./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3146618314 <...> Warning: Permanently added '10.128.1.95' (ECDSA) to the list of known hosts. execve("./syz-executor3146618314", ["./syz-executor3146618314"], 0x7ffde64f5530 /* 10 vars */) = 0 brk(NULL) = 0x555556a0e000 brk(0x555556a0ec40) = 0x555556a0ec40 arch_prctl(ARCH_SET_FS, 0x555556a0e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3146618314", 4096) = 28 brk(0x555556a2fc40) = 0x555556a2fc40 brk(0x555556a30000) = 0x555556a30000 mprotect(0x7fcc5ba39000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 syzkaller login: [ 49.125136][ T3596] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) [ 49.256787][ T3596] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3597 attached , child_tidptr=0x555556a0e5d0) = 3597 [pid 3596] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 3598 [pid 3597] getpid( [pid 3596] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3597] <... getpid resumed>) = 3597 ./strace-static-x86_64: Process 3598 attached [pid 3597] mkdir("./syzkaller.voVsE9", 0700 [pid 3596] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3599 [pid 3596] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3597] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 3599 attached [pid 3598] getpid( [pid 3597] chmod("./syzkaller.voVsE9", 0777./strace-static-x86_64: Process 3600 attached [pid 3596] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3600 [pid 3597] <... chmod resumed>) = 0 [pid 3597] chdir("./syzkaller.voVsE9") = 0 [pid 3597] unshare(CLONE_NEWPID [pid 3596] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3597] <... unshare resumed>) = 0 [pid 3598] <... getpid resumed>) = 3598 [pid 3598] mkdir("./syzkaller.j2D56e", 0700) = 0 [pid 3597] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3598] chmod("./syzkaller.j2D56e", 0777 [pid 3596] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3601 [pid 3598] <... chmod resumed>) = 0 [pid 3598] chdir("./syzkaller.j2D56e") = 0 [pid 3597] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3602 [pid 3598] unshare(CLONE_NEWPID) = 0 [pid 3598] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3601 attached ./strace-static-x86_64: Process 3603 attached [pid 3596] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3600] getpid( [pid 3598] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3603 [pid 3599] getpid() = 3599 [pid 3599] mkdir("./syzkaller.iQ9BTl", 0700) = 0 [pid 3599] chmod("./syzkaller.iQ9BTl", 0777 [pid 3600] <... getpid resumed>) = 3600 [pid 3599] <... chmod resumed>) = 0 [pid 3599] chdir("./syzkaller.iQ9BTl") = 0 [pid 3599] unshare(CLONE_NEWPID) = 0 [pid 3599] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3602 attached [pid 3602] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3599] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3605 [pid 3596] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3604 [pid 3600] mkdir("./syzkaller.39o7Xp", 0700 [pid 3602] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3602] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3600] <... mkdir resumed>) = 0 [pid 3602] <... prctl resumed>) = 0 [pid 3600] chmod("./syzkaller.39o7Xp", 0777 [pid 3602] setsid() = 1 [pid 3602] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 3600] <... chmod resumed>) = 0 [pid 3602] <... prlimit64 resumed>NULL) = 0 [pid 3602] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3602] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3602] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3602] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3602] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3602] unshare(CLONE_NEWNS) = 0 [pid 3602] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3602] unshare(CLONE_NEWIPC) = 0 [pid 3602] unshare(CLONE_NEWCGROUP) = 0 [pid 3602] unshare(CLONE_NEWUTS) = 0 [pid 3602] unshare(CLONE_SYSVSEM) = 0 [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 3605 attached [pid 3605] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3602] <... openat resumed>) = 3 [pid 3600] chdir("./syzkaller.39o7Xp" [pid 3601] getpid( [pid 3600] <... chdir resumed>) = 0 [pid 3601] <... getpid resumed>) = 3601 [pid 3600] unshare(CLONE_NEWPID [pid 3601] mkdir("./syzkaller.48afOw", 0700 [pid 3600] <... unshare resumed>) = 0 [pid 3600] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3605] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3602] write(3, "16777216", 8 [pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3602] <... write resumed>) = 8 [pid 3601] <... mkdir resumed>) = 0 [pid 3605] <... prctl resumed>) = 0 [pid 3605] setsid( [pid 3602] close(3 [pid 3605] <... setsid resumed>) = 1 [pid 3602] <... close resumed>) = 0 [pid 3605] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3601] chmod("./syzkaller.48afOw", 0777 [pid 3603] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 3605] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 3601] <... chmod resumed>) = 0 [pid 3600] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3606 [pid 3603] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3602] <... openat resumed>) = 3 [pid 3601] chdir("./syzkaller.48afOw" [pid 3605] <... prlimit64 resumed>NULL) = 0 [pid 3601] <... chdir resumed>) = 0 [pid 3603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3601] unshare(CLONE_NEWPID./strace-static-x86_64: Process 3604 attached [pid 3603] <... prctl resumed>) = 0 [pid 3601] <... unshare resumed>) = 0 [pid 3605] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 3603] setsid( [pid 3601] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3605] <... prlimit64 resumed>NULL) = 0 [pid 3605] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3605] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3605] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3605] unshare(CLONE_NEWNS [pid 3603] <... setsid resumed>) = 1 [pid 3605] <... unshare resumed>) = 0 [pid 3604] getpid( [pid 3603] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 3601] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3607 ./strace-static-x86_64: Process 3607 attached [pid 3604] <... getpid resumed>) = 3604 [pid 3603] <... prlimit64 resumed>NULL) = 0 [pid 3603] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 3604] mkdir("./syzkaller.57evpG", 0700 [pid 3603] <... prlimit64 resumed>NULL) = 0 [pid 3602] write(3, "536870912", 9 [pid 3603] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 3602] <... write resumed>) = 9 [pid 3605] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 3602] close(3 [pid 3605] <... mount resumed>) = 0 [pid 3602] <... close resumed>) = 0 [pid 3604] <... mkdir resumed>) = 0 [pid 3603] <... prlimit64 resumed>NULL) = 0 [pid 3605] unshare(CLONE_NEWIPC [pid 3603] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 3603] <... prlimit64 resumed>NULL) = 0 [pid 3605] <... unshare resumed>) = 0 [pid 3604] chmod("./syzkaller.57evpG", 0777 [pid 3603] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, [pid 3602] <... openat resumed>) = 3 [pid 3603] <... prlimit64 resumed>NULL) = 0 ./strace-static-x86_64: Process 3606 attached [pid 3605] unshare(CLONE_NEWCGROUP [pid 3603] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 3602] write(3, "1024", 4 [pid 3604] <... chmod resumed>) = 0 [pid 3603] <... prlimit64 resumed>NULL) = 0 [pid 3606] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3605] <... unshare resumed>) = 0 [pid 3604] chdir("./syzkaller.57evpG" [pid 3603] unshare(CLONE_NEWNS [pid 3602] <... write resumed>) = 4 [pid 3606] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3605] unshare(CLONE_NEWUTS [pid 3604] <... chdir resumed>) = 0 [pid 3603] <... unshare resumed>) = 0 [pid 3602] close(3 [pid 3606] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3605] <... unshare resumed>) = 0 [pid 3604] unshare(CLONE_NEWPID [pid 3603] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 3602] <... close resumed>) = 0 [pid 3606] <... prctl resumed>) = 0 [pid 3605] unshare(CLONE_SYSVSEM [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3606] setsid( [pid 3605] <... unshare resumed>) = 0 [pid 3604] <... unshare resumed>) = 0 [pid 3603] <... mount resumed>) = 0 [pid 3602] <... openat resumed>) = 3 [pid 3606] <... setsid resumed>) = 1 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3603] unshare(CLONE_NEWIPC [pid 3602] write(3, "8192", 4 [pid 3607] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3606] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 3605] <... openat resumed>) = 3 [pid 3602] <... write resumed>) = 4 [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] write(3, "16777216", 8 [pid 3602] close(3 [pid 3606] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 3605] <... write resumed>) = 8 [pid 3602] <... close resumed>) = 0 [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] close(3 [pid 3603] <... unshare resumed>) = 0 [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 3607] <... prctl resumed>) = 0 [pid 3606] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 3605] <... close resumed>) = 0 [pid 3604] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3608 [pid 3603] unshare(CLONE_NEWCGROUP [pid 3602] <... openat resumed>) = 3 [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 3603] <... unshare resumed>) = 0 [pid 3602] write(3, "1024", 4 [pid 3607] setsid( [pid 3606] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 3605] <... openat resumed>) = 3 [pid 3603] unshare(CLONE_NEWUTS [pid 3602] <... write resumed>) = 4 [pid 3607] <... setsid resumed>) = 1 [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] write(3, "536870912", 9 [pid 3602] close(3./strace-static-x86_64: Process 3608 attached [pid 3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 3606] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, [pid 3605] <... write resumed>) = 9 [pid 3603] <... unshare resumed>) = 0 [pid 3602] <... close resumed>) = 0 [pid 3608] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] close(3 [pid 3603] unshare(CLONE_SYSVSEM [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 3608] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 3606] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 3605] <... close resumed>) = 0 [pid 3603] <... unshare resumed>) = 0 [pid 3602] <... openat resumed>) = 3 [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... prlimit64 resumed>NULL) = 0 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 3602] write(3, "1024", 4 [pid 3608] <... prctl resumed>) = 0 [pid 3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 3606] unshare(CLONE_NEWNS [pid 3605] <... openat resumed>) = 3 [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 3602] <... write resumed>) = 4 [pid 3608] setsid( [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... unshare resumed>) = 0 [pid 3605] write(3, "1024", 4 [pid 3603] <... openat resumed>) = 3 [pid 3602] close(3 [pid 3608] <... setsid resumed>) = 1 [pid 3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 3606] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 3605] <... write resumed>) = 4 [pid 3603] write(3, "16777216", 8 [pid 3602] <... close resumed>) = 0 [pid 3608] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... mount resumed>) = 0 [pid 3605] close(3 [pid 3603] <... write resumed>) = 8 [pid 3602] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 3608] <... prlimit64 resumed>NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, [pid 3606] unshare(CLONE_NEWIPC [pid 3605] <... close resumed>) = 0 [pid 3603] close(3 [pid 3608] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... unshare resumed>) = 0 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 3603] <... close resumed>) = 0 [pid 3602] <... openat resumed>) = 3 [pid 3608] <... prlimit64 resumed>NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 3606] unshare(CLONE_NEWCGROUP [pid 3605] <... openat resumed>) = 3 [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 3602] write(3, "1024 1048576 500 1024", 21 [pid 3608] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 3607] <... prlimit64 resumed>NULL) = 0 [pid 3606] <... unshare resumed>) = 0 [pid 3605] write(3, "8192", 4 [pid 3608] <... prlimit64 resumed>NULL) = 0 [pid 3607] unshare(CLONE_NEWNS [pid 3606] unshare(CLONE_NEWUTS [pid 3603] <... openat resumed>) = 3 [pid 3605] <... write resumed>) = 4 [pid 3602] <... write resumed>) = 21 [pid 3608] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3607] <... unshare resumed>) = 0 [pid 3606] <... unshare resumed>) = 0 [pid 3605] close(3 [pid 3603] write(3, "536870912", 9 [pid 3602] close(3 [pid 3608] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, [pid 3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 3606] unshare(CLONE_SYSVSEM [pid 3605] <... close resumed>) = 0 [pid 3603] <... write resumed>) = 9 [pid 3602] <... close resumed>) = 0 [pid 3608] <... prlimit64 resumed>NULL) = 0 [pid 3607] <... mount resumed>) = 0 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 3603] close(3 [pid 3606] <... unshare resumed>) = 0 [pid 3608] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 3607] unshare(CLONE_NEWIPC [pid 3602] getpid( [pid 3605] <... openat resumed>) = 3 [pid 3603] <... close resumed>) = 0 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 3605] write(3, "1024", 4 [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 3602] <... getpid resumed>) = 1 [pid 3607] <... unshare resumed>) = 0 [pid 3605] <... write resumed>) = 4 [pid 3603] <... openat resumed>) = 3 [pid 3602] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 3608] <... prlimit64 resumed>NULL) = 0 [pid 3607] unshare(CLONE_NEWCGROUP [pid 3606] <... openat resumed>) = 3 [pid 3605] close(3 [pid 3603] write(3, "1024", 4 [pid 3602] <... capget resumed>{effective=1< [pid 3607] <... unshare resumed>) = 0 [pid 3606] write(3, "16777216", 8 [pid 3605] <... close resumed>) = 0 [pid 3603] <... write resumed>) = 4 [pid 3602] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3608] <... unshare resumed>) = 0 [pid 3607] unshare(CLONE_NEWUTS [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 3603] close(3 [pid 3602] <... capset resumed>) = 0 [pid 3607] <... unshare resumed>) = 0 [pid 3606] <... write resumed>) = 8 [pid 3605] <... openat resumed>) = 3 [pid 3603] <... close resumed>) = 0 [pid 3608] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 3602] unshare(CLONE_NEWNET [pid 3607] unshare(CLONE_SYSVSEM [pid 3606] close(3 [pid 3605] write(3, "1024", 4 [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 3607] <... unshare resumed>) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "16777216", 8) = 8 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3606] <... close resumed>) = 0 [pid 3605] <... write resumed>) = 4 [pid 3603] <... openat resumed>) = 3 [pid 3607] write(3, "536870912", 9) = 9 [pid 3603] write(3, "8192", 4 [pid 3607] close(3 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 3605] close(3 [pid 3608] <... mount resumed>) = 0 [pid 3607] <... close resumed>) = 0 [pid 3603] <... write resumed>) = 4 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "8192", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3607] close(3) = 0 [pid 3607] getpid() = 1 [pid 3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3608] unshare(CLONE_NEWIPC [pid 3606] <... openat resumed>) = 3 [pid 3605] <... close resumed>) = 0 [pid 3603] close(3 [pid 3608] <... unshare resumed>) = 0 [pid 3606] write(3, "536870912", 9 [pid 3605] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 3603] <... close resumed>) = 0 [pid 3605] <... openat resumed>) = 3 [pid 3606] <... write resumed>) = 9 [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 3608] unshare(CLONE_NEWCGROUP [pid 3606] close(3 [pid 3605] write(3, "1024 1048576 500 1024", 21 [pid 3608] <... unshare resumed>) = 0 [pid 3606] <... close resumed>) = 0 [pid 3605] <... write resumed>) = 21 [pid 3603] <... openat resumed>) = 3 [pid 3608] unshare(CLONE_NEWUTS [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 3605] close(3 [pid 3603] write(3, "1024", 4 [pid 3608] <... unshare resumed>) = 0 [pid 3603] <... write resumed>) = 4 [pid 3606] <... openat resumed>) = 3 [pid 3608] unshare(CLONE_SYSVSEM [pid 3605] <... close resumed>) = 0 [pid 3608] <... unshare resumed>) = 0 [pid 3606] write(3, "1024", 4 [pid 3605] getpid( [pid 3603] close(3 [pid 3606] <... write resumed>) = 4 [pid 3605] <... getpid resumed>) = 1 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 3606] close(3 [pid 3605] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 3603] <... close resumed>) = 0 [pid 3608] <... openat resumed>) = 3 [pid 3606] <... close resumed>) = 0 [pid 3605] <... capget resumed>{effective=1< [pid 3608] write(3, "16777216", 8 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 3605] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3608] <... write resumed>) = 8 [pid 3603] <... openat resumed>) = 3 [pid 3608] close(3 [pid 3606] <... openat resumed>) = 3 [pid 3605] <... capset resumed>) = 0 [pid 3603] write(3, "1024", 4 [pid 3608] <... close resumed>) = 0 [pid 3606] write(3, "8192", 4 [pid 3605] unshare(CLONE_NEWNET [pid 3603] <... write resumed>) = 4 [pid 3606] <... write resumed>) = 4 [pid 3603] close(3 [pid 3606] close(3 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 3606] <... close resumed>) = 0 [pid 3603] <... close resumed>) = 0 [pid 3608] <... openat resumed>) = 3 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 3603] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 3608] write(3, "536870912", 9 [pid 3606] <... openat resumed>) = 3 [pid 3603] <... openat resumed>) = 3 [pid 3608] <... write resumed>) = 9 [pid 3606] write(3, "1024", 4 [pid 3603] write(3, "1024 1048576 500 1024", 21 [pid 3608] close(3 [pid 3606] <... write resumed>) = 4 [pid 3603] <... write resumed>) = 21 [pid 3608] <... close resumed>) = 0 [pid 3606] close(3 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 3603] close(3 [pid 3608] <... openat resumed>) = 3 [pid 3606] <... close resumed>) = 0 [pid 3603] <... close resumed>) = 0 [pid 3608] write(3, "1024", 4 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 3608] <... write resumed>) = 4 [pid 3606] <... openat resumed>) = 3 [pid 3603] getpid( [pid 3608] close(3 [pid 3606] write(3, "1024", 4 [pid 3603] <... getpid resumed>) = 1 [pid 3608] <... close resumed>) = 0 [pid 3606] <... write resumed>) = 4 [pid 3603] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 3606] close(3 [pid 3603] <... capget resumed>{effective=1<) = 3 [pid 3603] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3608] write(3, "8192", 4 [pid 3606] <... close resumed>) = 0 [pid 3608] <... write resumed>) = 4 [pid 3603] <... capset resumed>) = 0 [pid 3606] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 3608] close(3 [pid 3603] unshare(CLONE_NEWNET [pid 3606] <... openat resumed>) = 3 [pid 3608] <... close resumed>) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 3606] write(3, "1024 1048576 500 1024", 21 [pid 3608] <... openat resumed>) = 3 [pid 3606] <... write resumed>) = 21 [pid 3608] write(3, "1024", 4 [pid 3606] close(3 [pid 3608] <... write resumed>) = 4 [pid 3606] <... close resumed>) = 0 [pid 3608] close(3 [pid 3606] getpid( [pid 3608] <... close resumed>) = 0 [pid 3606] <... getpid resumed>) = 1 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 3606] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 3608] <... openat resumed>) = 3 [pid 3606] <... capget resumed>{effective=1< [pid 3606] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3608] <... write resumed>) = 4 [pid 3606] <... capset resumed>) = 0 [pid 3608] close(3 [pid 3606] unshare(CLONE_NEWNET [pid 3608] <... close resumed>) = 0 [pid 3608] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3608] close(3) = 0 [pid 3608] getpid() = 1 [pid 3608] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3602] <... unshare resumed>) = 0 [pid 3607] <... unshare resumed>) = 0 [pid 3602] mkdir("/dev/binderfs", 0777 [pid 3607] mkdir("/dev/binderfs", 0777) = 0 [pid 3602] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3607] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 3607] getpid( [pid 3602] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 3607] <... getpid resumed>) = 1 [pid 3602] <... mount resumed>) = 0 [pid 3602] getpid() = 1 [pid 3602] mkdir("/syzcgroup/unified/syz0", 0777 [pid 3607] mkdir("/syzcgroup/unified/syz4", 0777 [pid 3602] <... mkdir resumed>) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC [pid 3607] <... mkdir resumed>) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/unified/syz4/pids.max", O_WRONLY|O_CLOEXEC [pid 3602] <... openat resumed>) = 3 [pid 3602] write(3, "32", 2) = 2 [pid 3602] close(3 [pid 3607] <... openat resumed>) = 3 [pid 3602] <... close resumed>) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.low", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "312475648", 9) = 9 [pid 3602] close(3) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.high", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "313524224", 9) = 9 [pid 3602] close(3) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.max", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "314572800", 9) = 9 [pid 3602] close(3) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "1", 1) = 1 [pid 3602] close(3) = 0 [pid 3602] mkdir("/syzcgroup/cpu/syz0", 0777 [pid 3607] write(3, "32", 2 [pid 3602] <... mkdir resumed>) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "1", 1) = 1 [pid 3603] <... unshare resumed>) = 0 [pid 3603] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 3603] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 3607] <... write resumed>) = 2 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/unified/syz4/memory.low", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "312475648", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/unified/syz4/memory.high", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "313524224", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/unified/syz4/memory.max", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "314572800", 9) = 9 [pid 3607] close(3 [pid 3602] close(3 [pid 3607] <... close resumed>) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/unified/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3602] <... close resumed>) = 0 [pid 3607] <... openat resumed>) = 3 [pid 3607] write(3, "1", 1 [pid 3602] mkdir("/syzcgroup/net/syz0", 0777 [pid 3607] <... write resumed>) = 1 [pid 3607] close(3) = 0 [pid 3607] mkdir("/syzcgroup/cpu/syz4", 0777) = 0 [pid 3607] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3603] <... mount resumed>) = 0 [pid 3603] getpid( [pid 3607] <... openat resumed>) = 3 [pid 3605] <... unshare resumed>) = 0 [pid 3607] write(3, "1", 1 [pid 3603] <... getpid resumed>) = 1 [pid 3605] mkdir("/dev/binderfs", 0777 [pid 3603] mkdir("/syzcgroup/unified/syz1", 0777 [pid 3602] <... mkdir resumed>) = 0 [pid 3602] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 3602] write(3, "1", 1) = 1 [pid 3602] close(3) = 0 [pid 3602] mkdir("./0", 0777 [pid 3608] <... unshare resumed>) = 0 [pid 3607] <... write resumed>) = 1 [pid 3605] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3603] <... mkdir resumed>) = 0 [pid 3607] close(3 [pid 3603] openat(AT_FDCWD, "/syzcgroup/unified/syz1/pids.max", O_WRONLY|O_CLOEXEC [pid 3607] <... close resumed>) = 0 [pid 3605] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 3607] mkdir("/syzcgroup/net/syz4", 0777 [pid 3603] <... openat resumed>) = 3 [pid 3603] write(3, "32", 2) = 2 [pid 3603] close(3) = 0 [pid 3603] openat(AT_FDCWD, "/syzcgroup/unified/syz1/memory.low", O_WRONLY|O_CLOEXEC) = 3 [pid 3605] <... mount resumed>) = 0 [pid 3603] write(3, "312475648", 9) = 9 [pid 3603] close(3) = 0 [pid 3603] openat(AT_FDCWD, "/syzcgroup/unified/syz1/memory.high", O_WRONLY|O_CLOEXEC [pid 3607] <... mkdir resumed>) = 0 [pid 3605] getpid( [pid 3608] mkdir("/dev/binderfs", 0777 [pid 3607] openat(AT_FDCWD, "/syzcgroup/net/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3605] <... getpid resumed>) = 1 [pid 3603] <... openat resumed>) = 3 [pid 3607] <... openat resumed>) = 3 [pid 3608] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3607] write(3, "1", 1 [pid 3605] mkdir("/syzcgroup/unified/syz2", 0777 [pid 3603] write(3, "313524224", 9 [pid 3607] <... write resumed>) = 1 [pid 3603] <... write resumed>) = 9 [pid 3603] close(3 [pid 3607] close(3 [pid 3603] <... close resumed>) = 0 [pid 3607] <... close resumed>) = 0 [pid 3603] openat(AT_FDCWD, "/syzcgroup/unified/syz1/memory.max", O_WRONLY|O_CLOEXEC [pid 3607] mkdir("./0", 0777 [pid 3603] <... openat resumed>) = 3 [pid 3608] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 3607] <... mkdir resumed>) = 0 [pid 3605] <... mkdir resumed>) = 0 [pid 3602] <... mkdir resumed>) = 0 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3605] openat(AT_FDCWD, "/syzcgroup/unified/syz2/pids.max", O_WRONLY|O_CLOEXEC [pid 3603] write(3, "314572800", 9) = 9 [pid 3603] close(3) = 0 [pid 3603] openat(AT_FDCWD, "/syzcgroup/unified/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 3609 attached [pid 3609] chdir("./0" [pid 3605] <... openat resumed>) = 3 [pid 3609] <... chdir resumed>) = 0 [pid 3608] <... mount resumed>) = 0 [pid 3607] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3603] write(3, "1", 1 [pid 3602] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] <... prctl resumed>) = 0 [pid 3609] setpgid(0, 0 [pid 3603] <... write resumed>) = 1 [pid 3609] <... setpgid resumed>) = 0 [pid 3603] close(3 [pid 3609] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 3608] getpid( [pid 3605] write(3, "32", 2 [pid 3603] <... close resumed>) = 0 [pid 3609] <... symlink resumed>) = 0 [pid 3608] <... getpid resumed>) = 1 [pid 3605] <... write resumed>) = 2 [pid 3603] mkdir("/syzcgroup/cpu/syz1", 0777./strace-static-x86_64: Process 3610 attached [pid 3609] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 3608] mkdir("/syzcgroup/unified/syz5", 0777 [pid 3606] <... unshare resumed>) = 0 [pid 3605] close(3 [pid 3610] chdir("./0" [pid 3609] <... symlink resumed>) = 0 [pid 3603] <... mkdir resumed>) = 0 [pid 3610] <... chdir resumed>) = 0 [pid 3609] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 3608] <... mkdir resumed>) = 0 [pid 3606] mkdir("/dev/binderfs", 0777 [pid 3605] <... close resumed>) = 0 [pid 3602] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3609] <... symlink resumed>) = 0 [pid 3608] openat(AT_FDCWD, "/syzcgroup/unified/syz5/pids.max", O_WRONLY|O_CLOEXEC [pid 3606] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3605] openat(AT_FDCWD, "/syzcgroup/unified/syz2/memory.low", O_WRONLY|O_CLOEXEC [pid 3603] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3610] <... prctl resumed>) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3608] <... openat resumed>) = 3 [pid 3606] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 3605] <... openat resumed>) = 3 [pid 3610] setpgid(0, 0 [pid 3609] <... openat resumed>) = 3 [pid 3608] write(3, "32", 2 [pid 3606] <... mount resumed>) = 0 [pid 3605] write(3, "312475648", 9 [pid 3603] <... openat resumed>) = 3 [pid 3610] <... setpgid resumed>) = 0 [pid 3609] write(3, "1000", 4 [pid 3608] <... write resumed>) = 2 [pid 3606] getpid( [pid 3605] <... write resumed>) = 9 [pid 3610] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 3609] <... write resumed>) = 4 [pid 3608] close(3 [pid 3606] <... getpid resumed>) = 1 [pid 3605] close(3 [pid 3603] write(3, "1", 1 [pid 3610] <... symlink resumed>) = 0 [pid 3609] close(3 [pid 3608] <... close resumed>) = 0 [pid 3606] mkdir("/syzcgroup/unified/syz3", 0777 [pid 3605] <... close resumed>) = 0 [pid 3610] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 3609] <... close resumed>) = 0 [pid 3608] openat(AT_FDCWD, "/syzcgroup/unified/syz5/memory.low", O_WRONLY|O_CLOEXEC [pid 3605] openat(AT_FDCWD, "/syzcgroup/unified/syz2/memory.high", O_WRONLY|O_CLOEXEC [pid 3603] <... write resumed>) = 1 [pid 3609] symlink("/dev/binderfs", "./binderfs" [pid 3606] <... mkdir resumed>) = 0 [pid 3603] close(3 [pid 3608] <... openat resumed>) = 3 [pid 3606] openat(AT_FDCWD, "/syzcgroup/unified/syz3/pids.max", O_WRONLY|O_CLOEXEC [pid 3605] <... openat resumed>) = 3 [pid 3610] <... symlink resumed>) = 0 [pid 3609] <... symlink resumed>) = 0 [pid 3608] write(3, "312475648", 9 [pid 3606] <... openat resumed>) = 3 [pid 3605] write(3, "313524224", 9 [pid 3603] <... close resumed>) = 0 [pid 3610] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 3609] mkdirat(AT_FDCWD, "./file0", 000 [pid 3608] <... write resumed>) = 9 [pid 3606] write(3, "32", 2 [pid 3605] <... write resumed>) = 9 [pid 3603] mkdir("/syzcgroup/net/syz1", 0777 [pid 3610] <... symlink resumed>) = 0 [pid 3609] <... mkdirat resumed>) = 0 [pid 3608] close(3 [pid 3606] <... write resumed>) = 2 [pid 3605] close(3 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3608] <... close resumed>) = 0 [pid 3606] close(3 [pid 3605] <... close resumed>) = 0 [pid 3610] <... openat resumed>) = 3 [pid 3609] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3608] openat(AT_FDCWD, "/syzcgroup/unified/syz5/memory.high", O_WRONLY|O_CLOEXEC [pid 3606] <... close resumed>) = 0 [pid 3605] openat(AT_FDCWD, "/syzcgroup/unified/syz2/memory.max", O_WRONLY|O_CLOEXEC [pid 3603] <... mkdir resumed>) = 0 [pid 3610] write(3, "1000", 4 [pid 3609] <... mount resumed>) = 0 [pid 3608] <... openat resumed>) = 3 [pid 3606] openat(AT_FDCWD, "/syzcgroup/unified/syz3/memory.low", O_WRONLY|O_CLOEXEC [pid 3605] <... openat resumed>) = 3 [pid 3603] openat(AT_FDCWD, "/syzcgroup/net/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3610] <... write resumed>) = 4 [pid 3609] open("./file0", O_RDONLY [pid 3608] write(3, "313524224", 9 [pid 3606] <... openat resumed>) = 3 [pid 3605] write(3, "314572800", 9 [pid 3610] close(3 [pid 3608] <... write resumed>) = 9 [pid 3606] write(3, "312475648", 9 [pid 3605] <... write resumed>) = 9 [pid 3603] <... openat resumed>) = 3 [pid 3610] <... close resumed>) = 0 [pid 3609] <... open resumed>) = 3 [pid 3608] close(3 [pid 3606] <... write resumed>) = 9 [pid 3605] close(3 [pid 3603] write(3, "1", 1 [pid 3610] symlink("/dev/binderfs", "./binderfs" [pid 3609] openat(3, "cgroup.subtree_control", O_RDWR [pid 3608] <... close resumed>) = 0 [pid 3606] close(3 [pid 3605] <... close resumed>) = 0 [pid 3610] <... symlink resumed>) = 0 [pid 3609] <... openat resumed>) = 4 [pid 3608] openat(AT_FDCWD, "/syzcgroup/unified/syz5/memory.max", O_WRONLY|O_CLOEXEC [pid 3606] <... close resumed>) = 0 [pid 3605] openat(AT_FDCWD, "/syzcgroup/unified/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3603] <... write resumed>) = 1 [pid 3610] mkdirat(AT_FDCWD, "./file0", 000 [pid 3609] write(4, "-pids ", 6 [pid 3608] <... openat resumed>) = 3 [pid 3606] openat(AT_FDCWD, "/syzcgroup/unified/syz3/memory.high", O_WRONLY|O_CLOEXEC [pid 3605] <... openat resumed>) = 3 [pid 3603] close(3 [pid 3610] <... mkdirat resumed>) = 0 [pid 3608] write(3, "314572800", 9 [pid 3605] write(3, "1", 1 [pid 3610] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3609] <... write resumed>) = 6 [pid 3608] <... write resumed>) = 9 [pid 3606] <... openat resumed>) = 3 [pid 3605] <... write resumed>) = 1 [pid 3603] <... close resumed>) = 0 [pid 3610] <... mount resumed>) = 0 [pid 3609] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3608] close(3 [pid 3606] write(3, "313524224", 9 [pid 3605] close(3 [pid 3603] mkdir("./0", 0777 [pid 3610] open("./file0", O_RDONLY [pid 3609] <... openat resumed>) = 5 [pid 3608] <... close resumed>) = 0 [pid 3606] <... write resumed>) = 9 [pid 3605] <... close resumed>) = 0 [pid 3610] <... open resumed>) = 3 [pid 3609] write(5, "22", 2 [pid 3608] openat(AT_FDCWD, "/syzcgroup/unified/syz5/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3606] close(3 [pid 3605] mkdir("/syzcgroup/cpu/syz2", 0777 [pid 3603] <... mkdir resumed>) = 0 [pid 3610] openat(3, "cgroup.subtree_control", O_RDWR [pid 3609] <... write resumed>) = 2 [pid 3608] <... openat resumed>) = 3 [pid 3606] <... close resumed>) = 0 [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached [pid 3610] <... openat resumed>) = 4 [pid 3609] write(4, "+pids ", 6 [pid 3608] write(3, "1", 1 [pid 3606] openat(AT_FDCWD, "/syzcgroup/unified/syz3/memory.max", O_WRONLY|O_CLOEXEC [pid 3605] <... mkdir resumed>) = 0 [pid 3611] chdir("./0" [pid 3610] write(4, "-pids ", 6 [pid 3603] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 [pid 3606] <... openat resumed>) = 3 [pid 3611] <... chdir resumed>) = 0 [pid 3608] <... write resumed>) = 1 [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3608] close(3 [pid 3606] write(3, "314572800", 9 [pid 3605] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3611] <... prctl resumed>) = 0 [pid 3608] <... close resumed>) = 0 [pid 3606] <... write resumed>) = 9 [pid 3611] setpgid(0, 0 [pid 3608] mkdir("/syzcgroup/cpu/syz5", 0777 [pid 3606] close(3 [pid 3605] <... openat resumed>) = 3 [pid 3611] <... setpgid resumed>) = 0 [pid 3608] <... mkdir resumed>) = 0 [pid 3606] <... close resumed>) = 0 [pid 3611] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 3606] openat(AT_FDCWD, "/syzcgroup/unified/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3608] openat(AT_FDCWD, "/syzcgroup/cpu/syz5/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3605] write(3, "1", 1 [pid 3611] <... symlink resumed>) = 0 [pid 3606] <... openat resumed>) = 3 [pid 3611] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 3608] <... openat resumed>) = 3 [pid 3606] write(3, "1", 1 [pid 3605] <... write resumed>) = 1 [pid 3611] <... symlink resumed>) = 0 [pid 3608] write(3, "1", 1 [pid 3606] <... write resumed>) = 1 [pid 3605] close(3 [pid 3611] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 3606] close(3 [pid 3605] <... close resumed>) = 0 [pid 3608] <... write resumed>) = 1 [pid 3611] <... symlink resumed>) = 0 [pid 3606] <... close resumed>) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3608] close(3 [pid 3606] mkdir("/syzcgroup/cpu/syz3", 0777 [pid 3605] mkdir("/syzcgroup/net/syz2", 0777 [pid 3606] <... mkdir resumed>) = 0 [pid 3611] <... openat resumed>) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3608] <... close resumed>) = 0 [pid 3606] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3605] <... mkdir resumed>) = 0 [pid 3611] close(3 [pid 3608] mkdir("/syzcgroup/net/syz5", 0777 [pid 3611] <... close resumed>) = 0 [pid 3606] <... openat resumed>) = 3 [pid 3605] openat(AT_FDCWD, "/syzcgroup/net/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3611] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3608] <... mkdir resumed>) = 0 [pid 3606] write(3, "1", 1 [pid 3605] <... openat resumed>) = 3 [pid 3611] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3608] openat(AT_FDCWD, "/syzcgroup/net/syz5/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3606] <... write resumed>) = 1 [pid 3605] write(3, "1", 1 [pid 3611] <... mount resumed>) = 0 [pid 3608] <... openat resumed>) = 3 [pid 3606] close(3 [pid 3605] <... write resumed>) = 1 [pid 3611] open("./file0", O_RDONLY [pid 3608] write(3, "1", 1 [pid 3606] <... close resumed>) = 0 [pid 3605] close(3 [pid 3611] <... open resumed>) = 3 [pid 3608] <... write resumed>) = 1 [pid 3606] mkdir("/syzcgroup/net/syz3", 0777 [pid 3605] <... close resumed>) = 0 [pid 3611] openat(3, "cgroup.subtree_control", O_RDWR [pid 3608] close(3 [pid 3611] <... openat resumed>) = 4 [pid 3611] write(4, "-pids ", 6 [pid 3606] <... mkdir resumed>) = 0 [pid 3605] mkdir("./0", 0777 [pid 3610] <... write resumed>) = 6 [pid 3608] <... close resumed>) = 0 [pid 3606] openat(AT_FDCWD, "/syzcgroup/net/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 3605] <... mkdir resumed>) = 0 [pid 3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3608] mkdir("./0", 0777 [pid 3606] <... openat resumed>) = 3 [pid 3605] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3610] <... openat resumed>) = 5 [pid 3608] <... mkdir resumed>) = 0 [pid 3606] write(3, "1", 1 [pid 3610] write(5, "22", 2 [pid 3608] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3605] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 [pid 3610] <... write resumed>) = 2 [pid 3610] write(4, "+pids ", 6 [pid 3608] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 ./strace-static-x86_64: Process 3612 attached [pid 3612] chdir("./0"./strace-static-x86_64: Process 3613 attached ) = 0 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3613] chdir("./0" [pid 3612] <... prctl resumed>) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 3612] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 3612] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3612] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 49.766590][ T3609] FAULT_INJECTION: forcing a failure. [ 49.766590][ T3609] name failslab, interval 1, probability 0, space 0, times 1 [ 49.781260][ T3609] CPU: 1 PID: 3609 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 49.791792][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.801862][ T3609] Call Trace: [ 49.805155][ T3609] [ 49.808097][ T3609] dump_stack_lvl+0xcd/0x134 [pid 3612] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3613] <... chdir resumed>) = 0 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 3613] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 3613] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] symlink("/dev/binderfs", "./binderfs") = 0 [ 49.812731][ T3609] should_fail.cold+0x5/0xa [ 49.817258][ T3609] should_failslab+0x5/0x10 [ 49.821775][ T3609] kmem_cache_alloc_trace+0x60/0x3f0 [ 49.827160][ T3609] ? percpu_ref_init+0xcf/0x3d0 [ 49.832038][ T3609] ? cset_cgroup_from_root+0x2a0/0x2a0 [ 49.837516][ T3609] percpu_ref_init+0xcf/0x3d0 [ 49.842218][ T3609] cgroup_apply_control_enable+0x513/0xc00 [ 49.848056][ T3609] cgroup_subtree_control_write+0x8bb/0xd80 [ 49.853967][ T3609] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 49.860037][ T3609] ? lock_release+0x720/0x720 [ 49.864845][ T3609] cgroup_file_write+0x1de/0x770 [ 49.869804][ T3609] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 49.875872][ T3609] ? kill_css+0x370/0x370 [ 49.880217][ T3609] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 49.886602][ T3609] ? kill_css+0x370/0x370 [ 49.890950][ T3609] kernfs_fop_write_iter+0x3f8/0x610 [ 49.896257][ T3609] new_sync_write+0x38a/0x560 [ 49.900953][ T3609] ? new_sync_read+0x5f0/0x5f0 [ 49.905736][ T3609] ? lock_release+0x720/0x720 [ 49.910447][ T3609] vfs_write+0x7c0/0xac0 [ 49.914707][ T3609] ksys_write+0x127/0x250 [ 49.919042][ T3609] ? __ia32_sys_read+0xb0/0xb0 [ 49.923816][ T3609] ? lockdep_hardirqs_on+0x79/0x100 [ 49.929037][ T3609] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.934254][ T3609] ? ptrace_notify+0xfa/0x140 [ 49.938966][ T3609] do_syscall_64+0x35/0xb0 [ 49.943490][ T3609] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.949446][ T3609] RIP: 0033:0x7fcc5b9caf19 [ 49.953875][ T3609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.973491][ T3609] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.981898][ T3609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 49.989878][ T3609] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 49.997856][ T3609] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 50.005838][ T3609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 3613] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3613] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3609] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3606] <... write resumed>) = 1 [pid 3609] close(3) = 0 [pid 3609] close(4) = 0 [pid 3609] close(5) = 0 [pid 3609] close(6) = -1 EBADF (Bad file descriptor) [pid 3609] close(7) = -1 EBADF (Bad file descriptor) [pid 3609] close(8) = -1 EBADF (Bad file descriptor) [pid 3612] <... mount resumed>) = 0 [pid 3613] <... mount resumed>) = 0 [pid 3609] close(9 [pid 3612] open("./file0", O_RDONLY [pid 3613] open("./file0", O_RDONLY [pid 3612] <... open resumed>) = 3 [pid 3606] close(3 [pid 3613] <... open resumed>) = 3 [pid 3613] openat(3, "cgroup.subtree_control", O_RDWR [pid 3612] openat(3, "cgroup.subtree_control", O_RDWR [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3606] <... close resumed>) = 0 [pid 3609] close(10) = -1 EBADF (Bad file descriptor) [pid 3609] close(11) = -1 EBADF (Bad file descriptor) [pid 3609] close(12) = -1 EBADF (Bad file descriptor) [pid 3609] close(13) = -1 EBADF (Bad file descriptor) [pid 3609] close(14) = -1 EBADF (Bad file descriptor) [pid 3609] close(15 [pid 3612] <... openat resumed>) = 4 [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3609] close(16 [pid 3613] <... openat resumed>) = 4 [pid 3606] mkdir("./0", 0777 [pid 3613] write(4, "-pids ", 6 [pid 3612] write(4, "-pids ", 6 [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3609] close(17) = -1 EBADF (Bad file descriptor) [pid 3609] close(18) = -1 EBADF (Bad file descriptor) [pid 3609] close(19 [pid 3606] <... mkdir resumed>) = 0 [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3609] close(20 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3609] close(21) = -1 EBADF (Bad file descriptor) [pid 3609] close(22) = -1 EBADF (Bad file descriptor) [pid 3609] close(23) = -1 EBADF (Bad file descriptor) [pid 3609] close(24) = -1 EBADF (Bad file descriptor) [pid 3609] close(25) = -1 EBADF (Bad file descriptor) [pid 3609] close(26) = -1 EBADF (Bad file descriptor) [pid 3609] close(27) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 3614 attached [pid 3609] close(28 [pid 3614] chdir("./0" [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3606] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 2 [pid 3614] <... chdir resumed>) = 0 [pid 3609] close(29 [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3609] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3614] <... prctl resumed>) = 0 [pid 3609] exit_group(0 [pid 3614] setpgid(0, 0 [pid 3609] <... exit_group resumed>) = ? [pid 3614] <... setpgid resumed>) = 0 [pid 3609] +++ exited with 0 +++ [pid 3614] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 3607] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- [pid 3614] <... symlink resumed>) = 0 [pid 3607] restart_syscall(<... resuming interrupted clone ...> [pid 3614] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 3607] <... restart_syscall resumed>) = 0 [pid 3614] <... symlink resumed>) = 0 [pid 3614] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 3607] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3614] <... symlink resumed>) = 0 [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3607] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3607] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3614] <... openat resumed>) = 3 [pid 3607] <... openat resumed>) = 3 [pid 3614] write(3, "1000", 4 [pid 3607] fstat(3, [pid 3614] <... write resumed>) = 4 [pid 3607] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3614] close(3) = 0 [pid 3607] getdents64(3, [pid 3614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3607] <... getdents64 resumed>0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3614] mkdirat(AT_FDCWD, "./file0", 000 [pid 3607] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3614] <... mkdirat resumed>) = 0 [pid 3607] lstat("./0/binderfs", [pid 3614] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3607] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3614] <... mount resumed>) = 0 [pid 3607] unlink("./0/binderfs" [pid 3614] open("./file0", O_RDONLY) = 3 [pid 3607] <... unlink resumed>) = 0 [pid 3614] openat(3, "cgroup.subtree_control", O_RDWR [pid 3607] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3614] <... openat resumed>) = 4 [pid 3607] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3614] write(4, "-pids ", 6 [pid 3607] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3607] unlink("./0/cgroup") = 0 [pid 3607] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3607] unlink("./0/cgroup.net") = 0 [pid 3607] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3607] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./0/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3607] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3607] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3607] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3607] getdents64(4, 0x555556a17660 /* 0 entries */, 32768) = 0 [ 50.013821][ T3609] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 50.021806][ T3609] [pid 3607] close(4 [pid 3614] <... write resumed>) = 6 [pid 3613] <... write resumed>) = 6 [pid 3611] <... write resumed>) = 6 [pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3614] write(5, "22", 2) = 2 [pid 3614] write(4, "+pids ", 6 [pid 3607] <... close resumed>) = 0 [pid 3607] rmdir("./0/file0") = 0 [pid 3607] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3607] unlink("./0/cgroup.cpu") = 0 [pid 3607] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3607] close(3) = 0 [pid 3607] rmdir("./0") = 0 [pid 3607] mkdir("./1", 0777) = 0 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached [pid 3613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3611] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3607] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3 [pid 3615] chdir("./1") = 0 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 3615] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 3615] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3615] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3615] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3613] <... openat resumed>) = 5 [pid 3613] write(5, "22", 2) = 2 [pid 3613] write(4, "+pids ", 6 [pid 3611] <... openat resumed>) = 5 [pid 3611] write(5, "22", 2) = 2 [ 50.075721][ T3610] FAULT_INJECTION: forcing a failure. [ 50.075721][ T3610] name failslab, interval 1, probability 0, space 0, times 0 [ 50.088830][ T3610] CPU: 0 PID: 3610 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 50.099360][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.109430][ T3610] Call Trace: [ 50.112718][ T3610] [ 50.115662][ T3610] dump_stack_lvl+0xcd/0x134 [ 50.120274][ T3610] should_fail.cold+0x5/0xa [ 50.124777][ T3610] should_failslab+0x5/0x10 [ 50.129282][ T3610] __kmalloc_track_caller+0x79/0x320 [ 50.134586][ T3610] ? kstrdup_const+0x53/0x80 [ 50.139195][ T3610] kstrdup+0x36/0x70 [ 50.143114][ T3610] kstrdup_const+0x53/0x80 [ 50.147538][ T3610] __kernfs_new_node+0x9d/0x8b0 [ 50.152390][ T3610] ? kernfs_path_from_node+0x60/0x60 [ 50.157669][ T3610] ? pointer+0x950/0x950 [ 50.161924][ T3610] ? snprintf+0xbb/0xf0 [ 50.166078][ T3610] ? vsprintf+0x30/0x30 [ 50.170235][ T3610] kernfs_new_node+0x93/0x120 [ 50.174913][ T3610] __kernfs_create_file+0x51/0x350 [ 50.180025][ T3610] cgroup_addrm_files+0x418/0xa00 [ 50.185057][ T3610] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 50.191293][ T3610] ? cgroup_css.part.0.isra.0+0x110/0x110 [ 50.197016][ T3610] ? find_held_lock+0x2d/0x110 [ 50.201778][ T3610] ? cgroup_apply_control_enable+0x693/0xc00 [ 50.207764][ T3610] css_populate_dir+0x19b/0x450 [ 50.212621][ T3610] cgroup_apply_control_enable+0x3fd/0xc00 [ 50.218433][ T3610] cgroup_subtree_control_write+0x8bb/0xd80 [ 50.224416][ T3610] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.230571][ T3610] ? lock_release+0x720/0x720 [ 50.235246][ T3610] cgroup_file_write+0x1de/0x770 [ 50.240179][ T3610] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.246241][ T3610] ? kill_css+0x370/0x370 [ 50.250565][ T3610] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 50.256808][ T3610] ? kill_css+0x370/0x370 [ 50.261133][ T3610] kernfs_fop_write_iter+0x3f8/0x610 [ 50.266417][ T3610] new_sync_write+0x38a/0x560 [ 50.271088][ T3610] ? new_sync_read+0x5f0/0x5f0 [ 50.275848][ T3610] ? lock_release+0x720/0x720 [ 50.280536][ T3610] vfs_write+0x7c0/0xac0 [ 50.284773][ T3610] ksys_write+0x127/0x250 [ 50.289100][ T3610] ? __ia32_sys_read+0xb0/0xb0 [ 50.293864][ T3610] ? lockdep_hardirqs_on+0x79/0x100 [ 50.299059][ T3610] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.304252][ T3610] ? ptrace_notify+0xfa/0x140 [ 50.308934][ T3610] do_syscall_64+0x35/0xb0 [ 50.313353][ T3610] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.319240][ T3610] RIP: 0033:0x7fcc5b9caf19 [ 50.323648][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.343245][ T3610] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.351649][ T3610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 50.359609][ T3610] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 50.367568][ T3610] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [pid 3611] write(4, "+pids ", 6 [pid 3615] <... mount resumed>) = 0 [pid 3610] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3615] open("./file0", O_RDONLY [pid 3610] close(3 [pid 3615] <... open resumed>) = 3 [pid 3610] <... close resumed>) = 0 [pid 3610] close(4) = 0 [pid 3610] close(5 [pid 3615] openat(3, "cgroup.subtree_control", O_RDWR [pid 3610] <... close resumed>) = 0 [pid 3610] close(6) = -1 EBADF (Bad file descriptor) [pid 3610] close(7) = -1 EBADF (Bad file descriptor) [pid 3610] close(8) = -1 EBADF (Bad file descriptor) [pid 3610] close(9) = -1 EBADF (Bad file descriptor) [pid 3610] close(10) = -1 EBADF (Bad file descriptor) [pid 3610] close(11) = -1 EBADF (Bad file descriptor) [pid 3610] close(12) = -1 EBADF (Bad file descriptor) [pid 3610] close(13) = -1 EBADF (Bad file descriptor) [pid 3610] close(14) = -1 EBADF (Bad file descriptor) [pid 3610] close(15) = -1 EBADF (Bad file descriptor) [pid 3610] close(16) = -1 EBADF (Bad file descriptor) [pid 3610] close(17) = -1 EBADF (Bad file descriptor) [pid 3610] close(18) = -1 EBADF (Bad file descriptor) [pid 3610] close(19) = -1 EBADF (Bad file descriptor) [pid 3610] close(20) = -1 EBADF (Bad file descriptor) [pid 3610] close(21) = -1 EBADF (Bad file descriptor) [pid 3610] close(22) = -1 EBADF (Bad file descriptor) [pid 3610] close(23) = -1 EBADF (Bad file descriptor) [pid 3610] close(24) = -1 EBADF (Bad file descriptor) [pid 3610] close(25) = -1 EBADF (Bad file descriptor) [pid 3610] close(26) = -1 EBADF (Bad file descriptor) [pid 3610] close(27) = -1 EBADF (Bad file descriptor) [pid 3610] close(28) = -1 EBADF (Bad file descriptor) [pid 3610] close(29) = -1 EBADF (Bad file descriptor) [pid 3615] <... openat resumed>) = 4 [pid 3610] exit_group(0 [pid 3615] write(4, "-pids ", 6 [pid 3610] <... exit_group resumed>) = ? [pid 3610] +++ exited with 0 +++ [pid 3602] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=34} --- [pid 3602] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3602] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3602] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3602] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3602] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3602] unlink("./0/binderfs") = 0 [pid 3602] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3602] unlink("./0/cgroup") = 0 [pid 3602] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3602] unlink("./0/cgroup.net") = 0 [pid 3602] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3602] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] lstat("./0/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3602] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3602] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 50.375531][ T3610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 50.383491][ T3610] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 50.391465][ T3610] [ 50.398361][ T3610] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 3602] getdents64(4, [pid 3615] <... write resumed>) = 6 [pid 3602] <... getdents64 resumed>0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3602] getdents64(4, [pid 3615] <... openat resumed>) = 5 [pid 3602] <... getdents64 resumed>0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3615] write(5, "22", 2 [pid 3602] close(4 [pid 3615] <... write resumed>) = 2 [pid 3602] <... close resumed>) = 0 [pid 3615] write(4, "+pids ", 6 [pid 3602] rmdir("./0/file0") = 0 [pid 3602] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3602] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3602] unlink("./0/cgroup.cpu") = 0 [pid 3602] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3602] close(3) = 0 [pid 3602] rmdir("./0") = 0 [pid 3602] mkdir("./1", 0777) = 0 [pid 3602] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 3 [ 50.445306][ T3611] FAULT_INJECTION: forcing a failure. [ 50.445306][ T3611] name failslab, interval 1, probability 0, space 0, times 0 [ 50.458151][ T3611] CPU: 1 PID: 3611 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 50.468676][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.478738][ T3611] Call Trace: [ 50.482024][ T3611] [ 50.484940][ T3611] dump_stack_lvl+0xcd/0x134 [ 50.489531][ T3611] should_fail.cold+0x5/0xa ./strace-static-x86_64: Process 3616 attached [pid 3616] chdir("./1") = 0 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 3616] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 3616] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [ 50.494059][ T3611] should_failslab+0x5/0x10 [ 50.498581][ T3611] kmem_cache_alloc_trace+0x60/0x3f0 [ 50.503892][ T3611] ? pids_css_alloc+0x3d/0x150 [ 50.508680][ T3611] pids_css_alloc+0x3d/0x150 [ 50.513289][ T3611] cgroup_apply_control_enable+0x4b8/0xc00 [ 50.519118][ T3611] cgroup_subtree_control_write+0x8bb/0xd80 [ 50.525030][ T3611] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.531100][ T3611] ? lock_release+0x720/0x720 [ 50.535791][ T3611] cgroup_file_write+0x1de/0x770 [ 50.540720][ T3611] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.546785][ T3611] ? kill_css+0x370/0x370 [ 50.551128][ T3611] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 50.557397][ T3611] ? kill_css+0x370/0x370 [ 50.561746][ T3611] kernfs_fop_write_iter+0x3f8/0x610 [ 50.567071][ T3611] new_sync_write+0x38a/0x560 [ 50.571746][ T3611] ? new_sync_read+0x5f0/0x5f0 [ 50.576533][ T3611] ? lock_release+0x720/0x720 [ 50.581253][ T3611] vfs_write+0x7c0/0xac0 [ 50.585497][ T3611] ksys_write+0x127/0x250 [ 50.589832][ T3611] ? __ia32_sys_read+0xb0/0xb0 [ 50.594584][ T3611] ? lockdep_hardirqs_on+0x79/0x100 [ 50.599772][ T3611] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.604959][ T3611] ? ptrace_notify+0xfa/0x140 [ 50.609630][ T3611] do_syscall_64+0x35/0xb0 [ 50.614044][ T3611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.619951][ T3611] RIP: 0033:0x7fcc5b9caf19 [ 50.624358][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 3616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3616] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3616] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3611] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3616] <... mount resumed>) = 0 [pid 3616] open("./file0", O_RDONLY [pid 3611] close(3 [pid 3616] <... open resumed>) = 3 [pid 3611] <... close resumed>) = 0 [pid 3616] openat(3, "cgroup.subtree_control", O_RDWR [pid 3611] close(4) = 0 [pid 3616] <... openat resumed>) = 4 [pid 3611] close(5 [pid 3616] write(4, "-pids ", 6 [pid 3611] <... close resumed>) = 0 [pid 3611] close(6) = -1 EBADF (Bad file descriptor) [pid 3611] close(7) = -1 EBADF (Bad file descriptor) [pid 3611] close(8) = -1 EBADF (Bad file descriptor) [pid 3611] close(9) = -1 EBADF (Bad file descriptor) [pid 3611] close(10) = -1 EBADF (Bad file descriptor) [pid 3611] close(11) = -1 EBADF (Bad file descriptor) [pid 3611] close(12) = -1 EBADF (Bad file descriptor) [pid 3611] close(13) = -1 EBADF (Bad file descriptor) [pid 3611] close(14) = -1 EBADF (Bad file descriptor) [pid 3611] close(15) = -1 EBADF (Bad file descriptor) [pid 3611] close(16) = -1 EBADF (Bad file descriptor) [pid 3611] close(17) = -1 EBADF (Bad file descriptor) [pid 3611] close(18) = -1 EBADF (Bad file descriptor) [pid 3611] close(19) = -1 EBADF (Bad file descriptor) [pid 3611] close(20) = -1 EBADF (Bad file descriptor) [pid 3611] close(21) = -1 EBADF (Bad file descriptor) [pid 3611] close(22) = -1 EBADF (Bad file descriptor) [pid 3611] close(23) = -1 EBADF (Bad file descriptor) [pid 3611] close(24) = -1 EBADF (Bad file descriptor) [pid 3611] close(25) = -1 EBADF (Bad file descriptor) [pid 3611] close(26) = -1 EBADF (Bad file descriptor) [pid 3611] close(27) = -1 EBADF (Bad file descriptor) [pid 3611] close(28) = -1 EBADF (Bad file descriptor) [pid 3611] close(29) = -1 EBADF (Bad file descriptor) [pid 3611] exit_group(0) = ? [pid 3611] +++ exited with 0 +++ [pid 3603] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [ 50.643972][ T3611] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.652378][ T3611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 50.660347][ T3611] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 50.668319][ T3611] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 50.676299][ T3611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 50.684272][ T3611] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 50.692281][ T3611] [pid 3603] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3603] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3603] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3603] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3603] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3603] unlink("./0/binderfs") = 0 [pid 3603] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3603] unlink("./0/cgroup") = 0 [pid 3603] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3603] unlink("./0/cgroup.net") = 0 [pid 3603] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3603] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./0/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3603] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3603] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3603] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3603] getdents64(4, 0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3603] close(4) = 0 [pid 3603] rmdir("./0/file0") = 0 [pid 3603] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3603] unlink("./0/cgroup.cpu") = 0 [pid 3603] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3603] close(3) = 0 [pid 3603] rmdir("./0") = 0 [pid 3603] mkdir("./1", 0777) = 0 [ 50.735695][ T3614] FAULT_INJECTION: forcing a failure. [ 50.735695][ T3614] name failslab, interval 1, probability 0, space 0, times 0 [ 50.749114][ T3614] CPU: 1 PID: 3614 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 50.759645][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.769711][ T3614] Call Trace: [ 50.773002][ T3614] [ 50.775939][ T3614] dump_stack_lvl+0xcd/0x134 [ 50.780553][ T3614] should_fail.cold+0x5/0xa [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 3 ./strace-static-x86_64: Process 3617 attached [pid 3617] chdir("./1") = 0 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 3617] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 3617] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [ 50.785082][ T3614] should_failslab+0x5/0x10 [ 50.789600][ T3614] kmem_cache_alloc_trace+0x60/0x3f0 [ 50.794905][ T3614] ? percpu_ref_init+0xcf/0x3d0 [ 50.799781][ T3614] ? cset_cgroup_from_root+0x2a0/0x2a0 [ 50.805264][ T3614] percpu_ref_init+0xcf/0x3d0 [ 50.809956][ T3614] cgroup_apply_control_enable+0x513/0xc00 [ 50.815770][ T3614] cgroup_subtree_control_write+0x8bb/0xd80 [ 50.821668][ T3614] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.827822][ T3614] ? lock_release+0x720/0x720 [ 50.832498][ T3614] cgroup_file_write+0x1de/0x770 [ 50.837431][ T3614] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 50.843491][ T3614] ? kill_css+0x370/0x370 [ 50.847832][ T3614] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 50.854088][ T3614] ? kill_css+0x370/0x370 [ 50.858412][ T3614] kernfs_fop_write_iter+0x3f8/0x610 [ 50.863702][ T3614] new_sync_write+0x38a/0x560 [ 50.868373][ T3614] ? new_sync_read+0x5f0/0x5f0 [ 50.873132][ T3614] ? lock_release+0x720/0x720 [ 50.877822][ T3614] vfs_write+0x7c0/0xac0 [ 50.882060][ T3614] ksys_write+0x127/0x250 [ 50.886380][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 50.891136][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 50.896327][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.901518][ T3614] ? ptrace_notify+0xfa/0x140 [ 50.906195][ T3614] do_syscall_64+0x35/0xb0 [ 50.910606][ T3614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.916492][ T3614] RIP: 0033:0x7fcc5b9caf19 [ 50.920899][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.940505][ T3614] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.948934][ T3614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 50.956905][ T3614] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 50.964868][ T3614] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 50.972835][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 3617] close(3) = 0 [pid 3617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3617] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3617] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 3614] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3617] open("./file0", O_RDONLY [pid 3614] close(3 [pid 3617] <... open resumed>) = 3 [pid 3614] <... close resumed>) = 0 [pid 3614] close(4 [pid 3617] openat(3, "cgroup.subtree_control", O_RDWR [pid 3614] <... close resumed>) = 0 [pid 3617] <... openat resumed>) = 4 [pid 3614] close(5) = 0 [pid 3617] write(4, "-pids ", 6 [pid 3614] close(6) = -1 EBADF (Bad file descriptor) [pid 3614] close(7) = -1 EBADF (Bad file descriptor) [pid 3614] close(8) = -1 EBADF (Bad file descriptor) [pid 3614] close(9) = -1 EBADF (Bad file descriptor) [pid 3614] close(10) = -1 EBADF (Bad file descriptor) [pid 3614] close(11) = -1 EBADF (Bad file descriptor) [pid 3614] close(12) = -1 EBADF (Bad file descriptor) [pid 3614] close(13) = -1 EBADF (Bad file descriptor) [pid 3614] close(14) = -1 EBADF (Bad file descriptor) [pid 3614] close(15) = -1 EBADF (Bad file descriptor) [pid 3614] close(16) = -1 EBADF (Bad file descriptor) [pid 3614] close(17) = -1 EBADF (Bad file descriptor) [pid 3614] close(18) = -1 EBADF (Bad file descriptor) [pid 3614] close(19) = -1 EBADF (Bad file descriptor) [pid 3614] close(20) = -1 EBADF (Bad file descriptor) [pid 3614] close(21) = -1 EBADF (Bad file descriptor) [pid 3614] close(22) = -1 EBADF (Bad file descriptor) [pid 3614] close(23) = -1 EBADF (Bad file descriptor) [pid 3614] close(24) = -1 EBADF (Bad file descriptor) [pid 3614] close(25) = -1 EBADF (Bad file descriptor) [pid 3614] close(26) = -1 EBADF (Bad file descriptor) [pid 3614] close(27) = -1 EBADF (Bad file descriptor) [pid 3614] close(28) = -1 EBADF (Bad file descriptor) [pid 3614] close(29) = -1 EBADF (Bad file descriptor) [pid 3614] exit_group(0) = ? [pid 3614] +++ exited with 0 +++ [pid 3606] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 3606] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3606] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3606] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3606] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 50.980800][ T3614] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 50.988787][ T3614] [pid 3606] unlink("./0/binderfs") = 0 [pid 3606] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3606] unlink("./0/cgroup") = 0 [pid 3606] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3606] unlink("./0/cgroup.net") = 0 [pid 3606] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3617] <... write resumed>) = 6 [pid 3612] <... write resumed>) = 6 [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3617] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3606] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3612] <... openat resumed>) = 5 [pid 3617] <... openat resumed>) = 5 [pid 3612] write(5, "22", 2 [pid 3606] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3617] write(5, "22", 2 [pid 3612] <... write resumed>) = 2 [pid 3606] lstat("./0/file0", [pid 3617] <... write resumed>) = 2 [pid 3612] write(4, "+pids ", 6 [pid 3606] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3617] write(4, "+pids ", 6 [pid 3606] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3606] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3606] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3606] getdents64(4, 0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3606] close(4) = 0 [pid 3606] rmdir("./0/file0") = 0 [pid 3606] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3606] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3606] unlink("./0/cgroup.cpu") = 0 [pid 3606] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3606] close(3) = 0 [pid 3606] rmdir("./0") = 0 [pid 3606] mkdir("./1", 0777) = 0 [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 3 ./strace-static-x86_64: Process 3618 attached [pid 3618] chdir("./1") = 0 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 3618] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 3618] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [ 51.035482][ T3613] FAULT_INJECTION: forcing a failure. [ 51.035482][ T3613] name failslab, interval 1, probability 0, space 0, times 0 [ 51.049542][ T3613] CPU: 1 PID: 3613 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 51.060072][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.070140][ T3613] Call Trace: [ 51.073432][ T3613] [ 51.076373][ T3613] dump_stack_lvl+0xcd/0x134 [ 51.081078][ T3613] should_fail.cold+0x5/0xa [pid 3618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3618] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 51.085610][ T3613] should_failslab+0x5/0x10 [ 51.090113][ T3613] kmem_cache_alloc_trace+0x60/0x3f0 [ 51.095405][ T3613] ? percpu_ref_init+0xcf/0x3d0 [ 51.100259][ T3613] ? cset_cgroup_from_root+0x2a0/0x2a0 [ 51.105714][ T3613] percpu_ref_init+0xcf/0x3d0 [ 51.110388][ T3613] cgroup_apply_control_enable+0x513/0xc00 [ 51.116219][ T3613] cgroup_subtree_control_write+0x8bb/0xd80 [ 51.122140][ T3613] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.128223][ T3613] ? lock_release+0x720/0x720 [ 51.132905][ T3613] cgroup_file_write+0x1de/0x770 [ 51.137838][ T3613] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.144026][ T3613] ? kill_css+0x370/0x370 [ 51.148376][ T3613] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.154624][ T3613] ? kill_css+0x370/0x370 [ 51.158972][ T3613] kernfs_fop_write_iter+0x3f8/0x610 [ 51.164260][ T3613] new_sync_write+0x38a/0x560 [ 51.168968][ T3613] ? new_sync_read+0x5f0/0x5f0 [ 51.173731][ T3613] ? lock_release+0x720/0x720 [ 51.178428][ T3613] vfs_write+0x7c0/0xac0 [ 51.182683][ T3613] ksys_write+0x127/0x250 [ 51.187010][ T3613] ? __ia32_sys_read+0xb0/0xb0 [ 51.191788][ T3613] ? lockdep_hardirqs_on+0x79/0x100 [ 51.196999][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.202220][ T3613] ? ptrace_notify+0xfa/0x140 [ 51.206919][ T3613] do_syscall_64+0x35/0xb0 [ 51.211358][ T3613] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.217261][ T3613] RIP: 0033:0x7fcc5b9caf19 [ 51.221683][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.241376][ T3613] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.249811][ T3613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 51.257807][ T3613] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 51.265769][ T3613] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 51.273736][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 3618] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 3613] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3618] open("./file0", O_RDONLY [pid 3613] close(3 [pid 3618] <... open resumed>) = 3 [pid 3613] <... close resumed>) = 0 [pid 3618] openat(3, "cgroup.subtree_control", O_RDWR [pid 3613] close(4) = 0 [pid 3618] <... openat resumed>) = 4 [pid 3613] close(5) = 0 [pid 3618] write(4, "-pids ", 6 [pid 3613] close(6) = -1 EBADF (Bad file descriptor) [pid 3613] close(7) = -1 EBADF (Bad file descriptor) [pid 3613] close(8) = -1 EBADF (Bad file descriptor) [pid 3613] close(9) = -1 EBADF (Bad file descriptor) [pid 3613] close(10) = -1 EBADF (Bad file descriptor) [pid 3613] close(11) = -1 EBADF (Bad file descriptor) [pid 3613] close(12) = -1 EBADF (Bad file descriptor) [pid 3613] close(13) = -1 EBADF (Bad file descriptor) [pid 3613] close(14) = -1 EBADF (Bad file descriptor) [pid 3613] close(15) = -1 EBADF (Bad file descriptor) [pid 3613] close(16) = -1 EBADF (Bad file descriptor) [pid 3613] close(17) = -1 EBADF (Bad file descriptor) [pid 3613] close(18) = -1 EBADF (Bad file descriptor) [pid 3613] close(19) = -1 EBADF (Bad file descriptor) [pid 3613] close(20) = -1 EBADF (Bad file descriptor) [pid 3613] close(21) = -1 EBADF (Bad file descriptor) [pid 3613] close(22) = -1 EBADF (Bad file descriptor) [pid 3613] close(23 [pid 3618] <... write resumed>) = 6 [pid 3613] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3613] close(24) = -1 EBADF (Bad file descriptor) [pid 3613] close(25) = -1 EBADF (Bad file descriptor) [pid 3613] close(26) = -1 EBADF (Bad file descriptor) [pid 3613] close(27) = -1 EBADF (Bad file descriptor) [pid 3613] close(28) = -1 EBADF (Bad file descriptor) [pid 3613] close(29) = -1 EBADF (Bad file descriptor) [pid 3613] exit_group(0) = ? [pid 3613] +++ exited with 0 +++ [pid 3608] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 3608] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3608] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3608] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3608] unlink("./0/binderfs" [pid 3618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3608] <... unlink resumed>) = 0 [pid 3608] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3608] unlink("./0/cgroup") = 0 [pid 3608] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3608] unlink("./0/cgroup.net") = 0 [ 51.281735][ T3613] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 51.289710][ T3613] [ 51.315154][ T3617] FAULT_INJECTION: forcing a failure. [ 51.315154][ T3617] name failslab, interval 1, probability 0, space 0, times 0 [pid 3608] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3618] <... openat resumed>) = 5 [pid 3618] write(5, "22", 2) = 2 [ 51.328080][ T3617] CPU: 0 PID: 3617 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 51.338599][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.348668][ T3617] Call Trace: [ 51.351967][ T3617] [ 51.354898][ T3617] dump_stack_lvl+0xcd/0x134 [ 51.359513][ T3617] should_fail.cold+0x5/0xa [ 51.364040][ T3617] should_failslab+0x5/0x10 [ 51.368560][ T3617] __kmalloc_track_caller+0x79/0x320 [ 51.373863][ T3617] ? kstrdup_const+0x53/0x80 [ 51.378473][ T3617] kstrdup+0x36/0x70 [ 51.382392][ T3617] kstrdup_const+0x53/0x80 [ 51.386819][ T3617] __kernfs_new_node+0x9d/0x8b0 [ 51.391692][ T3617] ? kernfs_path_from_node+0x60/0x60 [ 51.396985][ T3617] ? pointer+0x950/0x950 [ 51.401243][ T3617] ? snprintf+0xbb/0xf0 [ 51.405430][ T3617] ? vsprintf+0x30/0x30 [ 51.409614][ T3617] kernfs_new_node+0x93/0x120 [ 51.414312][ T3617] __kernfs_create_file+0x51/0x350 [ 51.419443][ T3617] cgroup_addrm_files+0x418/0xa00 [ 51.424494][ T3617] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 51.430732][ T3617] ? cgroup_css.part.0.isra.0+0x110/0x110 [ 51.436473][ T3617] ? find_held_lock+0x2d/0x110 [ 51.441243][ T3617] ? cgroup_apply_control_enable+0x693/0xc00 [ 51.447232][ T3617] css_populate_dir+0x19b/0x450 [ 51.452083][ T3617] cgroup_apply_control_enable+0x3fd/0xc00 [ 51.457893][ T3617] cgroup_subtree_control_write+0x8bb/0xd80 [ 51.463786][ T3617] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.469848][ T3617] ? lock_release+0x720/0x720 [ 51.474523][ T3617] cgroup_file_write+0x1de/0x770 [ 51.479548][ T3617] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.485612][ T3617] ? kill_css+0x370/0x370 [ 51.489937][ T3617] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.496177][ T3617] ? kill_css+0x370/0x370 [ 51.500501][ T3617] kernfs_fop_write_iter+0x3f8/0x610 [ 51.505787][ T3617] new_sync_write+0x38a/0x560 [ 51.510470][ T3617] ? new_sync_read+0x5f0/0x5f0 [ 51.515233][ T3617] ? lock_release+0x720/0x720 [ 51.519921][ T3617] vfs_write+0x7c0/0xac0 [ 51.524161][ T3617] ksys_write+0x127/0x250 [ 51.528570][ T3617] ? __ia32_sys_read+0xb0/0xb0 [ 51.533334][ T3617] ? lockdep_hardirqs_on+0x79/0x100 [ 51.538526][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.543722][ T3617] ? ptrace_notify+0xfa/0x140 [ 51.548404][ T3617] do_syscall_64+0x35/0xb0 [ 51.552819][ T3617] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.558706][ T3617] RIP: 0033:0x7fcc5b9caf19 [ 51.563113][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 3618] write(4, "+pids ", 6 [pid 3608] <... umount2 resumed>) = 0 [pid 3608] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./0/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 51.582795][ T3617] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.591199][ T3617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 51.599166][ T3617] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 51.607124][ T3617] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 51.615089][ T3617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 51.623048][ T3617] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000001 [ 51.631026][ T3617] [pid 3608] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3608] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3608] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3617] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3608] getdents64(4, [pid 3617] close(3 [pid 3608] <... getdents64 resumed>0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3617] <... close resumed>) = 0 [pid 3608] close(4 [pid 3617] close(4 [pid 3608] <... close resumed>) = 0 [pid 3617] <... close resumed>) = 0 [pid 3608] rmdir("./0/file0" [pid 3617] close(5 [pid 3608] <... rmdir resumed>) = 0 [pid 3617] <... close resumed>) = 0 [pid 3608] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3617] close(6) = -1 EBADF (Bad file descriptor) [pid 3608] lstat("./0/cgroup.cpu", [pid 3617] close(7 [pid 3608] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3608] unlink("./0/cgroup.cpu" [pid 3617] close(8 [pid 3608] <... unlink resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3608] getdents64(3, [pid 3617] close(9 [pid 3608] <... getdents64 resumed>0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3608] close(3 [pid 3617] close(10 [pid 3608] <... close resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3608] rmdir("./0" [pid 3617] close(11 [pid 3608] <... rmdir resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3608] mkdir("./1", 0777 [pid 3617] close(12) = -1 EBADF (Bad file descriptor) [pid 3608] <... mkdir resumed>) = 0 [pid 3617] close(13 [pid 3608] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3620 attached [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3617] close(14 [pid 3608] <... clone resumed>, child_tidptr=0x555556a0e5d0) = 3 [pid 3620] chdir("./1" [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... chdir resumed>) = 0 [pid 3617] close(15 [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... prctl resumed>) = 0 [pid 3617] close(16 [pid 3620] setpgid(0, 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... setpgid resumed>) = 0 [pid 3617] close(17 [pid 3620] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... symlink resumed>) = 0 [pid 3617] close(18 [pid 3620] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... symlink resumed>) = 0 [pid 3617] close(19 [pid 3620] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... symlink resumed>) = 0 [pid 3617] close(20 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] <... openat resumed>) = 3 [pid 3620] write(3, "1000", 4 [pid 3617] close(21 [pid 3620] <... write resumed>) = 4 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] close(3 [pid 3617] close(22 [pid 3620] <... close resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] symlink("/dev/binderfs", "./binderfs" [pid 3617] close(23 [pid 3620] <... symlink resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] mkdirat(AT_FDCWD, "./file0", 000 [pid 3617] close(24 [pid 3620] <... mkdirat resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3617] close(25 [pid 3620] <... mount resumed>) = 0 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] open("./file0", O_RDONLY [pid 3617] close(26) = -1 EBADF (Bad file descriptor) [pid 3620] <... open resumed>) = 3 [pid 3617] close(27) = -1 EBADF (Bad file descriptor) [pid 3620] openat(3, "cgroup.subtree_control", O_RDWR [pid 3617] close(28 [pid 3620] <... openat resumed>) = 4 [pid 3617] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 3620] write(4, "-pids ", 6 [pid 3617] close(29) = -1 EBADF (Bad file descriptor) [pid 3617] exit_group(0) = ? [pid 3617] +++ exited with 0 +++ [pid 3603] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=34} --- [pid 3603] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3603] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3603] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3603] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3603] unlink("./1/binderfs") = 0 [pid 3603] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3603] unlink("./1/cgroup") = 0 [pid 3603] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 51.640811][ T3617] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 3603] unlink("./1/cgroup.net") = 0 [pid 3603] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3603] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./1/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3603] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3620] <... write resumed>) = 6 [pid 3603] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3603] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3603] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3603] getdents64(4, 0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3603] close(4) = 0 [pid 3603] rmdir("./1/file0") = 0 [pid 3603] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3603] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3603] unlink("./1/cgroup.cpu") = 0 [pid 3603] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3603] close(3) = 0 [pid 3603] rmdir("./1") = 0 [pid 3603] mkdir("./2", 0777) = 0 [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 4 [pid 3620] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 ./strace-static-x86_64: Process 3621 attached [pid 3620] write(5, "22", 2) = 2 [pid 3620] write(4, "+pids ", 6 [pid 3621] chdir("./2") = 0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 3621] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 3621] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3621] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 51.705344][ T3615] FAULT_INJECTION: forcing a failure. [ 51.705344][ T3615] name failslab, interval 1, probability 0, space 0, times 0 [ 51.718218][ T3615] CPU: 0 PID: 3615 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 51.728746][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.738821][ T3615] Call Trace: [ 51.742114][ T3615] [ 51.745059][ T3615] dump_stack_lvl+0xcd/0x134 [ 51.749668][ T3615] should_fail.cold+0x5/0xa [ 51.755497][ T3615] should_failslab+0x5/0x10 [ 51.760298][ T3615] kmem_cache_alloc_trace+0x60/0x3f0 [ 51.765602][ T3615] ? percpu_ref_init+0xcf/0x3d0 [ 51.770492][ T3615] ? cset_cgroup_from_root+0x2a0/0x2a0 [ 51.775964][ T3615] percpu_ref_init+0xcf/0x3d0 [ 51.780668][ T3615] cgroup_apply_control_enable+0x513/0xc00 [ 51.786596][ T3615] cgroup_subtree_control_write+0x8bb/0xd80 [ 51.792514][ T3615] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.798592][ T3615] ? lock_release+0x720/0x720 [ 51.803294][ T3615] cgroup_file_write+0x1de/0x770 [ 51.808248][ T3615] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 51.814335][ T3615] ? kill_css+0x370/0x370 [ 51.818677][ T3615] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.824923][ T3615] ? kill_css+0x370/0x370 [ 51.829265][ T3615] kernfs_fop_write_iter+0x3f8/0x610 [ 51.834573][ T3615] new_sync_write+0x38a/0x560 [ 51.839266][ T3615] ? new_sync_read+0x5f0/0x5f0 [ 51.844041][ T3615] ? lock_release+0x720/0x720 [ 51.848733][ T3615] vfs_write+0x7c0/0xac0 [ 51.853001][ T3615] ksys_write+0x127/0x250 [ 51.857342][ T3615] ? __ia32_sys_read+0xb0/0xb0 [ 51.862116][ T3615] ? lockdep_hardirqs_on+0x79/0x100 [ 51.867328][ T3615] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.872541][ T3615] ? ptrace_notify+0xfa/0x140 [ 51.877239][ T3615] do_syscall_64+0x35/0xb0 [ 51.881687][ T3615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.887595][ T3615] RIP: 0033:0x7fcc5b9caf19 [ 51.892017][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.911637][ T3615] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.920061][ T3615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 51.928027][ T3615] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 51.935992][ T3615] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 51.943988][ T3615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 3621] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 3615] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3621] <... mount resumed>) = 0 [pid 3621] open("./file0", O_RDONLY [pid 3615] close(3 [pid 3621] <... open resumed>) = 3 [pid 3615] <... close resumed>) = 0 [pid 3621] openat(3, "cgroup.subtree_control", O_RDWR [pid 3615] close(4 [pid 3621] <... openat resumed>) = 4 [pid 3621] write(4, "-pids ", 6 [pid 3615] <... close resumed>) = 0 [pid 3615] close(5) = 0 [pid 3615] close(6) = -1 EBADF (Bad file descriptor) [pid 3615] close(7) = -1 EBADF (Bad file descriptor) [pid 3615] close(8) = -1 EBADF (Bad file descriptor) [pid 3615] close(9) = -1 EBADF (Bad file descriptor) [pid 3615] close(10) = -1 EBADF (Bad file descriptor) [pid 3615] close(11) = -1 EBADF (Bad file descriptor) [pid 3615] close(12) = -1 EBADF (Bad file descriptor) [pid 3615] close(13) = -1 EBADF (Bad file descriptor) [pid 3615] close(14) = -1 EBADF (Bad file descriptor) [pid 3615] close(15) = -1 EBADF (Bad file descriptor) [pid 3615] close(16) = -1 EBADF (Bad file descriptor) [pid 3615] close(17) = -1 EBADF (Bad file descriptor) [pid 3615] close(18) = -1 EBADF (Bad file descriptor) [pid 3615] close(19) = -1 EBADF (Bad file descriptor) [pid 3615] close(20) = -1 EBADF (Bad file descriptor) [pid 3615] close(21) = -1 EBADF (Bad file descriptor) [pid 3615] close(22) = -1 EBADF (Bad file descriptor) [pid 3615] close(23) = -1 EBADF (Bad file descriptor) [pid 3615] close(24) = -1 EBADF (Bad file descriptor) [pid 3615] close(25) = -1 EBADF (Bad file descriptor) [pid 3615] close(26) = -1 EBADF (Bad file descriptor) [pid 3615] close(27) = -1 EBADF (Bad file descriptor) [pid 3615] close(28) = -1 EBADF (Bad file descriptor) [pid 3615] close(29) = -1 EBADF (Bad file descriptor) [pid 3615] exit_group(0) = ? [pid 3615] +++ exited with 0 +++ [pid 3607] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- [pid 3607] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3607] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3607] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3607] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3607] unlink("./1/binderfs") = 0 [pid 3607] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3607] unlink("./1/cgroup") = 0 [pid 3607] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3607] unlink("./1/cgroup.net") = 0 [pid 3607] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3607] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./1/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3607] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 51.951967][ T3615] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000001 [ 51.959966][ T3615] [pid 3607] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 3607] getdents64(4, 0x555556a17660 /* 2 entries */, 32768) = 48 [pid 3607] getdents64(4, 0x555556a17660 /* 0 entries */, 32768) = 0 [pid 3607] close(4) = 0 [pid 3607] rmdir("./1/file0") = 0 [pid 3607] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3607] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3607] unlink("./1/cgroup.cpu") = 0 [pid 3607] getdents64(3, 0x555556a0f620 /* 0 entries */, 32768) = 0 [pid 3607] close(3) = 0 [pid 3607] rmdir("./1") = 0 [pid 3607] mkdir("./2", 0777) = 0 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a0e5d0) = 4 ./strace-static-x86_64: Process 3622 attached [pid 3622] chdir("./2") = 0 [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [ 52.025334][ T3620] FAULT_INJECTION: forcing a failure. [ 52.025334][ T3620] name failslab, interval 1, probability 0, space 0, times 0 [ 52.038734][ T3620] CPU: 1 PID: 3620 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 52.049262][ T3620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.059328][ T3620] Call Trace: [ 52.062627][ T3620] [ 52.065562][ T3620] dump_stack_lvl+0xcd/0x134 [ 52.070156][ T3620] should_fail.cold+0x5/0xa [pid 3622] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 3622] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3622] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 52.074657][ T3620] should_failslab+0x5/0x10 [ 52.079152][ T3620] __kmalloc_track_caller+0x79/0x320 [ 52.084431][ T3620] ? kstrdup_const+0x53/0x80 [ 52.089027][ T3620] kstrdup+0x36/0x70 [ 52.092923][ T3620] kstrdup_const+0x53/0x80 [ 52.097332][ T3620] __kernfs_new_node+0x9d/0x8b0 [ 52.102187][ T3620] ? kernfs_path_from_node+0x60/0x60 [ 52.107462][ T3620] ? pointer+0x950/0x950 [ 52.111708][ T3620] ? snprintf+0xbb/0xf0 [ 52.115859][ T3620] ? vsprintf+0x30/0x30 [ 52.120013][ T3620] kernfs_new_node+0x93/0x120 [ 52.124772][ T3620] __kernfs_create_file+0x51/0x350 [ 52.129879][ T3620] cgroup_addrm_files+0x418/0xa00 [ 52.134907][ T3620] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 52.141140][ T3620] ? cgroup_css.part.0.isra.0+0x110/0x110 [ 52.146856][ T3620] ? find_held_lock+0x2d/0x110 [ 52.151616][ T3620] ? cgroup_apply_control_enable+0x693/0xc00 [ 52.157620][ T3620] css_populate_dir+0x19b/0x450 [ 52.162469][ T3620] cgroup_apply_control_enable+0x3fd/0xc00 [ 52.168297][ T3620] cgroup_subtree_control_write+0x8bb/0xd80 [ 52.174209][ T3620] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 52.180297][ T3620] ? lock_release+0x720/0x720 [ 52.184990][ T3620] cgroup_file_write+0x1de/0x770 [ 52.189931][ T3620] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 52.196000][ T3620] ? kill_css+0x370/0x370 [ 52.200337][ T3620] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.206583][ T3620] ? kill_css+0x370/0x370 [ 52.210908][ T3620] kernfs_fop_write_iter+0x3f8/0x610 [ 52.216208][ T3620] new_sync_write+0x38a/0x560 [ 52.220887][ T3620] ? new_sync_read+0x5f0/0x5f0 [ 52.225662][ T3620] ? lock_release+0x720/0x720 [ 52.230354][ T3620] vfs_write+0x7c0/0xac0 [ 52.234607][ T3620] ksys_write+0x127/0x250 [ 52.238939][ T3620] ? __ia32_sys_read+0xb0/0xb0 [ 52.243699][ T3620] ? lockdep_hardirqs_on+0x79/0x100 [ 52.248896][ T3620] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.254089][ T3620] ? ptrace_notify+0xfa/0x140 [ 52.258774][ T3620] do_syscall_64+0x35/0xb0 [ 52.263187][ T3620] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.269076][ T3620] RIP: 0033:0x7fcc5b9caf19 [ 52.273482][ T3620] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.293188][ T3620] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.301593][ T3620] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 52.309563][ T3620] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 52.317533][ T3620] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [pid 3622] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 3620] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 3620] close(3 [pid 3622] open("./file0", O_RDONLY [pid 3620] <... close resumed>) = 0 [pid 3620] close(4 [pid 3622] <... open resumed>) = 3 [pid 3620] <... close resumed>) = 0 [pid 3622] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 3622] write(4, "-pids ", 6 [pid 3620] close(5) = 0 [pid 3620] close(6) = -1 EBADF (Bad file descriptor) [pid 3620] close(7) = -1 EBADF (Bad file descriptor) [pid 3620] close(8) = -1 EBADF (Bad file descriptor) [pid 3620] close(9) = -1 EBADF (Bad file descriptor) [pid 3620] close(10) = -1 EBADF (Bad file descriptor) [pid 3620] close(11) = -1 EBADF (Bad file descriptor) [pid 3620] close(12) = -1 EBADF (Bad file descriptor) [pid 3620] close(13) = -1 EBADF (Bad file descriptor) [pid 3620] close(14) = -1 EBADF (Bad file descriptor) [pid 3620] close(15) = -1 EBADF (Bad file descriptor) [pid 3620] close(16) = -1 EBADF (Bad file descriptor) [pid 3620] close(17) = -1 EBADF (Bad file descriptor) [pid 3620] close(18) = -1 EBADF (Bad file descriptor) [pid 3620] close(19) = -1 EBADF (Bad file descriptor) [pid 3620] close(20) = -1 EBADF (Bad file descriptor) [pid 3620] close(21) = -1 EBADF (Bad file descriptor) [pid 3620] close(22) = -1 EBADF (Bad file descriptor) [pid 3620] close(23) = -1 EBADF (Bad file descriptor) [pid 3620] close(24) = -1 EBADF (Bad file descriptor) [pid 3620] close(25) = -1 EBADF (Bad file descriptor) [pid 3620] close(26) = -1 EBADF (Bad file descriptor) [pid 3620] close(27) = -1 EBADF (Bad file descriptor) [pid 3620] close(28) = -1 EBADF (Bad file descriptor) [pid 3620] close(29) = -1 EBADF (Bad file descriptor) [pid 3620] exit_group(0) = ? [pid 3620] +++ exited with 0 +++ [pid 3608] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=34} --- [pid 3608] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3608] getdents64(3, 0x555556a0f620 /* 7 entries */, 32768) = 208 [pid 3608] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3608] unlink("./1/binderfs") = 0 [pid 3608] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 3608] unlink("./1/cgroup") = 0 [pid 3608] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3608] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 3608] unlink("./1/cgroup.net") = 0 [ 52.325582][ T3620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 52.333546][ T3620] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000001 [ 52.341518][ T3620] [ 52.348398][ T3620] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 52.390914][ T3608] ------------[ cut here ]------------ [ 52.395156][ T3612] FAULT_INJECTION: forcing a failure. [ 52.395156][ T3612] name failslab, interval 1, probability 0, space 0, times 0 [ 52.396808][ T3608] WARNING: CPU: 0 PID: 3608 at fs/namespace.c:1236 mntput_no_expire+0xada/0xcd0 [ 52.410734][ T3612] CPU: 1 PID: 3612 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 52.418384][ T3608] Modules linked in: [ 52.428818][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.428834][ T3612] Call Trace: [ 52.428841][ T3612] [ 52.428850][ T3612] dump_stack_lvl+0xcd/0x134 [ 52.428884][ T3612] should_fail.cold+0x5/0xa [ 52.432765][ T3608] [ 52.432774][ T3608] CPU: 0 PID: 3608 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 52.442804][ T3612] should_failslab+0x5/0x10 [ 52.442830][ T3612] kmem_cache_alloc_trace+0x60/0x3f0 [ 52.446155][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.449007][ T3612] ? percpu_ref_init+0xcf/0x3d0 [ 52.453570][ T3608] RIP: 0010:mntput_no_expire+0xada/0xcd0 [ 52.458051][ T3612] ? cset_cgroup_from_root+0x2a0/0x2a0 [ 52.458083][ T3612] percpu_ref_init+0xcf/0x3d0 [ 52.460391][ T3608] Code: 30 84 c0 0f 84 b9 fe ff ff 3c 03 0f 8f b1 fe ff ff 4c 89 44 24 10 e8 45 50 e9 ff 4c 8b 44 24 10 e9 9d fe ff ff e8 56 bf 9d ff <0f> 0b e9 19 fd ff ff e8 4a bf 9d ff e8 b5 cf 91 07 31 ff 89 c5 89 [ 52.470861][ T3612] cgroup_apply_control_enable+0x513/0xc00 [ 52.470906][ T3612] cgroup_subtree_control_write+0x8bb/0xd80 [ 52.470938][ T3612] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 52.475442][ T3608] RSP: 0018:ffffc900030ffcf0 EFLAGS: 00010293 [ 52.480678][ T3612] ? lock_release+0x720/0x720 [ 52.490756][ T3608] [ 52.495543][ T3612] cgroup_file_write+0x1de/0x770 [ 52.495575][ T3612] ? cgroup_max_descendants_write+0x1f0/0x1f0 [ 52.501178][ T3608] RAX: 0000000000000000 RBX: 1ffff9200061ffa4 RCX: 0000000000000000 [ 52.506621][ T3612] ? kill_css+0x370/0x370 [ 52.506649][ T3612] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.506683][ T3612] ? kill_css+0x370/0x370 [ 52.511340][ T3608] RDX: ffff88807c859d80 RSI: ffffffff81db815a RDI: 0000000000000003 [ 52.530918][ T3612] kernfs_fop_write_iter+0x3f8/0x610 [ 52.530954][ T3612] new_sync_write+0x38a/0x560 [ 52.530981][ T3612] ? new_sync_read+0x5f0/0x5f0 [ 52.536782][ T3608] RBP: ffff88801bcbca80 R08: 0000000000000000 R09: ffffffff9006d90f [ 52.542636][ T3612] ? lock_release+0x720/0x720 [ 52.548725][ T3608] R10: ffffffff81db7e71 R11: 0000000000000001 R12: 0000000000000008 [ 52.554741][ T3612] vfs_write+0x7c0/0xac0 [ 52.559401][ T3608] R13: ffffc900030ffd40 R14: 00000000ffffffff R15: 0000000000000002 [ 52.561716][ T3612] ksys_write+0x127/0x250 [ 52.566686][ T3608] FS: 0000555556a0e300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 52.572669][ T3612] ? __ia32_sys_read+0xb0/0xb0 [ 52.580726][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.584932][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 52.584960][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.584986][ T3612] ? ptrace_notify+0xfa/0x140 [ 52.591202][ T3608] CR2: 0000555556a17628 CR3: 0000000071c9d000 CR4: 00000000003506f0 [ 52.595513][ T3612] do_syscall_64+0x35/0xb0 [ 52.595545][ T3612] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.603490][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.608751][ T3612] RIP: 0033:0x7fcc5b9caf19 [ 52.608774][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.608794][ T3612] RSP: 002b:00007ffcb4fe0298 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.613480][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.618218][ T3612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc5b9caf19 [ 52.618236][ T3612] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 52.618251][ T3612] RBP: 00007ffcb4fe02c0 R08: 0000000000000002 R09: 00007ffcb4fe02d0 [ 52.626268][ T3608] Call Trace: [ 52.630856][ T3612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 52.638840][ T3608] [ 52.643026][ T3612] R13: 00007ffcb4fe02e0 R14: 00007ffcb4fe0320 R15: 0000000000000000 [ 52.651028][ T3608] ? clone_private_mount+0x370/0x370 [ 52.655298][ T3612] [ 52.812330][ T3608] ? dput+0x1a3/0xdb0 [ 52.816361][ T3608] path_umount+0x7d4/0x1260 [ 52.820877][ T3608] ? __detach_mounts+0x310/0x310 [ 52.825864][ T3608] ? putname+0xfe/0x140 [ 52.830029][ T3608] __x64_sys_umount+0x159/0x180 [ 52.834937][ T3608] ? path_umount+0x1260/0x1260 [ 52.839715][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 52.845042][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.850256][ T3608] ? ptrace_notify+0xfa/0x140 [ 52.855032][ T3608] do_syscall_64+0x35/0xb0 [ 52.859469][ T3608] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.865436][ T3608] RIP: 0033:0x7fcc5b9cc2c7 [ 52.869863][ T3608] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.889537][ T3608] RSP: 002b:00007ffcb4fdf1a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 52.898043][ T3608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc5b9cc2c7 [ 52.906101][ T3608] RDX: 00007ffcb4fdf269 RSI: 000000000000000a RDI: 00007ffcb4fdf260 [ 52.914082][ T3608] RBP: 00007ffcb4fdf260 R08: 00000000ffffffff R09: 00007ffcb4fdf040 [ 52.922098][ T3608] R10: 0000555556a0f693 R11: 0000000000000202 R12: 00007ffcb4fe02e0 [ 52.930159][ T3608] R13: 0000555556a0f5f0 R14: 00007ffcb4fdf1d0 R15: 0000000000000002 [ 52.938188][ T3608] [ 52.941208][ T3608] Kernel panic - not syncing: panic_on_warn set ... [ 52.947794][ T3608] CPU: 0 PID: 3608 Comm: syz-executor314 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 [ 52.958293][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.968346][ T3608] Call Trace: [ 52.971631][ T3608] [ 52.974577][ T3608] dump_stack_lvl+0xcd/0x134 [ 52.979191][ T3608] panic+0x2d7/0x636 [ 52.983107][ T3608] ? panic_print_sys_info.part.0+0x10b/0x10b [ 52.989111][ T3608] ? __warn.cold+0x1d1/0x2c5 [ 52.993718][ T3608] ? mntput_no_expire+0xada/0xcd0 [ 52.998747][ T3608] __warn.cold+0x1e2/0x2c5 [ 53.003163][ T3608] ? mntput_no_expire+0xada/0xcd0 [ 53.008189][ T3608] report_bug+0x1bd/0x210 [ 53.012532][ T3608] handle_bug+0x3c/0x60 [ 53.016686][ T3608] exc_invalid_op+0x14/0x40 [ 53.021189][ T3608] asm_exc_invalid_op+0x12/0x20 [ 53.026037][ T3608] RIP: 0010:mntput_no_expire+0xada/0xcd0 [ 53.031671][ T3608] Code: 30 84 c0 0f 84 b9 fe ff ff 3c 03 0f 8f b1 fe ff ff 4c 89 44 24 10 e8 45 50 e9 ff 4c 8b 44 24 10 e9 9d fe ff ff e8 56 bf 9d ff <0f> 0b e9 19 fd ff ff e8 4a bf 9d ff e8 b5 cf 91 07 31 ff 89 c5 89 [ 53.051284][ T3608] RSP: 0018:ffffc900030ffcf0 EFLAGS: 00010293 [ 53.057347][ T3608] RAX: 0000000000000000 RBX: 1ffff9200061ffa4 RCX: 0000000000000000 [ 53.065305][ T3608] RDX: ffff88807c859d80 RSI: ffffffff81db815a RDI: 0000000000000003 [ 53.073264][ T3608] RBP: ffff88801bcbca80 R08: 0000000000000000 R09: ffffffff9006d90f [ 53.081223][ T3608] R10: ffffffff81db7e71 R11: 0000000000000001 R12: 0000000000000008 [ 53.089184][ T3608] R13: ffffc900030ffd40 R14: 00000000ffffffff R15: 0000000000000002 [ 53.097148][ T3608] ? mntput_no_expire+0x7f1/0xcd0 [ 53.102170][ T3608] ? mntput_no_expire+0xada/0xcd0 [ 53.107197][ T3608] ? clone_private_mount+0x370/0x370 [ 53.112478][ T3608] ? dput+0x1a3/0xdb0 [ 53.116457][ T3608] path_umount+0x7d4/0x1260 [ 53.120959][ T3608] ? __detach_mounts+0x310/0x310 [ 53.125893][ T3608] ? putname+0xfe/0x140 [ 53.130060][ T3608] __x64_sys_umount+0x159/0x180 [ 53.134921][ T3608] ? path_umount+0x1260/0x1260 [ 53.139682][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 53.144878][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.150072][ T3608] ? ptrace_notify+0xfa/0x140 [ 53.154755][ T3608] do_syscall_64+0x35/0xb0 [ 53.159170][ T3608] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.165056][ T3608] RIP: 0033:0x7fcc5b9cc2c7 [ 53.169465][ T3608] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.189064][ T3608] RSP: 002b:00007ffcb4fdf1a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 53.197470][ T3608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc5b9cc2c7 [ 53.205429][ T3608] RDX: 00007ffcb4fdf269 RSI: 000000000000000a RDI: 00007ffcb4fdf260 [ 53.213387][ T3608] RBP: 00007ffcb4fdf260 R08: 00000000ffffffff R09: 00007ffcb4fdf040 [ 53.221345][ T3608] R10: 0000555556a0f693 R11: 0000000000000202 R12: 00007ffcb4fe02e0 [ 53.229305][ T3608] R13: 0000555556a0f5f0 R14: 00007ffcb4fdf1d0 R15: 0000000000000002 [ 53.237278][ T3608] [ 53.240484][ T3608] Kernel Offset: disabled [ 53.244878][ T3608] Rebooting in 86400 seconds..