] ksys_write+0x1a0/0x2c0 [ 245.527571][ T5882] ? __ia32_sys_read+0x90/0x90 [ 245.532351][ T5882] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 245.538356][ T5882] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 245.544361][ T5882] do_syscall_64+0x41/0xc0 [ 245.548796][ T5882] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 245.554723][ T5882] RIP: 0033:0x7fd49ce20129 [ 245.559150][ T5882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 245.578774][ T5882] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 245.587202][ T5882] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 245.595200][ T5882] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 245.603190][ T5882] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 245.611173][ T5882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 245.619155][ T5882] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000042 [ 245.627156][ T5882] [pid 5075] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./72/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./72/file0") = 0 [pid 5075] umount2("./72/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./72/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./72/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./72") = 0 [pid 5075] mkdir("./73", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 75 ./strace-static-x86_64: Process 5886 attached [pid 5886] chdir("./73") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 245.638481][ T5882] memory: usage 8kB, limit 0kB, failcnt 55 [ 245.644577][ T5882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 245.654620][ T5882] Memory cgroup stats for /syz1: [ 245.654857][ T5882] anon 0 [ 245.654857][ T5882] file 0 [ 245.654857][ T5882] kernel 8192 [ 245.654857][ T5882] kernel_stack 0 [ 245.654857][ T5882] pagetables 0 [ 245.654857][ T5882] sec_pagetables 0 [ 245.654857][ T5882] percpu 0 [ 245.654857][ T5882] sock 0 [ 245.654857][ T5882] vmalloc 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5886] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5886] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] mkdir("./file0", 000) = 0 [pid 5886] open("./file0", O_RDONLY) = 3 [ 245.654857][ T5882] shmem 0 [ 245.654857][ T5882] zswap 0 [ 245.654857][ T5882] zswapped 0 [ 245.654857][ T5882] file_mapped 0 [ 245.654857][ T5882] file_dirty 0 [ 245.654857][ T5882] file_writeback 0 [ 245.654857][ T5882] swapcached 0 [ 245.654857][ T5882] anon_thp 0 [ 245.654857][ T5882] file_thp 0 [ 245.654857][ T5882] shmem_thp 0 [ 245.654857][ T5882] inactive_anon 0 [ 245.654857][ T5882] active_anon 0 [ 245.654857][ T5882] inactive_file 0 [ 245.654857][ T5882] active_file 0 [ 245.654857][ T5882] unevictable 0 [pid 5886] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5886] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5886] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5886] openat(5, "memory.max", O_RDWR) = 6 [pid 5886] write(6, "0x000000000000040e", 18 [pid 5882] <... write resumed>) = 18 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] close(5) = 0 [pid 5882] close(6) = 0 [pid 5882] close(7) = -1 EBADF (Bad file descriptor) [pid 5882] close(8) = -1 EBADF (Bad file descriptor) [pid 5882] close(9) = -1 EBADF (Bad file descriptor) [pid 5882] close(10) = -1 EBADF (Bad file descriptor) [pid 5882] close(11) = -1 EBADF (Bad file descriptor) [pid 5882] close(12) = -1 EBADF (Bad file descriptor) [pid 5882] close(13) = -1 EBADF (Bad file descriptor) [pid 5882] close(14) = -1 EBADF (Bad file descriptor) [pid 5882] close(15) = -1 EBADF (Bad file descriptor) [pid 5882] close(16) = -1 EBADF (Bad file descriptor) [pid 5882] close(17) = -1 EBADF (Bad file descriptor) [pid 5882] close(18) = -1 EBADF (Bad file descriptor) [pid 5882] close(19) = -1 EBADF (Bad file descriptor) [pid 5882] close(20) = -1 EBADF (Bad file descriptor) [pid 5882] close(21) = -1 EBADF (Bad file descriptor) [pid 5882] close(22) = -1 EBADF (Bad file descriptor) [pid 5882] close(23) = -1 EBADF (Bad file descriptor) [pid 5882] close(24) = -1 EBADF (Bad file descriptor) [pid 5882] close(25) = -1 EBADF (Bad file descriptor) [pid 5882] close(26) = -1 EBADF (Bad file descriptor) [pid 5882] close(27) = -1 EBADF (Bad file descriptor) [pid 5882] close(28) = -1 EBADF (Bad file descriptor) [pid 5882] close(29) = -1 EBADF (Bad file descriptor) [pid 5882] exit_group(0) = ? [pid 5882] +++ exited with 0 +++ [ 245.654857][ T5882] slab_reclaimable 6752 [ 245.654857][ T5882] slab_unreclaimable 0 [ 245.654857][ T5882] slab 6752 [ 245.654857][ T5882] workingset_refault_anon 0 [ 245.755628][ T5882] Tasks state (memory values in pages): [ 245.761424][ T5882] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 245.771651][ T5882] Out of memory and no killable processes... [ 245.778015][ T5883] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5070] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./66/binderfs") = 0 [pid 5070] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./66/cgroup") = 0 [pid 5070] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./66/cgroup.net") = 0 [ 245.795084][ T5883] CPU: 1 PID: 5883 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 245.805577][ T5883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 245.815690][ T5883] Call Trace: [ 245.819019][ T5883] [ 245.822016][ T5883] dump_stack_lvl+0x1e7/0x2d0 [ 245.826748][ T5883] ? nf_tcp_handle_invalid+0x640/0x640 [ 245.832246][ T5883] ? panic+0x770/0x770 [ 245.836340][ T5883] dump_header+0xdc/0x940 [ 245.840716][ T5883] out_of_memory+0xf21/0x12c0 [ 245.845435][ T5883] ? mutex_lock_io_nested+0x60/0x60 [ 245.850675][ T5883] ? preempt_schedule+0xdd/0xf0 [ 245.855576][ T5883] ? unregister_oom_notifier+0x20/0x20 [ 245.861074][ T5883] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 245.867099][ T5883] mem_cgroup_out_of_memory+0x263/0x3b0 [ 245.872678][ T5883] ? preempt_schedule_thunk+0x1a/0x20 [ 245.878085][ T5883] ? mem_cgroup_oom_trylock+0x210/0x210 [ 245.883674][ T5883] ? cgroup_file_notify+0x127/0x190 [ 245.888905][ T5883] memory_max_write+0x355/0x470 [ 245.893789][ T5883] ? memory_max_show+0xa0/0xa0 [ 245.898570][ T5883] ? read_lock_is_recursive+0x20/0x20 [ 245.903964][ T5883] ? memory_max_show+0xa0/0xa0 [ 245.908741][ T5883] cgroup_file_write+0x2b1/0x780 [ 245.913719][ T5883] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.918846][ T5883] ? __virt_addr_valid+0x22f/0x2e0 [ 245.923988][ T5883] ? cgroup_seqfile_stop+0xd0/0xd0 [ 245.929109][ T5883] kernfs_fop_write_iter+0x3a6/0x4f0 [ 245.934419][ T5883] vfs_write+0x7b2/0xbb0 [ 245.938686][ T5883] ? file_end_write+0x240/0x240 [ 245.943557][ T5883] ? do_raw_spin_unlock+0x13b/0x8b0 [ 245.948775][ T5883] ? lockdep_hardirqs_on+0x98/0x140 [ 245.954001][ T5883] ? __fdget_pos+0x265/0x2f0 [ 245.958610][ T5883] ksys_write+0x1a0/0x2c0 [ 245.962957][ T5883] ? __ia32_sys_read+0x90/0x90 [ 245.967737][ T5883] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 245.973745][ T5883] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 245.979751][ T5883] do_syscall_64+0x41/0xc0 [ 245.984181][ T5883] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 245.990118][ T5883] RIP: 0033:0x7fd49ce20129 [ 245.994543][ T5883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 246.014157][ T5883] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.022581][ T5883] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 246.030562][ T5883] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 246.038543][ T5883] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5070] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 246.046529][ T5883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 246.054527][ T5883] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000004a [ 246.062526][ T5883] [ 246.073828][ T5883] memory: usage 8kB, limit 0kB, failcnt 55 [ 246.079893][ T5883] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 246.088451][ T5883] Memory cgroup stats for /syz1: [ 246.088715][ T5883] anon 0 [ 246.088715][ T5883] file 0 [ 246.088715][ T5883] kernel 8192 [ 246.088715][ T5883] kernel_stack 0 [ 246.088715][ T5883] pagetables 0 [ 246.088715][ T5883] sec_pagetables 0 [ 246.088715][ T5883] percpu 0 [ 246.088715][ T5883] sock 0 [ 246.088715][ T5883] vmalloc 0 [ 246.088715][ T5883] shmem 0 [ 246.088715][ T5883] zswap 0 [ 246.088715][ T5883] zswapped 0 [ 246.088715][ T5883] file_mapped 0 [ 246.088715][ T5883] file_dirty 0 [ 246.088715][ T5883] file_writeback 0 [ 246.088715][ T5883] swapcached 0 [ 246.088715][ T5883] anon_thp 0 [ 246.088715][ T5883] file_thp 0 [ 246.088715][ T5883] shmem_thp 0 [ 246.088715][ T5883] inactive_anon 0 [ 246.088715][ T5883] active_anon 0 [ 246.088715][ T5883] inactive_file 0 [ 246.088715][ T5883] active_file 0 [ 246.088715][ T5883] unevictable 0 [ 246.088715][ T5883] slab_reclaimable 6752 [ 246.088715][ T5883] slab_unreclaimable 0 [ 246.088715][ T5883] slab 6752 [ 246.088715][ T5883] workingset_refault_anon 0 [pid 5070] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./66/file0") = 0 [pid 5070] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./66/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./66") = 0 [pid 5070] mkdir("./67", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 69 ./strace-static-x86_64: Process 5887 attached [pid 5887] chdir("./67") = 0 [pid 5883] <... write resumed>) = 18 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] close(3 [pid 5887] setpgid(0, 0) = 0 [pid 5883] <... close resumed>) = 0 [pid 5887] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5883] close(4 [pid 5887] <... symlink resumed>) = 0 [pid 5887] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5883] <... close resumed>) = 0 [pid 5887] <... symlink resumed>) = 0 [pid 5883] close(5 [pid 5887] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5883] <... close resumed>) = 0 [pid 5887] <... symlink resumed>) = 0 [pid 5883] close(6 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5883] <... close resumed>) = 0 [pid 5887] <... openat resumed>) = 3 [pid 5883] close(7 [pid 5887] write(3, "1000", 4 [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 246.192014][ T5883] Tasks state (memory values in pages): [ 246.199584][ T5883] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 246.210157][ T5883] Out of memory and no killable processes... [ 246.217193][ T5884] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 246.229417][ T5884] CPU: 1 PID: 5884 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 246.239900][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 246.250009][ T5884] Call Trace: [ 246.253334][ T5884] [ 246.256324][ T5884] dump_stack_lvl+0x1e7/0x2d0 [ 246.261066][ T5884] ? nf_tcp_handle_invalid+0x640/0x640 [ 246.266577][ T5884] ? panic+0x770/0x770 [ 246.270718][ T5884] dump_header+0xdc/0x940 [ 246.275106][ T5884] out_of_memory+0xf21/0x12c0 [ 246.279840][ T5884] ? mutex_lock_io_nested+0x60/0x60 [ 246.285101][ T5884] ? preempt_schedule+0xdd/0xf0 [ 246.290021][ T5884] ? unregister_oom_notifier+0x20/0x20 [pid 5887] <... write resumed>) = 4 [pid 5883] close(8 [pid 5887] close(3 [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... close resumed>) = 0 [pid 5883] close(9 [pid 5887] symlink("/dev/binderfs", "./binderfs" [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... symlink resumed>) = 0 [pid 5883] close(10 [pid 5887] mkdir("./file0", 000 [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... mkdir resumed>) = 0 [pid 5883] close(11 [pid 5887] open("./file0", O_RDONLY [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 246.295532][ T5884] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 246.301576][ T5884] mem_cgroup_out_of_memory+0x263/0x3b0 [ 246.307164][ T5884] ? preempt_schedule_thunk+0x1a/0x20 [ 246.312599][ T5884] ? mem_cgroup_oom_trylock+0x210/0x210 [ 246.318195][ T5884] ? cgroup_file_notify+0x127/0x190 [ 246.323431][ T5884] memory_max_write+0x355/0x470 [ 246.328320][ T5884] ? memory_max_show+0xa0/0xa0 [ 246.333094][ T5884] ? read_lock_is_recursive+0x20/0x20 [ 246.338510][ T5884] ? memory_max_show+0xa0/0xa0 [ 246.343314][ T5884] cgroup_file_write+0x2b1/0x780 [ 246.348268][ T5884] ? cgroup_seqfile_stop+0xd0/0xd0 [ 246.353397][ T5884] ? __virt_addr_valid+0x22f/0x2e0 [ 246.358560][ T5884] ? cgroup_seqfile_stop+0xd0/0xd0 [ 246.363691][ T5884] kernfs_fop_write_iter+0x3a6/0x4f0 [ 246.369033][ T5884] vfs_write+0x7b2/0xbb0 [ 246.373326][ T5884] ? file_end_write+0x240/0x240 [ 246.378227][ T5884] ? do_raw_spin_unlock+0x13b/0x8b0 [ 246.383471][ T5884] ? lockdep_hardirqs_on+0x98/0x140 [ 246.388712][ T5884] ? __fdget_pos+0x265/0x2f0 [ 246.393355][ T5884] ksys_write+0x1a0/0x2c0 [ 246.397741][ T5884] ? __ia32_sys_read+0x90/0x90 [ 246.402546][ T5884] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 246.408561][ T5884] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 246.414609][ T5884] do_syscall_64+0x41/0xc0 [ 246.419042][ T5884] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 246.424977][ T5884] RIP: 0033:0x7fd49ce20129 [ 246.429417][ T5884] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 246.449061][ T5884] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.457497][ T5884] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 246.465511][ T5884] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 246.473512][ T5884] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 246.481494][ T5884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 246.489488][ T5884] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000046 [pid 5887] <... open resumed>) = 3 [pid 5883] close(12 [pid 5887] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... mount resumed>) = 0 [pid 5883] close(13 [pid 5887] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... openat resumed>) = 4 [pid 5883] close(14 [pid 5887] openat(4, "syz1", O_RDWR|O_PATH [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... openat resumed>) = 5 [pid 5883] close(15 [pid 5887] openat(5, "memory.max", O_RDWR [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5887] <... openat resumed>) = 6 [pid 5883] close(16 [pid 5887] write(6, "0x000000000000040e", 18 [pid 5883] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5883] close(17) = -1 EBADF (Bad file descriptor) [pid 5883] close(18) = -1 EBADF (Bad file descriptor) [pid 5883] close(19) = -1 EBADF (Bad file descriptor) [pid 5883] close(20) = -1 EBADF (Bad file descriptor) [pid 5883] close(21) = -1 EBADF (Bad file descriptor) [pid 5883] close(22) = -1 EBADF (Bad file descriptor) [pid 5883] close(23) = -1 EBADF (Bad file descriptor) [pid 5883] close(24) = -1 EBADF (Bad file descriptor) [pid 5883] close(25) = -1 EBADF (Bad file descriptor) [pid 5883] close(26) = -1 EBADF (Bad file descriptor) [pid 5883] close(27) = -1 EBADF (Bad file descriptor) [pid 5883] close(28) = -1 EBADF (Bad file descriptor) [pid 5883] close(29) = -1 EBADF (Bad file descriptor) [pid 5883] exit_group(0) = ? [pid 5883] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=76, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./74/binderfs") = 0 [pid 5074] umount2("./74/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./74/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./74/cgroup") = 0 [pid 5074] umount2("./74/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./74/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./74/cgroup.net") = 0 [pid 5074] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./74/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./74/file0") = 0 [pid 5074] umount2("./74/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./74/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./74/cgroup.cpu") = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./74") = 0 [pid 5074] mkdir("./75", 0777) = 0 [ 246.497506][ T5884] [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached [pid 5888] chdir("./75" [pid 5074] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 77 [pid 5888] <... chdir resumed>) = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5888] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5888] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] mkdir("./file0", 000) = 0 [pid 5888] open("./file0", O_RDONLY) = 3 [pid 5888] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5888] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5888] openat(5, "memory.max", O_RDWR) = 6 [ 246.525919][ T5884] memory: usage 8kB, limit 0kB, failcnt 55 [ 246.538993][ T5884] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 246.553621][ T5884] Memory cgroup stats for /syz1: [ 246.553931][ T5884] anon 0 [ 246.553931][ T5884] file 0 [ 246.553931][ T5884] kernel 8192 [ 246.553931][ T5884] kernel_stack 0 [ 246.553931][ T5884] pagetables 0 [ 246.553931][ T5884] sec_pagetables 0 [ 246.553931][ T5884] percpu 0 [ 246.553931][ T5884] sock 0 [ 246.553931][ T5884] vmalloc 0 [ 246.553931][ T5884] shmem 0 [ 246.553931][ T5884] zswap 0 [ 246.553931][ T5884] zswapped 0 [ 246.553931][ T5884] file_mapped 0 [ 246.553931][ T5884] file_dirty 0 [ 246.553931][ T5884] file_writeback 0 [ 246.553931][ T5884] swapcached 0 [ 246.553931][ T5884] anon_thp 0 [ 246.553931][ T5884] file_thp 0 [ 246.553931][ T5884] shmem_thp 0 [ 246.553931][ T5884] inactive_anon 0 [ 246.553931][ T5884] active_anon 0 [pid 5888] write(6, "0x000000000000040e", 18 [pid 5884] <... write resumed>) = 18 [ 246.553931][ T5884] inactive_file 0 [ 246.553931][ T5884] active_file 0 [ 246.553931][ T5884] unevictable 0 [ 246.553931][ T5884] slab_reclaimable 6752 [ 246.553931][ T5884] slab_unreclaimable 0 [ 246.553931][ T5884] slab 6752 [ 246.553931][ T5884] workingset_refault_anon 0 [ 246.653013][ T5884] Tasks state (memory values in pages): [ 246.659292][ T5884] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 246.670488][ T5884] Out of memory and no killable processes... [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] close(5) = 0 [pid 5884] close(6) = 0 [pid 5884] close(7) = -1 EBADF (Bad file descriptor) [pid 5884] close(8) = -1 EBADF (Bad file descriptor) [pid 5884] close(9) = -1 EBADF (Bad file descriptor) [pid 5884] close(10) = -1 EBADF (Bad file descriptor) [pid 5884] close(11) = -1 EBADF (Bad file descriptor) [pid 5884] close(12) = -1 EBADF (Bad file descriptor) [pid 5884] close(13) = -1 EBADF (Bad file descriptor) [pid 5884] close(14) = -1 EBADF (Bad file descriptor) [pid 5884] close(15) = -1 EBADF (Bad file descriptor) [pid 5884] close(16) = -1 EBADF (Bad file descriptor) [pid 5884] close(17) = -1 EBADF (Bad file descriptor) [pid 5884] close(18) = -1 EBADF (Bad file descriptor) [pid 5884] close(19) = -1 EBADF (Bad file descriptor) [pid 5884] close(20) = -1 EBADF (Bad file descriptor) [pid 5884] close(21) = -1 EBADF (Bad file descriptor) [pid 5884] close(22) = -1 EBADF (Bad file descriptor) [pid 5884] close(23) = -1 EBADF (Bad file descriptor) [pid 5884] close(24) = -1 EBADF (Bad file descriptor) [pid 5884] close(25) = -1 EBADF (Bad file descriptor) [pid 5884] close(26) = -1 EBADF (Bad file descriptor) [pid 5884] close(27) = -1 EBADF (Bad file descriptor) [pid 5884] close(28) = -1 EBADF (Bad file descriptor) [pid 5884] close(29) = -1 EBADF (Bad file descriptor) [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=72, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./70/binderfs") = 0 [pid 5073] umount2("./70/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./70/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./70/cgroup") = 0 [pid 5073] umount2("./70/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./70/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./70/cgroup.net") = 0 [ 246.680930][ T5885] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 246.704048][ T5885] CPU: 0 PID: 5885 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 246.714533][ T5885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 246.724636][ T5885] Call Trace: [ 246.727957][ T5885] [ 246.730925][ T5885] dump_stack_lvl+0x1e7/0x2d0 [ 246.735659][ T5885] ? nf_tcp_handle_invalid+0x640/0x640 [ 246.741170][ T5885] ? panic+0x770/0x770 [ 246.745299][ T5885] dump_header+0xdc/0x940 [ 246.749687][ T5885] out_of_memory+0xf21/0x12c0 [ 246.754451][ T5885] ? mutex_lock_io_nested+0x60/0x60 [ 246.759711][ T5885] ? preempt_schedule+0xdd/0xf0 [ 246.764619][ T5885] ? unregister_oom_notifier+0x20/0x20 [ 246.770151][ T5885] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 246.776187][ T5885] mem_cgroup_out_of_memory+0x263/0x3b0 [ 246.781765][ T5885] ? preempt_schedule_thunk+0x1a/0x20 [ 246.787197][ T5885] ? mem_cgroup_oom_trylock+0x210/0x210 [ 246.792820][ T5885] ? cgroup_file_notify+0x127/0x190 [ 246.798051][ T5885] memory_max_write+0x355/0x470 [ 246.802925][ T5885] ? memory_max_show+0xa0/0xa0 [ 246.807717][ T5885] ? read_lock_is_recursive+0x20/0x20 [ 246.813135][ T5885] ? memory_max_show+0xa0/0xa0 [ 246.817933][ T5885] cgroup_file_write+0x2b1/0x780 [ 246.822891][ T5885] ? cgroup_seqfile_stop+0xd0/0xd0 [ 246.828025][ T5885] ? __virt_addr_valid+0x22f/0x2e0 [ 246.833164][ T5885] ? cgroup_seqfile_stop+0xd0/0xd0 [ 246.838290][ T5885] kernfs_fop_write_iter+0x3a6/0x4f0 [ 246.843600][ T5885] vfs_write+0x7b2/0xbb0 [ 246.847866][ T5885] ? file_end_write+0x240/0x240 [ 246.852733][ T5885] ? do_raw_spin_unlock+0x13b/0x8b0 [ 246.857947][ T5885] ? lockdep_hardirqs_on+0x98/0x140 [ 246.863168][ T5885] ? __fdget_pos+0x265/0x2f0 [ 246.867776][ T5885] ksys_write+0x1a0/0x2c0 [ 246.872130][ T5885] ? __ia32_sys_read+0x90/0x90 [ 246.876911][ T5885] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 246.882916][ T5885] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 246.889023][ T5885] do_syscall_64+0x41/0xc0 [ 246.893457][ T5885] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 246.899371][ T5885] RIP: 0033:0x7fd49ce20129 [ 246.903802][ T5885] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 246.923417][ T5885] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.931849][ T5885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 246.939834][ T5885] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 246.947820][ T5885] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 246.955802][ T5885] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 246.963787][ T5885] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000043 [ 246.971812][ T5885] [pid 5073] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./70/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./70/file0") = 0 [pid 5073] umount2("./70/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./70/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./70/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./70") = 0 [pid 5073] mkdir("./71", 0777) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached [pid 5889] chdir("./71" [pid 5073] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 73 [pid 5889] <... chdir resumed>) = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [ 246.979241][ T5885] memory: usage 8kB, limit 0kB, failcnt 55 [ 246.985108][ T5885] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 246.993587][ T5885] Memory cgroup stats for /syz1: [ 246.993819][ T5885] anon 0 [ 246.993819][ T5885] file 0 [ 246.993819][ T5885] kernel 8192 [ 246.993819][ T5885] kernel_stack 0 [ 246.993819][ T5885] pagetables 0 [ 246.993819][ T5885] sec_pagetables 0 [ 246.993819][ T5885] percpu 0 [ 246.993819][ T5885] sock 0 [ 246.993819][ T5885] vmalloc 0 [ 246.993819][ T5885] shmem 0 [ 246.993819][ T5885] zswap 0 [pid 5889] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5889] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5889] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] mkdir("./file0", 000) = 0 [pid 5889] open("./file0", O_RDONLY) = 3 [pid 5889] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5889] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5889] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5889] openat(5, "memory.max", O_RDWR) = 6 [ 246.993819][ T5885] zswapped 0 [ 246.993819][ T5885] file_mapped 0 [ 246.993819][ T5885] file_dirty 0 [ 246.993819][ T5885] file_writeback 0 [ 246.993819][ T5885] swapcached 0 [ 246.993819][ T5885] anon_thp 0 [ 246.993819][ T5885] file_thp 0 [ 246.993819][ T5885] shmem_thp 0 [ 246.993819][ T5885] inactive_anon 0 [ 246.993819][ T5885] active_anon 0 [ 246.993819][ T5885] inactive_file 0 [ 246.993819][ T5885] active_file 0 [ 246.993819][ T5885] unevictable 0 [ 246.993819][ T5885] slab_reclaimable 6752 [ 246.993819][ T5885] slab_unreclaimable 0 [pid 5889] write(6, "0x000000000000040e", 18 [pid 5885] <... write resumed>) = 18 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] close(5) = 0 [pid 5885] close(6) = 0 [pid 5885] close(7) = -1 EBADF (Bad file descriptor) [pid 5885] close(8) = -1 EBADF (Bad file descriptor) [pid 5885] close(9) = -1 EBADF (Bad file descriptor) [pid 5885] close(10) = -1 EBADF (Bad file descriptor) [ 246.993819][ T5885] slab 6752 [ 246.993819][ T5885] workingset_refault_anon 0 [ 247.092273][ T5885] Tasks state (memory values in pages): [ 247.098281][ T5885] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 247.108014][ T5885] Out of memory and no killable processes... [ 247.114104][ T5886] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5885] close(11) = -1 EBADF (Bad file descriptor) [pid 5885] close(12) = -1 EBADF (Bad file descriptor) [pid 5885] close(13) = -1 EBADF (Bad file descriptor) [pid 5885] close(14) = -1 EBADF (Bad file descriptor) [pid 5885] close(15) = -1 EBADF (Bad file descriptor) [pid 5885] close(16) = -1 EBADF (Bad file descriptor) [pid 5885] close(17) = -1 EBADF (Bad file descriptor) [pid 5885] close(18) = -1 EBADF (Bad file descriptor) [pid 5885] close(19) = -1 EBADF (Bad file descriptor) [pid 5885] close(20) = -1 EBADF (Bad file descriptor) [pid 5885] close(21) = -1 EBADF (Bad file descriptor) [pid 5885] close(22) = -1 EBADF (Bad file descriptor) [pid 5885] close(23) = -1 EBADF (Bad file descriptor) [pid 5885] close(24) = -1 EBADF (Bad file descriptor) [pid 5885] close(25) = -1 EBADF (Bad file descriptor) [pid 5885] close(26) = -1 EBADF (Bad file descriptor) [pid 5885] close(27) = -1 EBADF (Bad file descriptor) [pid 5885] close(28) = -1 EBADF (Bad file descriptor) [pid 5885] close(29) = -1 EBADF (Bad file descriptor) [pid 5885] exit_group(0) = ? [pid 5885] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 247.124587][ T5886] CPU: 0 PID: 5886 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 247.135064][ T5886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 247.145173][ T5886] Call Trace: [ 247.148492][ T5886] [ 247.151470][ T5886] dump_stack_lvl+0x1e7/0x2d0 [ 247.156212][ T5886] ? nf_tcp_handle_invalid+0x640/0x640 [ 247.161737][ T5886] ? panic+0x770/0x770 [ 247.165883][ T5886] dump_header+0xdc/0x940 [ 247.170279][ T5886] out_of_memory+0xf21/0x12c0 [ 247.175024][ T5886] ? mutex_lock_io_nested+0x60/0x60 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./67/binderfs") = 0 [pid 5072] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./67/cgroup") = 0 [pid 5072] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./67/cgroup.net") = 0 [ 247.180290][ T5886] ? preempt_schedule+0xdd/0xf0 [ 247.185201][ T5886] ? unregister_oom_notifier+0x20/0x20 [ 247.190708][ T5886] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 247.196754][ T5886] mem_cgroup_out_of_memory+0x263/0x3b0 [ 247.202358][ T5886] ? preempt_schedule_thunk+0x1a/0x20 [ 247.207818][ T5886] ? mem_cgroup_oom_trylock+0x210/0x210 [ 247.213453][ T5886] ? cgroup_file_notify+0x127/0x190 [ 247.218747][ T5886] memory_max_write+0x355/0x470 [ 247.223672][ T5886] ? memory_max_show+0xa0/0xa0 [ 247.228493][ T5886] ? read_lock_is_recursive+0x20/0x20 [ 247.233922][ T5886] ? memory_max_show+0xa0/0xa0 [ 247.238738][ T5886] cgroup_file_write+0x2b1/0x780 [ 247.243734][ T5886] ? cgroup_seqfile_stop+0xd0/0xd0 [ 247.248889][ T5886] ? __virt_addr_valid+0x22f/0x2e0 [ 247.254078][ T5886] ? cgroup_seqfile_stop+0xd0/0xd0 [ 247.259295][ T5886] kernfs_fop_write_iter+0x3a6/0x4f0 [ 247.264642][ T5886] vfs_write+0x7b2/0xbb0 [ 247.268939][ T5886] ? file_end_write+0x240/0x240 [ 247.273813][ T5886] ? do_raw_spin_unlock+0x13b/0x8b0 [ 247.279053][ T5886] ? lockdep_hardirqs_on+0x98/0x140 [ 247.284309][ T5886] ? __fdget_pos+0x265/0x2f0 [ 247.288960][ T5886] ksys_write+0x1a0/0x2c0 [ 247.293346][ T5886] ? __ia32_sys_read+0x90/0x90 [ 247.298123][ T5886] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 247.304144][ T5886] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 247.310183][ T5886] do_syscall_64+0x41/0xc0 [ 247.314650][ T5886] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 247.320633][ T5886] RIP: 0033:0x7fd49ce20129 [ 247.325068][ T5886] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 247.344708][ T5886] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.353148][ T5886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 247.361159][ T5886] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 247.369198][ T5886] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5072] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./67/file0") = 0 [pid 5072] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./67/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./67") = 0 [ 247.377210][ T5886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 247.385228][ T5886] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000049 [ 247.393269][ T5886] [ 247.399660][ T5886] memory: usage 8kB, limit 0kB, failcnt 55 [ 247.405710][ T5886] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 247.429896][ T5886] Memory cgroup stats for /syz1: [pid 5072] mkdir("./68", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 70 ./strace-static-x86_64: Process 5890 attached [pid 5890] chdir("./68") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 5890] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 5890] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] mkdir("./file0", 000) = 0 [pid 5890] open("./file0", O_RDONLY) = 3 [pid 5890] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5890] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5890] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5890] openat(5, "memory.max", O_RDWR) = 6 [ 247.430109][ T5886] anon 0 [ 247.430109][ T5886] file 0 [ 247.430109][ T5886] kernel 8192 [ 247.430109][ T5886] kernel_stack 0 [ 247.430109][ T5886] pagetables 0 [ 247.430109][ T5886] sec_pagetables 0 [ 247.430109][ T5886] percpu 0 [ 247.430109][ T5886] sock 0 [ 247.430109][ T5886] vmalloc 0 [ 247.430109][ T5886] shmem 0 [ 247.430109][ T5886] zswap 0 [ 247.430109][ T5886] zswapped 0 [ 247.430109][ T5886] file_mapped 0 [ 247.430109][ T5886] file_dirty 0 [ 247.430109][ T5886] file_writeback 0 [ 247.430109][ T5886] swapcached 0 [ 247.430109][ T5886] anon_thp 0 [ 247.430109][ T5886] file_thp 0 [ 247.430109][ T5886] shmem_thp 0 [ 247.430109][ T5886] inactive_anon 0 [ 247.430109][ T5886] active_anon 0 [ 247.430109][ T5886] inactive_file 0 [ 247.430109][ T5886] active_file 0 [ 247.430109][ T5886] unevictable 0 [ 247.430109][ T5886] slab_reclaimable 6752 [ 247.430109][ T5886] slab_unreclaimable 0 [ 247.430109][ T5886] slab 6752 [ 247.430109][ T5886] workingset_refault_anon 0 [ 247.527587][ T5886] Tasks state (memory values in pages): [pid 5890] write(6, "0x000000000000040e", 18 [pid 5886] <... write resumed>) = 18 [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] close(5) = 0 [pid 5886] close(6) = 0 [pid 5886] close(7) = -1 EBADF (Bad file descriptor) [ 247.533376][ T5886] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 247.544755][ T5886] Out of memory and no killable processes... [ 247.551092][ T5887] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 247.561906][ T5887] CPU: 1 PID: 5887 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 247.572371][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 247.582473][ T5887] Call Trace: [pid 5886] close(8) = -1 EBADF (Bad file descriptor) [pid 5886] close(9) = -1 EBADF (Bad file descriptor) [pid 5886] close(10) = -1 EBADF (Bad file descriptor) [pid 5886] close(11) = -1 EBADF (Bad file descriptor) [pid 5886] close(12) = -1 EBADF (Bad file descriptor) [pid 5886] close(13) = -1 EBADF (Bad file descriptor) [pid 5886] close(14) = -1 EBADF (Bad file descriptor) [pid 5886] close(15) = -1 EBADF (Bad file descriptor) [pid 5886] close(16) = -1 EBADF (Bad file descriptor) [ 247.585790][ T5887] [ 247.588759][ T5887] dump_stack_lvl+0x1e7/0x2d0 [ 247.593493][ T5887] ? nf_tcp_handle_invalid+0x640/0x640 [ 247.599010][ T5887] ? panic+0x770/0x770 [ 247.603150][ T5887] dump_header+0xdc/0x940 [ 247.607538][ T5887] out_of_memory+0xf21/0x12c0 [ 247.612272][ T5887] ? mutex_lock_io_nested+0x60/0x60 [ 247.617530][ T5887] ? preempt_schedule+0xdd/0xf0 [ 247.622433][ T5887] ? unregister_oom_notifier+0x20/0x20 [ 247.627932][ T5887] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 247.634142][ T5887] ? lockdep_hardirqs_on+0x98/0x140 [ 247.639401][ T5887] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 247.645610][ T5887] mem_cgroup_out_of_memory+0x263/0x3b0 [ 247.651198][ T5887] ? preempt_schedule_thunk+0x1a/0x20 [ 247.656617][ T5887] ? mem_cgroup_oom_trylock+0x210/0x210 [ 247.662203][ T5887] ? cgroup_file_notify+0x127/0x190 [ 247.667426][ T5887] memory_max_write+0x355/0x470 [ 247.672304][ T5887] ? memory_max_show+0xa0/0xa0 [ 247.677091][ T5887] ? read_lock_is_recursive+0x20/0x20 [ 247.682481][ T5887] ? memory_max_show+0xa0/0xa0 [ 247.687261][ T5887] cgroup_file_write+0x2b1/0x780 [ 247.692224][ T5887] ? cgroup_seqfile_stop+0xd0/0xd0 [ 247.697348][ T5887] ? __virt_addr_valid+0x22f/0x2e0 [ 247.702488][ T5887] ? cgroup_seqfile_stop+0xd0/0xd0 [ 247.707632][ T5887] kernfs_fop_write_iter+0x3a6/0x4f0 [ 247.712941][ T5887] vfs_write+0x7b2/0xbb0 [ 247.717234][ T5887] ? file_end_write+0x240/0x240 [ 247.722136][ T5887] ? do_raw_spin_unlock+0x13b/0x8b0 [ 247.727372][ T5887] ? lockdep_hardirqs_on+0x98/0x140 [ 247.732605][ T5887] ? __fdget_pos+0x265/0x2f0 [ 247.737217][ T5887] ksys_write+0x1a0/0x2c0 [ 247.741569][ T5887] ? __ia32_sys_read+0x90/0x90 [ 247.746351][ T5887] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 247.752357][ T5887] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 247.758365][ T5887] do_syscall_64+0x41/0xc0 [ 247.762802][ T5887] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 247.768720][ T5887] RIP: 0033:0x7fd49ce20129 [ 247.773166][ T5887] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 247.792787][ T5887] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 247.801216][ T5887] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 247.809199][ T5887] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 247.817187][ T5887] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 247.825184][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5886] close(17) = -1 EBADF (Bad file descriptor) [pid 5886] close(18) = -1 EBADF (Bad file descriptor) [pid 5886] close(19) = -1 EBADF (Bad file descriptor) [pid 5886] close(20) = -1 EBADF (Bad file descriptor) [pid 5886] close(21) = -1 EBADF (Bad file descriptor) [pid 5886] close(22) = -1 EBADF (Bad file descriptor) [pid 5886] close(23) = -1 EBADF (Bad file descriptor) [pid 5886] close(24) = -1 EBADF (Bad file descriptor) [pid 5886] close(25) = -1 EBADF (Bad file descriptor) [pid 5886] close(26) = -1 EBADF (Bad file descriptor) [pid 5886] close(27) = -1 EBADF (Bad file descriptor) [pid 5886] close(28) = -1 EBADF (Bad file descriptor) [pid 5886] close(29) = -1 EBADF (Bad file descriptor) [pid 5886] exit_group(0) = ? [pid 5886] +++ exited with 0 +++ [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=75, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5075] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5075] umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./73/binderfs") = 0 [pid 5075] umount2("./73/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./73/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./73/cgroup") = 0 [pid 5075] umount2("./73/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./73/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./73/cgroup.net") = 0 [pid 5075] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./73/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [ 247.833165][ T5887] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000043 [ 247.841171][ T5887] [ 247.852762][ T5887] memory: usage 8kB, limit 0kB, failcnt 55 [ 247.859423][ T5887] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 247.866368][ T5887] Memory cgroup stats for /syz1: [ 247.866904][ T5887] anon 0 [ 247.866904][ T5887] file 0 [ 247.866904][ T5887] kernel 8192 [ 247.866904][ T5887] kernel_stack 0 [pid 5075] rmdir("./73/file0") = 0 [pid 5075] umount2("./73/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./73/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 247.866904][ T5887] pagetables 0 [ 247.866904][ T5887] sec_pagetables 0 [ 247.866904][ T5887] percpu 0 [ 247.866904][ T5887] sock 0 [ 247.866904][ T5887] vmalloc 0 [ 247.866904][ T5887] shmem 0 [ 247.866904][ T5887] zswap 0 [ 247.866904][ T5887] zswapped 0 [ 247.866904][ T5887] file_mapped 0 [ 247.866904][ T5887] file_dirty 0 [ 247.866904][ T5887] file_writeback 0 [ 247.866904][ T5887] swapcached 0 [ 247.866904][ T5887] anon_thp 0 [ 247.866904][ T5887] file_thp 0 [ 247.866904][ T5887] shmem_thp 0 [ 247.866904][ T5887] inactive_anon 0 [pid 5075] unlink("./73/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./73") = 0 [pid 5075] mkdir("./74", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 76 ./strace-static-x86_64: Process 5891 attached [pid 5891] chdir("./74") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5891] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5891] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [ 247.866904][ T5887] active_anon 0 [ 247.866904][ T5887] inactive_file 0 [ 247.866904][ T5887] active_file 0 [ 247.866904][ T5887] unevictable 0 [ 247.866904][ T5887] slab_reclaimable 6752 [ 247.866904][ T5887] slab_unreclaimable 0 [ 247.866904][ T5887] slab 6752 [ 247.866904][ T5887] workingset_refault_anon 0 [ 247.967618][ T5887] Tasks state (memory values in pages): [ 247.973473][ T5887] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3 [pid 5887] <... write resumed>) = 18 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] close(5) = 0 [pid 5887] close(6) = 0 [pid 5887] close(7) = -1 EBADF (Bad file descriptor) [pid 5887] close(8) = -1 EBADF (Bad file descriptor) [pid 5887] close(9) = -1 EBADF (Bad file descriptor) [pid 5887] close(10) = -1 EBADF (Bad file descriptor) [pid 5887] close(11) = -1 EBADF (Bad file descriptor) [pid 5887] close(12) = -1 EBADF (Bad file descriptor) [pid 5887] close(13) = -1 EBADF (Bad file descriptor) [pid 5887] close(14) = -1 EBADF (Bad file descriptor) [pid 5887] close(15 [pid 5891] <... close resumed>) = 0 [pid 5887] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] mkdir("./file0", 000) = 0 [pid 5891] open("./file0", O_RDONLY) = 3 [pid 5891] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5891] openat(4, "syz1", O_RDWR|O_PATH) = 5 [ 247.985444][ T5887] Out of memory and no killable processes... [ 247.992403][ T5888] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 248.003067][ T5888] CPU: 1 PID: 5888 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 248.013539][ T5888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 248.023645][ T5888] Call Trace: [ 248.026971][ T5888] [ 248.029943][ T5888] dump_stack_lvl+0x1e7/0x2d0 [pid 5891] openat(5, "memory.max", O_RDWR) = 6 [pid 5891] write(6, "0x000000000000040e", 18 [pid 5887] close(16) = -1 EBADF (Bad file descriptor) [pid 5887] close(17) = -1 EBADF (Bad file descriptor) [pid 5887] close(18) = -1 EBADF (Bad file descriptor) [pid 5887] close(19) = -1 EBADF (Bad file descriptor) [pid 5887] close(20) = -1 EBADF (Bad file descriptor) [pid 5887] close(21) = -1 EBADF (Bad file descriptor) [pid 5887] close(22) = -1 EBADF (Bad file descriptor) [pid 5887] close(23) = -1 EBADF (Bad file descriptor) [ 248.034680][ T5888] ? nf_tcp_handle_invalid+0x640/0x640 [ 248.040200][ T5888] ? panic+0x770/0x770 [ 248.044344][ T5888] dump_header+0xdc/0x940 [ 248.048744][ T5888] out_of_memory+0xf21/0x12c0 [ 248.053488][ T5888] ? mutex_lock_io_nested+0x60/0x60 [ 248.058759][ T5888] ? preempt_schedule+0xdd/0xf0 [ 248.063668][ T5888] ? unregister_oom_notifier+0x20/0x20 [ 248.069192][ T5888] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 248.075245][ T5888] mem_cgroup_out_of_memory+0x263/0x3b0 [ 248.080842][ T5888] ? preempt_schedule_thunk+0x1a/0x20 [ 248.086268][ T5888] ? mem_cgroup_oom_trylock+0x210/0x210 [ 248.091892][ T5888] ? cgroup_file_notify+0x127/0x190 [ 248.097126][ T5888] memory_max_write+0x355/0x470 [ 248.102022][ T5888] ? memory_max_show+0xa0/0xa0 [ 248.106839][ T5888] ? read_lock_is_recursive+0x20/0x20 [ 248.112267][ T5888] ? memory_max_show+0xa0/0xa0 [ 248.117089][ T5888] cgroup_file_write+0x2b1/0x780 [ 248.122074][ T5888] ? cgroup_seqfile_stop+0xd0/0xd0 [ 248.127210][ T5888] ? __virt_addr_valid+0x22f/0x2e0 [ 248.132390][ T5888] ? cgroup_seqfile_stop+0xd0/0xd0 [ 248.137549][ T5888] kernfs_fop_write_iter+0x3a6/0x4f0 [ 248.142879][ T5888] vfs_write+0x7b2/0xbb0 [ 248.147163][ T5888] ? file_end_write+0x240/0x240 [ 248.152069][ T5888] ? do_raw_spin_unlock+0x13b/0x8b0 [ 248.157308][ T5888] ? lockdep_hardirqs_on+0x98/0x140 [ 248.162545][ T5888] ? __fdget_pos+0x265/0x2f0 [ 248.167188][ T5888] ksys_write+0x1a0/0x2c0 [ 248.171576][ T5888] ? __ia32_sys_read+0x90/0x90 [ 248.176397][ T5888] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 248.182418][ T5888] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 248.188463][ T5888] do_syscall_64+0x41/0xc0 [ 248.192933][ T5888] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 248.198885][ T5888] RIP: 0033:0x7fd49ce20129 [ 248.203337][ T5888] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 248.222992][ T5888] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5887] close(24) = -1 EBADF (Bad file descriptor) [pid 5887] close(25) = -1 EBADF (Bad file descriptor) [pid 5887] close(26) = -1 EBADF (Bad file descriptor) [pid 5887] close(27) = -1 EBADF (Bad file descriptor) [pid 5887] close(28) = -1 EBADF (Bad file descriptor) [pid 5887] close(29) = -1 EBADF (Bad file descriptor) [pid 5887] exit_group(0) = ? [pid 5887] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5070] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./67/binderfs") = 0 [pid 5070] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./67/cgroup") = 0 [pid 5070] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./67/cgroup.net") = 0 [pid 5070] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5070] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./67/file0") = 0 [ 248.231464][ T5888] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 248.239481][ T5888] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 248.247496][ T5888] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 248.255499][ T5888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 248.263497][ T5888] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000004b [ 248.271541][ T5888] [pid 5070] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./67/cgroup.cpu") = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./67") = 0 [pid 5070] mkdir("./68", 0777) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached [pid 5892] chdir("./68" [pid 5070] <... clone resumed>, child_tidptr=0x5555574ac5d0) = 70 [pid 5892] <... chdir resumed>) = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5892] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5892] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 248.298200][ T5888] memory: usage 8kB, limit 0kB, failcnt 55 [ 248.304710][ T5888] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 248.312239][ T5888] Memory cgroup stats for /syz1: [ 248.312434][ T5888] anon 0 [ 248.312434][ T5888] file 0 [ 248.312434][ T5888] kernel 8192 [ 248.312434][ T5888] kernel_stack 0 [ 248.312434][ T5888] pagetables 0 [ 248.312434][ T5888] sec_pagetables 0 [ 248.312434][ T5888] percpu 0 [ 248.312434][ T5888] sock 0 [ 248.312434][ T5888] vmalloc 0 [ 248.312434][ T5888] shmem 0 [ 248.312434][ T5888] zswap 0 [ 248.312434][ T5888] zswapped 0 [ 248.312434][ T5888] file_mapped 0 [ 248.312434][ T5888] file_dirty 0 [ 248.312434][ T5888] file_writeback 0 [ 248.312434][ T5888] swapcached 0 [ 248.312434][ T5888] anon_thp 0 [ 248.312434][ T5888] file_thp 0 [ 248.312434][ T5888] shmem_thp 0 [ 248.312434][ T5888] inactive_anon 0 [ 248.312434][ T5888] active_anon 0 [ 248.312434][ T5888] inactive_file 0 [ 248.312434][ T5888] active_file 0 [ 248.312434][ T5888] unevictable 0 [ 248.312434][ T5888] slab_reclaimable 6752 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] mkdir("./file0", 000) = 0 [pid 5892] open("./file0", O_RDONLY) = 3 [pid 5892] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5892] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5892] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5892] openat(5, "memory.max", O_RDWR) = 6 [ 248.312434][ T5888] slab_unreclaimable 0 [ 248.312434][ T5888] slab 6752 [ 248.312434][ T5888] workingset_refault_anon 0 [ 248.415356][ T5888] Tasks state (memory values in pages): [ 248.421066][ T5888] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 248.430654][ T5888] Out of memory and no killable processes... [ 248.436825][ T5889] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5892] write(6, "0x000000000000040e", 18 [pid 5888] <... write resumed>) = 18 [ 248.447244][ T5889] CPU: 1 PID: 5889 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 248.457701][ T5889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 248.467805][ T5889] Call Trace: [ 248.471119][ T5889] [ 248.474082][ T5889] dump_stack_lvl+0x1e7/0x2d0 [ 248.478823][ T5889] ? nf_tcp_handle_invalid+0x640/0x640 [ 248.484335][ T5889] ? panic+0x770/0x770 [ 248.488466][ T5889] dump_header+0xdc/0x940 [ 248.492849][ T5889] out_of_memory+0xf21/0x12c0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] close(5) = 0 [pid 5888] close(6) = 0 [pid 5888] close(7) = -1 EBADF (Bad file descriptor) [pid 5888] close(8) = -1 EBADF (Bad file descriptor) [pid 5888] close(9) = -1 EBADF (Bad file descriptor) [pid 5888] close(10) = -1 EBADF (Bad file descriptor) [pid 5888] close(11) = -1 EBADF (Bad file descriptor) [pid 5888] close(12) = -1 EBADF (Bad file descriptor) [ 248.497582][ T5889] ? mutex_lock_io_nested+0x60/0x60 [ 248.502846][ T5889] ? preempt_schedule+0xdd/0xf0 [ 248.507752][ T5889] ? unregister_oom_notifier+0x20/0x20 [ 248.513258][ T5889] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 248.519308][ T5889] mem_cgroup_out_of_memory+0x263/0x3b0 [ 248.524919][ T5889] ? preempt_schedule_thunk+0x1a/0x20 [ 248.530358][ T5889] ? mem_cgroup_oom_trylock+0x210/0x210 [ 248.535984][ T5889] ? cgroup_file_notify+0x127/0x190 [ 248.541258][ T5889] memory_max_write+0x355/0x470 [ 248.546174][ T5889] ? memory_max_show+0xa0/0xa0 [ 248.550994][ T5889] ? read_lock_is_recursive+0x20/0x20 [ 248.556428][ T5889] ? memory_max_show+0xa0/0xa0 [ 248.561243][ T5889] cgroup_file_write+0x2b1/0x780 [ 248.566237][ T5889] ? cgroup_seqfile_stop+0xd0/0xd0 [ 248.571398][ T5889] ? __virt_addr_valid+0x22f/0x2e0 [ 248.576583][ T5889] ? cgroup_seqfile_stop+0xd0/0xd0 [ 248.581740][ T5889] kernfs_fop_write_iter+0x3a6/0x4f0 [ 248.587092][ T5889] vfs_write+0x7b2/0xbb0 [ 248.591404][ T5889] ? file_end_write+0x240/0x240 [ 248.596317][ T5889] ? do_raw_spin_unlock+0x13b/0x8b0 [ 248.601584][ T5889] ? lockdep_hardirqs_on+0x98/0x140 [ 248.606856][ T5889] ? __fdget_pos+0x265/0x2f0 [ 248.611504][ T5889] ksys_write+0x1a0/0x2c0 [ 248.615898][ T5889] ? __ia32_sys_read+0x90/0x90 [ 248.620726][ T5889] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 248.626773][ T5889] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 248.632817][ T5889] do_syscall_64+0x41/0xc0 [ 248.637290][ T5889] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 248.643246][ T5889] RIP: 0033:0x7fd49ce20129 [pid 5888] close(13) = -1 EBADF (Bad file descriptor) [pid 5888] close(14) = -1 EBADF (Bad file descriptor) [pid 5888] close(15) = -1 EBADF (Bad file descriptor) [pid 5888] close(16) = -1 EBADF (Bad file descriptor) [pid 5888] close(17) = -1 EBADF (Bad file descriptor) [pid 5888] close(18) = -1 EBADF (Bad file descriptor) [pid 5888] close(19) = -1 EBADF (Bad file descriptor) [pid 5888] close(20) = -1 EBADF (Bad file descriptor) [pid 5888] close(21) = -1 EBADF (Bad file descriptor) [ 248.647711][ T5889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 248.667377][ T5889] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 248.675847][ T5889] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 248.683846][ T5889] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 248.691866][ T5889] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5888] close(22) = -1 EBADF (Bad file descriptor) [pid 5888] close(23) = -1 EBADF (Bad file descriptor) [pid 5888] close(24) = -1 EBADF (Bad file descriptor) [pid 5888] close(25) = -1 EBADF (Bad file descriptor) [pid 5888] close(26) = -1 EBADF (Bad file descriptor) [pid 5888] close(27) = -1 EBADF (Bad file descriptor) [pid 5888] close(28) = -1 EBADF (Bad file descriptor) [pid 5888] close(29) = -1 EBADF (Bad file descriptor) [pid 5888] exit_group(0) = ? [pid 5888] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=77, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5074] umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5074] umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./75/binderfs") = 0 [pid 5074] umount2("./75/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./75/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5074] unlink("./75/cgroup") = 0 [pid 5074] umount2("./75/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./75/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./75/cgroup.net") = 0 [pid 5074] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5074] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./75/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./75/file0") = 0 [pid 5074] umount2("./75/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./75/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5074] unlink("./75/cgroup.cpu") = 0 [ 248.699884][ T5889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 248.707897][ T5889] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000047 [ 248.715936][ T5889] [ 248.727191][ T5889] memory: usage 8kB, limit 0kB, failcnt 55 [ 248.733716][ T5889] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 248.741329][ T5889] Memory cgroup stats for /syz1: [ 248.741668][ T5889] anon 0 [pid 5074] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [pid 5074] rmdir("./75") = 0 [pid 5074] mkdir("./76", 0777) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 78 ./strace-static-x86_64: Process 5893 attached [ 248.741668][ T5889] file 0 [ 248.741668][ T5889] kernel 8192 [ 248.741668][ T5889] kernel_stack 0 [ 248.741668][ T5889] pagetables 0 [ 248.741668][ T5889] sec_pagetables 0 [ 248.741668][ T5889] percpu 0 [ 248.741668][ T5889] sock 0 [ 248.741668][ T5889] vmalloc 0 [ 248.741668][ T5889] shmem 0 [ 248.741668][ T5889] zswap 0 [ 248.741668][ T5889] zswapped 0 [ 248.741668][ T5889] file_mapped 0 [ 248.741668][ T5889] file_dirty 0 [ 248.741668][ T5889] file_writeback 0 [ 248.741668][ T5889] swapcached 0 [ 248.741668][ T5889] anon_thp 0 [pid 5893] chdir("./76") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 5893] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 5893] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] mkdir("./file0", 000) = 0 [pid 5893] open("./file0", O_RDONLY) = 3 [pid 5893] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5893] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5893] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5893] openat(5, "memory.max", O_RDWR) = 6 [ 248.741668][ T5889] file_thp 0 [ 248.741668][ T5889] shmem_thp 0 [ 248.741668][ T5889] inactive_anon 0 [ 248.741668][ T5889] active_anon 0 [ 248.741668][ T5889] inactive_file 0 [ 248.741668][ T5889] active_file 0 [ 248.741668][ T5889] unevictable 0 [ 248.741668][ T5889] slab_reclaimable 6752 [ 248.741668][ T5889] slab_unreclaimable 0 [ 248.741668][ T5889] slab 6752 [ 248.741668][ T5889] workingset_refault_anon 0 [ 248.842406][ T5889] Tasks state (memory values in pages): [pid 5893] write(6, "0x000000000000040e", 18 [pid 5889] <... write resumed>) = 18 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] close(5) = 0 [pid 5889] close(6) = 0 [pid 5889] close(7) = -1 EBADF (Bad file descriptor) [pid 5889] close(8) = -1 EBADF (Bad file descriptor) [pid 5889] close(9) = -1 EBADF (Bad file descriptor) [pid 5889] close(10) = -1 EBADF (Bad file descriptor) [pid 5889] close(11) = -1 EBADF (Bad file descriptor) [pid 5889] close(12) = -1 EBADF (Bad file descriptor) [pid 5889] close(13) = -1 EBADF (Bad file descriptor) [pid 5889] close(14) = -1 EBADF (Bad file descriptor) [pid 5889] close(15) = -1 EBADF (Bad file descriptor) [pid 5889] close(16) = -1 EBADF (Bad file descriptor) [pid 5889] close(17) = -1 EBADF (Bad file descriptor) [pid 5889] close(18) = -1 EBADF (Bad file descriptor) [pid 5889] close(19) = -1 EBADF (Bad file descriptor) [pid 5889] close(20) = -1 EBADF (Bad file descriptor) [pid 5889] close(21) = -1 EBADF (Bad file descriptor) [pid 5889] close(22) = -1 EBADF (Bad file descriptor) [pid 5889] close(23) = -1 EBADF (Bad file descriptor) [pid 5889] close(24) = -1 EBADF (Bad file descriptor) [pid 5889] close(25) = -1 EBADF (Bad file descriptor) [pid 5889] close(26) = -1 EBADF (Bad file descriptor) [pid 5889] close(27) = -1 EBADF (Bad file descriptor) [pid 5889] close(28) = -1 EBADF (Bad file descriptor) [pid 5889] close(29) = -1 EBADF (Bad file descriptor) [pid 5889] exit_group(0) = ? [pid 5889] +++ exited with 0 +++ [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=73, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5073] umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5073] umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./71/binderfs") = 0 [ 248.848200][ T5889] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 248.857790][ T5889] Out of memory and no killable processes... [ 248.863851][ T5890] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 248.877308][ T5890] CPU: 0 PID: 5890 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 248.887805][ T5890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 248.897922][ T5890] Call Trace: [pid 5073] umount2("./71/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./71/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5073] unlink("./71/cgroup") = 0 [pid 5073] umount2("./71/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./71/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./71/cgroup.net") = 0 [ 248.901253][ T5890] [ 248.904237][ T5890] dump_stack_lvl+0x1e7/0x2d0 [ 248.908984][ T5890] ? nf_tcp_handle_invalid+0x640/0x640 [ 248.914499][ T5890] ? panic+0x770/0x770 [ 248.918598][ T5890] dump_header+0xdc/0x940 [ 248.922947][ T5890] out_of_memory+0xf21/0x12c0 [ 248.927647][ T5890] ? mutex_lock_io_nested+0x60/0x60 [ 248.932869][ T5890] ? preempt_schedule+0xdd/0xf0 [ 248.937749][ T5890] ? unregister_oom_notifier+0x20/0x20 [ 248.943245][ T5890] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 248.949248][ T5890] mem_cgroup_out_of_memory+0x263/0x3b0 [ 248.954807][ T5890] ? preempt_schedule_thunk+0x1a/0x20 [ 248.960191][ T5890] ? mem_cgroup_oom_trylock+0x210/0x210 [ 248.965762][ T5890] ? cgroup_file_notify+0x127/0x190 [ 248.971004][ T5890] memory_max_write+0x355/0x470 [ 248.975887][ T5890] ? memory_max_show+0xa0/0xa0 [ 248.980663][ T5890] ? read_lock_is_recursive+0x20/0x20 [ 248.986053][ T5890] ? memory_max_show+0xa0/0xa0 [ 248.990845][ T5890] cgroup_file_write+0x2b1/0x780 [ 248.995814][ T5890] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.000946][ T5890] ? __virt_addr_valid+0x22f/0x2e0 [ 249.006078][ T5890] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.011193][ T5890] kernfs_fop_write_iter+0x3a6/0x4f0 [ 249.016517][ T5890] vfs_write+0x7b2/0xbb0 [ 249.020781][ T5890] ? file_end_write+0x240/0x240 [ 249.025660][ T5890] ? do_raw_spin_unlock+0x13b/0x8b0 [ 249.030871][ T5890] ? lockdep_hardirqs_on+0x98/0x140 [ 249.036084][ T5890] ? __fdget_pos+0x265/0x2f0 [ 249.040705][ T5890] ksys_write+0x1a0/0x2c0 [ 249.045070][ T5890] ? __ia32_sys_read+0x90/0x90 [ 249.049844][ T5890] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 249.055843][ T5890] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 249.061838][ T5890] do_syscall_64+0x41/0xc0 [ 249.066264][ T5890] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 249.072174][ T5890] RIP: 0033:0x7fd49ce20129 [ 249.076602][ T5890] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5073] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5073] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 249.096217][ T5890] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.104640][ T5890] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 249.112620][ T5890] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 249.120593][ T5890] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 249.128571][ T5890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 249.136555][ T5890] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000044 [ 249.144569][ T5890] [pid 5073] lstat("./71/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./71/file0") = 0 [pid 5073] umount2("./71/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./71/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5073] unlink("./71/cgroup.cpu") = 0 [pid 5073] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./71") = 0 [pid 5073] mkdir("./72", 0777) = 0 [ 249.151086][ T5890] memory: usage 8kB, limit 0kB, failcnt 55 [ 249.157229][ T5890] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 249.164300][ T5890] Memory cgroup stats for /syz1: [ 249.164511][ T5890] anon 0 [ 249.164511][ T5890] file 0 [ 249.164511][ T5890] kernel 8192 [ 249.164511][ T5890] kernel_stack 0 [ 249.164511][ T5890] pagetables 0 [ 249.164511][ T5890] sec_pagetables 0 [ 249.164511][ T5890] percpu 0 [ 249.164511][ T5890] sock 0 [ 249.164511][ T5890] vmalloc 0 [ 249.164511][ T5890] shmem 0 [ 249.164511][ T5890] zswap 0 [ 249.164511][ T5890] zswapped 0 [ 249.164511][ T5890] file_mapped 0 [ 249.164511][ T5890] file_dirty 0 [ 249.164511][ T5890] file_writeback 0 [ 249.164511][ T5890] swapcached 0 [ 249.164511][ T5890] anon_thp 0 [ 249.164511][ T5890] file_thp 0 [ 249.164511][ T5890] shmem_thp 0 [ 249.164511][ T5890] inactive_anon 0 [ 249.164511][ T5890] active_anon 0 [ 249.164511][ T5890] inactive_file 0 [ 249.164511][ T5890] active_file 0 [ 249.164511][ T5890] unevictable 0 [ 249.164511][ T5890] slab_reclaimable 6752 [ 249.164511][ T5890] slab_unreclaimable 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached , child_tidptr=0x5555574ac5d0) = 74 [pid 5894] chdir("./72") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 5894] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 5894] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4 [pid 5890] <... write resumed>) = 18 [pid 5894] <... write resumed>) = 4 [pid 5894] close(3) = 0 [ 249.164511][ T5890] slab 6752 [ 249.164511][ T5890] workingset_refault_anon 0 [ 249.264381][ T5890] Tasks state (memory values in pages): [ 249.270417][ T5890] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 249.280285][ T5890] Out of memory and no killable processes... [ 249.286672][ T5891] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] mkdir("./file0", 000) = 0 [pid 5894] open("./file0", O_RDONLY) = 3 [pid 5894] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5894] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5894] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5894] openat(5, "memory.max", O_RDWR) = 6 [ 249.297336][ T5891] CPU: 0 PID: 5891 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 249.307806][ T5891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 249.317906][ T5891] Call Trace: [ 249.321226][ T5891] [ 249.324206][ T5891] dump_stack_lvl+0x1e7/0x2d0 [ 249.328948][ T5891] ? nf_tcp_handle_invalid+0x640/0x640 [ 249.334465][ T5891] ? panic+0x770/0x770 [ 249.338606][ T5891] dump_header+0xdc/0x940 [ 249.342999][ T5891] out_of_memory+0xf21/0x12c0 [ 249.347724][ T5891] ? mutex_lock_io_nested+0x60/0x60 [ 249.352962][ T5891] ? mark_lock+0x9a/0x340 [ 249.357314][ T5891] ? unregister_oom_notifier+0x20/0x20 [ 249.362796][ T5891] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 249.368836][ T5891] mem_cgroup_out_of_memory+0x263/0x3b0 [ 249.374408][ T5891] ? mem_cgroup_oom_trylock+0x210/0x210 [ 249.379993][ T5891] ? cgroup_file_notify+0x127/0x190 [ 249.385213][ T5891] memory_max_write+0x355/0x470 [ 249.390088][ T5891] ? memory_max_show+0xa0/0xa0 [ 249.394870][ T5891] ? read_lock_is_recursive+0x20/0x20 [ 249.400263][ T5891] ? memory_max_show+0xa0/0xa0 [ 249.405041][ T5891] cgroup_file_write+0x2b1/0x780 [ 249.410007][ T5891] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.415135][ T5891] ? __virt_addr_valid+0x22f/0x2e0 [ 249.420273][ T5891] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.425424][ T5891] kernfs_fop_write_iter+0x3a6/0x4f0 [ 249.430754][ T5891] vfs_write+0x7b2/0xbb0 [ 249.435024][ T5891] ? file_end_write+0x240/0x240 [ 249.439903][ T5891] ? do_raw_spin_unlock+0x13b/0x8b0 [ 249.445114][ T5891] ? lockdep_hardirqs_on+0x98/0x140 [ 249.450361][ T5891] ? __fdget_pos+0x265/0x2f0 [ 249.454970][ T5891] ksys_write+0x1a0/0x2c0 [ 249.459319][ T5891] ? __ia32_sys_read+0x90/0x90 [ 249.464177][ T5891] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 249.470178][ T5891] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 249.476183][ T5891] do_syscall_64+0x41/0xc0 [ 249.480620][ T5891] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 249.486535][ T5891] RIP: 0033:0x7fd49ce20129 [ 249.490961][ T5891] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 249.510582][ T5891] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.519011][ T5891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 249.527002][ T5891] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 249.534985][ T5891] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [ 249.542965][ T5891] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [pid 5894] write(6, "0x000000000000040e", 18 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] close(5) = 0 [pid 5890] close(6) = 0 [pid 5890] close(7) = -1 EBADF (Bad file descriptor) [pid 5890] close(8) = -1 EBADF (Bad file descriptor) [pid 5890] close(9) = -1 EBADF (Bad file descriptor) [pid 5890] close(10) = -1 EBADF (Bad file descriptor) [pid 5890] close(11) = -1 EBADF (Bad file descriptor) [pid 5890] close(12) = -1 EBADF (Bad file descriptor) [pid 5890] close(13) = -1 EBADF (Bad file descriptor) [pid 5890] close(14) = -1 EBADF (Bad file descriptor) [pid 5890] close(15) = -1 EBADF (Bad file descriptor) [pid 5890] close(16) = -1 EBADF (Bad file descriptor) [pid 5890] close(17) = -1 EBADF (Bad file descriptor) [pid 5890] close(18) = -1 EBADF (Bad file descriptor) [pid 5890] close(19) = -1 EBADF (Bad file descriptor) [pid 5890] close(20) = -1 EBADF (Bad file descriptor) [pid 5890] close(21) = -1 EBADF (Bad file descriptor) [pid 5890] close(22) = -1 EBADF (Bad file descriptor) [pid 5890] close(23) = -1 EBADF (Bad file descriptor) [pid 5890] close(24) = -1 EBADF (Bad file descriptor) [pid 5890] close(25) = -1 EBADF (Bad file descriptor) [pid 5890] close(26) = -1 EBADF (Bad file descriptor) [pid 5890] close(27) = -1 EBADF (Bad file descriptor) [pid 5890] close(28) = -1 EBADF (Bad file descriptor) [pid 5890] close(29) = -1 EBADF (Bad file descriptor) [pid 5890] exit_group(0) = ? [ 249.550950][ T5891] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 000000000000004a [ 249.558968][ T5891] [ 249.589716][ T5891] memory: usage 8kB, limit 0kB, failcnt 55 [ 249.595784][ T5891] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [pid 5890] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5072] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 249.606954][ T5891] Memory cgroup stats for /syz1: [ 249.611525][ T5891] anon 0 [ 249.611525][ T5891] file 0 [ 249.611525][ T5891] kernel 8192 [ 249.611525][ T5891] kernel_stack 0 [ 249.611525][ T5891] pagetables 0 [ 249.611525][ T5891] sec_pagetables 0 [ 249.611525][ T5891] percpu 0 [ 249.611525][ T5891] sock 0 [ 249.611525][ T5891] vmalloc 0 [ 249.611525][ T5891] shmem 0 [ 249.611525][ T5891] zswap 0 [ 249.611525][ T5891] zswapped 0 [ 249.611525][ T5891] file_mapped 0 [ 249.611525][ T5891] file_dirty 0 [pid 5072] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./68/binderfs") = 0 [pid 5072] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5072] unlink("./68/cgroup") = 0 [pid 5072] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./68/cgroup.net") = 0 [pid 5072] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5072] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./68/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [ 249.611525][ T5891] file_writeback 0 [ 249.611525][ T5891] swapcached 0 [ 249.611525][ T5891] anon_thp 0 [ 249.611525][ T5891] file_thp 0 [ 249.611525][ T5891] shmem_thp 0 [ 249.611525][ T5891] inactive_anon 0 [ 249.611525][ T5891] active_anon 0 [ 249.611525][ T5891] inactive_file 0 [ 249.611525][ T5891] active_file 0 [ 249.611525][ T5891] unevictable 0 [ 249.611525][ T5891] slab_reclaimable 6752 [ 249.611525][ T5891] slab_unreclaimable 0 [ 249.611525][ T5891] slab 6752 [ 249.611525][ T5891] workingset_refault_anon 0 [pid 5072] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./68/file0") = 0 [pid 5072] umount2("./68/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./68/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5072] unlink("./68/cgroup.cpu") = 0 [pid 5072] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./68") = 0 [pid 5072] mkdir("./69", 0777) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 71 ./strace-static-x86_64: Process 5895 attached [pid 5895] chdir("./69") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 5891] <... write resumed>) = 18 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] close(5) = 0 [pid 5891] close(6) = 0 [pid 5891] close(7) = -1 EBADF (Bad file descriptor) [pid 5891] close(8) = -1 EBADF (Bad file descriptor) [pid 5891] close(9) = -1 EBADF (Bad file descriptor) [pid 5891] close(10) = -1 EBADF (Bad file descriptor) [pid 5891] close(11) = -1 EBADF (Bad file descriptor) [pid 5891] close(12) = -1 EBADF (Bad file descriptor) [pid 5891] close(13) = -1 EBADF (Bad file descriptor) [pid 5891] close(14) = -1 EBADF (Bad file descriptor) [pid 5891] close(15) = -1 EBADF (Bad file descriptor) [pid 5891] close(16) = -1 EBADF (Bad file descriptor) [pid 5891] close(17) = -1 EBADF (Bad file descriptor) [pid 5891] close(18) = -1 EBADF (Bad file descriptor) [pid 5891] close(19) = -1 EBADF (Bad file descriptor) [pid 5891] close(20) = -1 EBADF (Bad file descriptor) [pid 5891] close(21) = -1 EBADF (Bad file descriptor) [pid 5891] close(22) = -1 EBADF (Bad file descriptor) [pid 5891] close(23) = -1 EBADF (Bad file descriptor) [pid 5891] close(24) = -1 EBADF (Bad file descriptor) [pid 5891] close(25) = -1 EBADF (Bad file descriptor) [pid 5891] close(26) = -1 EBADF (Bad file descriptor) [pid 5891] close(27) = -1 EBADF (Bad file descriptor) [pid 5891] close(28) = -1 EBADF (Bad file descriptor) [pid 5891] close(29) = -1 EBADF (Bad file descriptor) [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ [pid 5895] <... symlink resumed>) = 0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=76, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5895] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [ 249.719478][ T5891] Tasks state (memory values in pages): [ 249.725674][ T5891] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [ 249.741020][ T5891] Out of memory and no killable processes... [ 249.751183][ T5892] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [pid 5895] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] mkdir("./file0", 000) = 0 [pid 5895] open("./file0", O_RDONLY) = 3 [pid 5895] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5895] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5895] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5895] openat(5, "memory.max", O_RDWR) = 6 [pid 5895] write(6, "0x000000000000040e", 18 [pid 5075] umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5075] umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./74/binderfs") = 0 [pid 5075] umount2("./74/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./74/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5075] unlink("./74/cgroup") = 0 [pid 5075] umount2("./74/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./74/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./74/cgroup.net") = 0 [ 249.762361][ T5892] CPU: 0 PID: 5892 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 249.772922][ T5892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 249.783034][ T5892] Call Trace: [ 249.786355][ T5892] [ 249.789359][ T5892] dump_stack_lvl+0x1e7/0x2d0 [ 249.794099][ T5892] ? nf_tcp_handle_invalid+0x640/0x640 [ 249.799613][ T5892] ? panic+0x770/0x770 [ 249.803751][ T5892] dump_header+0xdc/0x940 [ 249.808137][ T5892] out_of_memory+0xf21/0x12c0 [ 249.812878][ T5892] ? mutex_lock_io_nested+0x60/0x60 [ 249.818148][ T5892] ? preempt_schedule+0xdd/0xf0 [ 249.823044][ T5892] ? unregister_oom_notifier+0x20/0x20 [ 249.828551][ T5892] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 249.834590][ T5892] mem_cgroup_out_of_memory+0x263/0x3b0 [ 249.840189][ T5892] ? preempt_schedule_thunk+0x1a/0x20 [ 249.845603][ T5892] ? mem_cgroup_oom_trylock+0x210/0x210 [ 249.851224][ T5892] ? cgroup_file_notify+0x127/0x190 [ 249.856470][ T5892] memory_max_write+0x355/0x470 [ 249.861365][ T5892] ? memory_max_show+0xa0/0xa0 [ 249.866160][ T5892] ? read_lock_is_recursive+0x20/0x20 [ 249.871574][ T5892] ? memory_max_show+0xa0/0xa0 [ 249.876358][ T5892] cgroup_file_write+0x2b1/0x780 [ 249.881326][ T5892] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.886453][ T5892] ? __virt_addr_valid+0x22f/0x2e0 [ 249.891607][ T5892] ? cgroup_seqfile_stop+0xd0/0xd0 [ 249.896744][ T5892] kernfs_fop_write_iter+0x3a6/0x4f0 [ 249.902073][ T5892] vfs_write+0x7b2/0xbb0 [ 249.906359][ T5892] ? file_end_write+0x240/0x240 [ 249.911241][ T5892] ? do_raw_spin_unlock+0x13b/0x8b0 [ 249.916464][ T5892] ? lockdep_hardirqs_on+0x98/0x140 [ 249.921703][ T5892] ? __fdget_pos+0x265/0x2f0 [ 249.926331][ T5892] ksys_write+0x1a0/0x2c0 [ 249.930686][ T5892] ? __ia32_sys_read+0x90/0x90 [ 249.935464][ T5892] ? syscall_enter_from_user_mode+0x32/0x2c0 [ 249.941472][ T5892] ? syscall_enter_from_user_mode+0x8c/0x2c0 [ 249.947573][ T5892] do_syscall_64+0x41/0xc0 [ 249.952010][ T5892] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 249.957924][ T5892] RIP: 0033:0x7fd49ce20129 [ 249.962350][ T5892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 249.981971][ T5892] RSP: 002b:00007ffd221823f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 249.990403][ T5892] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd49ce20129 [ 249.998387][ T5892] RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000006 [ 250.006371][ T5892] RBP: 0000000000000000 R08: 0000000000000012 R09: 00007ffd22182420 [pid 5075] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5075] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./74/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5075] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 5075] getdents64(4, 0x5555574b5660 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(4, 0x5555574b5660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./74/file0") = 0 [ 250.014353][ T5892] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2218241c [ 250.022337][ T5892] R13: 00007ffd22182430 R14: 00007ffd22182470 R15: 0000000000000044 [ 250.030337][ T5892] [ 250.042214][ T5892] memory: usage 8kB, limit 0kB, failcnt 55 [ 250.048562][ T5892] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 250.055466][ T5892] Memory cgroup stats for /syz1: [ 250.055687][ T5892] anon 0 [ 250.055687][ T5892] file 0 [ 250.055687][ T5892] kernel 8192 [pid 5075] umount2("./74/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./74/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5075] unlink("./74/cgroup.cpu") = 0 [pid 5075] getdents64(3, 0x5555574ad620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./74") = 0 [pid 5075] mkdir("./75", 0777) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574ac5d0) = 77 ./strace-static-x86_64: Process 5896 attached [pid 5896] chdir("./75") = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 5896] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 5896] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 250.055687][ T5892] kernel_stack 0 [ 250.055687][ T5892] pagetables 0 [ 250.055687][ T5892] sec_pagetables 0 [ 250.055687][ T5892] percpu 0 [ 250.055687][ T5892] sock 0 [ 250.055687][ T5892] vmalloc 0 [ 250.055687][ T5892] shmem 0 [ 250.055687][ T5892] zswap 0 [ 250.055687][ T5892] zswapped 0 [ 250.055687][ T5892] file_mapped 0 [ 250.055687][ T5892] file_dirty 0 [ 250.055687][ T5892] file_writeback 0 [ 250.055687][ T5892] swapcached 0 [ 250.055687][ T5892] anon_thp 0 [ 250.055687][ T5892] file_thp 0 [ 250.055687][ T5892] shmem_thp 0 [pid 5896] write(3, "1000", 4) = 4 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] mkdir("./file0", 000) = 0 [pid 5896] open("./file0", O_RDONLY) = 3 [pid 5896] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 5896] openat(AT_FDCWD, "./file0", O_RDWR|O_PATH) = 4 [pid 5896] openat(4, "syz1", O_RDWR|O_PATH) = 5 [pid 5896] openat(5, "memory.max", O_RDWR) = 6 [ 250.055687][ T5892] inactive_anon 0 [ 250.055687][ T5892] active_anon 0 [ 250.055687][ T5892] inactive_file 0 [ 250.055687][ T5892] active_file 0 [ 250.055687][ T5892] unevictable 0 [ 250.055687][ T5892] slab_reclaimable 6752 [ 250.055687][ T5892] slab_unreclaimable 0 [ 250.055687][ T5892] slab 6752 [ 250.055687][ T5892] workingset_refault_anon 0 [ 250.152195][ T5892] Tasks state (memory values in pages): [ 250.161542][ T5892] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name [pid 5896] write(6, "0x000000000000040e", 18 [pid 5892] <... write resumed>) = 18 [pid 5892] close(3) = 0 [pid 5892] close(4) = 0 [pid 5892] close(5) = 0 [pid 5892] close(6) = 0 [pid 5892] close(7) = -1 EBADF (Bad file descriptor) [pid 5892] close(8) = -1 EBADF (Bad file descriptor) [pid 5892] close(9) = -1 EBADF (Bad file descriptor) [pid 5892] close(10) = -1 EBADF (Bad file descriptor) [pid 5892] close(11) = -1 EBADF (Bad file descriptor) [pid 5892] close(12) = -1 EBADF (Bad file descriptor) [pid 5892] close(13) = -1 EBADF (Bad file descriptor) [pid 5892] close(14) = -1 EBADF (Bad file descriptor) [pid 5892] close(15) = -1 EBADF (Bad file descriptor) [pid 5892] close(16) = -1 EBADF (Bad file descriptor) [pid 5892] close(17) = -1 EBADF (Bad file descriptor) [pid 5892] close(18) = -1 EBADF (Bad file descriptor) [pid 5892] close(19) = -1 EBADF (Bad file descriptor) [pid 5892] close(20) = -1 EBADF (Bad file descriptor) [pid 5892] close(21) = -1 EBADF (Bad file descriptor) [pid 5892] close(22) = -1 EBADF (Bad file descriptor) [pid 5892] close(23) = -1 EBADF (Bad file descriptor) [pid 5892] close(24) = -1 EBADF (Bad file descriptor) [pid 5892] close(25) = -1 EBADF (Bad file descriptor) [pid 5892] close(26) = -1 EBADF (Bad file descriptor) [pid 5892] close(27) = -1 EBADF (Bad file descriptor) [pid 5892] close(28) = -1 EBADF (Bad file descriptor) [pid 5892] close(29) = -1 EBADF (Bad file descriptor) [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5070] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 250.171598][ T5892] Out of memory and no killable processes... [ 250.178133][ T5893] syz-executor131 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 250.197295][ T5893] CPU: 0 PID: 5893 Comm: syz-executor131 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0 [ 250.207887][ T5893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 250.217999][ T5893] Call Trace: [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x5555574ad620 /* 7 entries */, 32768) = 208 [pid 5070] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./68/binderfs") = 0 [pid 5070] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5070] unlink("./68/cgroup") = 0 [pid 5070] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5070] unlink("./68/cgroup.net") = 0 [ 250.221326][ T5893] [ 250.224304][ T5893] dump_stack_lvl+0x1e7/0x2d0 [ 250.229050][ T5893] ? nf_tcp_handle_invalid+0x640/0x640 [ 250.234660][ T5893] ? panic+0x770/0x770 [ 250.238804][ T5893] dump_header+0xdc/0x940 [ 250.243200][ T5893] out_of_memory+0xf21/0x12c0 [ 250.247944][ T5893] ? mutex_lock_io_nested+0x60/0x60 [ 250.253230][ T5893] ? preempt_schedule+0xdd/0xf0 [ 250.258115][ T5893] ? unregister_oom_notifier+0x20/0x20 [ 250.263624][ T5893] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 250.269697][ T5893] mem_cgroup_out_of_memory+0x263/0x3b0 [ 250.275317][ T5893] ? preempt_schedule_thunk+0x1a/0x20 [ 250.280750][ T5893] ? mem_cgroup_oom_trylock+0x210/0x210 [ 250.286352][ T5893] ? cgroup_file_notify+0x127/0x190 [ 250.291596][ T5893] memory_max_write+0x355/0x470 [ 250.296479][ T5893] ? memory_max_show+0xa0/0xa0 [ 250.301290][ T5893] ? read_lock_is_recursive+0x20/0x20 [ 250.306718][ T5893] ? memory_max_show+0xa0/0xa0 [ 250.311531][ T5893] cgroup_file_write+0x2b1/0x780 [ 250.316524][ T5893] ? cgroup_seqfile_stop+0xd0/0xd0