./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor971580519 <...> = -1 EBADF (Bad file descriptor) [pid 567] close(19) = -1 EBADF (Bad file descriptor) [pid 567] close(20) = -1 EBADF (Bad file descriptor) [pid 567] close(21) = -1 EBADF (Bad file descriptor) [pid 567] close(22) = -1 EBADF (Bad file descriptor) [pid 567] close(23) = -1 EBADF (Bad file descriptor) [pid 567] close(24) = -1 EBADF (Bad file descriptor) [pid 567] close(25) = -1 EBADF (Bad file descriptor) [pid 567] close(26) = -1 EBADF (Bad file descriptor) [pid 567] close(27) = -1 EBADF (Bad file descriptor) [pid 567] close(28) = -1 EBADF (Bad file descriptor) [pid 567] close(29) = -1 EBADF (Bad file descriptor) [pid 567] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 567] exit_group(0) = ? write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 567] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./25/binderfs") = 0 [pid 383] umount2("./25/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./25/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./25/cgroup") = 0 [pid 383] umount2("./25/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./25/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./25/cgroup.net") = 0 [pid 383] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./25/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./25/file0") = 0 [pid 383] umount2("./25/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./25/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./25/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./25") = 0 [pid 383] mkdir("./26", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 570 attached [pid 570] chdir("./26") = 0 [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 28 [pid 570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 570] setpgid(0, 0) = 0 [pid 570] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 570] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 570] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 570] write(3, "1000", 4) = 4 [pid 570] close(3) = 0 [pid 570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 570] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 570] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 570] open("./file0", O_RDONLY) = 3 [pid 570] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 110.169481][ T567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 110.177441][ T567] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 110.185399][ T567] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 110.193444][ T567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 110.201395][ T567] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000019 [ 110.211938][ T567] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 570] write(4, "-pids ", 6) = 6 [pid 570] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 570] write(5, "22", 2) = 2 [ 110.250931][ T566] FAULT_INJECTION: forcing a failure. [ 110.250931][ T566] name failslab, interval 1, probability 0, space 0, times 0 [ 110.263638][ T566] CPU: 0 PID: 566 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 110.275338][ T566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.285389][ T566] Call Trace: [ 110.288661][ T566] dump_stack_lvl+0x1e2/0x24b [ 110.293336][ T566] ? bfq_pos_tree_add_move+0x43e/0x43e [ 110.298866][ T566] ? selinux_kernfs_init_security+0x1a8/0x760 [ 110.304919][ T566] dump_stack+0x15/0x17 [ 110.309065][ T566] should_fail+0x3c0/0x510 [ 110.313464][ T566] ? __kernfs_new_node+0x99/0x6e0 [ 110.318474][ T566] __should_failslab+0x9f/0xe0 [ 110.323223][ T566] should_failslab+0x9/0x20 [ 110.327702][ T566] __kmalloc_track_caller+0x5f/0x350 [ 110.332971][ T566] kstrdup_const+0x55/0x90 [ 110.337400][ T566] __kernfs_new_node+0x99/0x6e0 [ 110.342236][ T566] ? is_module_text_address+0xe1/0x140 [ 110.347681][ T566] ? kernfs_new_node+0x170/0x170 [ 110.352605][ T566] ? ptr_to_hashval+0x60/0x60 [ 110.357435][ T566] ? arch_stack_walk+0xf8/0x140 [ 110.362275][ T566] ? snprintf+0xd6/0x120 [ 110.366508][ T566] kernfs_new_node+0x97/0x170 [ 110.371169][ T566] __kernfs_create_file+0x4a/0x270 [ 110.376266][ T566] cgroup_addrm_files+0xab8/0xfe0 [ 110.381279][ T566] ? ____kasan_kmalloc+0xdc/0x110 [ 110.386283][ T566] ? __kasan_kmalloc+0x9/0x10 [ 110.390958][ T566] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 110.396494][ T566] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 110.402631][ T566] ? delete_node+0x759/0x7b0 [ 110.407218][ T566] ? __kasan_check_read+0x11/0x20 [ 110.412227][ T566] ? delete_node+0x759/0x7b0 [ 110.416799][ T566] ? __kasan_check_write+0x14/0x20 [ 110.421898][ T566] ? idr_replace+0x1c4/0x230 [ 110.426484][ T566] ? idr_get_next+0x4b0/0x4b0 [ 110.431153][ T566] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 110.436162][ T566] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 110.441434][ T566] css_populate_dir+0x137/0x370 [ 110.446274][ T566] cgroup_apply_control_enable+0x8b9/0x12f0 [ 110.452144][ T566] cgroup_apply_control+0x93/0x710 [ 110.457234][ T566] ? css_next_child+0x160/0x160 [ 110.462069][ T566] ? stack_trace_save+0x12d/0x1f0 [ 110.467468][ T566] ? io_schedule+0x120/0x120 [ 110.472058][ T566] ? kernfs_fop_write_iter+0x15e/0x410 [ 110.477504][ T566] ? __kasan_check_write+0x14/0x20 [ 110.482607][ T566] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 110.487880][ T566] cgroup_subtree_control_write+0xd19/0x1310 [ 110.493838][ T566] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 110.499800][ T566] ? __kasan_check_write+0x14/0x20 [ 110.504909][ T566] ? _copy_from_iter+0x3fb/0xd60 [ 110.509835][ T566] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 110.515793][ T566] cgroup_file_write+0x28e/0x590 [ 110.520717][ T566] ? cgroup_seqfile_stop+0xc0/0xc0 [ 110.525820][ T566] ? mutex_lock+0xa6/0x110 [ 110.530237][ T566] ? mutex_trylock+0xb0/0xb0 [ 110.534838][ T566] ? __kasan_check_write+0x14/0x20 [ 110.539940][ T566] kernfs_fop_write_iter+0x2d0/0x410 [ 110.545213][ T566] ? cgroup_seqfile_stop+0xc0/0xc0 [ 110.550317][ T566] vfs_write+0xc1c/0xf40 [ 110.554541][ T566] ? __kasan_check_write+0x14/0x20 [ 110.559632][ T566] ? kernel_write+0x3c0/0x3c0 [ 110.564284][ T566] ? _raw_spin_unlock_irq+0x4e/0x70 [ 110.569460][ T566] ? ptrace_stop+0x6ff/0x9f0 [ 110.574032][ T566] ? __kasan_check_read+0x11/0x20 [ 110.579048][ T566] ? __fdget_pos+0x27e/0x310 [ 110.583616][ T566] ksys_write+0x198/0x2c0 [ 110.587923][ T566] ? do_notify_parent+0xa60/0xa60 [ 110.592934][ T566] ? __ia32_sys_read+0x90/0x90 [ 110.597681][ T566] ? __ia32_sys_open+0x270/0x270 [ 110.602596][ T566] __x64_sys_write+0x7b/0x90 [ 110.607165][ T566] do_syscall_64+0x34/0x70 [ 110.611560][ T566] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 110.617428][ T566] RIP: 0033:0x7fc8ece62c09 [ 110.621823][ T566] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 110.641403][ T566] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 570] write(4, "+pids ", 6 [pid 566] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 566] close(3) = 0 [pid 566] close(4) = 0 [pid 566] close(5) = 0 [pid 566] close(6) = -1 EBADF (Bad file descriptor) [pid 566] close(7) = -1 EBADF (Bad file descriptor) [pid 566] close(8) = -1 EBADF (Bad file descriptor) [pid 566] close(9) = -1 EBADF (Bad file descriptor) [pid 566] close(10) = -1 EBADF (Bad file descriptor) [pid 566] close(11) = -1 EBADF (Bad file descriptor) [pid 566] close(12) = -1 EBADF (Bad file descriptor) [pid 566] close(13) = -1 EBADF (Bad file descriptor) [pid 566] close(14) = -1 EBADF (Bad file descriptor) [pid 566] close(15) = -1 EBADF (Bad file descriptor) [pid 566] close(16) = -1 EBADF (Bad file descriptor) [pid 566] close(17) = -1 EBADF (Bad file descriptor) [pid 566] close(18) = -1 EBADF (Bad file descriptor) [pid 566] close(19) = -1 EBADF (Bad file descriptor) [pid 566] close(20) = -1 EBADF (Bad file descriptor) [pid 566] close(21) = -1 EBADF (Bad file descriptor) [pid 566] close(22) = -1 EBADF (Bad file descriptor) [pid 566] close(23) = -1 EBADF (Bad file descriptor) [pid 566] close(24) = -1 EBADF (Bad file descriptor) [pid 566] close(25) = -1 EBADF (Bad file descriptor) [pid 566] close(26) = -1 EBADF (Bad file descriptor) [pid 566] close(27) = -1 EBADF (Bad file descriptor) [pid 566] close(28) = -1 EBADF (Bad file descriptor) [pid 566] close(29) = -1 EBADF (Bad file descriptor) [pid 566] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 566] exit_group(0) = ? [pid 566] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./35/binderfs") = 0 [pid 382] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./35/cgroup") = 0 [pid 382] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./35/cgroup.net") = 0 [pid 382] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [ 110.649793][ T566] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 110.657743][ T566] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 110.665698][ T566] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 110.673649][ T566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 110.681607][ T566] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [ 110.691901][ T566] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 382] rmdir("./35/file0") = 0 [pid 382] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./35/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./35") = 0 [pid 382] mkdir("./36", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 571 attached [pid 571] chdir("./36" [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 38 [pid 571] <... chdir resumed>) = 0 [pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 571] setpgid(0, 0) = 0 [pid 571] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 571] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 571] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 571] write(3, "1000", 4) = 4 [pid 571] close(3) = 0 [pid 571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 571] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 110.720663][ T563] FAULT_INJECTION: forcing a failure. [ 110.720663][ T563] name failslab, interval 1, probability 0, space 0, times 0 [ 110.733480][ T563] CPU: 0 PID: 563 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 110.745092][ T563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.755152][ T563] Call Trace: [ 110.758440][ T563] dump_stack_lvl+0x1e2/0x24b [ 110.763108][ T563] ? bfq_pos_tree_add_move+0x43e/0x43e [ 110.768543][ T563] ? selinux_kernfs_init_security+0x1a8/0x760 [ 110.774601][ T563] dump_stack+0x15/0x17 [ 110.778738][ T563] should_fail+0x3c0/0x510 [ 110.783141][ T563] ? __kernfs_new_node+0x99/0x6e0 [ 110.788152][ T563] __should_failslab+0x9f/0xe0 [ 110.792902][ T563] should_failslab+0x9/0x20 [ 110.797392][ T563] __kmalloc_track_caller+0x5f/0x350 [ 110.802653][ T563] kstrdup_const+0x55/0x90 [ 110.807044][ T563] __kernfs_new_node+0x99/0x6e0 [ 110.811879][ T563] ? is_module_text_address+0xe1/0x140 [ 110.817316][ T563] ? kernfs_new_node+0x170/0x170 [ 110.822237][ T563] ? ptr_to_hashval+0x60/0x60 [ 110.826900][ T563] ? arch_stack_walk+0xf8/0x140 [ 110.831743][ T563] ? snprintf+0xd6/0x120 [ 110.835970][ T563] kernfs_new_node+0x97/0x170 [ 110.840630][ T563] __kernfs_create_file+0x4a/0x270 [ 110.845718][ T563] cgroup_addrm_files+0xab8/0xfe0 [ 110.850720][ T563] ? ____kasan_kmalloc+0xdc/0x110 [ 110.855717][ T563] ? __kasan_kmalloc+0x9/0x10 [ 110.860374][ T563] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 110.865895][ T563] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 110.872035][ T563] ? delete_node+0x759/0x7b0 [ 110.876614][ T563] ? __kasan_check_read+0x11/0x20 [ 110.881618][ T563] ? delete_node+0x759/0x7b0 [ 110.886193][ T563] ? __kasan_check_write+0x14/0x20 [ 110.891286][ T563] ? idr_replace+0x1c4/0x230 [ 110.895851][ T563] ? idr_get_next+0x4b0/0x4b0 [ 110.900510][ T563] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 110.905520][ T563] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 110.910692][ T563] css_populate_dir+0x137/0x370 [ 110.915519][ T563] cgroup_apply_control_enable+0x8b9/0x12f0 [ 110.921388][ T563] cgroup_apply_control+0x93/0x710 [ 110.926474][ T563] ? css_next_child+0x160/0x160 [ 110.931300][ T563] ? stack_trace_save+0x12d/0x1f0 [ 110.936311][ T563] ? io_schedule+0x120/0x120 [ 110.940888][ T563] ? kernfs_fop_write_iter+0x15e/0x410 [ 110.946342][ T563] ? __kasan_check_write+0x14/0x20 [ 110.951438][ T563] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 110.956699][ T563] cgroup_subtree_control_write+0xd19/0x1310 [ 110.962664][ T563] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 110.968627][ T563] ? __kasan_check_write+0x14/0x20 [ 110.973723][ T563] ? _copy_from_iter+0x3fb/0xd60 [ 110.978647][ T563] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 110.984781][ T563] cgroup_file_write+0x28e/0x590 [ 110.989700][ T563] ? cgroup_seqfile_stop+0xc0/0xc0 [ 110.994797][ T563] ? mutex_lock+0xa6/0x110 [ 110.999197][ T563] ? mutex_trylock+0xb0/0xb0 [ 111.003775][ T563] ? __kasan_check_write+0x14/0x20 [ 111.008863][ T563] kernfs_fop_write_iter+0x2d0/0x410 [ 111.014132][ T563] ? cgroup_seqfile_stop+0xc0/0xc0 [ 111.019233][ T563] vfs_write+0xc1c/0xf40 [ 111.023467][ T563] ? __kasan_check_write+0x14/0x20 [ 111.028563][ T563] ? kernel_write+0x3c0/0x3c0 [ 111.033214][ T563] ? _raw_spin_unlock_irq+0x4e/0x70 [ 111.038396][ T563] ? ptrace_stop+0x6ff/0x9f0 [ 111.042999][ T563] ? __kasan_check_read+0x11/0x20 [ 111.048001][ T563] ? __fdget_pos+0x27e/0x310 [ 111.052565][ T563] ksys_write+0x198/0x2c0 [ 111.056876][ T563] ? do_notify_parent+0xa60/0xa60 [ 111.061885][ T563] ? __ia32_sys_read+0x90/0x90 [ 111.066631][ T563] ? __ia32_sys_open+0x270/0x270 [ 111.071554][ T563] __x64_sys_write+0x7b/0x90 [ 111.076130][ T563] do_syscall_64+0x34/0x70 [ 111.080530][ T563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 111.086398][ T563] RIP: 0033:0x7fc8ece62c09 [ 111.090795][ T563] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 111.110384][ T563] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 571] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 563] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 571] open("./file0", O_RDONLY) = 3 [pid 571] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 563] close(3 [pid 571] write(4, "-pids ", 6 [pid 563] <... close resumed>) = 0 [pid 563] close(4) = 0 [pid 563] close(5) = 0 [pid 563] close(6) = -1 EBADF (Bad file descriptor) [pid 563] close(7) = -1 EBADF (Bad file descriptor) [pid 563] close(8) = -1 EBADF (Bad file descriptor) [pid 563] close(9) = -1 EBADF (Bad file descriptor) [pid 563] close(10) = -1 EBADF (Bad file descriptor) [pid 563] close(11) = -1 EBADF (Bad file descriptor) [pid 563] close(12) = -1 EBADF (Bad file descriptor) [pid 563] close(13) = -1 EBADF (Bad file descriptor) [pid 563] close(14) = -1 EBADF (Bad file descriptor) [pid 563] close(15) = -1 EBADF (Bad file descriptor) [pid 563] close(16) = -1 EBADF (Bad file descriptor) [pid 563] close(17) = -1 EBADF (Bad file descriptor) [pid 563] close(18) = -1 EBADF (Bad file descriptor) [pid 563] close(19) = -1 EBADF (Bad file descriptor) [pid 563] close(20) = -1 EBADF (Bad file descriptor) [pid 563] close(21) = -1 EBADF (Bad file descriptor) [pid 563] close(22) = -1 EBADF (Bad file descriptor) [pid 563] close(23) = -1 EBADF (Bad file descriptor) [pid 563] close(24) = -1 EBADF (Bad file descriptor) [pid 563] close(25) = -1 EBADF (Bad file descriptor) [pid 563] close(26) = -1 EBADF (Bad file descriptor) [pid 563] close(27) = -1 EBADF (Bad file descriptor) [pid 563] close(28) = -1 EBADF (Bad file descriptor) [pid 563] close(29) = -1 EBADF (Bad file descriptor) [pid 563] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 563] exit_group(0) = ? [pid 563] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./31/binderfs") = 0 [pid 375] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./31/cgroup") = 0 [pid 375] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./31/cgroup.net") = 0 [pid 375] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [ 111.118770][ T563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 111.126719][ T563] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 111.134666][ T563] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 111.142613][ T563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 111.150565][ T563] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001f [ 111.160316][ T563] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [ 111.190435][ T568] FAULT_INJECTION: forcing a failure. [ 111.190435][ T568] name failslab, interval 1, probability 0, space 0, times 0 [ 111.203484][ T568] CPU: 0 PID: 568 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 111.215103][ T568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.225141][ T568] Call Trace: [ 111.228451][ T568] dump_stack_lvl+0x1e2/0x24b [ 111.233113][ T568] ? panic+0x7d7/0x7d7 [ 111.237163][ T568] ? bfq_pos_tree_add_move+0x43e/0x43e [ 111.242617][ T568] ? find_next_bit+0xd6/0x120 [ 111.247291][ T568] ? cpumask_next+0x11/0x30 [ 111.251774][ T568] dump_stack+0x15/0x17 [ 111.255915][ T568] should_fail+0x3c0/0x510 [ 111.260311][ T568] ? percpu_ref_init+0xd0/0x330 [ 111.265155][ T568] __should_failslab+0x9f/0xe0 [ 111.269918][ T568] should_failslab+0x9/0x20 [ 111.274406][ T568] kmem_cache_alloc_trace+0x3a/0x330 [ 111.279679][ T568] percpu_ref_init+0xd0/0x330 [ 111.284356][ T568] ? cgroup_setup_root+0xea0/0xea0 [ 111.289452][ T568] cgroup_apply_control_enable+0x3a2/0x12f0 [ 111.295326][ T568] cgroup_apply_control+0x93/0x710 [ 111.300426][ T568] ? css_next_child+0x160/0x160 [ 111.305257][ T568] ? stack_trace_save+0x12d/0x1f0 [ 111.310266][ T568] ? io_schedule+0x120/0x120 [ 111.314845][ T568] ? kernfs_fop_write_iter+0x15e/0x410 [ 111.320293][ T568] ? __kasan_check_write+0x14/0x20 [ 111.325390][ T568] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 111.330659][ T568] cgroup_subtree_control_write+0xd19/0x1310 [ 111.336620][ T568] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 111.342581][ T568] ? __kasan_check_write+0x14/0x20 [ 111.347673][ T568] ? _copy_from_iter+0x3fb/0xd60 [ 111.352589][ T568] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 111.358545][ T568] cgroup_file_write+0x28e/0x590 [ 111.363468][ T568] ? cgroup_seqfile_stop+0xc0/0xc0 [ 111.368560][ T568] ? mutex_lock+0xa6/0x110 [ 111.372955][ T568] ? mutex_trylock+0xb0/0xb0 [ 111.377526][ T568] ? __kasan_check_write+0x14/0x20 [ 111.382622][ T568] kernfs_fop_write_iter+0x2d0/0x410 [ 111.387883][ T568] ? cgroup_seqfile_stop+0xc0/0xc0 [ 111.392974][ T568] vfs_write+0xc1c/0xf40 [ 111.397197][ T568] ? __kasan_check_write+0x14/0x20 [ 111.402292][ T568] ? kernel_write+0x3c0/0x3c0 [ 111.406960][ T568] ? _raw_spin_unlock_irq+0x4e/0x70 [ 111.412137][ T568] ? ptrace_stop+0x6ff/0x9f0 [ 111.416706][ T568] ? __kasan_check_read+0x11/0x20 [ 111.421718][ T568] ? __fdget_pos+0x27e/0x310 [ 111.426291][ T568] ksys_write+0x198/0x2c0 [ 111.430601][ T568] ? do_notify_parent+0xa60/0xa60 [ 111.435610][ T568] ? __ia32_sys_read+0x90/0x90 [ 111.440355][ T568] ? __ia32_sys_open+0x270/0x270 [ 111.445278][ T568] __x64_sys_write+0x7b/0x90 [ 111.449861][ T568] do_syscall_64+0x34/0x70 [ 111.454261][ T568] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 111.460141][ T568] RIP: 0033:0x7fc8ece62c09 [ 111.464545][ T568] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 375] rmdir("./31/file0") = 0 [pid 375] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 568] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 568] close(3 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 568] <... close resumed>) = 0 [pid 375] lstat("./31/cgroup.cpu", [pid 568] close(4 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 568] <... close resumed>) = 0 [pid 375] unlink("./31/cgroup.cpu") = 0 [pid 568] close(5) = 0 [pid 375] getdents64(3, [pid 568] close(6 [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] close(3 [pid 568] close(7 [pid 375] <... close resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] rmdir("./31") = 0 [pid 568] close(8) = -1 EBADF (Bad file descriptor) [pid 375] mkdir("./32", 0777) = 0 [pid 568] close(9) = -1 EBADF (Bad file descriptor) [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 568] close(10) = -1 EBADF (Bad file descriptor) [pid 568] close(11./strace-static-x86_64: Process 572 attached ) = -1 EBADF (Bad file descriptor) [pid 572] chdir("./32" [pid 568] close(12 [pid 572] <... chdir resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 34 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 568] close(13 [pid 572] <... prctl resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] setpgid(0, 0 [pid 568] close(14 [pid 572] <... setpgid resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 568] close(15 [pid 572] <... symlink resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 568] close(16 [pid 572] <... symlink resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 568] close(17 [pid 572] <... symlink resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 568] close(18 [pid 572] <... openat resumed>) = 3 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] write(3, "1000", 4 [pid 568] close(19 [pid 572] <... write resumed>) = 4 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] close(3 [pid 568] close(20 [pid 572] <... close resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] symlink("/dev/binderfs", "./binderfs" [pid 568] close(21 [pid 572] <... symlink resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] mkdirat(AT_FDCWD, "./file0", 000 [pid 568] close(22 [pid 572] <... mkdirat resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 568] close(23 [pid 572] <... mount resumed>) = 0 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] open("./file0", O_RDONLY [pid 568] close(24 [pid 572] <... open resumed>) = 3 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] openat(3, "cgroup.subtree_control", O_RDWR [pid 568] close(25 [pid 572] <... openat resumed>) = 4 [pid 568] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 572] write(4, "-pids ", 6 [pid 568] close(26) = -1 EBADF (Bad file descriptor) [pid 568] close(27) = -1 EBADF (Bad file descriptor) [pid 568] close(28) = -1 EBADF (Bad file descriptor) [pid 568] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 568] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 568] exit_group(0) = ? [pid 568] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./30/binderfs") = 0 [pid 376] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./30/cgroup") = 0 [pid 376] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./30/cgroup.net") = 0 [pid 376] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./30/file0") = 0 [pid 376] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./30/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [ 111.484137][ T568] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.492540][ T568] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 111.500496][ T568] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 111.508451][ T568] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 111.516406][ T568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 111.524362][ T568] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001e [pid 376] rmdir("./30" [pid 572] <... write resumed>) = 6 [pid 569] <... write resumed>) = 6 [pid 565] <... write resumed>) = 6 [pid 376] <... rmdir resumed>) = 0 [pid 572] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 572] write(5, "22", 2) = 2 [pid 572] write(4, "+pids ", 6 [pid 569] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 569] write(5, "22", 2) = 2 [pid 569] write(4, "+pids ", 6 [pid 565] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 565] write(5, "22", 2) = 2 [pid 565] write(4, "+pids ", 6 [pid 376] mkdir("./31", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 33 ./strace-static-x86_64: Process 573 attached [ 111.560621][ T570] FAULT_INJECTION: forcing a failure. [ 111.560621][ T570] name failslab, interval 1, probability 0, space 0, times 0 [ 111.573273][ T570] CPU: 1 PID: 570 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 111.584893][ T570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.594944][ T570] Call Trace: [ 111.598237][ T570] dump_stack_lvl+0x1e2/0x24b [ 111.602905][ T570] ? bfq_pos_tree_add_move+0x43e/0x43e [ 111.608356][ T570] ? selinux_kernfs_init_security+0x1a8/0x760 [ 111.614428][ T570] dump_stack+0x15/0x17 [ 111.618578][ T570] should_fail+0x3c0/0x510 [ 111.622983][ T570] ? __kernfs_new_node+0x99/0x6e0 [ 111.627992][ T570] __should_failslab+0x9f/0xe0 [ 111.632737][ T570] should_failslab+0x9/0x20 [ 111.637220][ T570] __kmalloc_track_caller+0x5f/0x350 [ 111.642575][ T570] kstrdup_const+0x55/0x90 [ 111.646985][ T570] __kernfs_new_node+0x99/0x6e0 [ 111.651819][ T570] ? is_module_text_address+0xe1/0x140 [ 111.657264][ T570] ? kernfs_new_node+0x170/0x170 [ 111.662192][ T570] ? ptr_to_hashval+0x60/0x60 [ 111.666845][ T570] ? arch_stack_walk+0xf8/0x140 [ 111.671679][ T570] ? snprintf+0xd6/0x120 [ 111.675910][ T570] kernfs_new_node+0x97/0x170 [ 111.680569][ T570] __kernfs_create_file+0x4a/0x270 [ 111.685667][ T570] cgroup_addrm_files+0xab8/0xfe0 [ 111.690675][ T570] ? ____kasan_kmalloc+0xdc/0x110 [ 111.695688][ T570] ? __kasan_kmalloc+0x9/0x10 [ 111.700356][ T570] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 111.705890][ T570] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 111.712044][ T570] ? delete_node+0x759/0x7b0 [ 111.716626][ T570] ? __kasan_check_read+0x11/0x20 [ 111.721626][ T570] ? delete_node+0x759/0x7b0 [ 111.726191][ T570] ? __kasan_check_write+0x14/0x20 [ 111.731290][ T570] ? idr_replace+0x1c4/0x230 [ 111.735869][ T570] ? idr_get_next+0x4b0/0x4b0 [ 111.740521][ T570] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 111.745519][ T570] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 111.750693][ T570] css_populate_dir+0x137/0x370 [ 111.755525][ T570] cgroup_apply_control_enable+0x8b9/0x12f0 [ 111.761394][ T570] cgroup_apply_control+0x93/0x710 [ 111.766493][ T570] ? css_next_child+0x160/0x160 [ 111.771333][ T570] ? stack_trace_save+0x12d/0x1f0 [ 111.776343][ T570] ? io_schedule+0x120/0x120 [ 111.780910][ T570] ? kernfs_fop_write_iter+0x15e/0x410 [ 111.786346][ T570] ? __kasan_check_write+0x14/0x20 [ 111.791442][ T570] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 111.796715][ T570] cgroup_subtree_control_write+0xd19/0x1310 [ 111.802678][ T570] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 111.808640][ T570] ? __kasan_check_write+0x14/0x20 [ 111.813735][ T570] ? _copy_from_iter+0x3fb/0xd60 [ 111.818660][ T570] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 111.824612][ T570] cgroup_file_write+0x28e/0x590 [ 111.829523][ T570] ? cgroup_seqfile_stop+0xc0/0xc0 [ 111.834615][ T570] ? mutex_lock+0xa6/0x110 [ 111.839030][ T570] ? mutex_trylock+0xb0/0xb0 [ 111.843617][ T570] ? __kasan_check_write+0x14/0x20 [ 111.848728][ T570] kernfs_fop_write_iter+0x2d0/0x410 [ 111.853997][ T570] ? cgroup_seqfile_stop+0xc0/0xc0 [ 111.859094][ T570] vfs_write+0xc1c/0xf40 [ 111.863312][ T570] ? __kasan_check_write+0x14/0x20 [ 111.868409][ T570] ? kernel_write+0x3c0/0x3c0 [ 111.873105][ T570] ? _raw_spin_unlock_irq+0x4e/0x70 [ 111.878288][ T570] ? ptrace_stop+0x6ff/0x9f0 [ 111.882853][ T570] ? __kasan_check_read+0x11/0x20 [ 111.887860][ T570] ? __fdget_pos+0x27e/0x310 [ 111.892435][ T570] ksys_write+0x198/0x2c0 [ 111.896751][ T570] ? do_notify_parent+0xa60/0xa60 [ 111.901762][ T570] ? __ia32_sys_read+0x90/0x90 [ 111.906500][ T570] ? __ia32_sys_open+0x270/0x270 [ 111.911423][ T570] __x64_sys_write+0x7b/0x90 [ 111.916004][ T570] do_syscall_64+0x34/0x70 [ 111.920407][ T570] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 111.926290][ T570] RIP: 0033:0x7fc8ece62c09 [ 111.930711][ T570] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 111.950825][ T570] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 573] chdir("./31") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 573] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 573] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 573] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 570] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 573] <... mount resumed>) = 0 [pid 570] close(3) = 0 [pid 570] close(4 [pid 573] open("./file0", O_RDONLY [pid 570] <... close resumed>) = 0 [pid 570] close(5) = 0 [pid 570] close(6) = -1 EBADF (Bad file descriptor) [pid 570] close(7) = -1 EBADF (Bad file descriptor) [pid 570] close(8) = -1 EBADF (Bad file descriptor) [pid 570] close(9) = -1 EBADF (Bad file descriptor) [pid 570] close(10) = -1 EBADF (Bad file descriptor) [pid 570] close(11) = -1 EBADF (Bad file descriptor) [pid 570] close(12) = -1 EBADF (Bad file descriptor) [pid 570] close(13) = -1 EBADF (Bad file descriptor) [pid 570] close(14) = -1 EBADF (Bad file descriptor) [pid 570] close(15) = -1 EBADF (Bad file descriptor) [pid 570] close(16) = -1 EBADF (Bad file descriptor) [pid 570] close(17) = -1 EBADF (Bad file descriptor) [pid 570] close(18) = -1 EBADF (Bad file descriptor) [pid 570] close(19) = -1 EBADF (Bad file descriptor) [pid 570] close(20) = -1 EBADF (Bad file descriptor) [pid 570] close(21) = -1 EBADF (Bad file descriptor) [pid 570] close(22) = -1 EBADF (Bad file descriptor) [pid 570] close(23) = -1 EBADF (Bad file descriptor) [pid 570] close(24) = -1 EBADF (Bad file descriptor) [pid 570] close(25) = -1 EBADF (Bad file descriptor) [pid 570] close(26) = -1 EBADF (Bad file descriptor) [pid 570] close(27) = -1 EBADF (Bad file descriptor) [pid 570] close(28) = -1 EBADF (Bad file descriptor) [pid 570] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 570] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 570] exit_group(0) = ? [pid 573] <... open resumed>) = 3 [pid 570] +++ exited with 0 +++ [pid 573] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 573] <... openat resumed>) = 4 [pid 383] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 573] write(4, "-pids ", 6 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./26/binderfs") = 0 [pid 383] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./26/cgroup") = 0 [pid 383] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./26/cgroup.net") = 0 [pid 383] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./26/file0") = 0 [pid 383] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./26/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./26") = 0 [pid 383] mkdir("./27", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 29 ./strace-static-x86_64: Process 574 attached [pid 574] chdir("./27") = 0 [pid 574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 574] setpgid(0, 0) = 0 [pid 574] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 574] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 574] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 574] write(3, "1000", 4) = 4 [pid 574] close(3) = 0 [pid 574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 574] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 574] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 574] open("./file0", O_RDONLY) = 3 [pid 574] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 111.959214][ T570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 111.967161][ T570] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 111.975111][ T570] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 111.983059][ T570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 111.991011][ T570] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001a [ 111.999768][ T570] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 574] write(4, "-pids ", 6) = 6 [pid 574] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 574] write(5, "22", 2) = 2 [ 112.040434][ T565] FAULT_INJECTION: forcing a failure. [ 112.040434][ T565] name failslab, interval 1, probability 0, space 0, times 0 [ 112.053544][ T565] CPU: 1 PID: 565 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 112.065175][ T565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.075219][ T565] Call Trace: [ 112.078487][ T565] dump_stack_lvl+0x1e2/0x24b [ 112.083143][ T565] ? bfq_pos_tree_add_move+0x43e/0x43e [ 112.088579][ T565] ? selinux_kernfs_init_security+0x1a8/0x760 [ 112.094625][ T565] dump_stack+0x15/0x17 [ 112.098758][ T565] should_fail+0x3c0/0x510 [ 112.103163][ T565] ? __kernfs_new_node+0x99/0x6e0 [ 112.108172][ T565] __should_failslab+0x9f/0xe0 [ 112.112913][ T565] should_failslab+0x9/0x20 [ 112.117393][ T565] __kmalloc_track_caller+0x5f/0x350 [ 112.122651][ T565] kstrdup_const+0x55/0x90 [ 112.127136][ T565] __kernfs_new_node+0x99/0x6e0 [ 112.131969][ T565] ? is_module_text_address+0xe1/0x140 [ 112.137399][ T565] ? kernfs_new_node+0x170/0x170 [ 112.142315][ T565] ? ptr_to_hashval+0x60/0x60 [ 112.146965][ T565] ? arch_stack_walk+0xf8/0x140 [ 112.151792][ T565] ? snprintf+0xd6/0x120 [ 112.156012][ T565] kernfs_new_node+0x97/0x170 [ 112.160667][ T565] __kernfs_create_file+0x4a/0x270 [ 112.165752][ T565] cgroup_addrm_files+0xab8/0xfe0 [ 112.170752][ T565] ? ____kasan_kmalloc+0xdc/0x110 [ 112.175755][ T565] ? __kasan_kmalloc+0x9/0x10 [ 112.180416][ T565] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 112.185934][ T565] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 112.192066][ T565] ? delete_node+0x759/0x7b0 [ 112.196631][ T565] ? __kasan_check_read+0x11/0x20 [ 112.201627][ T565] ? delete_node+0x759/0x7b0 [ 112.206192][ T565] ? __kasan_check_write+0x14/0x20 [ 112.211282][ T565] ? idr_replace+0x1c4/0x230 [ 112.215848][ T565] ? idr_get_next+0x4b0/0x4b0 [ 112.220498][ T565] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 112.225519][ T565] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 112.230705][ T565] css_populate_dir+0x137/0x370 [ 112.235535][ T565] cgroup_apply_control_enable+0x8b9/0x12f0 [ 112.241404][ T565] cgroup_apply_control+0x93/0x710 [ 112.246490][ T565] ? css_next_child+0x160/0x160 [ 112.251323][ T565] ? stack_trace_save+0x12d/0x1f0 [ 112.256336][ T565] ? io_schedule+0x120/0x120 [ 112.260921][ T565] ? kernfs_fop_write_iter+0x15e/0x410 [ 112.266381][ T565] ? __kasan_check_write+0x14/0x20 [ 112.271481][ T565] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 112.276739][ T565] cgroup_subtree_control_write+0xd19/0x1310 [ 112.282696][ T565] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 112.288652][ T565] ? __kasan_check_write+0x14/0x20 [ 112.293919][ T565] ? _copy_from_iter+0x3fb/0xd60 [ 112.298850][ T565] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 112.304818][ T565] cgroup_file_write+0x28e/0x590 [ 112.309738][ T565] ? cgroup_seqfile_stop+0xc0/0xc0 [ 112.314835][ T565] ? mutex_lock+0xa6/0x110 [ 112.319236][ T565] ? mutex_trylock+0xb0/0xb0 [ 112.323811][ T565] ? __kasan_check_write+0x14/0x20 [ 112.328899][ T565] kernfs_fop_write_iter+0x2d0/0x410 [ 112.334247][ T565] ? cgroup_seqfile_stop+0xc0/0xc0 [ 112.339342][ T565] vfs_write+0xc1c/0xf40 [ 112.343578][ T565] ? __kasan_check_write+0x14/0x20 [ 112.348677][ T565] ? kernel_write+0x3c0/0x3c0 [ 112.353332][ T565] ? _raw_spin_unlock_irq+0x4e/0x70 [ 112.358514][ T565] ? ptrace_stop+0x6ff/0x9f0 [ 112.363085][ T565] ? __kasan_check_read+0x11/0x20 [ 112.368086][ T565] ? __fdget_pos+0x27e/0x310 [ 112.372651][ T565] ksys_write+0x198/0x2c0 [ 112.376956][ T565] ? do_notify_parent+0xa60/0xa60 [ 112.381956][ T565] ? __ia32_sys_read+0x90/0x90 [ 112.386706][ T565] ? __ia32_sys_open+0x270/0x270 [ 112.391627][ T565] __x64_sys_write+0x7b/0x90 [ 112.396204][ T565] do_syscall_64+0x34/0x70 [ 112.400606][ T565] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 112.406472][ T565] RIP: 0033:0x7fc8ece62c09 [ 112.410874][ T565] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 112.430465][ T565] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 574] write(4, "+pids ", 6 [pid 565] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 565] close(3) = 0 [pid 565] close(4) = 0 [pid 565] close(5) = 0 [pid 565] close(6) = -1 EBADF (Bad file descriptor) [pid 565] close(7) = -1 EBADF (Bad file descriptor) [pid 565] close(8) = -1 EBADF (Bad file descriptor) [pid 565] close(9) = -1 EBADF (Bad file descriptor) [pid 565] close(10) = -1 EBADF (Bad file descriptor) [pid 565] close(11) = -1 EBADF (Bad file descriptor) [pid 565] close(12) = -1 EBADF (Bad file descriptor) [pid 565] close(13) = -1 EBADF (Bad file descriptor) [pid 565] close(14) = -1 EBADF (Bad file descriptor) [pid 565] close(15) = -1 EBADF (Bad file descriptor) [pid 565] close(16) = -1 EBADF (Bad file descriptor) [pid 565] close(17) = -1 EBADF (Bad file descriptor) [pid 565] close(18) = -1 EBADF (Bad file descriptor) [pid 565] close(19) = -1 EBADF (Bad file descriptor) [pid 565] close(20) = -1 EBADF (Bad file descriptor) [pid 565] close(21) = -1 EBADF (Bad file descriptor) [pid 565] close(22) = -1 EBADF (Bad file descriptor) [pid 565] close(23) = -1 EBADF (Bad file descriptor) [pid 565] close(24) = -1 EBADF (Bad file descriptor) [pid 565] close(25) = -1 EBADF (Bad file descriptor) [pid 565] close(26) = -1 EBADF (Bad file descriptor) [pid 565] close(27) = -1 EBADF (Bad file descriptor) [pid 565] close(28) = -1 EBADF (Bad file descriptor) [pid 565] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 565] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 565] exit_group(0) = ? [pid 565] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=28, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./26/binderfs") = 0 [pid 380] umount2("./26/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./26/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./26/cgroup") = 0 [pid 380] umount2("./26/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./26/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./26/cgroup.net") = 0 [pid 380] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./26/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./26/file0") = 0 [pid 380] umount2("./26/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./26/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./26/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./26") = 0 [pid 380] mkdir("./27", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 575 attached [pid 575] chdir("./27") = 0 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 29 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 575] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 575] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 575] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 575] open("./file0", O_RDONLY) = 3 [pid 575] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 112.438859][ T565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 112.446808][ T565] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 112.454760][ T565] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 112.462713][ T565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 112.470659][ T565] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001a [ 112.478978][ T565] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 575] write(4, "-pids ", 6) = 6 [pid 575] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 575] write(5, "22", 2) = 2 [ 112.530585][ T572] FAULT_INJECTION: forcing a failure. [ 112.530585][ T572] name failslab, interval 1, probability 0, space 0, times 0 [ 112.543664][ T572] CPU: 0 PID: 572 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 112.555285][ T572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.565327][ T572] Call Trace: [ 112.568608][ T572] dump_stack_lvl+0x1e2/0x24b [ 112.573269][ T572] ? bfq_pos_tree_add_move+0x43e/0x43e [ 112.578708][ T572] ? selinux_kernfs_init_security+0x1a8/0x760 [ 112.584843][ T572] dump_stack+0x15/0x17 [ 112.588981][ T572] should_fail+0x3c0/0x510 [ 112.593382][ T572] ? __kernfs_new_node+0x99/0x6e0 [ 112.598388][ T572] __should_failslab+0x9f/0xe0 [ 112.603147][ T572] should_failslab+0x9/0x20 [ 112.607640][ T572] __kmalloc_track_caller+0x5f/0x350 [ 112.612903][ T572] kstrdup_const+0x55/0x90 [ 112.617301][ T572] __kernfs_new_node+0x99/0x6e0 [ 112.622130][ T572] ? is_module_text_address+0xe1/0x140 [ 112.627563][ T572] ? kernfs_new_node+0x170/0x170 [ 112.632492][ T572] ? ptr_to_hashval+0x60/0x60 [ 112.637158][ T572] ? arch_stack_walk+0xf8/0x140 [ 112.641992][ T572] ? snprintf+0xd6/0x120 [ 112.646207][ T572] kernfs_new_node+0x97/0x170 [ 112.650858][ T572] __kernfs_create_file+0x4a/0x270 [ 112.655945][ T572] cgroup_addrm_files+0xab8/0xfe0 [ 112.660941][ T572] ? ____kasan_kmalloc+0xdc/0x110 [ 112.665937][ T572] ? __kasan_kmalloc+0x9/0x10 [ 112.670593][ T572] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 112.676118][ T572] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 112.682248][ T572] ? delete_node+0x759/0x7b0 [ 112.686813][ T572] ? __kasan_check_read+0x11/0x20 [ 112.691822][ T572] ? delete_node+0x759/0x7b0 [ 112.696393][ T572] ? __kasan_check_write+0x14/0x20 [ 112.701481][ T572] ? idr_replace+0x1c4/0x230 [ 112.706050][ T572] ? idr_get_next+0x4b0/0x4b0 [ 112.710703][ T572] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 112.715708][ T572] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 112.720891][ T572] css_populate_dir+0x137/0x370 [ 112.725722][ T572] cgroup_apply_control_enable+0x8b9/0x12f0 [ 112.731592][ T572] cgroup_apply_control+0x93/0x710 [ 112.736680][ T572] ? css_next_child+0x160/0x160 [ 112.741510][ T572] ? stack_trace_save+0x12d/0x1f0 [ 112.746518][ T572] ? io_schedule+0x120/0x120 [ 112.751090][ T572] ? kernfs_fop_write_iter+0x15e/0x410 [ 112.756523][ T572] ? __kasan_check_write+0x14/0x20 [ 112.761608][ T572] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 112.766869][ T572] cgroup_subtree_control_write+0xd19/0x1310 [ 112.772827][ T572] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 112.778784][ T572] ? __kasan_check_write+0x14/0x20 [ 112.783875][ T572] ? _copy_from_iter+0x3fb/0xd60 [ 112.788798][ T572] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 112.794758][ T572] cgroup_file_write+0x28e/0x590 [ 112.799761][ T572] ? cgroup_seqfile_stop+0xc0/0xc0 [ 112.804849][ T572] ? mutex_lock+0xa6/0x110 [ 112.809239][ T572] ? mutex_trylock+0xb0/0xb0 [ 112.813801][ T572] ? __kasan_check_write+0x14/0x20 [ 112.818889][ T572] kernfs_fop_write_iter+0x2d0/0x410 [ 112.824147][ T572] ? cgroup_seqfile_stop+0xc0/0xc0 [ 112.829236][ T572] vfs_write+0xc1c/0xf40 [ 112.833459][ T572] ? __kasan_check_write+0x14/0x20 [ 112.838546][ T572] ? kernel_write+0x3c0/0x3c0 [ 112.843197][ T572] ? _raw_spin_unlock_irq+0x4e/0x70 [ 112.848368][ T572] ? ptrace_stop+0x6ff/0x9f0 [ 112.852933][ T572] ? __kasan_check_read+0x11/0x20 [ 112.857932][ T572] ? __fdget_pos+0x27e/0x310 [ 112.862502][ T572] ksys_write+0x198/0x2c0 [ 112.866816][ T572] ? do_notify_parent+0xa60/0xa60 [ 112.871821][ T572] ? __ia32_sys_read+0x90/0x90 [ 112.876557][ T572] ? __ia32_sys_open+0x270/0x270 [ 112.881468][ T572] __x64_sys_write+0x7b/0x90 [ 112.886031][ T572] do_syscall_64+0x34/0x70 [ 112.890425][ T572] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 112.896293][ T572] RIP: 0033:0x7fc8ece62c09 [ 112.900688][ T572] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 112.920276][ T572] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 575] write(4, "+pids ", 6 [pid 572] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 572] close(3) = 0 [pid 572] close(4) = 0 [pid 572] close(5) = 0 [pid 572] close(6) = -1 EBADF (Bad file descriptor) [pid 572] close(7) = -1 EBADF (Bad file descriptor) [pid 572] close(8) = -1 EBADF (Bad file descriptor) [pid 572] close(9) = -1 EBADF (Bad file descriptor) [pid 572] close(10) = -1 EBADF (Bad file descriptor) [pid 572] close(11) = -1 EBADF (Bad file descriptor) [pid 572] close(12) = -1 EBADF (Bad file descriptor) [pid 572] close(13) = -1 EBADF (Bad file descriptor) [pid 572] close(14) = -1 EBADF (Bad file descriptor) [pid 572] close(15) = -1 EBADF (Bad file descriptor) [pid 572] close(16) = -1 EBADF (Bad file descriptor) [pid 572] close(17) = -1 EBADF (Bad file descriptor) [pid 572] close(18) = -1 EBADF (Bad file descriptor) [pid 572] close(19) = -1 EBADF (Bad file descriptor) [pid 572] close(20) = -1 EBADF (Bad file descriptor) [pid 572] close(21) = -1 EBADF (Bad file descriptor) [pid 572] close(22) = -1 EBADF (Bad file descriptor) [pid 572] close(23) = -1 EBADF (Bad file descriptor) [pid 572] close(24) = -1 EBADF (Bad file descriptor) [pid 572] close(25) = -1 EBADF (Bad file descriptor) [pid 572] close(26) = -1 EBADF (Bad file descriptor) [pid 572] close(27) = -1 EBADF (Bad file descriptor) [pid 572] close(28) = -1 EBADF (Bad file descriptor) [pid 572] close(29) = -1 EBADF (Bad file descriptor) [pid 572] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 572] exit_group(0) = ? [pid 572] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./32/binderfs") = 0 [pid 375] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./32/cgroup") = 0 [pid 375] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./32/cgroup.net") = 0 [ 112.928681][ T572] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 112.936633][ T572] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 112.944666][ T572] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 112.952611][ T572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 112.960558][ T572] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000020 [ 112.969179][ T572] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 113.009695][ T375] ------------[ cut here ]------------ [ 113.015215][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 113.024214][ T375] Modules linked in: [ 113.028108][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 113.039726][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.049804][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 113.055459][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 113.075086][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 113.081171][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 113.089139][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 113.097127][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 113.105098][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 113.113090][ T375] R13: ffff888114981a40 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 113.121064][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 113.129970][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.136562][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 113.144642][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.152629][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.160599][ T375] Call Trace: [ 113.163867][ T375] ? io_schedule+0x120/0x120 [ 113.168446][ T375] ? vfs_submount+0xb0/0xb0 [ 113.172961][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 113.178158][ T375] ? __kasan_check_write+0x14/0x20 [ 113.183282][ T375] namespace_unlock+0x448/0x4f0 [ 113.188140][ T375] ? umount_tree+0xf50/0xf50 [ 113.192758][ T375] ? __detach_mounts+0x670/0x670 [ 113.197692][ T375] ? selinux_umount+0xf0/0x130 [ 113.202475][ T375] ? security_sb_umount+0x9d/0xb0 [ 113.207486][ T375] path_umount+0xf03/0xfb0 [ 113.211964][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 113.216977][ T375] ? user_path_at_empty+0x40/0x50 [ 113.222005][ T375] __x64_sys_umount+0x122/0x170 [ 113.226865][ T375] ? path_umount+0xfb0/0xfb0 [ 113.231545][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 113.237516][ T375] do_syscall_64+0x34/0x70 [ 113.241939][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 113.247824][ T375] RIP: 0033:0x7fc8ece63fb7 [ 113.252287][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 113.271901][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 113.280321][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 113.288286][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 113.296281][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 113.304251][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 113.312235][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000021 [ 113.320233][ T375] ---[ end trace d4de1ca9cdcd1979 ]--- [ 113.325883][ T574] FAULT_INJECTION: forcing a failure. [ 113.325883][ T574] name failslab, interval 1, probability 0, space 0, times 0 [ 113.325960][ T375] ------------[ cut here ]------------ [ 113.339063][ T574] CPU: 1 PID: 574 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 113.344083][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 113.355520][ T574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.355524][ T574] Call Trace: [ 113.355538][ T574] dump_stack_lvl+0x1e2/0x24b [ 113.355555][ T574] ? bfq_pos_tree_add_move+0x43e/0x43e [ 113.364462][ T375] Modules linked in: [ 113.374493][ T574] dump_stack+0x15/0x17 [ 113.374511][ T574] should_fail+0x3c0/0x510 [ 113.377768][ T375] [ 113.382419][ T574] ? pids_css_alloc+0x4e/0x120 [ 113.382429][ T574] __should_failslab+0x9f/0xe0 [ 113.382445][ T574] should_failslab+0x9/0x20 [ 113.387878][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 113.392086][ T574] kmem_cache_alloc_trace+0x3a/0x330 [ 113.392096][ T574] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 113.392112][ T574] pids_css_alloc+0x4e/0x120 [ 113.396233][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.400620][ T574] cgroup_apply_control_enable+0x350/0x12f0 [ 113.400636][ T574] cgroup_apply_control+0x93/0x710 [ 113.402945][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 113.407677][ T574] ? css_next_child+0x160/0x160 [ 113.412419][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 113.416886][ T574] ? stack_trace_save+0x12d/0x1f0 [ 113.428480][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 113.433727][ T574] ? io_schedule+0x120/0x120 [ 113.433744][ T574] ? kernfs_fop_write_iter+0x15e/0x410 [ 113.438907][ T375] [ 113.443482][ T574] ? __kasan_check_write+0x14/0x20 [ 113.443494][ T574] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 113.443513][ T574] cgroup_subtree_control_write+0xd19/0x1310 [ 113.453554][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 113.459415][ T574] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 113.464503][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 113.470107][ T574] ? __kasan_check_write+0x14/0x20 [ 113.474937][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 113.494519][ T574] ? _copy_from_iter+0x3fb/0xd60 [ 113.494532][ T574] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 113.494550][ T574] cgroup_file_write+0x28e/0x590 [ 113.499557][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 113.505592][ T574] ? cgroup_seqfile_stop+0xc0/0xc0 [ 113.505603][ T574] ? mutex_lock+0xa6/0x110 [ 113.505619][ T574] ? mutex_trylock+0xb0/0xb0 [ 113.510183][ T375] R13: ffff888114981a40 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 113.515615][ T574] ? __kasan_check_write+0x14/0x20 [ 113.517916][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 113.522990][ T574] kernfs_fop_write_iter+0x2d0/0x410 [ 113.522999][ T574] ? cgroup_seqfile_stop+0xc0/0xc0 [ 113.523016][ T574] vfs_write+0xc1c/0xf40 [ 113.528273][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.534219][ T574] ? __kasan_check_write+0x14/0x20 [ 113.534236][ T574] ? kernel_write+0x3c0/0x3c0 [pid 375] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 574] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 574] close(3) = 0 [pid 574] close(4) = 0 [pid 574] close(5) = 0 [pid 574] close(6) = -1 EBADF (Bad file descriptor) [pid 574] close(7) = -1 EBADF (Bad file descriptor) [pid 574] close(8) = -1 EBADF (Bad file descriptor) [pid 574] close(9) = -1 EBADF (Bad file descriptor) [pid 574] close(10) = -1 EBADF (Bad file descriptor) [pid 574] close(11) = -1 EBADF (Bad file descriptor) [pid 574] close(12) = -1 EBADF (Bad file descriptor) [pid 574] close(13) = -1 EBADF (Bad file descriptor) [ 113.542192][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 113.548140][ T574] ? _raw_spin_unlock_irq+0x4e/0x70 [ 113.556213][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.561281][ T574] ? ptrace_stop+0x6ff/0x9f0 [ 113.561297][ T574] ? __kasan_check_read+0x11/0x20 [ 113.569239][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.574143][ T574] ? __fdget_pos+0x27e/0x310 [ 113.574159][ T574] ksys_write+0x198/0x2c0 [ 113.580103][ T375] Call Trace: [pid 574] close(14) = -1 EBADF (Bad file descriptor) [pid 574] close(15) = -1 EBADF (Bad file descriptor) [pid 574] close(16) = -1 EBADF (Bad file descriptor) [pid 574] close(17) = -1 EBADF (Bad file descriptor) [pid 574] close(18) = -1 EBADF (Bad file descriptor) [pid 574] close(19) = -1 EBADF (Bad file descriptor) [pid 574] close(20) = -1 EBADF (Bad file descriptor) [pid 574] close(21) = -1 EBADF (Bad file descriptor) [pid 574] close(22) = -1 EBADF (Bad file descriptor) [pid 574] close(23) = -1 EBADF (Bad file descriptor) [pid 574] close(24) = -1 EBADF (Bad file descriptor) [pid 574] close(25) = -1 EBADF (Bad file descriptor) [pid 574] close(26) = -1 EBADF (Bad file descriptor) [pid 574] close(27) = -1 EBADF (Bad file descriptor) [pid 574] close(28) = -1 EBADF (Bad file descriptor) [pid 574] close(29) = -1 EBADF (Bad file descriptor) [pid 574] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 574] exit_group(0) = ? [pid 574] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 113.585015][ T574] ? do_notify_parent+0xa60/0xa60 [ 113.585030][ T574] ? __ia32_sys_read+0x90/0x90 [ 113.592986][ T375] ? lockref_get_or_lock+0x340/0x340 [ 113.598058][ T574] ? __ia32_sys_open+0x270/0x270 [ 113.602453][ T375] ? umount_tree+0xf50/0xf50 [ 113.607008][ T574] __x64_sys_write+0x7b/0x90 [ 113.614961][ T375] ? vfs_submount+0xb0/0xb0 [ 113.620037][ T574] do_syscall_64+0x34/0x70 [ 113.628950][ T375] ? dput+0x2b6/0x320 [ 113.634195][ T574] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 113.634209][ T574] RIP: 0033:0x7fc8ece62c09 [ 113.639292][ T375] path_umount+0x1fe/0xfb0 [ 113.643502][ T574] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 113.643515][ T574] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 113.650076][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 113.655146][ T574] ORIG_RAX: 0000000000000001 [ 113.655154][ T574] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 113.655166][ T574] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 113.659823][ T375] ? user_path_at_empty+0x40/0x50 [ 113.667757][ T574] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 113.667764][ T574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 113.667777][ T574] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001b [ 113.672956][ T375] __x64_sys_umount+0x122/0x170 [ 113.852304][ T375] ? path_umount+0xfb0/0xfb0 [ 113.856884][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 113.862864][ T375] do_syscall_64+0x34/0x70 [ 113.867266][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 113.873160][ T375] RIP: 0033:0x7fc8ece63fb7 [ 113.877564][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 113.897170][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 113.905593][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [pid 383] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] getdents64(3, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, [pid 383] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, [pid 383] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] close(4 [pid 383] unlink("./27/binderfs" [pid 375] <... close resumed>) = 0 [pid 375] rmdir("./32/file0" [pid 383] <... unlink resumed>) = 0 [pid 375] <... rmdir resumed>) = 0 [pid 375] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./32/cgroup.cpu", [pid 383] lstat("./27/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./27/cgroup" [pid 375] unlink("./32/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] <... unlink resumed>) = 0 [pid 375] close(3) = 0 [pid 383] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./27/cgroup.net", [pid 375] rmdir("./32") = 0 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./27/cgroup.net" [pid 375] mkdir("./33", 0777) = 0 [pid 383] <... unlink resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 ./strace-static-x86_64: Process 576 attached [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 35 [pid 576] chdir("./33" [pid 383] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 576] <... chdir resumed>) = 0 [pid 383] lstat("./27/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] setpgid(0, 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 576] <... setpgid resumed>) = 0 [pid 383] <... openat resumed>) = 4 [pid 576] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, [pid 576] <... symlink resumed>) = 0 [pid 576] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 576] <... symlink resumed>) = 0 [pid 383] rmdir("./27/file0" [pid 576] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 383] <... rmdir resumed>) = 0 [pid 576] <... symlink resumed>) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 383] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 576] <... openat resumed>) = 3 [pid 383] lstat("./27/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 576] write(3, "1000", 4 [pid 383] unlink("./27/cgroup.cpu" [pid 576] <... write resumed>) = 4 [pid 383] <... unlink resumed>) = 0 [pid 576] close(3) = 0 [pid 383] getdents64(3, [pid 576] symlink("/dev/binderfs", "./binderfs" [pid 383] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3 [pid 576] <... symlink resumed>) = 0 [pid 383] <... close resumed>) = 0 [pid 383] rmdir("./27" [pid 576] mkdirat(AT_FDCWD, "./file0", 000 [pid 383] <... rmdir resumed>) = 0 [pid 383] mkdir("./28", 0777 [pid 576] <... mkdirat resumed>) = 0 [pid 383] <... mkdir resumed>) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 576] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 30 ./strace-static-x86_64: Process 577 attached [ 113.913569][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 113.921537][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 113.929491][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 113.937455][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000021 [ 113.945422][ T375] ---[ end trace d4de1ca9cdcd197a ]--- [pid 576] open("./file0", O_RDONLY [pid 577] chdir("./28" [pid 573] <... write resumed>) = 6 [pid 577] <... chdir resumed>) = 0 [pid 576] <... open resumed>) = 3 [pid 573] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 576] openat(3, "cgroup.subtree_control", O_RDWR [pid 573] <... openat resumed>) = 5 [pid 573] write(5, "22", 2) = 2 [pid 573] write(4, "+pids ", 6 [pid 577] <... prctl resumed>) = 0 [pid 577] setpgid(0, 0) = 0 [pid 577] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 577] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 577] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 577] write(3, "1000", 4) = 4 [pid 577] close(3) = 0 [pid 577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 577] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 113.974083][ T569] FAULT_INJECTION: forcing a failure. [ 113.974083][ T569] name failslab, interval 1, probability 0, space 0, times 0 [ 113.987169][ T569] CPU: 0 PID: 569 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 113.998789][ T569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.008822][ T569] Call Trace: [ 114.012164][ T569] dump_stack_lvl+0x1e2/0x24b [ 114.016833][ T569] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 577] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 576] <... openat resumed>) = 4 [ 114.022271][ T569] ? selinux_kernfs_init_security+0x1a8/0x760 [ 114.028317][ T569] dump_stack+0x15/0x17 [ 114.032452][ T569] should_fail+0x3c0/0x510 [ 114.036848][ T569] ? __kernfs_new_node+0x99/0x6e0 [ 114.041853][ T569] __should_failslab+0x9f/0xe0 [ 114.046594][ T569] should_failslab+0x9/0x20 [ 114.051077][ T569] __kmalloc_track_caller+0x5f/0x350 [ 114.056341][ T569] kstrdup_const+0x55/0x90 [ 114.060881][ T569] __kernfs_new_node+0x99/0x6e0 [ 114.065716][ T569] ? is_module_text_address+0xe1/0x140 [ 114.071154][ T569] ? kernfs_new_node+0x170/0x170 [ 114.076071][ T569] ? ptr_to_hashval+0x60/0x60 [ 114.080736][ T569] ? arch_stack_walk+0xf8/0x140 [ 114.085590][ T569] ? snprintf+0xd6/0x120 [ 114.089836][ T569] kernfs_new_node+0x97/0x170 [ 114.094517][ T569] __kernfs_create_file+0x4a/0x270 [ 114.099618][ T569] cgroup_addrm_files+0xab8/0xfe0 [ 114.104732][ T569] ? ____kasan_kmalloc+0xdc/0x110 [ 114.109747][ T569] ? __kasan_kmalloc+0x9/0x10 [ 114.114405][ T569] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 114.119927][ T569] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 114.126062][ T569] ? delete_node+0x759/0x7b0 [ 114.130635][ T569] ? __kasan_check_read+0x11/0x20 [ 114.135637][ T569] ? delete_node+0x759/0x7b0 [ 114.140212][ T569] ? __kasan_check_write+0x14/0x20 [ 114.145307][ T569] ? idr_replace+0x1c4/0x230 [ 114.149874][ T569] ? idr_get_next+0x4b0/0x4b0 [ 114.154529][ T569] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 114.159538][ T569] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 114.164724][ T569] css_populate_dir+0x137/0x370 [ 114.169556][ T569] cgroup_apply_control_enable+0x8b9/0x12f0 [ 114.175428][ T569] cgroup_apply_control+0x93/0x710 [ 114.180525][ T569] ? css_next_child+0x160/0x160 [ 114.185365][ T569] ? stack_trace_save+0x12d/0x1f0 [ 114.190371][ T569] ? io_schedule+0x120/0x120 [ 114.194938][ T569] ? kernfs_fop_write_iter+0x15e/0x410 [ 114.200374][ T569] ? __kasan_check_write+0x14/0x20 [ 114.205472][ T569] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 114.210748][ T569] cgroup_subtree_control_write+0xd19/0x1310 [ 114.216713][ T569] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 114.222676][ T569] ? __kasan_check_write+0x14/0x20 [ 114.227770][ T569] ? _copy_from_iter+0x3fb/0xd60 [ 114.232693][ T569] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 114.238656][ T569] cgroup_file_write+0x28e/0x590 [ 114.243576][ T569] ? cgroup_seqfile_stop+0xc0/0xc0 [ 114.248681][ T569] ? mutex_lock+0xa6/0x110 [ 114.253082][ T569] ? mutex_trylock+0xb0/0xb0 [ 114.257654][ T569] ? __kasan_check_write+0x14/0x20 [ 114.262748][ T569] kernfs_fop_write_iter+0x2d0/0x410 [ 114.268015][ T569] ? cgroup_seqfile_stop+0xc0/0xc0 [ 114.273121][ T569] vfs_write+0xc1c/0xf40 [ 114.277362][ T569] ? __kasan_check_write+0x14/0x20 [ 114.282463][ T569] ? kernel_write+0x3c0/0x3c0 [ 114.287121][ T569] ? _raw_spin_unlock_irq+0x4e/0x70 [ 114.292301][ T569] ? ptrace_stop+0x6ff/0x9f0 [ 114.296874][ T569] ? __kasan_check_read+0x11/0x20 [ 114.301882][ T569] ? __fdget_pos+0x27e/0x310 [ 114.306458][ T569] ksys_write+0x198/0x2c0 [ 114.310776][ T569] ? do_notify_parent+0xa60/0xa60 [ 114.315789][ T569] ? __ia32_sys_read+0x90/0x90 [ 114.320631][ T569] ? __ia32_sys_open+0x270/0x270 [ 114.325553][ T569] __x64_sys_write+0x7b/0x90 [ 114.330126][ T569] do_syscall_64+0x34/0x70 [ 114.334526][ T569] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 114.340398][ T569] RIP: 0033:0x7fc8ece62c09 [ 114.344796][ T569] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 114.364381][ T569] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 576] write(4, "-pids ", 6 [pid 569] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 577] <... mount resumed>) = 0 [pid 569] close(3) = 0 [pid 569] close(4) = 0 [pid 569] close(5) = 0 [pid 569] close(6) = -1 EBADF (Bad file descriptor) [pid 569] close(7) = -1 EBADF (Bad file descriptor) [pid 569] close(8) = -1 EBADF (Bad file descriptor) [pid 569] close(9) = -1 EBADF (Bad file descriptor) [pid 569] close(10) = -1 EBADF (Bad file descriptor) [pid 569] close(11) = -1 EBADF (Bad file descriptor) [pid 569] close(12) = -1 EBADF (Bad file descriptor) [pid 569] close(13) = -1 EBADF (Bad file descriptor) [pid 569] close(14) = -1 EBADF (Bad file descriptor) [pid 569] close(15) = -1 EBADF (Bad file descriptor) [pid 569] close(16) = -1 EBADF (Bad file descriptor) [pid 569] close(17) = -1 EBADF (Bad file descriptor) [pid 569] close(18) = -1 EBADF (Bad file descriptor) [pid 569] close(19) = -1 EBADF (Bad file descriptor) [pid 569] close(20) = -1 EBADF (Bad file descriptor) [pid 569] close(21) = -1 EBADF (Bad file descriptor) [pid 569] close(22) = -1 EBADF (Bad file descriptor) [pid 569] close(23) = -1 EBADF (Bad file descriptor) [pid 569] close(24) = -1 EBADF (Bad file descriptor) [pid 569] close(25) = -1 EBADF (Bad file descriptor) [pid 569] close(26) = -1 EBADF (Bad file descriptor) [pid 569] close(27) = -1 EBADF (Bad file descriptor) [pid 569] close(28) = -1 EBADF (Bad file descriptor) [pid 569] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 569] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 569] exit_group(0) = ? [pid 577] open("./file0", O_RDONLY) = 3 [pid 577] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 577] write(4, "-pids ", 6 [pid 569] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./31/binderfs") = 0 [pid 381] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./31/cgroup") = 0 [pid 381] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./31/cgroup.net") = 0 [ 114.372776][ T569] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 114.380730][ T569] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 114.388681][ T569] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 114.396637][ T569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 114.404589][ T569] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001f [ 114.414310][ T569] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 114.433411][ T381] ------------[ cut here ]------------ [ 114.438910][ T381] WARNING: CPU: 0 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 114.447850][ T381] Modules linked in: [ 114.451744][ T381] CPU: 0 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 114.463393][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.473457][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 114.479068][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 114.498688][ T381] RSP: 0018:ffffc90000b37ba0 EFLAGS: 00010293 [ 114.504785][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 114.512769][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 114.520752][ T381] RBP: ffffc90000b37c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 114.528717][ T381] R10: fffff52000166f65 R11: 1ffff92000166f64 R12: dffffc0000000000 [ 114.536715][ T381] R13: ffff888114b3ac40 R14: ffffc90000b37c00 R15: 1ffff92000166f7c [ 114.544703][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 114.553648][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.560333][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506b0 [ 114.568378][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 114.576363][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.584334][ T381] Call Trace: [ 114.587609][ T381] ? io_schedule+0x120/0x120 [ 114.592207][ T381] ? vfs_submount+0xb0/0xb0 [ 114.596699][ T381] ? shrink_dentry_list+0x4ec/0x500 [ 114.601902][ T381] ? __kasan_check_write+0x14/0x20 [ 114.606997][ T381] namespace_unlock+0x448/0x4f0 [ 114.611849][ T381] ? umount_tree+0xf50/0xf50 [ 114.616429][ T381] ? __detach_mounts+0x670/0x670 [ 114.621367][ T381] ? selinux_umount+0xf0/0x130 [ 114.626113][ T381] ? security_sb_umount+0x9d/0xb0 [ 114.631133][ T381] path_umount+0xf03/0xfb0 [ 114.635539][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 114.640566][ T381] ? user_path_at_empty+0x40/0x50 [ 114.645576][ T381] __x64_sys_umount+0x122/0x170 [ 114.650429][ T381] ? path_umount+0xfb0/0xfb0 [ 114.655004][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 114.661070][ T381] do_syscall_64+0x34/0x70 [ 114.665478][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 114.671364][ T381] RIP: 0033:0x7fc8ece63fb7 [ 114.675764][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 114.695989][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 114.704415][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 114.712386][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 114.720355][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 114.728318][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 114.736292][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000020 [ 114.744259][ T381] ---[ end trace d4de1ca9cdcd197b ]--- [ 114.749767][ T381] ------------[ cut here ]------------ [ 114.749896][ T573] FAULT_INJECTION: forcing a failure. [ 114.749896][ T573] name failslab, interval 1, probability 0, space 0, times 0 [ 114.755273][ T381] WARNING: CPU: 1 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 114.755284][ T381] Modules linked in: [ 114.767924][ T573] CPU: 0 PID: 573 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 114.776765][ T381] [ 114.780619][ T573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.780624][ T573] Call Trace: [ 114.780651][ T573] dump_stack_lvl+0x1e2/0x24b [ 114.792242][ T381] CPU: 1 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 114.794538][ T573] ? bfq_pos_tree_add_move+0x43e/0x43e [ 114.804564][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.807823][ T573] ? selinux_kernfs_init_security+0x1a8/0x760 [ 114.812476][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 114.824054][ T573] dump_stack+0x15/0x17 [ 114.824062][ T573] should_fail+0x3c0/0x510 [ 114.824078][ T573] ? __kernfs_new_node+0x99/0x6e0 [ 114.829504][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 114.829518][ T381] RSP: 0018:ffffc90000b37ca0 EFLAGS: 00010293 [ 114.839547][ T573] __should_failslab+0x9f/0xe0 [ 114.839563][ T573] should_failslab+0x9/0x20 [ 114.845596][ T381] [ 114.851200][ T573] __kmalloc_track_caller+0x5f/0x350 [ 114.851216][ T573] kstrdup_const+0x55/0x90 [ 114.855343][ T381] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065813c0 [ 114.859735][ T573] __kernfs_new_node+0x99/0x6e0 [ 114.864732][ T381] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 114.884303][ T573] ? is_module_text_address+0xe1/0x140 [ 114.884319][ T573] ? kernfs_new_node+0x170/0x170 [ 114.890359][ T381] RBP: ffffc90000b37d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 114.895088][ T573] ? ptr_to_hashval+0x60/0x60 [ 114.899556][ T381] R10: fffff52000166f85 R11: 1ffff92000166f84 R12: dffffc0000000000 [ 114.901854][ T573] ? arch_stack_walk+0xf8/0x140 [ 114.901869][ T573] ? snprintf+0xd6/0x120 [ 114.907160][ T381] R13: ffff888114b3ac40 R14: ffffc90000b37d00 R15: 1ffff92000166f9c [ 114.911542][ T573] kernfs_new_node+0x97/0x170 [ 114.911558][ T573] __kernfs_create_file+0x4a/0x270 [ 114.919508][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 114.924323][ T573] cgroup_addrm_files+0xab8/0xfe0 [ 114.924339][ T573] ? ____kasan_kmalloc+0xdc/0x110 [ 114.932287][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.937715][ T573] ? __kasan_kmalloc+0x9/0x10 [ 114.942632][ T381] CR2: 00007fc8ececd130 CR3: 000000011dddb000 CR4: 00000000003506a0 [ 114.950574][ T573] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 114.950590][ T573] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 114.955238][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 114.963178][ T573] ? delete_node+0x759/0x7b0 [ 114.963195][ T573] ? __kasan_check_read+0x11/0x20 [ 114.968012][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.972219][ T573] ? delete_node+0x759/0x7b0 [ 114.972228][ T573] ? __kasan_check_write+0x14/0x20 [ 114.972244][ T573] ? idr_replace+0x1c4/0x230 [ 114.980192][ T381] Call Trace: [ 114.984840][ T573] ? idr_get_next+0x4b0/0x4b0 [ 114.989919][ T381] ? lockref_get_or_lock+0x340/0x340 [ 114.998811][ T573] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 114.998819][ T573] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 114.998834][ T573] css_populate_dir+0x137/0x370 [ 115.003834][ T381] ? umount_tree+0xf50/0xf50 [ 115.008822][ T573] cgroup_apply_control_enable+0x8b9/0x12f0 [ 115.015383][ T381] ? vfs_submount+0xb0/0xb0 [ 115.020026][ T573] cgroup_apply_control+0x93/0x710 [ 115.027978][ T381] ? dput+0x2b6/0x320 [ 115.033480][ T573] ? css_next_child+0x160/0x160 [ 115.033495][ T573] ? stack_trace_save+0x12d/0x1f0 [ 115.039618][ T381] path_umount+0x1fe/0xfb0 [ 115.047558][ T573] ? io_schedule+0x120/0x120 [ 115.047574][ T573] ? kernfs_fop_write_iter+0x15e/0x410 [ 115.052147][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 115.057139][ T573] ? __kasan_check_write+0x14/0x20 [ 115.065090][ T381] ? user_path_at_empty+0x40/0x50 [ 115.069666][ T573] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 115.074752][ T381] __x64_sys_umount+0x122/0x170 [ 115.079308][ T573] cgroup_subtree_control_write+0xd19/0x1310 [ 115.082573][ T381] ? path_umount+0xfb0/0xfb0 [ 115.087213][ T573] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 115.092477][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 115.097465][ T573] ? __kasan_check_write+0x14/0x20 [ 115.102637][ T381] do_syscall_64+0x34/0x70 [ 115.107452][ T573] ? _copy_from_iter+0x3fb/0xd60 [ 115.112017][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.117875][ T573] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 115.122350][ T381] RIP: 0033:0x7fc8ece63fb7 [ 115.127426][ T573] cgroup_file_write+0x28e/0x590 [ 115.131384][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 115.136198][ T573] ? cgroup_seqfile_stop+0xc0/0xc0 [ 115.141194][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 115.145577][ T573] ? mutex_lock+0xa6/0x110 [ 115.150131][ T381] ORIG_RAX: 00000000000000a6 [ 115.155557][ T573] ? mutex_trylock+0xb0/0xb0 [ 115.155574][ T573] ? __kasan_check_write+0x14/0x20 [ 115.160570][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 115.165648][ T573] kernfs_fop_write_iter+0x2d0/0x410 [ 115.170644][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 115.175896][ T573] ? cgroup_seqfile_stop+0xc0/0xc0 [ 115.180718][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 115.186663][ T573] vfs_write+0xc1c/0xf40 [ 115.191227][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 115.197177][ T573] ? __kasan_check_write+0x14/0x20 [ 115.203131][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000020 [ 115.208211][ T573] ? kernel_write+0x3c0/0x3c0 [ 115.212605][ T381] ---[ end trace d4de1ca9cdcd197c ]--- [ 115.217516][ T573] ? _raw_spin_unlock_irq+0x4e/0x70 [ 115.363011][ T573] ? ptrace_stop+0x6ff/0x9f0 [ 115.367588][ T573] ? __kasan_check_read+0x11/0x20 [ 115.372592][ T573] ? __fdget_pos+0x27e/0x310 [ 115.377174][ T573] ksys_write+0x198/0x2c0 [ 115.381509][ T573] ? do_notify_parent+0xa60/0xa60 [ 115.386520][ T573] ? __ia32_sys_read+0x90/0x90 [ 115.391267][ T573] ? __ia32_sys_open+0x270/0x270 [ 115.396184][ T573] __x64_sys_write+0x7b/0x90 [ 115.400761][ T573] do_syscall_64+0x34/0x70 [ 115.405158][ T573] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.411036][ T573] RIP: 0033:0x7fc8ece62c09 [ 115.415439][ T573] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 381] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./31/file0") = 0 [pid 381] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./31/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./31") = 0 [pid 381] mkdir("./32", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 34 ./strace-static-x86_64: Process 578 attached [pid 578] chdir("./32") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 578] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 578] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 578] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 115.435033][ T573] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.443429][ T573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 115.451386][ T573] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 115.459343][ T573] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 115.467294][ T573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 115.475244][ T573] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001f [pid 578] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 573] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 578] <... mount resumed>) = 0 [pid 578] open("./file0", O_RDONLY) = 3 [pid 573] close(3 [pid 578] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 573] <... close resumed>) = 0 [pid 578] write(4, "-pids ", 6 [pid 573] close(4) = 0 [pid 573] close(5) = 0 [pid 573] close(6) = -1 EBADF (Bad file descriptor) [pid 573] close(7) = -1 EBADF (Bad file descriptor) [pid 573] close(8) = -1 EBADF (Bad file descriptor) [pid 573] close(9) = -1 EBADF (Bad file descriptor) [pid 573] close(10) = -1 EBADF (Bad file descriptor) [pid 573] close(11) = -1 EBADF (Bad file descriptor) [pid 573] close(12) = -1 EBADF (Bad file descriptor) [pid 573] close(13) = -1 EBADF (Bad file descriptor) [pid 573] close(14) = -1 EBADF (Bad file descriptor) [pid 573] close(15) = -1 EBADF (Bad file descriptor) [pid 573] close(16) = -1 EBADF (Bad file descriptor) [pid 573] close(17) = -1 EBADF (Bad file descriptor) [pid 573] close(18) = -1 EBADF (Bad file descriptor) [pid 573] close(19) = -1 EBADF (Bad file descriptor) [pid 573] close(20) = -1 EBADF (Bad file descriptor) [pid 573] close(21) = -1 EBADF (Bad file descriptor) [pid 573] close(22) = -1 EBADF (Bad file descriptor) [pid 573] close(23) = -1 EBADF (Bad file descriptor) [pid 573] close(24) = -1 EBADF (Bad file descriptor) [pid 573] close(25) = -1 EBADF (Bad file descriptor) [pid 573] close(26) = -1 EBADF (Bad file descriptor) [pid 573] close(27) = -1 EBADF (Bad file descriptor) [pid 573] close(28) = -1 EBADF (Bad file descriptor) [pid 573] close(29) = -1 EBADF (Bad file descriptor) [pid 573] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 573] exit_group(0) = ? [pid 573] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./31/binderfs") = 0 [pid 376] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./31/cgroup") = 0 [pid 376] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./31/cgroup.net") = 0 [pid 376] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./31/file0") = 0 [pid 376] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./31/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./31") = 0 [pid 376] mkdir("./32", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 579 attached [pid 579] chdir("./32" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 34 [pid 579] <... chdir resumed>) = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 [pid 579] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 579] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 579] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 579] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 579] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 579] open("./file0", O_RDONLY) = 3 [pid 579] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 115.483749][ T573] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 579] write(4, "-pids ", 6 [pid 578] <... write resumed>) = 6 [pid 576] <... write resumed>) = 6 [pid 578] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 576] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 578] <... openat resumed>) = 5 [pid 576] <... openat resumed>) = 5 [pid 578] write(5, "22", 2 [pid 576] write(5, "22", 2 [pid 578] <... write resumed>) = 2 [pid 576] <... write resumed>) = 2 [pid 578] write(4, "+pids ", 6 [ 115.530476][ T575] FAULT_INJECTION: forcing a failure. [ 115.530476][ T575] name failslab, interval 1, probability 0, space 0, times 0 [ 115.543464][ T575] CPU: 0 PID: 575 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 115.555079][ T575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.565111][ T575] Call Trace: [ 115.568389][ T575] dump_stack_lvl+0x1e2/0x24b [ 115.573066][ T575] ? panic+0x7d7/0x7d7 [ 115.577128][ T575] ? bfq_pos_tree_add_move+0x43e/0x43e [ 115.582574][ T575] ? find_next_bit+0xd6/0x120 [ 115.587226][ T575] ? cpumask_next+0x11/0x30 [ 115.591703][ T575] dump_stack+0x15/0x17 [ 115.595848][ T575] should_fail+0x3c0/0x510 [ 115.600253][ T575] ? percpu_ref_init+0xd0/0x330 [ 115.605088][ T575] __should_failslab+0x9f/0xe0 [ 115.609830][ T575] should_failslab+0x9/0x20 [ 115.614425][ T575] kmem_cache_alloc_trace+0x3a/0x330 [ 115.619690][ T575] percpu_ref_init+0xd0/0x330 [ 115.624342][ T575] ? cgroup_setup_root+0xea0/0xea0 [ 115.629439][ T575] cgroup_apply_control_enable+0x3a2/0x12f0 [ 115.635308][ T575] cgroup_apply_control+0x93/0x710 [ 115.640409][ T575] ? css_next_child+0x160/0x160 [ 115.645252][ T575] ? stack_trace_save+0x12d/0x1f0 [ 115.650267][ T575] ? io_schedule+0x120/0x120 [ 115.654849][ T575] ? kernfs_fop_write_iter+0x15e/0x410 [ 115.660301][ T575] ? __kasan_check_write+0x14/0x20 [ 115.665404][ T575] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 115.670676][ T575] cgroup_subtree_control_write+0xd19/0x1310 [ 115.676641][ T575] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 115.682608][ T575] ? __kasan_check_write+0x14/0x20 [ 115.687700][ T575] ? _copy_from_iter+0x3fb/0xd60 [ 115.692620][ T575] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 115.698579][ T575] cgroup_file_write+0x28e/0x590 [ 115.703510][ T575] ? cgroup_seqfile_stop+0xc0/0xc0 [ 115.708615][ T575] ? mutex_lock+0xa6/0x110 [ 115.713016][ T575] ? mutex_trylock+0xb0/0xb0 [ 115.717605][ T575] ? __kasan_check_write+0x14/0x20 [ 115.722692][ T575] kernfs_fop_write_iter+0x2d0/0x410 [ 115.727956][ T575] ? cgroup_seqfile_stop+0xc0/0xc0 [ 115.733066][ T575] vfs_write+0xc1c/0xf40 [ 115.737295][ T575] ? __kasan_check_write+0x14/0x20 [ 115.742393][ T575] ? kernel_write+0x3c0/0x3c0 [ 115.747071][ T575] ? _raw_spin_unlock_irq+0x4e/0x70 [ 115.752255][ T575] ? ptrace_stop+0x6ff/0x9f0 [ 115.756823][ T575] ? __kasan_check_read+0x11/0x20 [ 115.761823][ T575] ? __fdget_pos+0x27e/0x310 [ 115.766390][ T575] ksys_write+0x198/0x2c0 [ 115.770697][ T575] ? do_notify_parent+0xa60/0xa60 [ 115.775701][ T575] ? __ia32_sys_read+0x90/0x90 [ 115.780442][ T575] ? __ia32_sys_open+0x270/0x270 [ 115.785361][ T575] __x64_sys_write+0x7b/0x90 [ 115.789938][ T575] do_syscall_64+0x34/0x70 [ 115.794340][ T575] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.800214][ T575] RIP: 0033:0x7fc8ece62c09 [ 115.804608][ T575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 576] write(4, "+pids ", 6 [pid 575] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 382] kill(-38, SIGKILL [pid 575] close(3 [pid 382] <... kill resumed>) = 0 [pid 382] kill(38, SIGKILL [pid 575] <... close resumed>) = 0 [pid 382] <... kill resumed>) = 0 [pid 575] close(4) = 0 [pid 575] close(5) = 0 [pid 575] close(6) = -1 EBADF (Bad file descriptor) [pid 575] close(7) = -1 EBADF (Bad file descriptor) [pid 575] close(8) = -1 EBADF (Bad file descriptor) [pid 575] close(9) = -1 EBADF (Bad file descriptor) [pid 575] close(10) = -1 EBADF (Bad file descriptor) [pid 575] close(11) = -1 EBADF (Bad file descriptor) [pid 575] close(12) = -1 EBADF (Bad file descriptor) [pid 575] close(13) = -1 EBADF (Bad file descriptor) [pid 575] close(14) = -1 EBADF (Bad file descriptor) [pid 575] close(15) = -1 EBADF (Bad file descriptor) [pid 575] close(16) = -1 EBADF (Bad file descriptor) [pid 575] close(17) = -1 EBADF (Bad file descriptor) [pid 575] close(18) = -1 EBADF (Bad file descriptor) [pid 575] close(19) = -1 EBADF (Bad file descriptor) [pid 575] close(20) = -1 EBADF (Bad file descriptor) [pid 575] close(21) = -1 EBADF (Bad file descriptor) [pid 575] close(22) = -1 EBADF (Bad file descriptor) [pid 575] close(23) = -1 EBADF (Bad file descriptor) [pid 575] close(24) = -1 EBADF (Bad file descriptor) [pid 575] close(25) = -1 EBADF (Bad file descriptor) [pid 575] close(26) = -1 EBADF (Bad file descriptor) [pid 575] close(27) = -1 EBADF (Bad file descriptor) [pid 575] close(28) = -1 EBADF (Bad file descriptor) [pid 575] close(29) = -1 EBADF (Bad file descriptor) [pid 575] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 575] exit_group(0) = ? [pid 575] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.824191][ T575] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 115.832584][ T575] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 115.840542][ T575] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 115.848505][ T575] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 115.856472][ T575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 115.864434][ T575] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001b [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 579] <... write resumed>) = 6 [pid 579] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 579] write(5, "22", 2) = 2 [ 115.890531][ T576] FAULT_INJECTION: forcing a failure. [ 115.890531][ T576] name failslab, interval 1, probability 0, space 0, times 0 [ 115.903553][ T576] CPU: 0 PID: 576 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 115.915169][ T576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.925200][ T576] Call Trace: [ 115.928468][ T576] dump_stack_lvl+0x1e2/0x24b [ 115.933120][ T576] ? bfq_pos_tree_add_move+0x43e/0x43e [ 115.938554][ T576] ? selinux_kernfs_init_security+0x1a8/0x760 [ 115.944598][ T576] dump_stack+0x15/0x17 [ 115.948735][ T576] should_fail+0x3c0/0x510 [ 115.953132][ T576] ? __kernfs_new_node+0x99/0x6e0 [ 115.958135][ T576] __should_failslab+0x9f/0xe0 [ 115.962875][ T576] should_failslab+0x9/0x20 [ 115.967354][ T576] __kmalloc_track_caller+0x5f/0x350 [ 115.972620][ T576] kstrdup_const+0x55/0x90 [ 115.977013][ T576] __kernfs_new_node+0x99/0x6e0 [ 115.981838][ T576] ? is_module_text_address+0xe1/0x140 [ 115.987273][ T576] ? kernfs_new_node+0x170/0x170 [ 115.992201][ T576] ? ptr_to_hashval+0x60/0x60 [ 115.996859][ T576] ? arch_stack_walk+0xf8/0x140 [ 116.001692][ T576] ? snprintf+0xd6/0x120 [ 116.005924][ T576] kernfs_new_node+0x97/0x170 [ 116.010598][ T576] __kernfs_create_file+0x4a/0x270 [ 116.015695][ T576] cgroup_addrm_files+0xab8/0xfe0 [ 116.020701][ T576] ? ____kasan_kmalloc+0xdc/0x110 [ 116.025720][ T576] ? __kasan_kmalloc+0x9/0x10 [ 116.030392][ T576] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 116.035956][ T576] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 116.042091][ T576] ? delete_node+0x759/0x7b0 [ 116.046669][ T576] ? __kasan_check_read+0x11/0x20 [ 116.051679][ T576] ? delete_node+0x759/0x7b0 [ 116.056255][ T576] ? __kasan_check_write+0x14/0x20 [ 116.061392][ T576] ? idr_replace+0x1c4/0x230 [ 116.065970][ T576] ? idr_get_next+0x4b0/0x4b0 [ 116.070628][ T576] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 116.075633][ T576] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 116.080814][ T576] css_populate_dir+0x137/0x370 [ 116.085666][ T576] cgroup_apply_control_enable+0x8b9/0x12f0 [ 116.091548][ T576] cgroup_apply_control+0x93/0x710 [ 116.096644][ T576] ? css_next_child+0x160/0x160 [ 116.101473][ T576] ? stack_trace_save+0x12d/0x1f0 [ 116.106480][ T576] ? io_schedule+0x120/0x120 [ 116.111058][ T576] ? kernfs_fop_write_iter+0x15e/0x410 [ 116.116504][ T576] ? __kasan_check_write+0x14/0x20 [ 116.121603][ T576] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 116.126874][ T576] cgroup_subtree_control_write+0xd19/0x1310 [ 116.132843][ T576] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.138811][ T576] ? __kasan_check_write+0x14/0x20 [ 116.143909][ T576] ? _copy_from_iter+0x3fb/0xd60 [ 116.148916][ T576] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.154891][ T576] cgroup_file_write+0x28e/0x590 [ 116.159817][ T576] ? cgroup_seqfile_stop+0xc0/0xc0 [ 116.164909][ T576] ? mutex_lock+0xa6/0x110 [ 116.169306][ T576] ? mutex_trylock+0xb0/0xb0 [ 116.173883][ T576] ? __kasan_check_write+0x14/0x20 [ 116.178981][ T576] kernfs_fop_write_iter+0x2d0/0x410 [ 116.184253][ T576] ? cgroup_seqfile_stop+0xc0/0xc0 [ 116.189352][ T576] vfs_write+0xc1c/0xf40 [ 116.193585][ T576] ? __kasan_check_write+0x14/0x20 [ 116.198687][ T576] ? kernel_write+0x3c0/0x3c0 [ 116.203352][ T576] ? _raw_spin_unlock_irq+0x4e/0x70 [ 116.208534][ T576] ? ptrace_stop+0x6ff/0x9f0 [ 116.213107][ T576] ? __kasan_check_read+0x11/0x20 [ 116.218126][ T576] ? __fdget_pos+0x27e/0x310 [ 116.222702][ T576] ksys_write+0x198/0x2c0 [ 116.227021][ T576] ? do_notify_parent+0xa60/0xa60 [ 116.232029][ T576] ? __ia32_sys_read+0x90/0x90 [ 116.236773][ T576] ? __ia32_sys_open+0x270/0x270 [ 116.241693][ T576] __x64_sys_write+0x7b/0x90 [ 116.246264][ T576] do_syscall_64+0x34/0x70 [ 116.250663][ T576] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 116.256536][ T576] RIP: 0033:0x7fc8ece62c09 [ 116.260936][ T576] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 116.280520][ T576] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 579] write(4, "+pids ", 6 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 576] close(3 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 576] <... close resumed>) = 0 [pid 380] lstat("./27/binderfs", [pid 576] close(4 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 576] <... close resumed>) = 0 [pid 576] close(5) = 0 [pid 576] close(6 [pid 380] unlink("./27/binderfs" [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(7 [pid 380] <... unlink resumed>) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(8 [pid 380] umount2("./27/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(9) = -1 EBADF (Bad file descriptor) [pid 576] close(10) = -1 EBADF (Bad file descriptor) [pid 576] close(11) = -1 EBADF (Bad file descriptor) [pid 576] close(12) = -1 EBADF (Bad file descriptor) [pid 576] close(13) = -1 EBADF (Bad file descriptor) [pid 576] close(14 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] lstat("./27/cgroup", [pid 576] close(15 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] unlink("./27/cgroup" [pid 576] close(16 [pid 380] <... unlink resumed>) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./27/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 576] close(17 [pid 380] lstat("./27/cgroup.net", [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 576] close(18 [pid 380] unlink("./27/cgroup.net" [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(19) = -1 EBADF (Bad file descriptor) [pid 380] <... unlink resumed>) = 0 [pid 576] close(20 [pid 380] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(21) = -1 EBADF (Bad file descriptor) [pid 380] <... umount2 resumed>) = 0 [pid 576] close(22) = -1 EBADF (Bad file descriptor) [pid 576] close(23 [pid 380] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 576] close(24 [pid 380] lstat("./27/file0", [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 576] close(25 [pid 380] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(26 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 576] close(27) = -1 EBADF (Bad file descriptor) [pid 380] <... openat resumed>) = 4 [pid 576] close(28 [pid 380] fstat(4, [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(29 [pid 380] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 576] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 380] getdents64(4, [pid 576] <... write resumed>) = 89 [pid 576] exit_group(0 [pid 380] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 576] <... exit_group resumed>) = ? [pid 380] getdents64(4, [pid 576] +++ exited with 0 +++ [pid 380] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] <... close resumed>) = 0 [pid 375] restart_syscall(<... resuming interrupted clone ...> [pid 380] rmdir("./27/file0") = 0 [pid 380] umount2("./27/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./27/cgroup.cpu", [pid 375] <... restart_syscall resumed>) = 0 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./27/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] close(3 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... close resumed>) = 0 [pid 375] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] rmdir("./27" [pid 375] <... openat resumed>) = 3 [pid 380] <... rmdir resumed>) = 0 [pid 375] fstat(3, [pid 380] mkdir("./28", 0777 [pid 375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... mkdir resumed>) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./33/binderfs"./strace-static-x86_64: Process 580 attached ) = 0 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 30 [pid 375] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] chdir("./28" [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] <... chdir resumed>) = 0 [pid 375] lstat("./33/cgroup", [pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 580] <... prctl resumed>) = 0 [pid 375] unlink("./33/cgroup" [pid 580] setpgid(0, 0 [pid 375] <... unlink resumed>) = 0 [pid 580] <... setpgid resumed>) = 0 [pid 375] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] <... symlink resumed>) = 0 [pid 375] lstat("./33/cgroup.net", [pid 580] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 580] <... symlink resumed>) = 0 [pid 375] unlink("./33/cgroup.net" [pid 580] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 375] <... unlink resumed>) = 0 [pid 375] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] <... symlink resumed>) = 0 [pid 375] <... umount2 resumed>) = 0 [pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 375] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] <... openat resumed>) = 3 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] write(3, "1000", 4 [pid 375] lstat("./33/file0", [pid 580] <... write resumed>) = 4 [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 580] close(3 [pid 375] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] <... close resumed>) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] symlink("/dev/binderfs", "./binderfs" [pid 375] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 580] <... symlink resumed>) = 0 [pid 375] getdents64(4, [pid 580] mkdirat(AT_FDCWD, "./file0", 000 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 580] <... mkdirat resumed>) = 0 [pid 375] rmdir("./33/file0" [pid 580] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 375] <... rmdir resumed>) = 0 [pid 375] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] <... mount resumed>) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] open("./file0", O_RDONLY [pid 375] lstat("./33/cgroup.cpu", [pid 580] <... open resumed>) = 3 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 580] openat(3, "cgroup.subtree_control", O_RDWR [pid 375] unlink("./33/cgroup.cpu" [pid 580] <... openat resumed>) = 4 [pid 375] <... unlink resumed>) = 0 [pid 580] write(4, "-pids ", 6 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./33") = 0 [pid 375] mkdir("./34", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 581 attached , child_tidptr=0x555556fab5d0) = 36 [pid 581] chdir("./34") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 581] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 581] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [ 116.288915][ T576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 116.296871][ T576] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 116.304823][ T576] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 116.312775][ T576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 116.320741][ T576] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000021 [ 116.329368][ T576] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 581] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 580] <... write resumed>) = 6 [pid 581] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 571] <... write resumed>) = ? [pid 571] +++ killed by SIGKILL +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=38, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 382] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./36/binderfs") = 0 [pid 382] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./36/cgroup") = 0 [pid 382] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./36/cgroup.net") = 0 [pid 382] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 580] write(5, "22", 2) = 2 [pid 580] write(4, "+pids ", 6 [pid 382] <... umount2 resumed>) = 0 [pid 382] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./36/file0") = 0 [pid 382] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./36/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./36") = 0 [pid 382] mkdir("./37", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 39 ./strace-static-x86_64: Process 582 attached [pid 582] chdir("./37") = 0 [pid 582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 582] setpgid(0, 0) = 0 [pid 582] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 582] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 582] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 582] write(3, "1000", 4) = 4 [pid 582] close(3) = 0 [pid 582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 582] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 116.360606][ T578] FAULT_INJECTION: forcing a failure. [ 116.360606][ T578] name failslab, interval 1, probability 0, space 0, times 0 [ 116.373268][ T578] CPU: 0 PID: 578 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 116.384885][ T578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.394939][ T578] Call Trace: [ 116.398234][ T578] dump_stack_lvl+0x1e2/0x24b [ 116.402902][ T578] ? bfq_pos_tree_add_move+0x43e/0x43e [ 116.408343][ T578] ? selinux_kernfs_init_security+0x1a8/0x760 [ 116.414399][ T578] dump_stack+0x15/0x17 [ 116.418535][ T578] should_fail+0x3c0/0x510 [ 116.422929][ T578] ? __kernfs_new_node+0x99/0x6e0 [ 116.427931][ T578] __should_failslab+0x9f/0xe0 [ 116.432682][ T578] should_failslab+0x9/0x20 [ 116.437186][ T578] __kmalloc_track_caller+0x5f/0x350 [ 116.442459][ T578] kstrdup_const+0x55/0x90 [ 116.446854][ T578] __kernfs_new_node+0x99/0x6e0 [ 116.451690][ T578] ? is_module_text_address+0xe1/0x140 [ 116.457143][ T578] ? kernfs_new_node+0x170/0x170 [ 116.462063][ T578] ? ptr_to_hashval+0x60/0x60 [ 116.466726][ T578] ? arch_stack_walk+0xf8/0x140 [ 116.471575][ T578] ? snprintf+0xd6/0x120 [ 116.475819][ T578] kernfs_new_node+0x97/0x170 [ 116.480494][ T578] __kernfs_create_file+0x4a/0x270 [ 116.485584][ T578] cgroup_addrm_files+0xab8/0xfe0 [ 116.490593][ T578] ? ____kasan_kmalloc+0xdc/0x110 [ 116.495604][ T578] ? __kasan_kmalloc+0x9/0x10 [ 116.500259][ T578] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 116.505781][ T578] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 116.511912][ T578] ? delete_node+0x759/0x7b0 [ 116.516482][ T578] ? __kasan_check_read+0x11/0x20 [ 116.521490][ T578] ? delete_node+0x759/0x7b0 [ 116.526071][ T578] ? __kasan_check_write+0x14/0x20 [ 116.531174][ T578] ? idr_replace+0x1c4/0x230 [ 116.535741][ T578] ? idr_get_next+0x4b0/0x4b0 [ 116.540394][ T578] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 116.545404][ T578] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 116.550584][ T578] css_populate_dir+0x137/0x370 [ 116.555423][ T578] cgroup_apply_control_enable+0x8b9/0x12f0 [ 116.561315][ T578] cgroup_apply_control+0x93/0x710 [ 116.566416][ T578] ? css_next_child+0x160/0x160 [ 116.571247][ T578] ? stack_trace_save+0x12d/0x1f0 [ 116.576251][ T578] ? io_schedule+0x120/0x120 [ 116.580822][ T578] ? kernfs_fop_write_iter+0x15e/0x410 [ 116.586266][ T578] ? __kasan_check_write+0x14/0x20 [ 116.591365][ T578] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 116.596635][ T578] cgroup_subtree_control_write+0xd19/0x1310 [ 116.602610][ T578] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.608601][ T578] ? __kasan_check_write+0x14/0x20 [ 116.613699][ T578] ? _copy_from_iter+0x3fb/0xd60 [ 116.618631][ T578] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.624606][ T578] cgroup_file_write+0x28e/0x590 [ 116.629531][ T578] ? cgroup_seqfile_stop+0xc0/0xc0 [ 116.634619][ T578] ? mutex_lock+0xa6/0x110 [ 116.639013][ T578] ? mutex_trylock+0xb0/0xb0 [ 116.643595][ T578] ? __kasan_check_write+0x14/0x20 [ 116.648693][ T578] kernfs_fop_write_iter+0x2d0/0x410 [ 116.653971][ T578] ? cgroup_seqfile_stop+0xc0/0xc0 [ 116.659071][ T578] vfs_write+0xc1c/0xf40 [ 116.663290][ T578] ? __kasan_check_write+0x14/0x20 [ 116.668383][ T578] ? kernel_write+0x3c0/0x3c0 [ 116.673038][ T578] ? _raw_spin_unlock_irq+0x4e/0x70 [ 116.678231][ T578] ? ptrace_stop+0x6ff/0x9f0 [ 116.682831][ T578] ? __kasan_check_read+0x11/0x20 [ 116.687842][ T578] ? __fdget_pos+0x27e/0x310 [ 116.692415][ T578] ksys_write+0x198/0x2c0 [ 116.696722][ T578] ? do_notify_parent+0xa60/0xa60 [ 116.701733][ T578] ? __ia32_sys_read+0x90/0x90 [ 116.706493][ T578] ? __ia32_sys_open+0x270/0x270 [ 116.711417][ T578] __x64_sys_write+0x7b/0x90 [ 116.715986][ T578] do_syscall_64+0x34/0x70 [ 116.720378][ T578] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 116.726253][ T578] RIP: 0033:0x7fc8ece62c09 [ 116.730643][ T578] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 116.750227][ T578] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 582] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 578] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 582] <... mount resumed>) = 0 [pid 581] <... mount resumed>) = 0 [pid 582] open("./file0", O_RDONLY) = 3 [pid 582] openat(3, "cgroup.subtree_control", O_RDWR [pid 581] open("./file0", O_RDONLY [pid 578] close(3 [pid 582] <... openat resumed>) = 4 [pid 582] write(4, "-pids ", 6 [pid 581] <... open resumed>) = 3 [pid 578] <... close resumed>) = 0 [pid 581] openat(3, "cgroup.subtree_control", O_RDWR [pid 578] close(4 [pid 581] <... openat resumed>) = 4 [pid 581] write(4, "-pids ", 6 [pid 578] <... close resumed>) = 0 [pid 578] close(5) = 0 [pid 578] close(6) = -1 EBADF (Bad file descriptor) [pid 578] close(7) = -1 EBADF (Bad file descriptor) [pid 578] close(8) = -1 EBADF (Bad file descriptor) [pid 578] close(9) = -1 EBADF (Bad file descriptor) [pid 578] close(10) = -1 EBADF (Bad file descriptor) [pid 578] close(11) = -1 EBADF (Bad file descriptor) [pid 578] close(12) = -1 EBADF (Bad file descriptor) [pid 578] close(13) = -1 EBADF (Bad file descriptor) [pid 578] close(14) = -1 EBADF (Bad file descriptor) [pid 578] close(15) = -1 EBADF (Bad file descriptor) [pid 578] close(16) = -1 EBADF (Bad file descriptor) [pid 578] close(17) = -1 EBADF (Bad file descriptor) [pid 578] close(18) = -1 EBADF (Bad file descriptor) [pid 578] close(19) = -1 EBADF (Bad file descriptor) [pid 578] close(20) = -1 EBADF (Bad file descriptor) [pid 578] close(21) = -1 EBADF (Bad file descriptor) [pid 578] close(22) = -1 EBADF (Bad file descriptor) [pid 578] close(23) = -1 EBADF (Bad file descriptor) [pid 578] close(24) = -1 EBADF (Bad file descriptor) [pid 578] close(25) = -1 EBADF (Bad file descriptor) [pid 578] close(26) = -1 EBADF (Bad file descriptor) [pid 578] close(27) = -1 EBADF (Bad file descriptor) [pid 578] close(28) = -1 EBADF (Bad file descriptor) [pid 578] close(29) = -1 EBADF (Bad file descriptor) [pid 578] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [ 116.758624][ T578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 116.766573][ T578] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 116.774527][ T578] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 116.782476][ T578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 116.790431][ T578] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000020 [ 116.798570][ T578] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 578] exit_group(0) = ? [pid 578] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./32/binderfs") = 0 [pid 381] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./32/cgroup") = 0 [pid 381] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./32/cgroup.net") = 0 [ 116.820441][ T579] FAULT_INJECTION: forcing a failure. [ 116.820441][ T579] name failslab, interval 1, probability 0, space 0, times 0 [ 116.833821][ T579] CPU: 1 PID: 579 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 116.845442][ T579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.855489][ T579] Call Trace: [ 116.858767][ T579] dump_stack_lvl+0x1e2/0x24b [ 116.863427][ T579] ? panic+0x7d7/0x7d7 [ 116.867476][ T579] ? bfq_pos_tree_add_move+0x43e/0x43e [ 116.872924][ T579] ? find_next_bit+0xd6/0x120 [ 116.877588][ T579] ? cpumask_next+0x11/0x30 [ 116.882070][ T579] dump_stack+0x15/0x17 [ 116.886204][ T579] should_fail+0x3c0/0x510 [ 116.890601][ T579] ? percpu_ref_init+0xd0/0x330 [ 116.895428][ T579] __should_failslab+0x9f/0xe0 [ 116.900167][ T579] should_failslab+0x9/0x20 [ 116.904658][ T579] kmem_cache_alloc_trace+0x3a/0x330 [ 116.909920][ T579] percpu_ref_init+0xd0/0x330 [ 116.914572][ T579] ? cgroup_setup_root+0xea0/0xea0 [ 116.919659][ T579] cgroup_apply_control_enable+0x3a2/0x12f0 [ 116.925533][ T579] cgroup_apply_control+0x93/0x710 [ 116.930625][ T579] ? css_next_child+0x160/0x160 [ 116.935467][ T579] ? stack_trace_save+0x12d/0x1f0 [ 116.940468][ T579] ? io_schedule+0x120/0x120 [ 116.945044][ T579] ? kernfs_fop_write_iter+0x15e/0x410 [ 116.950486][ T579] ? __kasan_check_write+0x14/0x20 [ 116.955574][ T579] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 116.960835][ T579] cgroup_subtree_control_write+0xd19/0x1310 [ 116.966789][ T579] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.972747][ T579] ? __kasan_check_write+0x14/0x20 [ 116.977834][ T579] ? _copy_from_iter+0x3fb/0xd60 [ 116.982747][ T579] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 116.988703][ T579] cgroup_file_write+0x28e/0x590 [ 116.993622][ T579] ? cgroup_seqfile_stop+0xc0/0xc0 [ 116.998706][ T579] ? mutex_lock+0xa6/0x110 [ 117.003534][ T579] ? mutex_trylock+0xb0/0xb0 [ 117.008106][ T579] ? __kasan_check_write+0x14/0x20 [ 117.013200][ T579] kernfs_fop_write_iter+0x2d0/0x410 [ 117.018473][ T579] ? cgroup_seqfile_stop+0xc0/0xc0 [ 117.023578][ T579] vfs_write+0xc1c/0xf40 [ 117.027804][ T579] ? __kasan_check_write+0x14/0x20 [ 117.032893][ T579] ? kernel_write+0x3c0/0x3c0 [ 117.037546][ T579] ? _raw_spin_unlock_irq+0x4e/0x70 [ 117.042719][ T579] ? ptrace_stop+0x6ff/0x9f0 [ 117.047285][ T579] ? __kasan_check_read+0x11/0x20 [ 117.052282][ T579] ? __fdget_pos+0x27e/0x310 [ 117.056852][ T579] ksys_write+0x198/0x2c0 [ 117.061161][ T579] ? do_notify_parent+0xa60/0xa60 [ 117.066168][ T579] ? __ia32_sys_read+0x90/0x90 [ 117.070916][ T579] ? __ia32_sys_open+0x270/0x270 [ 117.075834][ T579] __x64_sys_write+0x7b/0x90 [ 117.080409][ T579] do_syscall_64+0x34/0x70 [ 117.084813][ T579] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 117.090684][ T579] RIP: 0033:0x7fc8ece62c09 [ 117.095089][ T579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 381] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./32/file0") = 0 [pid 381] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./32/cgroup.cpu", [pid 579] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./32/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./32") = 0 [pid 381] mkdir("./33", 0777 [pid 579] close(3 [pid 381] <... mkdir resumed>) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 583 attached [pid 579] <... close resumed>) = 0 [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 35 [pid 583] chdir("./33" [pid 579] close(4 [pid 583] <... chdir resumed>) = 0 [pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 583] setpgid(0, 0) = 0 [pid 583] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 579] <... close resumed>) = 0 [pid 583] <... symlink resumed>) = 0 [pid 579] close(5 [pid 583] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 579] <... close resumed>) = 0 [pid 583] <... symlink resumed>) = 0 [pid 579] close(6 [pid 583] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... symlink resumed>) = 0 [pid 579] close(7 [pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... openat resumed>) = 3 [pid 579] close(8 [pid 583] write(3, "1000", 4 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... write resumed>) = 4 [pid 579] close(9 [pid 583] close(3 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... close resumed>) = 0 [pid 579] close(10 [pid 583] symlink("/dev/binderfs", "./binderfs" [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... symlink resumed>) = 0 [pid 579] close(11 [pid 583] mkdirat(AT_FDCWD, "./file0", 000 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... mkdirat resumed>) = 0 [pid 579] close(12 [pid 583] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... mount resumed>) = 0 [pid 579] close(13 [pid 583] open("./file0", O_RDONLY [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... open resumed>) = 3 [pid 579] close(14 [pid 583] openat(3, "cgroup.subtree_control", O_RDWR [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 583] <... openat resumed>) = 4 [pid 579] close(15 [pid 583] write(4, "-pids ", 6 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(16) = -1 EBADF (Bad file descriptor) [pid 579] close(17) = -1 EBADF (Bad file descriptor) [pid 579] close(18) = -1 EBADF (Bad file descriptor) [pid 579] close(19) = -1 EBADF (Bad file descriptor) [pid 579] close(20) = -1 EBADF (Bad file descriptor) [pid 579] close(21) = -1 EBADF (Bad file descriptor) [pid 579] close(22) = -1 EBADF (Bad file descriptor) [pid 579] close(23) = -1 EBADF (Bad file descriptor) [pid 579] close(24) = -1 EBADF (Bad file descriptor) [pid 579] close(25) = -1 EBADF (Bad file descriptor) [pid 579] close(26) = -1 EBADF (Bad file descriptor) [pid 579] close(27) = -1 EBADF (Bad file descriptor) [pid 579] close(28) = -1 EBADF (Bad file descriptor) [pid 579] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 579] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 579] exit_group(0) = ? [pid 579] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./32/binderfs") = 0 [pid 376] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./32/cgroup") = 0 [pid 376] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./32/cgroup.net") = 0 [pid 376] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./32/file0") = 0 [pid 376] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./32/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./32") = 0 [pid 376] mkdir("./33", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 584 attached [pid 584] chdir("./33" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 35 [pid 584] <... chdir resumed>) = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 584] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 584] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 584] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 584] open("./file0", O_RDONLY) = 3 [pid 584] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 584] write(4, "-pids ", 6 [pid 581] <... write resumed>) = 6 [ 117.114670][ T579] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.123061][ T579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 117.131027][ T579] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 117.138977][ T579] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 117.146923][ T579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 117.154965][ T579] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000020 [pid 581] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 581] write(5, "22", 2) = 2 [ 117.190466][ T580] FAULT_INJECTION: forcing a failure. [ 117.190466][ T580] name failslab, interval 1, probability 0, space 0, times 0 [ 117.203111][ T580] CPU: 1 PID: 580 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 117.214815][ T580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.224861][ T580] Call Trace: [ 117.228150][ T580] dump_stack_lvl+0x1e2/0x24b [ 117.232806][ T580] ? panic+0x7d7/0x7d7 [ 117.236857][ T580] ? bfq_pos_tree_add_move+0x43e/0x43e [ 117.242300][ T580] ? find_next_bit+0xd6/0x120 [ 117.246980][ T580] ? cpumask_next+0x11/0x30 [ 117.251463][ T580] dump_stack+0x15/0x17 [ 117.255606][ T580] should_fail+0x3c0/0x510 [ 117.260014][ T580] ? percpu_ref_init+0xd0/0x330 [ 117.264987][ T580] __should_failslab+0x9f/0xe0 [ 117.269731][ T580] should_failslab+0x9/0x20 [ 117.274211][ T580] kmem_cache_alloc_trace+0x3a/0x330 [ 117.279488][ T580] percpu_ref_init+0xd0/0x330 [ 117.284330][ T580] ? cgroup_setup_root+0xea0/0xea0 [ 117.289420][ T580] cgroup_apply_control_enable+0x3a2/0x12f0 [ 117.295299][ T580] cgroup_apply_control+0x93/0x710 [ 117.300402][ T580] ? css_next_child+0x160/0x160 [ 117.305233][ T580] ? stack_trace_save+0x12d/0x1f0 [ 117.310243][ T580] ? io_schedule+0x120/0x120 [ 117.314830][ T580] ? kernfs_fop_write_iter+0x15e/0x410 [ 117.320283][ T580] ? __kasan_check_write+0x14/0x20 [ 117.325380][ T580] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 117.330650][ T580] cgroup_subtree_control_write+0xd19/0x1310 [ 117.336608][ T580] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 117.342571][ T580] ? __kasan_check_write+0x14/0x20 [ 117.347667][ T580] ? _copy_from_iter+0x3fb/0xd60 [ 117.352585][ T580] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 117.358542][ T580] cgroup_file_write+0x28e/0x590 [ 117.363499][ T580] ? cgroup_seqfile_stop+0xc0/0xc0 [ 117.368598][ T580] ? mutex_lock+0xa6/0x110 [ 117.372993][ T580] ? mutex_trylock+0xb0/0xb0 [ 117.377560][ T580] ? __kasan_check_write+0x14/0x20 [ 117.382659][ T580] kernfs_fop_write_iter+0x2d0/0x410 [ 117.387928][ T580] ? cgroup_seqfile_stop+0xc0/0xc0 [ 117.393026][ T580] vfs_write+0xc1c/0xf40 [ 117.397260][ T580] ? __kasan_check_write+0x14/0x20 [ 117.402355][ T580] ? kernel_write+0x3c0/0x3c0 [ 117.407009][ T580] ? _raw_spin_unlock_irq+0x4e/0x70 [ 117.412192][ T580] ? ptrace_stop+0x6ff/0x9f0 [ 117.416779][ T580] ? __kasan_check_read+0x11/0x20 [ 117.421790][ T580] ? __fdget_pos+0x27e/0x310 [ 117.426442][ T580] ksys_write+0x198/0x2c0 [ 117.430766][ T580] ? do_notify_parent+0xa60/0xa60 [ 117.435868][ T580] ? __ia32_sys_read+0x90/0x90 [ 117.440626][ T580] ? __ia32_sys_open+0x270/0x270 [ 117.445550][ T580] __x64_sys_write+0x7b/0x90 [ 117.450116][ T580] do_syscall_64+0x34/0x70 [ 117.454512][ T580] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 117.460381][ T580] RIP: 0033:0x7fc8ece62c09 [ 117.464774][ T580] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 581] write(4, "+pids ", 6 [pid 580] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 580] close(3) = 0 [pid 580] close(4) = 0 [pid 580] close(5) = 0 [pid 580] close(6) = -1 EBADF (Bad file descriptor) [pid 580] close(7) = -1 EBADF (Bad file descriptor) [pid 580] close(8) = -1 EBADF (Bad file descriptor) [pid 580] close(9) = -1 EBADF (Bad file descriptor) [pid 580] close(10) = -1 EBADF (Bad file descriptor) [pid 580] close(11) = -1 EBADF (Bad file descriptor) [pid 580] close(12) = -1 EBADF (Bad file descriptor) [pid 580] close(13) = -1 EBADF (Bad file descriptor) [pid 580] close(14) = -1 EBADF (Bad file descriptor) [pid 580] close(15) = -1 EBADF (Bad file descriptor) [pid 580] close(16) = -1 EBADF (Bad file descriptor) [pid 580] close(17) = -1 EBADF (Bad file descriptor) [pid 580] close(18) = -1 EBADF (Bad file descriptor) [pid 580] close(19) = -1 EBADF (Bad file descriptor) [pid 580] close(20) = -1 EBADF (Bad file descriptor) [pid 580] close(21) = -1 EBADF (Bad file descriptor) [pid 580] close(22) = -1 EBADF (Bad file descriptor) [pid 580] close(23) = -1 EBADF (Bad file descriptor) [pid 580] close(24) = -1 EBADF (Bad file descriptor) [pid 580] close(25) = -1 EBADF (Bad file descriptor) [pid 580] close(26) = -1 EBADF (Bad file descriptor) [pid 580] close(27) = -1 EBADF (Bad file descriptor) [pid 580] close(28) = -1 EBADF (Bad file descriptor) [pid 580] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 580] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 580] exit_group(0) = ? [pid 580] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=30, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./28/binderfs") = 0 [pid 380] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./28/cgroup") = 0 [pid 380] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./28/cgroup.net") = 0 [pid 380] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [ 117.484554][ T580] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.492945][ T580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 117.500895][ T580] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 117.508856][ T580] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 117.516816][ T580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 117.524766][ T580] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001c [pid 380] rmdir("./28/file0") = 0 [pid 380] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./28/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./28") = 0 [pid 380] mkdir("./29", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 31 ./strace-static-x86_64: Process 585 attached [pid 585] chdir("./29") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 585] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 585] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 117.550466][ T581] FAULT_INJECTION: forcing a failure. [ 117.550466][ T581] name failslab, interval 1, probability 0, space 0, times 0 [ 117.563559][ T581] CPU: 0 PID: 581 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 117.575274][ T581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.585325][ T581] Call Trace: [ 117.588612][ T581] dump_stack_lvl+0x1e2/0x24b [ 117.593271][ T581] ? panic+0x7d7/0x7d7 [ 117.597317][ T581] ? bfq_pos_tree_add_move+0x43e/0x43e [ 117.602764][ T581] ? find_next_bit+0xd6/0x120 [ 117.607694][ T581] ? cpumask_next+0x11/0x30 [ 117.612263][ T581] dump_stack+0x15/0x17 [ 117.616397][ T581] should_fail+0x3c0/0x510 [ 117.620806][ T581] ? percpu_ref_init+0xd0/0x330 [ 117.625635][ T581] __should_failslab+0x9f/0xe0 [ 117.630389][ T581] should_failslab+0x9/0x20 [ 117.634919][ T581] kmem_cache_alloc_trace+0x3a/0x330 [ 117.640197][ T581] percpu_ref_init+0xd0/0x330 [ 117.644854][ T581] ? cgroup_setup_root+0xea0/0xea0 [ 117.649944][ T581] cgroup_apply_control_enable+0x3a2/0x12f0 [ 117.655815][ T581] cgroup_apply_control+0x93/0x710 [ 117.660920][ T581] ? css_next_child+0x160/0x160 [ 117.665759][ T581] ? stack_trace_save+0x12d/0x1f0 [ 117.670771][ T581] ? io_schedule+0x120/0x120 [ 117.675338][ T581] ? kernfs_fop_write_iter+0x15e/0x410 [ 117.680788][ T581] ? __kasan_check_write+0x14/0x20 [ 117.685933][ T581] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 117.691209][ T581] cgroup_subtree_control_write+0xd19/0x1310 [ 117.697173][ T581] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 117.703133][ T581] ? __kasan_check_write+0x14/0x20 [ 117.708227][ T581] ? _copy_from_iter+0x3fb/0xd60 [ 117.713146][ T581] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 117.719111][ T581] cgroup_file_write+0x28e/0x590 [ 117.724036][ T581] ? cgroup_seqfile_stop+0xc0/0xc0 [ 117.729136][ T581] ? mutex_lock+0xa6/0x110 [ 117.733533][ T581] ? mutex_trylock+0xb0/0xb0 [ 117.738106][ T581] ? __kasan_check_write+0x14/0x20 [ 117.743199][ T581] kernfs_fop_write_iter+0x2d0/0x410 [ 117.748461][ T581] ? cgroup_seqfile_stop+0xc0/0xc0 [ 117.753558][ T581] vfs_write+0xc1c/0xf40 [ 117.757782][ T581] ? __kasan_check_write+0x14/0x20 [ 117.762874][ T581] ? kernel_write+0x3c0/0x3c0 [ 117.767532][ T581] ? _raw_spin_unlock_irq+0x4e/0x70 [ 117.772713][ T581] ? ptrace_stop+0x6ff/0x9f0 [ 117.777282][ T581] ? __kasan_check_read+0x11/0x20 [ 117.782289][ T581] ? __fdget_pos+0x27e/0x310 [ 117.786858][ T581] ksys_write+0x198/0x2c0 [ 117.791167][ T581] ? do_notify_parent+0xa60/0xa60 [ 117.796168][ T581] ? __ia32_sys_read+0x90/0x90 [ 117.800910][ T581] ? __ia32_sys_open+0x270/0x270 [ 117.805829][ T581] __x64_sys_write+0x7b/0x90 [ 117.810400][ T581] do_syscall_64+0x34/0x70 [ 117.814796][ T581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 117.820664][ T581] RIP: 0033:0x7fc8ece62c09 [ 117.825059][ T581] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 585] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 581] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 585] open("./file0", O_RDONLY [pid 581] close(3 [pid 585] <... open resumed>) = 3 [pid 581] <... close resumed>) = 0 [pid 585] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 581] close(4 [pid 585] write(4, "-pids ", 6 [pid 581] <... close resumed>) = 0 [pid 581] close(5) = 0 [pid 581] close(6) = -1 EBADF (Bad file descriptor) [pid 581] close(7) = -1 EBADF (Bad file descriptor) [pid 581] close(8) = -1 EBADF (Bad file descriptor) [pid 581] close(9) = -1 EBADF (Bad file descriptor) [pid 581] close(10) = -1 EBADF (Bad file descriptor) [pid 581] close(11) = -1 EBADF (Bad file descriptor) [pid 581] close(12) = -1 EBADF (Bad file descriptor) [pid 581] close(13) = -1 EBADF (Bad file descriptor) [pid 581] close(14) = -1 EBADF (Bad file descriptor) [pid 581] close(15) = -1 EBADF (Bad file descriptor) [pid 581] close(16) = -1 EBADF (Bad file descriptor) [pid 581] close(17) = -1 EBADF (Bad file descriptor) [pid 581] close(18) = -1 EBADF (Bad file descriptor) [pid 581] close(19) = -1 EBADF (Bad file descriptor) [pid 581] close(20) = -1 EBADF (Bad file descriptor) [pid 581] close(21) = -1 EBADF (Bad file descriptor) [pid 581] close(22) = -1 EBADF (Bad file descriptor) [pid 581] close(23) = -1 EBADF (Bad file descriptor) [pid 581] close(24) = -1 EBADF (Bad file descriptor) [pid 581] close(25) = -1 EBADF (Bad file descriptor) [pid 581] close(26) = -1 EBADF (Bad file descriptor) [pid 581] close(27) = -1 EBADF (Bad file descriptor) [pid 581] close(28) = -1 EBADF (Bad file descriptor) [pid 581] close(29) = -1 EBADF (Bad file descriptor) [pid 581] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 581] exit_group(0) = ? [pid 581] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 577] <... write resumed>) = 6 [pid 375] unlink("./34/binderfs" [pid 585] <... write resumed>) = 6 [pid 584] <... write resumed>) = 6 [pid 583] <... write resumed>) = 6 [pid 582] <... write resumed>) = 6 [pid 577] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 375] <... unlink resumed>) = 0 [pid 585] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 584] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 583] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 582] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 375] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 585] <... openat resumed>) = 5 [pid 577] <... openat resumed>) = 5 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 582] <... openat resumed>) = 5 [pid 375] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 584] <... openat resumed>) = 5 [pid 375] unlink("./34/cgroup" [pid 585] write(5, "22", 2 [pid 584] write(5, "22", 2 [pid 583] <... openat resumed>) = 5 [pid 582] write(5, "22", 2 [pid 577] write(5, "22", 2 [pid 375] <... unlink resumed>) = 0 [pid 585] <... write resumed>) = 2 [pid 584] <... write resumed>) = 2 [pid 583] write(5, "22", 2 [pid 582] <... write resumed>) = 2 [pid 577] <... write resumed>) = 2 [ 117.844641][ T581] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.853031][ T581] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 117.860981][ T581] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 117.868934][ T581] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 117.876885][ T581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 117.884833][ T581] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000022 [pid 375] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 585] write(4, "+pids ", 6 [pid 584] write(4, "+pids ", 6 [pid 583] <... write resumed>) = 2 [pid 582] write(4, "+pids ", 6 [pid 577] write(4, "+pids ", 6 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./34/cgroup.net") = 0 [pid 375] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 583] write(4, "+pids ", 6 [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./34/file0") = 0 [pid 375] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./34/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./34") = 0 [pid 375] mkdir("./35", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 586 attached [pid 586] chdir("./35" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 37 [pid 586] <... chdir resumed>) = 0 [pid 586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 586] setpgid(0, 0) = 0 [pid 586] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 586] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 586] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 586] write(3, "1000", 4) = 4 [pid 586] close(3) = 0 [pid 586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 586] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 117.912718][ T585] FAULT_INJECTION: forcing a failure. [ 117.912718][ T585] name failslab, interval 1, probability 0, space 0, times 0 [ 117.925565][ T585] CPU: 0 PID: 585 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 117.937185][ T585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.947224][ T585] Call Trace: [ 117.950502][ T585] dump_stack_lvl+0x1e2/0x24b [ 117.955160][ T585] ? bfq_pos_tree_add_move+0x43e/0x43e [ 117.960598][ T585] ? selinux_kernfs_init_security+0x1a8/0x760 [ 117.966643][ T585] dump_stack+0x15/0x17 [ 117.970784][ T585] should_fail+0x3c0/0x510 [ 117.975188][ T585] ? __kernfs_new_node+0x99/0x6e0 [ 117.980365][ T585] __should_failslab+0x9f/0xe0 [ 117.985107][ T585] should_failslab+0x9/0x20 [ 117.989590][ T585] __kmalloc_track_caller+0x5f/0x350 [ 117.994852][ T585] kstrdup_const+0x55/0x90 [ 117.999252][ T585] __kernfs_new_node+0x99/0x6e0 [ 118.004086][ T585] ? is_module_text_address+0xe1/0x140 [ 118.009534][ T585] ? kernfs_new_node+0x170/0x170 [ 118.014457][ T585] ? ptr_to_hashval+0x60/0x60 [ 118.019110][ T585] ? arch_stack_walk+0xf8/0x140 [ 118.023938][ T585] ? snprintf+0xd6/0x120 [ 118.028162][ T585] kernfs_new_node+0x97/0x170 [ 118.032826][ T585] __kernfs_create_file+0x4a/0x270 [ 118.037920][ T585] cgroup_addrm_files+0xab8/0xfe0 [ 118.042930][ T585] ? ____kasan_kmalloc+0xdc/0x110 [ 118.047928][ T585] ? __kasan_kmalloc+0x9/0x10 [ 118.052584][ T585] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 118.058124][ T585] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 118.064261][ T585] ? delete_node+0x759/0x7b0 [ 118.068831][ T585] ? __kasan_check_read+0x11/0x20 [ 118.073838][ T585] ? delete_node+0x759/0x7b0 [ 118.078406][ T585] ? __kasan_check_write+0x14/0x20 [ 118.083505][ T585] ? idr_replace+0x1c4/0x230 [ 118.088076][ T585] ? idr_get_next+0x4b0/0x4b0 [ 118.092734][ T585] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 118.097738][ T585] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 118.103060][ T585] css_populate_dir+0x137/0x370 [ 118.107897][ T585] cgroup_apply_control_enable+0x8b9/0x12f0 [ 118.113870][ T585] cgroup_apply_control+0x93/0x710 [ 118.118961][ T585] ? css_next_child+0x160/0x160 [ 118.123785][ T585] ? stack_trace_save+0x12d/0x1f0 [ 118.128786][ T585] ? io_schedule+0x120/0x120 [ 118.133360][ T585] ? kernfs_fop_write_iter+0x15e/0x410 [ 118.138813][ T585] ? __kasan_check_write+0x14/0x20 [ 118.143909][ T585] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 118.149168][ T585] cgroup_subtree_control_write+0xd19/0x1310 [ 118.155129][ T585] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 118.161091][ T585] ? __kasan_check_write+0x14/0x20 [ 118.166178][ T585] ? _copy_from_iter+0x3fb/0xd60 [ 118.171091][ T585] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 118.177056][ T585] cgroup_file_write+0x28e/0x590 [ 118.181977][ T585] ? cgroup_seqfile_stop+0xc0/0xc0 [ 118.187072][ T585] ? mutex_lock+0xa6/0x110 [ 118.191495][ T585] ? mutex_trylock+0xb0/0xb0 [ 118.196071][ T585] ? __kasan_check_write+0x14/0x20 [ 118.201156][ T585] kernfs_fop_write_iter+0x2d0/0x410 [ 118.206422][ T585] ? cgroup_seqfile_stop+0xc0/0xc0 [ 118.211519][ T585] vfs_write+0xc1c/0xf40 [ 118.215749][ T585] ? __kasan_check_write+0x14/0x20 [ 118.220847][ T585] ? kernel_write+0x3c0/0x3c0 [ 118.225502][ T585] ? _raw_spin_unlock_irq+0x4e/0x70 [ 118.230683][ T585] ? ptrace_stop+0x6ff/0x9f0 [ 118.235257][ T585] ? __kasan_check_read+0x11/0x20 [ 118.240256][ T585] ? __fdget_pos+0x27e/0x310 [ 118.244821][ T585] ksys_write+0x198/0x2c0 [ 118.249125][ T585] ? do_notify_parent+0xa60/0xa60 [ 118.254124][ T585] ? __ia32_sys_read+0x90/0x90 [ 118.258871][ T585] ? __ia32_sys_open+0x270/0x270 [ 118.263791][ T585] __x64_sys_write+0x7b/0x90 [ 118.268364][ T585] do_syscall_64+0x34/0x70 [ 118.272766][ T585] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.278633][ T585] RIP: 0033:0x7fc8ece62c09 [ 118.283031][ T585] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 118.302618][ T585] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 586] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 585] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 586] <... mount resumed>) = 0 [pid 585] close(3 [pid 586] open("./file0", O_RDONLY [pid 585] <... close resumed>) = 0 [pid 586] <... open resumed>) = 3 [pid 586] openat(3, "cgroup.subtree_control", O_RDWR [pid 585] close(4 [pid 586] <... openat resumed>) = 4 [pid 586] write(4, "-pids ", 6 [pid 585] <... close resumed>) = 0 [pid 585] close(5) = 0 [pid 585] close(6) = -1 EBADF (Bad file descriptor) [pid 585] close(7) = -1 EBADF (Bad file descriptor) [pid 585] close(8) = -1 EBADF (Bad file descriptor) [pid 585] close(9) = -1 EBADF (Bad file descriptor) [pid 585] close(10) = -1 EBADF (Bad file descriptor) [pid 585] close(11) = -1 EBADF (Bad file descriptor) [pid 585] close(12) = -1 EBADF (Bad file descriptor) [pid 585] close(13) = -1 EBADF (Bad file descriptor) [pid 585] close(14) = -1 EBADF (Bad file descriptor) [pid 585] close(15) = -1 EBADF (Bad file descriptor) [pid 585] close(16) = -1 EBADF (Bad file descriptor) [pid 585] close(17) = -1 EBADF (Bad file descriptor) [pid 585] close(18) = -1 EBADF (Bad file descriptor) [pid 585] close(19) = -1 EBADF (Bad file descriptor) [pid 585] close(20) = -1 EBADF (Bad file descriptor) [pid 585] close(21) = -1 EBADF (Bad file descriptor) [pid 585] close(22) = -1 EBADF (Bad file descriptor) [pid 585] close(23) = -1 EBADF (Bad file descriptor) [pid 585] close(24) = -1 EBADF (Bad file descriptor) [pid 585] close(25) = -1 EBADF (Bad file descriptor) [pid 585] close(26) = -1 EBADF (Bad file descriptor) [pid 585] close(27) = -1 EBADF (Bad file descriptor) [pid 585] close(28) = -1 EBADF (Bad file descriptor) [pid 585] close(29) = -1 EBADF (Bad file descriptor) [pid 585] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 585] exit_group(0) = ? [pid 585] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./29/binderfs") = 0 [pid 380] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 118.311014][ T585] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 118.318967][ T585] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 118.326922][ T585] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 118.335221][ T585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 118.343170][ T585] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001d [ 118.352055][ T585] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] unlink("./29/cgroup" [pid 586] <... write resumed>) = 6 [pid 380] <... unlink resumed>) = 0 [pid 380] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./29/cgroup.net") = 0 [pid 380] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 586] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 586] write(5, "22", 2) = 2 [ 118.380969][ T584] FAULT_INJECTION: forcing a failure. [ 118.380969][ T584] name failslab, interval 1, probability 0, space 0, times 0 [ 118.393741][ T584] CPU: 1 PID: 584 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 118.393838][ T380] ------------[ cut here ]------------ [ 118.405351][ T584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.405356][ T584] Call Trace: [ 118.405375][ T584] dump_stack_lvl+0x1e2/0x24b [ 118.405385][ T584] ? bfq_pos_tree_add_move+0x43e/0x43e [ 118.405404][ T584] ? selinux_kernfs_init_security+0x1a8/0x760 [ 118.410894][ T380] WARNING: CPU: 0 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 118.420881][ T584] dump_stack+0x15/0x17 [ 118.420891][ T584] should_fail+0x3c0/0x510 [ 118.420901][ T584] ? __kernfs_new_node+0x99/0x6e0 [ 118.420910][ T584] __should_failslab+0x9f/0xe0 [ 118.420928][ T584] should_failslab+0x9/0x20 [ 118.424188][ T380] Modules linked in: [ 118.428843][ T584] __kmalloc_track_caller+0x5f/0x350 [ 118.434292][ T380] [ 118.440317][ T584] kstrdup_const+0x55/0x90 [ 118.440335][ T584] __kernfs_new_node+0x99/0x6e0 [ 118.449241][ T380] CPU: 0 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 118.453881][ T584] ? is_module_text_address+0xe1/0x140 [ 118.453891][ T584] ? kernfs_new_node+0x170/0x170 [ 118.453908][ T584] ? ptr_to_hashval+0x60/0x60 [ 118.458284][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.463276][ T584] ? arch_stack_walk+0xf8/0x140 [ 118.463286][ T584] ? snprintf+0xd6/0x120 [ 118.463301][ T584] kernfs_new_node+0x97/0x170 [ 118.468045][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 118.472523][ T584] __kernfs_create_file+0x4a/0x270 [ 118.472535][ T584] cgroup_addrm_files+0xab8/0xfe0 [ 118.472544][ T584] ? ____kasan_kmalloc+0xdc/0x110 [ 118.472560][ T584] ? __kasan_kmalloc+0x9/0x10 [ 118.476431][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 118.481677][ T584] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 118.481688][ T584] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 118.481696][ T584] ? delete_node+0x759/0x7b0 [ 118.481706][ T584] ? __kasan_check_read+0x11/0x20 [ 118.481720][ T584] ? delete_node+0x759/0x7b0 [ 118.484021][ T380] RSP: 0018:ffffc90000b27ca0 EFLAGS: 00010293 [ 118.488421][ T584] ? __kasan_check_write+0x14/0x20 [ 118.493255][ T380] [ 118.504849][ T584] ? idr_replace+0x1c4/0x230 [ 118.504861][ T584] ? idr_get_next+0x4b0/0x4b0 [ 118.504879][ T584] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 118.510324][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 118.515235][ T584] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 118.519882][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 118.529916][ T584] css_populate_dir+0x137/0x370 [ 118.529929][ T584] cgroup_apply_control_enable+0x8b9/0x12f0 [ 118.529949][ T584] cgroup_apply_control+0x93/0x710 [ 118.534783][ T380] RBP: ffffc90000b27d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 118.539003][ T584] ? css_next_child+0x160/0x160 [ 118.543692][ T380] R10: fffff52000164f85 R11: 1ffff92000164f84 R12: dffffc0000000000 [ 118.549254][ T584] ? stack_trace_save+0x12d/0x1f0 [ 118.554366][ T380] R13: ffff888116a96e00 R14: ffffc90000b27d00 R15: 1ffff92000164f9c [ 118.559385][ T584] ? io_schedule+0x120/0x120 [ 118.564404][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 118.569030][ T584] ? kernfs_fop_write_iter+0x15e/0x410 [ 118.588632][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.594129][ T584] ? __kasan_check_write+0x14/0x20 [ 118.594148][ T584] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 118.600314][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506b0 [ 118.604849][ T584] cgroup_subtree_control_write+0xd19/0x1310 [ 118.609840][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 118.614403][ T584] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 118.614415][ T584] ? __kasan_check_write+0x14/0x20 [pid 586] write(4, "+pids ", 6write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 584] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 584] close(3) = 0 [pid 584] close(4) = 0 [pid 584] close(5) = 0 [pid 584] close(6) = -1 EBADF (Bad file descriptor) [pid 584] close(7) = -1 EBADF (Bad file descriptor) [pid 584] close(8) = -1 EBADF (Bad file descriptor) [pid 584] close(9) = -1 EBADF (Bad file descriptor) [pid 584] close(10) = -1 EBADF (Bad file descriptor) [pid 584] close(11) = -1 EBADF (Bad file descriptor) [pid 584] close(12) = -1 EBADF (Bad file descriptor) [pid 584] close(13) = -1 EBADF (Bad file descriptor) [pid 584] close(14) = -1 EBADF (Bad file descriptor) [pid 584] close(15) = -1 EBADF (Bad file descriptor) [pid 584] close(16) = -1 EBADF (Bad file descriptor) [pid 584] close(17) = -1 EBADF (Bad file descriptor) [pid 584] close(18) = -1 EBADF (Bad file descriptor) [pid 584] close(19) = -1 EBADF (Bad file descriptor) [pid 584] close(20) = -1 EBADF (Bad file descriptor) [pid 584] close(21) = -1 EBADF (Bad file descriptor) [pid 584] close(22) = -1 EBADF (Bad file descriptor) [pid 584] close(23) = -1 EBADF (Bad file descriptor) [pid 584] close(24) = -1 EBADF (Bad file descriptor) [pid 584] close(25) = -1 EBADF (Bad file descriptor) [pid 584] close(26) = -1 EBADF (Bad file descriptor) [pid 584] close(27) = -1 EBADF (Bad file descriptor) [pid 584] close(28) = -1 EBADF (Bad file descriptor) [pid 584] close(29) = -1 EBADF (Bad file descriptor) [pid 584] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 584] exit_group(0) = ? [pid 584] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 118.614434][ T584] ? _copy_from_iter+0x3fb/0xd60 [ 118.620472][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 118.625548][ T584] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 118.627856][ T380] Call Trace: [ 118.632428][ T584] cgroup_file_write+0x28e/0x590 [ 118.632439][ T584] ? cgroup_seqfile_stop+0xc0/0xc0 [ 118.632448][ T584] ? mutex_lock+0xa6/0x110 [ 118.632465][ T584] ? mutex_trylock+0xb0/0xb0 [ 118.637124][ T380] ? lockref_get_or_lock+0x340/0x340 [ 118.642119][ T584] ? __kasan_check_write+0x14/0x20 [ 118.642132][ T584] kernfs_fop_write_iter+0x2d0/0x410 [ 118.642152][ T584] ? cgroup_seqfile_stop+0xc0/0xc0 [ 118.650108][ T380] ? umount_tree+0xf50/0xf50 [ 118.655265][ T584] vfs_write+0xc1c/0xf40 [ 118.655277][ T584] ? __kasan_check_write+0x14/0x20 [ 118.655287][ T584] ? kernel_write+0x3c0/0x3c0 [ 118.655304][ T584] ? _raw_spin_unlock_irq+0x4e/0x70 [ 118.663325][ T380] ? vfs_submount+0xb0/0xb0 [ 118.668069][ T584] ? ptrace_stop+0x6ff/0x9f0 [ 118.673955][ T380] ? __rcu_read_unlock+0x60/0x90 [ 118.679017][ T584] ? __kasan_check_read+0x11/0x20 [ 118.686979][ T380] ? dput+0x2b6/0x320 [ 118.691782][ T584] ? __fdget_pos+0x27e/0x310 [ 118.691792][ T584] ksys_write+0x198/0x2c0 [ 118.691810][ T584] ? do_notify_parent+0xa60/0xa60 [ 118.699770][ T380] path_umount+0x1fe/0xfb0 [ 118.704761][ T584] ? __ia32_sys_read+0x90/0x90 [ 118.704775][ T584] ? __ia32_sys_open+0x270/0x270 [ 118.704785][ T584] __x64_sys_write+0x7b/0x90 [ 118.704804][ T584] do_syscall_64+0x34/0x70 [ 118.712765][ T380] ? namespace_unlock+0x4f0/0x4f0 [pid 376] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] kill(-30, SIGKILL) = 0 [pid 383] kill(30, SIGKILL) = 0 [ 118.717335][ T584] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.726353][ T380] ? user_path_at_empty+0x40/0x50 [ 118.731695][ T584] RIP: 0033:0x7fc8ece62c09 [ 118.731707][ T584] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 118.731723][ T584] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 118.738290][ T380] __x64_sys_umount+0x122/0x170 [ 118.743359][ T584] ORIG_RAX: 0000000000000001 [ 118.743367][ T584] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 118.743374][ T584] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 118.743388][ T584] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 118.748647][ T380] ? path_umount+0xfb0/0xfb0 [ 118.756583][ T584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 118.756591][ T584] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000021 [ 118.770871][ T584] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 118.776579][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 118.776591][ T380] do_syscall_64+0x34/0x70 [ 118.776610][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.051279][ T380] RIP: 0033:0x7fc8ece63fb7 [ 119.055701][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 119.075321][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... umount2 resumed>) = 0 [pid 376] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... openat resumed>) = 3 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./33/binderfs") = 0 [pid 376] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./33/cgroup") = 0 [pid 376] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./33/cgroup.net") = 0 [pid 376] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./33/file0") = 0 [pid 376] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./33/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./33" [pid 380] lstat("./29/file0", [pid 376] <... rmdir resumed>) = 0 [pid 380] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] mkdir("./34", 0777 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] <... mkdir resumed>) = 0 [pid 380] getdents64(4, [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 380] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 587 attached [pid 380] getdents64(4, [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 36 [pid 587] chdir("./34" [pid 380] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 587] <... chdir resumed>) = 0 [pid 380] close(4 [pid 587] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] <... close resumed>) = 0 [pid 380] rmdir("./29/file0" [pid 587] <... prctl resumed>) = 0 [pid 380] <... rmdir resumed>) = 0 [pid 587] setpgid(0, 0 [pid 380] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 587] <... setpgid resumed>) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 587] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 380] lstat("./29/cgroup.cpu", [pid 587] <... symlink resumed>) = 0 [pid 587] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 587] <... symlink resumed>) = 0 [pid 587] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 380] unlink("./29/cgroup.cpu" [pid 587] <... openat resumed>) = 3 [pid 587] write(3, "1000", 4) = 4 [pid 587] close(3) = 0 [pid 587] symlink("/dev/binderfs", "./binderfs" [pid 380] <... unlink resumed>) = 0 [pid 587] <... symlink resumed>) = 0 [pid 587] mkdirat(AT_FDCWD, "./file0", 000 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 587] <... mkdirat resumed>) = 0 [pid 587] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 587] open("./file0", O_RDONLY) = 3 [pid 587] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 587] write(4, "-pids ", 6 [pid 380] close(3) = 0 [pid 380] rmdir("./29") = 0 [pid 383] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 383] getdents64(3, [pid 380] mkdir("./30", 0777 [pid 383] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] <... mkdir resumed>) = 0 [pid 383] close(3) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 588 attached [pid 588] chdir("./30" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 32 [pid 588] <... chdir resumed>) = 0 [pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 588] setpgid(0, 0) = 0 [pid 588] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 588] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 588] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 588] write(3, "1000", 4) = 4 [pid 588] close(3) = 0 [pid 588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 588] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 588] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 588] open("./file0", O_RDONLY) = 3 [pid 588] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 119.083898][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 119.091867][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 119.099821][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 119.107786][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 119.115785][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000001e [ 119.123770][ T380] ---[ end trace d4de1ca9cdcd197d ]--- [pid 588] write(4, "-pids ", 6) = 6 [pid 588] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 588] write(5, "22", 2) = 2 [ 119.161003][ T577] FAULT_INJECTION: forcing a failure. [ 119.161003][ T577] name failslab, interval 1, probability 0, space 0, times 0 [ 119.173770][ T577] CPU: 1 PID: 577 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 119.185493][ T577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.195547][ T577] Call Trace: [ 119.198827][ T577] dump_stack_lvl+0x1e2/0x24b [ 119.203482][ T577] ? panic+0x7d7/0x7d7 [ 119.207534][ T577] ? bfq_pos_tree_add_move+0x43e/0x43e [ 119.212976][ T577] ? find_next_bit+0xd6/0x120 [ 119.217633][ T577] ? cpumask_next+0x11/0x30 [ 119.222123][ T577] dump_stack+0x15/0x17 [ 119.226277][ T577] should_fail+0x3c0/0x510 [ 119.231194][ T577] ? percpu_ref_init+0xd0/0x330 [ 119.236027][ T577] __should_failslab+0x9f/0xe0 [ 119.240776][ T577] should_failslab+0x9/0x20 [ 119.245275][ T577] kmem_cache_alloc_trace+0x3a/0x330 [ 119.250548][ T577] percpu_ref_init+0xd0/0x330 [ 119.255212][ T577] ? cgroup_setup_root+0xea0/0xea0 [ 119.260414][ T577] cgroup_apply_control_enable+0x3a2/0x12f0 [ 119.266303][ T577] cgroup_apply_control+0x93/0x710 [ 119.271399][ T577] ? css_next_child+0x160/0x160 [ 119.276241][ T577] ? stack_trace_save+0x12d/0x1f0 [ 119.281271][ T577] ? io_schedule+0x120/0x120 [ 119.285853][ T577] ? kernfs_fop_write_iter+0x15e/0x410 [ 119.291295][ T577] ? __kasan_check_write+0x14/0x20 [ 119.296402][ T577] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 119.301676][ T577] cgroup_subtree_control_write+0xd19/0x1310 [ 119.307641][ T577] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 119.313621][ T577] ? __kasan_check_write+0x14/0x20 [ 119.318720][ T577] ? _copy_from_iter+0x3fb/0xd60 [ 119.323635][ T577] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 119.329594][ T577] cgroup_file_write+0x28e/0x590 [ 119.334521][ T577] ? cgroup_seqfile_stop+0xc0/0xc0 [ 119.339620][ T577] ? mutex_lock+0xa6/0x110 [ 119.344012][ T577] ? mutex_trylock+0xb0/0xb0 [ 119.348589][ T577] ? __kasan_check_write+0x14/0x20 [ 119.353684][ T577] kernfs_fop_write_iter+0x2d0/0x410 [ 119.358985][ T577] ? cgroup_seqfile_stop+0xc0/0xc0 [ 119.364088][ T577] vfs_write+0xc1c/0xf40 [ 119.368317][ T577] ? __kasan_check_write+0x14/0x20 [ 119.373411][ T577] ? kernel_write+0x3c0/0x3c0 [ 119.378067][ T577] ? _raw_spin_unlock_irq+0x4e/0x70 [ 119.383260][ T577] ? ptrace_stop+0x6ff/0x9f0 [ 119.387841][ T577] ? __kasan_check_read+0x11/0x20 [ 119.392845][ T577] ? __fdget_pos+0x27e/0x310 [ 119.397424][ T577] ksys_write+0x198/0x2c0 [ 119.401823][ T577] ? do_notify_parent+0xa60/0xa60 [ 119.406833][ T577] ? __ia32_sys_read+0x90/0x90 [ 119.411583][ T577] ? __ia32_sys_open+0x270/0x270 [ 119.416514][ T577] __x64_sys_write+0x7b/0x90 [ 119.421082][ T577] do_syscall_64+0x34/0x70 [ 119.425476][ T577] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.431357][ T577] RIP: 0033:0x7fc8ece62c09 [ 119.435775][ T577] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 588] write(4, "+pids ", 6 [pid 577] <... write resumed>) = ? [pid 577] +++ killed by SIGKILL +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=30, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 383] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./28/binderfs") = 0 [pid 383] umount2("./28/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./28/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./28/cgroup") = 0 [pid 383] umount2("./28/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./28/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./28/cgroup.net") = 0 [pid 383] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./28/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./28/file0") = 0 [pid 383] umount2("./28/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./28/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./28/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./28") = 0 [pid 383] mkdir("./29", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 589 attached , child_tidptr=0x555556fab5d0) = 31 [pid 589] chdir("./29") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 589] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 589] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 589] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 589] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 589] open("./file0", O_RDONLY) = 3 [pid 589] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 119.455414][ T577] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.463822][ T577] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 119.471779][ T577] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 119.479738][ T577] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 119.487700][ T577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 119.495651][ T577] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001c [pid 589] write(4, "-pids ", 6 [pid 587] <... write resumed>) = 6 [pid 587] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 587] write(5, "22", 2) = 2 [ 119.530723][ T586] FAULT_INJECTION: forcing a failure. [ 119.530723][ T586] name failslab, interval 1, probability 0, space 0, times 0 [ 119.543520][ T586] CPU: 1 PID: 586 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 119.555134][ T586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.565182][ T586] Call Trace: [ 119.568466][ T586] dump_stack_lvl+0x1e2/0x24b [ 119.573141][ T586] ? panic+0x7d7/0x7d7 [ 119.577208][ T586] ? bfq_pos_tree_add_move+0x43e/0x43e [ 119.582654][ T586] ? find_next_bit+0xd6/0x120 [ 119.587307][ T586] ? cpumask_next+0x11/0x30 [ 119.591797][ T586] dump_stack+0x15/0x17 [ 119.595938][ T586] should_fail+0x3c0/0x510 [ 119.600332][ T586] ? percpu_ref_init+0xd0/0x330 [ 119.605165][ T586] __should_failslab+0x9f/0xe0 [ 119.609923][ T586] should_failslab+0x9/0x20 [ 119.614406][ T586] kmem_cache_alloc_trace+0x3a/0x330 [ 119.619674][ T586] percpu_ref_init+0xd0/0x330 [ 119.624347][ T586] ? cgroup_setup_root+0xea0/0xea0 [ 119.629442][ T586] cgroup_apply_control_enable+0x3a2/0x12f0 [ 119.635311][ T586] cgroup_apply_control+0x93/0x710 [ 119.640405][ T586] ? css_next_child+0x160/0x160 [ 119.645246][ T586] ? stack_trace_save+0x12d/0x1f0 [ 119.650341][ T586] ? io_schedule+0x120/0x120 [ 119.654911][ T586] ? kernfs_fop_write_iter+0x15e/0x410 [ 119.660352][ T586] ? __kasan_check_write+0x14/0x20 [ 119.665446][ T586] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 119.670742][ T586] cgroup_subtree_control_write+0xd19/0x1310 [ 119.676701][ T586] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 119.682663][ T586] ? __kasan_check_write+0x14/0x20 [ 119.687760][ T586] ? _copy_from_iter+0x3fb/0xd60 [ 119.692683][ T586] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 119.698640][ T586] cgroup_file_write+0x28e/0x590 [ 119.703552][ T586] ? cgroup_seqfile_stop+0xc0/0xc0 [ 119.708649][ T586] ? mutex_lock+0xa6/0x110 [ 119.713065][ T586] ? mutex_trylock+0xb0/0xb0 [ 119.717640][ T586] ? __kasan_check_write+0x14/0x20 [ 119.722735][ T586] kernfs_fop_write_iter+0x2d0/0x410 [ 119.727993][ T586] ? cgroup_seqfile_stop+0xc0/0xc0 [ 119.733080][ T586] vfs_write+0xc1c/0xf40 [ 119.737299][ T586] ? __kasan_check_write+0x14/0x20 [ 119.742402][ T586] ? kernel_write+0x3c0/0x3c0 [ 119.747071][ T586] ? _raw_spin_unlock_irq+0x4e/0x70 [ 119.752247][ T586] ? ptrace_stop+0x6ff/0x9f0 [ 119.756815][ T586] ? __kasan_check_read+0x11/0x20 [ 119.761821][ T586] ? __fdget_pos+0x27e/0x310 [ 119.766393][ T586] ksys_write+0x198/0x2c0 [ 119.770711][ T586] ? do_notify_parent+0xa60/0xa60 [ 119.775719][ T586] ? __ia32_sys_read+0x90/0x90 [ 119.780458][ T586] ? __ia32_sys_open+0x270/0x270 [ 119.785379][ T586] __x64_sys_write+0x7b/0x90 [ 119.789955][ T586] do_syscall_64+0x34/0x70 [ 119.794350][ T586] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.800224][ T586] RIP: 0033:0x7fc8ece62c09 [ 119.804629][ T586] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 587] write(4, "+pids ", 6 [pid 586] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 586] close(3) = 0 [pid 586] close(4) = 0 [pid 586] close(5) = 0 [pid 586] close(6) = -1 EBADF (Bad file descriptor) [pid 586] close(7) = -1 EBADF (Bad file descriptor) [pid 586] close(8) = -1 EBADF (Bad file descriptor) [pid 586] close(9) = -1 EBADF (Bad file descriptor) [pid 586] close(10) = -1 EBADF (Bad file descriptor) [pid 586] close(11) = -1 EBADF (Bad file descriptor) [pid 586] close(12) = -1 EBADF (Bad file descriptor) [pid 586] close(13) = -1 EBADF (Bad file descriptor) [pid 586] close(14) = -1 EBADF (Bad file descriptor) [pid 586] close(15) = -1 EBADF (Bad file descriptor) [pid 586] close(16) = -1 EBADF (Bad file descriptor) [pid 586] close(17) = -1 EBADF (Bad file descriptor) [pid 586] close(18) = -1 EBADF (Bad file descriptor) [pid 586] close(19) = -1 EBADF (Bad file descriptor) [pid 586] close(20) = -1 EBADF (Bad file descriptor) [pid 586] close(21) = -1 EBADF (Bad file descriptor) [pid 586] close(22) = -1 EBADF (Bad file descriptor) [pid 586] close(23) = -1 EBADF (Bad file descriptor) [pid 586] close(24) = -1 EBADF (Bad file descriptor) [pid 586] close(25) = -1 EBADF (Bad file descriptor) [pid 586] close(26) = -1 EBADF (Bad file descriptor) [pid 586] close(27) = -1 EBADF (Bad file descriptor) [pid 586] close(28) = -1 EBADF (Bad file descriptor) [pid 586] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 586] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 586] exit_group(0) = ? [pid 586] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./35/binderfs") = 0 [pid 375] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./35/cgroup") = 0 [pid 375] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./35/cgroup.net") = 0 [pid 375] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./35/file0") = 0 [pid 375] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./35/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./35") = 0 [pid 375] mkdir("./36", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 590 attached , child_tidptr=0x555556fab5d0) = 38 [pid 590] chdir("./36") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 590] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 590] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 590] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 590] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 590] open("./file0", O_RDONLY) = 3 [pid 590] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 119.824233][ T586] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.832627][ T586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 119.840579][ T586] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 119.848534][ T586] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 119.856494][ T586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 119.864449][ T586] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [ 119.900861][ T582] FAULT_INJECTION: forcing a failure. [ 119.900861][ T582] name failslab, interval 1, probability 0, space 0, times 0 [ 119.913622][ T582] CPU: 0 PID: 582 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 119.925233][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.935267][ T582] Call Trace: [ 119.938545][ T582] dump_stack_lvl+0x1e2/0x24b [ 119.943220][ T582] ? panic+0x7d7/0x7d7 [ 119.947281][ T582] ? bfq_pos_tree_add_move+0x43e/0x43e [ 119.952730][ T582] ? find_next_bit+0xd6/0x120 [ 119.957400][ T582] ? cpumask_next+0x11/0x30 [ 119.961891][ T582] dump_stack+0x15/0x17 [ 119.966024][ T582] should_fail+0x3c0/0x510 [ 119.970426][ T582] ? percpu_ref_init+0xd0/0x330 [ 119.975264][ T582] __should_failslab+0x9f/0xe0 [ 119.980010][ T582] should_failslab+0x9/0x20 [ 119.984491][ T582] kmem_cache_alloc_trace+0x3a/0x330 [ 119.989758][ T582] percpu_ref_init+0xd0/0x330 [ 119.994427][ T582] ? cgroup_setup_root+0xea0/0xea0 [ 119.999515][ T582] cgroup_apply_control_enable+0x3a2/0x12f0 [ 120.005385][ T582] cgroup_apply_control+0x93/0x710 [ 120.010471][ T582] ? css_next_child+0x160/0x160 [ 120.015298][ T582] ? stack_trace_save+0x12d/0x1f0 [ 120.020309][ T582] ? io_schedule+0x120/0x120 [ 120.024892][ T582] ? kernfs_fop_write_iter+0x15e/0x410 [ 120.030343][ T582] ? __kasan_check_write+0x14/0x20 [ 120.035443][ T582] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 120.040714][ T582] cgroup_subtree_control_write+0xd19/0x1310 [ 120.046667][ T582] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 120.052624][ T582] ? __kasan_check_write+0x14/0x20 [ 120.057716][ T582] ? _copy_from_iter+0x3fb/0xd60 [ 120.062631][ T582] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 120.068586][ T582] cgroup_file_write+0x28e/0x590 [ 120.073508][ T582] ? cgroup_seqfile_stop+0xc0/0xc0 [ 120.078602][ T582] ? mutex_lock+0xa6/0x110 [ 120.082992][ T582] ? mutex_trylock+0xb0/0xb0 [ 120.087567][ T582] ? __kasan_check_write+0x14/0x20 [ 120.092663][ T582] kernfs_fop_write_iter+0x2d0/0x410 [ 120.097936][ T582] ? cgroup_seqfile_stop+0xc0/0xc0 [ 120.103041][ T582] vfs_write+0xc1c/0xf40 [ 120.107283][ T582] ? __kasan_check_write+0x14/0x20 [ 120.112370][ T582] ? kernel_write+0x3c0/0x3c0 [ 120.117027][ T582] ? _raw_spin_unlock_irq+0x4e/0x70 [ 120.122227][ T582] ? ptrace_stop+0x6ff/0x9f0 [ 120.126791][ T582] ? __kasan_check_read+0x11/0x20 [ 120.131794][ T582] ? __fdget_pos+0x27e/0x310 [ 120.136380][ T582] ksys_write+0x198/0x2c0 [ 120.140704][ T582] ? do_notify_parent+0xa60/0xa60 [ 120.145715][ T582] ? __ia32_sys_read+0x90/0x90 [ 120.150453][ T582] ? __ia32_sys_open+0x270/0x270 [ 120.155376][ T582] __x64_sys_write+0x7b/0x90 [ 120.159964][ T582] do_syscall_64+0x34/0x70 [ 120.164377][ T582] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 120.170264][ T582] RIP: 0033:0x7fc8ece62c09 [ 120.174677][ T582] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 590] write(4, "-pids ", 6 [pid 582] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 582] close(3) = 0 [pid 582] close(4) = 0 [pid 582] close(5) = 0 [pid 582] close(6) = -1 EBADF (Bad file descriptor) [pid 582] close(7) = -1 EBADF (Bad file descriptor) [pid 582] close(8) = -1 EBADF (Bad file descriptor) [pid 582] close(9) = -1 EBADF (Bad file descriptor) [pid 582] close(10) = -1 EBADF (Bad file descriptor) [pid 582] close(11) = -1 EBADF (Bad file descriptor) [pid 582] close(12) = -1 EBADF (Bad file descriptor) [pid 582] close(13) = -1 EBADF (Bad file descriptor) [pid 582] close(14) = -1 EBADF (Bad file descriptor) [pid 582] close(15) = -1 EBADF (Bad file descriptor) [pid 582] close(16) = -1 EBADF (Bad file descriptor) [pid 582] close(17) = -1 EBADF (Bad file descriptor) [pid 582] close(18) = -1 EBADF (Bad file descriptor) [pid 582] close(19) = -1 EBADF (Bad file descriptor) [pid 582] close(20) = -1 EBADF (Bad file descriptor) [pid 582] close(21) = -1 EBADF (Bad file descriptor) [pid 582] close(22) = -1 EBADF (Bad file descriptor) [pid 582] close(23) = -1 EBADF (Bad file descriptor) [pid 582] close(24) = -1 EBADF (Bad file descriptor) [pid 582] close(25) = -1 EBADF (Bad file descriptor) [pid 582] close(26) = -1 EBADF (Bad file descriptor) [pid 582] close(27) = -1 EBADF (Bad file descriptor) [pid 582] close(28) = -1 EBADF (Bad file descriptor) [pid 582] close(29) = -1 EBADF (Bad file descriptor) [pid 582] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 582] exit_group(0) = ? [pid 582] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./37/binderfs") = 0 [pid 382] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./37/cgroup") = 0 [pid 382] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./37/cgroup.net") = 0 [pid 382] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./37/file0") = 0 [pid 382] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./37/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [ 120.194268][ T582] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 120.202666][ T582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 120.210626][ T582] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 120.218580][ T582] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 120.226536][ T582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 120.234487][ T582] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000025 [pid 382] rmdir("./37") = 0 [pid 382] mkdir("./38", 0777 [pid 590] <... write resumed>) = 6 [pid 590] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 590] write(5, "22", 2) = 2 [pid 590] write(4, "+pids ", 6 [pid 382] <... mkdir resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 40 ./strace-static-x86_64: Process 591 attached [pid 591] chdir("./38") = 0 [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [pid 591] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 591] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 591] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 591] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 120.270442][ T587] FAULT_INJECTION: forcing a failure. [ 120.270442][ T587] name failslab, interval 1, probability 0, space 0, times 0 [ 120.283284][ T587] CPU: 1 PID: 587 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 120.294908][ T587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.304958][ T587] Call Trace: [ 120.308239][ T587] dump_stack_lvl+0x1e2/0x24b [ 120.312914][ T587] ? bfq_pos_tree_add_move+0x43e/0x43e [ 120.318369][ T587] ? selinux_kernfs_init_security+0x1a8/0x760 [ 120.324416][ T587] dump_stack+0x15/0x17 [ 120.328668][ T587] should_fail+0x3c0/0x510 [ 120.333085][ T587] ? __kernfs_new_node+0x99/0x6e0 [ 120.338089][ T587] __should_failslab+0x9f/0xe0 [ 120.342847][ T587] should_failslab+0x9/0x20 [ 120.347347][ T587] __kmalloc_track_caller+0x5f/0x350 [ 120.352617][ T587] kstrdup_const+0x55/0x90 [ 120.357011][ T587] __kernfs_new_node+0x99/0x6e0 [ 120.361844][ T587] ? is_module_text_address+0xe1/0x140 [ 120.367288][ T587] ? kernfs_new_node+0x170/0x170 [ 120.372213][ T587] ? ptr_to_hashval+0x60/0x60 [ 120.376883][ T587] ? arch_stack_walk+0xf8/0x140 [ 120.381718][ T587] ? snprintf+0xd6/0x120 [ 120.385937][ T587] kernfs_new_node+0x97/0x170 [ 120.390592][ T587] __kernfs_create_file+0x4a/0x270 [ 120.395692][ T587] cgroup_addrm_files+0xab8/0xfe0 [ 120.400701][ T587] ? ____kasan_kmalloc+0xdc/0x110 [ 120.405699][ T587] ? __kasan_kmalloc+0x9/0x10 [ 120.410354][ T587] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 120.415886][ T587] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 120.422134][ T587] ? delete_node+0x759/0x7b0 [ 120.426711][ T587] ? __kasan_check_read+0x11/0x20 [ 120.431720][ T587] ? delete_node+0x759/0x7b0 [ 120.436287][ T587] ? __kasan_check_write+0x14/0x20 [ 120.441381][ T587] ? idr_replace+0x1c4/0x230 [ 120.445968][ T587] ? idr_get_next+0x4b0/0x4b0 [ 120.450635][ T587] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 120.455651][ T587] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 120.460834][ T587] css_populate_dir+0x137/0x370 [ 120.465672][ T587] cgroup_apply_control_enable+0x8b9/0x12f0 [ 120.471540][ T587] cgroup_apply_control+0x93/0x710 [ 120.476626][ T587] ? css_next_child+0x160/0x160 [ 120.481476][ T587] ? stack_trace_save+0x12d/0x1f0 [ 120.486490][ T587] ? io_schedule+0x120/0x120 [ 120.491063][ T587] ? kernfs_fop_write_iter+0x15e/0x410 [ 120.496508][ T587] ? __kasan_check_write+0x14/0x20 [ 120.501600][ T587] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 120.506862][ T587] cgroup_subtree_control_write+0xd19/0x1310 [ 120.512819][ T587] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 120.518775][ T587] ? __kasan_check_write+0x14/0x20 [ 120.523870][ T587] ? _copy_from_iter+0x3fb/0xd60 [ 120.528794][ T587] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 120.534750][ T587] cgroup_file_write+0x28e/0x590 [ 120.539661][ T587] ? cgroup_seqfile_stop+0xc0/0xc0 [ 120.544759][ T587] ? mutex_lock+0xa6/0x110 [ 120.549172][ T587] ? mutex_trylock+0xb0/0xb0 [ 120.553756][ T587] ? __kasan_check_write+0x14/0x20 [ 120.558855][ T587] kernfs_fop_write_iter+0x2d0/0x410 [ 120.564123][ T587] ? cgroup_seqfile_stop+0xc0/0xc0 [ 120.569222][ T587] vfs_write+0xc1c/0xf40 [ 120.573442][ T587] ? __kasan_check_write+0x14/0x20 [ 120.578531][ T587] ? kernel_write+0x3c0/0x3c0 [ 120.583195][ T587] ? _raw_spin_unlock_irq+0x4e/0x70 [ 120.588380][ T587] ? ptrace_stop+0x6ff/0x9f0 [ 120.592946][ T587] ? __kasan_check_read+0x11/0x20 [ 120.597956][ T587] ? __fdget_pos+0x27e/0x310 [ 120.602541][ T587] ksys_write+0x198/0x2c0 [ 120.606867][ T587] ? do_notify_parent+0xa60/0xa60 [ 120.611878][ T587] ? __ia32_sys_read+0x90/0x90 [ 120.616616][ T587] ? __ia32_sys_open+0x270/0x270 [ 120.621535][ T587] __x64_sys_write+0x7b/0x90 [ 120.626116][ T587] do_syscall_64+0x34/0x70 [ 120.630526][ T587] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 120.636409][ T587] RIP: 0033:0x7fc8ece62c09 [ 120.640818][ T587] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 120.660405][ T587] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 591] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 587] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 591] <... mount resumed>) = 0 [pid 591] open("./file0", O_RDONLY [pid 587] close(3 [pid 591] <... open resumed>) = 3 [pid 591] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 591] write(4, "-pids ", 6 [pid 587] <... close resumed>) = 0 [pid 587] close(4) = 0 [pid 587] close(5) = 0 [pid 587] close(6) = -1 EBADF (Bad file descriptor) [pid 587] close(7) = -1 EBADF (Bad file descriptor) [pid 587] close(8) = -1 EBADF (Bad file descriptor) [pid 587] close(9) = -1 EBADF (Bad file descriptor) [pid 587] close(10) = -1 EBADF (Bad file descriptor) [pid 587] close(11) = -1 EBADF (Bad file descriptor) [pid 587] close(12) = -1 EBADF (Bad file descriptor) [pid 587] close(13) = -1 EBADF (Bad file descriptor) [pid 587] close(14) = -1 EBADF (Bad file descriptor) [pid 587] close(15) = -1 EBADF (Bad file descriptor) [pid 587] close(16) = -1 EBADF (Bad file descriptor) [pid 587] close(17) = -1 EBADF (Bad file descriptor) [pid 587] close(18) = -1 EBADF (Bad file descriptor) [pid 587] close(19) = -1 EBADF (Bad file descriptor) [pid 587] close(20) = -1 EBADF (Bad file descriptor) [pid 587] close(21) = -1 EBADF (Bad file descriptor) [pid 587] close(22) = -1 EBADF (Bad file descriptor) [pid 587] close(23) = -1 EBADF (Bad file descriptor) [pid 587] close(24) = -1 EBADF (Bad file descriptor) [pid 587] close(25) = -1 EBADF (Bad file descriptor) [pid 587] close(26) = -1 EBADF (Bad file descriptor) [pid 587] close(27) = -1 EBADF (Bad file descriptor) [pid 587] close(28) = -1 EBADF (Bad file descriptor) [pid 587] close(29) = -1 EBADF (Bad file descriptor) [pid 587] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 587] exit_group(0) = ? [pid 587] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./34/binderfs") = 0 [pid 376] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./34/cgroup") = 0 [pid 376] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./34/cgroup.net") = 0 [pid 376] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./34/file0") = 0 [pid 376] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./34/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./34") = 0 [pid 376] mkdir("./35", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 592 attached [pid 592] chdir("./35" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 37 [pid 592] <... chdir resumed>) = 0 [pid 592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 592] setpgid(0, 0) = 0 [pid 592] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 592] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 592] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 592] write(3, "1000", 4) = 4 [pid 592] close(3) = 0 [pid 592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 592] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 592] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 592] open("./file0", O_RDONLY) = 3 [pid 592] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 592] write(4, "-pids ", 6) = 6 [pid 592] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 120.668798][ T587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 120.676758][ T587] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 120.684705][ T587] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 120.692662][ T587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 120.700621][ T587] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000022 [ 120.708642][ T587] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 592] write(5, "22", 2) = 2 [ 120.750521][ T590] FAULT_INJECTION: forcing a failure. [ 120.750521][ T590] name failslab, interval 1, probability 0, space 0, times 0 [ 120.763198][ T590] CPU: 1 PID: 590 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 120.774817][ T590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.784851][ T590] Call Trace: [ 120.788132][ T590] dump_stack_lvl+0x1e2/0x24b [ 120.792792][ T590] ? bfq_pos_tree_add_move+0x43e/0x43e [ 120.798232][ T590] ? selinux_kernfs_init_security+0x1a8/0x760 [ 120.804293][ T590] dump_stack+0x15/0x17 [ 120.808432][ T590] should_fail+0x3c0/0x510 [ 120.812831][ T590] ? __kernfs_new_node+0x99/0x6e0 [ 120.817838][ T590] __should_failslab+0x9f/0xe0 [ 120.822682][ T590] should_failslab+0x9/0x20 [ 120.827173][ T590] __kmalloc_track_caller+0x5f/0x350 [ 120.832442][ T590] kstrdup_const+0x55/0x90 [ 120.836852][ T590] __kernfs_new_node+0x99/0x6e0 [ 120.841688][ T590] ? is_module_text_address+0xe1/0x140 [ 120.847125][ T590] ? kernfs_new_node+0x170/0x170 [ 120.852043][ T590] ? ptr_to_hashval+0x60/0x60 [ 120.856702][ T590] ? arch_stack_walk+0xf8/0x140 [ 120.861540][ T590] ? snprintf+0xd6/0x120 [ 120.865767][ T590] kernfs_new_node+0x97/0x170 [ 120.870426][ T590] __kernfs_create_file+0x4a/0x270 [ 120.875517][ T590] cgroup_addrm_files+0xab8/0xfe0 [ 120.880522][ T590] ? ____kasan_kmalloc+0xdc/0x110 [ 120.885526][ T590] ? __kasan_kmalloc+0x9/0x10 [ 120.890187][ T590] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 120.895717][ T590] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 120.901852][ T590] ? delete_node+0x759/0x7b0 [ 120.906435][ T590] ? __kasan_check_read+0x11/0x20 [ 120.911436][ T590] ? delete_node+0x759/0x7b0 [ 120.916004][ T590] ? __kasan_check_write+0x14/0x20 [ 120.921103][ T590] ? idr_replace+0x1c4/0x230 [ 120.925674][ T590] ? idr_get_next+0x4b0/0x4b0 [ 120.930755][ T590] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 120.935759][ T590] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 120.940936][ T590] css_populate_dir+0x137/0x370 [ 120.945768][ T590] cgroup_apply_control_enable+0x8b9/0x12f0 [ 120.951638][ T590] cgroup_apply_control+0x93/0x710 [ 120.956730][ T590] ? css_next_child+0x160/0x160 [ 120.961559][ T590] ? stack_trace_save+0x12d/0x1f0 [ 120.966563][ T590] ? io_schedule+0x120/0x120 [ 120.971140][ T590] ? kernfs_fop_write_iter+0x15e/0x410 [ 120.976577][ T590] ? __kasan_check_write+0x14/0x20 [ 120.981671][ T590] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 120.986934][ T590] cgroup_subtree_control_write+0xd19/0x1310 [ 120.992891][ T590] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 120.998856][ T590] ? __kasan_check_write+0x14/0x20 [ 121.003946][ T590] ? _copy_from_iter+0x3fb/0xd60 [ 121.008860][ T590] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 121.014816][ T590] cgroup_file_write+0x28e/0x590 [ 121.019731][ T590] ? cgroup_seqfile_stop+0xc0/0xc0 [ 121.024823][ T590] ? mutex_lock+0xa6/0x110 [ 121.029698][ T590] ? mutex_trylock+0xb0/0xb0 [ 121.034266][ T590] ? __kasan_check_write+0x14/0x20 [ 121.039356][ T590] kernfs_fop_write_iter+0x2d0/0x410 [ 121.044620][ T590] ? cgroup_seqfile_stop+0xc0/0xc0 [ 121.049714][ T590] vfs_write+0xc1c/0xf40 [ 121.053937][ T590] ? __kasan_check_write+0x14/0x20 [ 121.059041][ T590] ? kernel_write+0x3c0/0x3c0 [ 121.063701][ T590] ? _raw_spin_unlock_irq+0x4e/0x70 [ 121.068892][ T590] ? ptrace_stop+0x6ff/0x9f0 [ 121.073468][ T590] ? __kasan_check_read+0x11/0x20 [ 121.078474][ T590] ? __fdget_pos+0x27e/0x310 [ 121.083044][ T590] ksys_write+0x198/0x2c0 [ 121.087361][ T590] ? do_notify_parent+0xa60/0xa60 [ 121.092368][ T590] ? __ia32_sys_read+0x90/0x90 [ 121.097116][ T590] ? __ia32_sys_open+0x270/0x270 [ 121.102036][ T590] __x64_sys_write+0x7b/0x90 [ 121.106608][ T590] do_syscall_64+0x34/0x70 [ 121.111003][ T590] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 121.116876][ T590] RIP: 0033:0x7fc8ece62c09 [ 121.121276][ T590] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 121.141296][ T590] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 592] write(4, "+pids ", 6 [pid 590] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 590] close(3) = 0 [pid 590] close(4) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = -1 EBADF (Bad file descriptor) [pid 590] close(7) = -1 EBADF (Bad file descriptor) [pid 590] close(8) = -1 EBADF (Bad file descriptor) [pid 590] close(9) = -1 EBADF (Bad file descriptor) [pid 590] close(10) = -1 EBADF (Bad file descriptor) [pid 590] close(11) = -1 EBADF (Bad file descriptor) [pid 590] close(12) = -1 EBADF (Bad file descriptor) [pid 590] close(13) = -1 EBADF (Bad file descriptor) [pid 590] close(14) = -1 EBADF (Bad file descriptor) [pid 590] close(15) = -1 EBADF (Bad file descriptor) [pid 590] close(16) = -1 EBADF (Bad file descriptor) [pid 590] close(17) = -1 EBADF (Bad file descriptor) [pid 590] close(18) = -1 EBADF (Bad file descriptor) [pid 590] close(19) = -1 EBADF (Bad file descriptor) [pid 590] close(20) = -1 EBADF (Bad file descriptor) [pid 590] close(21) = -1 EBADF (Bad file descriptor) [pid 590] close(22) = -1 EBADF (Bad file descriptor) [pid 590] close(23) = -1 EBADF (Bad file descriptor) [pid 590] close(24) = -1 EBADF (Bad file descriptor) [pid 590] close(25) = -1 EBADF (Bad file descriptor) [pid 590] close(26) = -1 EBADF (Bad file descriptor) [pid 590] close(27) = -1 EBADF (Bad file descriptor) [pid 590] close(28) = -1 EBADF (Bad file descriptor) [pid 590] close(29) = -1 EBADF (Bad file descriptor) [pid 590] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 590] exit_group(0) = ? [pid 590] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.149692][ T590] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 121.157644][ T590] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 121.165595][ T590] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 121.173544][ T590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 121.181493][ T590] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000024 [ 121.190110][ T590] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 375] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 589] <... write resumed>) = 6 [pid 375] unlink("./36/binderfs") = 0 [pid 375] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./36/cgroup") = 0 [pid 375] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./36/cgroup.net", [pid 589] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./36/cgroup.net") = 0 [pid 375] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 589] <... openat resumed>) = 5 [pid 589] write(5, "22", 2) = 2 [ 121.220528][ T588] FAULT_INJECTION: forcing a failure. [ 121.220528][ T588] name failslab, interval 1, probability 0, space 0, times 0 [ 121.233267][ T588] CPU: 0 PID: 588 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 121.244883][ T588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.254916][ T588] Call Trace: [ 121.258186][ T588] dump_stack_lvl+0x1e2/0x24b [ 121.262853][ T588] ? bfq_pos_tree_add_move+0x43e/0x43e [ 121.268302][ T588] ? selinux_kernfs_init_security+0x1a8/0x760 [ 121.274347][ T588] dump_stack+0x15/0x17 [ 121.278481][ T588] should_fail+0x3c0/0x510 [ 121.283014][ T588] ? __kernfs_new_node+0x99/0x6e0 [ 121.288028][ T588] __should_failslab+0x9f/0xe0 [ 121.292784][ T588] should_failslab+0x9/0x20 [ 121.297267][ T588] __kmalloc_track_caller+0x5f/0x350 [ 121.302528][ T588] kstrdup_const+0x55/0x90 [ 121.306922][ T588] __kernfs_new_node+0x99/0x6e0 [ 121.311752][ T588] ? is_module_text_address+0xe1/0x140 [ 121.317195][ T588] ? kernfs_new_node+0x170/0x170 [ 121.322114][ T588] ? ptr_to_hashval+0x60/0x60 [ 121.326777][ T588] ? arch_stack_walk+0xf8/0x140 [ 121.331611][ T588] ? snprintf+0xd6/0x120 [ 121.335836][ T588] kernfs_new_node+0x97/0x170 [ 121.340488][ T588] __kernfs_create_file+0x4a/0x270 [ 121.345575][ T588] cgroup_addrm_files+0xab8/0xfe0 [ 121.350584][ T588] ? ____kasan_kmalloc+0xdc/0x110 [ 121.355591][ T588] ? __kasan_kmalloc+0x9/0x10 [ 121.360251][ T588] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 121.365773][ T588] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 121.371910][ T588] ? delete_node+0x759/0x7b0 [ 121.376490][ T588] ? __kasan_check_read+0x11/0x20 [ 121.381491][ T588] ? delete_node+0x759/0x7b0 [ 121.386056][ T588] ? __kasan_check_write+0x14/0x20 [ 121.391148][ T588] ? idr_replace+0x1c4/0x230 [ 121.395712][ T588] ? idr_get_next+0x4b0/0x4b0 [ 121.400362][ T588] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 121.405628][ T588] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 121.410809][ T588] css_populate_dir+0x137/0x370 [ 121.415650][ T588] cgroup_apply_control_enable+0x8b9/0x12f0 [ 121.421531][ T588] cgroup_apply_control+0x93/0x710 [ 121.426626][ T588] ? css_next_child+0x160/0x160 [ 121.431456][ T588] ? io_schedule+0x120/0x120 [ 121.436021][ T588] ? kernfs_fop_write_iter+0x15e/0x410 [ 121.441469][ T588] ? __kasan_check_write+0x14/0x20 [ 121.446564][ T588] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 121.451828][ T588] cgroup_subtree_control_write+0xd19/0x1310 [ 121.457790][ T588] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 121.463748][ T588] ? __kasan_check_write+0x14/0x20 [ 121.468843][ T588] ? _copy_from_iter+0x3fb/0xd60 [ 121.473768][ T588] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 121.479725][ T588] cgroup_file_write+0x28e/0x590 [ 121.484641][ T588] ? cgroup_seqfile_stop+0xc0/0xc0 [ 121.489730][ T588] ? mutex_lock+0xa6/0x110 [ 121.494126][ T588] ? mutex_trylock+0xb0/0xb0 [ 121.498703][ T588] ? __kasan_check_write+0x14/0x20 [ 121.503798][ T588] kernfs_fop_write_iter+0x2d0/0x410 [ 121.509091][ T588] ? cgroup_seqfile_stop+0xc0/0xc0 [ 121.514189][ T588] vfs_write+0xc1c/0xf40 [ 121.518414][ T588] ? __kasan_check_write+0x14/0x20 [ 121.523509][ T588] ? kernel_write+0x3c0/0x3c0 [ 121.528164][ T588] ? _raw_spin_unlock_irq+0x4e/0x70 [ 121.533350][ T588] ? ptrace_stop+0x6ff/0x9f0 [ 121.537927][ T588] ? __kasan_check_read+0x11/0x20 [ 121.542926][ T588] ? __fdget_pos+0x27e/0x310 [ 121.547490][ T588] ksys_write+0x198/0x2c0 [ 121.551803][ T588] ? do_notify_parent+0xa60/0xa60 [ 121.556801][ T588] ? __ia32_sys_read+0x90/0x90 [ 121.561546][ T588] ? __ia32_sys_open+0x270/0x270 [ 121.566470][ T588] __x64_sys_write+0x7b/0x90 [ 121.571042][ T588] do_syscall_64+0x34/0x70 [ 121.575447][ T588] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 121.581313][ T588] RIP: 0033:0x7fc8ece62c09 [ 121.585713][ T588] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 121.605304][ T588] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 121.613701][ T588] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 121.621659][ T588] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 121.629605][ T588] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 121.637905][ T588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 121.645862][ T588] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001e [ 121.654003][ T588] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 121.654286][ T375] ------------[ cut here ]------------ [ 121.666490][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 121.675408][ T375] Modules linked in: [ 121.679292][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 121.690917][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.700976][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 121.706587][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 121.726193][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 121.732267][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 121.740248][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 121.748218][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 121.756208][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 121.764182][ T375] R13: ffff888116a96000 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [pid 589] write(4, "+pids ", 6write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 588] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 588] close(3) = 0 [pid 588] close(4) = 0 [pid 588] close(5) = 0 [pid 588] close(6) = -1 EBADF (Bad file descriptor) [pid 588] close(7) = -1 EBADF (Bad file descriptor) [pid 588] close(8) = -1 EBADF (Bad file descriptor) [pid 588] close(9) = -1 EBADF (Bad file descriptor) [pid 588] close(10) = -1 EBADF (Bad file descriptor) [pid 588] close(11) = -1 EBADF (Bad file descriptor) [pid 588] close(12) = -1 EBADF (Bad file descriptor) [pid 588] close(13) = -1 EBADF (Bad file descriptor) [pid 588] close(14) = -1 EBADF (Bad file descriptor) [pid 588] close(15) = -1 EBADF (Bad file descriptor) [pid 588] close(16) = -1 EBADF (Bad file descriptor) [pid 588] close(17) = -1 EBADF (Bad file descriptor) [pid 588] close(18) = -1 EBADF (Bad file descriptor) [pid 588] close(19) = -1 EBADF (Bad file descriptor) [pid 588] close(20) = -1 EBADF (Bad file descriptor) [pid 588] close(21) = -1 EBADF (Bad file descriptor) [pid 588] close(22) = -1 EBADF (Bad file descriptor) [pid 588] close(23) = -1 EBADF (Bad file descriptor) [pid 588] close(24) = -1 EBADF (Bad file descriptor) [pid 588] close(25) = -1 EBADF (Bad file descriptor) [pid 588] close(26) = -1 EBADF (Bad file descriptor) [pid 588] close(27) = -1 EBADF (Bad file descriptor) [pid 588] close(28) = -1 EBADF (Bad file descriptor) [pid 588] close(29) = -1 EBADF (Bad file descriptor) [pid 588] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 588] exit_group(0) = ? [pid 588] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 121.772152][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 121.781088][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.787656][ T375] CR2: 00007fc8ece1cc86 CR3: 000000011dd54000 CR4: 00000000003506a0 [ 121.795629][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 121.803597][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 121.811696][ T375] Call Trace: [ 121.814975][ T375] ? lockref_get_or_lock+0x340/0x340 [ 121.820257][ T375] ? umount_tree+0xf50/0xf50 [ 121.824909][ T375] ? vfs_submount+0xb0/0xb0 [ 121.829397][ T375] ? dput+0x2b6/0x320 [ 121.833379][ T375] path_umount+0x1fe/0xfb0 [ 121.837779][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 121.842817][ T375] ? user_path_at_empty+0x40/0x50 [ 121.847820][ T375] __x64_sys_umount+0x122/0x170 [ 121.852669][ T375] ? path_umount+0xfb0/0xfb0 [ 121.857249][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 121.863220][ T375] do_syscall_64+0x34/0x70 [ 121.867622][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 121.873515][ T375] RIP: 0033:0x7fc8ece63fb7 [ 121.877915][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 121.897511][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 121.905918][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 121.913883][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [pid 380] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... openat resumed>) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./30/binderfs") = 0 [pid 380] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] lstat("./36/file0", [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./30/cgroup") = 0 [pid 380] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./30/cgroup.net") = 0 [pid 380] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] lstat("./30/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./30/file0" [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] <... rmdir resumed>) = 0 [pid 380] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./30/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./30/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./30" [pid 375] <... openat resumed>) = 4 [pid 380] <... rmdir resumed>) = 0 [pid 375] fstat(4, [pid 380] mkdir("./31", 0777 [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, [pid 380] <... mkdir resumed>) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 33 ./strace-static-x86_64: Process 593 attached [pid 593] chdir("./31" [pid 375] close(4 [pid 593] <... chdir resumed>) = 0 [pid 593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 593] setpgid(0, 0) = 0 [pid 593] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 375] <... close resumed>) = 0 [pid 593] <... symlink resumed>) = 0 [pid 593] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 593] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 375] rmdir("./36/file0" [pid 593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 593] write(3, "1000", 4) = 4 [pid 593] close(3) = 0 [pid 593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 593] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 593] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 375] <... rmdir resumed>) = 0 [pid 593] <... mount resumed>) = 0 [pid 593] open("./file0", O_RDONLY) = 3 [pid 593] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 121.921847][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 121.929800][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 121.937772][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000025 [ 121.945735][ T375] ---[ end trace d4de1ca9cdcd197e ]--- [ 121.965819][ T589] FAULT_INJECTION: forcing a failure. [pid 593] write(4, "-pids ", 6 [pid 375] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./36/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./36") = 0 [pid 375] mkdir("./37", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 594 attached [pid 594] chdir("./37" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 39 [pid 594] <... chdir resumed>) = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 594] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 594] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 121.965819][ T589] name failslab, interval 1, probability 0, space 0, times 0 [ 121.978802][ T589] CPU: 1 PID: 589 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 121.990436][ T589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.000468][ T589] Call Trace: [ 122.003744][ T589] dump_stack_lvl+0x1e2/0x24b [ 122.008407][ T589] ? panic+0x7d7/0x7d7 [ 122.012461][ T589] ? bfq_pos_tree_add_move+0x43e/0x43e [ 122.017898][ T589] ? find_next_bit+0xd6/0x120 [ 122.022550][ T589] ? cpumask_next+0x11/0x30 [ 122.027037][ T589] dump_stack+0x15/0x17 [ 122.031178][ T589] should_fail+0x3c0/0x510 [ 122.035662][ T589] ? percpu_ref_init+0xd0/0x330 [ 122.040489][ T589] __should_failslab+0x9f/0xe0 [ 122.045237][ T589] should_failslab+0x9/0x20 [ 122.049724][ T589] kmem_cache_alloc_trace+0x3a/0x330 [ 122.054983][ T589] percpu_ref_init+0xd0/0x330 [ 122.059632][ T589] ? cgroup_setup_root+0xea0/0xea0 [ 122.064719][ T589] cgroup_apply_control_enable+0x3a2/0x12f0 [ 122.070589][ T589] cgroup_apply_control+0x93/0x710 [ 122.075678][ T589] ? css_next_child+0x160/0x160 [ 122.080506][ T589] ? io_schedule+0x120/0x120 [ 122.085087][ T589] ? kernfs_fop_write_iter+0x15e/0x410 [ 122.090535][ T589] ? __kasan_check_write+0x14/0x20 [ 122.095621][ T589] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 122.100880][ T589] cgroup_subtree_control_write+0xd19/0x1310 [ 122.106844][ T589] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.112808][ T589] ? __kasan_check_write+0x14/0x20 [ 122.117893][ T589] ? _copy_from_iter+0x3fb/0xd60 [pid 594] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 381] kill(-35, SIGKILL) = 0 [pid 381] kill(35, SIGKILL) = 0 [ 122.122804][ T589] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.129105][ T589] cgroup_file_write+0x28e/0x590 [ 122.134034][ T589] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.139139][ T589] ? mutex_lock+0xa6/0x110 [ 122.143540][ T589] ? mutex_trylock+0xb0/0xb0 [ 122.148113][ T589] ? __kasan_check_write+0x14/0x20 [ 122.153305][ T589] kernfs_fop_write_iter+0x2d0/0x410 [ 122.158579][ T589] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.163675][ T589] vfs_write+0xc1c/0xf40 [ 122.167898][ T589] ? __kasan_check_write+0x14/0x20 [ 122.172989][ T589] ? kernel_write+0x3c0/0x3c0 [ 122.177654][ T589] ? _raw_spin_unlock_irq+0x4e/0x70 [ 122.182846][ T589] ? ptrace_stop+0x6ff/0x9f0 [ 122.187422][ T589] ? __kasan_check_read+0x11/0x20 [ 122.192514][ T589] ? __fdget_pos+0x27e/0x310 [ 122.197086][ T589] ksys_write+0x198/0x2c0 [ 122.201402][ T589] ? do_notify_parent+0xa60/0xa60 [ 122.206406][ T589] ? __ia32_sys_read+0x90/0x90 [ 122.211162][ T589] ? __ia32_sys_open+0x270/0x270 [ 122.216083][ T589] __x64_sys_write+0x7b/0x90 [ 122.220649][ T589] do_syscall_64+0x34/0x70 [ 122.225041][ T589] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 122.230904][ T589] RIP: 0033:0x7fc8ece62c09 [ 122.235295][ T589] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 122.254878][ T589] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.263281][ T589] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 594] <... mount resumed>) = 0 [pid 589] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 594] open("./file0", O_RDONLY [pid 589] close(3 [pid 594] <... open resumed>) = 3 [pid 589] <... close resumed>) = 0 [pid 594] openat(3, "cgroup.subtree_control", O_RDWR [pid 589] close(4 [pid 594] <... openat resumed>) = 4 [pid 589] <... close resumed>) = 0 [pid 594] write(4, "-pids ", 6 [pid 589] close(5) = 0 [pid 589] close(6) = -1 EBADF (Bad file descriptor) [pid 589] close(7) = -1 EBADF (Bad file descriptor) [pid 589] close(8) = -1 EBADF (Bad file descriptor) [pid 589] close(9) = -1 EBADF (Bad file descriptor) [pid 589] close(10) = -1 EBADF (Bad file descriptor) [pid 589] close(11) = -1 EBADF (Bad file descriptor) [pid 589] close(12) = -1 EBADF (Bad file descriptor) [pid 589] close(13) = -1 EBADF (Bad file descriptor) [pid 589] close(14) = -1 EBADF (Bad file descriptor) [pid 589] close(15) = -1 EBADF (Bad file descriptor) [pid 589] close(16) = -1 EBADF (Bad file descriptor) [pid 589] close(17) = -1 EBADF (Bad file descriptor) [pid 589] close(18) = -1 EBADF (Bad file descriptor) [pid 589] close(19) = -1 EBADF (Bad file descriptor) [pid 589] close(20) = -1 EBADF (Bad file descriptor) [pid 589] close(21) = -1 EBADF (Bad file descriptor) [pid 589] close(22) = -1 EBADF (Bad file descriptor) [pid 589] close(23) = -1 EBADF (Bad file descriptor) [pid 589] close(24) = -1 EBADF (Bad file descriptor) [pid 589] close(25) = -1 EBADF (Bad file descriptor) [pid 589] close(26) = -1 EBADF (Bad file descriptor) [pid 589] close(27) = -1 EBADF (Bad file descriptor) [pid 589] close(28) = -1 EBADF (Bad file descriptor) [pid 589] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 589] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 589] exit_group(0) = ? [pid 589] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./29/binderfs") = 0 [pid 383] umount2("./29/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./29/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./29/cgroup") = 0 [pid 383] umount2("./29/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./29/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./29/cgroup.net") = 0 [pid 383] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./29/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./29/file0") = 0 [pid 383] umount2("./29/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./29/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./29/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./29") = 0 [pid 383] mkdir("./30", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 32 ./strace-static-x86_64: Process 595 attached [pid 595] chdir("./30") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 595] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 595] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [ 122.271233][ T589] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 122.279195][ T589] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 122.287153][ T589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 122.295108][ T589] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001d [pid 594] <... write resumed>) = 6 [pid 593] <... write resumed>) = 6 [pid 593] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 595] symlink("/dev/binderfs", "./binderfs" [pid 594] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 593] <... openat resumed>) = 5 [pid 594] <... openat resumed>) = 5 [pid 593] write(5, "22", 2 [pid 594] write(5, "22", 2 [pid 593] <... write resumed>) = 2 [pid 594] <... write resumed>) = 2 [pid 593] write(4, "+pids ", 6 [pid 595] <... symlink resumed>) = 0 [pid 594] write(4, "+pids ", 6 [pid 595] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 122.320526][ T583] FAULT_INJECTION: forcing a failure. [ 122.320526][ T583] name failslab, interval 1, probability 0, space 0, times 0 [ 122.334869][ T583] CPU: 0 PID: 583 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 122.346489][ T583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.356522][ T583] Call Trace: [ 122.359797][ T583] dump_stack_lvl+0x1e2/0x24b [ 122.364450][ T583] ? panic+0x7d7/0x7d7 [ 122.368495][ T583] ? bfq_pos_tree_add_move+0x43e/0x43e [ 122.373929][ T583] ? find_next_bit+0xd6/0x120 [ 122.378580][ T583] ? cpumask_next+0x11/0x30 [ 122.383058][ T583] dump_stack+0x15/0x17 [ 122.387198][ T583] should_fail+0x3c0/0x510 [ 122.391602][ T583] ? percpu_ref_init+0xd0/0x330 [ 122.396426][ T583] __should_failslab+0x9f/0xe0 [ 122.401167][ T583] should_failslab+0x9/0x20 [ 122.405646][ T583] kmem_cache_alloc_trace+0x3a/0x330 [ 122.410905][ T583] percpu_ref_init+0xd0/0x330 [ 122.415565][ T583] ? cgroup_setup_root+0xea0/0xea0 [ 122.420674][ T583] cgroup_apply_control_enable+0x3a2/0x12f0 [ 122.426558][ T583] cgroup_apply_control+0x93/0x710 [ 122.431645][ T583] ? css_next_child+0x160/0x160 [ 122.436474][ T583] ? io_schedule+0x120/0x120 [ 122.441046][ T583] ? kernfs_fop_write_iter+0x15e/0x410 [ 122.446490][ T583] ? __kasan_check_write+0x14/0x20 [ 122.451605][ T583] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 122.456883][ T583] cgroup_subtree_control_write+0xd19/0x1310 [ 122.462836][ T583] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.468814][ T583] ? __kasan_check_write+0x14/0x20 [ 122.473936][ T583] ? _copy_from_iter+0x3fb/0xd60 [ 122.478863][ T583] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.484822][ T583] cgroup_file_write+0x28e/0x590 [ 122.489750][ T583] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.494855][ T583] ? mutex_lock+0xa6/0x110 [ 122.499263][ T583] ? mutex_trylock+0xb0/0xb0 [ 122.503839][ T583] ? __kasan_check_write+0x14/0x20 [ 122.508939][ T583] kernfs_fop_write_iter+0x2d0/0x410 [ 122.514211][ T583] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.519311][ T583] vfs_write+0xc1c/0xf40 [ 122.523542][ T583] ? __kasan_check_write+0x14/0x20 [ 122.528643][ T583] ? kernel_write+0x3c0/0x3c0 [ 122.533308][ T583] ? _raw_spin_unlock_irq+0x4e/0x70 [ 122.538485][ T583] ? ptrace_stop+0x6ff/0x9f0 [ 122.543054][ T583] ? __kasan_check_read+0x11/0x20 [ 122.548071][ T583] ? __fdget_pos+0x27e/0x310 [ 122.552654][ T583] ksys_write+0x198/0x2c0 [ 122.556968][ T583] ? do_notify_parent+0xa60/0xa60 [ 122.561978][ T583] ? __ia32_sys_read+0x90/0x90 [ 122.566716][ T583] ? __ia32_sys_open+0x270/0x270 [ 122.571803][ T583] __x64_sys_write+0x7b/0x90 [ 122.576379][ T583] do_syscall_64+0x34/0x70 [ 122.580786][ T583] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 122.586662][ T583] RIP: 0033:0x7fc8ece62c09 [ 122.591062][ T583] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 122.610642][ T583] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 595] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 583] <... write resumed>) = ? [pid 595] open("./file0", O_RDONLY [pid 583] +++ killed by SIGKILL +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=35, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 381] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 595] <... open resumed>) = 3 [pid 595] openat(3, "cgroup.subtree_control", O_RDWR [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./33/binderfs") = 0 [pid 381] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./33/cgroup" [pid 595] <... openat resumed>) = 4 [pid 595] write(4, "-pids ", 6 [pid 381] <... unlink resumed>) = 0 [pid 381] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./33/cgroup.net") = 0 [pid 381] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./33/file0") = 0 [pid 381] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./33/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./33") = 0 [pid 381] mkdir("./34", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 36 ./strace-static-x86_64: Process 596 attached [pid 596] chdir("./34") = 0 [pid 596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 596] setpgid(0, 0) = 0 [pid 596] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 122.619035][ T583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 122.626983][ T583] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 122.634942][ T583] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 122.642896][ T583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 122.650848][ T583] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000021 [ 122.670682][ T594] FAULT_INJECTION: forcing a failure. [pid 596] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 596] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 596] write(3, "1000", 4) = 4 [pid 596] close(3) = 0 [pid 596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 596] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 122.670682][ T594] name failslab, interval 1, probability 0, space 0, times 0 [ 122.683336][ T594] CPU: 0 PID: 594 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 122.694947][ T594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.705017][ T594] Call Trace: [ 122.708290][ T594] dump_stack_lvl+0x1e2/0x24b [ 122.712947][ T594] ? bfq_pos_tree_add_move+0x43e/0x43e [ 122.718386][ T594] ? selinux_kernfs_init_security+0x1a8/0x760 [ 122.724566][ T594] dump_stack+0x15/0x17 [ 122.728699][ T594] should_fail+0x3c0/0x510 [ 122.733091][ T594] ? __kernfs_new_node+0x99/0x6e0 [ 122.738095][ T594] __should_failslab+0x9f/0xe0 [ 122.742838][ T594] should_failslab+0x9/0x20 [ 122.747448][ T594] __kmalloc_track_caller+0x5f/0x350 [ 122.752726][ T594] kstrdup_const+0x55/0x90 [ 122.757127][ T594] __kernfs_new_node+0x99/0x6e0 [ 122.761960][ T594] ? is_module_text_address+0xe1/0x140 [ 122.767417][ T594] ? kernfs_new_node+0x170/0x170 [ 122.772338][ T594] ? ptr_to_hashval+0x60/0x60 [ 122.777007][ T594] ? arch_stack_walk+0xf8/0x140 [ 122.781841][ T594] ? snprintf+0xd6/0x120 [ 122.786058][ T594] kernfs_new_node+0x97/0x170 [ 122.790709][ T594] __kernfs_create_file+0x4a/0x270 [ 122.795800][ T594] cgroup_addrm_files+0xab8/0xfe0 [ 122.800809][ T594] ? ____kasan_kmalloc+0xdc/0x110 [ 122.805807][ T594] ? __kasan_kmalloc+0x9/0x10 [ 122.810492][ T594] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 122.816027][ T594] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 122.822153][ T594] ? delete_node+0x759/0x7b0 [ 122.826717][ T594] ? __kasan_check_read+0x11/0x20 [ 122.831728][ T594] ? delete_node+0x759/0x7b0 [ 122.836312][ T594] ? __kasan_check_write+0x14/0x20 [ 122.841409][ T594] ? idr_replace+0x1c4/0x230 [ 122.845978][ T594] ? idr_get_next+0x4b0/0x4b0 [ 122.850631][ T594] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 122.855636][ T594] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 122.860812][ T594] css_populate_dir+0x137/0x370 [ 122.865650][ T594] cgroup_apply_control_enable+0x8b9/0x12f0 [ 122.871540][ T594] cgroup_apply_control+0x93/0x710 [ 122.876638][ T594] ? css_next_child+0x160/0x160 [ 122.881465][ T594] ? io_schedule+0x120/0x120 [ 122.886040][ T594] ? kernfs_fop_write_iter+0x15e/0x410 [ 122.891493][ T594] ? __kasan_check_write+0x14/0x20 [ 122.896586][ T594] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 122.901847][ T594] cgroup_subtree_control_write+0xd19/0x1310 [ 122.907804][ T594] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.913758][ T594] ? __kasan_check_write+0x14/0x20 [ 122.918853][ T594] ? _copy_from_iter+0x3fb/0xd60 [ 122.923774][ T594] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 122.929728][ T594] cgroup_file_write+0x28e/0x590 [ 122.934641][ T594] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.939732][ T594] ? mutex_lock+0xa6/0x110 [ 122.944135][ T594] ? mutex_trylock+0xb0/0xb0 [ 122.948711][ T594] ? __kasan_check_write+0x14/0x20 [ 122.953800][ T594] kernfs_fop_write_iter+0x2d0/0x410 [ 122.959059][ T594] ? cgroup_seqfile_stop+0xc0/0xc0 [ 122.964148][ T594] vfs_write+0xc1c/0xf40 [ 122.968369][ T594] ? __kasan_check_write+0x14/0x20 [ 122.973465][ T594] ? kernel_write+0x3c0/0x3c0 [ 122.978128][ T594] ? _raw_spin_unlock_irq+0x4e/0x70 [ 122.983313][ T594] ? ptrace_stop+0x6ff/0x9f0 [ 122.987896][ T594] ? __kasan_check_read+0x11/0x20 [ 122.992925][ T594] ? __fdget_pos+0x27e/0x310 [ 122.997493][ T594] ksys_write+0x198/0x2c0 [ 123.001815][ T594] ? do_notify_parent+0xa60/0xa60 [ 123.006822][ T594] ? __ia32_sys_read+0x90/0x90 [ 123.011571][ T594] ? __ia32_sys_open+0x270/0x270 [ 123.016496][ T594] __x64_sys_write+0x7b/0x90 [ 123.021063][ T594] do_syscall_64+0x34/0x70 [ 123.025456][ T594] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 123.031327][ T594] RIP: 0033:0x7fc8ece62c09 [ 123.035717][ T594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 123.055298][ T594] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 123.063692][ T594] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 596] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 594] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 596] open("./file0", O_RDONLY [pid 594] close(3 [pid 596] <... open resumed>) = 3 [pid 596] openat(3, "cgroup.subtree_control", O_RDWR [pid 594] <... close resumed>) = 0 [pid 596] <... openat resumed>) = 4 [pid 594] close(4 [pid 596] write(4, "-pids ", 6 [pid 594] <... close resumed>) = 0 [pid 594] close(5) = 0 [pid 594] close(6) = -1 EBADF (Bad file descriptor) [pid 594] close(7) = -1 EBADF (Bad file descriptor) [pid 594] close(8) = -1 EBADF (Bad file descriptor) [pid 594] close(9) = -1 EBADF (Bad file descriptor) [pid 594] close(10) = -1 EBADF (Bad file descriptor) [pid 594] close(11) = -1 EBADF (Bad file descriptor) [pid 594] close(12) = -1 EBADF (Bad file descriptor) [pid 594] close(13) = -1 EBADF (Bad file descriptor) [pid 594] close(14) = -1 EBADF (Bad file descriptor) [pid 594] close(15) = -1 EBADF (Bad file descriptor) [pid 594] close(16) = -1 EBADF (Bad file descriptor) [pid 594] close(17) = -1 EBADF (Bad file descriptor) [pid 594] close(18) = -1 EBADF (Bad file descriptor) [pid 594] close(19) = -1 EBADF (Bad file descriptor) [pid 594] close(20) = -1 EBADF (Bad file descriptor) [pid 594] close(21) = -1 EBADF (Bad file descriptor) [pid 594] close(22) = -1 EBADF (Bad file descriptor) [pid 594] close(23) = -1 EBADF (Bad file descriptor) [pid 594] close(24) = -1 EBADF (Bad file descriptor) [pid 594] close(25) = -1 EBADF (Bad file descriptor) [pid 594] close(26) = -1 EBADF (Bad file descriptor) [pid 594] close(27) = -1 EBADF (Bad file descriptor) [pid 594] close(28) = -1 EBADF (Bad file descriptor) [pid 594] close(29) = -1 EBADF (Bad file descriptor) [pid 594] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 594] exit_group(0) = ? [pid 594] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./37/binderfs") = 0 [pid 375] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./37/cgroup") = 0 [pid 375] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./37/cgroup.net") = 0 [ 123.071639][ T594] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 123.079595][ T594] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 123.087552][ T594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 123.095501][ T594] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000025 [ 123.103805][ T594] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 123.133757][ T375] ------------[ cut here ]------------ [ 123.139269][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 123.148224][ T375] Modules linked in: [ 123.152125][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 123.163753][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.173843][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 123.179471][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 123.199173][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 123.205275][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 123.213298][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 123.221280][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 123.229233][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 123.237225][ T375] R13: ffff888116a97180 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 123.245225][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 123.254165][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.260753][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 123.268716][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.276702][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.284677][ T375] Call Trace: [ 123.287951][ T375] ? io_schedule+0x120/0x120 [ 123.292546][ T375] ? vfs_submount+0xb0/0xb0 [ 123.297045][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 123.302261][ T375] ? __kasan_check_write+0x14/0x20 [ 123.307365][ T375] namespace_unlock+0x448/0x4f0 [ 123.312225][ T375] ? umount_tree+0xf50/0xf50 [ 123.316818][ T375] ? __detach_mounts+0x670/0x670 [ 123.321768][ T375] ? selinux_umount+0xf0/0x130 [ 123.326534][ T375] ? security_sb_umount+0x9d/0xb0 [ 123.331576][ T375] path_umount+0xf03/0xfb0 [ 123.335988][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 123.341034][ T375] ? user_path_at_empty+0x40/0x50 [ 123.346046][ T375] __x64_sys_umount+0x122/0x170 [ 123.350911][ T375] ? path_umount+0xfb0/0xfb0 [ 123.355497][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 123.361484][ T375] do_syscall_64+0x34/0x70 [ 123.365914][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 123.371846][ T375] RIP: 0033:0x7fc8ece63fb7 [ 123.376257][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 123.395900][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 123.404327][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 123.412312][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 123.420299][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 123.428261][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 123.436287][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000026 [ 123.444278][ T375] ---[ end trace d4de1ca9cdcd197f ]--- [ 123.449890][ T375] ------------[ cut here ]------------ [ 123.449972][ T593] FAULT_INJECTION: forcing a failure. [ 123.449972][ T593] name failslab, interval 1, probability 0, space 0, times 0 [ 123.455385][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 123.455402][ T375] Modules linked in: [ 123.468689][ T593] CPU: 1 PID: 593 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 123.477011][ T375] [ 123.480864][ T593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.480868][ T593] Call Trace: [ 123.480885][ T593] dump_stack_lvl+0x1e2/0x24b [ 123.480905][ T593] ? panic+0x7d7/0x7d7 [ 123.492689][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 123.494974][ T593] ? bfq_pos_tree_add_move+0x43e/0x43e [ 123.505007][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.508264][ T593] ? find_next_bit+0xd6/0x120 [ 123.512931][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 123.516961][ T593] ? cpumask_next+0x11/0x30 [ 123.528580][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 123.533982][ T593] dump_stack+0x15/0x17 [ 123.533998][ T593] should_fail+0x3c0/0x510 [ 123.544033][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 123.548677][ T593] ? percpu_ref_init+0xd0/0x330 [ 123.554299][ T375] [ 123.558754][ T593] __should_failslab+0x9f/0xe0 [ 123.578339][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 123.582453][ T593] should_failslab+0x9/0x20 [ 123.582470][ T593] kmem_cache_alloc_trace+0x3a/0x330 [ 123.586853][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 123.592888][ T593] percpu_ref_init+0xd0/0x330 [ 123.592898][ T593] ? cgroup_setup_root+0xea0/0xea0 [ 123.592915][ T593] cgroup_apply_control_enable+0x3a2/0x12f0 [ 123.597731][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 123.600047][ T593] cgroup_apply_control+0x93/0x710 [ 123.604781][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 123.612719][ T593] ? css_next_child+0x160/0x160 [ 123.612728][ T593] ? io_schedule+0x120/0x120 [ 123.612738][ T593] ? kernfs_fop_write_iter+0x15e/0x410 [ 123.612747][ T593] ? __kasan_check_write+0x14/0x20 [ 123.612756][ T593] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 123.612766][ T593] cgroup_subtree_control_write+0xd19/0x1310 [ 123.612782][ T593] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 123.617257][ T375] R13: ffff888116a97180 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 123.622508][ T593] ? __kasan_check_write+0x14/0x20 [ 123.622518][ T593] ? _copy_from_iter+0x3fb/0xd60 [ 123.622534][ T593] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 123.630489][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 123.635130][ T593] cgroup_file_write+0x28e/0x590 [ 123.640232][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.646089][ T593] ? cgroup_seqfile_stop+0xc0/0xc0 [ 123.654043][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 123.659123][ T593] ? mutex_lock+0xa6/0x110 [ 123.667082][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.671888][ T593] ? mutex_trylock+0xb0/0xb0 [ 123.671898][ T593] ? __kasan_check_write+0x14/0x20 [ 123.671907][ T593] kernfs_fop_write_iter+0x2d0/0x410 [ 123.671922][ T593] ? cgroup_seqfile_stop+0xc0/0xc0 [ 123.676486][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.681907][ T593] vfs_write+0xc1c/0xf40 [ 123.681916][ T593] ? __kasan_check_write+0x14/0x20 [ 123.681931][ T593] ? kernel_write+0x3c0/0x3c0 [ 123.687007][ T375] Call Trace: [ 123.692263][ T593] ? _raw_spin_unlock_irq+0x4e/0x70 [ 123.692273][ T593] ? ptrace_stop+0x6ff/0x9f0 [ 123.692288][ T593] ? __kasan_check_read+0x11/0x20 [ 123.698241][ T375] ? lockref_get_or_lock+0x340/0x340 [ 123.704183][ T593] ? __fdget_pos+0x27e/0x310 [ 123.704193][ T593] ksys_write+0x198/0x2c0 [ 123.704210][ T593] ? do_notify_parent+0xa60/0xa60 [ 123.712162][ T375] ? umount_tree+0xf50/0xf50 [ 123.717236][ T593] ? __ia32_sys_read+0x90/0x90 [ 123.722151][ T375] ? vfs_submount+0xb0/0xb0 [ 123.728095][ T593] ? __ia32_sys_open+0x270/0x270 [ 123.737017][ T375] ? dput+0x2b6/0x320 [ 123.741911][ T593] __x64_sys_write+0x7b/0x90 [ 123.741928][ T593] do_syscall_64+0x34/0x70 [ 123.748486][ T375] path_umount+0x1fe/0xfb0 [ 123.753563][ T593] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 123.753572][ T593] RIP: 0033:0x7fc8ece62c09 [ 123.753588][ T593] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 123.761547][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 123.765938][ T593] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 123.773943][ T375] ? user_path_at_empty+0x40/0x50 [ 123.778462][ T593] ORIG_RAX: 0000000000000001 [ 123.783563][ T375] __x64_sys_umount+0x122/0x170 [ 123.788820][ T593] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 123.793963][ T375] ? path_umount+0xfb0/0xfb0 [ 123.801849][ T593] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 123.801857][ T593] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 123.801863][ T593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 123.801869][ T593] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001f [ 123.989690][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 123.995668][ T375] do_syscall_64+0x34/0x70 [ 124.000081][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 124.005976][ T375] RIP: 0033:0x7fc8ece63fb7 [ 124.010393][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 375] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 593] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 375] <... umount2 resumed>) = 0 [pid 593] close(3 [pid 375] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 593] <... close resumed>) = 0 [pid 593] close(4 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 593] <... close resumed>) = 0 [pid 375] lstat("./37/file0", [pid 593] close(5) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 593] close(6 [pid 375] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 593] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 593] close(7 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 593] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 593] close(8 [pid 375] <... openat resumed>) = 4 [pid 593] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] fstat(4, [pid 593] close(9) = -1 EBADF (Bad file descriptor) [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 593] close(10) = -1 EBADF (Bad file descriptor) [pid 375] getdents64(4, [pid 593] close(11 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 593] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] getdents64(4, [pid 593] close(12) = -1 EBADF (Bad file descriptor) [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 593] close(13) = -1 EBADF (Bad file descriptor) [pid 375] close(4 [pid 593] close(14) = -1 EBADF (Bad file descriptor) [pid 375] <... close resumed>) = 0 [pid 593] close(15) = -1 EBADF (Bad file descriptor) [pid 593] close(16) = -1 EBADF (Bad file descriptor) [pid 593] close(17) = -1 EBADF (Bad file descriptor) [pid 593] close(18) = -1 EBADF (Bad file descriptor) [pid 593] close(19) = -1 EBADF (Bad file descriptor) [pid 375] rmdir("./37/file0" [pid 593] close(20) = -1 EBADF (Bad file descriptor) [pid 593] close(21) = -1 EBADF (Bad file descriptor) [pid 593] close(22) = -1 EBADF (Bad file descriptor) [pid 593] close(23) = -1 EBADF (Bad file descriptor) [pid 593] close(24) = -1 EBADF (Bad file descriptor) [pid 593] close(25) = -1 EBADF (Bad file descriptor) [pid 593] close(26) = -1 EBADF (Bad file descriptor) [pid 593] close(27) = -1 EBADF (Bad file descriptor) [pid 593] close(28) = -1 EBADF (Bad file descriptor) [pid 593] close(29 [pid 375] <... rmdir resumed>) = 0 [pid 593] <... close resumed>) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 593] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 593] exit_group(0) = ? [pid 593] +++ exited with 0 +++ [pid 375] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./37/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./37") = 0 [pid 375] mkdir("./38", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 40 ./strace-static-x86_64: Process 597 attached [ 124.030085][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 124.038507][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 124.046488][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 124.054476][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 124.062453][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 124.070416][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000026 [ 124.078366][ T375] ---[ end trace d4de1ca9cdcd1980 ]--- [pid 597] chdir("./38") = 0 [pid 591] <... write resumed>) = 6 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./31/binderfs") = 0 [pid 380] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./31/cgroup") = 0 [pid 380] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./31/cgroup.net") = 0 [pid 380] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 597] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 597] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 597] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 591] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 380] <... umount2 resumed>) = 0 [pid 380] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./31/file0") = 0 [pid 380] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./31/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./31") = 0 [pid 380] mkdir("./32", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 34 ./strace-static-x86_64: Process 598 attached [pid 598] chdir("./32") = 0 [pid 598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 598] setpgid(0, 0) = 0 [pid 598] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 598] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 598] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 598] write(3, "1000", 4) = 4 [pid 598] close(3) = 0 [pid 598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 598] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 598] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 591] <... openat resumed>) = 5 [pid 591] write(5, "22", 2) = 2 [ 124.100586][ T592] FAULT_INJECTION: forcing a failure. [ 124.100586][ T592] name failslab, interval 1, probability 0, space 0, times 0 [ 124.113278][ T592] CPU: 0 PID: 592 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 124.124894][ T592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.134934][ T592] Call Trace: [ 124.138213][ T592] dump_stack_lvl+0x1e2/0x24b [ 124.142881][ T592] ? panic+0x7d7/0x7d7 [ 124.146933][ T592] ? bfq_pos_tree_add_move+0x43e/0x43e [ 124.152363][ T592] ? find_next_bit+0xd6/0x120 [ 124.157020][ T592] ? cpumask_next+0x11/0x30 [ 124.161513][ T592] dump_stack+0x15/0x17 [ 124.165654][ T592] should_fail+0x3c0/0x510 [ 124.170055][ T592] ? percpu_ref_init+0xd0/0x330 [ 124.174877][ T592] __should_failslab+0x9f/0xe0 [ 124.179618][ T592] should_failslab+0x9/0x20 [ 124.184110][ T592] kmem_cache_alloc_trace+0x3a/0x330 [ 124.189374][ T592] percpu_ref_init+0xd0/0x330 [ 124.194028][ T592] ? cgroup_setup_root+0xea0/0xea0 [ 124.199120][ T592] cgroup_apply_control_enable+0x3a2/0x12f0 [ 124.204984][ T592] cgroup_apply_control+0x93/0x710 [ 124.210077][ T592] ? css_next_child+0x160/0x160 [ 124.214902][ T592] ? stack_trace_save+0x12d/0x1f0 [ 124.219927][ T592] ? io_schedule+0x120/0x120 [ 124.224501][ T592] ? kernfs_fop_write_iter+0x15e/0x410 [ 124.230298][ T592] ? __kasan_check_write+0x14/0x20 [ 124.235395][ T592] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 124.240671][ T592] cgroup_subtree_control_write+0xd19/0x1310 [ 124.246645][ T592] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 124.252619][ T592] ? __kasan_check_write+0x14/0x20 [ 124.257726][ T592] ? _copy_from_iter+0x3fb/0xd60 [ 124.262660][ T592] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 124.268631][ T592] cgroup_file_write+0x28e/0x590 [ 124.273566][ T592] ? cgroup_seqfile_stop+0xc0/0xc0 [ 124.278658][ T592] ? mutex_lock+0xa6/0x110 [ 124.283071][ T592] ? mutex_trylock+0xb0/0xb0 [ 124.287645][ T592] ? __kasan_check_write+0x14/0x20 [ 124.292728][ T592] kernfs_fop_write_iter+0x2d0/0x410 [ 124.297986][ T592] ? cgroup_seqfile_stop+0xc0/0xc0 [ 124.303081][ T592] vfs_write+0xc1c/0xf40 [ 124.307311][ T592] ? __kasan_check_write+0x14/0x20 [ 124.312405][ T592] ? kernel_write+0x3c0/0x3c0 [ 124.317060][ T592] ? _raw_spin_unlock_irq+0x4e/0x70 [ 124.322244][ T592] ? ptrace_stop+0x6ff/0x9f0 [ 124.326817][ T592] ? __kasan_check_read+0x11/0x20 [ 124.331817][ T592] ? __fdget_pos+0x27e/0x310 [ 124.336380][ T592] ksys_write+0x198/0x2c0 [ 124.340689][ T592] ? do_notify_parent+0xa60/0xa60 [ 124.345738][ T592] ? __ia32_sys_read+0x90/0x90 [ 124.350487][ T592] ? __ia32_sys_open+0x270/0x270 [ 124.355407][ T592] __x64_sys_write+0x7b/0x90 [ 124.359978][ T592] do_syscall_64+0x34/0x70 [ 124.364372][ T592] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 124.370242][ T592] RIP: 0033:0x7fc8ece62c09 [ 124.374640][ T592] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 591] write(4, "+pids ", 6 [pid 598] <... mount resumed>) = 0 [pid 597] <... mount resumed>) = 0 [pid 592] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 598] open("./file0", O_RDONLY) = 3 [pid 592] close(3 [pid 598] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 592] <... close resumed>) = 0 [pid 598] write(4, "-pids ", 6 [pid 592] close(4) = 0 [pid 592] close(5) = 0 [pid 592] close(6) = -1 EBADF (Bad file descriptor) [pid 592] close(7) = -1 EBADF (Bad file descriptor) [pid 592] close(8) = -1 EBADF (Bad file descriptor) [pid 592] close(9) = -1 EBADF (Bad file descriptor) [pid 592] close(10) = -1 EBADF (Bad file descriptor) [pid 592] close(11) = -1 EBADF (Bad file descriptor) [pid 592] close(12) = -1 EBADF (Bad file descriptor) [pid 592] close(13) = -1 EBADF (Bad file descriptor) [pid 592] close(14) = -1 EBADF (Bad file descriptor) [pid 592] close(15) = -1 EBADF (Bad file descriptor) [pid 592] close(16) = -1 EBADF (Bad file descriptor) [pid 592] close(17) = -1 EBADF (Bad file descriptor) [pid 592] close(18) = -1 EBADF (Bad file descriptor) [pid 592] close(19) = -1 EBADF (Bad file descriptor) [pid 592] close(20) = -1 EBADF (Bad file descriptor) [pid 592] close(21) = -1 EBADF (Bad file descriptor) [pid 592] close(22) = -1 EBADF (Bad file descriptor) [pid 592] close(23) = -1 EBADF (Bad file descriptor) [pid 592] close(24) = -1 EBADF (Bad file descriptor) [pid 592] close(25) = -1 EBADF (Bad file descriptor) [pid 592] close(26) = -1 EBADF (Bad file descriptor) [pid 592] close(27) = -1 EBADF (Bad file descriptor) [pid 592] close(28) = -1 EBADF (Bad file descriptor) [pid 592] close(29) = -1 EBADF (Bad file descriptor) [pid 592] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 592] exit_group(0) = ? [pid 597] open("./file0", O_RDONLY [pid 592] +++ exited with 0 +++ [pid 597] <... open resumed>) = 3 [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 597] openat(3, "cgroup.subtree_control", O_RDWR [pid 376] restart_syscall(<... resuming interrupted clone ...> [pid 597] <... openat resumed>) = 4 [pid 376] <... restart_syscall resumed>) = 0 [pid 597] write(4, "-pids ", 6 [pid 376] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./35/binderfs") = 0 [pid 376] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./35/cgroup") = 0 [pid 376] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./35/cgroup.net") = 0 [pid 376] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./35/file0") = 0 [pid 376] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./35/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./35") = 0 [pid 376] mkdir("./36", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 599 attached [pid 599] chdir("./36") = 0 [pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 599] setpgid(0, 0 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 38 [pid 599] <... setpgid resumed>) = 0 [pid 599] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 599] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 599] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 599] write(3, "1000", 4) = 4 [pid 599] close(3) = 0 [pid 599] symlink("/dev/binderfs", "./binderfs") = 0 [ 124.394225][ T592] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.402615][ T592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 124.410562][ T592] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 124.418600][ T592] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 124.426547][ T592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 124.434495][ T592] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [pid 599] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 597] <... write resumed>) = 6 [pid 599] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 597] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 597] write(5, "22", 2) = 2 [ 124.460561][ T591] FAULT_INJECTION: forcing a failure. [ 124.460561][ T591] name failslab, interval 1, probability 0, space 0, times 0 [ 124.473299][ T591] CPU: 1 PID: 591 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 124.484994][ T591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.495031][ T591] Call Trace: [ 124.498310][ T591] dump_stack_lvl+0x1e2/0x24b [ 124.502961][ T591] ? bfq_pos_tree_add_move+0x43e/0x43e [ 124.508411][ T591] ? selinux_kernfs_init_security+0x1a8/0x760 [ 124.514475][ T591] dump_stack+0x15/0x17 [ 124.518885][ T591] should_fail+0x3c0/0x510 [ 124.523295][ T591] ? __kernfs_new_node+0x99/0x6e0 [ 124.528691][ T591] __should_failslab+0x9f/0xe0 [ 124.533441][ T591] should_failslab+0x9/0x20 [ 124.537935][ T591] __kmalloc_track_caller+0x5f/0x350 [ 124.543288][ T591] kstrdup_const+0x55/0x90 [ 124.547676][ T591] __kernfs_new_node+0x99/0x6e0 [ 124.552508][ T591] ? is_module_text_address+0xe1/0x140 [ 124.557944][ T591] ? kernfs_new_node+0x170/0x170 [ 124.562861][ T591] ? ptr_to_hashval+0x60/0x60 [ 124.567523][ T591] ? arch_stack_walk+0xf8/0x140 [ 124.572355][ T591] ? snprintf+0xd6/0x120 [ 124.576568][ T591] kernfs_new_node+0x97/0x170 [ 124.581235][ T591] __kernfs_create_file+0x4a/0x270 [ 124.586326][ T591] cgroup_addrm_files+0xab8/0xfe0 [ 124.591323][ T591] ? ____kasan_kmalloc+0xdc/0x110 [ 124.596323][ T591] ? __kasan_kmalloc+0x9/0x10 [ 124.600983][ T591] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 124.606511][ T591] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 124.612647][ T591] ? delete_node+0x759/0x7b0 [ 124.617209][ T591] ? __kasan_check_read+0x11/0x20 [ 124.622203][ T591] ? delete_node+0x759/0x7b0 [ 124.626854][ T591] ? __kasan_check_write+0x14/0x20 [ 124.632277][ T591] ? idr_replace+0x1c4/0x230 [ 124.636850][ T591] ? idr_get_next+0x4b0/0x4b0 [ 124.641503][ T591] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 124.646512][ T591] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 124.651693][ T591] css_populate_dir+0x137/0x370 [ 124.656521][ T591] cgroup_apply_control_enable+0x8b9/0x12f0 [ 124.662469][ T591] cgroup_apply_control+0x93/0x710 [ 124.667565][ T591] ? css_next_child+0x160/0x160 [ 124.672401][ T591] ? io_schedule+0x120/0x120 [ 124.676964][ T591] ? kernfs_fop_write_iter+0x15e/0x410 [ 124.682404][ T591] ? __kasan_check_write+0x14/0x20 [ 124.687497][ T591] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 124.692766][ T591] cgroup_subtree_control_write+0xd19/0x1310 [ 124.698738][ T591] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 124.704706][ T591] ? __kasan_check_write+0x14/0x20 [ 124.709800][ T591] ? _copy_from_iter+0x3fb/0xd60 [ 124.714722][ T591] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 124.720690][ T591] cgroup_file_write+0x28e/0x590 [ 124.725612][ T591] ? cgroup_seqfile_stop+0xc0/0xc0 [ 124.730709][ T591] ? mutex_lock+0xa6/0x110 [ 124.735102][ T591] ? mutex_trylock+0xb0/0xb0 [ 124.739669][ T591] ? __kasan_check_write+0x14/0x20 [ 124.744757][ T591] kernfs_fop_write_iter+0x2d0/0x410 [ 124.750023][ T591] ? cgroup_seqfile_stop+0xc0/0xc0 [ 124.755109][ T591] vfs_write+0xc1c/0xf40 [ 124.759330][ T591] ? __kasan_check_write+0x14/0x20 [ 124.764422][ T591] ? kernel_write+0x3c0/0x3c0 [ 124.769075][ T591] ? _raw_spin_unlock_irq+0x4e/0x70 [ 124.774343][ T591] ? ptrace_stop+0x6ff/0x9f0 [ 124.778909][ T591] ? __kasan_check_read+0x11/0x20 [ 124.783907][ T591] ? __fdget_pos+0x27e/0x310 [ 124.788471][ T591] ksys_write+0x198/0x2c0 [ 124.792775][ T591] ? do_notify_parent+0xa60/0xa60 [ 124.797778][ T591] ? __ia32_sys_read+0x90/0x90 [ 124.802521][ T591] ? __ia32_sys_open+0x270/0x270 [ 124.807430][ T591] __x64_sys_write+0x7b/0x90 [ 124.811991][ T591] do_syscall_64+0x34/0x70 [ 124.816384][ T591] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 124.822250][ T591] RIP: 0033:0x7fc8ece62c09 [ 124.826639][ T591] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 124.846657][ T591] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 597] write(4, "+pids ", 6 [pid 599] <... mount resumed>) = 0 [pid 591] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 599] open("./file0", O_RDONLY [pid 591] close(3 [pid 599] <... open resumed>) = 3 [pid 591] <... close resumed>) = 0 [pid 599] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 591] close(4) = 0 [pid 591] close(5) = 0 [pid 591] close(6) = -1 EBADF (Bad file descriptor) [pid 591] close(7) = -1 EBADF (Bad file descriptor) [pid 591] close(8) = -1 EBADF (Bad file descriptor) [pid 591] close(9) = -1 EBADF (Bad file descriptor) [pid 591] close(10) = -1 EBADF (Bad file descriptor) [pid 591] close(11) = -1 EBADF (Bad file descriptor) [pid 591] close(12) = -1 EBADF (Bad file descriptor) [pid 591] close(13) = -1 EBADF (Bad file descriptor) [pid 591] close(14) = -1 EBADF (Bad file descriptor) [pid 591] close(15) = -1 EBADF (Bad file descriptor) [pid 599] write(4, "-pids ", 6 [pid 591] close(16) = -1 EBADF (Bad file descriptor) [pid 591] close(17) = -1 EBADF (Bad file descriptor) [pid 591] close(18) = -1 EBADF (Bad file descriptor) [pid 591] close(19) = -1 EBADF (Bad file descriptor) [pid 591] close(20) = -1 EBADF (Bad file descriptor) [pid 591] close(21) = -1 EBADF (Bad file descriptor) [pid 591] close(22) = -1 EBADF (Bad file descriptor) [pid 591] close(23) = -1 EBADF (Bad file descriptor) [pid 591] close(24) = -1 EBADF (Bad file descriptor) [pid 591] close(25) = -1 EBADF (Bad file descriptor) [pid 591] close(26) = -1 EBADF (Bad file descriptor) [pid 591] close(27) = -1 EBADF (Bad file descriptor) [pid 591] close(28) = -1 EBADF (Bad file descriptor) [pid 591] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 591] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 591] exit_group(0) = ? [pid 591] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./38/binderfs") = 0 [pid 382] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./38/cgroup") = 0 [pid 382] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./38/cgroup.net") = 0 [pid 382] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [ 124.855056][ T591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 124.863009][ T591] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 124.870962][ T591] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 124.878916][ T591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 124.886868][ T591] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000026 [ 124.895913][ T591] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 599] <... write resumed>) = 6 [pid 599] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 599] write(5, "22", 2) = 2 [pid 599] write(4, "+pids ", 6 [pid 382] close(4) = 0 [pid 382] rmdir("./38/file0") = 0 [pid 382] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./38/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./38") = 0 [pid 382] mkdir("./39", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 41 ./strace-static-x86_64: Process 600 attached [pid 600] chdir("./39") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 600] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 600] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 600] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 124.921046][ T597] FAULT_INJECTION: forcing a failure. [ 124.921046][ T597] name failslab, interval 1, probability 0, space 0, times 0 [ 124.934207][ T597] CPU: 0 PID: 597 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 124.945820][ T597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.955855][ T597] Call Trace: [ 124.959124][ T597] dump_stack_lvl+0x1e2/0x24b [ 124.963782][ T597] ? panic+0x7d7/0x7d7 [ 124.967839][ T597] ? bfq_pos_tree_add_move+0x43e/0x43e [ 124.973284][ T597] ? find_next_bit+0xd6/0x120 [ 124.977936][ T597] ? cpumask_next+0x11/0x30 [ 124.982424][ T597] dump_stack+0x15/0x17 [ 124.986568][ T597] should_fail+0x3c0/0x510 [ 124.990967][ T597] ? percpu_ref_init+0xd0/0x330 [ 124.995798][ T597] __should_failslab+0x9f/0xe0 [ 125.000541][ T597] should_failslab+0x9/0x20 [ 125.005018][ T597] kmem_cache_alloc_trace+0x3a/0x330 [ 125.010287][ T597] percpu_ref_init+0xd0/0x330 [ 125.014945][ T597] ? cgroup_setup_root+0xea0/0xea0 [ 125.020030][ T597] cgroup_apply_control_enable+0x3a2/0x12f0 [ 125.025897][ T597] cgroup_apply_control+0x93/0x710 [ 125.030991][ T597] ? css_next_child+0x160/0x160 [ 125.035835][ T597] ? stack_trace_save+0x12d/0x1f0 [ 125.040862][ T597] ? io_schedule+0x120/0x120 [ 125.045438][ T597] ? kernfs_fop_write_iter+0x15e/0x410 [ 125.050879][ T597] ? __kasan_check_write+0x14/0x20 [ 125.055967][ T597] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 125.061230][ T597] cgroup_subtree_control_write+0xd19/0x1310 [ 125.067206][ T597] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 125.073158][ T597] ? __kasan_check_write+0x14/0x20 [ 125.078242][ T597] ? _copy_from_iter+0x3fb/0xd60 [ 125.083183][ T597] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 125.089152][ T597] cgroup_file_write+0x28e/0x590 [ 125.094071][ T597] ? cgroup_seqfile_stop+0xc0/0xc0 [ 125.099158][ T597] ? mutex_lock+0xa6/0x110 [ 125.103554][ T597] ? mutex_trylock+0xb0/0xb0 [ 125.108117][ T597] ? __kasan_check_write+0x14/0x20 [ 125.113215][ T597] kernfs_fop_write_iter+0x2d0/0x410 [ 125.118471][ T597] ? cgroup_seqfile_stop+0xc0/0xc0 [ 125.123554][ T597] vfs_write+0xc1c/0xf40 [ 125.127778][ T597] ? __kasan_check_write+0x14/0x20 [ 125.132873][ T597] ? kernel_write+0x3c0/0x3c0 [ 125.137523][ T597] ? _raw_spin_unlock_irq+0x4e/0x70 [ 125.142702][ T597] ? ptrace_stop+0x6ff/0x9f0 [ 125.147270][ T597] ? __kasan_check_read+0x11/0x20 [ 125.152278][ T597] ? __fdget_pos+0x27e/0x310 [ 125.156844][ T597] ksys_write+0x198/0x2c0 [ 125.161148][ T597] ? do_notify_parent+0xa60/0xa60 [ 125.166152][ T597] ? __ia32_sys_read+0x90/0x90 [ 125.170896][ T597] ? __ia32_sys_open+0x270/0x270 [ 125.175813][ T597] __x64_sys_write+0x7b/0x90 [ 125.180374][ T597] do_syscall_64+0x34/0x70 [ 125.184763][ T597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 125.190626][ T597] RIP: 0033:0x7fc8ece62c09 [ 125.195014][ T597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 600] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 597] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 600] open("./file0", O_RDONLY [pid 597] close(3 [pid 600] <... open resumed>) = 3 [pid 597] <... close resumed>) = 0 [pid 600] openat(3, "cgroup.subtree_control", O_RDWR [pid 597] close(4 [pid 600] <... openat resumed>) = 4 [pid 597] <... close resumed>) = 0 [pid 600] write(4, "-pids ", 6 [pid 597] close(5) = 0 [pid 597] close(6) = -1 EBADF (Bad file descriptor) [pid 597] close(7) = -1 EBADF (Bad file descriptor) [pid 597] close(8) = -1 EBADF (Bad file descriptor) [pid 597] close(9) = -1 EBADF (Bad file descriptor) [pid 597] close(10) = -1 EBADF (Bad file descriptor) [pid 597] close(11) = -1 EBADF (Bad file descriptor) [pid 597] close(12) = -1 EBADF (Bad file descriptor) [pid 597] close(13) = -1 EBADF (Bad file descriptor) [pid 597] close(14) = -1 EBADF (Bad file descriptor) [pid 597] close(15) = -1 EBADF (Bad file descriptor) [pid 597] close(16) = -1 EBADF (Bad file descriptor) [pid 597] close(17) = -1 EBADF (Bad file descriptor) [pid 597] close(18) = -1 EBADF (Bad file descriptor) [pid 597] close(19) = -1 EBADF (Bad file descriptor) [pid 597] close(20) = -1 EBADF (Bad file descriptor) [pid 597] close(21) = -1 EBADF (Bad file descriptor) [pid 597] close(22) = -1 EBADF (Bad file descriptor) [pid 597] close(23) = -1 EBADF (Bad file descriptor) [pid 597] close(24) = -1 EBADF (Bad file descriptor) [pid 597] close(25) = -1 EBADF (Bad file descriptor) [pid 597] close(26) = -1 EBADF (Bad file descriptor) [pid 597] close(27) = -1 EBADF (Bad file descriptor) [pid 597] close(28) = -1 EBADF (Bad file descriptor) [pid 597] close(29) = -1 EBADF (Bad file descriptor) [pid 597] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 597] exit_group(0) = ? [pid 597] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./38/binderfs") = 0 [pid 375] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./38/cgroup") = 0 [pid 375] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./38/cgroup.net") = 0 [ 125.214686][ T597] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 125.223082][ T597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 125.231026][ T597] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 125.239238][ T597] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 125.247198][ T597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 125.255149][ T597] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000026 [ 125.289371][ T375] ------------[ cut here ]------------ [ 125.294900][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 125.303912][ T375] Modules linked in: [ 125.307818][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 125.319446][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.329523][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 125.335179][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 125.354791][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 125.360857][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 125.369081][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 125.377062][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 125.385045][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 125.393031][ T375] R13: ffff888117098000 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 125.401005][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 125.409907][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.416488][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 125.424478][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.432451][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.440415][ T375] Call Trace: [ 125.443679][ T375] ? io_schedule+0x120/0x120 [ 125.448249][ T375] ? vfs_submount+0xb0/0xb0 [ 125.452778][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 125.457974][ T375] ? __kasan_check_write+0x14/0x20 [ 125.463093][ T375] namespace_unlock+0x448/0x4f0 [ 125.467944][ T375] ? umount_tree+0xf50/0xf50 [ 125.472550][ T375] ? __detach_mounts+0x670/0x670 [ 125.477487][ T375] ? selinux_umount+0xf0/0x130 [ 125.482249][ T375] ? security_sb_umount+0x9d/0xb0 [ 125.487262][ T375] path_umount+0xf03/0xfb0 [ 125.491707][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 125.496730][ T375] ? user_path_at_empty+0x40/0x50 [ 125.501767][ T375] __x64_sys_umount+0x122/0x170 [ 125.506604][ T375] ? path_umount+0xfb0/0xfb0 [ 125.511210][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 125.517178][ T375] do_syscall_64+0x34/0x70 [ 125.521605][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 125.527477][ T375] RIP: 0033:0x7fc8ece63fb7 [ 125.531901][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.551514][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 125.559921][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 125.567912][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 125.575903][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 125.583875][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 125.591848][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000027 [ 125.599802][ T375] ---[ end trace d4de1ca9cdcd1981 ]--- [ 125.605406][ T375] ------------[ cut here ]------------ [ 125.605487][ T599] FAULT_INJECTION: forcing a failure. [ 125.605487][ T599] name failslab, interval 1, probability 0, space 0, times 0 [ 125.611018][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 125.611030][ T375] Modules linked in: [pid 375] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 598] <... write resumed>) = 6 [pid 596] <... write resumed>) = 6 [pid 595] <... write resumed>) = 6 [pid 596] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 125.636904][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 125.648605][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.658687][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 125.664332][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 125.683938][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [pid 595] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 125.689993][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffd RCX: ffff8881065e13c0 [ 125.697967][ T375] RDX: 0000000000000000 RSI: 00000000fffffffd RDI: 0000000000000000 [ 125.705934][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 125.713898][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 125.721896][ T375] R13: ffff888117098000 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 125.729858][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 125.738784][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.745357][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 125.753336][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.761307][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.769256][ T375] Call Trace: [ 125.772567][ T375] ? lockref_get_or_lock+0x340/0x340 [ 125.777834][ T375] ? umount_tree+0xf50/0xf50 [ 125.782419][ T375] ? vfs_submount+0xb0/0xb0 [ 125.786898][ T375] ? dput+0x2b6/0x320 [ 125.790875][ T375] path_umount+0x1fe/0xfb0 [ 125.795279][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 125.800294][ T375] ? user_path_at_empty+0x40/0x50 [ 125.805296][ T375] __x64_sys_umount+0x122/0x170 [ 125.810124][ T375] ? path_umount+0xfb0/0xfb0 [ 125.814720][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 125.820692][ T375] do_syscall_64+0x34/0x70 [ 125.825090][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 125.830971][ T375] RIP: 0033:0x7fc8ece63fb7 [ 125.835367][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 125.854966][ T599] CPU: 1 PID: 599 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 125.854972][ T599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.854976][ T599] Call Trace: [ 125.854996][ T599] dump_stack_lvl+0x1e2/0x24b [ 125.866584][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 125.876616][ T599] ? panic+0x7d7/0x7d7 [ 125.876632][ T599] ? bfq_pos_tree_add_move+0x43e/0x43e [ 125.879885][ T375] ORIG_RAX: 00000000000000a6 [ 125.884528][ T599] ? find_next_bit+0xd6/0x120 [ 125.884545][ T599] ? cpumask_next+0x11/0x30 [ 125.890580][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 125.894610][ T599] dump_stack+0x15/0x17 [ 125.900035][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 125.904675][ T599] should_fail+0x3c0/0x510 [ 125.904684][ T599] ? percpu_ref_init+0xd0/0x330 [ 125.904701][ T599] __should_failslab+0x9f/0xe0 [ 125.909347][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 125.913815][ T599] should_failslab+0x9/0x20 [ 125.913832][ T599] kmem_cache_alloc_trace+0x3a/0x330 [ 125.921798][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 125.925921][ T599] percpu_ref_init+0xd0/0x330 [ 125.933879][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000027 [ 125.938259][ T599] ? cgroup_setup_root+0xea0/0xea0 [ 125.943088][ T375] ---[ end trace d4de1ca9cdcd1982 ]--- [ 125.947820][ T599] cgroup_apply_control_enable+0x3a2/0x12f0 [ 126.002367][ T599] cgroup_apply_control+0x93/0x710 [ 126.007466][ T599] ? css_next_child+0x160/0x160 [ 126.012298][ T599] ? stack_trace_save+0x12d/0x1f0 [ 126.017298][ T599] ? io_schedule+0x120/0x120 [ 126.021869][ T599] ? kernfs_fop_write_iter+0x15e/0x410 [ 126.027306][ T599] ? __kasan_check_write+0x14/0x20 [ 126.032398][ T599] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 126.037666][ T599] cgroup_subtree_control_write+0xd19/0x1310 [ 126.043622][ T599] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.049577][ T599] ? __kasan_check_write+0x14/0x20 [ 126.054665][ T599] ? _copy_from_iter+0x3fb/0xd60 [ 126.059576][ T599] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.065531][ T599] cgroup_file_write+0x28e/0x590 [ 126.070442][ T599] ? cgroup_seqfile_stop+0xc0/0xc0 [ 126.075527][ T599] ? mutex_lock+0xa6/0x110 [ 126.079919][ T599] ? mutex_trylock+0xb0/0xb0 [ 126.084483][ T599] ? __kasan_check_write+0x14/0x20 [ 126.089572][ T599] kernfs_fop_write_iter+0x2d0/0x410 [ 126.094832][ T599] ? cgroup_seqfile_stop+0xc0/0xc0 [ 126.099920][ T599] vfs_write+0xc1c/0xf40 [ 126.104143][ T599] ? __kasan_check_write+0x14/0x20 [ 126.109231][ T599] ? kernel_write+0x3c0/0x3c0 [ 126.113882][ T599] ? _raw_spin_unlock_irq+0x4e/0x70 [ 126.119057][ T599] ? ptrace_stop+0x6ff/0x9f0 [ 126.123622][ T599] ? __kasan_check_read+0x11/0x20 [ 126.128620][ T599] ? __fdget_pos+0x27e/0x310 [ 126.133186][ T599] ksys_write+0x198/0x2c0 [ 126.137496][ T599] ? do_notify_parent+0xa60/0xa60 [ 126.142493][ T599] ? __ia32_sys_read+0x90/0x90 [ 126.147235][ T599] ? __ia32_sys_open+0x270/0x270 [ 126.152148][ T599] __x64_sys_write+0x7b/0x90 [ 126.156713][ T599] do_syscall_64+0x34/0x70 [ 126.161104][ T599] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 126.166972][ T599] RIP: 0033:0x7fc8ece62c09 [ 126.171364][ T599] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 598] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 596] <... openat resumed>) = 5 [pid 595] <... openat resumed>) = 5 [pid 375] <... umount2 resumed>) = 0 [pid 598] write(5, "22", 2 [pid 596] write(5, "22", 2 [pid 595] write(5, "22", 2 [pid 598] <... write resumed>) = 2 [pid 596] <... write resumed>) = 2 [pid 595] <... write resumed>) = 2 [pid 375] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 598] write(4, "+pids ", 6 [pid 596] write(4, "+pids ", 6 [pid 595] write(4, "+pids ", 6 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 599] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 375] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 599] close(3 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 599] <... close resumed>) = 0 [pid 375] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 599] close(4 [pid 375] <... openat resumed>) = 4 [pid 599] <... close resumed>) = 0 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 599] close(5 [pid 375] getdents64(4, [pid 599] <... close resumed>) = 0 [pid 599] close(6 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(7 [pid 375] getdents64(4, [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(8 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] close(4 [pid 599] close(9 [pid 375] <... close resumed>) = 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(10 [pid 375] rmdir("./38/file0" [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... rmdir resumed>) = 0 [pid 599] close(11 [pid 375] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(12 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(13 [pid 375] lstat("./38/cgroup.cpu", [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 599] close(14) = -1 EBADF (Bad file descriptor) [pid 375] unlink("./38/cgroup.cpu" [pid 599] close(15) = -1 EBADF (Bad file descriptor) [pid 375] <... unlink resumed>) = 0 [pid 599] close(16 [pid 375] getdents64(3, [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(17 [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(18 [pid 375] close(3 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(19 [pid 375] <... close resumed>) = 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] rmdir("./38" [pid 599] close(20) = -1 EBADF (Bad file descriptor) [pid 375] <... rmdir resumed>) = 0 [pid 599] close(21) = -1 EBADF (Bad file descriptor) [pid 375] mkdir("./39", 0777 [pid 599] close(22 [pid 375] <... mkdir resumed>) = 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(23 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 599] close(24./strace-static-x86_64: Process 601 attached ) = -1 EBADF (Bad file descriptor) [pid 601] chdir("./39") = 0 [pid 599] close(25 [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 41 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... prctl resumed>) = 0 [pid 599] close(26 [pid 601] setpgid(0, 0 [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... setpgid resumed>) = 0 [pid 599] close(27 [pid 601] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... symlink resumed>) = 0 [pid 599] close(28 [pid 601] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... symlink resumed>) = 0 [pid 599] close(29 [pid 601] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 599] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... symlink resumed>) = 0 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 599] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 601] <... openat resumed>) = 3 [pid 599] <... write resumed>) = 89 [pid 601] write(3, "1000", 4 [pid 599] exit_group(0 [pid 601] <... write resumed>) = 4 [pid 599] <... exit_group resumed>) = ? [pid 601] close(3) = 0 [pid 601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 601] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 599] +++ exited with 0 +++ [pid 601] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 601] <... mount resumed>) = 0 [pid 601] open("./file0", O_RDONLY) = 3 [pid 601] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 601] write(4, "-pids ", 6 [pid 376] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./36/binderfs") = 0 [pid 376] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./36/cgroup") = 0 [pid 376] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./36/cgroup.net") = 0 [pid 376] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 126.190957][ T599] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.199367][ T599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 126.207317][ T599] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 126.215266][ T599] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 126.223215][ T599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 126.231164][ T599] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000024 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./36/file0") = 0 [pid 376] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./36/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./36") = 0 [pid 376] mkdir("./37", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 39 [ 126.260629][ T595] FAULT_INJECTION: forcing a failure. [ 126.260629][ T595] name failslab, interval 1, probability 0, space 0, times 0 [ 126.273324][ T595] CPU: 0 PID: 595 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 126.284940][ T595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.294979][ T595] Call Trace: [ 126.298245][ T595] dump_stack_lvl+0x1e2/0x24b [ 126.302909][ T595] ? bfq_pos_tree_add_move+0x43e/0x43e ./strace-static-x86_64: Process 602 attached [pid 602] chdir("./37") = 0 [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 602] setpgid(0, 0) = 0 [pid 602] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 602] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 602] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 602] write(3, "1000", 4) = 4 [pid 602] close(3) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 602] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 126.308371][ T595] ? selinux_kernfs_init_security+0x1a8/0x760 [ 126.314424][ T595] dump_stack+0x15/0x17 [ 126.318551][ T595] should_fail+0x3c0/0x510 [ 126.322951][ T595] ? __kernfs_new_node+0x99/0x6e0 [ 126.327965][ T595] __should_failslab+0x9f/0xe0 [ 126.332713][ T595] should_failslab+0x9/0x20 [ 126.337205][ T595] __kmalloc_track_caller+0x5f/0x350 [ 126.342464][ T595] kstrdup_const+0x55/0x90 [ 126.346850][ T595] __kernfs_new_node+0x99/0x6e0 [ 126.351673][ T595] ? is_module_text_address+0xe1/0x140 [ 126.357109][ T595] ? kernfs_new_node+0x170/0x170 [ 126.362030][ T595] ? ptr_to_hashval+0x60/0x60 [ 126.366686][ T595] ? arch_stack_walk+0xf8/0x140 [ 126.371524][ T595] ? snprintf+0xd6/0x120 [ 126.375740][ T595] kernfs_new_node+0x97/0x170 [ 126.380398][ T595] __kernfs_create_file+0x4a/0x270 [ 126.385488][ T595] cgroup_addrm_files+0xab8/0xfe0 [ 126.390483][ T595] ? ____kasan_kmalloc+0xdc/0x110 [ 126.395478][ T595] ? __kasan_kmalloc+0x9/0x10 [ 126.400132][ T595] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 126.405660][ T595] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 126.411786][ T595] ? delete_node+0x759/0x7b0 [ 126.416360][ T595] ? __kasan_check_read+0x11/0x20 [ 126.421365][ T595] ? delete_node+0x759/0x7b0 [ 126.425929][ T595] ? __kasan_check_write+0x14/0x20 [ 126.431021][ T595] ? idr_replace+0x1c4/0x230 [ 126.435591][ T595] ? idr_get_next+0x4b0/0x4b0 [ 126.440245][ T595] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 126.445246][ T595] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 126.450432][ T595] css_populate_dir+0x137/0x370 [ 126.455275][ T595] cgroup_apply_control_enable+0x8b9/0x12f0 [ 126.461145][ T595] cgroup_apply_control+0x93/0x710 [ 126.466231][ T595] ? css_next_child+0x160/0x160 [ 126.471057][ T595] ? io_schedule+0x120/0x120 [ 126.475630][ T595] ? kernfs_fop_write_iter+0x15e/0x410 [ 126.481076][ T595] ? __kasan_check_write+0x14/0x20 [ 126.486167][ T595] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 126.491437][ T595] cgroup_subtree_control_write+0xd19/0x1310 [ 126.497418][ T595] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.503381][ T595] ? __kasan_check_write+0x14/0x20 [ 126.508477][ T595] ? _copy_from_iter+0x3fb/0xd60 [ 126.513398][ T595] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.519350][ T595] cgroup_file_write+0x28e/0x590 [ 126.524267][ T595] ? cgroup_seqfile_stop+0xc0/0xc0 [ 126.529353][ T595] ? mutex_lock+0xa6/0x110 [ 126.533750][ T595] ? mutex_trylock+0xb0/0xb0 [ 126.538322][ T595] ? __kasan_check_write+0x14/0x20 [ 126.543406][ T595] kernfs_fop_write_iter+0x2d0/0x410 [ 126.548671][ T595] ? cgroup_seqfile_stop+0xc0/0xc0 [ 126.553756][ T595] vfs_write+0xc1c/0xf40 [ 126.557972][ T595] ? __kasan_check_write+0x14/0x20 [ 126.563058][ T595] ? kernel_write+0x3c0/0x3c0 [ 126.567713][ T595] ? _raw_spin_unlock_irq+0x4e/0x70 [ 126.572892][ T595] ? ptrace_stop+0x6ff/0x9f0 [ 126.577462][ T595] ? __kasan_check_read+0x11/0x20 [ 126.582477][ T595] ? __fdget_pos+0x27e/0x310 [ 126.587040][ T595] ksys_write+0x198/0x2c0 [ 126.591344][ T595] ? do_notify_parent+0xa60/0xa60 [ 126.596349][ T595] ? __ia32_sys_read+0x90/0x90 [ 126.601085][ T595] ? __ia32_sys_open+0x270/0x270 [ 126.605994][ T595] __x64_sys_write+0x7b/0x90 [ 126.610556][ T595] do_syscall_64+0x34/0x70 [ 126.614946][ T595] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 126.620812][ T595] RIP: 0033:0x7fc8ece62c09 [ 126.625215][ T595] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 126.644806][ T595] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.653214][ T595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 602] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 595] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 602] <... mount resumed>) = 0 [pid 595] close(3 [pid 602] open("./file0", O_RDONLY [pid 595] <... close resumed>) = 0 [pid 602] <... open resumed>) = 3 [pid 595] close(4 [pid 602] openat(3, "cgroup.subtree_control", O_RDWR [pid 595] <... close resumed>) = 0 [pid 602] <... openat resumed>) = 4 [pid 595] close(5 [pid 602] write(4, "-pids ", 6 [pid 595] <... close resumed>) = 0 [pid 595] close(6) = -1 EBADF (Bad file descriptor) [pid 595] close(7) = -1 EBADF (Bad file descriptor) [pid 595] close(8) = -1 EBADF (Bad file descriptor) [pid 595] close(9) = -1 EBADF (Bad file descriptor) [pid 595] close(10) = -1 EBADF (Bad file descriptor) [pid 595] close(11) = -1 EBADF (Bad file descriptor) [pid 595] close(12) = -1 EBADF (Bad file descriptor) [pid 595] close(13) = -1 EBADF (Bad file descriptor) [pid 595] close(14) = -1 EBADF (Bad file descriptor) [pid 595] close(15) = -1 EBADF (Bad file descriptor) [pid 595] close(16) = -1 EBADF (Bad file descriptor) [pid 595] close(17) = -1 EBADF (Bad file descriptor) [pid 595] close(18) = -1 EBADF (Bad file descriptor) [pid 595] close(19) = -1 EBADF (Bad file descriptor) [pid 595] close(20) = -1 EBADF (Bad file descriptor) [pid 595] close(21) = -1 EBADF (Bad file descriptor) [pid 595] close(22) = -1 EBADF (Bad file descriptor) [pid 595] close(23) = -1 EBADF (Bad file descriptor) [pid 595] close(24) = -1 EBADF (Bad file descriptor) [pid 595] close(25) = -1 EBADF (Bad file descriptor) [pid 595] close(26) = -1 EBADF (Bad file descriptor) [pid 595] close(27) = -1 EBADF (Bad file descriptor) [pid 595] close(28) = -1 EBADF (Bad file descriptor) [pid 595] close(29) = -1 EBADF (Bad file descriptor) [pid 595] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 595] exit_group(0) = ? [pid 595] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./30/binderfs") = 0 [pid 383] umount2("./30/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./30/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./30/cgroup") = 0 [pid 383] umount2("./30/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./30/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./30/cgroup.net") = 0 [ 126.661178][ T595] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 126.669132][ T595] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 126.677076][ T595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 126.685029][ T595] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001e [ 126.693125][ T595] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 383] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 600] <... write resumed>) = 6 [ 126.719906][ T383] ------------[ cut here ]------------ [ 126.725427][ T383] WARNING: CPU: 1 PID: 383 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 126.734419][ T383] Modules linked in: [ 126.734656][ T596] FAULT_INJECTION: forcing a failure. [ 126.734656][ T596] name failslab, interval 1, probability 0, space 0, times 0 [ 126.738315][ T383] CPU: 1 PID: 383 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 126.762491][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.772731][ T383] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 126.778359][ T383] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 126.797980][ T383] RSP: 0018:ffffc90000b87ba0 EFLAGS: 00010293 [ 126.803747][ T596] CPU: 0 PID: 596 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 126.804054][ T383] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e3b40 [ 126.815638][ T596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.815644][ T596] Call Trace: [ 126.815664][ T596] dump_stack_lvl+0x1e2/0x24b [ 126.815674][ T596] ? bfq_pos_tree_add_move+0x43e/0x43e [ 126.815685][ T596] ? selinux_kernfs_init_security+0x1a8/0x760 [ 126.815694][ T596] dump_stack+0x15/0x17 [ 126.815703][ T596] should_fail+0x3c0/0x510 [ 126.815712][ T596] ? __kernfs_new_node+0x99/0x6e0 [ 126.815722][ T596] __should_failslab+0x9f/0xe0 [ 126.815730][ T596] should_failslab+0x9/0x20 [ 126.815751][ T596] __kmalloc_track_caller+0x5f/0x350 [ 126.823719][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 126.833730][ T596] kstrdup_const+0x55/0x90 [ 126.833740][ T596] __kernfs_new_node+0x99/0x6e0 [ 126.833757][ T596] ? is_module_text_address+0xe1/0x140 [ 126.837014][ T383] RBP: ffffc90000b87c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 126.841658][ T596] ? kernfs_new_node+0x170/0x170 [ 126.841668][ T596] ? ptr_to_hashval+0x60/0x60 [ 126.841676][ T596] ? arch_stack_walk+0xf8/0x140 [ 126.841685][ T596] ? snprintf+0xd6/0x120 [ 126.841694][ T596] kernfs_new_node+0x97/0x170 [ 126.841712][ T596] __kernfs_create_file+0x4a/0x270 [ 126.847139][ T383] R10: fffff52000170f65 R11: 1ffff92000170f64 R12: dffffc0000000000 [ 126.853166][ T596] cgroup_addrm_files+0xab8/0xfe0 [ 126.853176][ T596] ? ____kasan_kmalloc+0xdc/0x110 [ 126.853191][ T596] ? __kasan_kmalloc+0x9/0x10 [ 126.857317][ T383] R13: ffff888117098380 R14: ffffc90000b87c00 R15: 1ffff92000170f7c [ 126.861697][ T596] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 126.861708][ T596] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 126.861723][ T596] ? delete_node+0x759/0x7b0 [ 126.866715][ T383] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 126.871438][ T596] ? __kasan_check_read+0x11/0x20 [ 126.871447][ T596] ? delete_node+0x759/0x7b0 [ 126.871455][ T596] ? __kasan_check_write+0x14/0x20 [ 126.871471][ T596] ? idr_replace+0x1c4/0x230 [ 126.875946][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.881195][ T596] ? idr_get_next+0x4b0/0x4b0 [ 126.881204][ T596] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 126.881219][ T596] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 126.889163][ T383] CR2: 00007ffd7d0e1c18 CR3: 0000000104bfa000 CR4: 00000000003506a0 [ 126.893541][ T596] css_populate_dir+0x137/0x370 [ 126.893560][ T596] cgroup_apply_control_enable+0x8b9/0x12f0 [ 126.898375][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 126.903799][ T596] cgroup_apply_control+0x93/0x710 [ 126.903815][ T596] ? css_next_child+0x160/0x160 [ 126.911767][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 126.916666][ T596] ? io_schedule+0x120/0x120 [ 126.921309][ T383] Call Trace: [ 126.926125][ T596] ? kernfs_fop_write_iter+0x15e/0x410 [ 126.930356][ T383] ? io_schedule+0x120/0x120 [ 126.934978][ T596] ? __kasan_check_write+0x14/0x20 [ 126.940056][ T383] ? vfs_submount+0xb0/0xb0 [ 126.947993][ T596] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 126.948011][ T596] cgroup_subtree_control_write+0xd19/0x1310 [pid 600] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 596] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 596] close(3) = 0 [pid 596] close(4) = 0 [pid 596] close(5) = 0 [pid 596] close(6) = -1 EBADF (Bad file descriptor) [pid 596] close(7) = -1 EBADF (Bad file descriptor) [pid 596] close(8) = -1 EBADF (Bad file descriptor) [pid 596] close(9) = -1 EBADF (Bad file descriptor) [pid 596] close(10) = -1 EBADF (Bad file descriptor) [pid 596] close(11) = -1 EBADF (Bad file descriptor) [pid 596] close(12) = -1 EBADF (Bad file descriptor) [pid 596] close(13) = -1 EBADF (Bad file descriptor) [pid 596] close(14) = -1 EBADF (Bad file descriptor) [pid 596] close(15) = -1 EBADF (Bad file descriptor) [pid 596] close(16) = -1 EBADF (Bad file descriptor) [pid 596] close(17) = -1 EBADF (Bad file descriptor) [pid 596] close(18) = -1 EBADF (Bad file descriptor) [pid 596] close(19) = -1 EBADF (Bad file descriptor) [pid 596] close(20) = -1 EBADF (Bad file descriptor) [pid 596] close(21) = -1 EBADF (Bad file descriptor) [pid 596] close(22) = -1 EBADF (Bad file descriptor) [pid 596] close(23) = -1 EBADF (Bad file descriptor) [pid 596] close(24) = -1 EBADF (Bad file descriptor) [pid 596] close(25) = -1 EBADF (Bad file descriptor) [pid 596] close(26) = -1 EBADF (Bad file descriptor) [pid 596] close(27) = -1 EBADF (Bad file descriptor) [pid 596] close(28) = -1 EBADF (Bad file descriptor) [pid 596] close(29) = -1 EBADF (Bad file descriptor) [pid 596] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 596] exit_group(0) = ? [pid 596] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 126.953009][ T383] ? shrink_dentry_list+0x4ec/0x500 [ 126.958000][ T596] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.962658][ T383] ? __kasan_check_write+0x14/0x20 [ 126.970595][ T596] ? __kasan_check_write+0x14/0x20 [ 126.970613][ T596] ? _copy_from_iter+0x3fb/0xd60 [ 126.976126][ T383] namespace_unlock+0x448/0x4f0 [ 126.982242][ T596] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 126.982251][ T596] cgroup_file_write+0x28e/0x590 [ 126.982265][ T596] ? cgroup_seqfile_stop+0xc0/0xc0 [ 126.986826][ T383] ? umount_tree+0xf50/0xf50 [ 126.995716][ T596] ? mutex_lock+0xa6/0x110 [ 126.995726][ T596] ? mutex_trylock+0xb0/0xb0 [ 126.995735][ T596] ? __kasan_check_write+0x14/0x20 [ 126.995744][ T596] kernfs_fop_write_iter+0x2d0/0x410 [ 126.995758][ T596] ? cgroup_seqfile_stop+0xc0/0xc0 [ 127.000758][ T383] ? __detach_mounts+0x670/0x670 [ 127.005310][ T596] vfs_write+0xc1c/0xf40 [ 127.010393][ T383] ? selinux_umount+0xf0/0x130 [ 127.014942][ T596] ? __kasan_check_write+0x14/0x20 [ 127.021503][ T383] ? security_sb_umount+0x9d/0xb0 [ 127.026143][ T596] ? kernel_write+0x3c0/0x3c0 [ 127.031143][ T383] path_umount+0xf03/0xfb0 [ 127.036300][ T596] ? _raw_spin_unlock_irq+0x4e/0x70 [ 127.044253][ T383] ? namespace_unlock+0x4f0/0x4f0 [ 127.049060][ T596] ? ptrace_stop+0x6ff/0x9f0 [ 127.054945][ T383] ? user_path_at_empty+0x40/0x50 [ 127.062858][ T596] ? __kasan_check_read+0x11/0x20 [ 127.062874][ T596] ? __fdget_pos+0x27e/0x310 [ 127.068039][ T383] __x64_sys_umount+0x122/0x170 [ 127.072850][ T596] ksys_write+0x198/0x2c0 [ 127.072861][ T596] ? do_notify_parent+0xa60/0xa60 [ 127.072876][ T596] ? __ia32_sys_read+0x90/0x90 [ 127.080828][ T383] ? path_umount+0xfb0/0xfb0 [ 127.085379][ T596] ? __ia32_sys_open+0x270/0x270 [ 127.088650][ T383] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 127.094067][ T596] __x64_sys_write+0x7b/0x90 [ 127.094076][ T596] do_syscall_64+0x34/0x70 [ 127.094091][ T596] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 127.098652][ T383] do_syscall_64+0x34/0x70 [ 127.103722][ T596] RIP: 0033:0x7fc8ece62c09 [ 127.103733][ T596] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.103746][ T596] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 127.108219][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 127.113459][ T596] ORIG_RAX: 0000000000000001 [ 127.113467][ T596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 127.113473][ T596] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 127.113479][ T596] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 127.113491][ T596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 127.119446][ T383] RIP: 0033:0x7fc8ece63fb7 [ 127.124626][ T596] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000022 [ 127.141277][ T596] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 127.145721][ T383] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.145728][ T383] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 127.145748][ T383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 127.441193][ T383] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 127.449153][ T383] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 127.457148][ T383] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [pid 381] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] <... umount2 resumed>) = 0 [pid 381] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./34/binderfs", [pid 383] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./34/binderfs") = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 600] <... openat resumed>) = 5 [pid 381] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 600] write(5, "22", 2) = 2 [pid 383] lstat("./30/file0", [pid 381] unlink("./34/cgroup" [pid 600] write(4, "+pids ", 6 [pid 381] <... unlink resumed>) = 0 [pid 381] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./34/cgroup.net") = 0 [pid 381] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... umount2 resumed>) = 0 [pid 381] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./34/file0" [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... rmdir resumed>) = 0 [pid 383] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 381] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./34/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./34") = 0 [pid 383] <... openat resumed>) = 4 [pid 381] mkdir("./35", 0777 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, [pid 381] <... mkdir resumed>) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 603 attached [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 37 [pid 603] chdir("./35" [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 603] <... chdir resumed>) = 0 [pid 383] rmdir("./30/file0" [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 383] <... rmdir resumed>) = 0 [pid 603] <... prctl resumed>) = 0 [pid 383] umount2("./30/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 603] setpgid(0, 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./30/cgroup.cpu", [pid 603] <... setpgid resumed>) = 0 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./30/cgroup.cpu") = 0 [pid 383] getdents64(3, [pid 603] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 383] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./30" [pid 603] <... symlink resumed>) = 0 [pid 383] <... rmdir resumed>) = 0 [pid 603] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 383] mkdir("./31", 0777 [pid 603] <... symlink resumed>) = 0 [pid 383] <... mkdir resumed>) = 0 [pid 603] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 33 [pid 603] <... symlink resumed>) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 604 attached [pid 603] write(3, "1000", 4 [pid 604] chdir("./31") = 0 [pid 604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 604] setpgid(0, 0) = 0 [pid 604] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 604] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 603] <... write resumed>) = 4 [pid 604] <... symlink resumed>) = 0 [pid 603] close(3 [pid 604] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 603] <... close resumed>) = 0 [pid 604] <... symlink resumed>) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs" [pid 604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] <... symlink resumed>) = 0 [pid 604] write(3, "1000", 4) = 4 [pid 603] mkdirat(AT_FDCWD, "./file0", 000 [pid 604] close(3) = 0 [pid 604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 604] mkdirat(AT_FDCWD, "./file0", 000 [pid 603] <... mkdirat resumed>) = 0 [pid 604] <... mkdirat resumed>) = 0 [pid 604] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 603] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 604] <... mount resumed>) = 0 [pid 604] open("./file0", O_RDONLY) = 3 [pid 603] <... mount resumed>) = 0 [pid 604] openat(3, "cgroup.subtree_control", O_RDWR [pid 603] open("./file0", O_RDONLY [pid 604] <... openat resumed>) = 4 [pid 604] write(4, "-pids ", 6 [pid 603] <... open resumed>) = 3 [pid 603] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 127.467243][ T383] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000001f [ 127.475241][ T383] ---[ end trace d4de1ca9cdcd1983 ]--- [ 127.510576][ T598] FAULT_INJECTION: forcing a failure. [pid 603] write(4, "-pids ", 6) = 6 [ 127.510576][ T598] name failslab, interval 1, probability 0, space 0, times 0 [ 127.524922][ T598] CPU: 0 PID: 598 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 127.536624][ T598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.546656][ T598] Call Trace: [ 127.549924][ T598] dump_stack_lvl+0x1e2/0x24b [ 127.554574][ T598] ? panic+0x7d7/0x7d7 [ 127.558623][ T598] ? bfq_pos_tree_add_move+0x43e/0x43e [ 127.564055][ T598] ? find_next_bit+0xd6/0x120 [ 127.568707][ T598] ? cpumask_next+0x11/0x30 [ 127.573182][ T598] dump_stack+0x15/0x17 [ 127.577310][ T598] should_fail+0x3c0/0x510 [ 127.581698][ T598] ? percpu_ref_init+0xd0/0x330 [ 127.586519][ T598] __should_failslab+0x9f/0xe0 [ 127.591254][ T598] should_failslab+0x9/0x20 [ 127.595729][ T598] kmem_cache_alloc_trace+0x3a/0x330 [ 127.600984][ T598] percpu_ref_init+0xd0/0x330 [ 127.605631][ T598] ? cgroup_setup_root+0xea0/0xea0 [ 127.610714][ T598] cgroup_apply_control_enable+0x3a2/0x12f0 [ 127.616579][ T598] cgroup_apply_control+0x93/0x710 [ 127.621673][ T598] ? css_next_child+0x160/0x160 [ 127.626493][ T598] ? io_schedule+0x120/0x120 [ 127.631053][ T598] ? kernfs_fop_write_iter+0x15e/0x410 [ 127.636481][ T598] ? __kasan_check_write+0x14/0x20 [ 127.641561][ T598] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 127.646839][ T598] cgroup_subtree_control_write+0xd19/0x1310 [ 127.652790][ T598] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 127.658745][ T598] ? __kasan_check_write+0x14/0x20 [ 127.663834][ T598] ? _copy_from_iter+0x3fb/0xd60 [ 127.668745][ T598] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 127.674693][ T598] cgroup_file_write+0x28e/0x590 [ 127.679602][ T598] ? cgroup_seqfile_stop+0xc0/0xc0 [ 127.684684][ T598] ? mutex_lock+0xa6/0x110 [ 127.689079][ T598] ? mutex_trylock+0xb0/0xb0 [ 127.693644][ T598] ? __kasan_check_write+0x14/0x20 [ 127.698728][ T598] kernfs_fop_write_iter+0x2d0/0x410 [ 127.703985][ T598] ? cgroup_seqfile_stop+0xc0/0xc0 [ 127.709069][ T598] vfs_write+0xc1c/0xf40 [ 127.713286][ T598] ? __kasan_check_write+0x14/0x20 [ 127.718372][ T598] ? kernel_write+0x3c0/0x3c0 [ 127.723018][ T598] ? _raw_spin_unlock_irq+0x4e/0x70 [ 127.728189][ T598] ? ptrace_stop+0x6ff/0x9f0 [ 127.732752][ T598] ? __kasan_check_read+0x11/0x20 [ 127.737749][ T598] ? __fdget_pos+0x27e/0x310 [ 127.742309][ T598] ksys_write+0x198/0x2c0 [ 127.746613][ T598] ? do_notify_parent+0xa60/0xa60 [ 127.751607][ T598] ? __ia32_sys_read+0x90/0x90 [ 127.756339][ T598] ? __ia32_sys_open+0x270/0x270 [ 127.761247][ T598] __x64_sys_write+0x7b/0x90 [ 127.765807][ T598] do_syscall_64+0x34/0x70 [ 127.770199][ T598] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 127.776073][ T598] RIP: 0033:0x7fc8ece62c09 [ 127.780461][ T598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 127.800035][ T598] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.808442][ T598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 127.816389][ T598] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 603] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 603] write(5, "22", 2) = 2 [pid 603] write(4, "+pids ", 6write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 598] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 598] close(3) = 0 [pid 598] close(4) = 0 [pid 598] close(5) = 0 [pid 598] close(6) = -1 EBADF (Bad file descriptor) [pid 598] close(7) = -1 EBADF (Bad file descriptor) [pid 598] close(8) = -1 EBADF (Bad file descriptor) [pid 598] close(9) = -1 EBADF (Bad file descriptor) [pid 598] close(10) = -1 EBADF (Bad file descriptor) [pid 598] close(11) = -1 EBADF (Bad file descriptor) [pid 598] close(12) = -1 EBADF (Bad file descriptor) [pid 598] close(13) = -1 EBADF (Bad file descriptor) [pid 598] close(14) = -1 EBADF (Bad file descriptor) [pid 598] close(15) = -1 EBADF (Bad file descriptor) [pid 598] close(16) = -1 EBADF (Bad file descriptor) [pid 598] close(17) = -1 EBADF (Bad file descriptor) [pid 598] close(18) = -1 EBADF (Bad file descriptor) [pid 598] close(19) = -1 EBADF (Bad file descriptor) [pid 598] close(20) = -1 EBADF (Bad file descriptor) [pid 598] close(21) = -1 EBADF (Bad file descriptor) [pid 598] close(22) = -1 EBADF (Bad file descriptor) [pid 598] close(23) = -1 EBADF (Bad file descriptor) [pid 598] close(24) = -1 EBADF (Bad file descriptor) [pid 598] close(25) = -1 EBADF (Bad file descriptor) [pid 598] close(26) = -1 EBADF (Bad file descriptor) [pid 598] close(27) = -1 EBADF (Bad file descriptor) [pid 598] close(28) = -1 EBADF (Bad file descriptor) [pid 598] close(29) = -1 EBADF (Bad file descriptor) [pid 598] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 598] exit_group(0) = ? [pid 598] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=34, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./32/binderfs") = 0 [pid 380] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./32/cgroup") = 0 [pid 380] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./32/cgroup.net") = 0 [pid 380] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./32/file0") = 0 [pid 380] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./32/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./32") = 0 [pid 380] mkdir("./33", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 605 attached , child_tidptr=0x555556fab5d0) = 35 [pid 605] chdir("./33") = 0 [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 605] setpgid(0, 0) = 0 [pid 605] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 605] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 605] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 605] write(3, "1000", 4) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 605] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 605] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 605] open("./file0", O_RDONLY) = 3 [pid 605] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 127.824329][ T598] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 127.832273][ T598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 127.840310][ T598] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000020 [pid 605] write(4, "-pids ", 6 [pid 602] <... write resumed>) = 6 [pid 601] <... write resumed>) = 6 [pid 601] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 601] write(5, "22", 2) = 2 [pid 601] write(4, "+pids ", 6 [pid 602] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 602] write(5, "22", 2) = 2 [ 127.870512][ T600] FAULT_INJECTION: forcing a failure. [ 127.870512][ T600] name failslab, interval 1, probability 0, space 0, times 0 [ 127.883286][ T600] CPU: 1 PID: 600 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 127.894903][ T600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.904945][ T600] Call Trace: [ 127.908213][ T600] dump_stack_lvl+0x1e2/0x24b [ 127.912877][ T600] ? panic+0x7d7/0x7d7 [ 127.916943][ T600] ? bfq_pos_tree_add_move+0x43e/0x43e [ 127.922398][ T600] ? find_next_bit+0xd6/0x120 [ 127.927062][ T600] ? cpumask_next+0x11/0x30 [ 127.931545][ T600] dump_stack+0x15/0x17 [ 127.935676][ T600] should_fail+0x3c0/0x510 [ 127.940070][ T600] ? percpu_ref_init+0xd0/0x330 [ 127.944897][ T600] __should_failslab+0x9f/0xe0 [ 127.949633][ T600] should_failslab+0x9/0x20 [ 127.954121][ T600] kmem_cache_alloc_trace+0x3a/0x330 [ 127.959388][ T600] percpu_ref_init+0xd0/0x330 [ 127.964049][ T600] ? cgroup_setup_root+0xea0/0xea0 [ 127.969153][ T600] cgroup_apply_control_enable+0x3a2/0x12f0 [ 127.975039][ T600] cgroup_apply_control+0x93/0x710 [ 127.980135][ T600] ? css_next_child+0x160/0x160 [ 127.984966][ T600] ? io_schedule+0x120/0x120 [ 127.989534][ T600] ? kernfs_fop_write_iter+0x15e/0x410 [ 127.994966][ T600] ? __kasan_check_write+0x14/0x20 [ 128.000054][ T600] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 128.005316][ T600] cgroup_subtree_control_write+0xd19/0x1310 [ 128.011293][ T600] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.017276][ T600] ? __kasan_check_write+0x14/0x20 [ 128.022380][ T600] ? _copy_from_iter+0x3fb/0xd60 [ 128.027304][ T600] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.033267][ T600] cgroup_file_write+0x28e/0x590 [ 128.038200][ T600] ? cgroup_seqfile_stop+0xc0/0xc0 [ 128.043306][ T600] ? mutex_lock+0xa6/0x110 [ 128.047712][ T600] ? mutex_trylock+0xb0/0xb0 [ 128.052289][ T600] ? __kasan_check_write+0x14/0x20 [ 128.057392][ T600] kernfs_fop_write_iter+0x2d0/0x410 [ 128.062676][ T600] ? cgroup_seqfile_stop+0xc0/0xc0 [ 128.067788][ T600] vfs_write+0xc1c/0xf40 [ 128.072016][ T600] ? __kasan_check_write+0x14/0x20 [ 128.077102][ T600] ? kernel_write+0x3c0/0x3c0 [ 128.081760][ T600] ? _raw_spin_unlock_irq+0x4e/0x70 [ 128.086948][ T600] ? ptrace_stop+0x6ff/0x9f0 [ 128.091542][ T600] ? __kasan_check_read+0x11/0x20 [ 128.096549][ T600] ? __fdget_pos+0x27e/0x310 [ 128.101125][ T600] ksys_write+0x198/0x2c0 [ 128.105441][ T600] ? do_notify_parent+0xa60/0xa60 [ 128.110443][ T600] ? __ia32_sys_read+0x90/0x90 [ 128.115184][ T600] ? __ia32_sys_open+0x270/0x270 [ 128.120096][ T600] __x64_sys_write+0x7b/0x90 [ 128.124667][ T600] do_syscall_64+0x34/0x70 [ 128.129061][ T600] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 128.134927][ T600] RIP: 0033:0x7fc8ece62c09 [ 128.139321][ T600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.158905][ T600] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 602] write(4, "+pids ", 6 [pid 600] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 600] close(3) = 0 [pid 600] close(4) = 0 [pid 600] close(5) = 0 [pid 600] close(6) = -1 EBADF (Bad file descriptor) [pid 600] close(7) = -1 EBADF (Bad file descriptor) [pid 600] close(8) = -1 EBADF (Bad file descriptor) [pid 600] close(9) = -1 EBADF (Bad file descriptor) [pid 600] close(10) = -1 EBADF (Bad file descriptor) [pid 600] close(11) = -1 EBADF (Bad file descriptor) [pid 600] close(12) = -1 EBADF (Bad file descriptor) [pid 600] close(13) = -1 EBADF (Bad file descriptor) [pid 600] close(14) = -1 EBADF (Bad file descriptor) [pid 600] close(15) = -1 EBADF (Bad file descriptor) [pid 600] close(16) = -1 EBADF (Bad file descriptor) [pid 600] close(17) = -1 EBADF (Bad file descriptor) [pid 600] close(18) = -1 EBADF (Bad file descriptor) [pid 600] close(19) = -1 EBADF (Bad file descriptor) [pid 600] close(20) = -1 EBADF (Bad file descriptor) [pid 600] close(21) = -1 EBADF (Bad file descriptor) [pid 600] close(22) = -1 EBADF (Bad file descriptor) [pid 600] close(23) = -1 EBADF (Bad file descriptor) [pid 600] close(24) = -1 EBADF (Bad file descriptor) [pid 600] close(25) = -1 EBADF (Bad file descriptor) [pid 600] close(26) = -1 EBADF (Bad file descriptor) [pid 600] close(27) = -1 EBADF (Bad file descriptor) [pid 600] close(28) = -1 EBADF (Bad file descriptor) [pid 600] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 600] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 600] exit_group(0) = ? [pid 600] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [ 128.167305][ T600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 128.175268][ T600] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 128.183219][ T600] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 128.191173][ T600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 128.199133][ T600] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [pid 604] <... write resumed>) = 6 [pid 604] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 604] write(5, "22", 2) = 2 [pid 604] write(4, "+pids ", 6 [pid 382] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./39/binderfs") = 0 [pid 382] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./39/cgroup") = 0 [pid 382] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./39/cgroup.net") = 0 [ 128.220664][ T601] FAULT_INJECTION: forcing a failure. [ 128.220664][ T601] name failslab, interval 1, probability 0, space 0, times 0 [ 128.233370][ T601] CPU: 1 PID: 601 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 128.245005][ T601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.255050][ T601] Call Trace: [ 128.258341][ T601] dump_stack_lvl+0x1e2/0x24b [ 128.263005][ T601] ? bfq_pos_tree_add_move+0x43e/0x43e [ 128.268450][ T601] ? selinux_kernfs_init_security+0x1a8/0x760 [ 128.274553][ T601] dump_stack+0x15/0x17 [ 128.278814][ T601] should_fail+0x3c0/0x510 [ 128.283230][ T601] ? __kernfs_new_node+0x99/0x6e0 [ 128.288249][ T601] __should_failslab+0x9f/0xe0 [ 128.293010][ T601] should_failslab+0x9/0x20 [ 128.297490][ T601] __kmalloc_track_caller+0x5f/0x350 [ 128.302763][ T601] kstrdup_const+0x55/0x90 [ 128.307704][ T601] __kernfs_new_node+0x99/0x6e0 [ 128.312538][ T601] ? is_module_text_address+0xe1/0x140 [ 128.317977][ T601] ? kernfs_new_node+0x170/0x170 [ 128.322903][ T601] ? ptr_to_hashval+0x60/0x60 [ 128.327553][ T601] ? arch_stack_walk+0xf8/0x140 [ 128.332377][ T601] ? snprintf+0xd6/0x120 [ 128.336605][ T601] kernfs_new_node+0x97/0x170 [ 128.341261][ T601] __kernfs_create_file+0x4a/0x270 [ 128.346354][ T601] cgroup_addrm_files+0xab8/0xfe0 [ 128.351379][ T601] ? ____kasan_kmalloc+0xdc/0x110 [ 128.356383][ T601] ? __kasan_kmalloc+0x9/0x10 [ 128.361040][ T601] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 128.366577][ T601] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 128.372714][ T601] ? delete_node+0x759/0x7b0 [ 128.377290][ T601] ? __kasan_check_read+0x11/0x20 [ 128.382306][ T601] ? delete_node+0x759/0x7b0 [ 128.386880][ T601] ? __kasan_check_write+0x14/0x20 [ 128.391974][ T601] ? idr_replace+0x1c4/0x230 [ 128.396549][ T601] ? idr_get_next+0x4b0/0x4b0 [ 128.401201][ T601] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 128.406206][ T601] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 128.411381][ T601] css_populate_dir+0x137/0x370 [ 128.416221][ T601] cgroup_apply_control_enable+0x8b9/0x12f0 [ 128.422099][ T601] cgroup_apply_control+0x93/0x710 [ 128.427194][ T601] ? css_next_child+0x160/0x160 [ 128.432028][ T601] ? stack_trace_save+0x12d/0x1f0 [ 128.437041][ T601] ? io_schedule+0x120/0x120 [ 128.441619][ T601] ? kernfs_fop_write_iter+0x15e/0x410 [ 128.447058][ T601] ? __kasan_check_write+0x14/0x20 [ 128.452149][ T601] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 128.457410][ T601] cgroup_subtree_control_write+0xd19/0x1310 [ 128.463372][ T601] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.469326][ T601] ? __kasan_check_write+0x14/0x20 [ 128.474422][ T601] ? _copy_from_iter+0x3fb/0xd60 [ 128.479351][ T601] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.485321][ T601] cgroup_file_write+0x28e/0x590 [ 128.490246][ T601] ? cgroup_seqfile_stop+0xc0/0xc0 [ 128.495350][ T601] ? mutex_lock+0xa6/0x110 [ 128.499744][ T601] ? mutex_trylock+0xb0/0xb0 [ 128.504309][ T601] ? __kasan_check_write+0x14/0x20 [ 128.509409][ T601] kernfs_fop_write_iter+0x2d0/0x410 [ 128.514767][ T601] ? cgroup_seqfile_stop+0xc0/0xc0 [ 128.519853][ T601] vfs_write+0xc1c/0xf40 [ 128.524074][ T601] ? __kasan_check_write+0x14/0x20 [ 128.529161][ T601] ? kernel_write+0x3c0/0x3c0 [ 128.533813][ T601] ? _raw_spin_unlock_irq+0x4e/0x70 [ 128.538986][ T601] ? ptrace_stop+0x6ff/0x9f0 [ 128.543554][ T601] ? __kasan_check_read+0x11/0x20 [ 128.548553][ T601] ? __fdget_pos+0x27e/0x310 [ 128.553116][ T601] ksys_write+0x198/0x2c0 [ 128.557421][ T601] ? do_notify_parent+0xa60/0xa60 [ 128.562421][ T601] ? __ia32_sys_read+0x90/0x90 [ 128.567160][ T601] ? __ia32_sys_open+0x270/0x270 [ 128.572072][ T601] __x64_sys_write+0x7b/0x90 [ 128.576639][ T601] do_syscall_64+0x34/0x70 [ 128.581032][ T601] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 128.586904][ T601] RIP: 0033:0x7fc8ece62c09 [ 128.591297][ T601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 128.610875][ T601] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 382] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./39/file0") = 0 [pid 382] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./39/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./39") = 0 [pid 382] mkdir("./40", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 42 ./strace-static-x86_64: Process 606 attached [pid 606] chdir("./40") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 606] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 606] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 606] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 606] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 601] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 606] <... mount resumed>) = 0 [pid 601] close(3 [pid 606] open("./file0", O_RDONLY) = 3 [pid 606] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 606] write(4, "-pids ", 6 [pid 601] <... close resumed>) = 0 [pid 601] close(4) = 0 [pid 601] close(5) = 0 [pid 601] close(6) = -1 EBADF (Bad file descriptor) [pid 601] close(7) = -1 EBADF (Bad file descriptor) [pid 601] close(8) = -1 EBADF (Bad file descriptor) [pid 601] close(9) = -1 EBADF (Bad file descriptor) [pid 601] close(10) = -1 EBADF (Bad file descriptor) [pid 601] close(11) = -1 EBADF (Bad file descriptor) [pid 601] close(12) = -1 EBADF (Bad file descriptor) [pid 601] close(13) = -1 EBADF (Bad file descriptor) [pid 601] close(14) = -1 EBADF (Bad file descriptor) [pid 601] close(15) = -1 EBADF (Bad file descriptor) [pid 601] close(16) = -1 EBADF (Bad file descriptor) [pid 601] close(17) = -1 EBADF (Bad file descriptor) [pid 601] close(18) = -1 EBADF (Bad file descriptor) [pid 601] close(19) = -1 EBADF (Bad file descriptor) [pid 601] close(20) = -1 EBADF (Bad file descriptor) [pid 601] close(21) = -1 EBADF (Bad file descriptor) [pid 601] close(22) = -1 EBADF (Bad file descriptor) [pid 601] close(23) = -1 EBADF (Bad file descriptor) [pid 601] close(24) = -1 EBADF (Bad file descriptor) [pid 601] close(25) = -1 EBADF (Bad file descriptor) [pid 601] close(26) = -1 EBADF (Bad file descriptor) [pid 601] close(27) = -1 EBADF (Bad file descriptor) [pid 601] close(28) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 601] close(29) = -1 EBADF (Bad file descriptor) [pid 601] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 601] exit_group(0) = ? [pid 601] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./39/binderfs") = 0 [pid 375] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./39/cgroup") = 0 [pid 375] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./39/cgroup.net") = 0 [ 128.619262][ T601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 128.627212][ T601] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 128.635159][ T601] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 128.643107][ T601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 128.651056][ T601] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [ 128.659973][ T601] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 128.676756][ T375] ------------[ cut here ]------------ [ 128.682260][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 128.691225][ T375] Modules linked in: [ 128.695103][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 128.706720][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.710396][ T603] FAULT_INJECTION: forcing a failure. [ 128.710396][ T603] name failslab, interval 1, probability 0, space 0, times 0 [ 128.716785][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 128.716802][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 128.741670][ T603] CPU: 1 PID: 603 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 128.754579][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 128.766139][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.766143][ T603] Call Trace: [ 128.766160][ T603] dump_stack_lvl+0x1e2/0x24b [ 128.766177][ T603] ? bfq_pos_tree_add_move+0x43e/0x43e [ 128.772208][ T375] [ 128.782279][ T603] ? selinux_kernfs_init_security+0x1a8/0x760 [ 128.782288][ T603] dump_stack+0x15/0x17 [ 128.782307][ T603] should_fail+0x3c0/0x510 [ 128.785567][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 128.790206][ T603] ? __kernfs_new_node+0x99/0x6e0 [ 128.790216][ T603] __should_failslab+0x9f/0xe0 [ 128.790232][ T603] should_failslab+0x9/0x20 [ 128.795657][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 128.797960][ T603] __kmalloc_track_caller+0x5f/0x350 [ 128.803997][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 128.808119][ T603] kstrdup_const+0x55/0x90 [ 128.812528][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 128.820445][ T603] __kernfs_new_node+0x99/0x6e0 [ 128.820455][ T603] ? is_module_text_address+0xe1/0x140 [ 128.820470][ T603] ? kernfs_new_node+0x170/0x170 [ 128.825463][ T375] R13: ffff888117099dc0 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 128.830189][ T603] ? ptr_to_hashval+0x60/0x60 [ 128.830198][ T603] ? arch_stack_walk+0xf8/0x140 [ 128.830213][ T603] ? snprintf+0xd6/0x120 [ 128.834683][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 128.842617][ T603] kernfs_new_node+0x97/0x170 [ 128.842627][ T603] __kernfs_create_file+0x4a/0x270 [ 128.842636][ T603] cgroup_addrm_files+0xab8/0xfe0 [ 128.842655][ T603] ? ____kasan_kmalloc+0xdc/0x110 [ 128.847907][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.855846][ T603] ? __kasan_kmalloc+0x9/0x10 [ 128.855856][ T603] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 128.855872][ T603] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 128.860260][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 128.868199][ T603] ? delete_node+0x759/0x7b0 [ 128.873031][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.878437][ T603] ? __kasan_check_read+0x11/0x20 [ 128.878445][ T603] ? delete_node+0x759/0x7b0 [ 128.878460][ T603] ? __kasan_check_write+0x14/0x20 [ 128.883369][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.891301][ T603] ? idr_replace+0x1c4/0x230 [ 128.891317][ T603] ? idr_get_next+0x4b0/0x4b0 [ 128.895953][ T375] Call Trace: [ 128.900768][ T603] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 128.900776][ T603] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 128.900786][ T603] css_populate_dir+0x137/0x370 [ 128.900803][ T603] cgroup_apply_control_enable+0x8b9/0x12f0 [ 128.905013][ T375] ? io_schedule+0x120/0x120 [ 128.913907][ T603] cgroup_apply_control+0x93/0x710 [ 128.913927][ T603] ? css_next_child+0x160/0x160 [ 128.918743][ T375] ? vfs_submount+0xb0/0xb0 [ 128.923815][ T603] ? io_schedule+0x120/0x120 [ 128.923825][ T603] ? kernfs_fop_write_iter+0x15e/0x410 [ 128.923840][ T603] ? __kasan_check_write+0x14/0x20 [ 128.928831][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 128.933815][ T603] ? cgroup_kn_lock_live+0x1b0/0x2f0 [pid 375] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 605] <... write resumed>) = 6 [ 128.933825][ T603] cgroup_subtree_control_write+0xd19/0x1310 [ 128.933841][ T603] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.940402][ T375] ? __kasan_check_write+0x14/0x20 [ 128.945041][ T603] ? __kasan_check_write+0x14/0x20 [ 128.950559][ T375] namespace_unlock+0x448/0x4f0 [ 128.956675][ T603] ? _copy_from_iter+0x3fb/0xd60 [ 128.964634][ T375] ? umount_tree+0xf50/0xf50 [ 128.969171][ T603] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 128.977120][ T375] ? __detach_mounts+0x670/0x670 [ 128.982099][ T603] cgroup_file_write+0x28e/0x590 [ 128.982114][ T603] ? cgroup_seqfile_stop+0xc0/0xc0 [ 128.986672][ T375] ? selinux_umount+0xf0/0x130 [ 128.991744][ T603] ? mutex_lock+0xa6/0x110 [ 128.991753][ T603] ? mutex_trylock+0xb0/0xb0 [ 128.991769][ T603] ? __kasan_check_write+0x14/0x20 [ 128.999710][ T375] ? security_sb_umount+0x9d/0xb0 [ 129.004263][ T603] kernfs_fop_write_iter+0x2d0/0x410 [ 129.004278][ T603] ? cgroup_seqfile_stop+0xc0/0xc0 [ 129.008924][ T375] path_umount+0xf03/0xfb0 [ 129.012172][ T603] vfs_write+0xc1c/0xf40 [ 129.012189][ T603] ? __kasan_check_write+0x14/0x20 [ 129.017185][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 129.022344][ T603] ? kernel_write+0x3c0/0x3c0 [ 129.022352][ T603] ? _raw_spin_unlock_irq+0x4e/0x70 [ 129.022361][ T603] ? ptrace_stop+0x6ff/0x9f0 [ 129.022376][ T603] ? __kasan_check_read+0x11/0x20 [ 129.027196][ T375] ? user_path_at_empty+0x40/0x50 [ 129.033050][ T603] ? __fdget_pos+0x27e/0x310 [ 129.033060][ T603] ksys_write+0x198/0x2c0 [ 129.033076][ T603] ? do_notify_parent+0xa60/0xa60 [ 129.037633][ T375] __x64_sys_umount+0x122/0x170 [ 129.042703][ T603] ? __ia32_sys_read+0x90/0x90 [ 129.042712][ T603] ? __ia32_sys_open+0x270/0x270 [ 129.042727][ T603] __x64_sys_write+0x7b/0x90 [ 129.047543][ T375] ? path_umount+0xfb0/0xfb0 [ 129.052011][ T603] do_syscall_64+0x34/0x70 [ 129.052027][ T603] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 129.056588][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 129.062007][ T603] RIP: 0033:0x7fc8ece62c09 [ 129.062026][ T603] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 129.067107][ T375] do_syscall_64+0x34/0x70 [ 129.072264][ T603] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.072284][ T603] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 129.077541][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 129.083483][ T603] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 129.083490][ T603] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 129.083496][ T603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 129.083502][ T603] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [ 129.348326][ T375] RIP: 0033:0x7fc8ece63fb7 [ 129.352768][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 605] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 605] write(5, "22", 2) = 2 [ 129.372372][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 129.380819][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 129.388782][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 129.396756][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 129.404725][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 129.412705][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000028 [ 129.420689][ T375] ---[ end trace d4de1ca9cdcd1984 ]--- [pid 605] write(4, "+pids ", 6 [pid 603] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 603] close(3) = 0 [pid 603] close(4) = 0 [pid 603] close(5) = 0 [pid 603] close(6) = -1 EBADF (Bad file descriptor) [pid 603] close(7) = -1 EBADF (Bad file descriptor) [pid 603] close(8) = -1 EBADF (Bad file descriptor) [pid 603] close(9) = -1 EBADF (Bad file descriptor) [pid 603] close(10) = -1 EBADF (Bad file descriptor) [pid 603] close(11) = -1 EBADF (Bad file descriptor) [pid 603] close(12) = -1 EBADF (Bad file descriptor) [pid 603] close(13) = -1 EBADF (Bad file descriptor) [pid 603] close(14) = -1 EBADF (Bad file descriptor) [pid 603] close(15) = -1 EBADF (Bad file descriptor) [pid 603] close(16) = -1 EBADF (Bad file descriptor) [pid 603] close(17) = -1 EBADF (Bad file descriptor) [pid 603] close(18) = -1 EBADF (Bad file descriptor) [pid 603] close(19) = -1 EBADF (Bad file descriptor) [pid 603] close(20) = -1 EBADF (Bad file descriptor) [pid 603] close(21) = -1 EBADF (Bad file descriptor) [pid 603] close(22) = -1 EBADF (Bad file descriptor) [pid 603] close(23) = -1 EBADF (Bad file descriptor) [pid 603] close(24) = -1 EBADF (Bad file descriptor) [pid 603] close(25) = -1 EBADF (Bad file descriptor) [pid 603] close(26) = -1 EBADF (Bad file descriptor) [pid 603] close(27) = -1 EBADF (Bad file descriptor) [pid 603] close(28) = -1 EBADF (Bad file descriptor) [pid 603] close(29) = -1 EBADF (Bad file descriptor) [pid 603] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 603] exit_group(0) = ? [pid 603] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 129.426193][ T375] ------------[ cut here ]------------ [ 129.431688][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 129.440734][ T375] Modules linked in: [ 129.441159][ T603] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 129.444634][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 129.444641][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.444657][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 129.444673][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 129.498614][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 129.504705][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 129.512686][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 129.520677][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 129.528644][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 129.536624][ T375] R13: ffff888117099dc0 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 129.544599][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 129.553540][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.560112][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 129.568126][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 129.576104][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 129.584071][ T375] Call Trace: [ 129.587355][ T375] ? lockref_get_or_lock+0x340/0x340 [ 129.592650][ T375] ? umount_tree+0xf50/0xf50 [ 129.597226][ T375] ? vfs_submount+0xb0/0xb0 [ 129.601722][ T375] ? dput+0x2b6/0x320 [ 129.605682][ T375] path_umount+0x1fe/0xfb0 [ 129.610076][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 129.615099][ T375] ? user_path_at_empty+0x40/0x50 [ 129.620104][ T375] __x64_sys_umount+0x122/0x170 [ 129.624948][ T375] ? path_umount+0xfb0/0xfb0 [ 129.629516][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 129.635489][ T375] do_syscall_64+0x34/0x70 [ 129.639882][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 129.645773][ T375] RIP: 0033:0x7fc8ece63fb7 [ 129.650174][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 129.669801][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [pid 381] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] rmdir("./39/file0" [pid 381] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, [pid 375] <... rmdir resumed>) = 0 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, [pid 375] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./39/cgroup.cpu", [pid 381] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./39/cgroup.cpu" [pid 381] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./35/binderfs") = 0 [pid 375] <... unlink resumed>) = 0 [pid 381] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./35/cgroup" [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] <... unlink resumed>) = 0 [pid 381] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] close(3 [pid 381] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./35/cgroup.net" [pid 375] <... close resumed>) = 0 [pid 381] <... unlink resumed>) = 0 [pid 375] rmdir("./39" [pid 381] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] <... rmdir resumed>) = 0 [pid 381] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] mkdir("./40", 0777 [pid 381] <... openat resumed>) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, [pid 375] <... mkdir resumed>) = 0 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./35/file0" [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 381] <... rmdir resumed>) = 0 [pid 381] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 607 attached [pid 607] chdir("./40" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 42 [pid 607] <... chdir resumed>) = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 607] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 607] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 607] write(3, "1000", 4) = 4 [ 129.678208][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 129.686176][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 129.694145][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 129.702110][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 129.710058][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000028 [ 129.718039][ T375] ---[ end trace d4de1ca9cdcd1985 ]--- [pid 381] lstat("./35/cgroup.cpu", [pid 607] close(3) = 0 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] unlink("./35/cgroup.cpu" [pid 607] mkdirat(AT_FDCWD, "./file0", 000 [pid 381] <... unlink resumed>) = 0 [pid 607] <... mkdirat resumed>) = 0 [pid 607] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./35") = 0 [pid 381] mkdir("./36", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 38 ./strace-static-x86_64: Process 608 attached [pid 608] chdir("./36") = 0 [pid 608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 608] setpgid(0, 0) = 0 [pid 608] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 608] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 608] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 608] write(3, "1000", 4) = 4 [pid 608] close(3) = 0 [pid 608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 608] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 129.740797][ T605] FAULT_INJECTION: forcing a failure. [ 129.740797][ T605] name failslab, interval 1, probability 0, space 0, times 0 [ 129.753487][ T605] CPU: 1 PID: 605 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 129.765098][ T605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.775141][ T605] Call Trace: [ 129.778445][ T605] dump_stack_lvl+0x1e2/0x24b [ 129.783106][ T605] ? panic+0x7d7/0x7d7 [ 129.787157][ T605] ? bfq_pos_tree_add_move+0x43e/0x43e [ 129.792599][ T605] ? find_next_bit+0xd6/0x120 [ 129.797256][ T605] ? cpumask_next+0x11/0x30 [ 129.801752][ T605] dump_stack+0x15/0x17 [ 129.805889][ T605] should_fail+0x3c0/0x510 [ 129.810277][ T605] ? percpu_ref_init+0xd0/0x330 [ 129.815109][ T605] __should_failslab+0x9f/0xe0 [ 129.819862][ T605] should_failslab+0x9/0x20 [ 129.824344][ T605] kmem_cache_alloc_trace+0x3a/0x330 [ 129.829602][ T605] percpu_ref_init+0xd0/0x330 [ 129.834265][ T605] ? cgroup_setup_root+0xea0/0xea0 [ 129.839362][ T605] cgroup_apply_control_enable+0x3a2/0x12f0 [ 129.845235][ T605] cgroup_apply_control+0x93/0x710 [ 129.850331][ T605] ? css_next_child+0x160/0x160 [ 129.855170][ T605] ? io_schedule+0x120/0x120 [ 129.859734][ T605] ? kernfs_fop_write_iter+0x15e/0x410 [ 129.865164][ T605] ? __kasan_check_write+0x14/0x20 [ 129.870253][ T605] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 129.875512][ T605] cgroup_subtree_control_write+0xd19/0x1310 [ 129.881466][ T605] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 129.887421][ T605] ? __kasan_check_write+0x14/0x20 [ 129.892509][ T605] ? _copy_from_iter+0x3fb/0xd60 [ 129.897421][ T605] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 129.903386][ T605] cgroup_file_write+0x28e/0x590 [ 129.908304][ T605] ? cgroup_seqfile_stop+0xc0/0xc0 [ 129.913406][ T605] ? mutex_lock+0xa6/0x110 [ 129.917794][ T605] ? mutex_trylock+0xb0/0xb0 [ 129.922363][ T605] ? __kasan_check_write+0x14/0x20 [ 129.927463][ T605] kernfs_fop_write_iter+0x2d0/0x410 [ 129.932729][ T605] ? cgroup_seqfile_stop+0xc0/0xc0 [ 129.937822][ T605] vfs_write+0xc1c/0xf40 [ 129.942037][ T605] ? __kasan_check_write+0x14/0x20 [ 129.947130][ T605] ? kernel_write+0x3c0/0x3c0 [ 129.952108][ T605] ? _raw_spin_unlock_irq+0x4e/0x70 [ 129.957289][ T605] ? ptrace_stop+0x6ff/0x9f0 [ 129.961853][ T605] ? __kasan_check_read+0x11/0x20 [ 129.966856][ T605] ? __fdget_pos+0x27e/0x310 [ 129.971429][ T605] ksys_write+0x198/0x2c0 [ 129.975739][ T605] ? do_notify_parent+0xa60/0xa60 [ 129.980738][ T605] ? __ia32_sys_read+0x90/0x90 [ 129.985475][ T605] __x64_sys_write+0x7b/0x90 [ 129.990045][ T605] do_syscall_64+0x34/0x70 [ 129.994447][ T605] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 130.000319][ T605] RIP: 0033:0x7fc8ece62c09 [ 130.004710][ T605] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 130.024295][ T605] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.032696][ T605] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 608] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 607] <... mount resumed>) = 0 [pid 605] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 608] open("./file0", O_RDONLY [pid 607] open("./file0", O_RDONLY [pid 605] close(3 [pid 608] <... open resumed>) = 3 [pid 607] <... open resumed>) = 3 [pid 605] <... close resumed>) = 0 [pid 608] openat(3, "cgroup.subtree_control", O_RDWR [pid 607] openat(3, "cgroup.subtree_control", O_RDWR [pid 605] close(4 [pid 608] <... openat resumed>) = 4 [pid 607] <... openat resumed>) = 4 [pid 605] <... close resumed>) = 0 [pid 608] write(4, "-pids ", 6 [pid 607] write(4, "-pids ", 6 [pid 605] close(5) = 0 [pid 605] close(6) = -1 EBADF (Bad file descriptor) [pid 605] close(7) = -1 EBADF (Bad file descriptor) [pid 605] close(8) = -1 EBADF (Bad file descriptor) [pid 605] close(9) = -1 EBADF (Bad file descriptor) [pid 605] close(10) = -1 EBADF (Bad file descriptor) [pid 605] close(11) = -1 EBADF (Bad file descriptor) [pid 605] close(12) = -1 EBADF (Bad file descriptor) [pid 605] close(13) = -1 EBADF (Bad file descriptor) [pid 605] close(14) = -1 EBADF (Bad file descriptor) [pid 605] close(15) = -1 EBADF (Bad file descriptor) [pid 605] close(16) = -1 EBADF (Bad file descriptor) [pid 605] close(17) = -1 EBADF (Bad file descriptor) [pid 605] close(18) = -1 EBADF (Bad file descriptor) [pid 605] close(19) = -1 EBADF (Bad file descriptor) [pid 605] close(20) = -1 EBADF (Bad file descriptor) [pid 605] close(21) = -1 EBADF (Bad file descriptor) [pid 605] close(22) = -1 EBADF (Bad file descriptor) [pid 605] close(23) = -1 EBADF (Bad file descriptor) [pid 605] close(24) = -1 EBADF (Bad file descriptor) [pid 605] close(25) = -1 EBADF (Bad file descriptor) [pid 605] close(26) = -1 EBADF (Bad file descriptor) [pid 605] close(27) = -1 EBADF (Bad file descriptor) [pid 605] close(28) = -1 EBADF (Bad file descriptor) [pid 605] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 605] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 605] exit_group(0) = ? [pid 605] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./33/binderfs") = 0 [pid 380] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./33/cgroup") = 0 [pid 380] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./33/cgroup.net") = 0 [pid 380] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./33/file0") = 0 [pid 380] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./33/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./33") = 0 [pid 380] mkdir("./34", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 609 attached , child_tidptr=0x555556fab5d0) = 36 [pid 609] chdir("./34") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 609] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 609] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 609] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 609] open("./file0", O_RDONLY) = 3 [pid 609] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 130.040651][ T605] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 130.048625][ T605] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 130.056584][ T605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 130.064536][ T605] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000021 [pid 609] write(4, "-pids ", 6) = 6 [pid 608] <... write resumed>) = 6 [pid 607] <... write resumed>) = 6 [pid 609] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 608] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 607] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 609] <... openat resumed>) = 5 [pid 608] <... openat resumed>) = 5 [pid 607] <... openat resumed>) = 5 [pid 609] write(5, "22", 2 [pid 608] write(5, "22", 2 [pid 607] write(5, "22", 2 [pid 609] <... write resumed>) = 2 [pid 608] <... write resumed>) = 2 [pid 607] <... write resumed>) = 2 [pid 609] write(4, "+pids ", 6 [pid 608] write(4, "+pids ", 6 [ 130.100518][ T604] FAULT_INJECTION: forcing a failure. [ 130.100518][ T604] name failslab, interval 1, probability 0, space 0, times 0 [ 130.114931][ T604] CPU: 0 PID: 604 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 130.126550][ T604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.136711][ T604] Call Trace: [ 130.139980][ T604] dump_stack_lvl+0x1e2/0x24b [ 130.144639][ T604] ? panic+0x7d7/0x7d7 [ 130.148866][ T604] ? bfq_pos_tree_add_move+0x43e/0x43e [ 130.154304][ T604] ? find_next_bit+0xd6/0x120 [ 130.158955][ T604] ? cpumask_next+0x11/0x30 [ 130.163432][ T604] dump_stack+0x15/0x17 [ 130.167561][ T604] should_fail+0x3c0/0x510 [ 130.171958][ T604] ? percpu_ref_init+0xd0/0x330 [ 130.176792][ T604] __should_failslab+0x9f/0xe0 [ 130.181540][ T604] should_failslab+0x9/0x20 [ 130.186036][ T604] kmem_cache_alloc_trace+0x3a/0x330 [ 130.191306][ T604] percpu_ref_init+0xd0/0x330 [ 130.195974][ T604] ? cgroup_setup_root+0xea0/0xea0 [ 130.201070][ T604] cgroup_apply_control_enable+0x3a2/0x12f0 [ 130.206946][ T604] cgroup_apply_control+0x93/0x710 [ 130.212043][ T604] ? css_next_child+0x160/0x160 [ 130.216876][ T604] ? stack_trace_save+0x12d/0x1f0 [ 130.221883][ T604] ? io_schedule+0x120/0x120 [ 130.226455][ T604] ? kernfs_fop_write_iter+0x15e/0x410 [ 130.231894][ T604] ? __kasan_check_write+0x14/0x20 [ 130.236989][ T604] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 130.242248][ T604] cgroup_subtree_control_write+0xd19/0x1310 [ 130.248199][ T604] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 130.254161][ T604] ? __kasan_check_write+0x14/0x20 [ 130.259254][ T604] ? _copy_from_iter+0x3fb/0xd60 [ 130.264171][ T604] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 130.270130][ T604] cgroup_file_write+0x28e/0x590 [ 130.275047][ T604] ? cgroup_seqfile_stop+0xc0/0xc0 [ 130.280135][ T604] ? mutex_lock+0xa6/0x110 [ 130.284530][ T604] ? mutex_trylock+0xb0/0xb0 [ 130.289096][ T604] ? __kasan_check_write+0x14/0x20 [ 130.294191][ T604] kernfs_fop_write_iter+0x2d0/0x410 [ 130.299456][ T604] ? cgroup_seqfile_stop+0xc0/0xc0 [ 130.304549][ T604] vfs_write+0xc1c/0xf40 [ 130.308772][ T604] ? __kasan_check_write+0x14/0x20 [ 130.313862][ T604] ? kernel_write+0x3c0/0x3c0 [ 130.318511][ T604] ? _raw_spin_unlock_irq+0x4e/0x70 [ 130.323699][ T604] ? ptrace_stop+0x6ff/0x9f0 [ 130.328267][ T604] ? __kasan_check_read+0x11/0x20 [ 130.333265][ T604] ? __fdget_pos+0x27e/0x310 [ 130.337829][ T604] ksys_write+0x198/0x2c0 [ 130.342139][ T604] ? do_notify_parent+0xa60/0xa60 [ 130.347145][ T604] ? __ia32_sys_read+0x90/0x90 [ 130.351891][ T604] ? __ia32_sys_open+0x270/0x270 [ 130.356811][ T604] __x64_sys_write+0x7b/0x90 [ 130.361391][ T604] do_syscall_64+0x34/0x70 [ 130.365778][ T604] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 130.371641][ T604] RIP: 0033:0x7fc8ece62c09 [ 130.376030][ T604] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 607] write(4, "+pids ", 6 [pid 604] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 604] close(3) = 0 [pid 604] close(4) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = -1 EBADF (Bad file descriptor) [pid 604] close(7) = -1 EBADF (Bad file descriptor) [pid 604] close(8) = -1 EBADF (Bad file descriptor) [pid 604] close(9) = -1 EBADF (Bad file descriptor) [pid 604] close(10) = -1 EBADF (Bad file descriptor) [pid 604] close(11) = -1 EBADF (Bad file descriptor) [pid 604] close(12) = -1 EBADF (Bad file descriptor) [pid 604] close(13) = -1 EBADF (Bad file descriptor) [pid 604] close(14) = -1 EBADF (Bad file descriptor) [pid 604] close(15) = -1 EBADF (Bad file descriptor) [pid 604] close(16) = -1 EBADF (Bad file descriptor) [pid 604] close(17) = -1 EBADF (Bad file descriptor) [pid 604] close(18) = -1 EBADF (Bad file descriptor) [pid 604] close(19) = -1 EBADF (Bad file descriptor) [pid 604] close(20) = -1 EBADF (Bad file descriptor) [pid 604] close(21) = -1 EBADF (Bad file descriptor) [pid 604] close(22) = -1 EBADF (Bad file descriptor) [pid 604] close(23) = -1 EBADF (Bad file descriptor) [pid 604] close(24) = -1 EBADF (Bad file descriptor) [pid 604] close(25) = -1 EBADF (Bad file descriptor) [pid 604] close(26) = -1 EBADF (Bad file descriptor) [pid 604] close(27) = -1 EBADF (Bad file descriptor) [pid 604] close(28) = -1 EBADF (Bad file descriptor) [pid 604] close(29) = -1 EBADF (Bad file descriptor) [pid 604] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 604] exit_group(0) = ? [pid 604] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 130.395608][ T604] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.403994][ T604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 130.411940][ T604] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 130.420002][ T604] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 130.427963][ T604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 130.435914][ T604] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000001f [pid 383] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./31/binderfs") = 0 [pid 383] umount2("./31/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./31/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./31/cgroup") = 0 [pid 383] umount2("./31/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./31/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./31/cgroup.net") = 0 [ 130.460576][ T608] FAULT_INJECTION: forcing a failure. [ 130.460576][ T608] name failslab, interval 1, probability 0, space 0, times 0 [ 130.473241][ T608] CPU: 1 PID: 608 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 130.484875][ T608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.494926][ T608] Call Trace: [ 130.498207][ T608] dump_stack_lvl+0x1e2/0x24b [ 130.502871][ T608] ? bfq_pos_tree_add_move+0x43e/0x43e [ 130.508307][ T608] ? selinux_kernfs_init_security+0x1a8/0x760 [ 130.514347][ T608] dump_stack+0x15/0x17 [ 130.518477][ T608] should_fail+0x3c0/0x510 [ 130.522869][ T608] ? __kernfs_new_node+0x99/0x6e0 [ 130.527878][ T608] __should_failslab+0x9f/0xe0 [ 130.532641][ T608] should_failslab+0x9/0x20 [ 130.537122][ T608] __kmalloc_track_caller+0x5f/0x350 [ 130.542385][ T608] kstrdup_const+0x55/0x90 [ 130.546861][ T608] __kernfs_new_node+0x99/0x6e0 [ 130.551696][ T608] ? is_module_text_address+0xe1/0x140 [ 130.557149][ T608] ? kernfs_new_node+0x170/0x170 [ 130.562069][ T608] ? ptr_to_hashval+0x60/0x60 [ 130.566727][ T608] ? arch_stack_walk+0xf8/0x140 [ 130.571556][ T608] ? snprintf+0xd6/0x120 [ 130.575771][ T608] kernfs_new_node+0x97/0x170 [ 130.580442][ T608] __kernfs_create_file+0x4a/0x270 [ 130.585533][ T608] cgroup_addrm_files+0xab8/0xfe0 [ 130.590556][ T608] ? ____kasan_kmalloc+0xdc/0x110 [ 130.595558][ T608] ? __kasan_kmalloc+0x9/0x10 [ 130.600220][ T608] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 130.605741][ T608] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 130.611873][ T608] ? delete_node+0x759/0x7b0 [ 130.616449][ T608] ? __kasan_check_read+0x11/0x20 [ 130.621446][ T608] ? delete_node+0x759/0x7b0 [ 130.626107][ T608] ? __kasan_check_write+0x14/0x20 [ 130.631201][ T608] ? idr_replace+0x1c4/0x230 [ 130.635772][ T608] ? idr_get_next+0x4b0/0x4b0 [ 130.640458][ T608] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 130.645454][ T608] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 130.650626][ T608] css_populate_dir+0x137/0x370 [ 130.655462][ T608] cgroup_apply_control_enable+0x8b9/0x12f0 [ 130.661349][ T608] cgroup_apply_control+0x93/0x710 [ 130.666443][ T608] ? css_next_child+0x160/0x160 [ 130.671270][ T608] ? io_schedule+0x120/0x120 [ 130.675833][ T608] ? kernfs_fop_write_iter+0x15e/0x410 [ 130.681265][ T608] ? __kasan_check_write+0x14/0x20 [ 130.686371][ T608] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 130.691645][ T608] cgroup_subtree_control_write+0xd19/0x1310 [ 130.697606][ T608] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 130.703569][ T608] ? __kasan_check_write+0x14/0x20 [ 130.708663][ T608] ? _copy_from_iter+0x3fb/0xd60 [ 130.713587][ T608] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 130.719539][ T608] cgroup_file_write+0x28e/0x590 [ 130.724468][ T608] ? cgroup_seqfile_stop+0xc0/0xc0 [ 130.729564][ T608] ? mutex_lock+0xa6/0x110 [ 130.733962][ T608] ? mutex_trylock+0xb0/0xb0 [ 130.738549][ T608] ? __kasan_check_write+0x14/0x20 [ 130.743639][ T608] kernfs_fop_write_iter+0x2d0/0x410 [ 130.748901][ T608] ? cgroup_seqfile_stop+0xc0/0xc0 [ 130.753992][ T608] vfs_write+0xc1c/0xf40 [ 130.758211][ T608] ? __kasan_check_write+0x14/0x20 [ 130.763297][ T608] ? kernel_write+0x3c0/0x3c0 [ 130.767956][ T608] ? _raw_spin_unlock_irq+0x4e/0x70 [ 130.773138][ T608] ? ptrace_stop+0x6ff/0x9f0 [ 130.777714][ T608] ? __kasan_check_read+0x11/0x20 [ 130.782720][ T608] ? __fdget_pos+0x27e/0x310 [ 130.787291][ T608] ksys_write+0x198/0x2c0 [ 130.791625][ T608] ? do_notify_parent+0xa60/0xa60 [ 130.796634][ T608] ? __ia32_sys_read+0x90/0x90 [ 130.801376][ T608] ? __ia32_sys_open+0x270/0x270 [ 130.806297][ T608] __x64_sys_write+0x7b/0x90 [ 130.810862][ T608] do_syscall_64+0x34/0x70 [ 130.815256][ T608] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 130.821127][ T608] RIP: 0033:0x7fc8ece62c09 [ 130.825530][ T608] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 130.845122][ T608] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.853528][ T608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 383] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./31/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./31/file0") = 0 [pid 383] umount2("./31/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./31/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./31/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./31" [pid 608] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 383] <... rmdir resumed>) = 0 [pid 608] close(3 [pid 383] mkdir("./32", 0777 [pid 608] <... close resumed>) = 0 [pid 608] close(4 [pid 383] <... mkdir resumed>) = 0 [pid 608] <... close resumed>) = 0 [pid 608] close(5) = 0 [pid 608] close(6) = -1 EBADF (Bad file descriptor) [pid 608] close(7) = -1 EBADF (Bad file descriptor) [pid 608] close(8) = -1 EBADF (Bad file descriptor) [pid 608] close(9) = -1 EBADF (Bad file descriptor) [pid 608] close(10) = -1 EBADF (Bad file descriptor) [pid 608] close(11) = -1 EBADF (Bad file descriptor) [pid 608] close(12) = -1 EBADF (Bad file descriptor) [pid 608] close(13) = -1 EBADF (Bad file descriptor) [pid 608] close(14) = -1 EBADF (Bad file descriptor) [pid 608] close(15) = -1 EBADF (Bad file descriptor) [pid 608] close(16) = -1 EBADF (Bad file descriptor) [pid 608] close(17) = -1 EBADF (Bad file descriptor) [pid 608] close(18) = -1 EBADF (Bad file descriptor) [pid 608] close(19) = -1 EBADF (Bad file descriptor) [pid 608] close(20) = -1 EBADF (Bad file descriptor) [pid 608] close(21) = -1 EBADF (Bad file descriptor) [pid 608] close(22) = -1 EBADF (Bad file descriptor) [pid 608] close(23) = -1 EBADF (Bad file descriptor) [pid 608] close(24) = -1 EBADF (Bad file descriptor) [pid 608] close(25) = -1 EBADF (Bad file descriptor) [pid 608] close(26) = -1 EBADF (Bad file descriptor) [pid 608] close(27) = -1 EBADF (Bad file descriptor) [pid 608] close(28) = -1 EBADF (Bad file descriptor) [pid 608] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 608] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 608] exit_group(0) = ? [pid 608] +++ exited with 0 +++ [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 610 attached [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 610] chdir("./32" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 34 [pid 610] <... chdir resumed>) = 0 [pid 610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 610] setpgid(0, 0) = 0 [pid 610] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 381] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 610] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 610] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 610] write(3, "1000", 4) = 4 [pid 610] close(3) = 0 [pid 610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 610] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 610] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 610] open("./file0", O_RDONLY) = 3 [pid 610] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 610] write(4, "-pids ", 6 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./36/binderfs") = 0 [pid 381] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./36/cgroup") = 0 [pid 381] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./36/cgroup.net") = 0 [pid 381] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./36/file0") = 0 [pid 381] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./36/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./36") = 0 [pid 381] mkdir("./37", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 39 ./strace-static-x86_64: Process 611 attached [pid 611] chdir("./37") = 0 [pid 611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 611] setpgid(0, 0) = 0 [pid 611] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 611] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 611] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 611] write(3, "1000", 4) = 4 [pid 611] close(3) = 0 [pid 611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 611] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 611] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 611] open("./file0", O_RDONLY) = 3 [pid 611] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 130.861481][ T608] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 130.869427][ T608] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 130.877378][ T608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 130.885334][ T608] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000024 [ 130.893742][ T608] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 130.930430][ T609] FAULT_INJECTION: forcing a failure. [ 130.930430][ T609] name failslab, interval 1, probability 0, space 0, times 0 [ 130.943386][ T609] CPU: 0 PID: 609 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 130.954987][ T609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.965015][ T609] Call Trace: [ 130.968290][ T609] dump_stack_lvl+0x1e2/0x24b [ 130.972949][ T609] ? panic+0x7d7/0x7d7 [ 130.976996][ T609] ? bfq_pos_tree_add_move+0x43e/0x43e [ 130.982442][ T609] ? find_next_bit+0xd6/0x120 [ 130.987100][ T609] ? cpumask_next+0x11/0x30 [ 130.991578][ T609] dump_stack+0x15/0x17 [ 130.995707][ T609] should_fail+0x3c0/0x510 [ 131.000093][ T609] ? percpu_ref_init+0xd0/0x330 [ 131.004924][ T609] __should_failslab+0x9f/0xe0 [ 131.009670][ T609] should_failslab+0x9/0x20 [ 131.014146][ T609] kmem_cache_alloc_trace+0x3a/0x330 [ 131.019406][ T609] percpu_ref_init+0xd0/0x330 [ 131.024057][ T609] ? cgroup_setup_root+0xea0/0xea0 [ 131.029141][ T609] cgroup_apply_control_enable+0x3a2/0x12f0 [ 131.035006][ T609] cgroup_apply_control+0x93/0x710 [ 131.040099][ T609] ? css_next_child+0x160/0x160 [ 131.044931][ T609] ? stack_trace_save+0x12d/0x1f0 [ 131.049938][ T609] ? io_schedule+0x120/0x120 [ 131.054512][ T609] ? kernfs_fop_write_iter+0x15e/0x410 [ 131.059944][ T609] ? __kasan_check_write+0x14/0x20 [ 131.065030][ T609] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 131.070290][ T609] cgroup_subtree_control_write+0xd19/0x1310 [ 131.076243][ T609] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 131.082204][ T609] ? __kasan_check_write+0x14/0x20 [ 131.087301][ T609] ? _copy_from_iter+0x3fb/0xd60 [ 131.092247][ T609] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 131.098199][ T609] cgroup_file_write+0x28e/0x590 [ 131.103125][ T609] ? cgroup_seqfile_stop+0xc0/0xc0 [ 131.108220][ T609] ? mutex_lock+0xa6/0x110 [ 131.112616][ T609] ? mutex_trylock+0xb0/0xb0 [ 131.117200][ T609] ? __kasan_check_write+0x14/0x20 [ 131.122297][ T609] kernfs_fop_write_iter+0x2d0/0x410 [ 131.127554][ T609] ? cgroup_seqfile_stop+0xc0/0xc0 [ 131.132638][ T609] vfs_write+0xc1c/0xf40 [ 131.136866][ T609] ? __kasan_check_write+0x14/0x20 [ 131.141957][ T609] ? kernel_write+0x3c0/0x3c0 [ 131.146619][ T609] ? _raw_spin_unlock_irq+0x4e/0x70 [ 131.151796][ T609] ? ptrace_stop+0x6ff/0x9f0 [ 131.156371][ T609] ? __kasan_check_read+0x11/0x20 [ 131.161368][ T609] ? __fdget_pos+0x27e/0x310 [ 131.165939][ T609] ksys_write+0x198/0x2c0 [ 131.170260][ T609] ? do_notify_parent+0xa60/0xa60 [ 131.175267][ T609] ? __ia32_sys_read+0x90/0x90 [ 131.180011][ T609] ? __ia32_sys_open+0x270/0x270 [ 131.184931][ T609] __x64_sys_write+0x7b/0x90 [ 131.189493][ T609] do_syscall_64+0x34/0x70 [ 131.193894][ T609] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.199775][ T609] RIP: 0033:0x7fc8ece62c09 [ 131.204172][ T609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 611] write(4, "-pids ", 6 [pid 609] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 609] close(3) = 0 [pid 609] close(4) = 0 [pid 609] close(5) = 0 [pid 609] close(6) = -1 EBADF (Bad file descriptor) [pid 609] close(7) = -1 EBADF (Bad file descriptor) [pid 609] close(8) = -1 EBADF (Bad file descriptor) [pid 609] close(9) = -1 EBADF (Bad file descriptor) [pid 609] close(10) = -1 EBADF (Bad file descriptor) [pid 609] close(11) = -1 EBADF (Bad file descriptor) [pid 609] close(12) = -1 EBADF (Bad file descriptor) [pid 609] close(13) = -1 EBADF (Bad file descriptor) [pid 609] close(14) = -1 EBADF (Bad file descriptor) [pid 609] close(15) = -1 EBADF (Bad file descriptor) [pid 609] close(16) = -1 EBADF (Bad file descriptor) [pid 609] close(17) = -1 EBADF (Bad file descriptor) [pid 609] close(18) = -1 EBADF (Bad file descriptor) [pid 609] close(19) = -1 EBADF (Bad file descriptor) [pid 609] close(20) = -1 EBADF (Bad file descriptor) [pid 609] close(21) = -1 EBADF (Bad file descriptor) [pid 609] close(22) = -1 EBADF (Bad file descriptor) [pid 609] close(23) = -1 EBADF (Bad file descriptor) [pid 609] close(24) = -1 EBADF (Bad file descriptor) [pid 609] close(25) = -1 EBADF (Bad file descriptor) [pid 609] close(26) = -1 EBADF (Bad file descriptor) [pid 609] close(27) = -1 EBADF (Bad file descriptor) [pid 609] close(28) = -1 EBADF (Bad file descriptor) [pid 609] close(29) = -1 EBADF (Bad file descriptor) [pid 609] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 609] exit_group(0) = ? [pid 609] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./34/binderfs") = 0 [pid 380] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./34/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./34/cgroup") = 0 [pid 380] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./34/cgroup.net") = 0 [pid 380] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./34/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./34/file0") = 0 [pid 380] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./34/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./34") = 0 [pid 380] mkdir("./35", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 612 attached [pid 612] chdir("./35") = 0 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 37 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 612] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 612] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 612] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 612] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] kill(-39, SIGKILL [pid 612] <... mount resumed>) = 0 [pid 376] <... kill resumed>) = 0 [pid 612] open("./file0", O_RDONLY) = 3 [pid 376] kill(39, SIGKILL [pid 612] openat(3, "cgroup.subtree_control", O_RDWR [pid 376] <... kill resumed>) = 0 [pid 612] <... openat resumed>) = 4 [ 131.223750][ T609] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 131.232152][ T609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 131.240112][ T609] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 131.248065][ T609] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 131.256021][ T609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 131.263982][ T609] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000022 [pid 612] write(4, "-pids ", 6) = 6 [pid 611] <... write resumed>) = 6 [pid 606] <... write resumed>) = 6 [pid 612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 606] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 612] <... openat resumed>) = 5 [pid 606] <... openat resumed>) = 5 [pid 612] write(5, "22", 2 [pid 606] write(5, "22", 2 [pid 612] <... write resumed>) = 2 [pid 606] <... write resumed>) = 2 [pid 612] write(4, "+pids ", 6 [pid 606] write(4, "+pids ", 6 [pid 611] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 611] write(5, "22", 2) = 2 [ 131.310602][ T607] FAULT_INJECTION: forcing a failure. [ 131.310602][ T607] name failslab, interval 1, probability 0, space 0, times 0 [ 131.324033][ T607] CPU: 0 PID: 607 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 131.335656][ T607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.345698][ T607] Call Trace: [ 131.348982][ T607] dump_stack_lvl+0x1e2/0x24b [ 131.353644][ T607] ? bfq_pos_tree_add_move+0x43e/0x43e [ 131.359078][ T607] ? selinux_kernfs_init_security+0x1a8/0x760 [ 131.365128][ T607] dump_stack+0x15/0x17 [ 131.369262][ T607] should_fail+0x3c0/0x510 [ 131.373677][ T607] ? __kernfs_new_node+0x99/0x6e0 [ 131.378687][ T607] __should_failslab+0x9f/0xe0 [ 131.383428][ T607] should_failslab+0x9/0x20 [ 131.387914][ T607] __kmalloc_track_caller+0x5f/0x350 [ 131.393187][ T607] kstrdup_const+0x55/0x90 [ 131.397576][ T607] __kernfs_new_node+0x99/0x6e0 [ 131.402400][ T607] ? is_module_text_address+0xe1/0x140 [ 131.407830][ T607] ? kernfs_new_node+0x170/0x170 [ 131.412747][ T607] ? ptr_to_hashval+0x60/0x60 [ 131.417406][ T607] ? arch_stack_walk+0xf8/0x140 [ 131.422236][ T607] ? snprintf+0xd6/0x120 [ 131.426480][ T607] kernfs_new_node+0x97/0x170 [ 131.431149][ T607] __kernfs_create_file+0x4a/0x270 [ 131.436244][ T607] cgroup_addrm_files+0xab8/0xfe0 [ 131.441249][ T607] ? ____kasan_kmalloc+0xdc/0x110 [ 131.446255][ T607] ? __kasan_kmalloc+0x9/0x10 [ 131.450922][ T607] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 131.456473][ T607] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 131.462612][ T607] ? delete_node+0x759/0x7b0 [ 131.467205][ T607] ? __kasan_check_read+0x11/0x20 [ 131.472230][ T607] ? delete_node+0x759/0x7b0 [ 131.476802][ T607] ? __kasan_check_write+0x14/0x20 [ 131.482014][ T607] ? idr_replace+0x1c4/0x230 [ 131.486587][ T607] ? idr_get_next+0x4b0/0x4b0 [ 131.491259][ T607] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 131.496266][ T607] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 131.501446][ T607] css_populate_dir+0x137/0x370 [ 131.506282][ T607] cgroup_apply_control_enable+0x8b9/0x12f0 [ 131.512171][ T607] cgroup_apply_control+0x93/0x710 [ 131.517271][ T607] ? css_next_child+0x160/0x160 [ 131.522101][ T607] ? stack_trace_save+0x12d/0x1f0 [ 131.527116][ T607] ? io_schedule+0x120/0x120 [ 131.531697][ T607] ? kernfs_fop_write_iter+0x15e/0x410 [ 131.537145][ T607] ? __kasan_check_write+0x14/0x20 [ 131.542253][ T607] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 131.547519][ T607] cgroup_subtree_control_write+0xd19/0x1310 [ 131.553479][ T607] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 131.559442][ T607] ? __kasan_check_write+0x14/0x20 [ 131.564540][ T607] ? _copy_from_iter+0x3fb/0xd60 [ 131.569463][ T607] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 131.575425][ T607] cgroup_file_write+0x28e/0x590 [ 131.580348][ T607] ? cgroup_seqfile_stop+0xc0/0xc0 [ 131.585442][ T607] ? mutex_lock+0xa6/0x110 [ 131.589841][ T607] ? mutex_trylock+0xb0/0xb0 [ 131.594412][ T607] ? __kasan_check_write+0x14/0x20 [ 131.599501][ T607] kernfs_fop_write_iter+0x2d0/0x410 [ 131.604765][ T607] ? cgroup_seqfile_stop+0xc0/0xc0 [ 131.609856][ T607] vfs_write+0xc1c/0xf40 [ 131.614078][ T607] ? __kasan_check_write+0x14/0x20 [ 131.619166][ T607] ? kernel_write+0x3c0/0x3c0 [ 131.623820][ T607] ? _raw_spin_unlock_irq+0x4e/0x70 [ 131.628996][ T607] ? ptrace_stop+0x6ff/0x9f0 [ 131.633565][ T607] ? __kasan_check_read+0x11/0x20 [ 131.638569][ T607] ? __fdget_pos+0x27e/0x310 [ 131.643138][ T607] ksys_write+0x198/0x2c0 [ 131.647446][ T607] ? do_notify_parent+0xa60/0xa60 [ 131.652447][ T607] ? __ia32_sys_read+0x90/0x90 [ 131.657186][ T607] ? __ia32_sys_open+0x270/0x270 [ 131.662103][ T607] __x64_sys_write+0x7b/0x90 [ 131.666670][ T607] do_syscall_64+0x34/0x70 [ 131.671066][ T607] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.676934][ T607] RIP: 0033:0x7fc8ece62c09 [ 131.681331][ T607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 131.700912][ T607] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 611] write(4, "+pids ", 6 [pid 607] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 607] close(3) = 0 [pid 607] close(4) = 0 [pid 607] close(5) = 0 [pid 607] close(6) = -1 EBADF (Bad file descriptor) [pid 607] close(7) = -1 EBADF (Bad file descriptor) [pid 607] close(8) = -1 EBADF (Bad file descriptor) [pid 607] close(9) = -1 EBADF (Bad file descriptor) [pid 607] close(10) = -1 EBADF (Bad file descriptor) [pid 607] close(11) = -1 EBADF (Bad file descriptor) [pid 607] close(12) = -1 EBADF (Bad file descriptor) [pid 607] close(13) = -1 EBADF (Bad file descriptor) [pid 607] close(14) = -1 EBADF (Bad file descriptor) [pid 607] close(15) = -1 EBADF (Bad file descriptor) [pid 607] close(16) = -1 EBADF (Bad file descriptor) [pid 607] close(17) = -1 EBADF (Bad file descriptor) [pid 607] close(18) = -1 EBADF (Bad file descriptor) [pid 607] close(19) = -1 EBADF (Bad file descriptor) [pid 607] close(20) = -1 EBADF (Bad file descriptor) [pid 607] close(21) = -1 EBADF (Bad file descriptor) [pid 607] close(22) = -1 EBADF (Bad file descriptor) [pid 607] close(23) = -1 EBADF (Bad file descriptor) [pid 607] close(24) = -1 EBADF (Bad file descriptor) [pid 607] close(25) = -1 EBADF (Bad file descriptor) [pid 607] close(26) = -1 EBADF (Bad file descriptor) [pid 607] close(27) = -1 EBADF (Bad file descriptor) [pid 607] close(28) = -1 EBADF (Bad file descriptor) [pid 607] close(29) = -1 EBADF (Bad file descriptor) [pid 607] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 607] exit_group(0) = ? [pid 607] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./40/binderfs") = 0 [pid 375] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./40/cgroup") = 0 [pid 375] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./40/cgroup.net") = 0 [pid 375] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./40/file0") = 0 [pid 375] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./40/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./40") = 0 [pid 375] mkdir("./41", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 43 ./strace-static-x86_64: Process 613 attached [pid 613] chdir("./41") = 0 [pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 613] setpgid(0, 0) = 0 [pid 613] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 613] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 613] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 613] write(3, "1000", 4) = 4 [pid 613] close(3) = 0 [pid 613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 613] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 613] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 613] open("./file0", O_RDONLY) = 3 [pid 613] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 131.709303][ T607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 131.717259][ T607] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 131.725209][ T607] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 131.733156][ T607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 131.741105][ T607] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [ 131.751885][ T607] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 131.800410][ T606] FAULT_INJECTION: forcing a failure. [ 131.800410][ T606] name failslab, interval 1, probability 0, space 0, times 0 [ 131.813350][ T606] CPU: 1 PID: 606 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 131.824951][ T606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.834983][ T606] Call Trace: [ 131.838265][ T606] dump_stack_lvl+0x1e2/0x24b [ 131.842933][ T606] ? bfq_pos_tree_add_move+0x43e/0x43e [ 131.848377][ T606] ? selinux_kernfs_init_security+0x1a8/0x760 [ 131.854433][ T606] dump_stack+0x15/0x17 [ 131.858562][ T606] should_fail+0x3c0/0x510 [ 131.862953][ T606] ? __kernfs_new_node+0x99/0x6e0 [ 131.867960][ T606] __should_failslab+0x9f/0xe0 [ 131.872719][ T606] should_failslab+0x9/0x20 [ 131.877213][ T606] __kmalloc_track_caller+0x5f/0x350 [ 131.882481][ T606] kstrdup_const+0x55/0x90 [ 131.886875][ T606] __kernfs_new_node+0x99/0x6e0 [ 131.891707][ T606] ? is_module_text_address+0xe1/0x140 [pid 613] write(4, "-pids ", 6 [pid 376] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [ 131.897165][ T606] ? kernfs_new_node+0x170/0x170 [ 131.902099][ T606] ? ptr_to_hashval+0x60/0x60 [ 131.906761][ T606] ? arch_stack_walk+0xf8/0x140 [ 131.911600][ T606] ? snprintf+0xd6/0x120 [ 131.915827][ T606] kernfs_new_node+0x97/0x170 [ 131.920487][ T606] __kernfs_create_file+0x4a/0x270 [ 131.925590][ T606] cgroup_addrm_files+0xab8/0xfe0 [ 131.930596][ T606] ? ____kasan_kmalloc+0xdc/0x110 [ 131.935593][ T606] ? __kasan_kmalloc+0x9/0x10 [ 131.940249][ T606] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 131.945783][ T606] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 131.951913][ T606] ? delete_node+0x759/0x7b0 [ 131.956746][ T606] ? __kasan_check_read+0x11/0x20 [ 131.961743][ T606] ? delete_node+0x759/0x7b0 [ 131.966305][ T606] ? __kasan_check_write+0x14/0x20 [ 131.971422][ T606] ? idr_replace+0x1c4/0x230 [ 131.975987][ T606] ? idr_get_next+0x4b0/0x4b0 [ 131.980642][ T606] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 131.985648][ T606] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 131.990825][ T606] css_populate_dir+0x137/0x370 [ 131.995650][ T606] cgroup_apply_control_enable+0x8b9/0x12f0 [ 132.001523][ T606] cgroup_apply_control+0x93/0x710 [ 132.006618][ T606] ? css_next_child+0x160/0x160 [ 132.011534][ T606] ? stack_trace_save+0x12d/0x1f0 [ 132.016545][ T606] ? io_schedule+0x120/0x120 [ 132.021116][ T606] ? kernfs_fop_write_iter+0x15e/0x410 [ 132.026558][ T606] ? __kasan_check_write+0x14/0x20 [ 132.031645][ T606] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 132.036904][ T606] cgroup_subtree_control_write+0xd19/0x1310 [ 132.042859][ T606] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.048823][ T606] ? __kasan_check_write+0x14/0x20 [ 132.053922][ T606] ? _copy_from_iter+0x3fb/0xd60 [ 132.058920][ T606] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.064873][ T606] cgroup_file_write+0x28e/0x590 [ 132.069796][ T606] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.074889][ T606] ? mutex_lock+0xa6/0x110 [ 132.079281][ T606] ? mutex_trylock+0xb0/0xb0 [ 132.083856][ T606] ? __kasan_check_write+0x14/0x20 [ 132.088951][ T606] kernfs_fop_write_iter+0x2d0/0x410 [ 132.094212][ T606] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.099297][ T606] vfs_write+0xc1c/0xf40 [ 132.103517][ T606] ? __kasan_check_write+0x14/0x20 [ 132.108611][ T606] ? kernel_write+0x3c0/0x3c0 [ 132.113272][ T606] ? _raw_spin_unlock_irq+0x4e/0x70 [ 132.118455][ T606] ? ptrace_stop+0x6ff/0x9f0 [ 132.123029][ T606] ? __kasan_check_read+0x11/0x20 [ 132.128066][ T606] ? __fdget_pos+0x27e/0x310 [ 132.132638][ T606] ksys_write+0x198/0x2c0 [ 132.136944][ T606] ? do_notify_parent+0xa60/0xa60 [ 132.141952][ T606] ? __ia32_sys_read+0x90/0x90 [ 132.146700][ T606] ? __ia32_sys_open+0x270/0x270 [ 132.151618][ T606] __x64_sys_write+0x7b/0x90 [ 132.156196][ T606] do_syscall_64+0x34/0x70 [ 132.160588][ T606] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 132.166455][ T606] RIP: 0033:0x7fc8ece62c09 [ 132.170851][ T606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 132.190448][ T606] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 606] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 606] close(3) = 0 [pid 606] close(4) = 0 [pid 606] close(5) = 0 [pid 606] close(6) = -1 EBADF (Bad file descriptor) [pid 606] close(7) = -1 EBADF (Bad file descriptor) [pid 606] close(8) = -1 EBADF (Bad file descriptor) [pid 606] close(9) = -1 EBADF (Bad file descriptor) [pid 606] close(10) = -1 EBADF (Bad file descriptor) [pid 606] close(11) = -1 EBADF (Bad file descriptor) [pid 606] close(12) = -1 EBADF (Bad file descriptor) [pid 606] close(13) = -1 EBADF (Bad file descriptor) [pid 606] close(14) = -1 EBADF (Bad file descriptor) [pid 606] close(15) = -1 EBADF (Bad file descriptor) [pid 606] close(16) = -1 EBADF (Bad file descriptor) [pid 606] close(17) = -1 EBADF (Bad file descriptor) [pid 606] close(18) = -1 EBADF (Bad file descriptor) [pid 606] close(19) = -1 EBADF (Bad file descriptor) [pid 606] close(20) = -1 EBADF (Bad file descriptor) [pid 606] close(21) = -1 EBADF (Bad file descriptor) [pid 606] close(22) = -1 EBADF (Bad file descriptor) [pid 606] close(23) = -1 EBADF (Bad file descriptor) [pid 606] close(24) = -1 EBADF (Bad file descriptor) [pid 606] close(25) = -1 EBADF (Bad file descriptor) [pid 606] close(26) = -1 EBADF (Bad file descriptor) [pid 606] close(27) = -1 EBADF (Bad file descriptor) [pid 606] close(28) = -1 EBADF (Bad file descriptor) [pid 606] close(29) = -1 EBADF (Bad file descriptor) [pid 606] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 606] exit_group(0) = ? [pid 606] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./40/binderfs") = 0 [pid 382] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./40/cgroup") = 0 [pid 382] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./40/cgroup.net") = 0 [pid 382] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./40/file0") = 0 [pid 382] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./40/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./40") = 0 [pid 382] mkdir("./41", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 614 attached , child_tidptr=0x555556fab5d0) = 43 [pid 614] chdir("./41") = 0 [pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 614] setpgid(0, 0) = 0 [pid 614] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 614] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 614] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 614] write(3, "1000", 4) = 4 [pid 614] close(3) = 0 [pid 614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 614] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 614] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 614] open("./file0", O_RDONLY) = 3 [pid 614] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 614] write(4, "-pids ", 6) = 6 [pid 614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 132.198855][ T606] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 132.206819][ T606] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 132.214776][ T606] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 132.222723][ T606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 132.230677][ T606] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [ 132.238855][ T606] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 614] write(5, "22", 2) = 2 [ 132.270444][ T612] FAULT_INJECTION: forcing a failure. [ 132.270444][ T612] name failslab, interval 1, probability 0, space 0, times 0 [ 132.283125][ T612] CPU: 1 PID: 612 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 132.294748][ T612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.304858][ T612] Call Trace: [ 132.308143][ T612] dump_stack_lvl+0x1e2/0x24b [ 132.312799][ T612] ? bfq_pos_tree_add_move+0x43e/0x43e [ 132.318240][ T612] ? selinux_kernfs_init_security+0x1a8/0x760 [ 132.324289][ T612] dump_stack+0x15/0x17 [ 132.328423][ T612] should_fail+0x3c0/0x510 [ 132.332817][ T612] ? __kernfs_new_node+0x99/0x6e0 [ 132.337816][ T612] __should_failslab+0x9f/0xe0 [ 132.342553][ T612] should_failslab+0x9/0x20 [ 132.347034][ T612] __kmalloc_track_caller+0x5f/0x350 [ 132.352294][ T612] kstrdup_const+0x55/0x90 [ 132.356684][ T612] __kernfs_new_node+0x99/0x6e0 [ 132.361519][ T612] ? is_module_text_address+0xe1/0x140 [ 132.366971][ T612] ? kernfs_new_node+0x170/0x170 [ 132.371892][ T612] ? ptr_to_hashval+0x60/0x60 [ 132.376541][ T612] ? arch_stack_walk+0xf8/0x140 [ 132.381367][ T612] ? snprintf+0xd6/0x120 [ 132.385585][ T612] kernfs_new_node+0x97/0x170 [ 132.390246][ T612] __kernfs_create_file+0x4a/0x270 [ 132.395345][ T612] cgroup_addrm_files+0xab8/0xfe0 [ 132.400350][ T612] ? ____kasan_kmalloc+0xdc/0x110 [ 132.405350][ T612] ? __kasan_kmalloc+0x9/0x10 [ 132.410006][ T612] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 132.415526][ T612] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 132.421652][ T612] ? delete_node+0x759/0x7b0 [ 132.426224][ T612] ? __kasan_check_read+0x11/0x20 [ 132.431233][ T612] ? delete_node+0x759/0x7b0 [ 132.435798][ T612] ? __kasan_check_write+0x14/0x20 [ 132.440883][ T612] ? idr_replace+0x1c4/0x230 [ 132.445446][ T612] ? idr_get_next+0x4b0/0x4b0 [ 132.450110][ T612] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 132.455119][ T612] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 132.460307][ T612] css_populate_dir+0x137/0x370 [ 132.465148][ T612] cgroup_apply_control_enable+0x8b9/0x12f0 [ 132.471019][ T612] cgroup_apply_control+0x93/0x710 [ 132.476116][ T612] ? css_next_child+0x160/0x160 [ 132.480948][ T612] ? stack_trace_save+0x12d/0x1f0 [ 132.485959][ T612] ? io_schedule+0x120/0x120 [ 132.490536][ T612] ? kernfs_fop_write_iter+0x15e/0x410 [ 132.495976][ T612] ? __kasan_check_write+0x14/0x20 [ 132.501067][ T612] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 132.506327][ T612] cgroup_subtree_control_write+0xd19/0x1310 [ 132.512284][ T612] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.518258][ T612] ? __kasan_check_write+0x14/0x20 [ 132.523355][ T612] ? _copy_from_iter+0x3fb/0xd60 [ 132.528278][ T612] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.534246][ T612] cgroup_file_write+0x28e/0x590 [ 132.539157][ T612] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.544248][ T612] ? mutex_lock+0xa6/0x110 [ 132.548638][ T612] ? mutex_trylock+0xb0/0xb0 [ 132.553207][ T612] ? __kasan_check_write+0x14/0x20 [ 132.558302][ T612] kernfs_fop_write_iter+0x2d0/0x410 [ 132.563559][ T612] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.568652][ T612] vfs_write+0xc1c/0xf40 [ 132.572889][ T612] ? __kasan_check_write+0x14/0x20 [ 132.577992][ T612] ? kernel_write+0x3c0/0x3c0 [ 132.582651][ T612] ? _raw_spin_unlock_irq+0x4e/0x70 [ 132.587822][ T612] ? ptrace_stop+0x6ff/0x9f0 [ 132.592395][ T612] ? __kasan_check_read+0x11/0x20 [ 132.597402][ T612] ? __fdget_pos+0x27e/0x310 [ 132.601982][ T612] ksys_write+0x198/0x2c0 [ 132.606286][ T612] ? do_notify_parent+0xa60/0xa60 [ 132.611284][ T612] ? __ia32_sys_read+0x90/0x90 [ 132.616026][ T612] ? __ia32_sys_open+0x270/0x270 [ 132.620942][ T612] __x64_sys_write+0x7b/0x90 [ 132.625512][ T612] do_syscall_64+0x34/0x70 [ 132.629922][ T612] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 132.635794][ T612] RIP: 0033:0x7fc8ece62c09 [ 132.640192][ T612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 132.659776][ T612] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 614] write(4, "+pids ", 6 [pid 612] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 612] close(3) = 0 [pid 612] close(4) = 0 [pid 612] close(5) = 0 [pid 612] close(6) = -1 EBADF (Bad file descriptor) [pid 612] close(7) = -1 EBADF (Bad file descriptor) [pid 612] close(8) = -1 EBADF (Bad file descriptor) [pid 612] close(9) = -1 EBADF (Bad file descriptor) [pid 612] close(10) = -1 EBADF (Bad file descriptor) [pid 612] close(11) = -1 EBADF (Bad file descriptor) [pid 612] close(12) = -1 EBADF (Bad file descriptor) [pid 612] close(13) = -1 EBADF (Bad file descriptor) [pid 612] close(14) = -1 EBADF (Bad file descriptor) [pid 612] close(15) = -1 EBADF (Bad file descriptor) [pid 612] close(16) = -1 EBADF (Bad file descriptor) [pid 612] close(17) = -1 EBADF (Bad file descriptor) [pid 612] close(18) = -1 EBADF (Bad file descriptor) [pid 612] close(19) = -1 EBADF (Bad file descriptor) [pid 612] close(20) = -1 EBADF (Bad file descriptor) [pid 612] close(21) = -1 EBADF (Bad file descriptor) [pid 612] close(22) = -1 EBADF (Bad file descriptor) [pid 612] close(23) = -1 EBADF (Bad file descriptor) [pid 612] close(24) = -1 EBADF (Bad file descriptor) [pid 612] close(25) = -1 EBADF (Bad file descriptor) [pid 612] close(26) = -1 EBADF (Bad file descriptor) [pid 612] close(27) = -1 EBADF (Bad file descriptor) [pid 612] close(28) = -1 EBADF (Bad file descriptor) [pid 612] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 612] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 612] exit_group(0) = ? [pid 612] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./35/binderfs") = 0 [pid 380] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./35/cgroup") = 0 [pid 380] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./35/cgroup.net") = 0 [pid 380] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./35/file0") = 0 [pid 380] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./35/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./35") = 0 [pid 380] mkdir("./36", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 38 ./strace-static-x86_64: Process 615 attached [pid 615] chdir("./36") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 615] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 615] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 615] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 615] open("./file0", O_RDONLY) = 3 [pid 615] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 132.668162][ T612] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 132.676111][ T612] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 132.684063][ T612] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 132.692020][ T612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 132.699966][ T612] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [ 132.708274][ T612] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 615] write(4, "-pids ", 6) = 6 [pid 610] <... write resumed>) = 6 [pid 610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 610] write(5, "22", 2) = 2 [pid 610] write(4, "+pids ", 6 [ 132.740523][ T602] FAULT_INJECTION: forcing a failure. [ 132.740523][ T602] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 132.753796][ T602] CPU: 0 PID: 602 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 132.765408][ T602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.775442][ T602] Call Trace: [ 132.778725][ T602] dump_stack_lvl+0x1e2/0x24b [ 132.783389][ T602] ? bfq_pos_tree_add_move+0x43e/0x43e [ 132.788824][ T602] ? __kasan_check_write+0x14/0x20 [ 132.793917][ T602] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 132.799010][ T602] dump_stack+0x15/0x17 [ 132.803143][ T602] should_fail+0x3c0/0x510 [ 132.807538][ T602] should_fail_alloc_page+0x50/0x60 [ 132.812715][ T602] __alloc_pages_nodemask+0x1c0/0x890 [ 132.818073][ T602] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 132.824209][ T602] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 132.829732][ T602] allocate_slab+0x78/0x540 [ 132.834221][ T602] ___slab_alloc+0x131/0x2e0 [ 132.838798][ T602] ? pids_css_alloc+0x4e/0x120 [ 132.843548][ T602] __slab_alloc+0x63/0xa0 [ 132.847853][ T602] ? pids_css_alloc+0x4e/0x120 [ 132.852593][ T602] kmem_cache_alloc_trace+0x20e/0x330 [ 132.857942][ T602] ? pids_css_alloc+0x4e/0x120 [ 132.862685][ T602] pids_css_alloc+0x4e/0x120 [ 132.867266][ T602] cgroup_apply_control_enable+0x350/0x12f0 [ 132.873170][ T602] cgroup_apply_control+0x93/0x710 [ 132.878269][ T602] ? css_next_child+0x160/0x160 [ 132.883102][ T602] ? stack_trace_save+0x12d/0x1f0 [ 132.888109][ T602] ? io_schedule+0x120/0x120 [ 132.892685][ T602] ? kernfs_fop_write_iter+0x15e/0x410 [ 132.898133][ T602] ? __kasan_check_write+0x14/0x20 [ 132.903229][ T602] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 132.908489][ T602] cgroup_subtree_control_write+0xd19/0x1310 [ 132.914441][ T602] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.920407][ T602] ? __kasan_check_write+0x14/0x20 [ 132.925501][ T602] ? _copy_from_iter+0x3fb/0xd60 [ 132.930421][ T602] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 132.936397][ T602] cgroup_file_write+0x28e/0x590 [ 132.941319][ T602] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.946413][ T602] ? mutex_lock+0xa6/0x110 [ 132.950801][ T602] ? mutex_trylock+0xb0/0xb0 [ 132.955383][ T602] ? __kasan_check_write+0x14/0x20 [ 132.960479][ T602] kernfs_fop_write_iter+0x2d0/0x410 [ 132.965738][ T602] ? cgroup_seqfile_stop+0xc0/0xc0 [ 132.970835][ T602] vfs_write+0xc1c/0xf40 [ 132.975075][ T602] ? __kasan_check_write+0x14/0x20 [ 132.980197][ T602] ? kernel_write+0x3c0/0x3c0 [ 132.984857][ T602] ? _raw_spin_unlock_irq+0x4e/0x70 [ 132.990037][ T602] ? ptrace_stop+0x6ff/0x9f0 [ 132.994606][ T602] ? __kasan_check_read+0x11/0x20 [ 132.999785][ T602] ? __fdget_pos+0x27e/0x310 [ 133.004363][ T602] ksys_write+0x198/0x2c0 [ 133.008683][ T602] ? do_notify_parent+0xa60/0xa60 [ 133.013691][ T602] ? __ia32_sys_read+0x90/0x90 [ 133.018436][ T602] ? __ia32_sys_open+0x270/0x270 [ 133.023357][ T602] __x64_sys_write+0x7b/0x90 [ 133.027922][ T602] do_syscall_64+0x34/0x70 [ 133.032328][ T602] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 133.038198][ T602] RIP: 0033:0x7fc8ece62c09 [ 133.042608][ T602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.062201][ T602] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.070602][ T602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 133.078555][ T602] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 615] write(5, "22", 2) = 2 [pid 615] write(4, "+pids ", 6 [pid 602] <... write resumed>) = ? [pid 613] <... write resumed>) = 6 [pid 613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 613] write(5, "22", 2 [pid 602] +++ killed by SIGKILL +++ [pid 613] <... write resumed>) = 2 [pid 613] write(4, "+pids ", 6 [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=39, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 376] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./37/binderfs") = 0 [pid 376] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./37/cgroup") = 0 [pid 376] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./37/cgroup.net") = 0 [pid 376] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./37/file0") = 0 [pid 376] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./37/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./37") = 0 [pid 376] mkdir("./38", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 616 attached , child_tidptr=0x555556fab5d0) = 40 [pid 616] chdir("./38") = 0 [pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 616] setpgid(0, 0) = 0 [pid 616] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 616] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 616] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 616] write(3, "1000", 4) = 4 [pid 616] close(3) = 0 [pid 616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 616] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 616] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 616] open("./file0", O_RDONLY) = 3 [pid 616] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 133.086592][ T602] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 133.094537][ T602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 133.102491][ T602] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000025 [ 133.140460][ T614] FAULT_INJECTION: forcing a failure. [ 133.140460][ T614] name failslab, interval 1, probability 0, space 0, times 0 [ 133.153156][ T614] CPU: 1 PID: 614 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 133.164766][ T614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.174809][ T614] Call Trace: [ 133.178099][ T614] dump_stack_lvl+0x1e2/0x24b [ 133.182762][ T614] ? panic+0x7d7/0x7d7 [ 133.186813][ T614] ? bfq_pos_tree_add_move+0x43e/0x43e [ 133.192262][ T614] ? find_next_bit+0xd6/0x120 [ 133.196922][ T614] ? cpumask_next+0x11/0x30 [ 133.201418][ T614] dump_stack+0x15/0x17 [ 133.205546][ T614] should_fail+0x3c0/0x510 [ 133.209936][ T614] ? percpu_ref_init+0xd0/0x330 [ 133.214776][ T614] __should_failslab+0x9f/0xe0 [ 133.219523][ T614] should_failslab+0x9/0x20 [ 133.224003][ T614] kmem_cache_alloc_trace+0x3a/0x330 [ 133.229265][ T614] percpu_ref_init+0xd0/0x330 [ 133.233924][ T614] ? cgroup_setup_root+0xea0/0xea0 [ 133.239018][ T614] cgroup_apply_control_enable+0x3a2/0x12f0 [ 133.244892][ T614] cgroup_apply_control+0x93/0x710 [ 133.249984][ T614] ? css_next_child+0x160/0x160 [ 133.254814][ T614] ? stack_trace_save+0x12d/0x1f0 [ 133.259825][ T614] ? io_schedule+0x120/0x120 [ 133.264397][ T614] ? kernfs_fop_write_iter+0x15e/0x410 [ 133.269848][ T614] ? __kasan_check_write+0x14/0x20 [ 133.274942][ T614] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 133.280219][ T614] cgroup_subtree_control_write+0xd19/0x1310 [ 133.286188][ T614] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 133.292146][ T614] ? __kasan_check_write+0x14/0x20 [ 133.297341][ T614] ? _copy_from_iter+0x3fb/0xd60 [ 133.302299][ T614] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 133.308260][ T614] cgroup_file_write+0x28e/0x590 [ 133.313179][ T614] ? cgroup_seqfile_stop+0xc0/0xc0 [ 133.318280][ T614] ? mutex_lock+0xa6/0x110 [ 133.322695][ T614] ? mutex_trylock+0xb0/0xb0 [ 133.327280][ T614] ? __kasan_check_write+0x14/0x20 [ 133.332368][ T614] kernfs_fop_write_iter+0x2d0/0x410 [ 133.337639][ T614] ? cgroup_seqfile_stop+0xc0/0xc0 [ 133.342733][ T614] vfs_write+0xc1c/0xf40 [ 133.346953][ T614] ? __kasan_check_write+0x14/0x20 [ 133.352062][ T614] ? kernel_write+0x3c0/0x3c0 [ 133.356731][ T614] ? _raw_spin_unlock_irq+0x4e/0x70 [ 133.361913][ T614] ? ptrace_stop+0x6ff/0x9f0 [ 133.366478][ T614] ? __kasan_check_read+0x11/0x20 [ 133.371487][ T614] ? __fdget_pos+0x27e/0x310 [ 133.376072][ T614] ksys_write+0x198/0x2c0 [ 133.380396][ T614] ? do_notify_parent+0xa60/0xa60 [ 133.385405][ T614] ? __ia32_sys_read+0x90/0x90 [ 133.390142][ T614] ? __ia32_sys_open+0x270/0x270 [ 133.395061][ T614] __x64_sys_write+0x7b/0x90 [ 133.399658][ T614] do_syscall_64+0x34/0x70 [ 133.404070][ T614] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 133.409954][ T614] RIP: 0033:0x7fc8ece62c09 [ 133.414353][ T614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 616] write(4, "-pids ", 6 [pid 614] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 614] close(3) = 0 [pid 614] close(4) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = -1 EBADF (Bad file descriptor) [pid 614] close(7) = -1 EBADF (Bad file descriptor) [pid 614] close(8) = -1 EBADF (Bad file descriptor) [pid 614] close(9) = -1 EBADF (Bad file descriptor) [pid 614] close(10) = -1 EBADF (Bad file descriptor) [pid 614] close(11) = -1 EBADF (Bad file descriptor) [pid 614] close(12) = -1 EBADF (Bad file descriptor) [pid 614] close(13) = -1 EBADF (Bad file descriptor) [pid 614] close(14) = -1 EBADF (Bad file descriptor) [pid 614] close(15) = -1 EBADF (Bad file descriptor) [pid 614] close(16) = -1 EBADF (Bad file descriptor) [pid 614] close(17) = -1 EBADF (Bad file descriptor) [pid 614] close(18) = -1 EBADF (Bad file descriptor) [pid 614] close(19) = -1 EBADF (Bad file descriptor) [pid 614] close(20) = -1 EBADF (Bad file descriptor) [pid 614] close(21) = -1 EBADF (Bad file descriptor) [pid 614] close(22) = -1 EBADF (Bad file descriptor) [pid 614] close(23) = -1 EBADF (Bad file descriptor) [pid 614] close(24) = -1 EBADF (Bad file descriptor) [pid 614] close(25) = -1 EBADF (Bad file descriptor) [pid 614] close(26) = -1 EBADF (Bad file descriptor) [pid 614] close(27) = -1 EBADF (Bad file descriptor) [pid 614] close(28) = -1 EBADF (Bad file descriptor) [pid 614] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 614] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 614] exit_group(0) = ? [pid 614] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./41/binderfs") = 0 [pid 382] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./41/cgroup") = 0 [pid 382] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./41/cgroup.net") = 0 [ 133.433949][ T614] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.442358][ T614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 133.450313][ T614] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 133.458271][ T614] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 133.466218][ T614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 133.474178][ T614] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 133.491782][ T382] ------------[ cut here ]------------ [ 133.497282][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 133.506323][ T382] Modules linked in: [ 133.510228][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 133.521848][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.531904][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 133.537508][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 133.557136][ T382] RSP: 0018:ffffc90000b77ba0 EFLAGS: 00010293 [ 133.563213][ T382] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e4f00 [ 133.571185][ T382] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 133.579140][ T382] RBP: ffffc90000b77c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 133.587131][ T382] R10: fffff5200016ef65 R11: 1ffff9200016ef64 R12: dffffc0000000000 [ 133.595110][ T382] R13: ffff8881192dc8c0 R14: ffffc90000b77c00 R15: 1ffff9200016ef7c [ 133.603102][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 133.612053][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.618630][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 133.626619][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 133.634588][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 133.642562][ T382] Call Trace: [ 133.645846][ T382] ? io_schedule+0x120/0x120 [ 133.650435][ T382] ? vfs_submount+0xb0/0xb0 [ 133.654922][ T382] ? shrink_dentry_list+0x4ec/0x500 [ 133.660107][ T382] ? __kasan_check_write+0x14/0x20 [ 133.665219][ T382] namespace_unlock+0x448/0x4f0 [ 133.670055][ T382] ? umount_tree+0xf50/0xf50 [ 133.674642][ T382] ? __detach_mounts+0x670/0x670 [ 133.679563][ T382] ? selinux_umount+0xf0/0x130 [ 133.684331][ T382] ? security_sb_umount+0x9d/0xb0 [ 133.689335][ T382] path_umount+0xf03/0xfb0 [ 133.693745][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 133.698755][ T382] ? user_path_at_empty+0x40/0x50 [ 133.703779][ T382] __x64_sys_umount+0x122/0x170 [ 133.708612][ T382] ? path_umount+0xfb0/0xfb0 [ 133.713204][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 133.719336][ T382] do_syscall_64+0x34/0x70 [ 133.723806][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 133.729688][ T382] RIP: 0033:0x7fc8ece63fb7 [ 133.734178][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 133.753818][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 133.760419][ T615] FAULT_INJECTION: forcing a failure. [ 133.760419][ T615] name failslab, interval 1, probability 0, space 0, times 0 [ 133.762227][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 133.782742][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 133.790720][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 133.798682][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 133.801835][ T615] CPU: 1 PID: 615 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 133.806659][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002a [ 133.818238][ T615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.818242][ T615] Call Trace: [ 133.818259][ T615] dump_stack_lvl+0x1e2/0x24b [ 133.818269][ T615] ? bfq_pos_tree_add_move+0x43e/0x43e [ 133.818287][ T615] ? selinux_kernfs_init_security+0x1a8/0x760 [ 133.826237][ T382] ---[ end trace d4de1ca9cdcd1986 ]--- [ 133.836260][ T615] dump_stack+0x15/0x17 [ 133.836269][ T615] should_fail+0x3c0/0x510 [ 133.836285][ T615] ? __kernfs_new_node+0x99/0x6e0 [ 133.839939][ T382] ------------[ cut here ]------------ [ 133.844185][ T615] __should_failslab+0x9f/0xe0 [ 133.844195][ T615] should_failslab+0x9/0x20 [ 133.844205][ T615] __kmalloc_track_caller+0x5f/0x350 [ 133.844215][ T615] kstrdup_const+0x55/0x90 [ 133.844232][ T615] __kernfs_new_node+0x99/0x6e0 [ 133.849667][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 133.855696][ T615] ? is_module_text_address+0xe1/0x140 [ 133.855705][ T615] ? kernfs_new_node+0x170/0x170 [ 133.855722][ T615] ? ptr_to_hashval+0x60/0x60 [ 133.861147][ T382] Modules linked in: [ 133.865272][ T615] ? arch_stack_walk+0xf8/0x140 [ 133.869649][ T382] [ 133.874643][ T615] ? snprintf+0xd6/0x120 [ 133.874653][ T615] kernfs_new_node+0x97/0x170 [ 133.874662][ T615] __kernfs_create_file+0x4a/0x270 [ 133.874677][ T615] cgroup_addrm_files+0xab8/0xfe0 [ 133.880106][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 133.884832][ T615] ? ____kasan_kmalloc+0xdc/0x110 [ 133.884840][ T615] ? __kasan_kmalloc+0x9/0x10 [ 133.884857][ T615] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 133.889322][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.894580][ T615] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 133.894595][ T615] ? delete_node+0x759/0x7b0 [ 133.898984][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 133.903798][ T615] ? __kasan_check_read+0x11/0x20 [ 133.903806][ T615] ? delete_node+0x759/0x7b0 [ 133.903822][ T615] ? __kasan_check_write+0x14/0x20 [ 133.912729][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 133.918150][ T615] ? idr_replace+0x1c4/0x230 [ 133.923062][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 133.927705][ T615] ? idr_get_next+0x4b0/0x4b0 [ 133.931580][ T382] [ 133.936389][ T615] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 133.938692][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 133.942897][ T615] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 133.942908][ T615] css_populate_dir+0x137/0x370 [ 133.942924][ T615] cgroup_apply_control_enable+0x8b9/0x12f0 [ 133.947567][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 133.952674][ T615] cgroup_apply_control+0x93/0x710 [ 133.952689][ T615] ? css_next_child+0x160/0x160 [ 133.957684][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 133.969271][ T615] ? io_schedule+0x120/0x120 [ 133.969281][ T615] ? kernfs_fop_write_iter+0x15e/0x410 [ 133.969297][ T615] ? __kasan_check_write+0x14/0x20 [ 133.974293][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [ 133.978943][ T615] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 133.984468][ T382] R13: ffff8881192dc8c0 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 133.994487][ T615] cgroup_subtree_control_write+0xd19/0x1310 [ 133.994498][ T615] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 133.994515][ T615] ? __kasan_check_write+0x14/0x20 [ 134.000665][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 134.005221][ T615] ? _copy_from_iter+0x3fb/0xd60 [ 134.010825][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 382] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 615] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 615] close(3) = 0 [pid 615] close(4) = 0 [pid 615] close(5) = 0 [pid 615] close(6) = -1 EBADF (Bad file descriptor) [pid 615] close(7) = -1 EBADF (Bad file descriptor) [pid 615] close(8) = -1 EBADF (Bad file descriptor) [pid 615] close(9) = -1 EBADF (Bad file descriptor) [pid 615] close(10) = -1 EBADF (Bad file descriptor) [pid 615] close(11) = -1 EBADF (Bad file descriptor) [pid 615] close(12) = -1 EBADF (Bad file descriptor) [pid 615] close(13) = -1 EBADF (Bad file descriptor) [pid 615] close(14) = -1 EBADF (Bad file descriptor) [pid 615] close(15) = -1 EBADF (Bad file descriptor) [pid 615] close(16) = -1 EBADF (Bad file descriptor) [pid 615] close(17) = -1 EBADF (Bad file descriptor) [pid 615] close(18) = -1 EBADF (Bad file descriptor) [pid 615] close(19) = -1 EBADF (Bad file descriptor) [pid 615] close(20) = -1 EBADF (Bad file descriptor) [pid 615] close(21) = -1 EBADF (Bad file descriptor) [pid 615] close(22) = -1 EBADF (Bad file descriptor) [pid 615] close(23) = -1 EBADF (Bad file descriptor) [pid 615] close(24) = -1 EBADF (Bad file descriptor) [ 134.015813][ T615] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 134.020375][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 134.025451][ T615] cgroup_file_write+0x28e/0x590 [ 134.045035][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 134.049588][ T615] ? cgroup_seqfile_stop+0xc0/0xc0 [ 134.055637][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 134.060273][ T615] ? mutex_lock+0xa6/0x110 [ 134.060289][ T615] ? mutex_trylock+0xb0/0xb0 [ 134.062586][ T382] Call Trace: [pid 615] close(25write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 615] close(26) = -1 EBADF (Bad file descriptor) [pid 615] close(27) = -1 EBADF (Bad file descriptor) [pid 615] close(28) = -1 EBADF (Bad file descriptor) [pid 615] close(29) = -1 EBADF (Bad file descriptor) [pid 615] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 615] exit_group(0) = ? [pid 615] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 134.067584][ T615] ? __kasan_check_write+0x14/0x20 [ 134.075539][ T382] ? lockref_get_or_lock+0x340/0x340 [ 134.080695][ T615] kernfs_fop_write_iter+0x2d0/0x410 [ 134.080711][ T615] ? cgroup_seqfile_stop+0xc0/0xc0 [ 134.085531][ T382] ? umount_tree+0xf50/0xf50 [ 134.091383][ T615] vfs_write+0xc1c/0xf40 [ 134.091392][ T615] ? __kasan_check_write+0x14/0x20 [ 134.091408][ T615] ? kernel_write+0x3c0/0x3c0 [ 134.099352][ T382] ? vfs_submount+0xb0/0xb0 [ 134.104424][ T615] ? _raw_spin_unlock_irq+0x4e/0x70 [ 134.104434][ T615] ? ptrace_stop+0x6ff/0x9f0 [ 134.104449][ T615] ? __kasan_check_read+0x11/0x20 [ 134.109273][ T382] ? dput+0x2b6/0x320 [ 134.117215][ T615] ? __fdget_pos+0x27e/0x310 [ 134.117224][ T615] ksys_write+0x198/0x2c0 [ 134.117234][ T615] ? do_notify_parent+0xa60/0xa60 [ 134.117248][ T615] ? __ia32_sys_read+0x90/0x90 [ 134.121815][ T382] path_umount+0x1fe/0xfb0 [ 134.127235][ T615] ? __ia32_sys_open+0x270/0x270 [ 134.132328][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 134.140258][ T615] __x64_sys_write+0x7b/0x90 [ 134.140274][ T615] do_syscall_64+0x34/0x70 [ 134.145527][ T382] ? user_path_at_empty+0x40/0x50 [ 134.153467][ T615] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 134.153476][ T615] RIP: 0033:0x7fc8ece62c09 [ 134.153491][ T615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 134.159445][ T382] __x64_sys_umount+0x122/0x170 [ 134.165384][ T615] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.165404][ T615] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 134.170512][ T382] ? path_umount+0xfb0/0xfb0 [ 134.179395][ T615] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 134.184315][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 134.190857][ T615] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 134.190864][ T615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 134.190878][ T615] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000024 [ 134.196827][ T382] do_syscall_64+0x34/0x70 [ 134.205349][ T615] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 134.209689][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 134.209698][ T382] RIP: 0033:0x7fc8ece63fb7 [ 134.209715][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 134.487202][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [pid 380] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] <... umount2 resumed>) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./36/binderfs") = 0 [pid 380] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./36/cgroup") = 0 [pid 380] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./36/cgroup.net") = 0 [pid 380] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./36/file0") = 0 [pid 380] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./36/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./36") = 0 [pid 380] mkdir("./37", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 617 attached , child_tidptr=0x555556fab5d0) = 39 [pid 382] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./41/file0") = 0 [pid 382] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./41/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 617] chdir("./37" [pid 382] close(3) = 0 [pid 382] rmdir("./41") = 0 [pid 382] mkdir("./42", 0777 [pid 617] <... chdir resumed>) = 0 [pid 617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] <... mkdir resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 617] <... prctl resumed>) = 0 [pid 617] setpgid(0, 0 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 44 ./strace-static-x86_64: Process 618 attached [pid 618] chdir("./42") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 617] <... setpgid resumed>) = 0 [pid 617] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 618] setpgid(0, 0 [pid 617] <... symlink resumed>) = 0 [pid 617] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 618] <... setpgid resumed>) = 0 [pid 617] <... symlink resumed>) = 0 [pid 617] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 618] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 617] <... symlink resumed>) = 0 [pid 617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 618] <... symlink resumed>) = 0 [pid 617] <... openat resumed>) = 3 [pid 617] write(3, "1000", 4 [pid 618] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 617] <... write resumed>) = 4 [pid 617] close(3) = 0 [pid 618] <... symlink resumed>) = 0 [pid 617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 617] mkdirat(AT_FDCWD, "./file0", 000 [pid 618] <... symlink resumed>) = 0 [pid 617] <... mkdirat resumed>) = 0 [pid 617] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 617] open("./file0", O_RDONLY) = 3 [pid 617] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 617] write(4, "-pids ", 6 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 618] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 618] open("./file0", O_RDONLY) = 3 [pid 618] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 618] write(4, "-pids ", 6) = 6 [pid 617] <... write resumed>) = 6 [pid 616] <... write resumed>) = 6 [pid 618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 617] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 618] <... openat resumed>) = 5 [pid 617] <... openat resumed>) = 5 [pid 618] write(5, "22", 2 [ 134.495633][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 134.503621][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 134.511596][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 134.519559][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 134.527566][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002a [ 134.535548][ T382] ---[ end trace d4de1ca9cdcd1987 ]--- [pid 617] write(5, "22", 2 [pid 618] <... write resumed>) = 2 [pid 617] <... write resumed>) = 2 [pid 618] write(4, "+pids ", 6 [pid 617] write(4, "+pids ", 6 [pid 616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 616] write(5, "22", 2) = 2 [ 134.560511][ T613] FAULT_INJECTION: forcing a failure. [ 134.560511][ T613] name failslab, interval 1, probability 0, space 0, times 0 [ 134.573205][ T613] CPU: 1 PID: 613 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 134.584825][ T613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.594865][ T613] Call Trace: [ 134.598132][ T613] dump_stack_lvl+0x1e2/0x24b [ 134.602794][ T613] ? panic+0x7d7/0x7d7 [ 134.606846][ T613] ? bfq_pos_tree_add_move+0x43e/0x43e [ 134.612299][ T613] ? find_next_bit+0xd6/0x120 [ 134.616964][ T613] ? cpumask_next+0x11/0x30 [ 134.621440][ T613] dump_stack+0x15/0x17 [ 134.625571][ T613] should_fail+0x3c0/0x510 [ 134.629974][ T613] ? percpu_ref_init+0xd0/0x330 [ 134.634813][ T613] __should_failslab+0x9f/0xe0 [ 134.639557][ T613] should_failslab+0x9/0x20 [ 134.644045][ T613] kmem_cache_alloc_trace+0x3a/0x330 [ 134.649304][ T613] percpu_ref_init+0xd0/0x330 [ 134.653966][ T613] ? cgroup_setup_root+0xea0/0xea0 [ 134.659075][ T613] cgroup_apply_control_enable+0x3a2/0x12f0 [ 134.664953][ T613] cgroup_apply_control+0x93/0x710 [ 134.670043][ T613] ? css_next_child+0x160/0x160 [ 134.674875][ T613] ? stack_trace_save+0x12d/0x1f0 [ 134.679893][ T613] ? io_schedule+0x120/0x120 [ 134.684472][ T613] ? kernfs_fop_write_iter+0x15e/0x410 [ 134.689911][ T613] ? __kasan_check_write+0x14/0x20 [ 134.695003][ T613] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 134.700268][ T613] cgroup_subtree_control_write+0xd19/0x1310 [ 134.706226][ T613] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 134.712190][ T613] ? __kasan_check_write+0x14/0x20 [ 134.717289][ T613] ? _copy_from_iter+0x3fb/0xd60 [ 134.722219][ T613] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 134.728184][ T613] cgroup_file_write+0x28e/0x590 [ 134.733104][ T613] ? cgroup_seqfile_stop+0xc0/0xc0 [ 134.738212][ T613] ? mutex_lock+0xa6/0x110 [ 134.742611][ T613] ? mutex_trylock+0xb0/0xb0 [ 134.747183][ T613] ? __kasan_check_write+0x14/0x20 [ 134.752289][ T613] kernfs_fop_write_iter+0x2d0/0x410 [ 134.757559][ T613] ? cgroup_seqfile_stop+0xc0/0xc0 [ 134.762652][ T613] vfs_write+0xc1c/0xf40 [ 134.766871][ T613] ? __kasan_check_write+0x14/0x20 [ 134.771965][ T613] ? kernel_write+0x3c0/0x3c0 [ 134.776626][ T613] ? _raw_spin_unlock_irq+0x4e/0x70 [ 134.781813][ T613] ? ptrace_stop+0x6ff/0x9f0 [ 134.786399][ T613] ? __kasan_check_read+0x11/0x20 [ 134.791415][ T613] ? __fdget_pos+0x27e/0x310 [ 134.796000][ T613] ksys_write+0x198/0x2c0 [ 134.800322][ T613] ? do_notify_parent+0xa60/0xa60 [ 134.805335][ T613] ? __ia32_sys_read+0x90/0x90 [ 134.810080][ T613] ? __ia32_sys_open+0x270/0x270 [ 134.815015][ T613] __x64_sys_write+0x7b/0x90 [ 134.819589][ T613] do_syscall_64+0x34/0x70 [ 134.823991][ T613] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 134.829870][ T613] RIP: 0033:0x7fc8ece62c09 [ 134.834272][ T613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 616] write(4, "+pids ", 6 [pid 613] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 613] close(3) = 0 [pid 613] close(4) = 0 [pid 613] close(5) = 0 [pid 613] close(6) = -1 EBADF (Bad file descriptor) [pid 613] close(7) = -1 EBADF (Bad file descriptor) [pid 613] close(8) = -1 EBADF (Bad file descriptor) [pid 613] close(9) = -1 EBADF (Bad file descriptor) [pid 613] close(10) = -1 EBADF (Bad file descriptor) [pid 613] close(11) = -1 EBADF (Bad file descriptor) [pid 613] close(12) = -1 EBADF (Bad file descriptor) [pid 613] close(13) = -1 EBADF (Bad file descriptor) [pid 613] close(14) = -1 EBADF (Bad file descriptor) [pid 613] close(15) = -1 EBADF (Bad file descriptor) [pid 613] close(16) = -1 EBADF (Bad file descriptor) [pid 613] close(17) = -1 EBADF (Bad file descriptor) [pid 613] close(18) = -1 EBADF (Bad file descriptor) [pid 613] close(19) = -1 EBADF (Bad file descriptor) [pid 613] close(20) = -1 EBADF (Bad file descriptor) [pid 613] close(21) = -1 EBADF (Bad file descriptor) [pid 613] close(22) = -1 EBADF (Bad file descriptor) [pid 613] close(23) = -1 EBADF (Bad file descriptor) [pid 613] close(24) = -1 EBADF (Bad file descriptor) [pid 613] close(25) = -1 EBADF (Bad file descriptor) [pid 613] close(26) = -1 EBADF (Bad file descriptor) [pid 613] close(27) = -1 EBADF (Bad file descriptor) [pid 613] close(28) = -1 EBADF (Bad file descriptor) [pid 613] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 613] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 613] exit_group(0) = ? [pid 613] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./41/binderfs") = 0 [pid 375] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./41/cgroup") = 0 [pid 375] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./41/cgroup.net") = 0 [pid 375] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./41/file0") = 0 [pid 375] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./41/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./41") = 0 [pid 375] mkdir("./42", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 619 attached , child_tidptr=0x555556fab5d0) = 44 [pid 619] chdir("./42") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 619] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 619] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 619] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 619] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 619] open("./file0", O_RDONLY) = 3 [pid 619] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 134.853863][ T613] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 134.862263][ T613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 134.870219][ T613] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 134.878184][ T613] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 134.886140][ T613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 134.894097][ T613] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 134.940428][ T616] FAULT_INJECTION: forcing a failure. [ 134.940428][ T616] name failslab, interval 1, probability 0, space 0, times 0 [ 134.953188][ T616] CPU: 0 PID: 616 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 134.964799][ T616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.974883][ T616] Call Trace: [ 134.978166][ T616] dump_stack_lvl+0x1e2/0x24b [ 134.982826][ T616] ? panic+0x7d7/0x7d7 [ 134.986878][ T616] ? bfq_pos_tree_add_move+0x43e/0x43e [ 134.992314][ T616] ? find_next_bit+0xd6/0x120 [ 134.996965][ T616] ? cpumask_next+0x11/0x30 [ 135.001445][ T616] dump_stack+0x15/0x17 [ 135.005586][ T616] should_fail+0x3c0/0x510 [ 135.009984][ T616] ? percpu_ref_init+0xd0/0x330 [ 135.014821][ T616] __should_failslab+0x9f/0xe0 [ 135.019557][ T616] should_failslab+0x9/0x20 [ 135.024040][ T616] kmem_cache_alloc_trace+0x3a/0x330 [ 135.029308][ T616] percpu_ref_init+0xd0/0x330 [ 135.033972][ T616] ? cgroup_setup_root+0xea0/0xea0 [ 135.039059][ T616] cgroup_apply_control_enable+0x3a2/0x12f0 [ 135.044927][ T616] cgroup_apply_control+0x93/0x710 [ 135.050021][ T616] ? css_next_child+0x160/0x160 [ 135.054848][ T616] ? io_schedule+0x120/0x120 [ 135.059412][ T616] ? kernfs_fop_write_iter+0x15e/0x410 [ 135.064843][ T616] ? __kasan_check_write+0x14/0x20 [ 135.069928][ T616] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 135.075188][ T616] cgroup_subtree_control_write+0xd19/0x1310 [ 135.081142][ T616] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.087110][ T616] ? __kasan_check_write+0x14/0x20 [ 135.092204][ T616] ? _copy_from_iter+0x3fb/0xd60 [ 135.097115][ T616] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.103076][ T616] cgroup_file_write+0x28e/0x590 [ 135.108004][ T616] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.113092][ T616] ? mutex_lock+0xa6/0x110 [ 135.117482][ T616] ? mutex_trylock+0xb0/0xb0 [ 135.122049][ T616] ? __kasan_check_write+0x14/0x20 [ 135.127495][ T616] kernfs_fop_write_iter+0x2d0/0x410 [ 135.132763][ T616] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.137857][ T616] vfs_write+0xc1c/0xf40 [ 135.142082][ T616] ? __kasan_check_write+0x14/0x20 [ 135.147178][ T616] ? kernel_write+0x3c0/0x3c0 [ 135.151837][ T616] ? _raw_spin_unlock_irq+0x4e/0x70 [ 135.157011][ T616] ? ptrace_stop+0x6ff/0x9f0 [ 135.161587][ T616] ? __kasan_check_read+0x11/0x20 [ 135.166595][ T616] ? __fdget_pos+0x27e/0x310 [ 135.171160][ T616] ksys_write+0x198/0x2c0 [ 135.175466][ T616] ? do_notify_parent+0xa60/0xa60 [ 135.180473][ T616] ? __ia32_sys_read+0x90/0x90 [ 135.185217][ T616] ? __ia32_sys_open+0x270/0x270 [ 135.190136][ T616] __x64_sys_write+0x7b/0x90 [ 135.194711][ T616] do_syscall_64+0x34/0x70 [ 135.199117][ T616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 135.204992][ T616] RIP: 0033:0x7fc8ece62c09 [ 135.209378][ T616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.228958][ T616] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 619] write(4, "-pids ", 6 [pid 616] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 616] close(3) = 0 [pid 616] close(4) = 0 [pid 616] close(5) = 0 [pid 616] close(6) = -1 EBADF (Bad file descriptor) [pid 616] close(7) = -1 EBADF (Bad file descriptor) [pid 616] close(8) = -1 EBADF (Bad file descriptor) [pid 616] close(9) = -1 EBADF (Bad file descriptor) [pid 616] close(10) = -1 EBADF (Bad file descriptor) [pid 616] close(11) = -1 EBADF (Bad file descriptor) [pid 616] close(12) = -1 EBADF (Bad file descriptor) [pid 616] close(13) = -1 EBADF (Bad file descriptor) [pid 616] close(14) = -1 EBADF (Bad file descriptor) [pid 616] close(15) = -1 EBADF (Bad file descriptor) [pid 616] close(16) = -1 EBADF (Bad file descriptor) [pid 616] close(17) = -1 EBADF (Bad file descriptor) [pid 616] close(18) = -1 EBADF (Bad file descriptor) [pid 616] close(19) = -1 EBADF (Bad file descriptor) [pid 616] close(20) = -1 EBADF (Bad file descriptor) [pid 616] close(21) = -1 EBADF (Bad file descriptor) [pid 616] close(22) = -1 EBADF (Bad file descriptor) [pid 616] close(23) = -1 EBADF (Bad file descriptor) [pid 616] close(24) = -1 EBADF (Bad file descriptor) [pid 616] close(25) = -1 EBADF (Bad file descriptor) [pid 616] close(26) = -1 EBADF (Bad file descriptor) [pid 616] close(27) = -1 EBADF (Bad file descriptor) [pid 616] close(28) = -1 EBADF (Bad file descriptor) [pid 616] close(29) = -1 EBADF (Bad file descriptor) [pid 616] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 616] exit_group(0) = ? [pid 616] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./38/binderfs") = 0 [pid 376] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./38/cgroup") = 0 [pid 376] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./38/cgroup.net") = 0 [pid 376] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./38/file0") = 0 [pid 376] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./38/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./38") = 0 [pid 376] mkdir("./39", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 620 attached , child_tidptr=0x555556fab5d0) = 41 [pid 620] chdir("./39") = 0 [pid 620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 620] setpgid(0, 0) = 0 [pid 620] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 620] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 620] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 620] write(3, "1000", 4) = 4 [pid 620] close(3) = 0 [pid 620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 620] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 620] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 620] open("./file0", O_RDONLY) = 3 [pid 620] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 135.237362][ T616] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 135.245315][ T616] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 135.253266][ T616] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 135.261220][ T616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 135.269178][ T616] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000026 [pid 620] write(4, "-pids ", 6) = 6 [pid 619] <... write resumed>) = 6 [pid 620] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 619] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 620] write(5, "22", 2 [pid 619] <... openat resumed>) = 5 [pid 620] <... write resumed>) = 2 [pid 620] write(4, "+pids ", 6 [pid 619] write(5, "22", 2) = 2 [ 135.320374][ T611] FAULT_INJECTION: forcing a failure. [ 135.320374][ T611] name failslab, interval 1, probability 0, space 0, times 0 [ 135.334452][ T611] CPU: 0 PID: 611 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 135.346071][ T611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.356108][ T611] Call Trace: [ 135.359391][ T611] dump_stack_lvl+0x1e2/0x24b [ 135.364043][ T611] ? panic+0x7d7/0x7d7 [ 135.368092][ T611] ? bfq_pos_tree_add_move+0x43e/0x43e [ 135.373526][ T611] ? find_next_bit+0xd6/0x120 [ 135.378186][ T611] ? cpumask_next+0x11/0x30 [ 135.382685][ T611] dump_stack+0x15/0x17 [ 135.386846][ T611] should_fail+0x3c0/0x510 [ 135.391248][ T611] ? percpu_ref_init+0xd0/0x330 [ 135.396085][ T611] __should_failslab+0x9f/0xe0 [ 135.400833][ T611] should_failslab+0x9/0x20 [ 135.405312][ T611] kmem_cache_alloc_trace+0x3a/0x330 [ 135.410580][ T611] percpu_ref_init+0xd0/0x330 [ 135.415248][ T611] ? cgroup_setup_root+0xea0/0xea0 [ 135.420342][ T611] cgroup_apply_control_enable+0x3a2/0x12f0 [ 135.426215][ T611] cgroup_apply_control+0x93/0x710 [ 135.431306][ T611] ? css_next_child+0x160/0x160 [ 135.436141][ T611] ? io_schedule+0x120/0x120 [ 135.440705][ T611] ? kernfs_fop_write_iter+0x15e/0x410 [ 135.446145][ T611] ? __kasan_check_write+0x14/0x20 [ 135.451241][ T611] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 135.456525][ T611] cgroup_subtree_control_write+0xd19/0x1310 [ 135.462516][ T611] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.468495][ T611] ? __kasan_check_write+0x14/0x20 [ 135.473601][ T611] ? _copy_from_iter+0x3fb/0xd60 [ 135.478516][ T611] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.484470][ T611] cgroup_file_write+0x28e/0x590 [ 135.489394][ T611] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.494489][ T611] ? mutex_lock+0xa6/0x110 [ 135.498882][ T611] ? mutex_trylock+0xb0/0xb0 [ 135.503452][ T611] ? __kasan_check_write+0x14/0x20 [ 135.508549][ T611] kernfs_fop_write_iter+0x2d0/0x410 [ 135.513817][ T611] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.518906][ T611] vfs_write+0xc1c/0xf40 [ 135.523139][ T611] ? __kasan_check_write+0x14/0x20 [ 135.528235][ T611] ? kernel_write+0x3c0/0x3c0 [ 135.532984][ T611] ? _raw_spin_unlock_irq+0x4e/0x70 [ 135.538158][ T611] ? ptrace_stop+0x6ff/0x9f0 [ 135.542734][ T611] ? __kasan_check_read+0x11/0x20 [ 135.547741][ T611] ? __fdget_pos+0x27e/0x310 [ 135.552342][ T611] ksys_write+0x198/0x2c0 [ 135.556676][ T611] ? do_notify_parent+0xa60/0xa60 [ 135.561679][ T611] ? __ia32_sys_read+0x90/0x90 [ 135.566422][ T611] ? __ia32_sys_open+0x270/0x270 [ 135.571348][ T611] __x64_sys_write+0x7b/0x90 [ 135.575913][ T611] do_syscall_64+0x34/0x70 [ 135.580304][ T611] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 135.586176][ T611] RIP: 0033:0x7fc8ece62c09 [ 135.590565][ T611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.610148][ T611] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 619] write(4, "+pids ", 6 [pid 611] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 611] close(3) = 0 [pid 611] close(4) = 0 [pid 611] close(5) = 0 [pid 611] close(6) = -1 EBADF (Bad file descriptor) [pid 611] close(7) = -1 EBADF (Bad file descriptor) [pid 611] close(8) = -1 EBADF (Bad file descriptor) [pid 611] close(9) = -1 EBADF (Bad file descriptor) [pid 611] close(10) = -1 EBADF (Bad file descriptor) [pid 611] close(11) = -1 EBADF (Bad file descriptor) [pid 611] close(12) = -1 EBADF (Bad file descriptor) [pid 611] close(13) = -1 EBADF (Bad file descriptor) [pid 611] close(14) = -1 EBADF (Bad file descriptor) [pid 611] close(15) = -1 EBADF (Bad file descriptor) [pid 611] close(16) = -1 EBADF (Bad file descriptor) [pid 611] close(17) = -1 EBADF (Bad file descriptor) [pid 611] close(18) = -1 EBADF (Bad file descriptor) [pid 611] close(19) = -1 EBADF (Bad file descriptor) [pid 611] close(20) = -1 EBADF (Bad file descriptor) [pid 611] close(21) = -1 EBADF (Bad file descriptor) [pid 611] close(22) = -1 EBADF (Bad file descriptor) [pid 611] close(23) = -1 EBADF (Bad file descriptor) [pid 611] close(24) = -1 EBADF (Bad file descriptor) [pid 611] close(25) = -1 EBADF (Bad file descriptor) [pid 611] close(26) = -1 EBADF (Bad file descriptor) [pid 611] close(27) = -1 EBADF (Bad file descriptor) [pid 611] close(28) = -1 EBADF (Bad file descriptor) [pid 611] close(29) = -1 EBADF (Bad file descriptor) [pid 611] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 611] exit_group(0) = ? [pid 611] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./37/binderfs") = 0 [pid 381] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./37/cgroup") = 0 [pid 381] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./37/cgroup.net") = 0 [pid 381] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./37/file0") = 0 [pid 381] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./37/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./37") = 0 [pid 381] mkdir("./38", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 621 attached [pid 621] chdir("./38" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 40 [pid 621] <... chdir resumed>) = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 621] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 621] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 621] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 621] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 621] open("./file0", O_RDONLY) = 3 [pid 621] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 135.618551][ T611] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 135.626508][ T611] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 135.634460][ T611] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 135.642418][ T611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 135.650369][ T611] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000025 [pid 621] write(4, "-pids ", 6) = 6 [pid 621] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 621] write(5, "22", 2) = 2 [ 135.700578][ T618] FAULT_INJECTION: forcing a failure. [ 135.700578][ T618] name failslab, interval 1, probability 0, space 0, times 0 [ 135.713621][ T618] CPU: 0 PID: 618 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 135.725231][ T618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.735265][ T618] Call Trace: [ 135.738534][ T618] dump_stack_lvl+0x1e2/0x24b [ 135.743185][ T618] ? panic+0x7d7/0x7d7 [ 135.747226][ T618] ? bfq_pos_tree_add_move+0x43e/0x43e [ 135.752658][ T618] ? find_next_bit+0xd6/0x120 [ 135.757336][ T618] ? cpumask_next+0x11/0x30 [ 135.761812][ T618] dump_stack+0x15/0x17 [ 135.765944][ T618] should_fail+0x3c0/0x510 [ 135.770335][ T618] ? percpu_ref_init+0xd0/0x330 [ 135.775162][ T618] __should_failslab+0x9f/0xe0 [ 135.779898][ T618] should_failslab+0x9/0x20 [ 135.784377][ T618] kmem_cache_alloc_trace+0x3a/0x330 [ 135.789636][ T618] percpu_ref_init+0xd0/0x330 [ 135.794288][ T618] ? cgroup_setup_root+0xea0/0xea0 [ 135.799377][ T618] cgroup_apply_control_enable+0x3a2/0x12f0 [ 135.805258][ T618] cgroup_apply_control+0x93/0x710 [ 135.810342][ T618] ? css_next_child+0x160/0x160 [ 135.815168][ T618] ? stack_trace_save+0x12d/0x1f0 [ 135.820171][ T618] ? io_schedule+0x120/0x120 [ 135.824741][ T618] ? kernfs_fop_write_iter+0x15e/0x410 [ 135.830176][ T618] ? __kasan_check_write+0x14/0x20 [ 135.835270][ T618] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 135.840539][ T618] cgroup_subtree_control_write+0xd19/0x1310 [ 135.846500][ T618] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.852468][ T618] ? __kasan_check_write+0x14/0x20 [ 135.857572][ T618] ? _copy_from_iter+0x3fb/0xd60 [ 135.862493][ T618] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 135.868451][ T618] cgroup_file_write+0x28e/0x590 [ 135.873363][ T618] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.878461][ T618] ? mutex_lock+0xa6/0x110 [ 135.882871][ T618] ? mutex_trylock+0xb0/0xb0 [ 135.887443][ T618] ? __kasan_check_write+0x14/0x20 [ 135.892530][ T618] kernfs_fop_write_iter+0x2d0/0x410 [ 135.897790][ T618] ? cgroup_seqfile_stop+0xc0/0xc0 [ 135.902899][ T618] vfs_write+0xc1c/0xf40 [ 135.907129][ T618] ? __kasan_check_write+0x14/0x20 [ 135.912230][ T618] ? kernel_write+0x3c0/0x3c0 [ 135.916900][ T618] ? _raw_spin_unlock_irq+0x4e/0x70 [ 135.922083][ T618] ? ptrace_stop+0x6ff/0x9f0 [ 135.926647][ T618] ? __kasan_check_read+0x11/0x20 [ 135.931644][ T618] ? __fdget_pos+0x27e/0x310 [ 135.936209][ T618] ksys_write+0x198/0x2c0 [ 135.940514][ T618] ? do_notify_parent+0xa60/0xa60 [ 135.945510][ T618] ? __ia32_sys_read+0x90/0x90 [ 135.950248][ T618] ? __ia32_sys_open+0x270/0x270 [ 135.955158][ T618] __x64_sys_write+0x7b/0x90 [ 135.959722][ T618] do_syscall_64+0x34/0x70 [ 135.964122][ T618] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 135.969996][ T618] RIP: 0033:0x7fc8ece62c09 [ 135.974386][ T618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 621] write(4, "+pids ", 6 [pid 383] kill(-34, SIGKILL [pid 618] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 618] close(3 [pid 383] <... kill resumed>) = 0 [pid 383] kill(34, SIGKILL [pid 618] <... close resumed>) = 0 [pid 383] <... kill resumed>) = 0 [pid 618] close(4) = 0 [pid 618] close(5) = 0 [pid 618] close(6) = -1 EBADF (Bad file descriptor) [pid 618] close(7) = -1 EBADF (Bad file descriptor) [pid 618] close(8) = -1 EBADF (Bad file descriptor) [pid 618] close(9) = -1 EBADF (Bad file descriptor) [pid 618] close(10) = -1 EBADF (Bad file descriptor) [pid 618] close(11) = -1 EBADF (Bad file descriptor) [pid 618] close(12) = -1 EBADF (Bad file descriptor) [pid 618] close(13) = -1 EBADF (Bad file descriptor) [pid 618] close(14) = -1 EBADF (Bad file descriptor) [pid 618] close(15) = -1 EBADF (Bad file descriptor) [pid 618] close(16) = -1 EBADF (Bad file descriptor) [pid 618] close(17) = -1 EBADF (Bad file descriptor) [pid 618] close(18) = -1 EBADF (Bad file descriptor) [pid 618] close(19) = -1 EBADF (Bad file descriptor) [pid 618] close(20) = -1 EBADF (Bad file descriptor) [pid 618] close(21) = -1 EBADF (Bad file descriptor) [pid 618] close(22) = -1 EBADF (Bad file descriptor) [pid 618] close(23) = -1 EBADF (Bad file descriptor) [pid 618] close(24) = -1 EBADF (Bad file descriptor) [pid 618] close(25) = -1 EBADF (Bad file descriptor) [pid 618] close(26) = -1 EBADF (Bad file descriptor) [pid 618] close(27) = -1 EBADF (Bad file descriptor) [pid 618] close(28) = -1 EBADF (Bad file descriptor) [pid 618] close(29) = -1 EBADF (Bad file descriptor) [pid 618] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 618] exit_group(0) = ? [pid 618] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./42/binderfs") = 0 [pid 382] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./42/cgroup") = 0 [pid 382] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./42/cgroup.net") = 0 [pid 382] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./42/file0") = 0 [pid 382] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./42/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./42") = 0 [pid 382] mkdir("./43", 0777) = 0 [ 135.993968][ T618] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.002357][ T618] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 136.010303][ T618] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 136.018247][ T618] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 136.026194][ T618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 136.034141][ T618] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 622 attached [pid 622] chdir("./43") = 0 [pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 45 [pid 622] <... prctl resumed>) = 0 [pid 622] setpgid(0, 0) = 0 [pid 622] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 622] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 622] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 622] write(3, "1000", 4) = 4 [pid 622] close(3) = 0 [pid 622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 622] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 136.070791][ T610] FAULT_INJECTION: forcing a failure. [ 136.070791][ T610] name failslab, interval 1, probability 0, space 0, times 0 [ 136.084382][ T610] CPU: 0 PID: 610 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 136.095999][ T610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.106029][ T610] Call Trace: [ 136.109322][ T610] dump_stack_lvl+0x1e2/0x24b [ 136.113977][ T610] ? panic+0x7d7/0x7d7 [ 136.118020][ T610] ? bfq_pos_tree_add_move+0x43e/0x43e [ 136.123459][ T610] ? find_next_bit+0xd6/0x120 [ 136.128109][ T610] ? cpumask_next+0x11/0x30 [ 136.132593][ T610] dump_stack+0x15/0x17 [ 136.136739][ T610] should_fail+0x3c0/0x510 [ 136.141135][ T610] ? percpu_ref_init+0xd0/0x330 [ 136.145977][ T610] __should_failslab+0x9f/0xe0 [ 136.150724][ T610] should_failslab+0x9/0x20 [ 136.155200][ T610] kmem_cache_alloc_trace+0x3a/0x330 [ 136.160490][ T610] percpu_ref_init+0xd0/0x330 [ 136.165142][ T610] ? cgroup_setup_root+0xea0/0xea0 [pid 622] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 383] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [ 136.170240][ T610] cgroup_apply_control_enable+0x3a2/0x12f0 [ 136.176116][ T610] cgroup_apply_control+0x93/0x710 [ 136.181207][ T610] ? css_next_child+0x160/0x160 [ 136.186035][ T610] ? stack_trace_save+0x12d/0x1f0 [ 136.191033][ T610] ? io_schedule+0x120/0x120 [ 136.195602][ T610] ? kernfs_fop_write_iter+0x15e/0x410 [ 136.201058][ T610] ? __kasan_check_write+0x14/0x20 [ 136.206154][ T610] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 136.211417][ T610] cgroup_subtree_control_write+0xd19/0x1310 [ 136.217382][ T610] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 136.223345][ T610] ? __kasan_check_write+0x14/0x20 [ 136.228432][ T610] ? _copy_from_iter+0x3fb/0xd60 [ 136.233341][ T610] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 136.239299][ T610] cgroup_file_write+0x28e/0x590 [ 136.244223][ T610] ? cgroup_seqfile_stop+0xc0/0xc0 [ 136.249318][ T610] ? mutex_lock+0xa6/0x110 [ 136.253712][ T610] ? mutex_trylock+0xb0/0xb0 [ 136.258274][ T610] ? __kasan_check_write+0x14/0x20 [ 136.263360][ T610] kernfs_fop_write_iter+0x2d0/0x410 [ 136.268619][ T610] ? cgroup_seqfile_stop+0xc0/0xc0 [ 136.273704][ T610] vfs_write+0xc1c/0xf40 [ 136.277929][ T610] ? __kasan_check_write+0x14/0x20 [ 136.283025][ T610] ? kernel_write+0x3c0/0x3c0 [ 136.287682][ T610] ? _raw_spin_unlock_irq+0x4e/0x70 [ 136.292862][ T610] ? ptrace_stop+0x6ff/0x9f0 [ 136.297427][ T610] ? __kasan_check_read+0x11/0x20 [ 136.302425][ T610] ? __fdget_pos+0x27e/0x310 [ 136.306991][ T610] ksys_write+0x198/0x2c0 [ 136.311296][ T610] ? do_notify_parent+0xa60/0xa60 [ 136.316294][ T610] ? __ia32_sys_read+0x90/0x90 [ 136.321030][ T610] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 136.327080][ T610] __x64_sys_write+0x7b/0x90 [ 136.331659][ T610] do_syscall_64+0x34/0x70 [ 136.336063][ T610] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 136.341943][ T610] RIP: 0033:0x7fc8ece62c09 [ 136.346345][ T610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 622] <... mount resumed>) = 0 [pid 610] <... write resumed>) = ? [pid 622] open("./file0", O_RDONLY) = 3 [pid 622] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 622] write(4, "-pids ", 6 [pid 610] +++ killed by SIGKILL +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=34, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 383] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./32/binderfs") = 0 [pid 383] umount2("./32/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./32/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./32/cgroup") = 0 [pid 383] umount2("./32/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./32/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./32/cgroup.net") = 0 [ 136.365937][ T610] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.374329][ T610] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 136.382287][ T610] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 136.390250][ T610] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 136.398209][ T610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 136.406161][ T610] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000020 [ 136.422707][ T383] ------------[ cut here ]------------ [ 136.428220][ T383] WARNING: CPU: 1 PID: 383 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 136.437176][ T383] Modules linked in: [ 136.440490][ T621] FAULT_INJECTION: forcing a failure. [ 136.440490][ T621] name failslab, interval 1, probability 0, space 0, times 0 [ 136.441097][ T383] CPU: 1 PID: 383 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 136.453873][ T621] CPU: 0 PID: 621 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 136.465276][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.476859][ T621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.476863][ T621] Call Trace: [ 136.476881][ T621] dump_stack_lvl+0x1e2/0x24b [ 136.476898][ T621] ? bfq_pos_tree_add_move+0x43e/0x43e [ 136.487108][ T383] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 136.497121][ T621] ? selinux_kernfs_init_security+0x1a8/0x760 [ 136.497133][ T621] dump_stack+0x15/0x17 [ 136.497151][ T621] should_fail+0x3c0/0x510 [ 136.500425][ T383] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 136.505071][ T621] ? __kernfs_new_node+0x99/0x6e0 [ 136.510503][ T383] RSP: 0018:ffffc90000b87ca0 EFLAGS: 00010293 [ 136.516103][ T621] __should_failslab+0x9f/0xe0 [ 136.522139][ T383] [ 136.526270][ T621] should_failslab+0x9/0x20 [ 136.530662][ T383] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e3b40 [ 136.550230][ T621] __kmalloc_track_caller+0x5f/0x350 [ 136.550240][ T621] kstrdup_const+0x55/0x90 [ 136.550262][ T621] __kernfs_new_node+0x99/0x6e0 [ 136.555252][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 136.561289][ T621] ? is_module_text_address+0xe1/0x140 [ 136.561298][ T621] ? kernfs_new_node+0x170/0x170 [ 136.561314][ T621] ? ptr_to_hashval+0x60/0x60 [ 136.566048][ T383] RBP: ffffc90000b87d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 136.568352][ T621] ? arch_stack_walk+0xf8/0x140 [ 136.572853][ T383] R10: fffff52000170f85 R11: 1ffff92000170f84 R12: dffffc0000000000 [ 136.580786][ T621] ? snprintf+0xd6/0x120 [ 136.580801][ T621] kernfs_new_node+0x97/0x170 [ 136.586055][ T383] R13: ffff8881192dcfc0 R14: ffffc90000b87d00 R15: 1ffff92000170f9c [ 136.590437][ T621] __kernfs_create_file+0x4a/0x270 [ 136.590453][ T621] cgroup_addrm_files+0xab8/0xfe0 [ 136.595273][ T383] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 136.603210][ T621] ? ____kasan_kmalloc+0xdc/0x110 [ 136.603225][ T621] ? __kasan_kmalloc+0x9/0x10 [ 136.608650][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 136.613555][ T621] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 136.613571][ T621] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 136.618215][ T383] CR2: 00007fc8ececd130 CR3: 0000000104bfa000 CR4: 00000000003506a0 [ 136.626155][ T621] ? delete_node+0x759/0x7b0 [ 136.626165][ T621] ? __kasan_check_read+0x11/0x20 [ 136.626178][ T621] ? delete_node+0x759/0x7b0 [ 136.631006][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.638945][ T621] ? __kasan_check_write+0x14/0x20 [ 136.643160][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.647806][ T621] ? idr_replace+0x1c4/0x230 [ 136.655755][ T383] Call Trace: [ 136.660827][ T621] ? idr_get_next+0x4b0/0x4b0 [ 136.660843][ T621] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 136.665838][ T383] ? lockref_get_or_lock+0x340/0x340 [ 136.674730][ T621] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 136.674740][ T621] css_populate_dir+0x137/0x370 [ 136.674761][ T621] cgroup_apply_control_enable+0x8b9/0x12f0 [ 136.679758][ T383] ? umount_tree+0xf50/0xf50 [ 136.684401][ T621] cgroup_apply_control+0x93/0x710 [ 136.684417][ T621] ? css_next_child+0x160/0x160 [ 136.690981][ T383] ? vfs_submount+0xb0/0xb0 [ 136.696489][ T621] ? stack_trace_save+0x12d/0x1f0 [ 136.702617][ T383] ? dput+0x2b6/0x320 [ 136.710553][ T621] ? io_schedule+0x120/0x120 [ 136.710569][ T621] ? kernfs_fop_write_iter+0x15e/0x410 [ 136.715128][ T383] path_umount+0x1fe/0xfb0 [ 136.720123][ T621] ? __kasan_check_write+0x14/0x20 [ 136.724691][ T383] ? namespace_unlock+0x4f0/0x4f0 [ 136.732622][ T621] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 136.732639][ T621] cgroup_subtree_control_write+0xd19/0x1310 [ 136.737720][ T383] ? user_path_at_empty+0x40/0x50 [ 136.745658][ T621] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 136.745674][ T621] ? __kasan_check_write+0x14/0x20 [ 136.750242][ T383] __x64_sys_umount+0x122/0x170 [ 136.753496][ T621] ? _copy_from_iter+0x3fb/0xd60 [ 136.758138][ T383] ? path_umount+0xfb0/0xfb0 [ 136.763125][ T621] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 136.763140][ T621] cgroup_file_write+0x28e/0x590 [ 136.768396][ T383] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 136.773555][ T621] ? cgroup_seqfile_stop+0xc0/0xc0 [ 136.773571][ T621] ? mutex_lock+0xa6/0x110 [ 136.778390][ T383] do_syscall_64+0x34/0x70 [ 136.784259][ T621] ? mutex_trylock+0xb0/0xb0 [ 136.784276][ T621] ? __kasan_check_write+0x14/0x20 [ 136.788839][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [pid 383] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./32/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./32/file0") = 0 [pid 383] umount2("./32/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./32/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./32/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./32") = 0 [pid 383] mkdir("./33", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 35 ./strace-static-x86_64: Process 623 attached [pid 623] chdir("./33") = 0 [pid 623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 623] setpgid(0, 0) = 0 [pid 623] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 623] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 623] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 623] write(3, "1000", 4) = 4 [pid 623] close(3) = 0 [pid 623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 623] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 136.793912][ T621] kernfs_fop_write_iter+0x2d0/0x410 [ 136.793927][ T621] ? cgroup_seqfile_stop+0xc0/0xc0 [ 136.798749][ T383] RIP: 0033:0x7fc8ece63fb7 [ 136.803215][ T621] vfs_write+0xc1c/0xf40 [ 136.803235][ T621] ? __kasan_check_write+0x14/0x20 [ 136.808316][ T383] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.812349][ T621] ? kernel_write+0x3c0/0x3c0 [ 136.812364][ T621] ? _raw_spin_unlock_irq+0x4e/0x70 [ 136.816923][ T383] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 136.822358][ T621] ? ptrace_stop+0x6ff/0x9f0 [ 136.822374][ T621] ? __kasan_check_read+0x11/0x20 [ 136.826757][ T383] ORIG_RAX: 00000000000000a6 [ 136.831835][ T621] ? __fdget_pos+0x27e/0x310 [ 136.831850][ T621] ksys_write+0x198/0x2c0 [ 136.836844][ T383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 136.842093][ T621] ? do_notify_parent+0xa60/0xa60 [ 136.842108][ T621] ? __ia32_sys_read+0x90/0x90 [ 136.848056][ T383] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 136.853046][ T621] ? __ia32_sys_open+0x270/0x270 [ 136.853062][ T621] __x64_sys_write+0x7b/0x90 [ 136.859014][ T383] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 136.864094][ T621] do_syscall_64+0x34/0x70 [ 136.864110][ T621] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 136.868926][ T383] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 136.873825][ T621] RIP: 0033:0x7fc8ece62c09 [ 136.873841][ T621] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 136.878392][ T383] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000021 [ 136.878403][ T383] ---[ end trace d4de1ca9cdcd1988 ]--- [ 136.884345][ T621] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.884363][ T621] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 623] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 621] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 623] <... mount resumed>) = 0 [pid 621] close(3) = 0 [pid 621] close(4) = 0 [pid 621] close(5) = 0 [pid 621] close(6) = -1 EBADF (Bad file descriptor) [pid 621] close(7) = -1 EBADF (Bad file descriptor) [pid 621] close(8) = -1 EBADF (Bad file descriptor) [pid 621] close(9) = -1 EBADF (Bad file descriptor) [pid 621] close(10) = -1 EBADF (Bad file descriptor) [pid 621] close(11) = -1 EBADF (Bad file descriptor) [pid 621] close(12) = -1 EBADF (Bad file descriptor) [pid 621] close(13) = -1 EBADF (Bad file descriptor) [pid 621] close(14) = -1 EBADF (Bad file descriptor) [pid 621] close(15) = -1 EBADF (Bad file descriptor) [pid 621] close(16) = -1 EBADF (Bad file descriptor) [pid 621] close(17) = -1 EBADF (Bad file descriptor) [pid 621] close(18) = -1 EBADF (Bad file descriptor) [pid 621] close(19) = -1 EBADF (Bad file descriptor) [pid 621] close(20) = -1 EBADF (Bad file descriptor) [pid 621] close(21) = -1 EBADF (Bad file descriptor) [pid 621] close(22) = -1 EBADF (Bad file descriptor) [pid 621] close(23) = -1 EBADF (Bad file descriptor) [pid 621] close(24) = -1 EBADF (Bad file descriptor) [pid 621] close(25) = -1 EBADF (Bad file descriptor) [pid 621] close(26) = -1 EBADF (Bad file descriptor) [pid 621] close(27) = -1 EBADF (Bad file descriptor) [pid 621] close(28) = -1 EBADF (Bad file descriptor) [pid 621] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 621] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 621] exit_group(0) = ? [pid 623] open("./file0", O_RDONLY [pid 621] +++ exited with 0 +++ [pid 623] <... open resumed>) = 3 [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 623] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 381] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 623] write(4, "-pids ", 6 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./38/binderfs") = 0 [pid 381] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./38/cgroup") = 0 [pid 381] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./38/cgroup.net") = 0 [pid 381] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./38/file0") = 0 [pid 381] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./38/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./38") = 0 [pid 381] mkdir("./39", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 624 attached , child_tidptr=0x555556fab5d0) = 41 [pid 624] chdir("./39") = 0 [pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 624] setpgid(0, 0) = 0 [pid 624] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 624] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 624] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 624] write(3, "1000", 4) = 4 [pid 624] close(3) = 0 [pid 624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 624] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 624] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 624] open("./file0", O_RDONLY) = 3 [pid 624] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 137.121998][ T621] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 137.129951][ T621] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 137.137909][ T621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 137.145871][ T621] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000026 [ 137.154040][ T621] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 624] write(4, "-pids ", 6) = 6 [pid 622] <... write resumed>) = 6 [pid 624] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 624] write(5, "22", 2) = 2 [pid 624] write(4, "+pids ", 6 [pid 622] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 622] write(5, "22", 2) = 2 [ 137.190594][ T617] FAULT_INJECTION: forcing a failure. [ 137.190594][ T617] name failslab, interval 1, probability 0, space 0, times 0 [ 137.203313][ T617] CPU: 1 PID: 617 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 137.214926][ T617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.224958][ T617] Call Trace: [ 137.228231][ T617] dump_stack_lvl+0x1e2/0x24b [ 137.232902][ T617] ? panic+0x7d7/0x7d7 [ 137.236960][ T617] ? bfq_pos_tree_add_move+0x43e/0x43e [ 137.242401][ T617] ? find_next_bit+0xd6/0x120 [ 137.247053][ T617] ? cpumask_next+0x11/0x30 [ 137.251532][ T617] dump_stack+0x15/0x17 [ 137.255661][ T617] should_fail+0x3c0/0x510 [ 137.260052][ T617] ? percpu_ref_init+0xd0/0x330 [ 137.264876][ T617] __should_failslab+0x9f/0xe0 [ 137.269620][ T617] should_failslab+0x9/0x20 [ 137.274115][ T617] kmem_cache_alloc_trace+0x3a/0x330 [ 137.279385][ T617] percpu_ref_init+0xd0/0x330 [ 137.284034][ T617] ? cgroup_setup_root+0xea0/0xea0 [ 137.289132][ T617] cgroup_apply_control_enable+0x3a2/0x12f0 [ 137.295018][ T617] cgroup_apply_control+0x93/0x710 [ 137.300112][ T617] ? css_next_child+0x160/0x160 [ 137.304947][ T617] ? stack_trace_save+0x12d/0x1f0 [ 137.309954][ T617] ? io_schedule+0x120/0x120 [ 137.314530][ T617] ? kernfs_fop_write_iter+0x15e/0x410 [ 137.319977][ T617] ? __kasan_check_write+0x14/0x20 [ 137.325076][ T617] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 137.330344][ T617] cgroup_subtree_control_write+0xd19/0x1310 [ 137.336319][ T617] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 137.342304][ T617] ? __kasan_check_write+0x14/0x20 [ 137.347427][ T617] ? _copy_from_iter+0x3fb/0xd60 [ 137.352344][ T617] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 137.358298][ T617] cgroup_file_write+0x28e/0x590 [ 137.363217][ T617] ? cgroup_seqfile_stop+0xc0/0xc0 [ 137.368313][ T617] ? mutex_lock+0xa6/0x110 [ 137.372706][ T617] ? mutex_trylock+0xb0/0xb0 [ 137.377276][ T617] ? __kasan_check_write+0x14/0x20 [ 137.382372][ T617] kernfs_fop_write_iter+0x2d0/0x410 [ 137.387640][ T617] ? cgroup_seqfile_stop+0xc0/0xc0 [ 137.392747][ T617] vfs_write+0xc1c/0xf40 [ 137.396992][ T617] ? __kasan_check_write+0x14/0x20 [ 137.402092][ T617] ? kernel_write+0x3c0/0x3c0 [ 137.406765][ T617] ? _raw_spin_unlock_irq+0x4e/0x70 [ 137.411947][ T617] ? ptrace_stop+0x6ff/0x9f0 [ 137.416542][ T617] ? __kasan_check_read+0x11/0x20 [ 137.421554][ T617] ? __fdget_pos+0x27e/0x310 [ 137.426121][ T617] ksys_write+0x198/0x2c0 [ 137.430430][ T617] ? do_notify_parent+0xa60/0xa60 [ 137.435432][ T617] ? __ia32_sys_read+0x90/0x90 [ 137.440191][ T617] ? __ia32_sys_open+0x270/0x270 [ 137.445117][ T617] __x64_sys_write+0x7b/0x90 [ 137.449684][ T617] do_syscall_64+0x34/0x70 [ 137.454100][ T617] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 137.459967][ T617] RIP: 0033:0x7fc8ece62c09 [ 137.464357][ T617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 622] write(4, "+pids ", 6 [pid 617] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 617] close(3) = 0 [pid 617] close(4) = 0 [pid 617] close(5) = 0 [pid 617] close(6) = -1 EBADF (Bad file descriptor) [pid 617] close(7) = -1 EBADF (Bad file descriptor) [pid 617] close(8) = -1 EBADF (Bad file descriptor) [pid 617] close(9) = -1 EBADF (Bad file descriptor) [pid 617] close(10) = -1 EBADF (Bad file descriptor) [pid 617] close(11) = -1 EBADF (Bad file descriptor) [pid 617] close(12) = -1 EBADF (Bad file descriptor) [pid 617] close(13) = -1 EBADF (Bad file descriptor) [pid 617] close(14) = -1 EBADF (Bad file descriptor) [pid 617] close(15) = -1 EBADF (Bad file descriptor) [pid 617] close(16) = -1 EBADF (Bad file descriptor) [pid 617] close(17) = -1 EBADF (Bad file descriptor) [pid 617] close(18) = -1 EBADF (Bad file descriptor) [pid 617] close(19) = -1 EBADF (Bad file descriptor) [pid 617] close(20) = -1 EBADF (Bad file descriptor) [pid 617] close(21) = -1 EBADF (Bad file descriptor) [pid 617] close(22) = -1 EBADF (Bad file descriptor) [pid 617] close(23) = -1 EBADF (Bad file descriptor) [pid 617] close(24) = -1 EBADF (Bad file descriptor) [pid 617] close(25) = -1 EBADF (Bad file descriptor) [pid 617] close(26) = -1 EBADF (Bad file descriptor) [pid 617] close(27) = -1 EBADF (Bad file descriptor) [pid 617] close(28) = -1 EBADF (Bad file descriptor) [pid 617] close(29) = -1 EBADF (Bad file descriptor) [pid 617] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 617] exit_group(0) = ? write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 617] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./37/binderfs") = 0 [pid 380] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./37/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./37/cgroup") = 0 [pid 380] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./37/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./37/cgroup.net") = 0 [pid 380] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./37/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./37/file0") = 0 [pid 380] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./37/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./37/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./37") = 0 [pid 380] mkdir("./38", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 625 attached , child_tidptr=0x555556fab5d0) = 40 [pid 625] chdir("./38") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 625] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 625] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 625] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 625] open("./file0", O_RDONLY) = 3 [pid 625] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 137.483938][ T617] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.492327][ T617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 137.500282][ T617] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 137.508240][ T617] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 137.516198][ T617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 137.524153][ T617] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000025 [ 137.580564][ T620] FAULT_INJECTION: forcing a failure. [ 137.580564][ T620] name failslab, interval 1, probability 0, space 0, times 0 [ 137.593220][ T620] CPU: 0 PID: 620 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 137.604833][ T620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.614861][ T620] Call Trace: [ 137.618130][ T620] dump_stack_lvl+0x1e2/0x24b [ 137.622787][ T620] ? bfq_pos_tree_add_move+0x43e/0x43e [ 137.628233][ T620] ? selinux_kernfs_init_security+0x1a8/0x760 [ 137.634286][ T620] dump_stack+0x15/0x17 [ 137.638419][ T620] should_fail+0x3c0/0x510 [ 137.642809][ T620] ? __kernfs_new_node+0x99/0x6e0 [ 137.647810][ T620] __should_failslab+0x9f/0xe0 [ 137.652560][ T620] should_failslab+0x9/0x20 [ 137.657054][ T620] __kmalloc_track_caller+0x5f/0x350 [ 137.662323][ T620] kstrdup_const+0x55/0x90 [ 137.666714][ T620] __kernfs_new_node+0x99/0x6e0 [ 137.671545][ T620] ? is_module_text_address+0xe1/0x140 [ 137.676984][ T620] ? kernfs_new_node+0x170/0x170 [ 137.681907][ T620] ? ptr_to_hashval+0x60/0x60 [ 137.686565][ T620] ? arch_stack_walk+0xf8/0x140 [ 137.691390][ T620] ? snprintf+0xd6/0x120 [ 137.695623][ T620] kernfs_new_node+0x97/0x170 [ 137.700278][ T620] __kernfs_create_file+0x4a/0x270 [ 137.705373][ T620] cgroup_addrm_files+0xab8/0xfe0 [ 137.710387][ T620] ? ____kasan_kmalloc+0xdc/0x110 [ 137.715385][ T620] ? __kasan_kmalloc+0x9/0x10 [ 137.720043][ T620] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 137.725569][ T620] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 137.731700][ T620] ? delete_node+0x759/0x7b0 [ 137.736271][ T620] ? __kasan_check_read+0x11/0x20 [ 137.741274][ T620] ? delete_node+0x759/0x7b0 [ 137.745844][ T620] ? __kasan_check_write+0x14/0x20 [ 137.750927][ T620] ? idr_replace+0x1c4/0x230 [ 137.755492][ T620] ? idr_get_next+0x4b0/0x4b0 [ 137.760150][ T620] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 137.765153][ T620] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 137.770329][ T620] css_populate_dir+0x137/0x370 [ 137.775166][ T620] cgroup_apply_control_enable+0x8b9/0x12f0 [ 137.781052][ T620] cgroup_apply_control+0x93/0x710 [ 137.786144][ T620] ? css_next_child+0x160/0x160 [ 137.790968][ T620] ? io_schedule+0x120/0x120 [ 137.795529][ T620] ? kernfs_fop_write_iter+0x15e/0x410 [ 137.800963][ T620] ? __kasan_check_write+0x14/0x20 [ 137.806053][ T620] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 137.811322][ T620] cgroup_subtree_control_write+0xd19/0x1310 [ 137.817284][ T620] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 137.823258][ T620] ? __kasan_check_write+0x14/0x20 [ 137.828351][ T620] ? _copy_from_iter+0x3fb/0xd60 [ 137.833258][ T620] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 137.839208][ T620] cgroup_file_write+0x28e/0x590 [ 137.844123][ T620] ? cgroup_seqfile_stop+0xc0/0xc0 [ 137.849214][ T620] ? mutex_lock+0xa6/0x110 [ 137.853599][ T620] ? mutex_trylock+0xb0/0xb0 [ 137.858160][ T620] ? __kasan_check_write+0x14/0x20 [ 137.863256][ T620] kernfs_fop_write_iter+0x2d0/0x410 [ 137.868521][ T620] ? cgroup_seqfile_stop+0xc0/0xc0 [ 137.873610][ T620] vfs_write+0xc1c/0xf40 [ 137.877844][ T620] ? __kasan_check_write+0x14/0x20 [ 137.882934][ T620] ? kernel_write+0x3c0/0x3c0 [ 137.887580][ T620] ? _raw_spin_unlock_irq+0x4e/0x70 [ 137.892749][ T620] ? ptrace_stop+0x6ff/0x9f0 [ 137.897315][ T620] ? __kasan_check_read+0x11/0x20 [ 137.902324][ T620] ? __fdget_pos+0x27e/0x310 [ 137.906903][ T620] ksys_write+0x198/0x2c0 [ 137.911227][ T620] ? do_notify_parent+0xa60/0xa60 [ 137.916231][ T620] ? __ia32_sys_read+0x90/0x90 [ 137.920965][ T620] ? __ia32_sys_open+0x270/0x270 [ 137.925880][ T620] __x64_sys_write+0x7b/0x90 [ 137.930443][ T620] do_syscall_64+0x34/0x70 [ 137.934830][ T620] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 137.940714][ T620] RIP: 0033:0x7fc8ece62c09 [ 137.945103][ T620] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 137.964690][ T620] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.973090][ T620] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 625] write(4, "-pids ", 6 [pid 620] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 620] close(3) = 0 [pid 620] close(4) = 0 [pid 620] close(5) = 0 [pid 620] close(6) = -1 EBADF (Bad file descriptor) [pid 620] close(7) = -1 EBADF (Bad file descriptor) [pid 620] close(8) = -1 EBADF (Bad file descriptor) [pid 620] close(9) = -1 EBADF (Bad file descriptor) [pid 620] close(10) = -1 EBADF (Bad file descriptor) [pid 620] close(11) = -1 EBADF (Bad file descriptor) [pid 620] close(12) = -1 EBADF (Bad file descriptor) [pid 620] close(13) = -1 EBADF (Bad file descriptor) [pid 620] close(14) = -1 EBADF (Bad file descriptor) [pid 620] close(15) = -1 EBADF (Bad file descriptor) [pid 620] close(16) = -1 EBADF (Bad file descriptor) [pid 620] close(17) = -1 EBADF (Bad file descriptor) [pid 620] close(18) = -1 EBADF (Bad file descriptor) [pid 620] close(19) = -1 EBADF (Bad file descriptor) [pid 620] close(20) = -1 EBADF (Bad file descriptor) [pid 620] close(21) = -1 EBADF (Bad file descriptor) [pid 620] close(22) = -1 EBADF (Bad file descriptor) [pid 620] close(23) = -1 EBADF (Bad file descriptor) [pid 620] close(24) = -1 EBADF (Bad file descriptor) [pid 620] close(25) = -1 EBADF (Bad file descriptor) [pid 620] close(26) = -1 EBADF (Bad file descriptor) [pid 620] close(27) = -1 EBADF (Bad file descriptor) [pid 620] close(28) = -1 EBADF (Bad file descriptor) [pid 620] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 620] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 620] exit_group(0) = ? [pid 620] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./39/binderfs") = 0 [pid 376] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./39/cgroup") = 0 [pid 376] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./39/cgroup.net") = 0 [pid 376] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./39/file0") = 0 [pid 376] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./39/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./39") = 0 [pid 376] mkdir("./40", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 626 attached , child_tidptr=0x555556fab5d0) = 42 [pid 626] chdir("./40") = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 626] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 626] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 626] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 626] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 626] open("./file0", O_RDONLY) = 3 [pid 626] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 137.981037][ T620] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 137.988980][ T620] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 137.996929][ T620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 138.004883][ T620] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [ 138.014548][ T620] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 138.060460][ T619] FAULT_INJECTION: forcing a failure. [ 138.060460][ T619] name failslab, interval 1, probability 0, space 0, times 0 [ 138.073111][ T619] CPU: 1 PID: 619 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 138.084730][ T619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.094760][ T619] Call Trace: [ 138.098035][ T619] dump_stack_lvl+0x1e2/0x24b [ 138.102695][ T619] ? bfq_pos_tree_add_move+0x43e/0x43e [ 138.108131][ T619] ? selinux_kernfs_init_security+0x1a8/0x760 [ 138.114170][ T619] dump_stack+0x15/0x17 [ 138.118299][ T619] should_fail+0x3c0/0x510 [ 138.122688][ T619] ? __kernfs_new_node+0x99/0x6e0 [ 138.127687][ T619] __should_failslab+0x9f/0xe0 [ 138.132432][ T619] should_failslab+0x9/0x20 [ 138.136924][ T619] __kmalloc_track_caller+0x5f/0x350 [ 138.143027][ T619] kstrdup_const+0x55/0x90 [ 138.147430][ T619] __kernfs_new_node+0x99/0x6e0 [ 138.152268][ T619] ? is_module_text_address+0xe1/0x140 [ 138.157709][ T619] ? kernfs_new_node+0x170/0x170 [ 138.162625][ T619] ? ptr_to_hashval+0x60/0x60 [ 138.167280][ T619] ? arch_stack_walk+0xf8/0x140 [ 138.172102][ T619] ? snprintf+0xd6/0x120 [ 138.176318][ T619] kernfs_new_node+0x97/0x170 [ 138.180969][ T619] __kernfs_create_file+0x4a/0x270 [ 138.186057][ T619] cgroup_addrm_files+0xab8/0xfe0 [ 138.191062][ T619] ? ____kasan_kmalloc+0xdc/0x110 [ 138.196055][ T619] ? __kasan_kmalloc+0x9/0x10 [ 138.200713][ T619] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 138.206240][ T619] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 138.212363][ T619] ? delete_node+0x759/0x7b0 [ 138.216941][ T619] ? __kasan_check_read+0x11/0x20 [ 138.221946][ T619] ? delete_node+0x759/0x7b0 [ 138.226507][ T619] ? __kasan_check_write+0x14/0x20 [ 138.231587][ T619] ? idr_replace+0x1c4/0x230 [ 138.236165][ T619] ? idr_get_next+0x4b0/0x4b0 [ 138.240831][ T619] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 138.245837][ T619] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 138.251012][ T619] css_populate_dir+0x137/0x370 [ 138.255846][ T619] cgroup_apply_control_enable+0x8b9/0x12f0 [ 138.261712][ T619] cgroup_apply_control+0x93/0x710 [ 138.266794][ T619] ? css_next_child+0x160/0x160 [ 138.271637][ T619] ? io_schedule+0x120/0x120 [ 138.276224][ T619] ? kernfs_fop_write_iter+0x15e/0x410 [ 138.281668][ T619] ? __kasan_check_write+0x14/0x20 [ 138.286762][ T619] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 138.292027][ T619] cgroup_subtree_control_write+0xd19/0x1310 [ 138.297983][ T619] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 138.303944][ T619] ? __kasan_check_write+0x14/0x20 [ 138.309036][ T619] ? _copy_from_iter+0x3fb/0xd60 [ 138.313958][ T619] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 138.319912][ T619] cgroup_file_write+0x28e/0x590 [ 138.324823][ T619] ? cgroup_seqfile_stop+0xc0/0xc0 [ 138.329915][ T619] ? mutex_lock+0xa6/0x110 [ 138.334319][ T619] ? mutex_trylock+0xb0/0xb0 [ 138.338904][ T619] ? __kasan_check_write+0x14/0x20 [ 138.343996][ T619] kernfs_fop_write_iter+0x2d0/0x410 [ 138.349262][ T619] ? cgroup_seqfile_stop+0xc0/0xc0 [ 138.354353][ T619] vfs_write+0xc1c/0xf40 [ 138.358567][ T619] ? __kasan_check_write+0x14/0x20 [ 138.363661][ T619] ? kernel_write+0x3c0/0x3c0 [ 138.368326][ T619] ? _raw_spin_unlock_irq+0x4e/0x70 [ 138.373508][ T619] ? ptrace_stop+0x6ff/0x9f0 [ 138.378077][ T619] ? __kasan_check_read+0x11/0x20 [ 138.383081][ T619] ? __fdget_pos+0x27e/0x310 [ 138.387665][ T619] ksys_write+0x198/0x2c0 [ 138.391984][ T619] ? do_notify_parent+0xa60/0xa60 [ 138.396991][ T619] ? __ia32_sys_read+0x90/0x90 [ 138.401725][ T619] ? __ia32_sys_open+0x270/0x270 [ 138.406645][ T619] __x64_sys_write+0x7b/0x90 [ 138.411219][ T619] do_syscall_64+0x34/0x70 [ 138.415609][ T619] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 138.421484][ T619] RIP: 0033:0x7fc8ece62c09 [ 138.425886][ T619] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 138.445475][ T619] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.453859][ T619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 626] write(4, "-pids ", 6 [pid 619] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 619] close(3) = 0 [pid 619] close(4) = 0 [pid 619] close(5) = 0 [pid 619] close(6) = -1 EBADF (Bad file descriptor) [pid 619] close(7) = -1 EBADF (Bad file descriptor) [pid 619] close(8) = -1 EBADF (Bad file descriptor) [pid 619] close(9) = -1 EBADF (Bad file descriptor) [pid 619] close(10) = -1 EBADF (Bad file descriptor) [pid 619] close(11) = -1 EBADF (Bad file descriptor) [pid 619] close(12) = -1 EBADF (Bad file descriptor) [pid 619] close(13) = -1 EBADF (Bad file descriptor) [pid 619] close(14) = -1 EBADF (Bad file descriptor) [pid 619] close(15) = -1 EBADF (Bad file descriptor) [pid 619] close(16) = -1 EBADF (Bad file descriptor) [pid 619] close(17) = -1 EBADF (Bad file descriptor) [pid 619] close(18) = -1 EBADF (Bad file descriptor) [pid 619] close(19) = -1 EBADF (Bad file descriptor) [pid 619] close(20) = -1 EBADF (Bad file descriptor) [pid 619] close(21) = -1 EBADF (Bad file descriptor) [pid 619] close(22) = -1 EBADF (Bad file descriptor) [pid 619] close(23) = -1 EBADF (Bad file descriptor) [pid 619] close(24) = -1 EBADF (Bad file descriptor) [pid 619] close(25) = -1 EBADF (Bad file descriptor) [pid 619] close(26) = -1 EBADF (Bad file descriptor) [pid 619] close(27) = -1 EBADF (Bad file descriptor) [pid 619] close(28) = -1 EBADF (Bad file descriptor) [pid 619] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 619] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 619] exit_group(0) = ? [pid 619] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./42/binderfs") = 0 [pid 375] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./42/cgroup") = 0 [pid 375] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./42/cgroup.net") = 0 [ 138.461804][ T619] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 138.469799][ T619] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 138.477756][ T619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 138.485707][ T619] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [ 138.493730][ T619] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 138.511984][ T375] ------------[ cut here ]------------ [ 138.517452][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 138.526384][ T375] Modules linked in: [ 138.530340][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 138.541959][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.552044][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 138.557663][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 138.577274][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 138.583348][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 138.591321][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 138.599274][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 138.607256][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 138.615231][ T375] R13: ffff8881192dce00 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 138.623204][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 138.632137][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.638694][ T375] CR2: 00007fc8ececd130 CR3: 000000011dd54000 CR4: 00000000003506a0 [ 138.646771][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 138.654870][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 138.662865][ T375] Call Trace: [ 138.666150][ T375] ? io_schedule+0x120/0x120 [ 138.670760][ T375] ? vfs_submount+0xb0/0xb0 [ 138.675251][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 138.680464][ T375] ? __kasan_check_write+0x14/0x20 [ 138.685562][ T375] namespace_unlock+0x448/0x4f0 [ 138.690423][ T375] ? umount_tree+0xf50/0xf50 [ 138.694995][ T375] ? __detach_mounts+0x670/0x670 [ 138.699903][ T375] ? selinux_umount+0xf0/0x130 [ 138.704682][ T375] ? security_sb_umount+0x9d/0xb0 [ 138.709690][ T375] path_umount+0xf03/0xfb0 [ 138.714105][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 138.719118][ T375] ? user_path_at_empty+0x40/0x50 [ 138.724146][ T375] __x64_sys_umount+0x122/0x170 [ 138.728987][ T375] ? path_umount+0xfb0/0xfb0 [ 138.733585][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 138.739554][ T375] do_syscall_64+0x34/0x70 [ 138.743988][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 138.749868][ T375] RIP: 0033:0x7fc8ece63fb7 [ 138.754292][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 138.773904][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 138.782313][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 138.790296][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 138.798246][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 138.806229][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 138.814212][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002b [ 138.822184][ T375] ---[ end trace d4de1ca9cdcd1989 ]--- [ 138.827713][ T375] ------------[ cut here ]------------ [ 138.827850][ T624] FAULT_INJECTION: forcing a failure. [ 138.827850][ T624] name failslab, interval 1, probability 0, space 0, times 0 [ 138.833197][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 138.833201][ T375] Modules linked in: [ 138.833224][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 138.846124][ T624] CPU: 1 PID: 624 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 138.854799][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.858643][ T624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.870274][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 138.881817][ T624] Call Trace: [ 138.881833][ T624] dump_stack_lvl+0x1e2/0x24b [ 138.881849][ T624] ? panic+0x7d7/0x7d7 [ 138.891888][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 138.901903][ T624] ? bfq_pos_tree_add_move+0x43e/0x43e [ 138.901912][ T624] ? find_next_bit+0xd6/0x120 [ 138.901929][ T624] ? cpumask_next+0x11/0x30 [ 138.907525][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 138.910774][ T624] dump_stack+0x15/0x17 [ 138.910783][ T624] should_fail+0x3c0/0x510 [ 138.910792][ T624] ? percpu_ref_init+0xd0/0x330 [ 138.910808][ T624] __should_failslab+0x9f/0xe0 [ 138.915444][ T375] [ 138.919485][ T624] should_failslab+0x9/0x20 [ 138.939071][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffd RCX: ffff8881065e13c0 [ 138.944480][ T624] kmem_cache_alloc_trace+0x3a/0x330 [ 138.944496][ T624] percpu_ref_init+0xd0/0x330 [ 138.949140][ T375] RDX: 0000000000000000 RSI: 00000000fffffffd RDI: 0000000000000000 [ 138.953607][ T624] ? cgroup_setup_root+0xea0/0xea0 [ 138.953618][ T624] cgroup_apply_control_enable+0x3a2/0x12f0 [ 138.953633][ T624] cgroup_apply_control+0x93/0x710 [ 138.959666][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 138.963785][ T624] ? css_next_child+0x160/0x160 [ 138.963793][ T624] ? stack_trace_save+0x12d/0x1f0 [ 138.963811][ T624] ? io_schedule+0x120/0x120 [ 138.968190][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 138.973003][ T624] ? kernfs_fop_write_iter+0x15e/0x410 [ 138.973013][ T624] ? __kasan_check_write+0x14/0x20 [ 138.973022][ T624] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 138.973039][ T624] cgroup_subtree_control_write+0xd19/0x1310 [ 138.977769][ T375] R13: ffff8881192dce00 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 138.980068][ T624] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 138.984545][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 138.992481][ T624] ? __kasan_check_write+0x14/0x20 [ 138.992491][ T624] ? _copy_from_iter+0x3fb/0xd60 [ 138.992507][ T624] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 138.997758][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.002397][ T624] cgroup_file_write+0x28e/0x590 [ 139.002407][ T624] ? cgroup_seqfile_stop+0xc0/0xc0 [ 139.002423][ T624] ? mutex_lock+0xa6/0x110 [ 139.010369][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 139.015477][ T624] ? mutex_trylock+0xb0/0xb0 [ 139.021343][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 139.026415][ T624] ? __kasan_check_write+0x14/0x20 [pid 375] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 624] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 624] close(3) = 0 [pid 624] close(4) = 0 [pid 624] close(5) = 0 [pid 624] close(6) = -1 EBADF (Bad file descriptor) [pid 624] close(7) = -1 EBADF (Bad file descriptor) [pid 624] close(8) = -1 EBADF (Bad file descriptor) [pid 624] close(9) = -1 EBADF (Bad file descriptor) [pid 624] close(10) = -1 EBADF (Bad file descriptor) [pid 624] close(11) = -1 EBADF (Bad file descriptor) [pid 624] close(12) = -1 EBADF (Bad file descriptor) [pid 624] close(13) = -1 EBADF (Bad file descriptor) [pid 624] close(14) = -1 EBADF (Bad file descriptor) [pid 624] close(15) = -1 EBADF (Bad file descriptor) [pid 624] close(16) = -1 EBADF (Bad file descriptor) [pid 624] close(17) = -1 EBADF (Bad file descriptor) [pid 624] close(18) = -1 EBADF (Bad file descriptor) [pid 624] close(19) = -1 EBADF (Bad file descriptor) [pid 624] close(20) = -1 EBADF (Bad file descriptor) [pid 624] close(21) = -1 EBADF (Bad file descriptor) [pid 624] close(22) = -1 EBADF (Bad file descriptor) [pid 624] close(23) = -1 EBADF (Bad file descriptor) [pid 624] close(24) = -1 EBADF (Bad file descriptor) [pid 624] close(25) = -1 EBADF (Bad file descriptor) [pid 624] close(26) = -1 EBADF (Bad file descriptor) [pid 624] close(27) = -1 EBADF (Bad file descriptor) [pid 624] close(28) = -1 EBADF (Bad file descriptor) [pid 624] close(29) = -1 EBADF (Bad file descriptor) [pid 624] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 624] exit_group(0) = ? [pid 624] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 139.034389][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 139.039175][ T624] kernfs_fop_write_iter+0x2d0/0x410 [ 139.044166][ T375] Call Trace: [ 139.048722][ T624] ? cgroup_seqfile_stop+0xc0/0xc0 [ 139.056673][ T375] ? lockref_get_or_lock+0x340/0x340 [ 139.062084][ T624] vfs_write+0xc1c/0xf40 [ 139.062094][ T624] ? __kasan_check_write+0x14/0x20 [ 139.062103][ T624] ? kernel_write+0x3c0/0x3c0 [ 139.062118][ T624] ? _raw_spin_unlock_irq+0x4e/0x70 [ 139.067197][ T375] ? umount_tree+0xf50/0xf50 [ 139.072443][ T624] ? ptrace_stop+0x6ff/0x9f0 [ 139.072453][ T624] ? __kasan_check_read+0x11/0x20 [ 139.072468][ T624] ? __fdget_pos+0x27e/0x310 [ 139.078414][ T375] ? vfs_submount+0xb0/0xb0 [ 139.086351][ T624] ksys_write+0x198/0x2c0 [ 139.086362][ T624] ? do_notify_parent+0xa60/0xa60 [ 139.086377][ T624] ? __ia32_sys_read+0x90/0x90 [ 139.092347][ T375] ? dput+0x2b6/0x320 [ 139.101219][ T624] ? __ia32_sys_open+0x270/0x270 [ 139.101237][ T624] __x64_sys_write+0x7b/0x90 [ 139.106317][ T375] path_umount+0x1fe/0xfb0 [ 139.111218][ T624] do_syscall_64+0x34/0x70 [ 139.111228][ T624] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 139.111242][ T624] RIP: 0033:0x7fc8ece62c09 [ 139.117190][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 139.123739][ T624] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.123752][ T624] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 139.128662][ T375] ? user_path_at_empty+0x40/0x50 [ 139.133726][ T624] ORIG_RAX: 0000000000000001 [ 139.133734][ T624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 139.133748][ T624] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 139.138134][ T375] __x64_sys_umount+0x122/0x170 [ 139.146064][ T624] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 139.146071][ T624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 139.146084][ T624] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [ 139.150663][ T375] ? path_umount+0xfb0/0xfb0 [ 139.369131][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 139.375115][ T375] do_syscall_64+0x34/0x70 [ 139.379529][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 139.385434][ T375] RIP: 0033:0x7fc8ece63fb7 [ 139.389833][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 381] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... umount2 resumed>) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... openat resumed>) = 3 [pid 381] fstat(3, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, [pid 375] lstat("./42/file0", [pid 381] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./39/binderfs") = 0 [pid 381] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./39/cgroup") = 0 [pid 381] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./39/cgroup.net") = 0 [pid 381] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./39/file0") = 0 [pid 381] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./39/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./39") = 0 [pid 375] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] mkdir("./40", 0777 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... mkdir resumed>) = 0 [pid 375] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] <... openat resumed>) = 4 [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 42 [pid 375] fstat(4, ./strace-static-x86_64: Process 627 attached {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 627] chdir("./40" [pid 375] getdents64(4, [pid 627] <... chdir resumed>) = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 627] <... setpgid resumed>) = 0 [pid 375] getdents64(4, [pid 627] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 627] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 627] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 627] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 627] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 627] open("./file0", O_RDONLY) = 3 [pid 627] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 627] write(4, "-pids ", 6 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./42/file0") = 0 [pid 375] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./42/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./42") = 0 [pid 375] mkdir("./43", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 628 attached [pid 628] chdir("./43" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 45 [pid 628] <... chdir resumed>) = 0 [pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 628] setpgid(0, 0) = 0 [pid 628] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 628] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 628] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [ 139.409448][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 139.417860][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 139.425846][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 139.433815][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 139.441795][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 139.449754][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002b [ 139.457746][ T375] ---[ end trace d4de1ca9cdcd198a ]--- [pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] <... write resumed>) = 6 [pid 627] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 626] <... write resumed>) = 6 [pid 623] <... write resumed>) = 6 [pid 627] <... openat resumed>) = 5 [pid 627] write(5, "22", 2) = 2 [pid 627] write(4, "+pids ", 6 [pid 628] write(3, "1000", 4) = 4 [pid 628] close(3) = 0 [pid 628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 628] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 628] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 626] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 626] write(5, "22", 2) = 2 [pid 626] write(4, "+pids ", 6 [pid 623] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 623] write(5, "22", 2) = 2 [ 139.490607][ T622] FAULT_INJECTION: forcing a failure. [ 139.490607][ T622] name failslab, interval 1, probability 0, space 0, times 0 [ 139.503358][ T622] CPU: 1 PID: 622 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 139.514984][ T622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.525027][ T622] Call Trace: [ 139.528294][ T622] dump_stack_lvl+0x1e2/0x24b [ 139.532952][ T622] ? bfq_pos_tree_add_move+0x43e/0x43e [ 139.538395][ T622] dump_stack+0x15/0x17 [ 139.542527][ T622] should_fail+0x3c0/0x510 [ 139.546920][ T622] ? pids_css_alloc+0x4e/0x120 [ 139.551659][ T622] __should_failslab+0x9f/0xe0 [ 139.556400][ T622] should_failslab+0x9/0x20 [ 139.560878][ T622] kmem_cache_alloc_trace+0x3a/0x330 [ 139.566138][ T622] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 139.571311][ T622] pids_css_alloc+0x4e/0x120 [ 139.575883][ T622] cgroup_apply_control_enable+0x350/0x12f0 [ 139.581753][ T622] cgroup_apply_control+0x93/0x710 [ 139.586845][ T622] ? css_next_child+0x160/0x160 [ 139.591680][ T622] ? io_schedule+0x120/0x120 [ 139.596242][ T622] ? kernfs_fop_write_iter+0x15e/0x410 [ 139.601680][ T622] ? __kasan_check_write+0x14/0x20 [ 139.606773][ T622] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 139.612032][ T622] cgroup_subtree_control_write+0xd19/0x1310 [ 139.617982][ T622] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 139.623938][ T622] ? __kasan_check_write+0x14/0x20 [ 139.629033][ T622] ? _copy_from_iter+0x3fb/0xd60 [ 139.633956][ T622] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 139.639937][ T622] cgroup_file_write+0x28e/0x590 [ 139.644855][ T622] ? cgroup_seqfile_stop+0xc0/0xc0 [ 139.649950][ T622] ? mutex_lock+0xa6/0x110 [ 139.654339][ T622] ? mutex_trylock+0xb0/0xb0 [ 139.658903][ T622] ? __kasan_check_write+0x14/0x20 [ 139.663999][ T622] kernfs_fop_write_iter+0x2d0/0x410 [ 139.669262][ T622] ? cgroup_seqfile_stop+0xc0/0xc0 [ 139.674353][ T622] vfs_write+0xc1c/0xf40 [ 139.678658][ T622] ? __kasan_check_write+0x14/0x20 [ 139.683742][ T622] ? kernel_write+0x3c0/0x3c0 [ 139.688398][ T622] ? _raw_spin_unlock_irq+0x4e/0x70 [ 139.693575][ T622] ? ptrace_stop+0x6ff/0x9f0 [ 139.698138][ T622] ? __kasan_check_read+0x11/0x20 [ 139.703135][ T622] ? __fdget_pos+0x27e/0x310 [ 139.707697][ T622] ksys_write+0x198/0x2c0 [ 139.712006][ T622] ? do_notify_parent+0xa60/0xa60 [ 139.717003][ T622] ? __ia32_sys_read+0x90/0x90 [ 139.721747][ T622] ? __ia32_sys_open+0x270/0x270 [ 139.726672][ T622] __x64_sys_write+0x7b/0x90 [ 139.731243][ T622] do_syscall_64+0x34/0x70 [ 139.735632][ T622] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 139.741501][ T622] RIP: 0033:0x7fc8ece62c09 [ 139.745887][ T622] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 139.765466][ T622] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.773857][ T622] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 139.781811][ T622] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 623] write(4, "+pids ", 6 [pid 628] <... mount resumed>) = 0 [pid 622] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 628] open("./file0", O_RDONLY [pid 622] close(3 [pid 628] <... open resumed>) = 3 [pid 622] <... close resumed>) = 0 [pid 628] openat(3, "cgroup.subtree_control", O_RDWR [pid 622] close(4 [pid 628] <... openat resumed>) = 4 [pid 622] <... close resumed>) = 0 [pid 628] write(4, "-pids ", 6 [pid 622] close(5) = 0 [pid 622] close(6) = -1 EBADF (Bad file descriptor) [pid 622] close(7) = -1 EBADF (Bad file descriptor) [pid 622] close(8) = -1 EBADF (Bad file descriptor) [pid 622] close(9) = -1 EBADF (Bad file descriptor) [pid 622] close(10) = -1 EBADF (Bad file descriptor) [pid 622] close(11) = -1 EBADF (Bad file descriptor) [pid 622] close(12) = -1 EBADF (Bad file descriptor) [pid 622] close(13) = -1 EBADF (Bad file descriptor) [pid 622] close(14) = -1 EBADF (Bad file descriptor) [pid 622] close(15) = -1 EBADF (Bad file descriptor) [pid 622] close(16) = -1 EBADF (Bad file descriptor) [pid 622] close(17) = -1 EBADF (Bad file descriptor) [pid 622] close(18) = -1 EBADF (Bad file descriptor) [pid 622] close(19) = -1 EBADF (Bad file descriptor) [pid 622] close(20) = -1 EBADF (Bad file descriptor) [pid 622] close(21) = -1 EBADF (Bad file descriptor) [pid 622] close(22) = -1 EBADF (Bad file descriptor) [pid 622] close(23) = -1 EBADF (Bad file descriptor) [pid 622] close(24) = -1 EBADF (Bad file descriptor) [pid 622] close(25) = -1 EBADF (Bad file descriptor) [pid 622] close(26) = -1 EBADF (Bad file descriptor) [pid 622] close(27) = -1 EBADF (Bad file descriptor) [pid 622] close(28) = -1 EBADF (Bad file descriptor) [pid 622] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 622] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 622] exit_group(0) = ? [pid 622] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./43/binderfs") = 0 [pid 382] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./43/cgroup") = 0 [pid 382] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./43/cgroup.net") = 0 [ 139.789764][ T622] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 139.797718][ T622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 139.805671][ T622] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [ 139.822765][ T382] ------------[ cut here ]------------ [ 139.828245][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 139.837181][ T382] Modules linked in: [ 139.841093][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 139.852731][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.862802][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 139.868445][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 139.888114][ T382] RSP: 0018:ffffc90000b77ba0 EFLAGS: 00010293 [ 139.894201][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 139.902269][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 139.910248][ T382] RBP: ffffc90000b77c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 139.918210][ T382] R10: fffff5200016ef65 R11: 1ffff9200016ef64 R12: dffffc0000000000 [ 139.926191][ T382] R13: ffff8881170981c0 R14: ffffc90000b77c00 R15: 1ffff9200016ef7c [ 139.934169][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 139.943103][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.949676][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 139.957665][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 139.965637][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 139.973608][ T382] Call Trace: [ 139.976883][ T382] ? io_schedule+0x120/0x120 [ 139.981480][ T382] ? vfs_submount+0xb0/0xb0 [ 139.985980][ T382] ? shrink_dentry_list+0x4ec/0x500 [ 139.991189][ T382] ? __kasan_check_write+0x14/0x20 [ 139.996287][ T382] namespace_unlock+0x448/0x4f0 [ 140.001136][ T382] ? umount_tree+0xf50/0xf50 [ 140.005722][ T382] ? __detach_mounts+0x670/0x670 [ 140.010679][ T382] ? selinux_umount+0xf0/0x130 [ 140.015443][ T382] ? security_sb_umount+0x9d/0xb0 [ 140.020482][ T382] path_umount+0xf03/0xfb0 [ 140.024888][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 140.029888][ T382] ? user_path_at_empty+0x40/0x50 [ 140.034934][ T382] __x64_sys_umount+0x122/0x170 [ 140.039771][ T382] ? path_umount+0xfb0/0xfb0 [ 140.044360][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 140.050338][ T382] do_syscall_64+0x34/0x70 [ 140.054729][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.060619][ T382] RIP: 0033:0x7fc8ece63fb7 [ 140.065031][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.084663][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 140.093082][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 140.101074][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 140.109030][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 140.117003][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 140.124983][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 140.132966][ T382] ---[ end trace d4de1ca9cdcd198b ]--- [ 140.138583][ T627] FAULT_INJECTION: forcing a failure. [ 140.138583][ T627] name failslab, interval 1, probability 0, space 0, times 0 [ 140.140260][ T382] ------------[ cut here ]------------ [ 140.151398][ T627] CPU: 0 PID: 627 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 140.156623][ T382] WARNING: CPU: 1 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 140.168193][ T627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.168198][ T627] Call Trace: [ 140.168211][ T627] dump_stack_lvl+0x1e2/0x24b [ 140.168228][ T627] ? bfq_pos_tree_add_move+0x43e/0x43e [ 140.177212][ T382] Modules linked in: [ 140.187235][ T627] ? selinux_kernfs_init_security+0x1a8/0x760 [ 140.187251][ T627] dump_stack+0x15/0x17 [ 140.190508][ T382] [ 140.195155][ T627] should_fail+0x3c0/0x510 [ 140.200590][ T382] CPU: 1 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 140.204458][ T627] ? __kernfs_new_node+0x99/0x6e0 [ 140.210490][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.214612][ T627] __should_failslab+0x9f/0xe0 [ 140.216913][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 140.221286][ T627] should_failslab+0x9/0x20 [ 140.221304][ T627] __kmalloc_track_caller+0x5f/0x350 [ 140.232896][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 140.237883][ T627] kstrdup_const+0x55/0x90 [ 140.247910][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 140.252631][ T627] __kernfs_new_node+0x99/0x6e0 [ 140.252648][ T627] ? is_module_text_address+0xe1/0x140 [ 140.258238][ T382] [ 140.258259][ T382] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e4f00 [ 140.262739][ T627] ? kernfs_new_node+0x170/0x170 [ 140.262751][ T627] ? ptr_to_hashval+0x60/0x60 [ 140.262768][ T627] ? arch_stack_walk+0xf8/0x140 [ 140.268018][ T382] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 140.287611][ T627] ? snprintf+0xd6/0x120 [ 140.287620][ T627] kernfs_new_node+0x97/0x170 [ 140.287637][ T627] __kernfs_create_file+0x4a/0x270 [ 140.292030][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 140.298069][ T627] cgroup_addrm_files+0xab8/0xfe0 [ 140.302899][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [ 140.308322][ T627] ? ____kasan_kmalloc+0xdc/0x110 [ 140.310631][ T382] R13: ffff8881170981c0 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 140.318585][ T627] ? __kasan_kmalloc+0x9/0x10 [ 140.323520][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 140.328151][ T627] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 140.332973][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.340919][ T627] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 140.340936][ T627] ? delete_node+0x759/0x7b0 [ 140.345148][ T382] CR2: 00007fc8ece1cc86 CR3: 000000011dd7e000 CR4: 00000000003506a0 [ 140.349814][ T627] ? __kasan_check_read+0x11/0x20 [ 140.354919][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 140.362852][ T627] ? delete_node+0x759/0x7b0 [ 140.362861][ T627] ? __kasan_check_write+0x14/0x20 [ 140.362877][ T627] ? idr_replace+0x1c4/0x230 [ 140.367869][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 140.375809][ T627] ? idr_get_next+0x4b0/0x4b0 [ 140.375819][ T627] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 140.375833][ T627] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 140.380827][ T382] Call Trace: [ 140.388775][ T627] css_populate_dir+0x137/0x370 [ 140.393430][ T382] ? lockref_get_or_lock+0x340/0x340 [ 140.402320][ T627] cgroup_apply_control_enable+0x8b9/0x12f0 [ 140.402336][ T627] cgroup_apply_control+0x93/0x710 [ 140.407852][ T382] ? umount_tree+0xf50/0xf50 [ 140.414399][ T627] ? css_next_child+0x160/0x160 [ 140.414407][ T627] ? stack_trace_save+0x12d/0x1f0 [ 140.414423][ T627] ? io_schedule+0x120/0x120 [ 140.420555][ T382] ? vfs_submount+0xb0/0xb0 [ 140.425110][ T627] ? kernfs_fop_write_iter+0x15e/0x410 [ 140.433068][ T382] ? dput+0x2b6/0x320 [ 140.438060][ T627] ? __kasan_check_write+0x14/0x20 [ 140.446043][ T382] path_umount+0x1fe/0xfb0 [ 140.450585][ T627] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 140.450598][ T627] cgroup_subtree_control_write+0xd19/0x1310 [ 140.450615][ T627] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 140.455710][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 140.460268][ T627] ? __kasan_check_write+0x14/0x20 [ 140.460280][ T627] ? _copy_from_iter+0x3fb/0xd60 [ 140.460295][ T627] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 140.468245][ T382] ? user_path_at_empty+0x40/0x50 [ 140.472886][ T627] cgroup_file_write+0x28e/0x590 [ 140.472896][ T627] ? cgroup_seqfile_stop+0xc0/0xc0 [ 140.472914][ T627] ? mutex_lock+0xa6/0x110 [ 140.477913][ T382] __x64_sys_umount+0x122/0x170 [ 140.483072][ T627] ? mutex_trylock+0xb0/0xb0 [ 140.483082][ T627] ? __kasan_check_write+0x14/0x20 [ 140.483098][ T627] kernfs_fop_write_iter+0x2d0/0x410 [ 140.486356][ T382] ? path_umount+0xfb0/0xfb0 [ 140.491170][ T627] ? cgroup_seqfile_stop+0xc0/0xc0 [ 140.491180][ T627] vfs_write+0xc1c/0xf40 [ 140.491195][ T627] ? __kasan_check_write+0x14/0x20 [ 140.496455][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 140.502307][ T627] ? kernel_write+0x3c0/0x3c0 [ 140.502316][ T627] ? _raw_spin_unlock_irq+0x4e/0x70 [ 140.502331][ T627] ? ptrace_stop+0x6ff/0x9f0 [ 140.507413][ T382] do_syscall_64+0x34/0x70 [ 140.511969][ T627] ? __kasan_check_read+0x11/0x20 [ 140.511978][ T627] ? __fdget_pos+0x27e/0x310 [ 140.511993][ T627] ksys_write+0x198/0x2c0 [ 140.516817][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.521808][ T627] ? do_notify_parent+0xa60/0xa60 [ 140.521817][ T627] ? __ia32_sys_read+0x90/0x90 [ 140.521832][ T627] ? __ia32_sys_open+0x270/0x270 [ 140.526409][ T382] RIP: 0033:0x7fc8ece63fb7 [ 140.530880][ T627] __x64_sys_write+0x7b/0x90 [ 140.530897][ T627] do_syscall_64+0x34/0x70 [ 140.536324][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.540270][ T627] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.540284][ T627] RIP: 0033:0x7fc8ece62c09 [ 140.545366][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 140.549752][ T627] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 140.555010][ T382] ORIG_RAX: 00000000000000a6 [ 140.560948][ T627] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.560967][ T627] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 140.566919][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 140.571900][ T627] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 140.571908][ T627] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 140.571925][ T627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 140.577007][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 140.581905][ T627] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [pid 382] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 627] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 382] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./43/file0") = 0 [pid 382] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./43/cgroup.cpu", [pid 627] close(3 [pid 382] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./43/cgroup.cpu" [pid 627] <... close resumed>) = 0 [pid 627] close(4 [pid 382] <... unlink resumed>) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./43" [pid 627] <... close resumed>) = 0 [pid 382] <... rmdir resumed>) = 0 [pid 382] mkdir("./44", 0777 [pid 627] close(5 [pid 382] <... mkdir resumed>) = 0 [pid 627] <... close resumed>) = 0 [pid 627] close(6 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 627] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 627] close(7) = -1 EBADF (Bad file descriptor) [pid 627] close(8) = -1 EBADF (Bad file descriptor) [pid 627] close(9) = -1 EBADF (Bad file descriptor) [pid 627] close(10 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 46 ./strace-static-x86_64: Process 629 attached [pid 629] chdir("./44" [pid 627] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 629] <... chdir resumed>) = 0 [pid 629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 629] setpgid(0, 0) = 0 [pid 627] close(11 [pid 629] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 627] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 629] <... symlink resumed>) = 0 [pid 627] close(12 [pid 629] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 629] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 629] write(3, "1000", 4) = 4 [pid 629] close(3 [pid 628] <... write resumed>) = 6 [pid 629] <... close resumed>) = 0 [pid 629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 629] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 629] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 627] close(13) = -1 EBADF (Bad file descriptor) [pid 627] close(14) = -1 EBADF (Bad file descriptor) [pid 627] close(15) = -1 EBADF (Bad file descriptor) [pid 627] close(16) = -1 EBADF (Bad file descriptor) [pid 627] close(17) = -1 EBADF (Bad file descriptor) [pid 627] close(18) = -1 EBADF (Bad file descriptor) [pid 627] close(19) = -1 EBADF (Bad file descriptor) [pid 627] close(20) = -1 EBADF (Bad file descriptor) [pid 627] close(21) = -1 EBADF (Bad file descriptor) [pid 627] close(22) = -1 EBADF (Bad file descriptor) [pid 627] close(23) = -1 EBADF (Bad file descriptor) [pid 627] close(24) = -1 EBADF (Bad file descriptor) [pid 627] close(25) = -1 EBADF (Bad file descriptor) [pid 627] close(26) = -1 EBADF (Bad file descriptor) [pid 627] close(27) = -1 EBADF (Bad file descriptor) [pid 627] close(28) = -1 EBADF (Bad file descriptor) [pid 627] close(29) = -1 EBADF (Bad file descriptor) [ 140.842789][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 140.850764][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 140.858724][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 140.866691][ T382] ---[ end trace d4de1ca9cdcd198c ]--- [ 140.872232][ T627] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 140.891131][ T623] FAULT_INJECTION: forcing a failure. [pid 627] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 627] exit_group(0) = ? [pid 627] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 381] restart_syscall(<... resuming interrupted clone ...> [pid 628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 628] write(5, "22", 2) = 2 [pid 628] write(4, "+pids ", 6 [pid 381] <... restart_syscall resumed>) = 0 [pid 381] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./40/binderfs") = 0 [pid 381] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./40/cgroup") = 0 [pid 381] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./40/cgroup.net") = 0 [pid 381] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./40/file0") = 0 [pid 381] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./40/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./40") = 0 [pid 381] mkdir("./41", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 43 ./strace-static-x86_64: Process 630 attached [pid 630] chdir("./41") = 0 [pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 630] setpgid(0, 0) = 0 [pid 630] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 630] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 630] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 630] write(3, "1000", 4) = 4 [pid 630] close(3) = 0 [pid 630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 630] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 140.891131][ T623] name failslab, interval 1, probability 0, space 0, times 0 [ 140.904280][ T623] CPU: 1 PID: 623 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 140.915895][ T623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.925937][ T623] Call Trace: [ 140.929325][ T623] dump_stack_lvl+0x1e2/0x24b [ 140.933990][ T623] ? bfq_pos_tree_add_move+0x43e/0x43e [ 140.939429][ T623] ? selinux_kernfs_init_security+0x1a8/0x760 [ 140.945471][ T623] dump_stack+0x15/0x17 [ 140.949598][ T623] should_fail+0x3c0/0x510 [ 140.953990][ T623] ? __kernfs_new_node+0x99/0x6e0 [ 140.958986][ T623] __should_failslab+0x9f/0xe0 [ 140.963731][ T623] should_failslab+0x9/0x20 [ 140.968225][ T623] __kmalloc_track_caller+0x5f/0x350 [ 140.973508][ T623] kstrdup_const+0x55/0x90 [ 140.977915][ T623] __kernfs_new_node+0x99/0x6e0 [ 140.982741][ T623] ? is_module_text_address+0xe1/0x140 [ 140.988171][ T623] ? kernfs_new_node+0x170/0x170 [ 140.993086][ T623] ? ptr_to_hashval+0x60/0x60 [ 140.997759][ T623] ? arch_stack_walk+0xf8/0x140 [ 141.002594][ T623] ? snprintf+0xd6/0x120 [ 141.006816][ T623] kernfs_new_node+0x97/0x170 [ 141.011474][ T623] __kernfs_create_file+0x4a/0x270 [ 141.016557][ T623] cgroup_addrm_files+0xab8/0xfe0 [ 141.021562][ T623] ? ____kasan_kmalloc+0xdc/0x110 [ 141.026566][ T623] ? __kasan_kmalloc+0x9/0x10 [ 141.031216][ T623] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 141.036737][ T623] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 141.042865][ T623] ? delete_node+0x759/0x7b0 [ 141.047428][ T623] ? __kasan_check_read+0x11/0x20 [ 141.052435][ T623] ? delete_node+0x759/0x7b0 [ 141.057016][ T623] ? __kasan_check_write+0x14/0x20 [ 141.062109][ T623] ? idr_replace+0x1c4/0x230 [ 141.066671][ T623] ? idr_get_next+0x4b0/0x4b0 [ 141.071323][ T623] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 141.076329][ T623] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 141.081500][ T623] css_populate_dir+0x137/0x370 [ 141.086346][ T623] cgroup_apply_control_enable+0x8b9/0x12f0 [ 141.092246][ T623] cgroup_apply_control+0x93/0x710 [ 141.097341][ T623] ? css_next_child+0x160/0x160 [ 141.102168][ T623] ? stack_trace_save+0x12d/0x1f0 [ 141.107174][ T623] ? io_schedule+0x120/0x120 [ 141.111749][ T623] ? kernfs_fop_write_iter+0x15e/0x410 [ 141.117192][ T623] ? __kasan_check_write+0x14/0x20 [ 141.122285][ T623] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 141.127558][ T623] cgroup_subtree_control_write+0xd19/0x1310 [ 141.133538][ T623] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 141.139511][ T623] ? __kasan_check_write+0x14/0x20 [ 141.144601][ T623] ? _copy_from_iter+0x3fb/0xd60 [ 141.149522][ T623] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 141.155495][ T623] cgroup_file_write+0x28e/0x590 [ 141.160415][ T623] ? cgroup_seqfile_stop+0xc0/0xc0 [ 141.165498][ T623] ? mutex_lock+0xa6/0x110 [ 141.169886][ T623] ? mutex_trylock+0xb0/0xb0 [ 141.174459][ T623] ? __kasan_check_write+0x14/0x20 [ 141.179547][ T623] kernfs_fop_write_iter+0x2d0/0x410 [ 141.184802][ T623] ? cgroup_seqfile_stop+0xc0/0xc0 [ 141.189885][ T623] vfs_write+0xc1c/0xf40 [ 141.194115][ T623] ? __kasan_check_write+0x14/0x20 [ 141.199211][ T623] ? kernel_write+0x3c0/0x3c0 [ 141.203861][ T623] ? _raw_spin_unlock_irq+0x4e/0x70 [ 141.209033][ T623] ? ptrace_stop+0x6ff/0x9f0 [ 141.213596][ T623] ? __kasan_check_read+0x11/0x20 [ 141.218601][ T623] ? __fdget_pos+0x27e/0x310 [ 141.223166][ T623] ksys_write+0x198/0x2c0 [ 141.227472][ T623] ? do_notify_parent+0xa60/0xa60 [ 141.232479][ T623] ? __ia32_sys_read+0x90/0x90 [ 141.237225][ T623] ? __ia32_sys_open+0x270/0x270 [ 141.242138][ T623] __x64_sys_write+0x7b/0x90 [ 141.246702][ T623] do_syscall_64+0x34/0x70 [ 141.251094][ T623] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 141.256962][ T623] RIP: 0033:0x7fc8ece62c09 [ 141.261349][ T623] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.280938][ T623] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 141.289332][ T623] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 630] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 629] <... mount resumed>) = 0 [pid 623] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 630] open("./file0", O_RDONLY [pid 629] open("./file0", O_RDONLY [pid 623] close(3 [pid 630] <... open resumed>) = 3 [pid 629] <... open resumed>) = 3 [pid 630] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 630] write(4, "-pids ", 6 [pid 623] <... close resumed>) = 0 [pid 623] close(4) = 0 [pid 623] close(5) = 0 [pid 623] close(6) = -1 EBADF (Bad file descriptor) [pid 623] close(7) = -1 EBADF (Bad file descriptor) [pid 623] close(8) = -1 EBADF (Bad file descriptor) [pid 623] close(9) = -1 EBADF (Bad file descriptor) [pid 623] close(10) = -1 EBADF (Bad file descriptor) [pid 623] close(11) = -1 EBADF (Bad file descriptor) [pid 623] close(12) = -1 EBADF (Bad file descriptor) [pid 623] close(13) = -1 EBADF (Bad file descriptor) [pid 623] close(14) = -1 EBADF (Bad file descriptor) [pid 623] close(15) = -1 EBADF (Bad file descriptor) [pid 623] close(16) = -1 EBADF (Bad file descriptor) [pid 623] close(17 [pid 629] openat(3, "cgroup.subtree_control", O_RDWR [pid 623] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 623] close(18 [pid 629] <... openat resumed>) = 4 [pid 623] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 623] close(19) = -1 EBADF (Bad file descriptor) [pid 623] close(20) = -1 EBADF (Bad file descriptor) [pid 623] close(21) = -1 EBADF (Bad file descriptor) [pid 623] close(22) = -1 EBADF (Bad file descriptor) [pid 623] close(23) = -1 EBADF (Bad file descriptor) [pid 623] close(24) = -1 EBADF (Bad file descriptor) [pid 623] close(25) = -1 EBADF (Bad file descriptor) [pid 623] close(26) = -1 EBADF (Bad file descriptor) [pid 623] close(27) = -1 EBADF (Bad file descriptor) [pid 623] close(28) = -1 EBADF (Bad file descriptor) [pid 623] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 623] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 623] exit_group(0) = ? [pid 629] write(4, "-pids ", 6 [pid 623] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./33/binderfs") = 0 [pid 383] umount2("./33/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./33/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./33/cgroup") = 0 [pid 383] umount2("./33/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./33/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./33/cgroup.net") = 0 [pid 383] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./33/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./33/file0") = 0 [pid 383] umount2("./33/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./33/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./33/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./33") = 0 [pid 383] mkdir("./34", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 631 attached , child_tidptr=0x555556fab5d0) = 36 [pid 631] chdir("./34") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [ 141.297281][ T623] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 141.305238][ T623] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 141.313220][ T623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 141.321175][ T623] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000021 [ 141.329966][ T623] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 631] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 631] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 630] <... write resumed>) = 6 [pid 631] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 631] <... symlink resumed>) = 0 [pid 630] <... openat resumed>) = 5 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 630] write(5, "22", 2 [pid 631] <... openat resumed>) = 3 [pid 630] <... write resumed>) = 2 [pid 631] write(3, "1000", 4 [pid 630] write(4, "+pids ", 6 [pid 631] <... write resumed>) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 631] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 141.350589][ T628] FAULT_INJECTION: forcing a failure. [ 141.350589][ T628] name failslab, interval 1, probability 0, space 0, times 0 [ 141.363227][ T628] CPU: 1 PID: 628 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 141.374841][ T628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.384876][ T628] Call Trace: [ 141.388154][ T628] dump_stack_lvl+0x1e2/0x24b [ 141.392822][ T628] ? bfq_pos_tree_add_move+0x43e/0x43e [ 141.398269][ T628] ? selinux_kernfs_init_security+0x1a8/0x760 [ 141.404318][ T628] dump_stack+0x15/0x17 [ 141.408456][ T628] should_fail+0x3c0/0x510 [ 141.412853][ T628] ? __kernfs_new_node+0x99/0x6e0 [ 141.417856][ T628] __should_failslab+0x9f/0xe0 [ 141.422604][ T628] should_failslab+0x9/0x20 [ 141.427087][ T628] __kmalloc_track_caller+0x5f/0x350 [ 141.432358][ T628] kstrdup_const+0x55/0x90 [ 141.436762][ T628] __kernfs_new_node+0x99/0x6e0 [ 141.441589][ T628] ? is_module_text_address+0xe1/0x140 [ 141.447025][ T628] ? kernfs_new_node+0x170/0x170 [ 141.451938][ T628] ? ptr_to_hashval+0x60/0x60 [ 141.456596][ T628] ? arch_stack_walk+0xf8/0x140 [ 141.461425][ T628] ? snprintf+0xd6/0x120 [ 141.465645][ T628] kernfs_new_node+0x97/0x170 [ 141.470300][ T628] __kernfs_create_file+0x4a/0x270 [ 141.475405][ T628] cgroup_addrm_files+0xab8/0xfe0 [ 141.480411][ T628] ? ____kasan_kmalloc+0xdc/0x110 [ 141.485442][ T628] ? __kasan_kmalloc+0x9/0x10 [ 141.490104][ T628] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 141.495633][ T628] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 141.501767][ T628] ? delete_node+0x759/0x7b0 [ 141.506348][ T628] ? __kasan_check_read+0x11/0x20 [ 141.511356][ T628] ? delete_node+0x759/0x7b0 [ 141.515927][ T628] ? __kasan_check_write+0x14/0x20 [ 141.521018][ T628] ? idr_replace+0x1c4/0x230 [ 141.525590][ T628] ? idr_get_next+0x4b0/0x4b0 [ 141.530245][ T628] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 141.535250][ T628] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 141.540430][ T628] css_populate_dir+0x137/0x370 [ 141.545264][ T628] cgroup_apply_control_enable+0x8b9/0x12f0 [ 141.551137][ T628] cgroup_apply_control+0x93/0x710 [ 141.556230][ T628] ? css_next_child+0x160/0x160 [ 141.561059][ T628] ? stack_trace_save+0x12d/0x1f0 [ 141.566058][ T628] ? io_schedule+0x120/0x120 [ 141.570627][ T628] ? kernfs_fop_write_iter+0x15e/0x410 [ 141.576060][ T628] ? __kasan_check_write+0x14/0x20 [ 141.581151][ T628] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 141.586423][ T628] cgroup_subtree_control_write+0xd19/0x1310 [ 141.592393][ T628] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 141.598350][ T628] ? __kasan_check_write+0x14/0x20 [ 141.603440][ T628] ? _copy_from_iter+0x3fb/0xd60 [ 141.608355][ T628] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 141.614309][ T628] cgroup_file_write+0x28e/0x590 [ 141.619223][ T628] ? cgroup_seqfile_stop+0xc0/0xc0 [ 141.624310][ T628] ? mutex_lock+0xa6/0x110 [ 141.628703][ T628] ? mutex_trylock+0xb0/0xb0 [ 141.633270][ T628] ? __kasan_check_write+0x14/0x20 [ 141.638362][ T628] kernfs_fop_write_iter+0x2d0/0x410 [ 141.643623][ T628] ? cgroup_seqfile_stop+0xc0/0xc0 [ 141.648710][ T628] vfs_write+0xc1c/0xf40 [ 141.652929][ T628] ? __kasan_check_write+0x14/0x20 [ 141.658017][ T628] ? kernel_write+0x3c0/0x3c0 [ 141.662673][ T628] ? _raw_spin_unlock_irq+0x4e/0x70 [ 141.667847][ T628] ? ptrace_stop+0x6ff/0x9f0 [ 141.672416][ T628] ? __kasan_check_read+0x11/0x20 [ 141.677417][ T628] ? __fdget_pos+0x27e/0x310 [ 141.681986][ T628] ksys_write+0x198/0x2c0 [ 141.686304][ T628] ? do_notify_parent+0xa60/0xa60 [ 141.691312][ T628] ? __ia32_sys_read+0x90/0x90 [ 141.696051][ T628] ? __ia32_sys_open+0x270/0x270 [ 141.700966][ T628] __x64_sys_write+0x7b/0x90 [ 141.705536][ T628] do_syscall_64+0x34/0x70 [ 141.709928][ T628] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 141.715794][ T628] RIP: 0033:0x7fc8ece62c09 [ 141.720187][ T628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 141.739767][ T628] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 631] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 628] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 628] close(3 [pid 631] open("./file0", O_RDONLY [pid 628] <... close resumed>) = 0 [pid 631] <... open resumed>) = 3 [pid 628] close(4 [pid 631] openat(3, "cgroup.subtree_control", O_RDWR [pid 628] <... close resumed>) = 0 [pid 631] <... openat resumed>) = 4 [pid 628] close(5 [pid 631] write(4, "-pids ", 6 [pid 628] <... close resumed>) = 0 [pid 628] close(6) = -1 EBADF (Bad file descriptor) [pid 628] close(7) = -1 EBADF (Bad file descriptor) [pid 628] close(8) = -1 EBADF (Bad file descriptor) [pid 628] close(9) = -1 EBADF (Bad file descriptor) [pid 628] close(10) = -1 EBADF (Bad file descriptor) [pid 628] close(11) = -1 EBADF (Bad file descriptor) [pid 628] close(12) = -1 EBADF (Bad file descriptor) [pid 628] close(13) = -1 EBADF (Bad file descriptor) [pid 628] close(14) = -1 EBADF (Bad file descriptor) [pid 628] close(15) = -1 EBADF (Bad file descriptor) [pid 628] close(16) = -1 EBADF (Bad file descriptor) [pid 628] close(17) = -1 EBADF (Bad file descriptor) [pid 628] close(18) = -1 EBADF (Bad file descriptor) [pid 628] close(19) = -1 EBADF (Bad file descriptor) [pid 628] close(20) = -1 EBADF (Bad file descriptor) [pid 628] close(21) = -1 EBADF (Bad file descriptor) [pid 628] close(22) = -1 EBADF (Bad file descriptor) [pid 628] close(23) = -1 EBADF (Bad file descriptor) [pid 628] close(24) = -1 EBADF (Bad file descriptor) [pid 628] close(25) = -1 EBADF (Bad file descriptor) [pid 628] close(26) = -1 EBADF (Bad file descriptor) [pid 628] close(27) = -1 EBADF (Bad file descriptor) [pid 628] close(28) = -1 EBADF (Bad file descriptor) [pid 628] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 628] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 628] exit_group(0) = ? [pid 628] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 375] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./43/binderfs") = 0 [pid 375] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./43/cgroup") = 0 [pid 375] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./43/cgroup.net") = 0 [ 141.748158][ T628] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 141.756104][ T628] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 141.764052][ T628] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 141.772002][ T628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 141.779954][ T628] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [ 141.788073][ T628] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 141.804225][ T375] ------------[ cut here ]------------ [ 141.809725][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 141.818658][ T375] Modules linked in: [ 141.822553][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 141.834166][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.844228][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [pid 375] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 625] <... write resumed>) = 6 [ 141.849839][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 141.850364][ T626] FAULT_INJECTION: forcing a failure. [ 141.850364][ T626] name failslab, interval 1, probability 0, space 0, times 0 [ 141.869462][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 141.888089][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 141.896101][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 141.904072][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 141.912045][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 141.920006][ T375] R13: ffff8881192dddc0 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 141.924161][ T626] CPU: 1 PID: 626 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 141.928002][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 141.939567][ T626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.939571][ T626] Call Trace: [ 141.939589][ T626] dump_stack_lvl+0x1e2/0x24b [ 141.939604][ T626] ? panic+0x7d7/0x7d7 [ 141.948518][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.958537][ T626] ? bfq_pos_tree_add_move+0x43e/0x43e [ 141.958553][ T626] ? find_next_bit+0xd6/0x120 [ 141.961818][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 141.966464][ T626] ? cpumask_next+0x11/0x30 [ 141.970514][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.977062][ T626] dump_stack+0x15/0x17 [ 141.982509][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 141.987137][ T626] should_fail+0x3c0/0x510 [ 141.995082][ T375] Call Trace: [ 141.999553][ T626] ? percpu_ref_init+0xd0/0x330 [ 142.007513][ T375] ? io_schedule+0x120/0x120 [ 142.011628][ T626] __should_failslab+0x9f/0xe0 [ 142.011639][ T626] should_failslab+0x9/0x20 [ 142.011648][ T626] kmem_cache_alloc_trace+0x3a/0x330 [ 142.011664][ T626] percpu_ref_init+0xd0/0x330 [ 142.019612][ T375] ? vfs_submount+0xb0/0xb0 [ 142.023995][ T626] ? cgroup_setup_root+0xea0/0xea0 [ 142.024006][ T626] cgroup_apply_control_enable+0x3a2/0x12f0 [ 142.024022][ T626] cgroup_apply_control+0x93/0x710 [ 142.027279][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 142.032097][ T626] ? css_next_child+0x160/0x160 [ 142.032105][ T626] ? stack_trace_save+0x12d/0x1f0 [ 142.032121][ T626] ? io_schedule+0x120/0x120 [ 142.036682][ T375] ? __kasan_check_write+0x14/0x20 [ 142.041411][ T626] ? kernfs_fop_write_iter+0x15e/0x410 [ 142.041420][ T626] ? __kasan_check_write+0x14/0x20 [ 142.041429][ T626] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 142.041445][ T626] cgroup_subtree_control_write+0xd19/0x1310 [ 142.045936][ T375] namespace_unlock+0x448/0x4f0 [ 142.051191][ T626] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 142.051202][ T626] ? __kasan_check_write+0x14/0x20 [ 142.051213][ T626] ? _copy_from_iter+0x3fb/0xd60 [ 142.051231][ T626] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 142.055884][ T375] ? umount_tree+0xf50/0xf50 [ 142.060368][ T626] cgroup_file_write+0x28e/0x590 [ 142.060380][ T626] ? cgroup_seqfile_stop+0xc0/0xc0 [ 142.060399][ T626] ? mutex_lock+0xa6/0x110 [ 142.065517][ T375] ? __detach_mounts+0x670/0x670 [ 142.071555][ T626] ? mutex_trylock+0xb0/0xb0 [ 142.071566][ T626] ? __kasan_check_write+0x14/0x20 [ 142.071583][ T626] kernfs_fop_write_iter+0x2d0/0x410 [ 142.076679][ T375] ? selinux_umount+0xf0/0x130 [ 142.081842][ T626] ? cgroup_seqfile_stop+0xc0/0xc0 [ 142.081853][ T626] vfs_write+0xc1c/0xf40 [ 142.081863][ T626] ? __kasan_check_write+0x14/0x20 [ 142.081879][ T626] ? kernel_write+0x3c0/0x3c0 [ 142.086700][ T375] ? security_sb_umount+0x9d/0xb0 [ 142.091688][ T626] ? _raw_spin_unlock_irq+0x4e/0x70 [ 142.091698][ T626] ? ptrace_stop+0x6ff/0x9f0 [ 142.091718][ T626] ? __kasan_check_read+0x11/0x20 [ 142.096282][ T375] path_umount+0xf03/0xfb0 [ 142.101359][ T626] ? __fdget_pos+0x27e/0x310 [ 142.101370][ T626] ksys_write+0x198/0x2c0 [ 142.101380][ T626] ? do_notify_parent+0xa60/0xa60 [ 142.101389][ T626] ? __ia32_sys_read+0x90/0x90 [ 142.101404][ T626] ? __ia32_sys_open+0x270/0x270 [ 142.106837][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 142.111920][ T626] __x64_sys_write+0x7b/0x90 [ 142.111933][ T626] do_syscall_64+0x34/0x70 [ 142.111952][ T626] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 142.117213][ T375] ? user_path_at_empty+0x40/0x50 [ 142.123152][ T626] RIP: 0033:0x7fc8ece62c09 [pid 625] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 626] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 626] close(3) = 0 [pid 626] close(4) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = -1 EBADF (Bad file descriptor) [pid 626] close(7) = -1 EBADF (Bad file descriptor) [pid 626] close(8) = -1 EBADF (Bad file descriptor) [pid 626] close(9) = -1 EBADF (Bad file descriptor) [pid 626] close(10) = -1 EBADF (Bad file descriptor) [pid 626] close(11) = -1 EBADF (Bad file descriptor) [pid 626] close(12) = -1 EBADF (Bad file descriptor) [pid 626] close(13) = -1 EBADF (Bad file descriptor) [pid 626] close(14) = -1 EBADF (Bad file descriptor) [pid 626] close(15) = -1 EBADF (Bad file descriptor) [pid 626] close(16) = -1 EBADF (Bad file descriptor) [pid 626] close(17) = -1 EBADF (Bad file descriptor) [pid 626] close(18) = -1 EBADF (Bad file descriptor) [pid 626] close(19) = -1 EBADF (Bad file descriptor) [pid 626] close(20) = -1 EBADF (Bad file descriptor) [pid 626] close(21) = -1 EBADF (Bad file descriptor) [pid 626] close(22) = -1 EBADF (Bad file descriptor) [pid 626] close(23) = -1 EBADF (Bad file descriptor) [pid 626] close(24) = -1 EBADF (Bad file descriptor) [pid 626] close(25) = -1 EBADF (Bad file descriptor) [pid 626] close(26) = -1 EBADF (Bad file descriptor) [pid 626] close(27) = -1 EBADF (Bad file descriptor) [pid 626] close(28) = -1 EBADF (Bad file descriptor) [pid 626] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 626] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 626] exit_group(0) = ? [pid 626] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 142.123164][ T626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 142.123177][ T626] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 142.128006][ T375] __x64_sys_umount+0x122/0x170 [ 142.133944][ T626] ORIG_RAX: 0000000000000001 [ 142.133952][ T626] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 142.133958][ T626] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 142.133972][ T626] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 142.139082][ T375] ? path_umount+0xfb0/0xfb0 [ 142.143981][ T626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 142.143988][ T626] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [ 142.369120][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 142.375108][ T375] do_syscall_64+0x34/0x70 [ 142.379517][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 142.385431][ T375] RIP: 0033:0x7fc8ece63fb7 [ 142.389835][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 142.409470][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 142.417894][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 142.425873][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 142.433860][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 142.441852][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [pid 376] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.449821][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 142.457811][ T375] ---[ end trace d4de1ca9cdcd198d ]--- [ 142.463543][ T375] ------------[ cut here ]------------ [ 142.469005][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 142.477951][ T375] Modules linked in: [ 142.481897][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 142.493605][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [pid 376] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] kill(-40, SIGKILL) = 0 [pid 380] kill(40, SIGKILL) = 0 [ 142.503701][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 142.509323][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 142.528946][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 142.535032][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 142.543015][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 142.551004][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 142.558961][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 142.566943][ T375] R13: ffff8881192dddc0 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 142.574932][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 142.583883][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.590479][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 142.598442][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 142.606419][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 142.614395][ T375] Call Trace: [ 142.617671][ T375] ? lockref_get_or_lock+0x340/0x340 [ 142.622960][ T375] ? umount_tree+0xf50/0xf50 [ 142.627542][ T375] ? vfs_submount+0xb0/0xb0 [ 142.632048][ T375] ? dput+0x2b6/0x320 [ 142.636020][ T375] path_umount+0x1fe/0xfb0 [ 142.640456][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 142.645471][ T375] ? user_path_at_empty+0x40/0x50 [ 142.650498][ T375] __x64_sys_umount+0x122/0x170 [ 142.655331][ T375] ? path_umount+0xfb0/0xfb0 [ 142.659901][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 142.665873][ T375] do_syscall_64+0x34/0x70 [ 142.670379][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 142.676430][ T375] RIP: 0033:0x7fc8ece63fb7 [ 142.680855][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 380] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] <... openat resumed>) = 3 [pid 375] <... umount2 resumed>) = 0 [pid 376] fstat(3, [pid 375] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] <... openat resumed>) = 3 [pid 376] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] lstat("./43/file0", [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] fstat(3, [pid 376] lstat("./40/binderfs", [pid 375] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 380] getdents64(3, [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... getdents64 resumed>0x555556fad630 /* 2 entries */, 32768) = 48 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] unlink("./40/binderfs" [pid 375] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] <... unlink resumed>) = 0 [pid 376] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... openat resumed>) = 4 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] lstat("./40/cgroup", [pid 375] fstat(4, [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] unlink("./40/cgroup" [pid 375] getdents64(4, [pid 376] <... unlink resumed>) = 0 [pid 380] close(3) = 0 [pid 376] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./40/cgroup.net" [pid 375] getdents64(4, [pid 376] <... unlink resumed>) = 0 [pid 376] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 625] <... openat resumed>) = ? [pid 376] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4 [pid 625] +++ killed by SIGKILL +++ [pid 376] <... close resumed>) = 0 [pid 376] rmdir("./40/file0") = 0 [pid 376] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./40/cgroup.cpu", [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=40, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=16} --- [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./40/cgroup.cpu" [pid 631] <... write resumed>) = 6 [pid 629] <... write resumed>) = 6 [pid 376] <... unlink resumed>) = 0 [ 142.700464][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 142.708864][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 142.716830][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 142.724806][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 142.732792][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 142.740763][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 142.748720][ T375] ---[ end trace d4de1ca9cdcd198e ]--- [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./40") = 0 [pid 376] mkdir("./41", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 43 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./43/file0") = 0 [pid 375] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./43/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./43") = 0 [pid 375] mkdir("./44", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 46 ./strace-static-x86_64: Process 633 attached [pid 633] chdir("./44") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 633] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 633] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 633] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 633] mount(NULL, "./file0", "cgroup2", 0, NULL./strace-static-x86_64: Process 632 attached [pid 631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 629] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 380] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [ 142.762744][ T630] FAULT_INJECTION: forcing a failure. [ 142.762744][ T630] name failslab, interval 1, probability 0, space 0, times 0 [ 142.775449][ T630] CPU: 1 PID: 630 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 142.787057][ T630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 142.797090][ T630] Call Trace: [ 142.800370][ T630] dump_stack_lvl+0x1e2/0x24b [ 142.805034][ T630] ? bfq_pos_tree_add_move+0x43e/0x43e [ 142.810473][ T630] ? selinux_kernfs_init_security+0x1a8/0x760 [ 142.816526][ T630] dump_stack+0x15/0x17 [ 142.820677][ T630] should_fail+0x3c0/0x510 [ 142.825077][ T630] ? __kernfs_new_node+0x99/0x6e0 [ 142.830076][ T630] __should_failslab+0x9f/0xe0 [ 142.834824][ T630] should_failslab+0x9/0x20 [ 142.839323][ T630] __kmalloc_track_caller+0x5f/0x350 [ 142.844756][ T630] kstrdup_const+0x55/0x90 [ 142.849150][ T630] __kernfs_new_node+0x99/0x6e0 [ 142.854000][ T630] ? is_module_text_address+0xe1/0x140 [ 142.859450][ T630] ? kernfs_new_node+0x170/0x170 [ 142.864372][ T630] ? ptr_to_hashval+0x60/0x60 [ 142.869023][ T630] ? arch_stack_walk+0xf8/0x140 [ 142.873849][ T630] ? snprintf+0xd6/0x120 [ 142.878064][ T630] kernfs_new_node+0x97/0x170 [ 142.882731][ T630] __kernfs_create_file+0x4a/0x270 [ 142.887824][ T630] cgroup_addrm_files+0xab8/0xfe0 [ 142.892824][ T630] ? ____kasan_kmalloc+0xdc/0x110 [ 142.897826][ T630] ? __kasan_kmalloc+0x9/0x10 [ 142.902487][ T630] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 142.908022][ T630] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 142.914150][ T630] ? delete_node+0x759/0x7b0 [ 142.918715][ T630] ? __kasan_check_read+0x11/0x20 [ 142.923712][ T630] ? delete_node+0x759/0x7b0 [ 142.928277][ T630] ? __kasan_check_write+0x14/0x20 [ 142.933366][ T630] ? idr_replace+0x1c4/0x230 [ 142.937929][ T630] ? idr_get_next+0x4b0/0x4b0 [ 142.942668][ T630] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 142.947673][ T630] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 142.952854][ T630] css_populate_dir+0x137/0x370 [ 142.957699][ T630] cgroup_apply_control_enable+0x8b9/0x12f0 [ 142.963567][ T630] cgroup_apply_control+0x93/0x710 [ 142.968651][ T630] ? css_next_child+0x160/0x160 [ 142.973473][ T630] ? stack_trace_save+0x12d/0x1f0 [ 142.978471][ T630] ? io_schedule+0x120/0x120 [ 142.983036][ T630] ? kernfs_fop_write_iter+0x15e/0x410 [ 142.988476][ T630] ? __kasan_check_write+0x14/0x20 [ 142.993572][ T630] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 142.998848][ T630] cgroup_subtree_control_write+0xd19/0x1310 [ 143.004822][ T630] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.010781][ T630] ? __kasan_check_write+0x14/0x20 [ 143.015884][ T630] ? _copy_from_iter+0x3fb/0xd60 [ 143.020805][ T630] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.026756][ T630] cgroup_file_write+0x28e/0x590 [ 143.031670][ T630] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.036781][ T630] ? mutex_lock+0xa6/0x110 [ 143.041188][ T630] ? mutex_trylock+0xb0/0xb0 [ 143.045763][ T630] ? __kasan_check_write+0x14/0x20 [ 143.050855][ T630] kernfs_fop_write_iter+0x2d0/0x410 [ 143.056124][ T630] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.061213][ T630] vfs_write+0xc1c/0xf40 [ 143.065430][ T630] ? __kasan_check_write+0x14/0x20 [ 143.070525][ T630] ? kernel_write+0x3c0/0x3c0 [ 143.075193][ T630] ? _raw_spin_unlock_irq+0x4e/0x70 [ 143.080378][ T630] ? ptrace_stop+0x6ff/0x9f0 [ 143.084951][ T630] ? __kasan_check_read+0x11/0x20 [ 143.089952][ T630] ? __fdget_pos+0x27e/0x310 [ 143.094531][ T630] ksys_write+0x198/0x2c0 [ 143.098850][ T630] ? do_notify_parent+0xa60/0xa60 [ 143.103861][ T630] ? __ia32_sys_read+0x90/0x90 [ 143.108606][ T630] ? __ia32_sys_open+0x270/0x270 [ 143.113529][ T630] __x64_sys_write+0x7b/0x90 [ 143.118093][ T630] do_syscall_64+0x34/0x70 [ 143.122500][ T630] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 143.128377][ T630] RIP: 0033:0x7fc8ece62c09 [ 143.132769][ T630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.152433][ T630] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 632] chdir("./41" [pid 631] <... openat resumed>) = 5 [pid 632] <... chdir resumed>) = 0 [pid 631] write(5, "22", 2 [pid 632] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 631] <... write resumed>) = 2 [pid 632] <... prctl resumed>) = 0 [pid 631] write(4, "+pids ", 6 [pid 632] setpgid(0, 0) = 0 [pid 632] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 632] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 632] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 632] write(3, "1000", 4) = 4 [pid 632] close(3) = 0 [pid 632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 632] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 632] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 629] <... openat resumed>) = 5 [pid 629] write(5, "22", 2) = 2 [pid 629] write(4, "+pids ", 6 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./38/binderfs") = 0 [pid 380] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./38/cgroup") = 0 [pid 380] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./38/cgroup.net") = 0 [pid 380] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./38/file0") = 0 [pid 380] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./38/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./38") = 0 [pid 380] mkdir("./39", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 634 attached [pid 634] chdir("./39" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 41 [pid 634] <... chdir resumed>) = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 [pid 634] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 634] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 634] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 633] <... mount resumed>) = 0 [pid 632] <... mount resumed>) = 0 [pid 630] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 634] mkdirat(AT_FDCWD, "./file0", 000 [pid 633] open("./file0", O_RDONLY [pid 632] open("./file0", O_RDONLY [pid 634] <... mkdirat resumed>) = 0 [pid 633] <... open resumed>) = 3 [pid 632] <... open resumed>) = 3 [pid 630] close(3 [pid 634] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 633] openat(3, "cgroup.subtree_control", O_RDWR [pid 632] openat(3, "cgroup.subtree_control", O_RDWR [pid 630] <... close resumed>) = 0 [pid 634] <... mount resumed>) = 0 [pid 633] <... openat resumed>) = 4 [pid 632] <... openat resumed>) = 4 [pid 630] close(4 [pid 634] open("./file0", O_RDONLY [pid 633] write(4, "-pids ", 6 [pid 630] <... close resumed>) = 0 [pid 632] write(4, "-pids ", 6 [pid 630] close(5 [pid 634] <... open resumed>) = 3 [pid 630] <... close resumed>) = 0 [pid 630] close(6 [pid 634] openat(3, "cgroup.subtree_control", O_RDWR [pid 630] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 630] close(7) = -1 EBADF (Bad file descriptor) [pid 630] close(8) = -1 EBADF (Bad file descriptor) [pid 630] close(9) = -1 EBADF (Bad file descriptor) [pid 630] close(10) = -1 EBADF (Bad file descriptor) [pid 630] close(11) = -1 EBADF (Bad file descriptor) [pid 630] close(12) = -1 EBADF (Bad file descriptor) [pid 630] close(13) = -1 EBADF (Bad file descriptor) [pid 630] close(14) = -1 EBADF (Bad file descriptor) [pid 630] close(15 [pid 634] <... openat resumed>) = 4 [pid 630] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] write(4, "-pids ", 6 [pid 630] close(16) = -1 EBADF (Bad file descriptor) [pid 630] close(17) = -1 EBADF (Bad file descriptor) [pid 630] close(18) = -1 EBADF (Bad file descriptor) [pid 630] close(19) = -1 EBADF (Bad file descriptor) [pid 630] close(20) = -1 EBADF (Bad file descriptor) [pid 630] close(21) = -1 EBADF (Bad file descriptor) [pid 630] close(22) = -1 EBADF (Bad file descriptor) [pid 630] close(23) = -1 EBADF (Bad file descriptor) [pid 630] close(24) = -1 EBADF (Bad file descriptor) [pid 630] close(25) = -1 EBADF (Bad file descriptor) [pid 630] close(26) = -1 EBADF (Bad file descriptor) [pid 630] close(27) = -1 EBADF (Bad file descriptor) [pid 630] close(28) = -1 EBADF (Bad file descriptor) [pid 630] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 630] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 630] exit_group(0) = ? [pid 630] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.160819][ T630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 143.168779][ T630] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 143.176734][ T630] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 143.184679][ T630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 143.192635][ T630] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 143.205680][ T630] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./41/binderfs") = 0 [pid 381] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./41/cgroup") = 0 [pid 381] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./41/cgroup.net") = 0 [ 143.220936][ T631] FAULT_INJECTION: forcing a failure. [ 143.220936][ T631] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 143.234395][ T631] CPU: 0 PID: 631 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 143.246008][ T631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.256038][ T631] Call Trace: [ 143.259308][ T631] dump_stack_lvl+0x1e2/0x24b [ 143.263979][ T631] ? bfq_pos_tree_add_move+0x43e/0x43e [ 143.269422][ T631] ? stack_trace_save+0x12d/0x1f0 [ 143.274423][ T631] ? __kasan_check_write+0x14/0x20 [ 143.279512][ T631] dump_stack+0x15/0x17 [ 143.283642][ T631] should_fail+0x3c0/0x510 [ 143.288212][ T631] should_fail_alloc_page+0x50/0x60 [ 143.293389][ T631] __alloc_pages_nodemask+0x1c0/0x890 [ 143.298741][ T631] ? pcpu_block_update_hint_alloc+0x96c/0xd00 [ 143.304792][ T631] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 143.310318][ T631] ? pcpu_memcg_post_alloc_hook+0x1c8/0x340 [ 143.316194][ T631] ? trace_raw_output_percpu_destroy_chunk+0xc0/0xc0 [ 143.322849][ T631] allocate_slab+0x78/0x540 [ 143.327345][ T631] ___slab_alloc+0x131/0x2e0 [ 143.331910][ T631] ? percpu_ref_init+0xd0/0x330 [ 143.336742][ T631] __slab_alloc+0x63/0xa0 [ 143.341046][ T631] ? percpu_ref_init+0xd0/0x330 [ 143.345882][ T631] kmem_cache_alloc_trace+0x20e/0x330 [ 143.351242][ T631] ? percpu_ref_init+0xd0/0x330 [ 143.356069][ T631] percpu_ref_init+0xd0/0x330 [ 143.360723][ T631] ? cgroup_setup_root+0xea0/0xea0 [ 143.365817][ T631] cgroup_apply_control_enable+0x3a2/0x12f0 [ 143.371693][ T631] cgroup_apply_control+0x93/0x710 [ 143.376783][ T631] ? css_next_child+0x160/0x160 [ 143.381606][ T631] ? io_schedule+0x120/0x120 [ 143.386178][ T631] ? kernfs_fop_write_iter+0x15e/0x410 [ 143.391611][ T631] ? __kasan_check_write+0x14/0x20 [ 143.396706][ T631] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 143.401983][ T631] cgroup_subtree_control_write+0xd19/0x1310 [ 143.407946][ T631] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.413898][ T631] ? __kasan_check_write+0x14/0x20 [ 143.418980][ T631] ? _copy_from_iter+0x3fb/0xd60 [ 143.423891][ T631] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.429844][ T631] cgroup_file_write+0x28e/0x590 [ 143.434752][ T631] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.439843][ T631] ? mutex_lock+0xa6/0x110 [ 143.444246][ T631] ? mutex_trylock+0xb0/0xb0 [ 143.448825][ T631] ? __kasan_check_write+0x14/0x20 [ 143.453920][ T631] kernfs_fop_write_iter+0x2d0/0x410 [ 143.459191][ T631] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.464295][ T631] vfs_write+0xc1c/0xf40 [ 143.468527][ T631] ? __kasan_check_write+0x14/0x20 [ 143.473629][ T631] ? kernel_write+0x3c0/0x3c0 [ 143.478290][ T631] ? _raw_spin_unlock_irq+0x4e/0x70 [ 143.483462][ T631] ? ptrace_stop+0x6ff/0x9f0 [ 143.488029][ T631] ? __kasan_check_read+0x11/0x20 [ 143.493036][ T631] ? __fdget_pos+0x27e/0x310 [ 143.497604][ T631] ksys_write+0x198/0x2c0 [ 143.501917][ T631] ? do_notify_parent+0xa60/0xa60 [ 143.506928][ T631] ? __ia32_sys_read+0x90/0x90 [ 143.511694][ T631] ? __ia32_sys_open+0x270/0x270 [ 143.516607][ T631] __x64_sys_write+0x7b/0x90 [ 143.521173][ T631] do_syscall_64+0x34/0x70 [ 143.525564][ T631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 143.531428][ T631] RIP: 0033:0x7fc8ece62c09 [ 143.535834][ T631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 143.555418][ T631] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.563814][ T631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 381] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 631] <... write resumed>) = 6 [pid 631] close(3) = 0 [pid 631] close(4) = 0 [pid 381] <... umount2 resumed>) = 0 [pid 631] close(5) = 0 [pid 631] close(6) = -1 EBADF (Bad file descriptor) [pid 631] close(7) = -1 EBADF (Bad file descriptor) [pid 631] close(8) = -1 EBADF (Bad file descriptor) [pid 631] close(9) = -1 EBADF (Bad file descriptor) [pid 631] close(10) = -1 EBADF (Bad file descriptor) [pid 631] close(11) = -1 EBADF (Bad file descriptor) [pid 631] close(12) = -1 EBADF (Bad file descriptor) [pid 631] close(13) = -1 EBADF (Bad file descriptor) [pid 631] close(14) = -1 EBADF (Bad file descriptor) [pid 631] close(15) = -1 EBADF (Bad file descriptor) [pid 631] close(16) = -1 EBADF (Bad file descriptor) [pid 631] close(17) = -1 EBADF (Bad file descriptor) [pid 631] close(18) = -1 EBADF (Bad file descriptor) [pid 631] close(19) = -1 EBADF (Bad file descriptor) [pid 631] close(20) = -1 EBADF (Bad file descriptor) [pid 631] close(21) = -1 EBADF (Bad file descriptor) [pid 631] close(22) = -1 EBADF (Bad file descriptor) [pid 631] close(23) = -1 EBADF (Bad file descriptor) [pid 631] close(24) = -1 EBADF (Bad file descriptor) [pid 631] close(25) = -1 EBADF (Bad file descriptor) [pid 631] close(26) = -1 EBADF (Bad file descriptor) [pid 631] close(27) = -1 EBADF (Bad file descriptor) [pid 631] close(28) = -1 EBADF (Bad file descriptor) [pid 631] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 631] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 631] exit_group(0) = ? [pid 631] +++ exited with 0 +++ [pid 633] <... write resumed>) = 6 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=36, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 633] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 383] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 633] <... openat resumed>) = 5 [pid 383] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 381] lstat("./41/file0", [pid 383] <... openat resumed>) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./34/binderfs" [pid 633] write(5, "22", 2) = 2 [pid 633] write(4, "+pids ", 6 [pid 381] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, [pid 383] <... unlink resumed>) = 0 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] umount2("./34/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] getdents64(4, [pid 383] lstat("./34/cgroup", [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] close(4 [pid 383] unlink("./34/cgroup" [pid 381] <... close resumed>) = 0 [pid 383] <... unlink resumed>) = 0 [pid 381] rmdir("./41/file0" [pid 383] umount2("./34/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./34/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./34/cgroup.net" [pid 381] <... rmdir resumed>) = 0 [pid 383] <... unlink resumed>) = 0 [pid 383] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... umount2 resumed>) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] lstat("./41/cgroup.cpu", [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] lstat("./34/file0", [pid 381] unlink("./41/cgroup.cpu" [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... unlink resumed>) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] getdents64(3, [pid 383] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] fstat(4, [pid 381] close(3 [pid 383] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, [pid 381] <... close resumed>) = 0 [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] rmdir("./41" [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./34/file0" [pid 381] <... rmdir resumed>) = 0 [pid 383] <... rmdir resumed>) = 0 [pid 381] mkdir("./42", 0777 [pid 383] umount2("./34/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./34/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./34/cgroup.cpu") = 0 [pid 381] <... mkdir resumed>) = 0 [pid 383] getdents64(3, [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3./strace-static-x86_64: Process 635 attached ) = 0 [pid 383] rmdir("./34" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 44 [pid 635] chdir("./42" [pid 383] <... rmdir resumed>) = 0 [pid 635] <... chdir resumed>) = 0 [pid 383] mkdir("./35", 0777 [pid 635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 383] <... mkdir resumed>) = 0 [pid 635] <... prctl resumed>) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 636 attached [pid 635] setpgid(0, 0) = 0 [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 37 [pid 635] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 636] chdir("./35" [pid 635] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 636] <... chdir resumed>) = 0 [pid 635] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 636] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 635] <... symlink resumed>) = 0 [pid 635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 636] <... prctl resumed>) = 0 [pid 635] <... openat resumed>) = 3 [pid 636] setpgid(0, 0 [pid 635] write(3, "1000", 4 [pid 636] <... setpgid resumed>) = 0 [pid 635] <... write resumed>) = 4 [pid 635] close(3 [pid 636] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 635] <... close resumed>) = 0 [pid 635] symlink("/dev/binderfs", "./binderfs" [pid 636] <... symlink resumed>) = 0 [pid 635] <... symlink resumed>) = 0 [pid 636] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 635] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 635] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 636] <... symlink resumed>) = 0 [pid 635] <... mount resumed>) = 0 [pid 636] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 635] open("./file0", O_RDONLY) = 3 [pid 636] <... symlink resumed>) = 0 [pid 636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 635] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 635] write(4, "-pids ", 6 [pid 636] <... openat resumed>) = 3 [pid 636] write(3, "1000", 4) = 4 [pid 636] close(3) = 0 [pid 636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 636] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 636] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 636] open("./file0", O_RDONLY) = 3 [pid 636] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 636] write(4, "-pids ", 6 [pid 635] <... write resumed>) = 6 [pid 635] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 143.571784][ T631] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 143.579741][ T631] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 143.587698][ T631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 143.595647][ T631] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000022 [pid 635] write(5, "22", 2) = 2 [ 143.640608][ T629] FAULT_INJECTION: forcing a failure. [ 143.640608][ T629] name failslab, interval 1, probability 0, space 0, times 0 [ 143.653327][ T629] CPU: 1 PID: 629 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 143.664945][ T629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.674981][ T629] Call Trace: [ 143.678353][ T629] dump_stack_lvl+0x1e2/0x24b [ 143.683019][ T629] ? bfq_pos_tree_add_move+0x43e/0x43e [ 143.688466][ T629] ? selinux_kernfs_init_security+0x1a8/0x760 [ 143.694520][ T629] dump_stack+0x15/0x17 [ 143.698672][ T629] should_fail+0x3c0/0x510 [ 143.703073][ T629] ? __kernfs_new_node+0x99/0x6e0 [ 143.708089][ T629] __should_failslab+0x9f/0xe0 [ 143.712838][ T629] should_failslab+0x9/0x20 [ 143.717326][ T629] __kmalloc_track_caller+0x5f/0x350 [ 143.722604][ T629] kstrdup_const+0x55/0x90 [ 143.727010][ T629] __kernfs_new_node+0x99/0x6e0 [ 143.731846][ T629] ? is_module_text_address+0xe1/0x140 [ 143.737290][ T629] ? kernfs_new_node+0x170/0x170 [ 143.742211][ T629] ? ptr_to_hashval+0x60/0x60 [ 143.746956][ T629] ? arch_stack_walk+0xf8/0x140 [ 143.751795][ T629] ? snprintf+0xd6/0x120 [ 143.756023][ T629] kernfs_new_node+0x97/0x170 [ 143.760681][ T629] __kernfs_create_file+0x4a/0x270 [ 143.765776][ T629] cgroup_addrm_files+0xab8/0xfe0 [ 143.770773][ T629] ? ____kasan_kmalloc+0xdc/0x110 [ 143.775777][ T629] ? __kasan_kmalloc+0x9/0x10 [ 143.780444][ T629] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 143.785977][ T629] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 143.792115][ T629] ? delete_node+0x759/0x7b0 [ 143.796692][ T629] ? __kasan_check_read+0x11/0x20 [ 143.801695][ T629] ? delete_node+0x759/0x7b0 [ 143.806269][ T629] ? __kasan_check_write+0x14/0x20 [ 143.811372][ T629] ? idr_replace+0x1c4/0x230 [ 143.815943][ T629] ? idr_get_next+0x4b0/0x4b0 [ 143.820603][ T629] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 143.825616][ T629] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 143.830812][ T629] css_populate_dir+0x137/0x370 [ 143.835658][ T629] cgroup_apply_control_enable+0x8b9/0x12f0 [ 143.841536][ T629] cgroup_apply_control+0x93/0x710 [ 143.846622][ T629] ? css_next_child+0x160/0x160 [ 143.851455][ T629] ? io_schedule+0x120/0x120 [ 143.856034][ T629] ? kernfs_fop_write_iter+0x15e/0x410 [ 143.861476][ T629] ? __kasan_check_write+0x14/0x20 [ 143.866561][ T629] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 143.871818][ T629] cgroup_subtree_control_write+0xd19/0x1310 [ 143.877777][ T629] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.883750][ T629] ? __kasan_check_write+0x14/0x20 [ 143.888852][ T629] ? _copy_from_iter+0x3fb/0xd60 [ 143.893775][ T629] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 143.899731][ T629] cgroup_file_write+0x28e/0x590 [ 143.904659][ T629] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.909757][ T629] ? mutex_lock+0xa6/0x110 [ 143.914155][ T629] ? mutex_trylock+0xb0/0xb0 [ 143.918717][ T629] ? __kasan_check_write+0x14/0x20 [ 143.923802][ T629] kernfs_fop_write_iter+0x2d0/0x410 [ 143.929093][ T629] ? cgroup_seqfile_stop+0xc0/0xc0 [ 143.934213][ T629] vfs_write+0xc1c/0xf40 [ 143.938440][ T629] ? __kasan_check_write+0x14/0x20 [ 143.943525][ T629] ? kernel_write+0x3c0/0x3c0 [ 143.948182][ T629] ? _raw_spin_unlock_irq+0x4e/0x70 [ 143.953369][ T629] ? ptrace_stop+0x6ff/0x9f0 [ 143.957944][ T629] ? __kasan_check_read+0x11/0x20 [ 143.962942][ T629] ? __fdget_pos+0x27e/0x310 [ 143.967509][ T629] ksys_write+0x198/0x2c0 [ 143.971812][ T629] ? do_notify_parent+0xa60/0xa60 [ 143.976818][ T629] ? __ia32_sys_read+0x90/0x90 [ 143.981565][ T629] ? __ia32_sys_open+0x270/0x270 [ 143.986482][ T629] __x64_sys_write+0x7b/0x90 [ 143.991064][ T629] do_syscall_64+0x34/0x70 [ 143.995472][ T629] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 144.001345][ T629] RIP: 0033:0x7fc8ece62c09 [ 144.005734][ T629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.025324][ T629] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.033727][ T629] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 635] write(4, "+pids ", 6 [pid 629] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 629] close(3) = 0 [pid 629] close(4) = 0 [pid 629] close(5) = 0 [pid 629] close(6) = -1 EBADF (Bad file descriptor) [pid 629] close(7) = -1 EBADF (Bad file descriptor) [pid 629] close(8) = -1 EBADF (Bad file descriptor) [pid 629] close(9) = -1 EBADF (Bad file descriptor) [pid 629] close(10) = -1 EBADF (Bad file descriptor) [pid 629] close(11) = -1 EBADF (Bad file descriptor) [pid 629] close(12) = -1 EBADF (Bad file descriptor) [pid 629] close(13) = -1 EBADF (Bad file descriptor) [pid 629] close(14) = -1 EBADF (Bad file descriptor) [pid 629] close(15) = -1 EBADF (Bad file descriptor) [pid 629] close(16) = -1 EBADF (Bad file descriptor) [pid 629] close(17) = -1 EBADF (Bad file descriptor) [pid 629] close(18) = -1 EBADF (Bad file descriptor) [pid 629] close(19) = -1 EBADF (Bad file descriptor) [pid 629] close(20) = -1 EBADF (Bad file descriptor) [pid 629] close(21) = -1 EBADF (Bad file descriptor) [pid 629] close(22) = -1 EBADF (Bad file descriptor) [pid 629] close(23) = -1 EBADF (Bad file descriptor) [pid 629] close(24) = -1 EBADF (Bad file descriptor) [pid 629] close(25) = -1 EBADF (Bad file descriptor) [pid 629] close(26) = -1 EBADF (Bad file descriptor) [pid 629] close(27) = -1 EBADF (Bad file descriptor) [pid 629] close(28) = -1 EBADF (Bad file descriptor) [pid 629] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 629] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 629] exit_group(0) = ? [pid 629] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 382] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./44/binderfs") = 0 [pid 382] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./44/cgroup") = 0 [pid 382] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./44/cgroup.net") = 0 [ 144.041679][ T629] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 144.049631][ T629] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 144.057584][ T629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 144.065536][ T629] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 144.075006][ T629] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 144.090877][ T382] ------------[ cut here ]------------ [ 144.096462][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 144.105413][ T382] Modules linked in: [ 144.109295][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 144.120933][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.131075][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 144.131419][ T633] FAULT_INJECTION: forcing a failure. [ 144.131419][ T633] name failslab, interval 1, probability 0, space 0, times 0 [ 144.136694][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 144.136701][ T382] RSP: 0018:ffffc90000b77ba0 EFLAGS: 00010293 [ 144.136713][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 144.136728][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 144.150121][ T633] CPU: 1 PID: 633 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 144.169022][ T382] RBP: ffffc90000b77c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 144.174998][ T633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.175003][ T633] Call Trace: [ 144.175020][ T633] dump_stack_lvl+0x1e2/0x24b [ 144.175036][ T633] ? panic+0x7d7/0x7d7 [ 144.182989][ T382] R10: fffff5200016ef65 R11: 1ffff9200016ef64 R12: dffffc0000000000 [ 144.190925][ T633] ? bfq_pos_tree_add_move+0x43e/0x43e [ 144.190936][ T633] ? find_next_bit+0xd6/0x120 [ 144.190953][ T633] ? cpumask_next+0x11/0x30 [ 144.202546][ T382] R13: ffff8881192dd880 R14: ffffc90000b77c00 R15: 1ffff9200016ef7c [ 144.210479][ T633] dump_stack+0x15/0x17 [ 144.210488][ T633] should_fail+0x3c0/0x510 [ 144.210504][ T633] ? percpu_ref_init+0xd0/0x330 [ 144.220554][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 144.223792][ T633] __should_failslab+0x9f/0xe0 [ 144.228433][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.232468][ T633] should_failslab+0x9/0x20 [ 144.232478][ T633] kmem_cache_alloc_trace+0x3a/0x330 [ 144.232488][ T633] percpu_ref_init+0xd0/0x330 [ 144.232500][ T633] ? cgroup_setup_root+0xea0/0xea0 [ 144.232511][ T633] cgroup_apply_control_enable+0x3a2/0x12f0 [ 144.232522][ T633] cgroup_apply_control+0x93/0x710 [ 144.232538][ T633] ? css_next_child+0x160/0x160 [ 144.240487][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 144.245911][ T633] ? io_schedule+0x120/0x120 [ 144.250558][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.255023][ T633] ? kernfs_fop_write_iter+0x15e/0x410 [ 144.262967][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.267090][ T633] ? __kasan_check_write+0x14/0x20 [ 144.271472][ T382] Call Trace: [ 144.276292][ T633] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 144.285212][ T382] ? io_schedule+0x120/0x120 [ 144.289933][ T633] cgroup_subtree_control_write+0xd19/0x1310 [ 144.296515][ T382] ? vfs_submount+0xb0/0xb0 [ 144.300958][ T633] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 144.300977][ T633] ? __kasan_check_write+0x14/0x20 [ 144.306235][ T382] ? shrink_dentry_list+0x4ec/0x500 [ 144.310876][ T633] ? _copy_from_iter+0x3fb/0xd60 [ 144.310893][ T633] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 144.315978][ T382] ? __kasan_check_write+0x14/0x20 [ 144.321924][ T633] cgroup_file_write+0x28e/0x590 [ 144.321934][ T633] ? cgroup_seqfile_stop+0xc0/0xc0 [ 144.321952][ T633] ? mutex_lock+0xa6/0x110 [pid 382] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 633] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 633] close(3) = 0 [pid 633] close(4) = 0 [pid 633] close(5) = 0 [pid 633] close(6) = -1 EBADF (Bad file descriptor) [pid 633] close(7) = -1 EBADF (Bad file descriptor) [pid 633] close(8) = -1 EBADF (Bad file descriptor) [pid 633] close(9) = -1 EBADF (Bad file descriptor) [pid 633] close(10) = -1 EBADF (Bad file descriptor) [pid 633] close(11) = -1 EBADF (Bad file descriptor) [pid 633] close(12) = -1 EBADF (Bad file descriptor) [pid 633] close(13) = -1 EBADF (Bad file descriptor) [pid 633] close(14) = -1 EBADF (Bad file descriptor) [pid 633] close(15) = -1 EBADF (Bad file descriptor) [pid 633] close(16) = -1 EBADF (Bad file descriptor) [pid 633] close(17) = -1 EBADF (Bad file descriptor) [pid 633] close(18) = -1 EBADF (Bad file descriptor) [pid 633] close(19) = -1 EBADF (Bad file descriptor) [pid 633] close(20) = -1 EBADF (Bad file descriptor) [pid 633] close(21) = -1 EBADF (Bad file descriptor) [pid 633] close(22) = -1 EBADF (Bad file descriptor) [pid 633] close(23) = -1 EBADF (Bad file descriptor) [pid 633] close(24) = -1 EBADF (Bad file descriptor) [pid 633] close(25) = -1 EBADF (Bad file descriptor) [pid 633] close(26) = -1 EBADF (Bad file descriptor) [pid 633] close(27) = -1 EBADF (Bad file descriptor) [pid 633] close(28) = -1 EBADF (Bad file descriptor) [pid 633] close(29) = -1 EBADF (Bad file descriptor) [pid 633] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [ 144.327037][ T382] namespace_unlock+0x448/0x4f0 [ 144.331854][ T633] ? mutex_trylock+0xb0/0xb0 [ 144.331864][ T633] ? __kasan_check_write+0x14/0x20 [ 144.331881][ T633] kernfs_fop_write_iter+0x2d0/0x410 [ 144.339827][ T382] ? umount_tree+0xf50/0xf50 [ 144.344380][ T633] ? cgroup_seqfile_stop+0xc0/0xc0 [ 144.344391][ T633] vfs_write+0xc1c/0xf40 [ 144.344399][ T633] ? __kasan_check_write+0x14/0x20 [ 144.344408][ T633] ? kernel_write+0x3c0/0x3c0 [ 144.344424][ T633] ? _raw_spin_unlock_irq+0x4e/0x70 [ 144.352381][ T382] ? __detach_mounts+0x670/0x670 [pid 633] exit_group(0) = ? [pid 633] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 144.357796][ T633] ? ptrace_stop+0x6ff/0x9f0 [ 144.365746][ T382] ? selinux_umount+0xf0/0x130 [ 144.370810][ T633] ? __kasan_check_read+0x11/0x20 [ 144.370826][ T633] ? __fdget_pos+0x27e/0x310 [ 144.374085][ T382] ? security_sb_umount+0x9d/0xb0 [ 144.379337][ T633] ksys_write+0x198/0x2c0 [ 144.383900][ T382] path_umount+0xf03/0xfb0 [ 144.389840][ T633] ? do_notify_parent+0xa60/0xa60 [ 144.394316][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 144.400248][ T633] ? __ia32_sys_read+0x90/0x90 [ 144.400257][ T633] ? __ia32_sys_open+0x270/0x270 [ 144.400265][ T633] __x64_sys_write+0x7b/0x90 [ 144.400282][ T633] do_syscall_64+0x34/0x70 [ 144.405363][ T382] ? user_path_at_empty+0x40/0x50 [ 144.410519][ T633] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 144.410528][ T633] RIP: 0033:0x7fc8ece62c09 [ 144.410544][ T633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.415451][ T382] __x64_sys_umount+0x122/0x170 [ 144.421421][ T633] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.421434][ T633] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 144.421447][ T633] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 144.426538][ T382] ? path_umount+0xfb0/0xfb0 [ 144.431433][ T633] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 144.431440][ T633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 144.431454][ T633] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 144.436544][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 144.654526][ T382] do_syscall_64+0x34/0x70 [ 144.658930][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 144.664825][ T382] RIP: 0033:0x7fc8ece63fb7 [ 144.669231][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 375] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.688937][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 144.697359][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 144.705374][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 144.713346][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 144.721310][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 144.729265][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002d [ 144.737250][ T382] ---[ end trace d4de1ca9cdcd198f ]--- [ 144.743290][ T382] ------------[ cut here ]------------ [ 144.748769][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 144.758228][ T382] Modules linked in: [ 144.762150][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 144.773761][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.783828][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 144.789446][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 144.809053][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 144.815148][ T382] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e4f00 [ 144.823113][ T382] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 144.831080][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 144.839035][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [ 144.847011][ T382] R13: ffff8881192dd880 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 144.854989][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 144.863923][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.870517][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 144.878473][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.886440][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.894400][ T382] Call Trace: [ 144.897670][ T382] ? lockref_get_or_lock+0x340/0x340 [ 144.902958][ T382] ? umount_tree+0xf50/0xf50 [ 144.907532][ T382] ? vfs_submount+0xb0/0xb0 [ 144.912052][ T382] ? dput+0x2b6/0x320 [ 144.916029][ T382] path_umount+0x1fe/0xfb0 [ 144.920461][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 144.925474][ T382] ? user_path_at_empty+0x40/0x50 [ 144.930507][ T382] __x64_sys_umount+0x122/0x170 [ 144.935342][ T382] ? path_umount+0xfb0/0xfb0 [ 144.939917][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 144.945916][ T382] do_syscall_64+0x34/0x70 [ 144.950345][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 144.956223][ T382] RIP: 0033:0x7fc8ece63fb7 [ 144.960657][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 144.980270][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 144.988682][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [pid 375] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 382] <... umount2 resumed>) = 0 [pid 375] <... openat resumed>) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./44/binderfs") = 0 [pid 375] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./44/cgroup") = 0 [pid 375] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./44/cgroup.net") = 0 [ 144.996655][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 145.004633][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 145.012618][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 145.020594][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002d [ 145.028551][ T382] ---[ end trace d4de1ca9cdcd1990 ]--- [ 145.036263][ T375] ------------[ cut here ]------------ [pid 375] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 145.041768][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 145.050520][ T635] FAULT_INJECTION: forcing a failure. [ 145.050520][ T635] name failslab, interval 1, probability 0, space 0, times 0 [ 145.050697][ T375] Modules linked in: [ 145.067119][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 145.078753][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.080499][ T635] CPU: 1 PID: 635 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 145.088817][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 145.100382][ T635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.100386][ T635] Call Trace: [ 145.100401][ T635] dump_stack_lvl+0x1e2/0x24b [ 145.100409][ T635] ? panic+0x7d7/0x7d7 [ 145.100418][ T635] ? bfq_pos_tree_add_move+0x43e/0x43e [ 145.100427][ T635] ? find_next_bit+0xd6/0x120 [ 145.100444][ T635] ? cpumask_next+0x11/0x30 [ 145.106043][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 145.116075][ T635] dump_stack+0x15/0x17 [ 145.116084][ T635] should_fail+0x3c0/0x510 [ 145.116099][ T635] ? percpu_ref_init+0xd0/0x330 [ 145.119356][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 145.123995][ T635] __should_failslab+0x9f/0xe0 [ 145.124012][ T635] should_failslab+0x9/0x20 [ 145.128052][ T375] [ 145.133474][ T635] kmem_cache_alloc_trace+0x3a/0x330 [ 145.133485][ T635] percpu_ref_init+0xd0/0x330 [ 145.133494][ T635] ? cgroup_setup_root+0xea0/0xea0 [ 145.133511][ T635] cgroup_apply_control_enable+0x3a2/0x12f0 [ 145.138155][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 145.142623][ T635] cgroup_apply_control+0x93/0x710 [ 145.142639][ T635] ? css_next_child+0x160/0x160 [ 145.162218][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 145.166336][ T635] ? stack_trace_save+0x12d/0x1f0 [ 145.170724][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 145.175537][ T635] ? io_schedule+0x120/0x120 [ 145.181576][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 145.186304][ T635] ? kernfs_fop_write_iter+0x15e/0x410 [ 145.190790][ T375] R13: ffff8881192dc700 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 145.193075][ T635] ? __kasan_check_write+0x14/0x20 [ 145.198329][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 145.202965][ T635] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 145.202982][ T635] cgroup_subtree_control_write+0xd19/0x1310 [ 145.208063][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.213918][ T635] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 145.213935][ T635] ? __kasan_check_write+0x14/0x20 [ 145.221882][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 145.226960][ T635] ? _copy_from_iter+0x3fb/0xd60 [ 145.231782][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.239720][ T635] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 145.244714][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 145.252647][ T635] cgroup_file_write+0x28e/0x590 [ 145.252658][ T635] ? cgroup_seqfile_stop+0xc0/0xc0 [ 145.252669][ T635] ? mutex_lock+0xa6/0x110 [ 145.252678][ T635] ? mutex_trylock+0xb0/0xb0 [ 145.252688][ T635] ? __kasan_check_write+0x14/0x20 [ 145.252698][ T635] kernfs_fop_write_iter+0x2d0/0x410 [ 145.252705][ T635] ? cgroup_seqfile_stop+0xc0/0xc0 [ 145.252722][ T635] vfs_write+0xc1c/0xf40 [ 145.257363][ T375] Call Trace: [ 145.265306][ T635] ? __kasan_check_write+0x14/0x20 [ 145.265324][ T635] ? kernel_write+0x3c0/0x3c0 [ 145.270761][ T375] ? io_schedule+0x120/0x120 [ 145.278695][ T635] ? _raw_spin_unlock_irq+0x4e/0x70 [ 145.283783][ T375] ? vfs_submount+0xb0/0xb0 [ 145.292667][ T635] ? ptrace_stop+0x6ff/0x9f0 [ 145.292685][ T635] ? __kasan_check_read+0x11/0x20 [ 145.297940][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 145.303876][ T635] ? __fdget_pos+0x27e/0x310 [ 145.303886][ T635] ksys_write+0x198/0x2c0 [ 145.303902][ T635] ? do_notify_parent+0xa60/0xa60 [ 145.310476][ T375] ? __kasan_check_write+0x14/0x20 [ 145.316402][ T635] ? __ia32_sys_read+0x90/0x90 [ 145.321486][ T375] namespace_unlock+0x448/0x4f0 [ 145.329419][ T635] ? __ia32_sys_open+0x270/0x270 [ 145.334334][ T375] ? umount_tree+0xf50/0xf50 [ 145.342264][ T635] __x64_sys_write+0x7b/0x90 [ 145.342281][ T635] do_syscall_64+0x34/0x70 [ 145.348226][ T375] ? __detach_mounts+0x670/0x670 [ 145.356161][ T635] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 145.356176][ T635] RIP: 0033:0x7fc8ece62c09 [ 145.361088][ T375] ? selinux_umount+0xf0/0x130 [ 145.366159][ T635] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.370560][ T375] ? security_sb_umount+0x9d/0xb0 [ 145.375104][ T635] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 145.380198][ T375] path_umount+0xf03/0xfb0 [ 145.385440][ T635] ORIG_RAX: 0000000000000001 [ 145.390536][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 145.394734][ T635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 145.397996][ T375] ? user_path_at_empty+0x40/0x50 [ 145.403061][ T635] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 145.403068][ T635] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 145.403081][ T635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 145.407728][ T375] __x64_sys_umount+0x122/0x170 [ 145.412275][ T635] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [ 145.597947][ T375] ? path_umount+0xfb0/0xfb0 [ 145.602806][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 145.608779][ T375] do_syscall_64+0x34/0x70 [ 145.613213][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 145.619085][ T375] RIP: 0033:0x7fc8ece63fb7 [ 145.623506][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 382] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 635] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [ 145.643123][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 145.651541][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 145.659498][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 145.667476][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 145.675460][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 145.683440][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002d [ 145.691420][ T375] ---[ end trace d4de1ca9cdcd1991 ]--- [ 145.697071][ T375] ------------[ cut here ]------------ [ 145.702585][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 145.711531][ T375] Modules linked in: [ 145.715411][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 145.727041][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 145.737107][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 145.742733][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 145.762336][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 145.768386][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffd RCX: ffff8881065e13c0 [ 145.776364][ T375] RDX: 0000000000000000 RSI: 00000000fffffffd RDI: 0000000000000000 [ 145.784324][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 145.792304][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 145.800270][ T375] R13: ffff8881192dc700 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 145.808232][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 145.817165][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.823755][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 145.831725][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.839675][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 145.847632][ T375] Call Trace: [ 145.850944][ T375] ? lockref_get_or_lock+0x340/0x340 [ 145.856213][ T375] ? umount_tree+0xf50/0xf50 [ 145.860804][ T375] ? vfs_submount+0xb0/0xb0 [ 145.865291][ T375] ? dput+0x2b6/0x320 [ 145.869250][ T375] path_umount+0x1fe/0xfb0 [ 145.873754][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 145.878765][ T375] ? user_path_at_empty+0x40/0x50 [ 145.883785][ T375] __x64_sys_umount+0x122/0x170 [ 145.888612][ T375] ? path_umount+0xfb0/0xfb0 [ 145.893193][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 145.899150][ T375] do_syscall_64+0x34/0x70 [ 145.903556][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 145.909423][ T375] RIP: 0033:0x7fc8ece63fb7 [ 145.913840][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 145.933432][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 145.941838][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [pid 382] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 635] close(3 [pid 375] <... umount2 resumed>) = 0 [pid 635] <... close resumed>) = 0 [pid 382] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 635] close(4 [pid 375] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 635] <... close resumed>) = 0 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 635] close(5 [pid 382] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 635] <... close resumed>) = 0 [pid 382] <... openat resumed>) = 4 [pid 635] close(6 [pid 375] lstat("./44/file0", [pid 382] fstat(4, [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 635] close(7 [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] getdents64(4, [pid 635] close(8 [pid 375] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 635] close(9 [pid 382] getdents64(4, [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 635] close(10 [pid 382] close(4 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... close resumed>) = 0 [pid 635] close(11 [pid 382] rmdir("./44/file0" [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... rmdir resumed>) = 0 [pid 635] close(12 [pid 382] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 635] close(13 [pid 382] lstat("./44/cgroup.cpu", [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 635] close(14 [pid 382] unlink("./44/cgroup.cpu" [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... unlink resumed>) = 0 [pid 635] close(15 [pid 382] getdents64(3, [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 635] close(16 [pid 382] close(3 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... close resumed>) = 0 [pid 635] close(17 [pid 382] rmdir("./44" [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... rmdir resumed>) = 0 [pid 375] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 635] close(18 [pid 382] mkdir("./45", 0777 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(19 [pid 382] <... mkdir resumed>) = 0 [pid 375] <... openat resumed>) = 4 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] fstat(4, [pid 635] close(20./strace-static-x86_64: Process 637 attached ) = -1 EBADF (Bad file descriptor) [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 635] close(21 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 47 [pid 375] getdents64(4, [pid 637] chdir("./45" [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(22 [pid 637] <... chdir resumed>) = 0 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(23) = -1 EBADF (Bad file descriptor) [pid 635] close(24) = -1 EBADF (Bad file descriptor) [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 635] close(25) = -1 EBADF (Bad file descriptor) [pid 635] close(26) = -1 EBADF (Bad file descriptor) [pid 635] close(27) = -1 EBADF (Bad file descriptor) [pid 635] close(28) = -1 EBADF (Bad file descriptor) [pid 635] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 635] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 635] exit_group(0) = ? [pid 637] <... prctl resumed>) = 0 [pid 635] +++ exited with 0 +++ [pid 637] setpgid(0, 0 [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] restart_syscall(<... resuming interrupted clone ...> [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, [pid 381] <... restart_syscall resumed>) = 0 [pid 637] <... setpgid resumed>) = 0 [pid 381] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, [pid 637] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 381] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 637] <... symlink resumed>) = 0 [pid 381] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 637] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./42/binderfs") = 0 [pid 381] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 637] <... symlink resumed>) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] lstat("./42/cgroup", [pid 637] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./42/cgroup" [pid 637] <... symlink resumed>) = 0 [pid 381] <... unlink resumed>) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 381] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./42/cgroup.net", [pid 637] <... openat resumed>) = 3 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 637] write(3, "1000", 4 [pid 381] unlink("./42/cgroup.net" [pid 637] <... write resumed>) = 4 [pid 381] <... unlink resumed>) = 0 [pid 381] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 637] close(3 [pid 381] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 637] <... close resumed>) = 0 [pid 381] getdents64(4, [pid 637] symlink("/dev/binderfs", "./binderfs" [pid 381] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 637] <... symlink resumed>) = 0 [pid 381] rmdir("./42/file0") = 0 [pid 375] close(4 [pid 381] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 637] mkdirat(AT_FDCWD, "./file0", 000 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... close resumed>) = 0 [pid 381] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] rmdir("./44/file0" [pid 381] unlink("./42/cgroup.cpu" [pid 637] <... mkdirat resumed>) = 0 [pid 381] <... unlink resumed>) = 0 [pid 375] <... rmdir resumed>) = 0 [pid 381] getdents64(3, [pid 637] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] close(3) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 637] <... mount resumed>) = 0 [pid 381] rmdir("./42" [pid 637] open("./file0", O_RDONLY [pid 381] <... rmdir resumed>) = 0 [pid 375] lstat("./44/cgroup.cpu", [pid 637] <... open resumed>) = 3 [pid 381] mkdir("./43", 0777 [pid 637] openat(3, "cgroup.subtree_control", O_RDWR [pid 381] <... mkdir resumed>) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 637] <... openat resumed>) = 4 [pid 636] <... write resumed>) = 6 [pid 634] <... write resumed>) = 6 [pid 632] <... write resumed>) = 6 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 638 attached [pid 637] write(4, "-pids ", 6 [pid 636] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 634] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 375] unlink("./44/cgroup.cpu" [pid 638] chdir("./43" [pid 636] <... openat resumed>) = 5 [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 45 [pid 638] <... chdir resumed>) = 0 [pid 636] write(5, "22", 2 [pid 634] <... openat resumed>) = 5 [pid 632] <... openat resumed>) = 5 [pid 375] <... unlink resumed>) = 0 [pid 638] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 637] <... write resumed>) = 6 [pid 636] <... write resumed>) = 2 [pid 634] write(5, "22", 2 [pid 632] write(5, "22", 2 [pid 375] getdents64(3, [pid 638] <... prctl resumed>) = 0 [ 145.949790][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 145.957757][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 145.965731][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 145.973703][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002d [ 145.981669][ T375] ---[ end trace d4de1ca9cdcd1992 ]--- [pid 636] write(4, "+pids ", 6 [pid 634] <... write resumed>) = 2 [pid 632] <... write resumed>) = 2 [pid 638] setpgid(0, 0 [pid 637] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 634] write(4, "+pids ", 6 [pid 632] write(4, "+pids ", 6 [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 637] <... openat resumed>) = 5 [pid 637] write(5, "22", 2) = 2 [pid 637] write(4, "+pids ", 6 [pid 638] <... setpgid resumed>) = 0 [pid 638] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 638] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 638] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 375] close(3 [pid 638] <... openat resumed>) = 3 [pid 638] write(3, "1000", 4) = 4 [pid 638] close(3) = 0 [pid 638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 638] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 638] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 375] <... close resumed>) = 0 [pid 375] rmdir("./44") = 0 [pid 375] mkdir("./45", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 47 ./strace-static-x86_64: Process 639 attached [pid 639] chdir("./45") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 639] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 639] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 639] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 146.002634][ T636] FAULT_INJECTION: forcing a failure. [ 146.002634][ T636] name failslab, interval 1, probability 0, space 0, times 0 [ 146.015452][ T636] CPU: 0 PID: 636 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 146.027064][ T636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.037107][ T636] Call Trace: [ 146.040388][ T636] dump_stack_lvl+0x1e2/0x24b [ 146.045054][ T636] ? panic+0x7d7/0x7d7 [ 146.049108][ T636] ? bfq_pos_tree_add_move+0x43e/0x43e [ 146.054550][ T636] ? find_next_bit+0xd6/0x120 [ 146.059206][ T636] ? cpumask_next+0x11/0x30 [ 146.063699][ T636] dump_stack+0x15/0x17 [ 146.067845][ T636] should_fail+0x3c0/0x510 [ 146.072256][ T636] ? percpu_ref_init+0xd0/0x330 [ 146.077090][ T636] __should_failslab+0x9f/0xe0 [ 146.081823][ T636] should_failslab+0x9/0x20 [ 146.086299][ T636] kmem_cache_alloc_trace+0x3a/0x330 [ 146.091553][ T636] percpu_ref_init+0xd0/0x330 [ 146.096201][ T636] ? cgroup_setup_root+0xea0/0xea0 [ 146.101293][ T636] cgroup_apply_control_enable+0x3a2/0x12f0 [ 146.107166][ T636] cgroup_apply_control+0x93/0x710 [ 146.112247][ T636] ? css_next_child+0x160/0x160 [ 146.117082][ T636] ? io_schedule+0x120/0x120 [ 146.121656][ T636] ? kernfs_fop_write_iter+0x15e/0x410 [ 146.127094][ T636] ? __kasan_check_write+0x14/0x20 [ 146.132186][ T636] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 146.137440][ T636] cgroup_subtree_control_write+0xd19/0x1310 [ 146.143390][ T636] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.149338][ T636] ? __kasan_check_write+0x14/0x20 [ 146.154430][ T636] ? _copy_from_iter+0x3fb/0xd60 [ 146.159349][ T636] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.165300][ T636] cgroup_file_write+0x28e/0x590 [ 146.170215][ T636] ? cgroup_seqfile_stop+0xc0/0xc0 [ 146.175310][ T636] ? mutex_lock+0xa6/0x110 [ 146.179695][ T636] ? mutex_trylock+0xb0/0xb0 [ 146.184256][ T636] ? __kasan_check_write+0x14/0x20 [ 146.189337][ T636] kernfs_fop_write_iter+0x2d0/0x410 [ 146.194600][ T636] ? cgroup_seqfile_stop+0xc0/0xc0 [ 146.199692][ T636] vfs_write+0xc1c/0xf40 [ 146.203908][ T636] ? __kasan_check_write+0x14/0x20 [ 146.209004][ T636] ? kernel_write+0x3c0/0x3c0 [ 146.213659][ T636] ? _raw_spin_unlock_irq+0x4e/0x70 [ 146.218836][ T636] ? ptrace_stop+0x6ff/0x9f0 [ 146.223414][ T636] ? __kasan_check_read+0x11/0x20 [ 146.228418][ T636] ? __fdget_pos+0x27e/0x310 [ 146.232983][ T636] ksys_write+0x198/0x2c0 [ 146.237284][ T636] ? do_notify_parent+0xa60/0xa60 [ 146.242284][ T636] ? __ia32_sys_read+0x90/0x90 [ 146.247022][ T636] ? __ia32_sys_open+0x270/0x270 [ 146.251940][ T636] __x64_sys_write+0x7b/0x90 [ 146.256511][ T636] do_syscall_64+0x34/0x70 [ 146.260897][ T636] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 146.266761][ T636] RIP: 0033:0x7fc8ece62c09 [ 146.271154][ T636] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 146.290736][ T636] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 639] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 636] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 638] <... mount resumed>) = 0 [pid 636] close(3) = 0 [pid 636] close(4) = 0 [pid 636] close(5) = 0 [pid 636] close(6) = -1 EBADF (Bad file descriptor) [pid 636] close(7) = -1 EBADF (Bad file descriptor) [pid 636] close(8) = -1 EBADF (Bad file descriptor) [pid 636] close(9) = -1 EBADF (Bad file descriptor) [pid 636] close(10) = -1 EBADF (Bad file descriptor) [pid 636] close(11) = -1 EBADF (Bad file descriptor) [pid 636] close(12) = -1 EBADF (Bad file descriptor) [pid 636] close(13) = -1 EBADF (Bad file descriptor) [pid 636] close(14) = -1 EBADF (Bad file descriptor) [pid 636] close(15) = -1 EBADF (Bad file descriptor) [pid 636] close(16) = -1 EBADF (Bad file descriptor) [pid 636] close(17) = -1 EBADF (Bad file descriptor) [pid 636] close(18) = -1 EBADF (Bad file descriptor) [pid 636] close(19) = -1 EBADF (Bad file descriptor) [pid 639] <... mount resumed>) = 0 [pid 638] open("./file0", O_RDONLY [pid 636] close(20) = -1 EBADF (Bad file descriptor) [pid 636] close(21) = -1 EBADF (Bad file descriptor) [pid 636] close(22) = -1 EBADF (Bad file descriptor) [pid 636] close(23) = -1 EBADF (Bad file descriptor) [pid 636] close(24) = -1 EBADF (Bad file descriptor) [pid 636] close(25) = -1 EBADF (Bad file descriptor) [pid 636] close(26) = -1 EBADF (Bad file descriptor) [pid 636] close(27) = -1 EBADF (Bad file descriptor) [pid 636] close(28) = -1 EBADF (Bad file descriptor) [pid 636] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 636] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 636] exit_group(0) = ? [pid 639] open("./file0", O_RDONLY [pid 638] <... open resumed>) = 3 [pid 636] +++ exited with 0 +++ [pid 639] <... open resumed>) = 3 [pid 638] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=37, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 638] <... openat resumed>) = 4 [pid 639] <... openat resumed>) = 4 [pid 383] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 638] write(4, "-pids ", 6 [pid 383] <... openat resumed>) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] write(4, "-pids ", 6 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./35/binderfs") = 0 [pid 383] umount2("./35/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./35/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./35/cgroup") = 0 [pid 383] umount2("./35/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./35/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./35/cgroup.net") = 0 [pid 383] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./35/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./35/file0") = 0 [pid 383] umount2("./35/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./35/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./35/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./35") = 0 [pid 383] mkdir("./36", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 640 attached , child_tidptr=0x555556fab5d0) = 38 [pid 640] chdir("./36") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 640] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 640] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 640] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 640] open("./file0", O_RDONLY) = 3 [pid 640] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 146.299123][ T636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 146.307069][ T636] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 146.315024][ T636] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 146.322985][ T636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 146.330931][ T636] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000023 [pid 640] write(4, "-pids ", 6 [pid 639] <... write resumed>) = 6 [pid 639] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 639] write(5, "22", 2) = 2 [ 146.370619][ T634] FAULT_INJECTION: forcing a failure. [ 146.370619][ T634] name failslab, interval 1, probability 0, space 0, times 0 [ 146.383513][ T634] CPU: 0 PID: 634 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 146.395128][ T634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.405170][ T634] Call Trace: [ 146.408448][ T634] dump_stack_lvl+0x1e2/0x24b [ 146.413098][ T634] ? panic+0x7d7/0x7d7 [ 146.417136][ T634] ? bfq_pos_tree_add_move+0x43e/0x43e [ 146.422562][ T634] ? find_next_bit+0xd6/0x120 [ 146.427212][ T634] ? cpumask_next+0x11/0x30 [ 146.431687][ T634] dump_stack+0x15/0x17 [ 146.435817][ T634] should_fail+0x3c0/0x510 [ 146.440205][ T634] ? percpu_ref_init+0xd0/0x330 [ 146.445025][ T634] __should_failslab+0x9f/0xe0 [ 146.449759][ T634] should_failslab+0x9/0x20 [ 146.454238][ T634] kmem_cache_alloc_trace+0x3a/0x330 [ 146.459493][ T634] percpu_ref_init+0xd0/0x330 [ 146.464145][ T634] ? cgroup_setup_root+0xea0/0xea0 [ 146.469236][ T634] cgroup_apply_control_enable+0x3a2/0x12f0 [ 146.475103][ T634] cgroup_apply_control+0x93/0x710 [ 146.480194][ T634] ? css_next_child+0x160/0x160 [ 146.485026][ T634] ? stack_trace_save+0x12d/0x1f0 [ 146.490031][ T634] ? io_schedule+0x120/0x120 [ 146.494607][ T634] ? kernfs_fop_write_iter+0x15e/0x410 [ 146.500045][ T634] ? __kasan_check_write+0x14/0x20 [ 146.505145][ T634] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 146.510405][ T634] cgroup_subtree_control_write+0xd19/0x1310 [ 146.516360][ T634] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.522324][ T634] ? __kasan_check_write+0x14/0x20 [ 146.527421][ T634] ? _copy_from_iter+0x3fb/0xd60 [ 146.532337][ T634] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.538295][ T634] cgroup_file_write+0x28e/0x590 [ 146.543204][ T634] ? cgroup_seqfile_stop+0xc0/0xc0 [ 146.548284][ T634] ? mutex_lock+0xa6/0x110 [ 146.552671][ T634] ? mutex_trylock+0xb0/0xb0 [ 146.557233][ T634] ? __kasan_check_write+0x14/0x20 [ 146.562314][ T634] kernfs_fop_write_iter+0x2d0/0x410 [ 146.567576][ T634] ? cgroup_seqfile_stop+0xc0/0xc0 [ 146.572667][ T634] vfs_write+0xc1c/0xf40 [ 146.576883][ T634] ? __kasan_check_write+0x14/0x20 [ 146.581968][ T634] ? kernel_write+0x3c0/0x3c0 [ 146.586618][ T634] ? _raw_spin_unlock_irq+0x4e/0x70 [ 146.591788][ T634] ? ptrace_stop+0x6ff/0x9f0 [ 146.596350][ T634] ? __kasan_check_read+0x11/0x20 [ 146.601355][ T634] ? __fdget_pos+0x27e/0x310 [ 146.605928][ T634] ksys_write+0x198/0x2c0 [ 146.610229][ T634] ? do_notify_parent+0xa60/0xa60 [ 146.615232][ T634] ? __ia32_sys_read+0x90/0x90 [ 146.619976][ T634] ? __ia32_sys_open+0x270/0x270 [ 146.624979][ T634] __x64_sys_write+0x7b/0x90 [ 146.629551][ T634] do_syscall_64+0x34/0x70 [ 146.633939][ T634] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 146.639808][ T634] RIP: 0033:0x7fc8ece62c09 [ 146.644194][ T634] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 146.663857][ T634] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 639] write(4, "+pids ", 6 [pid 634] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 634] close(3) = 0 [pid 634] close(4) = 0 [pid 634] close(5) = 0 [pid 634] close(6) = -1 EBADF (Bad file descriptor) [pid 634] close(7) = -1 EBADF (Bad file descriptor) [pid 634] close(8) = -1 EBADF (Bad file descriptor) [pid 634] close(9) = -1 EBADF (Bad file descriptor) [pid 634] close(10) = -1 EBADF (Bad file descriptor) [pid 634] close(11) = -1 EBADF (Bad file descriptor) [pid 634] close(12) = -1 EBADF (Bad file descriptor) [pid 634] close(13) = -1 EBADF (Bad file descriptor) [pid 634] close(14) = -1 EBADF (Bad file descriptor) [pid 634] close(15) = -1 EBADF (Bad file descriptor) [pid 634] close(16) = -1 EBADF (Bad file descriptor) [pid 634] close(17) = -1 EBADF (Bad file descriptor) [pid 634] close(18) = -1 EBADF (Bad file descriptor) [pid 634] close(19) = -1 EBADF (Bad file descriptor) [pid 634] close(20) = -1 EBADF (Bad file descriptor) [pid 634] close(21) = -1 EBADF (Bad file descriptor) [pid 634] close(22) = -1 EBADF (Bad file descriptor) [pid 634] close(23) = -1 EBADF (Bad file descriptor) [pid 634] close(24) = -1 EBADF (Bad file descriptor) [pid 634] close(25) = -1 EBADF (Bad file descriptor) [pid 634] close(26) = -1 EBADF (Bad file descriptor) [pid 634] close(27) = -1 EBADF (Bad file descriptor) [pid 634] close(28) = -1 EBADF (Bad file descriptor) [pid 634] close(29) = -1 EBADF (Bad file descriptor) [pid 634] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 634] exit_group(0) = ? [pid 634] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.672240][ T634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 146.680187][ T634] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 146.688142][ T634] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 146.696096][ T634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 146.704039][ T634] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [pid 380] lstat("./39/binderfs", [pid 640] <... write resumed>) = 6 [pid 638] <... write resumed>) = 6 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 638] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 380] unlink("./39/binderfs" [pid 638] <... openat resumed>) = 5 [pid 380] <... unlink resumed>) = 0 [pid 638] write(5, "22", 2 [pid 380] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 638] <... write resumed>) = 2 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 638] write(4, "+pids ", 6 [pid 380] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./39/cgroup") = 0 [pid 380] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 640] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 380] unlink("./39/cgroup.net") = 0 [pid 380] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 640] <... openat resumed>) = 5 [pid 640] write(5, "22", 2) = 2 [ 146.730434][ T637] FAULT_INJECTION: forcing a failure. [ 146.730434][ T637] name failslab, interval 1, probability 0, space 0, times 0 [ 146.743097][ T637] CPU: 1 PID: 637 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 146.754705][ T637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 146.764735][ T637] Call Trace: [ 146.768002][ T637] dump_stack_lvl+0x1e2/0x24b [ 146.772662][ T637] ? bfq_pos_tree_add_move+0x43e/0x43e [ 146.778114][ T637] ? selinux_kernfs_init_security+0x1a8/0x760 [ 146.784167][ T637] dump_stack+0x15/0x17 [ 146.788297][ T637] should_fail+0x3c0/0x510 [ 146.792686][ T637] ? __kernfs_new_node+0x99/0x6e0 [ 146.797696][ T637] __should_failslab+0x9f/0xe0 [ 146.802442][ T637] should_failslab+0x9/0x20 [ 146.806919][ T637] __kmalloc_track_caller+0x5f/0x350 [ 146.812177][ T637] kstrdup_const+0x55/0x90 [ 146.816566][ T637] __kernfs_new_node+0x99/0x6e0 [ 146.821397][ T637] ? is_module_text_address+0xe1/0x140 [ 146.826826][ T637] ? kernfs_new_node+0x170/0x170 [ 146.831738][ T637] ? ptr_to_hashval+0x60/0x60 [ 146.836391][ T637] ? arch_stack_walk+0xf8/0x140 [ 146.841226][ T637] ? snprintf+0xd6/0x120 [ 146.845460][ T637] kernfs_new_node+0x97/0x170 [ 146.850122][ T637] __kernfs_create_file+0x4a/0x270 [ 146.855215][ T637] cgroup_addrm_files+0xab8/0xfe0 [ 146.860221][ T637] ? ____kasan_kmalloc+0xdc/0x110 [ 146.865226][ T637] ? __kasan_kmalloc+0x9/0x10 [ 146.869883][ T637] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 146.875404][ T637] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 146.881528][ T637] ? delete_node+0x759/0x7b0 [ 146.886098][ T637] ? __kasan_check_read+0x11/0x20 [ 146.891102][ T637] ? delete_node+0x759/0x7b0 [ 146.895663][ T637] ? __kasan_check_write+0x14/0x20 [ 146.900750][ T637] ? idr_replace+0x1c4/0x230 [ 146.905312][ T637] ? idr_get_next+0x4b0/0x4b0 [ 146.909971][ T637] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 146.915009][ T637] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 146.920189][ T637] css_populate_dir+0x137/0x370 [ 146.925020][ T637] cgroup_apply_control_enable+0x8b9/0x12f0 [ 146.930885][ T637] cgroup_apply_control+0x93/0x710 [ 146.935974][ T637] ? css_next_child+0x160/0x160 [ 146.940803][ T637] ? stack_trace_save+0x12d/0x1f0 [ 146.945808][ T637] ? io_schedule+0x120/0x120 [ 146.950388][ T637] ? kernfs_fop_write_iter+0x15e/0x410 [ 146.955819][ T637] ? __kasan_check_write+0x14/0x20 [ 146.960905][ T637] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 146.966172][ T637] cgroup_subtree_control_write+0xd19/0x1310 [ 146.972138][ T637] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.978089][ T637] ? __kasan_check_write+0x14/0x20 [ 146.983185][ T637] ? _copy_from_iter+0x3fb/0xd60 [ 146.988105][ T637] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 146.994060][ T637] cgroup_file_write+0x28e/0x590 [ 146.998975][ T637] ? cgroup_seqfile_stop+0xc0/0xc0 [ 147.004067][ T637] ? mutex_lock+0xa6/0x110 [ 147.008474][ T637] ? mutex_trylock+0xb0/0xb0 [ 147.013047][ T637] ? __kasan_check_write+0x14/0x20 [ 147.018140][ T637] kernfs_fop_write_iter+0x2d0/0x410 [ 147.023409][ T637] ? cgroup_seqfile_stop+0xc0/0xc0 [ 147.028494][ T637] vfs_write+0xc1c/0xf40 [ 147.032710][ T637] ? __kasan_check_write+0x14/0x20 [ 147.037801][ T637] ? kernel_write+0x3c0/0x3c0 [ 147.042460][ T637] ? _raw_spin_unlock_irq+0x4e/0x70 [ 147.047641][ T637] ? ptrace_stop+0x6ff/0x9f0 [ 147.052217][ T637] ? __kasan_check_read+0x11/0x20 [ 147.057225][ T637] ? __fdget_pos+0x27e/0x310 [ 147.061800][ T637] ksys_write+0x198/0x2c0 [ 147.066111][ T637] ? do_notify_parent+0xa60/0xa60 [ 147.071110][ T637] ? __ia32_sys_read+0x90/0x90 [ 147.075849][ T637] ? __ia32_sys_open+0x270/0x270 [ 147.080760][ T637] __x64_sys_write+0x7b/0x90 [ 147.085333][ T637] do_syscall_64+0x34/0x70 [ 147.089748][ T637] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 147.095625][ T637] RIP: 0033:0x7fc8ece62c09 [ 147.100022][ T637] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.119597][ T637] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 640] write(4, "+pids ", 6 [pid 380] <... umount2 resumed>) = 0 [pid 380] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./39/file0") = 0 [pid 380] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./39/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./39") = 0 [pid 380] mkdir("./40", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 641 attached [pid 641] chdir("./40" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 42 [pid 641] <... chdir resumed>) = 0 [pid 641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 641] setpgid(0, 0) = 0 [pid 637] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 641] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 637] close(3 [pid 641] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 641] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 641] write(3, "1000", 4) = 4 [pid 641] close(3) = 0 [pid 641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 641] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 637] <... close resumed>) = 0 [pid 641] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 641] open("./file0", O_RDONLY) = 3 [pid 641] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 641] write(4, "-pids ", 6 [pid 637] close(4) = 0 [pid 637] close(5) = 0 [pid 637] close(6) = -1 EBADF (Bad file descriptor) [pid 637] close(7) = -1 EBADF (Bad file descriptor) [pid 637] close(8) = -1 EBADF (Bad file descriptor) [pid 637] close(9) = -1 EBADF (Bad file descriptor) [pid 637] close(10) = -1 EBADF (Bad file descriptor) [pid 637] close(11) = -1 EBADF (Bad file descriptor) [pid 637] close(12) = -1 EBADF (Bad file descriptor) [pid 637] close(13) = -1 EBADF (Bad file descriptor) [pid 637] close(14) = -1 EBADF (Bad file descriptor) [pid 637] close(15) = -1 EBADF (Bad file descriptor) [pid 637] close(16) = -1 EBADF (Bad file descriptor) [pid 637] close(17) = -1 EBADF (Bad file descriptor) [pid 637] close(18) = -1 EBADF (Bad file descriptor) [pid 637] close(19) = -1 EBADF (Bad file descriptor) [pid 637] close(20) = -1 EBADF (Bad file descriptor) [pid 637] close(21) = -1 EBADF (Bad file descriptor) [pid 637] close(22) = -1 EBADF (Bad file descriptor) [pid 637] close(23) = -1 EBADF (Bad file descriptor) [pid 637] close(24) = -1 EBADF (Bad file descriptor) [pid 637] close(25) = -1 EBADF (Bad file descriptor) [pid 637] close(26) = -1 EBADF (Bad file descriptor) [pid 637] close(27) = -1 EBADF (Bad file descriptor) [pid 637] close(28) = -1 EBADF (Bad file descriptor) [pid 637] close(29) = -1 EBADF (Bad file descriptor) [pid 637] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 637] exit_group(0) = ? [pid 637] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./45/binderfs") = 0 [pid 382] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./45/cgroup") = 0 [pid 382] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./45/cgroup.net") = 0 [ 147.127983][ T637] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 147.135934][ T637] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 147.143889][ T637] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 147.151837][ T637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 147.159788][ T637] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002d [ 147.169217][ T637] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 147.186763][ T382] ------------[ cut here ]------------ [ 147.192267][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 147.201213][ T382] Modules linked in: [ 147.205092][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 147.216696][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.226768][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 147.232412][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 147.252038][ T382] RSP: 0018:ffffc90000b77ba0 EFLAGS: 00010293 [ 147.258112][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 147.266095][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 147.274073][ T382] RBP: ffffc90000b77c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 147.282056][ T382] R10: fffff5200016ef65 R11: 1ffff9200016ef64 R12: dffffc0000000000 [ 147.290016][ T382] R13: ffff888117099500 R14: ffffc90000b77c00 R15: 1ffff9200016ef7c [ 147.298001][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 147.306931][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.313535][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 147.321508][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 147.329452][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 147.337416][ T382] Call Trace: [ 147.340709][ T382] ? io_schedule+0x120/0x120 [ 147.345277][ T382] ? vfs_submount+0xb0/0xb0 [ 147.349763][ T382] ? shrink_dentry_list+0x4ec/0x500 [ 147.354981][ T382] ? __kasan_check_write+0x14/0x20 [ 147.360243][ T382] namespace_unlock+0x448/0x4f0 [ 147.365102][ T382] ? umount_tree+0xf50/0xf50 [ 147.369677][ T382] ? __detach_mounts+0x670/0x670 [ 147.374629][ T382] ? selinux_umount+0xf0/0x130 [ 147.379398][ T382] ? security_sb_umount+0x9d/0xb0 [ 147.384443][ T382] path_umount+0xf03/0xfb0 [ 147.388856][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 147.393912][ T382] ? user_path_at_empty+0x40/0x50 [ 147.398922][ T382] __x64_sys_umount+0x122/0x170 [ 147.403788][ T382] ? path_umount+0xfb0/0xfb0 [ 147.408376][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 147.414370][ T382] do_syscall_64+0x34/0x70 [ 147.418781][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 147.424686][ T382] RIP: 0033:0x7fc8ece63fb7 [ 147.429099][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.448715][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 147.457157][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 147.465144][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 147.473140][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 147.481124][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 147.489086][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002e [ 147.497074][ T382] ---[ end trace d4de1ca9cdcd1993 ]--- [ 147.502596][ T382] ------------[ cut here ]------------ [ 147.508053][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 147.516997][ T382] Modules linked in: [ 147.520425][ T639] FAULT_INJECTION: forcing a failure. [ 147.520425][ T639] name failslab, interval 1, probability 0, space 0, times 0 [ 147.520981][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 147.543373][ T639] CPU: 1 PID: 639 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 147.545194][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.556724][ T639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.556728][ T639] Call Trace: [ 147.556747][ T639] dump_stack_lvl+0x1e2/0x24b [ 147.556758][ T639] ? bfq_pos_tree_add_move+0x43e/0x43e [ 147.556769][ T639] dump_stack+0x15/0x17 [ 147.556779][ T639] should_fail+0x3c0/0x510 [ 147.556789][ T639] ? pids_css_alloc+0x4e/0x120 [ 147.556800][ T639] __should_failslab+0x9f/0xe0 [ 147.556810][ T639] should_failslab+0x9/0x20 [ 147.556822][ T639] kmem_cache_alloc_trace+0x3a/0x330 [ 147.556831][ T639] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 147.556849][ T639] pids_css_alloc+0x4e/0x120 [ 147.566918][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 147.576930][ T639] cgroup_apply_control_enable+0x350/0x12f0 [ 147.576943][ T639] cgroup_apply_control+0x93/0x710 [ 147.576962][ T639] ? css_next_child+0x160/0x160 [ 147.580255][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 147.584888][ T639] ? io_schedule+0x120/0x120 [ 147.590354][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 147.594452][ T639] ? kernfs_fop_write_iter+0x15e/0x410 [ 147.598844][ T382] [ 147.603583][ T639] ? __kasan_check_write+0x14/0x20 [ 147.603594][ T639] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 147.603611][ T639] cgroup_subtree_control_write+0xd19/0x1310 [ 147.608349][ T382] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e4f00 [ 147.612822][ T639] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 147.612837][ T639] ? __kasan_check_write+0x14/0x20 [ 147.612854][ T639] ? _copy_from_iter+0x3fb/0xd60 [ 147.618107][ T382] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 147.623270][ T639] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 147.623279][ T639] cgroup_file_write+0x28e/0x590 [ 147.623294][ T639] ? cgroup_seqfile_stop+0xc0/0xc0 [ 147.627853][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 147.633449][ T639] ? mutex_lock+0xa6/0x110 [ 147.633458][ T639] ? mutex_trylock+0xb0/0xb0 [ 147.633474][ T639] ? __kasan_check_write+0x14/0x20 [ 147.639339][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [ 147.644410][ T639] kernfs_fop_write_iter+0x2d0/0x410 [pid 382] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] kill(-43, SIGKILL) = 0 [pid 376] kill(43, SIGKILL) = 0 [ 147.644419][ T639] ? cgroup_seqfile_stop+0xc0/0xc0 [ 147.644428][ T639] vfs_write+0xc1c/0xf40 [ 147.644436][ T639] ? __kasan_check_write+0x14/0x20 [ 147.644452][ T639] ? kernel_write+0x3c0/0x3c0 [ 147.649273][ T382] R13: ffff888117099500 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 147.668850][ T639] ? _raw_spin_unlock_irq+0x4e/0x70 [ 147.668861][ T639] ? ptrace_stop+0x6ff/0x9f0 [ 147.668876][ T639] ? __kasan_check_read+0x11/0x20 [ 147.673442][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 147.679485][ T639] ? __fdget_pos+0x27e/0x310 [ 147.684922][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.687218][ T639] ksys_write+0x198/0x2c0 [ 147.692305][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 147.697551][ T639] ? do_notify_parent+0xa60/0xa60 [ 147.703520][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 147.711442][ T639] ? __ia32_sys_read+0x90/0x90 [ 147.711451][ T639] ? __ia32_sys_open+0x270/0x270 [ 147.711466][ T639] __x64_sys_write+0x7b/0x90 [ 147.717415][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 147.722492][ T639] do_syscall_64+0x34/0x70 [ 147.722509][ T639] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 147.727408][ T382] Call Trace: [ 147.735351][ T639] RIP: 0033:0x7fc8ece62c09 [ 147.735363][ T639] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.735375][ T639] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 147.741357][ T382] ? lockref_get_or_lock+0x340/0x340 [ 147.746235][ T639] ORIG_RAX: 0000000000000001 [ 147.751342][ T382] ? umount_tree+0xf50/0xf50 [ 147.759271][ T639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 147.763679][ T382] ? vfs_submount+0xb0/0xb0 [ 147.768214][ T639] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 147.773305][ T382] ? dput+0x2b6/0x320 [ 147.781233][ T639] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 147.781240][ T639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 147.781254][ T639] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002d [ 147.786512][ T382] path_umount+0x1fe/0xfb0 [ 148.006517][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 148.011543][ T382] ? user_path_at_empty+0x40/0x50 [ 148.016555][ T382] __x64_sys_umount+0x122/0x170 [ 148.021404][ T382] ? path_umount+0xfb0/0xfb0 [ 148.025976][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 148.031960][ T382] do_syscall_64+0x34/0x70 [ 148.036372][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 148.042263][ T382] RIP: 0033:0x7fc8ece63fb7 [ 148.046728][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.066341][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 148.074748][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 148.082715][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [pid 376] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 639] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 382] <... umount2 resumed>) = 0 [pid 639] close(3) = 0 [pid 382] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] fstat(3, [pid 639] close(4 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 639] <... close resumed>) = 0 [pid 376] getdents64(3, [pid 639] close(5 [pid 376] <... getdents64 resumed>0x555556fad630 /* 2 entries */, 32768) = 48 [pid 639] <... close resumed>) = 0 [pid 376] getdents64(3, [pid 639] close(6 [pid 376] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 639] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] close(3 [pid 639] close(7 [pid 376] <... close resumed>) = 0 [pid 639] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 639] close(8) = -1 EBADF (Bad file descriptor) [pid 639] close(9) = -1 EBADF (Bad file descriptor) [pid 639] close(10) = -1 EBADF (Bad file descriptor) [pid 639] close(11) = -1 EBADF (Bad file descriptor) [pid 639] close(12) = -1 EBADF (Bad file descriptor) [pid 639] close(13) = -1 EBADF (Bad file descriptor) [pid 639] close(14) = -1 EBADF (Bad file descriptor) [pid 639] close(15) = -1 EBADF (Bad file descriptor) [pid 639] close(16) = -1 EBADF (Bad file descriptor) [pid 639] close(17) = -1 EBADF (Bad file descriptor) [pid 639] close(18) = -1 EBADF (Bad file descriptor) [pid 639] close(19) = -1 EBADF (Bad file descriptor) [pid 639] close(20) = -1 EBADF (Bad file descriptor) [pid 639] close(21) = -1 EBADF (Bad file descriptor) [pid 639] close(22) = -1 EBADF (Bad file descriptor) [pid 639] close(23) = -1 EBADF (Bad file descriptor) [pid 639] close(24) = -1 EBADF (Bad file descriptor) [pid 639] close(25) = -1 EBADF (Bad file descriptor) [pid 639] close(26) = -1 EBADF (Bad file descriptor) [pid 639] close(27) = -1 EBADF (Bad file descriptor) [pid 639] close(28) = -1 EBADF (Bad file descriptor) [pid 639] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 639] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 639] exit_group(0) = ? [pid 639] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] lstat("./45/file0", [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 382] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... openat resumed>) = 3 [pid 375] fstat(3, [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] <... openat resumed>) = 4 [pid 375] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] fstat(4, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./45/binderfs" [pid 382] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] <... unlink resumed>) = 0 [pid 382] getdents64(4, [pid 375] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./45/cgroup" [pid 382] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] <... unlink resumed>) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] close(4 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] <... close resumed>) = 0 [pid 375] lstat("./45/cgroup.net", [pid 382] rmdir("./45/file0" [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 641] <... write resumed>) = 6 [pid 375] unlink("./45/cgroup.net") = 0 [pid 375] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] <... rmdir resumed>) = 0 [ 148.090678][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 148.098632][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 148.106606][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002e [ 148.114574][ T382] ---[ end trace d4de1ca9cdcd1994 ]--- [ 148.131212][ T640] FAULT_INJECTION: forcing a failure. [pid 382] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./45/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./45") = 0 [pid 382] mkdir("./46", 0777) = 0 [pid 641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 641] <... openat resumed>) = 5 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 48 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./45/file0") = 0 [pid 375] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./45/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./45") = 0 [pid 375] mkdir("./46", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 48 [pid 641] write(5, "22", 2) = 2 [pid 641] write(4, "+pids ", 6./strace-static-x86_64: Process 642 attached [pid 642] chdir("./46") = 0 [pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 642] setpgid(0, 0) = 0 [pid 642] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 642] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 642] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 642] write(3, "1000", 4) = 4 [pid 642] close(3) = 0 [pid 642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 642] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 642] mount(NULL, "./file0", "cgroup2", 0, NULL./strace-static-x86_64: Process 643 attached [pid 643] chdir("./46") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 643] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 643] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 148.131212][ T640] name failslab, interval 1, probability 0, space 0, times 0 [ 148.144299][ T640] CPU: 1 PID: 640 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 148.155920][ T640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 148.165963][ T640] Call Trace: [ 148.169246][ T640] dump_stack_lvl+0x1e2/0x24b [ 148.173915][ T640] ? bfq_pos_tree_add_move+0x43e/0x43e [ 148.179356][ T640] ? selinux_kernfs_init_security+0x1a8/0x760 [ 148.185406][ T640] dump_stack+0x15/0x17 [ 148.189533][ T640] should_fail+0x3c0/0x510 [ 148.193925][ T640] ? __kernfs_new_node+0x99/0x6e0 [ 148.198931][ T640] __should_failslab+0x9f/0xe0 [ 148.203708][ T640] should_failslab+0x9/0x20 [ 148.208193][ T640] __kmalloc_track_caller+0x5f/0x350 [ 148.213454][ T640] kstrdup_const+0x55/0x90 [ 148.217846][ T640] __kernfs_new_node+0x99/0x6e0 [ 148.222670][ T640] ? is_module_text_address+0xe1/0x140 [ 148.228102][ T640] ? kernfs_new_node+0x170/0x170 [ 148.233024][ T640] ? ptr_to_hashval+0x60/0x60 [ 148.237678][ T640] ? arch_stack_walk+0xf8/0x140 [ 148.242509][ T640] ? snprintf+0xd6/0x120 [ 148.246745][ T640] kernfs_new_node+0x97/0x170 [ 148.251409][ T640] __kernfs_create_file+0x4a/0x270 [ 148.256513][ T640] cgroup_addrm_files+0xab8/0xfe0 [ 148.261526][ T640] ? ____kasan_kmalloc+0xdc/0x110 [ 148.266541][ T640] ? __kasan_kmalloc+0x9/0x10 [ 148.271207][ T640] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 148.276735][ T640] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 148.282960][ T640] ? delete_node+0x759/0x7b0 [ 148.287527][ T640] ? __kasan_check_read+0x11/0x20 [ 148.292526][ T640] ? delete_node+0x759/0x7b0 [ 148.297097][ T640] ? __kasan_check_write+0x14/0x20 [ 148.302202][ T640] ? idr_replace+0x1c4/0x230 [ 148.306781][ T640] ? idr_get_next+0x4b0/0x4b0 [ 148.311431][ T640] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 148.316434][ T640] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 148.321612][ T640] css_populate_dir+0x137/0x370 [ 148.326442][ T640] cgroup_apply_control_enable+0x8b9/0x12f0 [ 148.332311][ T640] cgroup_apply_control+0x93/0x710 [ 148.337493][ T640] ? css_next_child+0x160/0x160 [ 148.342337][ T640] ? io_schedule+0x120/0x120 [ 148.346901][ T640] ? kernfs_fop_write_iter+0x15e/0x410 [ 148.352335][ T640] ? __kasan_check_write+0x14/0x20 [ 148.357421][ T640] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 148.362691][ T640] cgroup_subtree_control_write+0xd19/0x1310 [ 148.368661][ T640] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 148.374617][ T640] ? __kasan_check_write+0x14/0x20 [ 148.379715][ T640] ? _copy_from_iter+0x3fb/0xd60 [ 148.384644][ T640] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 148.390599][ T640] cgroup_file_write+0x28e/0x590 [ 148.395509][ T640] ? cgroup_seqfile_stop+0xc0/0xc0 [ 148.400603][ T640] ? mutex_lock+0xa6/0x110 [ 148.405010][ T640] ? mutex_trylock+0xb0/0xb0 [ 148.409591][ T640] ? __kasan_check_write+0x14/0x20 [ 148.414687][ T640] kernfs_fop_write_iter+0x2d0/0x410 [ 148.419958][ T640] ? cgroup_seqfile_stop+0xc0/0xc0 [ 148.425053][ T640] vfs_write+0xc1c/0xf40 [ 148.429271][ T640] ? __kasan_check_write+0x14/0x20 [ 148.434367][ T640] ? kernel_write+0x3c0/0x3c0 [ 148.439028][ T640] ? _raw_spin_unlock_irq+0x4e/0x70 [ 148.444207][ T640] ? ptrace_stop+0x6ff/0x9f0 [ 148.448798][ T640] ? __kasan_check_read+0x11/0x20 [ 148.453810][ T640] ? __fdget_pos+0x27e/0x310 [ 148.458377][ T640] ksys_write+0x198/0x2c0 [ 148.462698][ T640] ? do_notify_parent+0xa60/0xa60 [ 148.467706][ T640] ? __ia32_sys_read+0x90/0x90 [ 148.472441][ T640] ? __ia32_sys_open+0x270/0x270 [ 148.477354][ T640] __x64_sys_write+0x7b/0x90 [ 148.481923][ T640] do_syscall_64+0x34/0x70 [ 148.486314][ T640] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 148.492180][ T640] RIP: 0033:0x7fc8ece62c09 [ 148.496583][ T640] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.516179][ T640] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.524589][ T640] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 148.532547][ T640] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 643] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 640] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 643] <... mount resumed>) = 0 [pid 642] <... mount resumed>) = 0 [pid 643] open("./file0", O_RDONLY [pid 640] close(3 [pid 643] <... open resumed>) = 3 [pid 643] openat(3, "cgroup.subtree_control", O_RDWR [pid 640] <... close resumed>) = 0 [pid 643] <... openat resumed>) = 4 [pid 643] write(4, "-pids ", 6 [pid 640] close(4) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = -1 EBADF (Bad file descriptor) [pid 640] close(7) = -1 EBADF (Bad file descriptor) [pid 640] close(8) = -1 EBADF (Bad file descriptor) [pid 642] open("./file0", O_RDONLY [pid 640] close(9) = -1 EBADF (Bad file descriptor) [pid 640] close(10) = -1 EBADF (Bad file descriptor) [pid 640] close(11) = -1 EBADF (Bad file descriptor) [pid 640] close(12) = -1 EBADF (Bad file descriptor) [pid 640] close(13) = -1 EBADF (Bad file descriptor) [pid 640] close(14) = -1 EBADF (Bad file descriptor) [pid 640] close(15) = -1 EBADF (Bad file descriptor) [pid 640] close(16) = -1 EBADF (Bad file descriptor) [pid 640] close(17) = -1 EBADF (Bad file descriptor) [pid 640] close(18) = -1 EBADF (Bad file descriptor) [pid 640] close(19) = -1 EBADF (Bad file descriptor) [pid 640] close(20) = -1 EBADF (Bad file descriptor) [pid 640] close(21) = -1 EBADF (Bad file descriptor) [pid 640] close(22) = -1 EBADF (Bad file descriptor) [pid 640] close(23) = -1 EBADF (Bad file descriptor) [pid 640] close(24) = -1 EBADF (Bad file descriptor) [pid 640] close(25) = -1 EBADF (Bad file descriptor) [pid 640] close(26) = -1 EBADF (Bad file descriptor) [pid 640] close(27) = -1 EBADF (Bad file descriptor) [pid 640] close(28) = -1 EBADF (Bad file descriptor) [pid 640] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 640] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 640] exit_group(0) = ? [pid 642] <... open resumed>) = 3 [pid 640] +++ exited with 0 +++ [pid 642] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 642] write(4, "-pids ", 6 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./36/binderfs") = 0 [pid 383] umount2("./36/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./36/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./36/cgroup") = 0 [pid 383] umount2("./36/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./36/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./36/cgroup.net") = 0 [pid 383] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./36/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./36/file0") = 0 [pid 383] umount2("./36/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./36/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./36/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./36") = 0 [pid 383] mkdir("./37", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 644 attached [pid 644] chdir("./37") = 0 [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 39 [pid 644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 644] setpgid(0, 0) = 0 [pid 644] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 644] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 644] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 644] write(3, "1000", 4) = 4 [pid 644] close(3) = 0 [pid 644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 644] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 644] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 644] open("./file0", O_RDONLY) = 3 [pid 644] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 148.540493][ T640] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 148.548437][ T640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 148.556390][ T640] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000024 [ 148.564923][ T640] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 148.600426][ T632] FAULT_INJECTION: forcing a failure. [ 148.600426][ T632] name failslab, interval 1, probability 0, space 0, times 0 [ 148.613101][ T632] CPU: 0 PID: 632 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 148.624715][ T632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 148.634746][ T632] Call Trace: [ 148.638015][ T632] dump_stack_lvl+0x1e2/0x24b [ 148.642678][ T632] ? bfq_pos_tree_add_move+0x43e/0x43e [ 148.648124][ T632] ? selinux_kernfs_init_security+0x1a8/0x760 [ 148.654167][ T632] dump_stack+0x15/0x17 [ 148.658307][ T632] should_fail+0x3c0/0x510 [ 148.662708][ T632] ? __kernfs_new_node+0x99/0x6e0 [ 148.667715][ T632] __should_failslab+0x9f/0xe0 [ 148.672464][ T632] should_failslab+0x9/0x20 [ 148.676941][ T632] __kmalloc_track_caller+0x5f/0x350 [ 148.682198][ T632] kstrdup_const+0x55/0x90 [ 148.686588][ T632] __kernfs_new_node+0x99/0x6e0 [ 148.691423][ T632] ? is_module_text_address+0xe1/0x140 [ 148.696866][ T632] ? kernfs_new_node+0x170/0x170 [ 148.701780][ T632] ? ptr_to_hashval+0x60/0x60 [ 148.706429][ T632] ? arch_stack_walk+0xf8/0x140 [ 148.711266][ T632] ? snprintf+0xd6/0x120 [ 148.715504][ T632] kernfs_new_node+0x97/0x170 [ 148.720167][ T632] __kernfs_create_file+0x4a/0x270 [ 148.725265][ T632] cgroup_addrm_files+0xab8/0xfe0 [ 148.730276][ T632] ? ____kasan_kmalloc+0xdc/0x110 [ 148.735277][ T632] ? __kasan_kmalloc+0x9/0x10 [ 148.739929][ T632] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 148.745451][ T632] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 148.751579][ T632] ? delete_node+0x759/0x7b0 [ 148.756152][ T632] ? __kasan_check_read+0x11/0x20 [ 148.761159][ T632] ? delete_node+0x759/0x7b0 [ 148.765727][ T632] ? __kasan_check_write+0x14/0x20 [ 148.770823][ T632] ? idr_replace+0x1c4/0x230 [ 148.775385][ T632] ? idr_get_next+0x4b0/0x4b0 [ 148.780042][ T632] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 148.785048][ T632] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 148.790229][ T632] css_populate_dir+0x137/0x370 [ 148.795055][ T632] cgroup_apply_control_enable+0x8b9/0x12f0 [ 148.800936][ T632] cgroup_apply_control+0x93/0x710 [ 148.806031][ T632] ? css_next_child+0x160/0x160 [ 148.810865][ T632] ? io_schedule+0x120/0x120 [ 148.815440][ T632] ? kernfs_fop_write_iter+0x15e/0x410 [ 148.820880][ T632] ? __kasan_check_write+0x14/0x20 [ 148.825969][ T632] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 148.831236][ T632] cgroup_subtree_control_write+0xd19/0x1310 [ 148.837189][ T632] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 148.843150][ T632] ? __kasan_check_write+0x14/0x20 [ 148.848242][ T632] ? _copy_from_iter+0x3fb/0xd60 [ 148.853160][ T632] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 148.859121][ T632] cgroup_file_write+0x28e/0x590 [ 148.864042][ T632] ? cgroup_seqfile_stop+0xc0/0xc0 [ 148.869135][ T632] ? mutex_lock+0xa6/0x110 [ 148.873526][ T632] ? mutex_trylock+0xb0/0xb0 [ 148.878101][ T632] ? __kasan_check_write+0x14/0x20 [ 148.883193][ T632] kernfs_fop_write_iter+0x2d0/0x410 [ 148.888449][ T632] ? cgroup_seqfile_stop+0xc0/0xc0 [ 148.893631][ T632] vfs_write+0xc1c/0xf40 [ 148.897865][ T632] ? __kasan_check_write+0x14/0x20 [ 148.902960][ T632] ? kernel_write+0x3c0/0x3c0 [ 148.907620][ T632] ? _raw_spin_unlock_irq+0x4e/0x70 [ 148.912800][ T632] ? ptrace_stop+0x6ff/0x9f0 [ 148.917370][ T632] ? __kasan_check_read+0x11/0x20 [ 148.922378][ T632] ? __fdget_pos+0x27e/0x310 [ 148.926941][ T632] ksys_write+0x198/0x2c0 [ 148.931247][ T632] ? do_notify_parent+0xa60/0xa60 [ 148.936258][ T632] ? __ia32_sys_read+0x90/0x90 [ 148.941000][ T632] ? __ia32_sys_open+0x270/0x270 [ 148.945909][ T632] __x64_sys_write+0x7b/0x90 [ 148.950473][ T632] do_syscall_64+0x34/0x70 [ 148.954864][ T632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 148.960735][ T632] RIP: 0033:0x7fc8ece62c09 [ 148.965142][ T632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 148.984738][ T632] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 148.993145][ T632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 644] write(4, "-pids ", 6 [pid 632] <... write resumed>) = ? [pid 632] +++ killed by SIGKILL +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=43, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 376] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./41/binderfs") = 0 [pid 376] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./41/cgroup") = 0 [pid 376] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./41/cgroup.net") = 0 [pid 376] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./41/file0") = 0 [pid 376] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./41/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./41") = 0 [pid 376] mkdir("./42", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 645 attached , child_tidptr=0x555556fab5d0) = 44 [pid 645] chdir("./42") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 645] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 645] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 645] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 645] open("./file0", O_RDONLY) = 3 [pid 645] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 645] write(4, "-pids ", 6) = 6 [pid 644] <... write resumed>) = 6 [pid 643] <... write resumed>) = 6 [pid 642] <... write resumed>) = 6 [ 149.001099][ T632] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 149.009045][ T632] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 149.016999][ T632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 149.024955][ T632] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 149.033045][ T632] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 645] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 645] <... openat resumed>) = 5 [pid 644] <... openat resumed>) = 5 [pid 642] <... openat resumed>) = 5 [pid 645] write(5, "22", 2 [pid 644] write(5, "22", 2 [pid 642] write(5, "22", 2 [pid 645] <... write resumed>) = 2 [pid 644] <... write resumed>) = 2 [pid 642] <... write resumed>) = 2 [pid 645] write(4, "+pids ", 6 [pid 644] write(4, "+pids ", 6 [pid 642] write(4, "+pids ", 6 [ 149.070456][ T638] FAULT_INJECTION: forcing a failure. [ 149.070456][ T638] name failslab, interval 1, probability 0, space 0, times 0 [ 149.083330][ T638] CPU: 0 PID: 638 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 149.094950][ T638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.104981][ T638] Call Trace: [ 149.108251][ T638] dump_stack_lvl+0x1e2/0x24b [ 149.112906][ T638] ? bfq_pos_tree_add_move+0x43e/0x43e [ 149.118341][ T638] ? selinux_kernfs_init_security+0x1a8/0x760 [ 149.124387][ T638] dump_stack+0x15/0x17 [ 149.128519][ T638] should_fail+0x3c0/0x510 [ 149.132914][ T638] ? __kernfs_new_node+0x99/0x6e0 [ 149.138004][ T638] __should_failslab+0x9f/0xe0 [ 149.142744][ T638] should_failslab+0x9/0x20 [ 149.147233][ T638] __kmalloc_track_caller+0x5f/0x350 [ 149.152504][ T638] kstrdup_const+0x55/0x90 [ 149.156896][ T638] __kernfs_new_node+0x99/0x6e0 [ 149.161724][ T638] ? is_module_text_address+0xe1/0x140 [ 149.167161][ T638] ? kernfs_new_node+0x170/0x170 [ 149.172076][ T638] ? ptr_to_hashval+0x60/0x60 [ 149.176737][ T638] ? arch_stack_walk+0xf8/0x140 [ 149.181566][ T638] ? snprintf+0xd6/0x120 [ 149.185794][ T638] kernfs_new_node+0x97/0x170 [ 149.190456][ T638] __kernfs_create_file+0x4a/0x270 [ 149.195542][ T638] cgroup_addrm_files+0xab8/0xfe0 [ 149.200542][ T638] ? ____kasan_kmalloc+0xdc/0x110 [ 149.205540][ T638] ? __kasan_kmalloc+0x9/0x10 [ 149.210205][ T638] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 149.215729][ T638] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 149.221861][ T638] ? delete_node+0x759/0x7b0 [ 149.226428][ T638] ? __kasan_check_read+0x11/0x20 [ 149.231435][ T638] ? delete_node+0x759/0x7b0 [ 149.236001][ T638] ? __kasan_check_write+0x14/0x20 [ 149.241108][ T638] ? idr_replace+0x1c4/0x230 [ 149.245683][ T638] ? idr_get_next+0x4b0/0x4b0 [ 149.250337][ T638] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 149.255336][ T638] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 149.260509][ T638] css_populate_dir+0x137/0x370 [ 149.265337][ T638] cgroup_apply_control_enable+0x8b9/0x12f0 [ 149.271210][ T638] cgroup_apply_control+0x93/0x710 [ 149.276299][ T638] ? css_next_child+0x160/0x160 [ 149.281139][ T638] ? stack_trace_save+0x12d/0x1f0 [ 149.286152][ T638] ? io_schedule+0x120/0x120 [ 149.290824][ T638] ? kernfs_fop_write_iter+0x15e/0x410 [ 149.296275][ T638] ? __kasan_check_write+0x14/0x20 [ 149.301375][ T638] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 149.306640][ T638] cgroup_subtree_control_write+0xd19/0x1310 [ 149.312607][ T638] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 149.318565][ T638] ? __kasan_check_write+0x14/0x20 [ 149.323655][ T638] ? _copy_from_iter+0x3fb/0xd60 [ 149.328573][ T638] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 149.334528][ T638] cgroup_file_write+0x28e/0x590 [ 149.339444][ T638] ? cgroup_seqfile_stop+0xc0/0xc0 [ 149.344541][ T638] ? mutex_lock+0xa6/0x110 [ 149.348937][ T638] ? mutex_trylock+0xb0/0xb0 [ 149.353506][ T638] ? __kasan_check_write+0x14/0x20 [ 149.358594][ T638] kernfs_fop_write_iter+0x2d0/0x410 [ 149.363859][ T638] ? cgroup_seqfile_stop+0xc0/0xc0 [ 149.368953][ T638] vfs_write+0xc1c/0xf40 [ 149.373175][ T638] ? __kasan_check_write+0x14/0x20 [ 149.378266][ T638] ? kernel_write+0x3c0/0x3c0 [ 149.382928][ T638] ? _raw_spin_unlock_irq+0x4e/0x70 [ 149.388102][ T638] ? ptrace_stop+0x6ff/0x9f0 [ 149.392672][ T638] ? __kasan_check_read+0x11/0x20 [ 149.397698][ T638] ? __fdget_pos+0x27e/0x310 [ 149.402267][ T638] ksys_write+0x198/0x2c0 [ 149.406598][ T638] ? do_notify_parent+0xa60/0xa60 [ 149.411618][ T638] ? __ia32_sys_read+0x90/0x90 [ 149.416383][ T638] ? __ia32_sys_open+0x270/0x270 [ 149.421309][ T638] __x64_sys_write+0x7b/0x90 [ 149.425888][ T638] do_syscall_64+0x34/0x70 [ 149.430292][ T638] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 149.436170][ T638] RIP: 0033:0x7fc8ece62c09 [ 149.440569][ T638] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.460150][ T638] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 643] write(5, "22", 2) = 2 [pid 643] write(4, "+pids ", 6 [pid 638] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 638] close(3) = 0 [pid 638] close(4) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = -1 EBADF (Bad file descriptor) [pid 638] close(7) = -1 EBADF (Bad file descriptor) [pid 638] close(8) = -1 EBADF (Bad file descriptor) [pid 638] close(9) = -1 EBADF (Bad file descriptor) [pid 638] close(10) = -1 EBADF (Bad file descriptor) [pid 638] close(11) = -1 EBADF (Bad file descriptor) [pid 638] close(12) = -1 EBADF (Bad file descriptor) [pid 638] close(13) = -1 EBADF (Bad file descriptor) [pid 638] close(14) = -1 EBADF (Bad file descriptor) [pid 638] close(15) = -1 EBADF (Bad file descriptor) [pid 638] close(16) = -1 EBADF (Bad file descriptor) [pid 638] close(17) = -1 EBADF (Bad file descriptor) [pid 638] close(18) = -1 EBADF (Bad file descriptor) [pid 638] close(19) = -1 EBADF (Bad file descriptor) [pid 638] close(20) = -1 EBADF (Bad file descriptor) [pid 638] close(21) = -1 EBADF (Bad file descriptor) [pid 638] close(22) = -1 EBADF (Bad file descriptor) [pid 638] close(23) = -1 EBADF (Bad file descriptor) [pid 638] close(24) = -1 EBADF (Bad file descriptor) [pid 638] close(25) = -1 EBADF (Bad file descriptor) [pid 638] close(26) = -1 EBADF (Bad file descriptor) [pid 638] close(27) = -1 EBADF (Bad file descriptor) [pid 638] close(28) = -1 EBADF (Bad file descriptor) [pid 638] close(29) = -1 EBADF (Bad file descriptor) [pid 638] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 638] exit_group(0) = ? [pid 638] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./43/binderfs") = 0 [pid 381] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./43/cgroup") = 0 [pid 381] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./43/cgroup.net") = 0 [ 149.468543][ T638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 149.476700][ T638] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 149.484661][ T638] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 149.492615][ T638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 149.500568][ T638] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [ 149.512041][ T638] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 149.537977][ T381] ------------[ cut here ]------------ [ 149.543515][ T381] WARNING: CPU: 0 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 149.552445][ T381] Modules linked in: [ 149.556320][ T381] CPU: 0 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 149.567941][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.577997][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 149.583632][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 149.603244][ T381] RSP: 0018:ffffc90000b37ba0 EFLAGS: 00010293 [ 149.609286][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 149.617258][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 149.625246][ T381] RBP: ffffc90000b37c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 149.633228][ T381] R10: fffff52000166f65 R11: 1ffff92000166f64 R12: dffffc0000000000 [ 149.641208][ T381] R13: ffff88811d953a40 R14: ffffc90000b37c00 R15: 1ffff92000166f7c [ 149.649166][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 149.658103][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.664685][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506b0 [ 149.672676][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.680659][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.688602][ T381] Call Trace: [ 149.691894][ T381] ? io_schedule+0x120/0x120 [ 149.696476][ T381] ? vfs_submount+0xb0/0xb0 [ 149.700991][ T381] ? shrink_dentry_list+0x4ec/0x500 [ 149.706177][ T381] ? __kasan_check_write+0x14/0x20 [ 149.711290][ T381] namespace_unlock+0x448/0x4f0 [ 149.716136][ T381] ? umount_tree+0xf50/0xf50 [ 149.720750][ T381] ? __detach_mounts+0x670/0x670 [ 149.725674][ T381] ? selinux_umount+0xf0/0x130 [ 149.730440][ T381] ? security_sb_umount+0x9d/0xb0 [ 149.735447][ T381] path_umount+0xf03/0xfb0 [ 149.739839][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 149.744882][ T381] ? user_path_at_empty+0x40/0x50 [ 149.749896][ T381] __x64_sys_umount+0x122/0x170 [ 149.754758][ T381] ? path_umount+0xfb0/0xfb0 [ 149.759348][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 149.765337][ T381] do_syscall_64+0x34/0x70 [ 149.769749][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 149.775643][ T381] RIP: 0033:0x7fc8ece63fb7 [ 149.780053][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 149.799667][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 149.808096][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 149.816068][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 149.824055][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 149.832035][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 149.839996][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 149.847988][ T381] ---[ end trace d4de1ca9cdcd1995 ]--- [ 149.853522][ T381] ------------[ cut here ]------------ [ 149.853665][ T643] FAULT_INJECTION: forcing a failure. [ 149.853665][ T643] name failslab, interval 1, probability 0, space 0, times 0 [ 149.858994][ T381] WARNING: CPU: 1 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 149.871745][ T643] CPU: 0 PID: 643 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 149.880471][ T381] Modules linked in: [ 149.892041][ T643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.892045][ T643] Call Trace: [ 149.892060][ T643] dump_stack_lvl+0x1e2/0x24b [ 149.892077][ T643] ? bfq_pos_tree_add_move+0x43e/0x43e [ 149.895936][ T381] [ 149.905964][ T643] ? selinux_kernfs_init_security+0x1a8/0x760 [ 149.905973][ T643] dump_stack+0x15/0x17 [ 149.905989][ T643] should_fail+0x3c0/0x510 [ 149.909249][ T381] CPU: 1 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 149.913889][ T643] ? __kernfs_new_node+0x99/0x6e0 [ 149.913906][ T643] __should_failslab+0x9f/0xe0 [ 149.919328][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 149.921630][ T643] should_failslab+0x9/0x20 [ 149.921641][ T643] __kmalloc_track_caller+0x5f/0x350 [ 149.921657][ T643] kstrdup_const+0x55/0x90 [ 149.927696][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 149.931819][ T643] __kernfs_new_node+0x99/0x6e0 [ 149.931829][ T643] ? is_module_text_address+0xe1/0x140 [ 149.931843][ T643] ? kernfs_new_node+0x170/0x170 [ 149.936232][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 149.947815][ T643] ? ptr_to_hashval+0x60/0x60 [ 149.947824][ T643] ? arch_stack_walk+0xf8/0x140 [ 149.947833][ T643] ? snprintf+0xd6/0x120 [ 149.947841][ T643] kernfs_new_node+0x97/0x170 [ 149.947856][ T643] __kernfs_create_file+0x4a/0x270 [ 149.952854][ T381] RSP: 0018:ffffc90000b37ca0 EFLAGS: 00010293 [ 149.957586][ T643] cgroup_addrm_files+0xab8/0xfe0 [ 149.967615][ T381] [ 149.972082][ T643] ? ____kasan_kmalloc+0xdc/0x110 [ 149.972097][ T643] ? __kasan_kmalloc+0x9/0x10 [ 149.977353][ T381] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065813c0 [ 149.981734][ T643] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 149.981752][ T643] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 149.987350][ T381] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 149.992251][ T643] ? delete_node+0x759/0x7b0 [ 149.992261][ T643] ? __kasan_check_read+0x11/0x20 [ 149.992276][ T643] ? delete_node+0x759/0x7b0 [ 149.997706][ T381] RBP: ffffc90000b37d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 150.002615][ T643] ? __kasan_check_write+0x14/0x20 [ 150.002626][ T643] ? idr_replace+0x1c4/0x230 [ 150.002642][ T643] ? idr_get_next+0x4b0/0x4b0 [ 150.022250][ T381] R10: fffff52000166f85 R11: 1ffff92000166f84 R12: dffffc0000000000 [ 150.026879][ T643] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 150.031711][ T381] R13: ffff88811d953a40 R14: ffffc90000b37d00 R15: 1ffff92000166f9c [ 150.035913][ T643] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 150.040569][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 150.045644][ T643] css_populate_dir+0x137/0x370 [ 150.051684][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.056760][ T643] cgroup_apply_control_enable+0x8b9/0x12f0 [ 150.059056][ T381] CR2: 00007fc8ececd130 CR3: 000000011dddb000 CR4: 00000000003506a0 [ 150.064048][ T643] cgroup_apply_control+0x93/0x710 [ 150.064058][ T643] ? css_next_child+0x160/0x160 [ 150.064067][ T643] ? io_schedule+0x120/0x120 [ 150.064083][ T643] ? kernfs_fop_write_iter+0x15e/0x410 [ 150.068731][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.076674][ T643] ? __kasan_check_write+0x14/0x20 [ 150.076692][ T643] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 150.082208][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 381] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 643] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 643] close(3) = 0 [pid 643] close(4) = 0 [pid 643] close(5) = 0 [pid 643] close(6) = -1 EBADF (Bad file descriptor) [pid 643] close(7) = -1 EBADF (Bad file descriptor) [pid 643] close(8) = -1 EBADF (Bad file descriptor) [pid 643] close(9) = -1 EBADF (Bad file descriptor) [pid 643] close(10) = -1 EBADF (Bad file descriptor) [pid 643] close(11) = -1 EBADF (Bad file descriptor) [pid 643] close(12) = -1 EBADF (Bad file descriptor) [pid 643] close(13) = -1 EBADF (Bad file descriptor) [pid 643] close(14) = -1 EBADF (Bad file descriptor) [pid 643] close(15) = -1 EBADF (Bad file descriptor) [pid 643] close(16) = -1 EBADF (Bad file descriptor) [pid 643] close(17) = -1 EBADF (Bad file descriptor) [pid 643] close(18) = -1 EBADF (Bad file descriptor) [pid 643] close(19) = -1 EBADF (Bad file descriptor) [pid 643] close(20) = -1 EBADF (Bad file descriptor) [pid 643] close(21) = -1 EBADF (Bad file descriptor) [pid 643] close(22) = -1 EBADF (Bad file descriptor) [pid 643] close(23) = -1 EBADF (Bad file descriptor) [pid 643] close(24) = -1 EBADF (Bad file descriptor) [pid 643] close(25) = -1 EBADF (Bad file descriptor) [pid 643] close(26) = -1 EBADF (Bad file descriptor) [pid 643] close(27) = -1 EBADF (Bad file descriptor) [pid 643] close(28) = -1 EBADF (Bad file descriptor) [pid 643] close(29) = -1 EBADF (Bad file descriptor) [pid 643] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 643] exit_group(0) = ? [pid 643] +++ exited with 0 +++ [ 150.088330][ T643] cgroup_subtree_control_write+0xd19/0x1310 [ 150.096286][ T381] Call Trace: [ 150.100838][ T643] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 150.100854][ T643] ? __kasan_check_write+0x14/0x20 [ 150.105849][ T381] ? lockref_get_or_lock+0x340/0x340 [ 150.110401][ T643] ? _copy_from_iter+0x3fb/0xd60 [ 150.110410][ T643] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 150.110425][ T643] cgroup_file_write+0x28e/0x590 [ 150.118375][ T381] ? umount_tree+0xf50/0xf50 [ 150.123468][ T643] ? cgroup_seqfile_stop+0xc0/0xc0 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 150.123478][ T643] ? mutex_lock+0xa6/0x110 [ 150.123485][ T643] ? mutex_trylock+0xb0/0xb0 [ 150.123501][ T643] ? __kasan_check_write+0x14/0x20 [ 150.128060][ T381] ? vfs_submount+0xb0/0xb0 [ 150.132700][ T643] kernfs_fop_write_iter+0x2d0/0x410 [ 150.132708][ T643] ? cgroup_seqfile_stop+0xc0/0xc0 [ 150.132724][ T643] vfs_write+0xc1c/0xf40 [ 150.140676][ T381] ? dput+0x2b6/0x320 [ 150.145659][ T643] ? __kasan_check_write+0x14/0x20 [ 150.153611][ T381] path_umount+0x1fe/0xfb0 [ 150.158774][ T643] ? kernel_write+0x3c0/0x3c0 [ 150.167681][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 150.172483][ T643] ? _raw_spin_unlock_irq+0x4e/0x70 [ 150.172499][ T643] ? ptrace_stop+0x6ff/0x9f0 [ 150.179054][ T381] ? user_path_at_empty+0x40/0x50 [ 150.184904][ T643] ? __kasan_check_read+0x11/0x20 [ 150.184913][ T643] ? __fdget_pos+0x27e/0x310 [ 150.184921][ T643] ksys_write+0x198/0x2c0 [ 150.184937][ T643] ? do_notify_parent+0xa60/0xa60 [ 150.192888][ T381] __x64_sys_umount+0x122/0x170 [ 150.197962][ T643] ? __ia32_sys_read+0x90/0x90 [ 150.202786][ T381] ? path_umount+0xfb0/0xfb0 [ 150.207336][ T643] ? __ia32_sys_open+0x270/0x270 [ 150.212773][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 150.220699][ T643] __x64_sys_write+0x7b/0x90 [ 150.220715][ T643] do_syscall_64+0x34/0x70 [ 150.225796][ T381] do_syscall_64+0x34/0x70 [ 150.231041][ T643] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 150.231049][ T643] RIP: 0033:0x7fc8ece62c09 [ 150.231066][ T643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 150.239006][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 150.244942][ T643] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.244954][ T643] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 150.244960][ T643] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 150.244973][ T643] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 150.248235][ T381] RIP: 0033:0x7fc8ece63fb7 [ 150.254172][ T643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 150.254179][ T643] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 150.268753][ T643] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 150.269454][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 375] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... umount2 resumed>) = 0 [pid 381] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./43/file0") = 0 [pid 381] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./43/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./43") = 0 [pid 381] mkdir("./44", 0777 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... mkdir resumed>) = 0 [pid 375] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 46 [pid 375] <... openat resumed>) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./46/binderfs") = 0 ./strace-static-x86_64: Process 646 attached [pid 646] chdir("./44" [pid 375] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 646] <... chdir resumed>) = 0 [pid 646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 646] setpgid(0, 0) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 646] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 375] unlink("./46/cgroup") = 0 [pid 646] <... symlink resumed>) = 0 [pid 375] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 646] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./46/cgroup.net", [pid 646] <... symlink resumed>) = 0 [pid 646] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 646] <... symlink resumed>) = 0 [pid 375] unlink("./46/cgroup.net" [pid 646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 646] write(3, "1000", 4) = 4 [pid 646] close(3) = 0 [pid 646] symlink("/dev/binderfs", "./binderfs" [pid 375] <... unlink resumed>) = 0 [pid 375] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 646] <... symlink resumed>) = 0 [pid 646] mkdirat(AT_FDCWD, "./file0", 000 [pid 375] <... umount2 resumed>) = 0 [pid 646] <... mkdirat resumed>) = 0 [ 150.534904][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 150.543341][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 150.551319][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 150.559270][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 150.567254][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 150.575219][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002c [ 150.583205][ T381] ---[ end trace d4de1ca9cdcd1996 ]--- [pid 646] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 375] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 646] open("./file0", O_RDONLY) = 3 [pid 646] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 646] write(4, "-pids ", 6 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./46/file0") = 0 [pid 375] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./46/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./46") = 0 [pid 375] mkdir("./47", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 49 ./strace-static-x86_64: Process 647 attached [pid 647] chdir("./47") = 0 [pid 647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 647] setpgid(0, 0) = 0 [pid 647] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 647] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 647] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 647] write(3, "1000", 4) = 4 [pid 647] close(3) = 0 [pid 647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 647] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 150.610498][ T642] FAULT_INJECTION: forcing a failure. [ 150.610498][ T642] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 150.623842][ T642] CPU: 0 PID: 642 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 150.635454][ T642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 150.645485][ T642] Call Trace: [ 150.648763][ T642] dump_stack_lvl+0x1e2/0x24b [ 150.653423][ T642] ? bfq_pos_tree_add_move+0x43e/0x43e [ 150.658863][ T642] ? __kasan_check_write+0x14/0x20 [ 150.663951][ T642] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 150.669040][ T642] dump_stack+0x15/0x17 [ 150.673169][ T642] should_fail+0x3c0/0x510 [ 150.677557][ T642] should_fail_alloc_page+0x50/0x60 [ 150.682738][ T642] __alloc_pages_nodemask+0x1c0/0x890 [ 150.688100][ T642] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 150.694243][ T642] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 150.699776][ T642] allocate_slab+0x78/0x540 [ 150.704286][ T642] ___slab_alloc+0x131/0x2e0 [ 150.708858][ T642] ? pids_css_alloc+0x4e/0x120 [ 150.713591][ T642] __slab_alloc+0x63/0xa0 [ 150.717892][ T642] ? pids_css_alloc+0x4e/0x120 [ 150.722628][ T642] kmem_cache_alloc_trace+0x20e/0x330 [ 150.727972][ T642] ? pids_css_alloc+0x4e/0x120 [ 150.732709][ T642] pids_css_alloc+0x4e/0x120 [ 150.737280][ T642] cgroup_apply_control_enable+0x350/0x12f0 [ 150.743167][ T642] cgroup_apply_control+0x93/0x710 [ 150.748258][ T642] ? css_next_child+0x160/0x160 [ 150.753079][ T642] ? stack_trace_save+0x12d/0x1f0 [ 150.758086][ T642] ? io_schedule+0x120/0x120 [ 150.762664][ T642] ? kernfs_fop_write_iter+0x15e/0x410 [ 150.768104][ T642] ? __kasan_check_write+0x14/0x20 [ 150.773186][ T642] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 150.778440][ T642] cgroup_subtree_control_write+0xd19/0x1310 [ 150.784392][ T642] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 150.790347][ T642] ? __kasan_check_write+0x14/0x20 [ 150.795433][ T642] ? _copy_from_iter+0x3fb/0xd60 [ 150.800340][ T642] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 150.806289][ T642] cgroup_file_write+0x28e/0x590 [ 150.811204][ T642] ? cgroup_seqfile_stop+0xc0/0xc0 [ 150.816300][ T642] ? mutex_lock+0xa6/0x110 [ 150.820685][ T642] ? mutex_trylock+0xb0/0xb0 [ 150.825248][ T642] ? __kasan_check_write+0x14/0x20 [ 150.830331][ T642] kernfs_fop_write_iter+0x2d0/0x410 [ 150.835585][ T642] ? cgroup_seqfile_stop+0xc0/0xc0 [ 150.840665][ T642] vfs_write+0xc1c/0xf40 [ 150.844878][ T642] ? __kasan_check_write+0x14/0x20 [ 150.849968][ T642] ? kernel_write+0x3c0/0x3c0 [ 150.854625][ T642] ? _raw_spin_unlock_irq+0x4e/0x70 [ 150.859798][ T642] ? ptrace_stop+0x6ff/0x9f0 [ 150.864359][ T642] ? __kasan_check_read+0x11/0x20 [ 150.869362][ T642] ? __fdget_pos+0x27e/0x310 [ 150.873923][ T642] ksys_write+0x198/0x2c0 [ 150.878228][ T642] ? do_notify_parent+0xa60/0xa60 [ 150.883222][ T642] ? __ia32_sys_read+0x90/0x90 [ 150.887954][ T642] ? __ia32_sys_open+0x270/0x270 [ 150.892871][ T642] __x64_sys_write+0x7b/0x90 [ 150.897445][ T642] do_syscall_64+0x34/0x70 [ 150.901845][ T642] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 150.907729][ T642] RIP: 0033:0x7fc8ece62c09 [ 150.912134][ T642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 150.931720][ T642] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.940111][ T642] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 150.948061][ T642] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 647] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 642] <... write resumed>) = 6 [pid 642] close(3) = 0 [pid 642] close(4) = 0 [pid 642] close(5) = 0 [pid 642] close(6 [pid 646] <... write resumed>) = 6 [pid 642] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 642] close(7) = -1 EBADF (Bad file descriptor) [pid 642] close(8) = -1 EBADF (Bad file descriptor) [pid 642] close(9) = -1 EBADF (Bad file descriptor) [pid 642] close(10) = -1 EBADF (Bad file descriptor) [pid 642] close(11) = -1 EBADF (Bad file descriptor) [pid 642] close(12) = -1 EBADF (Bad file descriptor) [pid 642] close(13) = -1 EBADF (Bad file descriptor) [pid 642] close(14) = -1 EBADF (Bad file descriptor) [pid 642] close(15) = -1 EBADF (Bad file descriptor) [pid 642] close(16) = -1 EBADF (Bad file descriptor) [pid 642] close(17) = -1 EBADF (Bad file descriptor) [pid 642] close(18) = -1 EBADF (Bad file descriptor) [pid 642] close(19) = -1 EBADF (Bad file descriptor) [pid 642] close(20) = -1 EBADF (Bad file descriptor) [pid 642] close(21) = -1 EBADF (Bad file descriptor) [pid 642] close(22) = -1 EBADF (Bad file descriptor) [pid 642] close(23) = -1 EBADF (Bad file descriptor) [pid 642] close(24) = -1 EBADF (Bad file descriptor) [pid 642] close(25) = -1 EBADF (Bad file descriptor) [pid 642] close(26) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 642] close(27) = -1 EBADF (Bad file descriptor) [pid 642] close(28) = -1 EBADF (Bad file descriptor) [pid 642] close(29) = -1 EBADF (Bad file descriptor) [pid 642] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 642] exit_group(0) = ? [pid 642] +++ exited with 0 +++ [pid 646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 647] <... mount resumed>) = 0 [pid 646] <... openat resumed>) = 5 [pid 646] write(5, "22", 2) = 2 [pid 646] write(4, "+pids ", 6 [pid 647] open("./file0", O_RDONLY [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 647] <... open resumed>) = 3 [pid 647] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 647] write(4, "-pids ", 6 [pid 382] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./46/binderfs") = 0 [pid 382] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./46/cgroup") = 0 [pid 382] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./46/cgroup.net") = 0 [pid 382] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./46/file0") = 0 [pid 382] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./46/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./46") = 0 [pid 382] mkdir("./47", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 648 attached , child_tidptr=0x555556fab5d0) = 49 [pid 648] chdir("./47") = 0 [pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 648] setpgid(0, 0) = 0 [pid 648] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 648] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 648] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 648] write(3, "1000", 4) = 4 [pid 648] close(3) = 0 [pid 648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 648] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 648] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 648] open("./file0", O_RDONLY) = 3 [pid 648] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 150.956010][ T642] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 150.963965][ T642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 150.971907][ T642] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 151.000459][ T646] FAULT_INJECTION: forcing a failure. [ 151.000459][ T646] name failslab, interval 1, probability 0, space 0, times 0 [ 151.013119][ T646] CPU: 0 PID: 646 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 151.024730][ T646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 151.034755][ T646] Call Trace: [ 151.038022][ T646] dump_stack_lvl+0x1e2/0x24b [ 151.042673][ T646] ? bfq_pos_tree_add_move+0x43e/0x43e [ 151.048106][ T646] ? selinux_kernfs_init_security+0x1a8/0x760 [ 151.054144][ T646] dump_stack+0x15/0x17 [ 151.058281][ T646] should_fail+0x3c0/0x510 [ 151.062679][ T646] ? __kernfs_new_node+0x99/0x6e0 [ 151.067676][ T646] __should_failslab+0x9f/0xe0 [ 151.072414][ T646] should_failslab+0x9/0x20 [ 151.076901][ T646] __kmalloc_track_caller+0x5f/0x350 [ 151.082173][ T646] kstrdup_const+0x55/0x90 [ 151.086600][ T646] __kernfs_new_node+0x99/0x6e0 [ 151.091434][ T646] ? is_module_text_address+0xe1/0x140 [ 151.096863][ T646] ? kernfs_new_node+0x170/0x170 [ 151.101781][ T646] ? ptr_to_hashval+0x60/0x60 [ 151.106437][ T646] ? arch_stack_walk+0xf8/0x140 [ 151.111267][ T646] ? snprintf+0xd6/0x120 [ 151.115501][ T646] kernfs_new_node+0x97/0x170 [ 151.120165][ T646] __kernfs_create_file+0x4a/0x270 [ 151.125268][ T646] cgroup_addrm_files+0xab8/0xfe0 [ 151.130274][ T646] ? ____kasan_kmalloc+0xdc/0x110 [ 151.135272][ T646] ? __kasan_kmalloc+0x9/0x10 [ 151.139920][ T646] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 151.145438][ T646] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 151.151562][ T646] ? delete_node+0x759/0x7b0 [ 151.156125][ T646] ? __kasan_check_read+0x11/0x20 [ 151.161126][ T646] ? delete_node+0x759/0x7b0 [ 151.165690][ T646] ? __kasan_check_write+0x14/0x20 [ 151.170775][ T646] ? idr_replace+0x1c4/0x230 [ 151.175348][ T646] ? idr_get_next+0x4b0/0x4b0 [ 151.180005][ T646] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 151.185007][ T646] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 151.190190][ T646] css_populate_dir+0x137/0x370 [ 151.195028][ T646] cgroup_apply_control_enable+0x8b9/0x12f0 [ 151.200923][ T646] cgroup_apply_control+0x93/0x710 [ 151.206020][ T646] ? css_next_child+0x160/0x160 [ 151.210843][ T646] ? stack_trace_save+0x12d/0x1f0 [ 151.215855][ T646] ? io_schedule+0x120/0x120 [ 151.220428][ T646] ? kernfs_fop_write_iter+0x15e/0x410 [ 151.225867][ T646] ? __kasan_check_write+0x14/0x20 [ 151.230962][ T646] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 151.236220][ T646] cgroup_subtree_control_write+0xd19/0x1310 [ 151.242173][ T646] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 151.248124][ T646] ? __kasan_check_write+0x14/0x20 [ 151.253219][ T646] ? _copy_from_iter+0x3fb/0xd60 [ 151.258137][ T646] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 151.264089][ T646] cgroup_file_write+0x28e/0x590 [ 151.269008][ T646] ? cgroup_seqfile_stop+0xc0/0xc0 [ 151.274099][ T646] ? mutex_lock+0xa6/0x110 [ 151.278494][ T646] ? mutex_trylock+0xb0/0xb0 [ 151.283063][ T646] ? __kasan_check_write+0x14/0x20 [ 151.288158][ T646] kernfs_fop_write_iter+0x2d0/0x410 [ 151.293426][ T646] ? cgroup_seqfile_stop+0xc0/0xc0 [ 151.298576][ T646] vfs_write+0xc1c/0xf40 [ 151.302818][ T646] ? __kasan_check_write+0x14/0x20 [ 151.307920][ T646] ? kernel_write+0x3c0/0x3c0 [ 151.312587][ T646] ? _raw_spin_unlock_irq+0x4e/0x70 [ 151.317758][ T646] ? ptrace_stop+0x6ff/0x9f0 [ 151.322322][ T646] ? __kasan_check_read+0x11/0x20 [ 151.327326][ T646] ? __fdget_pos+0x27e/0x310 [ 151.331900][ T646] ksys_write+0x198/0x2c0 [ 151.336209][ T646] ? do_notify_parent+0xa60/0xa60 [ 151.341212][ T646] ? __ia32_sys_read+0x90/0x90 [ 151.345946][ T646] ? __ia32_sys_open+0x270/0x270 [ 151.350857][ T646] __x64_sys_write+0x7b/0x90 [ 151.355420][ T646] do_syscall_64+0x34/0x70 [ 151.359808][ T646] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 151.365674][ T646] RIP: 0033:0x7fc8ece62c09 [ 151.370062][ T646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 151.389646][ T646] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 151.398052][ T646] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 151.406005][ T646] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 648] write(4, "-pids ", 6 [pid 646] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 646] close(3) = 0 [pid 646] close(4) = 0 [pid 646] close(5) = 0 [pid 646] close(6) = -1 EBADF (Bad file descriptor) [pid 646] close(7) = -1 EBADF (Bad file descriptor) [pid 646] close(8) = -1 EBADF (Bad file descriptor) [pid 646] close(9) = -1 EBADF (Bad file descriptor) [pid 646] close(10) = -1 EBADF (Bad file descriptor) [pid 646] close(11) = -1 EBADF (Bad file descriptor) [pid 646] close(12) = -1 EBADF (Bad file descriptor) [pid 646] close(13) = -1 EBADF (Bad file descriptor) [pid 646] close(14) = -1 EBADF (Bad file descriptor) [pid 646] close(15) = -1 EBADF (Bad file descriptor) [pid 646] close(16) = -1 EBADF (Bad file descriptor) [pid 646] close(17) = -1 EBADF (Bad file descriptor) [pid 646] close(18) = -1 EBADF (Bad file descriptor) [pid 646] close(19) = -1 EBADF (Bad file descriptor) [pid 646] close(20) = -1 EBADF (Bad file descriptor) [pid 646] close(21) = -1 EBADF (Bad file descriptor) [pid 646] close(22) = -1 EBADF (Bad file descriptor) [pid 646] close(23) = -1 EBADF (Bad file descriptor) [pid 646] close(24) = -1 EBADF (Bad file descriptor) [pid 646] close(25) = -1 EBADF (Bad file descriptor) [pid 646] close(26) = -1 EBADF (Bad file descriptor) [pid 646] close(27) = -1 EBADF (Bad file descriptor) [pid 646] close(28) = -1 EBADF (Bad file descriptor) [pid 646] close(29) = -1 EBADF (Bad file descriptor) [pid 646] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 646] exit_group(0) = ? [pid 646] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./44/binderfs") = 0 [pid 381] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./44/cgroup") = 0 [pid 381] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./44/cgroup.net") = 0 [pid 381] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [ 151.413954][ T646] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 151.421908][ T646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 151.429853][ T646] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 151.437979][ T646] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] close(4) = 0 [pid 381] rmdir("./44/file0") = 0 [pid 381] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./44/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./44") = 0 [pid 381] mkdir("./45", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 649 attached [pid 649] chdir("./45" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 47 [pid 649] <... chdir resumed>) = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 649] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 649] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 151.470395][ T645] FAULT_INJECTION: forcing a failure. [ 151.470395][ T645] name failslab, interval 1, probability 0, space 0, times 0 [ 151.483067][ T645] CPU: 1 PID: 645 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 151.494702][ T645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 151.504740][ T645] Call Trace: [ 151.508023][ T645] dump_stack_lvl+0x1e2/0x24b [ 151.512684][ T645] ? bfq_pos_tree_add_move+0x43e/0x43e [ 151.518123][ T645] ? selinux_kernfs_init_security+0x1a8/0x760 [ 151.524170][ T645] dump_stack+0x15/0x17 [ 151.528304][ T645] should_fail+0x3c0/0x510 [ 151.532703][ T645] ? __kernfs_new_node+0x99/0x6e0 [ 151.537707][ T645] __should_failslab+0x9f/0xe0 [ 151.542452][ T645] should_failslab+0x9/0x20 [ 151.546929][ T645] __kmalloc_track_caller+0x5f/0x350 [ 151.552199][ T645] kstrdup_const+0x55/0x90 [ 151.556605][ T645] __kernfs_new_node+0x99/0x6e0 [ 151.561435][ T645] ? is_module_text_address+0xe1/0x140 [ 151.566872][ T645] ? kernfs_new_node+0x170/0x170 [ 151.571790][ T645] ? ptr_to_hashval+0x60/0x60 [ 151.576436][ T645] ? arch_stack_walk+0xf8/0x140 [ 151.581265][ T645] ? snprintf+0xd6/0x120 [ 151.585506][ T645] kernfs_new_node+0x97/0x170 [ 151.590174][ T645] __kernfs_create_file+0x4a/0x270 [ 151.595262][ T645] cgroup_addrm_files+0xab8/0xfe0 [ 151.600369][ T645] ? ____kasan_kmalloc+0xdc/0x110 [ 151.605365][ T645] ? __kasan_kmalloc+0x9/0x10 [ 151.610020][ T645] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 151.615547][ T645] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 151.621682][ T645] ? delete_node+0x759/0x7b0 [ 151.626260][ T645] ? __kasan_check_read+0x11/0x20 [ 151.631264][ T645] ? delete_node+0x759/0x7b0 [ 151.635830][ T645] ? __kasan_check_write+0x14/0x20 [ 151.640924][ T645] ? idr_replace+0x1c4/0x230 [ 151.645508][ T645] ? idr_get_next+0x4b0/0x4b0 [ 151.650170][ T645] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 151.655179][ T645] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 151.660358][ T645] css_populate_dir+0x137/0x370 [ 151.665193][ T645] cgroup_apply_control_enable+0x8b9/0x12f0 [ 151.671073][ T645] cgroup_apply_control+0x93/0x710 [ 151.676157][ T645] ? css_next_child+0x160/0x160 [ 151.680988][ T645] ? stack_trace_save+0x12d/0x1f0 [ 151.686001][ T645] ? io_schedule+0x120/0x120 [ 151.690571][ T645] ? kernfs_fop_write_iter+0x15e/0x410 [ 151.696008][ T645] ? __kasan_check_write+0x14/0x20 [ 151.701110][ T645] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 151.706387][ T645] cgroup_subtree_control_write+0xd19/0x1310 [ 151.712350][ T645] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 151.718314][ T645] ? __kasan_check_write+0x14/0x20 [ 151.723414][ T645] ? _copy_from_iter+0x3fb/0xd60 [ 151.728337][ T645] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 151.734290][ T645] cgroup_file_write+0x28e/0x590 [ 151.739201][ T645] ? cgroup_seqfile_stop+0xc0/0xc0 [ 151.744287][ T645] ? mutex_lock+0xa6/0x110 [ 151.748678][ T645] ? mutex_trylock+0xb0/0xb0 [ 151.753242][ T645] ? __kasan_check_write+0x14/0x20 [ 151.758327][ T645] kernfs_fop_write_iter+0x2d0/0x410 [ 151.763582][ T645] ? cgroup_seqfile_stop+0xc0/0xc0 [ 151.768672][ T645] vfs_write+0xc1c/0xf40 [ 151.772894][ T645] ? __kasan_check_write+0x14/0x20 [ 151.778005][ T645] ? kernel_write+0x3c0/0x3c0 [ 151.782670][ T645] ? _raw_spin_unlock_irq+0x4e/0x70 [ 151.787854][ T645] ? ptrace_stop+0x6ff/0x9f0 [ 151.792414][ T645] ? __kasan_check_read+0x11/0x20 [ 151.797410][ T645] ? __fdget_pos+0x27e/0x310 [ 151.801979][ T645] ksys_write+0x198/0x2c0 [ 151.806291][ T645] ? do_notify_parent+0xa60/0xa60 [ 151.811294][ T645] ? __ia32_sys_read+0x90/0x90 [ 151.816041][ T645] ? __ia32_sys_open+0x270/0x270 [ 151.820959][ T645] __x64_sys_write+0x7b/0x90 [ 151.825520][ T645] do_syscall_64+0x34/0x70 [ 151.829912][ T645] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 151.837702][ T645] RIP: 0033:0x7fc8ece62c09 [ 151.842106][ T645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 151.861693][ T645] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 649] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 645] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 649] <... mount resumed>) = 0 [pid 649] open("./file0", O_RDONLY [pid 645] close(3 [pid 649] <... open resumed>) = 3 [pid 649] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 649] write(4, "-pids ", 6 [pid 645] <... close resumed>) = 0 [pid 645] close(4) = 0 [pid 645] close(5) = 0 [pid 645] close(6) = -1 EBADF (Bad file descriptor) [pid 645] close(7) = -1 EBADF (Bad file descriptor) [pid 645] close(8) = -1 EBADF (Bad file descriptor) [pid 645] close(9) = -1 EBADF (Bad file descriptor) [pid 645] close(10) = -1 EBADF (Bad file descriptor) [pid 645] close(11) = -1 EBADF (Bad file descriptor) [pid 645] close(12) = -1 EBADF (Bad file descriptor) [pid 645] close(13) = -1 EBADF (Bad file descriptor) [pid 645] close(14) = -1 EBADF (Bad file descriptor) [pid 645] close(15) = -1 EBADF (Bad file descriptor) [pid 645] close(16) = -1 EBADF (Bad file descriptor) [pid 645] close(17) = -1 EBADF (Bad file descriptor) [pid 645] close(18) = -1 EBADF (Bad file descriptor) [pid 645] close(19) = -1 EBADF (Bad file descriptor) [pid 645] close(20) = -1 EBADF (Bad file descriptor) [pid 645] close(21) = -1 EBADF (Bad file descriptor) [pid 645] close(22) = -1 EBADF (Bad file descriptor) [pid 645] close(23) = -1 EBADF (Bad file descriptor) [pid 645] close(24) = -1 EBADF (Bad file descriptor) [pid 645] close(25) = -1 EBADF (Bad file descriptor) [pid 645] close(26) = -1 EBADF (Bad file descriptor) [pid 645] close(27) = -1 EBADF (Bad file descriptor) [pid 645] close(28) = -1 EBADF (Bad file descriptor) [pid 645] close(29) = -1 EBADF (Bad file descriptor) [pid 645] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 645] exit_group(0) = ? [pid 645] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./42/binderfs") = 0 [pid 376] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./42/cgroup") = 0 [pid 376] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.870104][ T645] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 151.878063][ T645] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 151.886020][ T645] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 151.893967][ T645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 151.901916][ T645] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [ 151.911590][ T645] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 376] lstat("./42/cgroup.net", [pid 649] <... write resumed>) = 6 [pid 648] <... write resumed>) = 6 [pid 649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 649] write(5, "22", 2) = 2 [pid 649] write(4, "+pids ", 6 [pid 648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 648] write(5, "22", 2) = 2 [pid 648] write(4, "+pids ", 6 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./42/cgroup.net") = 0 [ 151.930588][ T641] FAULT_INJECTION: forcing a failure. [ 151.930588][ T641] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 151.944777][ T641] CPU: 1 PID: 641 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 151.956398][ T641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 151.966436][ T641] Call Trace: [ 151.969715][ T641] dump_stack_lvl+0x1e2/0x24b [ 151.974376][ T641] ? bfq_pos_tree_add_move+0x43e/0x43e [ 151.979808][ T641] ? __kasan_check_write+0x14/0x20 [ 151.984894][ T641] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 151.989983][ T641] dump_stack+0x15/0x17 [ 151.994113][ T641] should_fail+0x3c0/0x510 [ 151.998513][ T641] should_fail_alloc_page+0x50/0x60 [ 152.003699][ T641] __alloc_pages_nodemask+0x1c0/0x890 [ 152.009043][ T641] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 152.015170][ T641] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 152.020688][ T641] allocate_slab+0x78/0x540 [ 152.025165][ T641] ___slab_alloc+0x131/0x2e0 [ 152.029735][ T641] ? pids_css_alloc+0x4e/0x120 [ 152.034477][ T641] __slab_alloc+0x63/0xa0 [ 152.038788][ T641] ? pids_css_alloc+0x4e/0x120 [ 152.043537][ T641] kmem_cache_alloc_trace+0x20e/0x330 [ 152.048884][ T641] ? pids_css_alloc+0x4e/0x120 [ 152.053628][ T641] pids_css_alloc+0x4e/0x120 [ 152.058195][ T641] cgroup_apply_control_enable+0x350/0x12f0 [ 152.064070][ T641] cgroup_apply_control+0x93/0x710 [ 152.069166][ T641] ? css_next_child+0x160/0x160 [ 152.073989][ T641] ? io_schedule+0x120/0x120 [ 152.078552][ T641] ? kernfs_fop_write_iter+0x15e/0x410 [ 152.083983][ T641] ? __kasan_check_write+0x14/0x20 [ 152.089068][ T641] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 152.094330][ T641] cgroup_subtree_control_write+0xd19/0x1310 [ 152.100381][ T641] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.106340][ T641] ? __kasan_check_write+0x14/0x20 [ 152.111430][ T641] ? _copy_from_iter+0x3fb/0xd60 [ 152.116353][ T641] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.122317][ T641] cgroup_file_write+0x28e/0x590 [pid 376] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] kill(-42, SIGKILL) = 0 [pid 380] kill(42, SIGKILL) = 0 [ 152.127224][ T641] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.132316][ T641] ? mutex_lock+0xa6/0x110 [ 152.136712][ T641] ? mutex_trylock+0xb0/0xb0 [ 152.141273][ T641] ? __kasan_check_write+0x14/0x20 [ 152.146355][ T641] kernfs_fop_write_iter+0x2d0/0x410 [ 152.151613][ T641] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.156696][ T641] vfs_write+0xc1c/0xf40 [ 152.160909][ T641] ? __kasan_check_write+0x14/0x20 [ 152.166031][ T641] ? kernel_write+0x3c0/0x3c0 [ 152.170686][ T641] ? _raw_spin_unlock_irq+0x4e/0x70 [ 152.175868][ T641] ? ptrace_stop+0x6ff/0x9f0 [ 152.180457][ T641] ? __kasan_check_read+0x11/0x20 [ 152.185468][ T641] ? __fdget_pos+0x27e/0x310 [ 152.190031][ T641] ksys_write+0x198/0x2c0 [ 152.194332][ T641] ? do_notify_parent+0xa60/0xa60 [ 152.199326][ T641] ? __ia32_sys_read+0x90/0x90 [ 152.204058][ T641] ? __ia32_sys_open+0x270/0x270 [ 152.208969][ T641] __x64_sys_write+0x7b/0x90 [ 152.213533][ T641] do_syscall_64+0x34/0x70 [ 152.217928][ T641] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 152.223795][ T641] RIP: 0033:0x7fc8ece62c09 [ 152.228182][ T641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.247757][ T641] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 152.256138][ T641] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 152.264084][ T641] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 152.272033][ T641] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [pid 649] <... write resumed>) = 6 [pid 647] <... write resumed>) = 6 [pid 644] <... write resumed>) = 6 [pid 641] <... write resumed>) = ? [pid 376] <... umount2 resumed>) = 0 [pid 649] close(3 [pid 647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 644] close(3 [pid 376] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 649] <... close resumed>) = 0 [pid 647] <... openat resumed>) = 5 [pid 644] <... close resumed>) = 0 [pid 641] +++ killed by SIGKILL +++ [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 649] close(4 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=42, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 376] lstat("./42/file0", [pid 649] <... close resumed>) = 0 [pid 376] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 649] close(5 [pid 376] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 649] <... close resumed>) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 649] close(6 [pid 376] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... openat resumed>) = 4 [pid 649] close(7 [pid 376] fstat(4, [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 649] close(8 [pid 376] getdents64(4, [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 649] close(9 [pid 376] getdents64(4, [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 649] close(10 [pid 376] close(4 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... close resumed>) = 0 [pid 649] close(11 [pid 376] rmdir("./42/file0" [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 647] write(5, "22", 2 [pid 380] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... rmdir resumed>) = 0 [pid 644] close(4 [pid 649] close(12 [pid 647] <... write resumed>) = 2 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 647] write(4, "+pids ", 6 [pid 644] <... close resumed>) = 0 [pid 380] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 649] close(13 [pid 644] close(5 [pid 380] <... openat resumed>) = 3 [pid 376] lstat("./42/cgroup.cpu", [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = 0 [pid 380] fstat(3, [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 649] close(14 [pid 644] close(6 [pid 380] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] unlink("./42/cgroup.cpu" [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] getdents64(3, [pid 376] <... unlink resumed>) = 0 [pid 649] close(15 [pid 644] close(7 [pid 380] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] getdents64(3, [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 649] close(16 [pid 644] close(8 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] close(3 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] lstat("./40/binderfs", [pid 376] <... close resumed>) = 0 [pid 649] close(17 [pid 644] close(9 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] rmdir("./42" [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] unlink("./40/binderfs" [pid 376] <... rmdir resumed>) = 0 [pid 649] close(18 [pid 644] close(10 [pid 380] <... unlink resumed>) = 0 [pid 376] mkdir("./43", 0777 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... mkdir resumed>) = 0 [pid 649] close(19 [pid 644] close(11 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] lstat("./40/cgroup", ./strace-static-x86_64: Process 650 attached [pid 649] close(20 [pid 644] close(12 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 45 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] unlink("./40/cgroup" [pid 650] chdir("./43" [pid 649] close(21 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... unlink resumed>) = 0 [pid 650] <... chdir resumed>) = 0 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] close(13 [pid 380] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 650] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 649] close(22 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 650] <... prctl resumed>) = 0 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] close(14 [pid 380] lstat("./40/cgroup.net", [pid 650] setpgid(0, 0 [pid 649] close(23 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 650] <... setpgid resumed>) = 0 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] close(15 [pid 380] unlink("./40/cgroup.net" [pid 650] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 649] close(24 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... unlink resumed>) = 0 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 650] <... symlink resumed>) = 0 [pid 649] close(25 [pid 644] close(16 [pid 380] <... umount2 resumed>) = 0 [pid 650] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 649] close(26 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] lstat("./40/file0", [pid 650] <... symlink resumed>) = 0 [pid 649] close(27 [pid 644] close(17 [pid 380] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 650] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 649] close(28 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 650] <... symlink resumed>) = 0 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 649] close(29 [pid 644] close(18 [pid 380] <... openat resumed>) = 4 [pid 649] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] fstat(4, write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 650] <... openat resumed>) = 3 [pid 649] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 650] write(3, "1000", 4 [pid 649] <... write resumed>) = 89 [pid 644] close(19 [pid 380] getdents64(4, [pid 650] <... write resumed>) = 4 [pid 649] exit_group(0 [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 649] <... exit_group resumed>) = ? [pid 380] getdents64(4, [pid 650] close(3 [pid 649] +++ exited with 0 +++ [pid 644] close(20 [pid 380] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 380] close(4 [pid 381] restart_syscall(<... resuming interrupted clone ...> [pid 380] <... close resumed>) = 0 [pid 381] <... restart_syscall resumed>) = 0 [pid 380] rmdir("./40/file0") = 0 [pid 380] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./40/cgroup.cpu", [pid 381] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] <... openat resumed>) = 3 [pid 380] unlink("./40/cgroup.cpu" [pid 381] fstat(3, [pid 380] <... unlink resumed>) = 0 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, [pid 381] getdents64(3, [pid 380] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] close(3 [pid 381] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... close resumed>) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] rmdir("./40" [pid 381] lstat("./45/binderfs", [pid 380] <... rmdir resumed>) = 0 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] mkdir("./41", 0777 [pid 381] unlink("./45/binderfs" [pid 380] <... mkdir resumed>) = 0 [pid 381] <... unlink resumed>) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 651 attached [pid 381] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 651] chdir("./41" [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 43 [pid 651] <... chdir resumed>) = 0 [pid 381] lstat("./45/cgroup", [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 651] <... prctl resumed>) = 0 [pid 381] unlink("./45/cgroup" [pid 651] setpgid(0, 0 [pid 381] <... unlink resumed>) = 0 [pid 651] <... setpgid resumed>) = 0 [pid 381] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 651] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 651] <... symlink resumed>) = 0 [pid 381] lstat("./45/cgroup.net", [pid 651] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 651] <... symlink resumed>) = 0 [pid 381] unlink("./45/cgroup.net" [pid 651] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 381] <... unlink resumed>) = 0 [pid 651] <... symlink resumed>) = 0 [pid 381] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 651] write(3, "1000", 4) = 4 [pid 651] close(3) = 0 [pid 651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 651] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 651] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 650] <... close resumed>) = 0 [pid 650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 650] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 650] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 644] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 644] close(21) = -1 EBADF (Bad file descriptor) [pid 644] close(22) = -1 EBADF (Bad file descriptor) [pid 644] close(23) = -1 EBADF (Bad file descriptor) [pid 644] close(24) = -1 EBADF (Bad file descriptor) [pid 644] close(25) = -1 EBADF (Bad file descriptor) [pid 644] close(26) = -1 EBADF (Bad file descriptor) [pid 644] close(27) = -1 EBADF (Bad file descriptor) [pid 644] close(28) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 644] close(29) = -1 EBADF (Bad file descriptor) [pid 644] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 644] exit_group(0) = ? [pid 644] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=39, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 383] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] <... umount2 resumed>) = 0 [pid 383] lstat("./37/binderfs", [pid 381] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] unlink("./37/binderfs" [pid 381] lstat("./45/file0", [pid 383] <... unlink resumed>) = 0 [pid 381] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./37/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./37/cgroup", [pid 381] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] <... openat resumed>) = 4 [pid 383] unlink("./37/cgroup" [pid 381] fstat(4, [pid 383] <... unlink resumed>) = 0 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./37/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] getdents64(4, [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] lstat("./37/cgroup.net", [pid 381] getdents64(4, [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] unlink("./37/cgroup.net" [pid 381] close(4 [pid 383] <... unlink resumed>) = 0 [pid 381] <... close resumed>) = 0 [pid 383] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] rmdir("./45/file0") = 0 [pid 381] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./45/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./45") = 0 [pid 381] mkdir("./46", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 48 ./strace-static-x86_64: Process 652 attached [pid 652] chdir("./46") = 0 [pid 652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 652] setpgid(0, 0) = 0 [pid 652] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 152.279976][ T641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 152.288274][ T641] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [ 152.311412][ T647] FAULT_INJECTION: forcing a failure. [ 152.311412][ T647] name failslab, interval 1, probability 0, space 0, times 0 [pid 652] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 652] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 652] write(3, "1000", 4) = 4 [pid 652] close(3) = 0 [pid 652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 652] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 152.324496][ T647] CPU: 1 PID: 647 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 152.336118][ T647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 152.346153][ T647] Call Trace: [ 152.349428][ T647] dump_stack_lvl+0x1e2/0x24b [ 152.354087][ T647] ? panic+0x7d7/0x7d7 [ 152.358140][ T647] ? bfq_pos_tree_add_move+0x43e/0x43e [ 152.363574][ T647] ? find_next_bit+0xd6/0x120 [ 152.368231][ T647] ? cpumask_next+0x11/0x30 [ 152.372724][ T647] dump_stack+0x15/0x17 [ 152.376863][ T647] should_fail+0x3c0/0x510 [ 152.381259][ T647] ? percpu_ref_init+0xd0/0x330 [ 152.386082][ T647] __should_failslab+0x9f/0xe0 [ 152.390822][ T647] should_failslab+0x9/0x20 [ 152.395309][ T647] kmem_cache_alloc_trace+0x3a/0x330 [ 152.400571][ T647] percpu_ref_init+0xd0/0x330 [ 152.405334][ T647] ? cgroup_setup_root+0xea0/0xea0 [ 152.410441][ T647] cgroup_apply_control_enable+0x3a2/0x12f0 [ 152.416326][ T647] cgroup_apply_control+0x93/0x710 [ 152.421427][ T647] ? css_next_child+0x160/0x160 [ 152.426253][ T647] ? stack_trace_save+0x12d/0x1f0 [ 152.431251][ T647] ? io_schedule+0x120/0x120 [ 152.435825][ T647] ? kernfs_fop_write_iter+0x15e/0x410 [ 152.441264][ T647] ? __kasan_check_write+0x14/0x20 [ 152.446359][ T647] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 152.451620][ T647] cgroup_subtree_control_write+0xd19/0x1310 [ 152.457573][ T647] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.463526][ T647] ? __kasan_check_write+0x14/0x20 [ 152.468611][ T647] ? _copy_from_iter+0x3fb/0xd60 [ 152.473523][ T647] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.479500][ T647] cgroup_file_write+0x28e/0x590 [ 152.484428][ T647] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.489521][ T647] ? mutex_lock+0xa6/0x110 [ 152.493921][ T647] ? mutex_trylock+0xb0/0xb0 [ 152.498492][ T647] ? __kasan_check_write+0x14/0x20 [ 152.503585][ T647] kernfs_fop_write_iter+0x2d0/0x410 [ 152.508850][ T647] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.513946][ T647] vfs_write+0xc1c/0xf40 [ 152.518164][ T647] ? __kasan_check_write+0x14/0x20 [ 152.523257][ T647] ? kernel_write+0x3c0/0x3c0 [ 152.527930][ T647] ? _raw_spin_unlock_irq+0x4e/0x70 [ 152.533112][ T647] ? ptrace_stop+0x6ff/0x9f0 [ 152.537684][ T647] ? __kasan_check_read+0x11/0x20 [ 152.542681][ T647] ? __fdget_pos+0x27e/0x310 [ 152.547250][ T647] ksys_write+0x198/0x2c0 [ 152.551577][ T647] ? do_notify_parent+0xa60/0xa60 [ 152.556609][ T647] ? __ia32_sys_read+0x90/0x90 [ 152.561353][ T647] ? __ia32_sys_open+0x270/0x270 [ 152.566274][ T647] __x64_sys_write+0x7b/0x90 [ 152.570835][ T647] do_syscall_64+0x34/0x70 [ 152.575226][ T647] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 152.581100][ T647] RIP: 0033:0x7fc8ece62c09 [ 152.585507][ T647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 152.605100][ T647] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 152.613506][ T647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 152.621465][ T647] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 652] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 651] <... mount resumed>) = 0 [pid 650] <... mount resumed>) = 0 [pid 647] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 383] <... umount2 resumed>) = 0 [pid 652] open("./file0", O_RDONLY [pid 651] open("./file0", O_RDONLY [pid 650] open("./file0", O_RDONLY [pid 652] <... open resumed>) = 3 [pid 651] <... open resumed>) = 3 [pid 650] <... open resumed>) = 3 [pid 647] close(3 [pid 383] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 652] openat(3, "cgroup.subtree_control", O_RDWR [pid 651] openat(3, "cgroup.subtree_control", O_RDWR [pid 650] openat(3, "cgroup.subtree_control", O_RDWR [pid 651] <... openat resumed>) = 4 [pid 650] <... openat resumed>) = 4 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 651] write(4, "-pids ", 6 [pid 650] write(4, "-pids ", 6 [pid 652] <... openat resumed>) = 4 [pid 383] lstat("./37/file0", [pid 647] <... close resumed>) = 0 [pid 647] close(4) = 0 [pid 647] close(5) = 0 [pid 647] close(6) = -1 EBADF (Bad file descriptor) [pid 647] close(7) = -1 EBADF (Bad file descriptor) [pid 647] close(8) = -1 EBADF (Bad file descriptor) [pid 647] close(9) = -1 EBADF (Bad file descriptor) [pid 647] close(10) = -1 EBADF (Bad file descriptor) [pid 647] close(11) = -1 EBADF (Bad file descriptor) [pid 647] close(12) = -1 EBADF (Bad file descriptor) [pid 647] close(13) = -1 EBADF (Bad file descriptor) [pid 647] close(14) = -1 EBADF (Bad file descriptor) [pid 647] close(15) = -1 EBADF (Bad file descriptor) [pid 647] close(16) = -1 EBADF (Bad file descriptor) [pid 647] close(17) = -1 EBADF (Bad file descriptor) [pid 647] close(18) = -1 EBADF (Bad file descriptor) [pid 647] close(19) = -1 EBADF (Bad file descriptor) [pid 647] close(20) = -1 EBADF (Bad file descriptor) [pid 647] close(21) = -1 EBADF (Bad file descriptor) [pid 647] close(22) = -1 EBADF (Bad file descriptor) [pid 647] close(23) = -1 EBADF (Bad file descriptor) [pid 647] close(24) = -1 EBADF (Bad file descriptor) [pid 647] close(25) = -1 EBADF (Bad file descriptor) [pid 647] close(26) = -1 EBADF (Bad file descriptor) [pid 647] close(27) = -1 EBADF (Bad file descriptor) [pid 647] close(28) = -1 EBADF (Bad file descriptor) [pid 647] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 647] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 647] exit_group(0) = ? [pid 652] write(4, "-pids ", 6 [pid 647] +++ exited with 0 +++ [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... openat resumed>) = 4 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] fstat(4, [pid 375] <... openat resumed>) = 3 [pid 383] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] fstat(3, [pid 383] getdents64(4, [pid 375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] getdents64(4, [pid 375] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] close(4 [pid 375] lstat("./47/binderfs", [pid 383] <... close resumed>) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] rmdir("./37/file0" [pid 375] unlink("./47/binderfs" [pid 383] <... rmdir resumed>) = 0 [pid 375] <... unlink resumed>) = 0 [pid 383] umount2("./37/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./37/cgroup.cpu", [pid 375] lstat("./47/cgroup", [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./37/cgroup.cpu" [pid 375] unlink("./47/cgroup" [pid 383] <... unlink resumed>) = 0 [pid 375] <... unlink resumed>) = 0 [pid 375] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] getdents64(3, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./47/cgroup.net", [pid 383] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] close(3 [pid 375] unlink("./47/cgroup.net" [pid 383] <... close resumed>) = 0 [pid 375] <... unlink resumed>) = 0 [pid 383] rmdir("./37" [pid 375] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] <... rmdir resumed>) = 0 [pid 375] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] mkdir("./38", 0777 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] <... mkdir resumed>) = 0 [pid 375] <... openat resumed>) = 4 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./47/file0"./strace-static-x86_64: Process 653 attached ) = 0 [pid 375] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 40 [pid 653] chdir("./38" [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 653] <... chdir resumed>) = 0 [pid 375] lstat("./47/cgroup.cpu", [pid 653] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 653] <... prctl resumed>) = 0 [pid 375] unlink("./47/cgroup.cpu" [pid 653] setpgid(0, 0 [pid 375] <... unlink resumed>) = 0 [pid 653] <... setpgid resumed>) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 653] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 375] rmdir("./47" [pid 653] <... symlink resumed>) = 0 [pid 375] <... rmdir resumed>) = 0 [pid 653] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 375] mkdir("./48", 0777 [pid 653] <... symlink resumed>) = 0 [pid 375] <... mkdir resumed>) = 0 [pid 653] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 654 attached [pid 653] <... symlink resumed>) = 0 [pid 654] chdir("./48" [pid 653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 50 [pid 654] <... chdir resumed>) = 0 [pid 654] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 653] <... openat resumed>) = 3 [pid 654] <... prctl resumed>) = 0 [pid 654] setpgid(0, 0 [pid 653] write(3, "1000", 4 [pid 654] <... setpgid resumed>) = 0 [pid 654] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 653] <... write resumed>) = 4 [pid 654] <... symlink resumed>) = 0 [pid 654] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 653] close(3 [pid 654] <... symlink resumed>) = 0 [pid 654] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 653] <... close resumed>) = 0 [pid 654] <... symlink resumed>) = 0 [pid 653] symlink("/dev/binderfs", "./binderfs" [pid 654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 653] <... symlink resumed>) = 0 [pid 654] write(3, "1000", 4 [pid 653] mkdirat(AT_FDCWD, "./file0", 000 [pid 654] <... write resumed>) = 4 [pid 654] close(3) = 0 [pid 654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 653] <... mkdirat resumed>) = 0 [pid 654] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 653] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 654] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 653] <... mount resumed>) = 0 [pid 654] open("./file0", O_RDONLY) = 3 [pid 653] open("./file0", O_RDONLY [pid 654] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 653] <... open resumed>) = 3 [pid 654] write(4, "-pids ", 6 [pid 653] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 653] write(4, "-pids ", 6 [pid 654] <... write resumed>) = 6 [pid 651] <... write resumed>) = 6 [pid 650] <... write resumed>) = 6 [pid 654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 652] <... write resumed>) = 6 [ 152.629413][ T647] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 152.637374][ T647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 152.645350][ T647] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [pid 651] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 654] <... openat resumed>) = 5 [pid 651] <... openat resumed>) = 5 [pid 654] write(5, "22", 2 [pid 651] write(5, "22", 2 [pid 654] <... write resumed>) = 2 [pid 651] <... write resumed>) = 2 [pid 654] write(4, "+pids ", 6 [pid 651] write(4, "+pids ", 6 [pid 650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 650] write(5, "22", 2) = 2 [pid 650] write(4, "+pids ", 6 [pid 652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 652] write(5, "22", 2) = 2 [ 152.690514][ T648] FAULT_INJECTION: forcing a failure. [ 152.690514][ T648] name failslab, interval 1, probability 0, space 0, times 0 [ 152.703231][ T648] CPU: 1 PID: 648 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 152.714840][ T648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 152.724874][ T648] Call Trace: [ 152.728155][ T648] dump_stack_lvl+0x1e2/0x24b [ 152.732813][ T648] ? bfq_pos_tree_add_move+0x43e/0x43e [ 152.738256][ T648] ? selinux_kernfs_init_security+0x1a8/0x760 [ 152.744306][ T648] dump_stack+0x15/0x17 [ 152.748439][ T648] should_fail+0x3c0/0x510 [ 152.752853][ T648] ? __kernfs_new_node+0x99/0x6e0 [ 152.757864][ T648] __should_failslab+0x9f/0xe0 [ 152.762606][ T648] should_failslab+0x9/0x20 [ 152.767084][ T648] __kmalloc_track_caller+0x5f/0x350 [ 152.772351][ T648] kstrdup_const+0x55/0x90 [ 152.776740][ T648] __kernfs_new_node+0x99/0x6e0 [ 152.781562][ T648] ? is_module_text_address+0xe1/0x140 [ 152.786999][ T648] ? kernfs_new_node+0x170/0x170 [ 152.791919][ T648] ? ptr_to_hashval+0x60/0x60 [ 152.796567][ T648] ? arch_stack_walk+0xf8/0x140 [ 152.801397][ T648] ? snprintf+0xd6/0x120 [ 152.805621][ T648] kernfs_new_node+0x97/0x170 [ 152.810277][ T648] __kernfs_create_file+0x4a/0x270 [ 152.815371][ T648] cgroup_addrm_files+0xab8/0xfe0 [ 152.820368][ T648] ? ____kasan_kmalloc+0xdc/0x110 [ 152.825372][ T648] ? __kasan_kmalloc+0x9/0x10 [ 152.830036][ T648] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 152.835562][ T648] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 152.841699][ T648] ? delete_node+0x759/0x7b0 [ 152.846260][ T648] ? __kasan_check_read+0x11/0x20 [ 152.851254][ T648] ? delete_node+0x759/0x7b0 [ 152.855821][ T648] ? __kasan_check_write+0x14/0x20 [ 152.860916][ T648] ? idr_replace+0x1c4/0x230 [ 152.865475][ T648] ? idr_get_next+0x4b0/0x4b0 [ 152.870122][ T648] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 152.875124][ T648] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 152.880304][ T648] css_populate_dir+0x137/0x370 [ 152.885134][ T648] cgroup_apply_control_enable+0x8b9/0x12f0 [ 152.891019][ T648] cgroup_apply_control+0x93/0x710 [ 152.896109][ T648] ? css_next_child+0x160/0x160 [ 152.900933][ T648] ? io_schedule+0x120/0x120 [ 152.905506][ T648] ? __kasan_check_write+0x14/0x20 [ 152.910600][ T648] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 152.915867][ T648] cgroup_subtree_control_write+0xd19/0x1310 [ 152.921936][ T648] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.927906][ T648] ? __kasan_check_write+0x14/0x20 [ 152.932993][ T648] ? _copy_from_iter+0x3fb/0xd60 [ 152.937910][ T648] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 152.943875][ T648] cgroup_file_write+0x28e/0x590 [ 152.948795][ T648] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.953875][ T648] ? mutex_lock+0xa6/0x110 [ 152.958261][ T648] ? mutex_trylock+0xb0/0xb0 [ 152.962827][ T648] ? __kasan_check_write+0x14/0x20 [ 152.967916][ T648] kernfs_fop_write_iter+0x2d0/0x410 [ 152.973184][ T648] ? cgroup_seqfile_stop+0xc0/0xc0 [ 152.978274][ T648] vfs_write+0xc1c/0xf40 [ 152.982488][ T648] ? __kasan_check_write+0x14/0x20 [ 152.987570][ T648] ? kernel_write+0x3c0/0x3c0 [ 152.992216][ T648] ? _raw_spin_unlock_irq+0x4e/0x70 [ 152.997393][ T648] ? ptrace_stop+0x6ff/0x9f0 [ 153.001971][ T648] ? __kasan_check_read+0x11/0x20 [ 153.006973][ T648] ? __fdget_pos+0x27e/0x310 [ 153.011535][ T648] ksys_write+0x198/0x2c0 [ 153.015841][ T648] ? do_notify_parent+0xa60/0xa60 [ 153.020838][ T648] ? __ia32_sys_read+0x90/0x90 [ 153.025580][ T648] ? __ia32_sys_open+0x270/0x270 [ 153.030497][ T648] __x64_sys_write+0x7b/0x90 [ 153.035058][ T648] do_syscall_64+0x34/0x70 [ 153.039444][ T648] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 153.045313][ T648] RIP: 0033:0x7fc8ece62c09 [ 153.049702][ T648] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.069279][ T648] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 153.077661][ T648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 652] write(4, "+pids ", 6 [pid 648] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 648] close(3) = 0 [pid 648] close(4) = 0 [pid 648] close(5) = 0 [pid 648] close(6) = -1 EBADF (Bad file descriptor) [pid 648] close(7) = -1 EBADF (Bad file descriptor) [pid 648] close(8) = -1 EBADF (Bad file descriptor) [pid 648] close(9) = -1 EBADF (Bad file descriptor) [pid 648] close(10) = -1 EBADF (Bad file descriptor) [pid 648] close(11) = -1 EBADF (Bad file descriptor) [pid 648] close(12) = -1 EBADF (Bad file descriptor) [pid 648] close(13) = -1 EBADF (Bad file descriptor) [pid 648] close(14) = -1 EBADF (Bad file descriptor) [pid 648] close(15) = -1 EBADF (Bad file descriptor) [pid 648] close(16) = -1 EBADF (Bad file descriptor) [pid 648] close(17) = -1 EBADF (Bad file descriptor) [pid 648] close(18) = -1 EBADF (Bad file descriptor) [pid 648] close(19) = -1 EBADF (Bad file descriptor) [pid 648] close(20) = -1 EBADF (Bad file descriptor) [pid 648] close(21) = -1 EBADF (Bad file descriptor) [pid 648] close(22) = -1 EBADF (Bad file descriptor) [pid 648] close(23) = -1 EBADF (Bad file descriptor) [pid 648] close(24) = -1 EBADF (Bad file descriptor) [pid 648] close(25) = -1 EBADF (Bad file descriptor) [pid 648] close(26) = -1 EBADF (Bad file descriptor) [pid 648] close(27) = -1 EBADF (Bad file descriptor) [pid 648] close(28) = -1 EBADF (Bad file descriptor) [pid 648] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 648] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 648] exit_group(0) = ? [pid 648] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./47/binderfs") = 0 [pid 382] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./47/cgroup") = 0 [pid 382] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./47/cgroup.net") = 0 [pid 382] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./47/file0") = 0 [pid 382] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./47/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./47") = 0 [pid 382] mkdir("./48", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 655 attached , child_tidptr=0x555556fab5d0) = 50 [pid 655] chdir("./48") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 655] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 655] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 655] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 655] open("./file0", O_RDONLY) = 3 [pid 655] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 153.085604][ T648] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 153.093549][ T648] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 153.101500][ T648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 153.109458][ T648] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [ 153.118299][ T648] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 153.140522][ T654] FAULT_INJECTION: forcing a failure. [ 153.140522][ T654] name failslab, interval 1, probability 0, space 0, times 0 [ 153.153206][ T654] CPU: 0 PID: 654 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 153.164808][ T654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.174840][ T654] Call Trace: [ 153.178109][ T654] dump_stack_lvl+0x1e2/0x24b [ 153.182762][ T654] ? panic+0x7d7/0x7d7 [ 153.186810][ T654] ? bfq_pos_tree_add_move+0x43e/0x43e [ 153.192243][ T654] ? find_next_bit+0xd6/0x120 [ 153.196896][ T654] ? cpumask_next+0x11/0x30 [ 153.201374][ T654] dump_stack+0x15/0x17 [ 153.205508][ T654] should_fail+0x3c0/0x510 [ 153.209899][ T654] ? percpu_ref_init+0xd0/0x330 [ 153.214727][ T654] __should_failslab+0x9f/0xe0 [ 153.219467][ T654] should_failslab+0x9/0x20 [ 153.223948][ T654] kmem_cache_alloc_trace+0x3a/0x330 [ 153.229210][ T654] percpu_ref_init+0xd0/0x330 [ 153.233865][ T654] ? cgroup_setup_root+0xea0/0xea0 [ 153.238952][ T654] cgroup_apply_control_enable+0x3a2/0x12f0 [ 153.244824][ T654] cgroup_apply_control+0x93/0x710 [ 153.249932][ T654] ? css_next_child+0x160/0x160 [ 153.254757][ T654] ? stack_trace_save+0x12d/0x1f0 [ 153.259758][ T654] ? io_schedule+0x120/0x120 [ 153.264332][ T654] ? kernfs_fop_write_iter+0x15e/0x410 [ 153.269765][ T654] ? __kasan_check_write+0x14/0x20 [ 153.274850][ T654] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 153.280113][ T654] cgroup_subtree_control_write+0xd19/0x1310 [ 153.286068][ T654] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 153.292020][ T654] ? __kasan_check_write+0x14/0x20 [ 153.297106][ T654] ? _copy_from_iter+0x3fb/0xd60 [ 153.302022][ T654] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 153.307980][ T654] cgroup_file_write+0x28e/0x590 [ 153.312904][ T654] ? cgroup_seqfile_stop+0xc0/0xc0 [ 153.317994][ T654] ? mutex_lock+0xa6/0x110 [ 153.322388][ T654] ? mutex_trylock+0xb0/0xb0 [ 153.326956][ T654] ? __kasan_check_write+0x14/0x20 [ 153.332044][ T654] kernfs_fop_write_iter+0x2d0/0x410 [ 153.337304][ T654] ? cgroup_seqfile_stop+0xc0/0xc0 [ 153.342393][ T654] vfs_write+0xc1c/0xf40 [ 153.346614][ T654] ? __kasan_check_write+0x14/0x20 [ 153.351703][ T654] ? kernel_write+0x3c0/0x3c0 [ 153.356359][ T654] ? _raw_spin_unlock_irq+0x4e/0x70 [ 153.361535][ T654] ? ptrace_stop+0x6ff/0x9f0 [ 153.366104][ T654] ? __kasan_check_read+0x11/0x20 [ 153.371107][ T654] ? __fdget_pos+0x27e/0x310 [ 153.375676][ T654] ksys_write+0x198/0x2c0 [ 153.379985][ T654] ? do_notify_parent+0xa60/0xa60 [ 153.384984][ T654] ? __ia32_sys_read+0x90/0x90 [ 153.389726][ T654] ? __ia32_sys_open+0x270/0x270 [ 153.394638][ T654] __x64_sys_write+0x7b/0x90 [ 153.399205][ T654] do_syscall_64+0x34/0x70 [ 153.403599][ T654] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 153.409466][ T654] RIP: 0033:0x7fc8ece62c09 [ 153.413862][ T654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.433442][ T654] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 655] write(4, "-pids ", 6 [pid 654] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 654] close(3) = 0 [pid 654] close(4) = 0 [pid 654] close(5) = 0 [pid 654] close(6) = -1 EBADF (Bad file descriptor) [pid 654] close(7) = -1 EBADF (Bad file descriptor) [pid 654] close(8) = -1 EBADF (Bad file descriptor) [pid 654] close(9) = -1 EBADF (Bad file descriptor) [pid 654] close(10) = -1 EBADF (Bad file descriptor) [pid 654] close(11) = -1 EBADF (Bad file descriptor) [pid 654] close(12) = -1 EBADF (Bad file descriptor) [pid 654] close(13) = -1 EBADF (Bad file descriptor) [pid 654] close(14) = -1 EBADF (Bad file descriptor) [pid 654] close(15) = -1 EBADF (Bad file descriptor) [pid 654] close(16) = -1 EBADF (Bad file descriptor) [pid 654] close(17) = -1 EBADF (Bad file descriptor) [pid 654] close(18) = -1 EBADF (Bad file descriptor) [pid 654] close(19) = -1 EBADF (Bad file descriptor) [pid 654] close(20) = -1 EBADF (Bad file descriptor) [pid 654] close(21) = -1 EBADF (Bad file descriptor) [pid 654] close(22) = -1 EBADF (Bad file descriptor) [pid 654] close(23) = -1 EBADF (Bad file descriptor) [pid 654] close(24) = -1 EBADF (Bad file descriptor) [pid 654] close(25) = -1 EBADF (Bad file descriptor) [pid 654] close(26) = -1 EBADF (Bad file descriptor) [pid 654] close(27) = -1 EBADF (Bad file descriptor) [pid 654] close(28) = -1 EBADF (Bad file descriptor) [pid 654] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 654] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 654] exit_group(0) = ? [pid 654] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./48/binderfs") = 0 [pid 375] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./48/cgroup") = 0 [pid 375] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./48/cgroup.net") = 0 [pid 375] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./48/file0") = 0 [pid 375] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./48/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./48") = 0 [pid 375] mkdir("./49", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 656 attached [pid 656] chdir("./49") = 0 [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 51 [pid 656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 656] setpgid(0, 0) = 0 [pid 656] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 656] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 656] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 656] write(3, "1000", 4) = 4 [pid 656] close(3) = 0 [pid 656] symlink("/dev/binderfs", "./binderfs") = 0 [ 153.441850][ T654] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 153.449803][ T654] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 153.457760][ T654] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 153.465711][ T654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 153.473662][ T654] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [pid 656] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 656] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 655] <... write resumed>) = 6 [pid 656] open("./file0", O_RDONLY) = 3 [pid 656] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 656] write(4, "-pids ", 6 [pid 655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 655] write(5, "22", 2) = 2 [ 153.500463][ T652] FAULT_INJECTION: forcing a failure. [ 153.500463][ T652] name failslab, interval 1, probability 0, space 0, times 0 [ 153.513810][ T652] CPU: 0 PID: 652 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 153.525434][ T652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.535469][ T652] Call Trace: [ 153.538743][ T652] dump_stack_lvl+0x1e2/0x24b [ 153.543393][ T652] ? bfq_pos_tree_add_move+0x43e/0x43e [ 153.548829][ T652] ? selinux_kernfs_init_security+0x1a8/0x760 [ 153.554879][ T652] dump_stack+0x15/0x17 [ 153.559016][ T652] should_fail+0x3c0/0x510 [ 153.563410][ T652] ? __kernfs_new_node+0x99/0x6e0 [ 153.568420][ T652] __should_failslab+0x9f/0xe0 [ 153.573190][ T652] should_failslab+0x9/0x20 [ 153.577665][ T652] __kmalloc_track_caller+0x5f/0x350 [ 153.582924][ T652] kstrdup_const+0x55/0x90 [ 153.587311][ T652] __kernfs_new_node+0x99/0x6e0 [ 153.592141][ T652] ? is_module_text_address+0xe1/0x140 [ 153.597578][ T652] ? kernfs_new_node+0x170/0x170 [ 153.602492][ T652] ? ptr_to_hashval+0x60/0x60 [ 153.607154][ T652] ? arch_stack_walk+0xf8/0x140 [ 153.611982][ T652] ? snprintf+0xd6/0x120 [ 153.616195][ T652] kernfs_new_node+0x97/0x170 [ 153.620843][ T652] __kernfs_create_file+0x4a/0x270 [ 153.625927][ T652] cgroup_addrm_files+0xab8/0xfe0 [ 153.630941][ T652] ? ____kasan_kmalloc+0xdc/0x110 [ 153.635940][ T652] ? __kasan_kmalloc+0x9/0x10 [ 153.640590][ T652] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 153.646108][ T652] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 153.652234][ T652] ? delete_node+0x759/0x7b0 [ 153.656799][ T652] ? __kasan_check_read+0x11/0x20 [ 153.661808][ T652] ? delete_node+0x759/0x7b0 [ 153.666377][ T652] ? __kasan_check_write+0x14/0x20 [ 153.671465][ T652] ? idr_replace+0x1c4/0x230 [ 153.676027][ T652] ? idr_get_next+0x4b0/0x4b0 [ 153.680676][ T652] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 153.685678][ T652] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 153.690849][ T652] css_populate_dir+0x137/0x370 [ 153.695680][ T652] cgroup_apply_control_enable+0x8b9/0x12f0 [ 153.701549][ T652] cgroup_apply_control+0x93/0x710 [ 153.706633][ T652] ? css_next_child+0x160/0x160 [ 153.711456][ T652] ? stack_trace_save+0x12d/0x1f0 [ 153.716457][ T652] ? io_schedule+0x120/0x120 [ 153.721029][ T652] ? kernfs_fop_write_iter+0x15e/0x410 [ 153.726462][ T652] ? __kasan_check_write+0x14/0x20 [ 153.731554][ T652] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 153.736820][ T652] cgroup_subtree_control_write+0xd19/0x1310 [ 153.742779][ T652] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 153.748732][ T652] ? __kasan_check_write+0x14/0x20 [ 153.753823][ T652] ? _copy_from_iter+0x3fb/0xd60 [ 153.758742][ T652] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 153.764704][ T652] cgroup_file_write+0x28e/0x590 [ 153.769618][ T652] ? cgroup_seqfile_stop+0xc0/0xc0 [ 153.774711][ T652] ? mutex_lock+0xa6/0x110 [ 153.779109][ T652] ? mutex_trylock+0xb0/0xb0 [ 153.783671][ T652] ? __kasan_check_write+0x14/0x20 [ 153.788754][ T652] kernfs_fop_write_iter+0x2d0/0x410 [ 153.794040][ T652] ? cgroup_seqfile_stop+0xc0/0xc0 [ 153.799139][ T652] vfs_write+0xc1c/0xf40 [ 153.803362][ T652] ? __kasan_check_write+0x14/0x20 [ 153.808448][ T652] ? kernel_write+0x3c0/0x3c0 [ 153.813100][ T652] ? _raw_spin_unlock_irq+0x4e/0x70 [ 153.818272][ T652] ? ptrace_stop+0x6ff/0x9f0 [ 153.822846][ T652] ? __kasan_check_read+0x11/0x20 [ 153.827848][ T652] ? __fdget_pos+0x27e/0x310 [ 153.832417][ T652] ksys_write+0x198/0x2c0 [ 153.836727][ T652] ? do_notify_parent+0xa60/0xa60 [ 153.841737][ T652] ? __ia32_sys_read+0x90/0x90 [ 153.846477][ T652] ? __ia32_sys_open+0x270/0x270 [ 153.851400][ T652] __x64_sys_write+0x7b/0x90 [ 153.855977][ T652] do_syscall_64+0x34/0x70 [ 153.860367][ T652] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 153.866241][ T652] RIP: 0033:0x7fc8ece62c09 [ 153.870632][ T652] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 153.890221][ T652] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 655] write(4, "+pids ", 6 [pid 652] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 652] close(3) = 0 [pid 652] close(4) = 0 [pid 652] close(5) = 0 [pid 652] close(6) = -1 EBADF (Bad file descriptor) [pid 652] close(7) = -1 EBADF (Bad file descriptor) [pid 652] close(8) = -1 EBADF (Bad file descriptor) [pid 652] close(9) = -1 EBADF (Bad file descriptor) [pid 652] close(10) = -1 EBADF (Bad file descriptor) [pid 652] close(11) = -1 EBADF (Bad file descriptor) [pid 652] close(12) = -1 EBADF (Bad file descriptor) [pid 652] close(13) = -1 EBADF (Bad file descriptor) [pid 652] close(14) = -1 EBADF (Bad file descriptor) [pid 652] close(15) = -1 EBADF (Bad file descriptor) [pid 652] close(16) = -1 EBADF (Bad file descriptor) [pid 652] close(17) = -1 EBADF (Bad file descriptor) [pid 652] close(18) = -1 EBADF (Bad file descriptor) [pid 652] close(19) = -1 EBADF (Bad file descriptor) [pid 652] close(20) = -1 EBADF (Bad file descriptor) [pid 652] close(21) = -1 EBADF (Bad file descriptor) [pid 652] close(22) = -1 EBADF (Bad file descriptor) [pid 652] close(23) = -1 EBADF (Bad file descriptor) [pid 652] close(24) = -1 EBADF (Bad file descriptor) [pid 652] close(25) = -1 EBADF (Bad file descriptor) [pid 652] close(26) = -1 EBADF (Bad file descriptor) [pid 652] close(27) = -1 EBADF (Bad file descriptor) [pid 652] close(28) = -1 EBADF (Bad file descriptor) [pid 652] close(29) = -1 EBADF (Bad file descriptor) [pid 652] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 652] exit_group(0) = ? [pid 652] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./46/binderfs") = 0 [pid 381] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./46/cgroup") = 0 [pid 381] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./46/cgroup.net") = 0 [pid 381] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [ 153.898622][ T652] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 153.906571][ T652] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 153.914523][ T652] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 153.922468][ T652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 153.930453][ T652] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 153.938617][ T652] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] close(4) = 0 [pid 656] <... write resumed>) = 6 [pid 656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 656] write(5, "22", 2) = 2 [pid 656] write(4, "+pids ", 6 [ 153.970454][ T655] FAULT_INJECTION: forcing a failure. [ 153.970454][ T655] name failslab, interval 1, probability 0, space 0, times 0 [ 153.983155][ T655] CPU: 0 PID: 655 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 153.994767][ T655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 154.004801][ T655] Call Trace: [ 154.008074][ T655] dump_stack_lvl+0x1e2/0x24b [ 154.012725][ T655] ? panic+0x7d7/0x7d7 [ 154.016775][ T655] ? bfq_pos_tree_add_move+0x43e/0x43e [ 154.022210][ T655] ? find_next_bit+0xd6/0x120 [ 154.027212][ T655] ? cpumask_next+0x11/0x30 [ 154.031689][ T655] dump_stack+0x15/0x17 [ 154.035819][ T655] should_fail+0x3c0/0x510 [ 154.040209][ T655] ? percpu_ref_init+0xd0/0x330 [ 154.045056][ T655] __should_failslab+0x9f/0xe0 [ 154.049798][ T655] should_failslab+0x9/0x20 [ 154.054282][ T655] kmem_cache_alloc_trace+0x3a/0x330 [ 154.059545][ T655] percpu_ref_init+0xd0/0x330 [ 154.064198][ T655] ? cgroup_setup_root+0xea0/0xea0 [ 154.069460][ T655] cgroup_apply_control_enable+0x3a2/0x12f0 [ 154.075332][ T655] cgroup_apply_control+0x93/0x710 [ 154.080418][ T655] ? css_next_child+0x160/0x160 [ 154.085243][ T655] ? io_schedule+0x120/0x120 [ 154.089809][ T655] ? kernfs_fop_write_iter+0x15e/0x410 [ 154.095243][ T655] ? __kasan_check_write+0x14/0x20 [ 154.100328][ T655] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 154.105588][ T655] cgroup_subtree_control_write+0xd19/0x1310 [ 154.111543][ T655] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.117496][ T655] ? __kasan_check_write+0x14/0x20 [ 154.122585][ T655] ? _copy_from_iter+0x3fb/0xd60 [ 154.127496][ T655] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.133451][ T655] cgroup_file_write+0x28e/0x590 [ 154.138363][ T655] ? cgroup_seqfile_stop+0xc0/0xc0 [ 154.143449][ T655] ? mutex_lock+0xa6/0x110 [ 154.147845][ T655] ? mutex_trylock+0xb0/0xb0 [ 154.152412][ T655] ? __kasan_check_write+0x14/0x20 [ 154.157500][ T655] kernfs_fop_write_iter+0x2d0/0x410 [ 154.162758][ T655] ? cgroup_seqfile_stop+0xc0/0xc0 [ 154.167846][ T655] vfs_write+0xc1c/0xf40 [ 154.172065][ T655] ? __kasan_check_write+0x14/0x20 [ 154.177150][ T655] ? kernel_write+0x3c0/0x3c0 [ 154.181802][ T655] ? _raw_spin_unlock_irq+0x4e/0x70 [ 154.186972][ T655] ? ptrace_stop+0x6ff/0x9f0 [ 154.191538][ T655] ? __kasan_check_read+0x11/0x20 [ 154.196537][ T655] ? __fdget_pos+0x27e/0x310 [ 154.201103][ T655] ksys_write+0x198/0x2c0 [ 154.205414][ T655] ? do_notify_parent+0xa60/0xa60 [ 154.210416][ T655] ? __ia32_sys_read+0x90/0x90 [ 154.215151][ T655] ? __ia32_sys_open+0x270/0x270 [ 154.220065][ T655] __x64_sys_write+0x7b/0x90 [ 154.224634][ T655] do_syscall_64+0x34/0x70 [ 154.229027][ T655] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 154.234894][ T655] RIP: 0033:0x7fc8ece62c09 [ 154.239285][ T655] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 154.258864][ T655] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 381] rmdir("./46/file0") = 0 [pid 381] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./46/cgroup.cpu", [pid 655] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./46/cgroup.cpu" [pid 655] close(3) = 0 [pid 381] <... unlink resumed>) = 0 [pid 655] close(4 [pid 381] getdents64(3, [pid 655] <... close resumed>) = 0 [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 655] close(5 [pid 381] close(3 [pid 655] <... close resumed>) = 0 [pid 655] close(6 [pid 381] <... close resumed>) = 0 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] rmdir("./46") = 0 [pid 655] close(7) = -1 EBADF (Bad file descriptor) [pid 381] mkdir("./47", 0777) = 0 [pid 655] close(8) = -1 EBADF (Bad file descriptor) [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 657 attached [pid 655] close(9 [pid 657] chdir("./47" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 49 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... chdir resumed>) = 0 [pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] close(10 [pid 657] setpgid(0, 0) = 0 [pid 657] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... symlink resumed>) = 0 [pid 655] close(11 [pid 657] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 655] close(12 [pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] write(3, "1000", 4) = 4 [pid 657] close(3 [pid 655] close(13 [pid 657] <... close resumed>) = 0 [pid 657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 655] close(14 [pid 657] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] open("./file0", O_RDONLY) = 3 [pid 655] close(15 [pid 657] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 655] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] write(4, "-pids ", 6 [pid 655] close(16) = -1 EBADF (Bad file descriptor) [pid 655] close(17) = -1 EBADF (Bad file descriptor) [pid 655] close(18) = -1 EBADF (Bad file descriptor) [pid 655] close(19) = -1 EBADF (Bad file descriptor) [pid 655] close(20) = -1 EBADF (Bad file descriptor) [pid 655] close(21) = -1 EBADF (Bad file descriptor) [pid 655] close(22) = -1 EBADF (Bad file descriptor) [pid 655] close(23) = -1 EBADF (Bad file descriptor) [pid 655] close(24) = -1 EBADF (Bad file descriptor) [pid 655] close(25) = -1 EBADF (Bad file descriptor) [pid 655] close(26) = -1 EBADF (Bad file descriptor) [pid 655] close(27) = -1 EBADF (Bad file descriptor) [pid 655] close(28) = -1 EBADF (Bad file descriptor) [pid 655] close(29) = -1 EBADF (Bad file descriptor) [pid 655] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 655] exit_group(0) = ? [pid 655] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 154.267251][ T655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 154.275220][ T655] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 154.283197][ T655] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 154.291149][ T655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 154.299213][ T655] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [pid 382] unlink("./48/binderfs") = 0 [pid 382] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./48/cgroup") = 0 [pid 382] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./48/cgroup.net") = 0 [ 154.330614][ T650] FAULT_INJECTION: forcing a failure. [ 154.330614][ T650] name failslab, interval 1, probability 0, space 0, times 0 [ 154.343815][ T650] CPU: 0 PID: 650 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 154.355440][ T650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 154.365484][ T650] Call Trace: [ 154.368753][ T650] dump_stack_lvl+0x1e2/0x24b [ 154.373415][ T650] ? bfq_pos_tree_add_move+0x43e/0x43e [ 154.378851][ T650] ? selinux_kernfs_init_security+0x1a8/0x760 [ 154.384900][ T650] dump_stack+0x15/0x17 [ 154.389042][ T650] should_fail+0x3c0/0x510 [ 154.393432][ T650] ? __kernfs_new_node+0x99/0x6e0 [ 154.398432][ T650] __should_failslab+0x9f/0xe0 [ 154.403167][ T650] should_failslab+0x9/0x20 [ 154.407645][ T650] __kmalloc_track_caller+0x5f/0x350 [ 154.412904][ T650] kstrdup_const+0x55/0x90 [ 154.417290][ T650] __kernfs_new_node+0x99/0x6e0 [ 154.422121][ T650] ? is_module_text_address+0xe1/0x140 [ 154.427562][ T650] ? kernfs_new_node+0x170/0x170 [ 154.432480][ T650] ? ptr_to_hashval+0x60/0x60 [ 154.437137][ T650] ? arch_stack_walk+0xf8/0x140 [ 154.441960][ T650] ? snprintf+0xd6/0x120 [ 154.446177][ T650] kernfs_new_node+0x97/0x170 [ 154.450823][ T650] __kernfs_create_file+0x4a/0x270 [ 154.455905][ T650] cgroup_addrm_files+0xab8/0xfe0 [ 154.460920][ T650] ? ____kasan_kmalloc+0xdc/0x110 [ 154.465931][ T650] ? __kasan_kmalloc+0x9/0x10 [ 154.470584][ T650] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 154.476120][ T650] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 154.482248][ T650] ? delete_node+0x759/0x7b0 [ 154.486817][ T650] ? __kasan_check_read+0x11/0x20 [ 154.491821][ T650] ? delete_node+0x759/0x7b0 [ 154.496383][ T650] ? __kasan_check_write+0x14/0x20 [ 154.501468][ T650] ? idr_replace+0x1c4/0x230 [ 154.507343][ T650] ? idr_get_next+0x4b0/0x4b0 [ 154.512005][ T650] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 154.517008][ T650] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 154.522198][ T650] css_populate_dir+0x137/0x370 [ 154.527032][ T650] cgroup_apply_control_enable+0x8b9/0x12f0 [ 154.532899][ T650] cgroup_apply_control+0x93/0x710 [ 154.537982][ T650] ? css_next_child+0x160/0x160 [ 154.542808][ T650] ? stack_trace_save+0x12d/0x1f0 [ 154.547817][ T650] ? io_schedule+0x120/0x120 [ 154.552381][ T650] ? kernfs_fop_write_iter+0x15e/0x410 [ 154.557815][ T650] ? __kasan_check_write+0x14/0x20 [ 154.562903][ T650] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 154.568250][ T650] cgroup_subtree_control_write+0xd19/0x1310 [ 154.574200][ T650] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.580157][ T650] ? __kasan_check_write+0x14/0x20 [ 154.585249][ T650] ? _copy_from_iter+0x3fb/0xd60 [ 154.590173][ T650] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.596131][ T650] cgroup_file_write+0x28e/0x590 [ 154.601054][ T650] ? cgroup_seqfile_stop+0xc0/0xc0 [ 154.606159][ T650] ? mutex_lock+0xa6/0x110 [ 154.610561][ T650] ? mutex_trylock+0xb0/0xb0 [ 154.615131][ T650] ? __kasan_check_write+0x14/0x20 [ 154.620232][ T650] kernfs_fop_write_iter+0x2d0/0x410 [ 154.625504][ T650] ? cgroup_seqfile_stop+0xc0/0xc0 [ 154.630606][ T650] vfs_write+0xc1c/0xf40 [ 154.634832][ T650] ? __kasan_check_write+0x14/0x20 [ 154.639913][ T650] ? kernel_write+0x3c0/0x3c0 [ 154.644560][ T650] ? _raw_spin_unlock_irq+0x4e/0x70 [ 154.649733][ T650] ? ptrace_stop+0x6ff/0x9f0 [ 154.654300][ T650] ? __kasan_check_read+0x11/0x20 [ 154.659299][ T650] ? __fdget_pos+0x27e/0x310 [ 154.663863][ T650] ksys_write+0x198/0x2c0 [ 154.668166][ T650] ? do_notify_parent+0xa60/0xa60 [ 154.673172][ T650] ? __ia32_sys_read+0x90/0x90 [ 154.677915][ T650] ? __ia32_sys_open+0x270/0x270 [ 154.682823][ T650] __x64_sys_write+0x7b/0x90 [ 154.687392][ T650] do_syscall_64+0x34/0x70 [ 154.691780][ T650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 154.697654][ T650] RIP: 0033:0x7fc8ece62c09 [ 154.702049][ T650] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 154.721629][ T650] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 382] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./48/file0") = 0 [pid 382] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./48/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./48" [pid 650] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 382] <... rmdir resumed>) = 0 [pid 650] close(3 [pid 382] mkdir("./49", 0777 [pid 650] <... close resumed>) = 0 [pid 382] <... mkdir resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 658 attached [pid 650] close(4 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 51 [pid 658] chdir("./49" [pid 650] <... close resumed>) = 0 [pid 658] <... chdir resumed>) = 0 [pid 650] close(5 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 650] <... close resumed>) = 0 [pid 658] setpgid(0, 0 [pid 650] close(6 [pid 658] <... setpgid resumed>) = 0 [pid 658] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] <... symlink resumed>) = 0 [pid 658] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 650] close(7 [pid 658] <... symlink resumed>) = 0 [pid 658] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] <... symlink resumed>) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 650] close(8 [pid 658] <... openat resumed>) = 3 [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] write(3, "1000", 4) = 4 [pid 650] close(9 [pid 658] close(3) = 0 [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] symlink("/dev/binderfs", "./binderfs" [pid 650] close(10 [pid 658] <... symlink resumed>) = 0 [pid 658] mkdirat(AT_FDCWD, "./file0", 000 [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] <... mkdirat resumed>) = 0 [pid 658] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 650] close(11 [pid 658] <... mount resumed>) = 0 [pid 650] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] open("./file0", O_RDONLY) = 3 [pid 658] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 658] write(4, "-pids ", 6 [pid 650] close(12) = -1 EBADF (Bad file descriptor) [pid 650] close(13) = -1 EBADF (Bad file descriptor) [pid 650] close(14) = -1 EBADF (Bad file descriptor) [pid 650] close(15) = -1 EBADF (Bad file descriptor) [pid 650] close(16) = -1 EBADF (Bad file descriptor) [pid 650] close(17) = -1 EBADF (Bad file descriptor) [ 154.730012][ T650] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 154.737954][ T650] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 154.745897][ T650] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 154.753845][ T650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 154.761794][ T650] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [ 154.770272][ T650] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 650] close(18) = -1 EBADF (Bad file descriptor) [pid 650] close(19) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 650] close(20) = -1 EBADF (Bad file descriptor) [pid 650] close(21) = -1 EBADF (Bad file descriptor) [pid 650] close(22) = -1 EBADF (Bad file descriptor) [pid 650] close(23) = -1 EBADF (Bad file descriptor) [pid 650] close(24) = -1 EBADF (Bad file descriptor) [pid 650] close(25) = -1 EBADF (Bad file descriptor) [pid 650] close(26) = -1 EBADF (Bad file descriptor) [pid 650] close(27) = -1 EBADF (Bad file descriptor) [pid 650] close(28) = -1 EBADF (Bad file descriptor) [pid 650] close(29) = -1 EBADF (Bad file descriptor) [pid 650] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 650] exit_group(0) = ? [pid 650] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./43/binderfs") = 0 [ 154.800432][ T656] FAULT_INJECTION: forcing a failure. [ 154.800432][ T656] name failslab, interval 1, probability 0, space 0, times 0 [ 154.813496][ T656] CPU: 1 PID: 656 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 154.825114][ T656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 154.835148][ T656] Call Trace: [ 154.838433][ T656] dump_stack_lvl+0x1e2/0x24b [ 154.843088][ T656] ? panic+0x7d7/0x7d7 [ 154.847130][ T656] ? bfq_pos_tree_add_move+0x43e/0x43e [ 154.852561][ T656] ? find_next_bit+0xd6/0x120 [ 154.857211][ T656] ? cpumask_next+0x11/0x30 [ 154.861690][ T656] dump_stack+0x15/0x17 [ 154.865827][ T656] should_fail+0x3c0/0x510 [ 154.870221][ T656] ? percpu_ref_init+0xd0/0x330 [ 154.875051][ T656] __should_failslab+0x9f/0xe0 [ 154.879785][ T656] should_failslab+0x9/0x20 [ 154.884270][ T656] kmem_cache_alloc_trace+0x3a/0x330 [ 154.889539][ T656] percpu_ref_init+0xd0/0x330 [ 154.894205][ T656] ? cgroup_setup_root+0xea0/0xea0 [ 154.899298][ T656] cgroup_apply_control_enable+0x3a2/0x12f0 [ 154.905170][ T656] cgroup_apply_control+0x93/0x710 [ 154.910263][ T656] ? css_next_child+0x160/0x160 [ 154.915089][ T656] ? stack_trace_save+0x12d/0x1f0 [ 154.920103][ T656] ? io_schedule+0x120/0x120 [ 154.924664][ T656] ? kernfs_fop_write_iter+0x15e/0x410 [ 154.930094][ T656] ? __kasan_check_write+0x14/0x20 [ 154.935182][ T656] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 154.940447][ T656] cgroup_subtree_control_write+0xd19/0x1310 [ 154.946411][ T656] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.952363][ T656] ? __kasan_check_write+0x14/0x20 [ 154.957447][ T656] ? _copy_from_iter+0x3fb/0xd60 [ 154.962363][ T656] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 154.968335][ T656] cgroup_file_write+0x28e/0x590 [ 154.973252][ T656] ? cgroup_seqfile_stop+0xc0/0xc0 [ 154.978334][ T656] ? mutex_lock+0xa6/0x110 [ 154.982720][ T656] ? mutex_trylock+0xb0/0xb0 [ 154.987280][ T656] ? __kasan_check_write+0x14/0x20 [ 154.992364][ T656] kernfs_fop_write_iter+0x2d0/0x410 [ 154.997627][ T656] ? cgroup_seqfile_stop+0xc0/0xc0 [ 155.002720][ T656] vfs_write+0xc1c/0xf40 [ 155.006934][ T656] ? __kasan_check_write+0x14/0x20 [ 155.012016][ T656] ? kernel_write+0x3c0/0x3c0 [ 155.016664][ T656] ? _raw_spin_unlock_irq+0x4e/0x70 [ 155.021837][ T656] ? ptrace_stop+0x6ff/0x9f0 [ 155.026403][ T656] ? __kasan_check_read+0x11/0x20 [ 155.031401][ T656] ? __fdget_pos+0x27e/0x310 [ 155.035961][ T656] ksys_write+0x198/0x2c0 [ 155.040265][ T656] ? do_notify_parent+0xa60/0xa60 [ 155.045261][ T656] ? __ia32_sys_read+0x90/0x90 [ 155.050005][ T656] ? __ia32_sys_open+0x270/0x270 [ 155.054925][ T656] __x64_sys_write+0x7b/0x90 [ 155.059490][ T656] do_syscall_64+0x34/0x70 [ 155.063884][ T656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 155.069765][ T656] RIP: 0033:0x7fc8ece62c09 [ 155.074170][ T656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 376] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./43/cgroup") = 0 [pid 376] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./43/cgroup.net") = 0 [pid 376] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 656] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 376] <... umount2 resumed>) = 0 [pid 656] close(3 [pid 376] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 656] <... close resumed>) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 656] close(4 [pid 376] lstat("./43/file0", [pid 656] <... close resumed>) = 0 [pid 376] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 656] close(5 [pid 376] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 656] <... close resumed>) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 656] close(6 [pid 376] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 656] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 656] close(7) = -1 EBADF (Bad file descriptor) [pid 656] close(8) = -1 EBADF (Bad file descriptor) [pid 656] close(9) = -1 EBADF (Bad file descriptor) [pid 656] close(10) = -1 EBADF (Bad file descriptor) [pid 656] close(11) = -1 EBADF (Bad file descriptor) [pid 656] close(12) = -1 EBADF (Bad file descriptor) [pid 656] close(13) = -1 EBADF (Bad file descriptor) [pid 656] close(14) = -1 EBADF (Bad file descriptor) [pid 656] close(15) = -1 EBADF (Bad file descriptor) [pid 656] close(16) = -1 EBADF (Bad file descriptor) [pid 656] close(17) = -1 EBADF (Bad file descriptor) [pid 656] close(18) = -1 EBADF (Bad file descriptor) [pid 656] close(19) = -1 EBADF (Bad file descriptor) [pid 656] close(20) = -1 EBADF (Bad file descriptor) [pid 656] close(21) = -1 EBADF (Bad file descriptor) [pid 656] close(22) = -1 EBADF (Bad file descriptor) [pid 656] close(23) = -1 EBADF (Bad file descriptor) [pid 656] close(24) = -1 EBADF (Bad file descriptor) [pid 656] close(25) = -1 EBADF (Bad file descriptor) [pid 656] close(26) = -1 EBADF (Bad file descriptor) [pid 656] close(27) = -1 EBADF (Bad file descriptor) [pid 656] close(28) = -1 EBADF (Bad file descriptor) [pid 656] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 656] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 656] exit_group(0) = ? [pid 656] +++ exited with 0 +++ [pid 376] <... openat resumed>) = 4 [pid 376] fstat(4, [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] getdents64(4, [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, [pid 376] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] getdents64(4, [pid 375] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./49/binderfs", [pid 376] close(4 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./49/binderfs" [pid 376] <... close resumed>) = 0 [pid 375] <... unlink resumed>) = 0 [pid 376] rmdir("./43/file0" [pid 375] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./49/cgroup", [pid 376] <... rmdir resumed>) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] unlink("./49/cgroup" [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... unlink resumed>) = 0 [pid 375] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./43/cgroup.cpu", [pid 375] lstat("./49/cgroup.net", [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./43/cgroup.cpu" [pid 375] unlink("./49/cgroup.net") = 0 [pid 376] <... unlink resumed>) = 0 [pid 375] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] getdents64(3, [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] close(3 [pid 375] lstat("./49/file0", [pid 376] <... close resumed>) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] rmdir("./43" [pid 375] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] <... rmdir resumed>) = 0 [pid 375] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] mkdir("./44", 0777 [pid 375] <... openat resumed>) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] <... mkdir resumed>) = 0 [pid 375] close(4 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] <... close resumed>) = 0 [pid 375] rmdir("./49/file0") = 0 [pid 375] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 659 attached ) = -1 EINVAL (Invalid argument) [pid 375] lstat("./49/cgroup.cpu", [pid 659] chdir("./44" [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 46 [pid 659] <... chdir resumed>) = 0 [pid 375] unlink("./49/cgroup.cpu" [pid 659] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] <... unlink resumed>) = 0 [pid 659] <... prctl resumed>) = 0 [pid 375] getdents64(3, [pid 659] setpgid(0, 0 [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 659] <... setpgid resumed>) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./49" [pid 659] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 375] <... rmdir resumed>) = 0 [pid 659] <... symlink resumed>) = 0 [pid 375] mkdir("./50", 0777 [pid 659] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 375] <... mkdir resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 659] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 660 attached [pid 659] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 52 [pid 660] chdir("./50" [pid 659] <... symlink resumed>) = 0 [pid 660] <... chdir resumed>) = 0 [pid 659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 659] <... openat resumed>) = 3 [pid 659] write(3, "1000", 4 [pid 660] setpgid(0, 0 [pid 659] <... write resumed>) = 4 [pid 660] <... setpgid resumed>) = 0 [pid 660] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 659] close(3 [pid 660] <... symlink resumed>) = 0 [pid 659] <... close resumed>) = 0 [pid 660] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 659] symlink("/dev/binderfs", "./binderfs" [pid 660] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 659] <... symlink resumed>) = 0 [pid 660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 659] mkdirat(AT_FDCWD, "./file0", 000 [pid 660] write(3, "1000", 4) = 4 [pid 660] close(3) = 0 [pid 660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 659] <... mkdirat resumed>) = 0 [pid 660] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 659] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 660] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 659] <... mount resumed>) = 0 [pid 660] open("./file0", O_RDONLY [pid 659] open("./file0", O_RDONLY [pid 660] <... open resumed>) = 3 [pid 660] openat(3, "cgroup.subtree_control", O_RDWR [pid 659] <... open resumed>) = 3 [pid 660] <... openat resumed>) = 4 [pid 660] write(4, "-pids ", 6 [pid 659] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 659] write(4, "-pids ", 6 [pid 660] <... write resumed>) = 6 [pid 653] <... write resumed>) = 6 [pid 660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 660] write(5, "22", 2) = 2 [ 155.093748][ T656] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.102136][ T656] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 155.110085][ T656] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 155.118036][ T656] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 155.125992][ T656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 155.133948][ T656] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [pid 660] write(4, "+pids ", 6 [pid 653] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 653] write(5, "22", 2) = 2 [ 155.161503][ T651] FAULT_INJECTION: forcing a failure. [ 155.161503][ T651] name failslab, interval 1, probability 0, space 0, times 0 [ 155.174275][ T651] CPU: 1 PID: 651 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 155.185891][ T651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 155.195928][ T651] Call Trace: [ 155.199195][ T651] dump_stack_lvl+0x1e2/0x24b [ 155.203852][ T651] ? panic+0x7d7/0x7d7 [ 155.207912][ T651] ? bfq_pos_tree_add_move+0x43e/0x43e [ 155.213345][ T651] ? find_next_bit+0xd6/0x120 [ 155.218001][ T651] ? cpumask_next+0x11/0x30 [ 155.222497][ T651] dump_stack+0x15/0x17 [ 155.226633][ T651] should_fail+0x3c0/0x510 [ 155.231018][ T651] ? percpu_ref_init+0xd0/0x330 [ 155.235850][ T651] __should_failslab+0x9f/0xe0 [ 155.240601][ T651] should_failslab+0x9/0x20 [ 155.245085][ T651] kmem_cache_alloc_trace+0x3a/0x330 [ 155.250352][ T651] percpu_ref_init+0xd0/0x330 [ 155.255004][ T651] ? cgroup_setup_root+0xea0/0xea0 [ 155.260099][ T651] cgroup_apply_control_enable+0x3a2/0x12f0 [ 155.265971][ T651] cgroup_apply_control+0x93/0x710 [ 155.271055][ T651] ? __irq_exit_rcu+0x41/0x150 [ 155.275789][ T651] ? css_next_child+0x160/0x160 [ 155.280615][ T651] ? common_interrupt+0x156/0x1e0 [ 155.285618][ T651] ? asm_common_interrupt+0x1e/0x40 [ 155.290788][ T651] ? cgroup_subtree_control_write+0xb3f/0x1310 [ 155.296927][ T651] cgroup_subtree_control_write+0xd19/0x1310 [ 155.302893][ T651] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 155.308846][ T651] ? __kasan_check_write+0x14/0x20 [ 155.313932][ T651] ? _copy_from_iter+0x3fb/0xd60 [ 155.318849][ T651] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 155.324810][ T651] cgroup_file_write+0x28e/0x590 [ 155.329728][ T651] ? cgroup_seqfile_stop+0xc0/0xc0 [ 155.334829][ T651] ? mutex_lock+0xa6/0x110 [ 155.339227][ T651] ? mutex_trylock+0xb0/0xb0 [ 155.343811][ T651] ? __kasan_check_write+0x14/0x20 [ 155.348912][ T651] kernfs_fop_write_iter+0x2d0/0x410 [ 155.354180][ T651] ? cgroup_seqfile_stop+0xc0/0xc0 [ 155.359271][ T651] vfs_write+0xc1c/0xf40 [ 155.363488][ T651] ? __kasan_check_write+0x14/0x20 [ 155.368570][ T651] ? kernel_write+0x3c0/0x3c0 [ 155.373229][ T651] ? _raw_spin_unlock_irq+0x4e/0x70 [ 155.378417][ T651] ? ptrace_stop+0x6ff/0x9f0 [ 155.382990][ T651] ? __kasan_check_read+0x11/0x20 [ 155.387992][ T651] ? __fdget_pos+0x27e/0x310 [ 155.392565][ T651] ksys_write+0x198/0x2c0 [ 155.396872][ T651] ? do_notify_parent+0xa60/0xa60 [ 155.401870][ T651] ? __ia32_sys_read+0x90/0x90 [ 155.406614][ T651] ? __ia32_sys_open+0x270/0x270 [ 155.411531][ T651] __x64_sys_write+0x7b/0x90 [ 155.416091][ T651] do_syscall_64+0x34/0x70 [ 155.420499][ T651] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 155.426378][ T651] RIP: 0033:0x7fc8ece62c09 [ 155.430779][ T651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.450377][ T651] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 653] write(4, "+pids ", 6 [pid 651] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 651] close(3) = 0 [pid 651] close(4) = 0 [pid 651] close(5) = 0 [pid 651] close(6) = -1 EBADF (Bad file descriptor) [pid 651] close(7) = -1 EBADF (Bad file descriptor) [pid 651] close(8) = -1 EBADF (Bad file descriptor) [pid 651] close(9) = -1 EBADF (Bad file descriptor) [pid 651] close(10) = -1 EBADF (Bad file descriptor) [pid 651] close(11) = -1 EBADF (Bad file descriptor) [pid 651] close(12) = -1 EBADF (Bad file descriptor) [pid 651] close(13) = -1 EBADF (Bad file descriptor) [pid 651] close(14) = -1 EBADF (Bad file descriptor) [pid 651] close(15) = -1 EBADF (Bad file descriptor) [pid 651] close(16) = -1 EBADF (Bad file descriptor) [pid 651] close(17) = -1 EBADF (Bad file descriptor) [pid 651] close(18) = -1 EBADF (Bad file descriptor) [pid 651] close(19) = -1 EBADF (Bad file descriptor) [pid 651] close(20) = -1 EBADF (Bad file descriptor) [pid 651] close(21) = -1 EBADF (Bad file descriptor) [pid 651] close(22) = -1 EBADF (Bad file descriptor) [pid 651] close(23) = -1 EBADF (Bad file descriptor) [pid 651] close(24) = -1 EBADF (Bad file descriptor) [pid 651] close(25) = -1 EBADF (Bad file descriptor) [pid 651] close(26) = -1 EBADF (Bad file descriptor) [pid 651] close(27) = -1 EBADF (Bad file descriptor) [pid 651] close(28) = -1 EBADF (Bad file descriptor) [pid 651] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 651] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 651] exit_group(0) = ? [pid 651] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./41/binderfs") = 0 [pid 380] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./41/cgroup") = 0 [pid 380] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./41/cgroup.net") = 0 [ 155.458782][ T651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 155.466731][ T651] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 155.474676][ T651] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 155.482624][ T651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 155.490576][ T651] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 155.508148][ T380] ------------[ cut here ]------------ [ 155.513653][ T380] WARNING: CPU: 0 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 155.522584][ T380] Modules linked in: [ 155.526481][ T380] CPU: 0 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 155.538103][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 155.548174][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 155.553805][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 155.573416][ T380] RSP: 0018:ffffc90000b27ba0 EFLAGS: 00010293 [ 155.579458][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 155.587435][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 155.595420][ T380] RBP: ffffc90000b27c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 155.603394][ T380] R10: fffff52000164f65 R11: 1ffff92000164f64 R12: dffffc0000000000 [ 155.611363][ T380] R13: ffff88811d68ae00 R14: ffffc90000b27c00 R15: 1ffff92000164f7c [ 155.619322][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 155.628256][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.634838][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506b0 [ 155.642813][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 155.650796][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 155.658745][ T380] Call Trace: [ 155.662046][ T380] ? io_schedule+0x120/0x120 [ 155.666629][ T380] ? vfs_submount+0xb0/0xb0 [ 155.671133][ T380] ? shrink_dentry_list+0x4ec/0x500 [ 155.676320][ T380] ? __kasan_check_write+0x14/0x20 [ 155.681431][ T380] namespace_unlock+0x448/0x4f0 [ 155.686272][ T380] ? umount_tree+0xf50/0xf50 [ 155.690860][ T380] ? __detach_mounts+0x670/0x670 [ 155.695778][ T380] ? selinux_umount+0xf0/0x130 [ 155.700535][ T380] ? security_sb_umount+0x9d/0xb0 [ 155.705571][ T380] path_umount+0xf03/0xfb0 [ 155.709963][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 155.715004][ T380] ? user_path_at_empty+0x40/0x50 [ 155.720011][ T380] __x64_sys_umount+0x122/0x170 [ 155.724857][ T380] ? path_umount+0xfb0/0xfb0 [ 155.729440][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 155.735425][ T380] do_syscall_64+0x34/0x70 [ 155.739831][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 155.745718][ T380] RIP: 0033:0x7fc8ece63fb7 [ 155.750113][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 155.769711][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 155.778138][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 155.786111][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 155.794099][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 155.802076][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 155.810039][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002a [ 155.818016][ T380] ---[ end trace d4de1ca9cdcd1997 ]--- [ 155.823506][ T380] ------------[ cut here ]------------ [ 155.828957][ T380] WARNING: CPU: 0 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 155.837912][ T380] Modules linked in: [ 155.841851][ T380] CPU: 0 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 155.853528][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 155.863631][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 155.869236][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 155.888860][ T380] RSP: 0018:ffffc90000b27ca0 EFLAGS: 00010293 [ 155.894949][ T380] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065ebb40 [ 155.902927][ T380] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 155.910891][ T380] RBP: ffffc90000b27d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 155.918844][ T380] R10: fffff52000164f85 R11: 1ffff92000164f84 R12: dffffc0000000000 [ 155.926821][ T380] R13: ffff88811d68ae00 R14: ffffc90000b27d00 R15: 1ffff92000164f9c [ 155.934796][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 155.943719][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 155.950316][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506b0 [ 155.958266][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 155.966241][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 155.974211][ T380] Call Trace: [ 155.977476][ T380] ? lockref_get_or_lock+0x340/0x340 [ 155.982763][ T380] ? umount_tree+0xf50/0xf50 [ 155.987359][ T380] ? vfs_submount+0xb0/0xb0 [ 155.991878][ T380] ? dput+0x2b6/0x320 [ 155.995853][ T380] path_umount+0x1fe/0xfb0 [ 156.000287][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 156.005300][ T380] ? user_path_at_empty+0x40/0x50 [ 156.010336][ T380] __x64_sys_umount+0x122/0x170 [ 156.015168][ T380] ? path_umount+0xfb0/0xfb0 [ 156.019737][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 156.025750][ T380] do_syscall_64+0x34/0x70 [ 156.030167][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 156.036064][ T380] RIP: 0033:0x7fc8ece63fb7 [ 156.040502][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 380] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 156.060098][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 156.068505][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 156.076495][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 156.084472][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 156.092442][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 156.100417][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002a [ 156.108385][ T380] ---[ end trace d4de1ca9cdcd1998 ]--- [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./41/file0") = 0 [pid 380] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./41/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./41") = 0 [pid 380] mkdir("./42", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 44 [ 156.114031][ T653] FAULT_INJECTION: forcing a failure. [ 156.114031][ T653] name failslab, interval 1, probability 0, space 0, times 0 [ 156.126671][ T653] CPU: 0 PID: 653 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 156.138273][ T653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.148298][ T653] Call Trace: [ 156.151575][ T653] dump_stack_lvl+0x1e2/0x24b [ 156.156252][ T653] ? bfq_pos_tree_add_move+0x43e/0x43e [ 156.161699][ T653] ? selinux_kernfs_init_security+0x1a8/0x760 [ 156.167754][ T653] dump_stack+0x15/0x17 [ 156.171898][ T653] should_fail+0x3c0/0x510 [ 156.176305][ T653] ? __kernfs_new_node+0x99/0x6e0 [ 156.181314][ T653] __should_failslab+0x9f/0xe0 [ 156.186057][ T653] should_failslab+0x9/0x20 [ 156.190551][ T653] __kmalloc_track_caller+0x5f/0x350 [ 156.195815][ T653] kstrdup_const+0x55/0x90 [ 156.200207][ T653] __kernfs_new_node+0x99/0x6e0 [ 156.205056][ T653] ? is_module_text_address+0xe1/0x140 [ 156.210492][ T653] ? kernfs_new_node+0x170/0x170 ./strace-static-x86_64: Process 661 attached [pid 661] chdir("./42") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 661] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 661] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 661] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 156.215413][ T653] ? ptr_to_hashval+0x60/0x60 [ 156.220062][ T653] ? arch_stack_walk+0xf8/0x140 [ 156.224895][ T653] ? snprintf+0xd6/0x120 [ 156.229127][ T653] kernfs_new_node+0x97/0x170 [ 156.234060][ T653] __kernfs_create_file+0x4a/0x270 [ 156.239160][ T653] cgroup_addrm_files+0xab8/0xfe0 [ 156.244166][ T653] ? ____kasan_kmalloc+0xdc/0x110 [ 156.249169][ T653] ? __kasan_kmalloc+0x9/0x10 [ 156.253834][ T653] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 156.259372][ T653] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 156.265514][ T653] ? delete_node+0x759/0x7b0 [ 156.270101][ T653] ? __kasan_check_read+0x11/0x20 [ 156.275114][ T653] ? delete_node+0x759/0x7b0 [ 156.279679][ T653] ? __kasan_check_write+0x14/0x20 [ 156.284775][ T653] ? idr_replace+0x1c4/0x230 [ 156.289361][ T653] ? idr_get_next+0x4b0/0x4b0 [ 156.294020][ T653] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 156.299017][ T653] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 156.304187][ T653] css_populate_dir+0x137/0x370 [ 156.309014][ T653] cgroup_apply_control_enable+0x8b9/0x12f0 [ 156.314881][ T653] cgroup_apply_control+0x93/0x710 [ 156.319966][ T653] ? css_next_child+0x160/0x160 [ 156.324788][ T653] ? stack_trace_save+0x12d/0x1f0 [ 156.329791][ T653] ? io_schedule+0x120/0x120 [ 156.334374][ T653] ? kernfs_fop_write_iter+0x15e/0x410 [ 156.339821][ T653] ? __kasan_check_write+0x14/0x20 [ 156.344915][ T653] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 156.350182][ T653] cgroup_subtree_control_write+0xd19/0x1310 [ 156.356144][ T653] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 156.362096][ T653] ? __kasan_check_write+0x14/0x20 [ 156.367181][ T653] ? _copy_from_iter+0x3fb/0xd60 [ 156.372095][ T653] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 156.378075][ T653] cgroup_file_write+0x28e/0x590 [ 156.382986][ T653] ? cgroup_seqfile_stop+0xc0/0xc0 [ 156.388072][ T653] ? mutex_lock+0xa6/0x110 [ 156.392460][ T653] ? mutex_trylock+0xb0/0xb0 [ 156.397023][ T653] ? __kasan_check_write+0x14/0x20 [ 156.402112][ T653] kernfs_fop_write_iter+0x2d0/0x410 [ 156.407380][ T653] ? cgroup_seqfile_stop+0xc0/0xc0 [ 156.412468][ T653] vfs_write+0xc1c/0xf40 [ 156.416701][ T653] ? __kasan_check_write+0x14/0x20 [ 156.421794][ T653] ? kernel_write+0x3c0/0x3c0 [ 156.426447][ T653] ? _raw_spin_unlock_irq+0x4e/0x70 [ 156.431623][ T653] ? ptrace_stop+0x6ff/0x9f0 [ 156.436186][ T653] ? __kasan_check_read+0x11/0x20 [ 156.441187][ T653] ? __fdget_pos+0x27e/0x310 [ 156.445764][ T653] ksys_write+0x198/0x2c0 [ 156.450077][ T653] ? do_notify_parent+0xa60/0xa60 [ 156.455086][ T653] ? __ia32_sys_read+0x90/0x90 [ 156.459829][ T653] ? __ia32_sys_open+0x270/0x270 [ 156.464752][ T653] __x64_sys_write+0x7b/0x90 [ 156.469334][ T653] do_syscall_64+0x34/0x70 [ 156.473744][ T653] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 156.479622][ T653] RIP: 0033:0x7fc8ece62c09 [ 156.484026][ T653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.503614][ T653] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 661] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 653] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 653] close(3) = 0 [pid 653] close(4) = 0 [pid 653] close(5) = 0 [pid 653] close(6) = -1 EBADF (Bad file descriptor) [pid 653] close(7) = -1 EBADF (Bad file descriptor) [pid 653] close(8) = -1 EBADF (Bad file descriptor) [pid 653] close(9) = -1 EBADF (Bad file descriptor) [pid 653] close(10) = -1 EBADF (Bad file descriptor) [pid 653] close(11) = -1 EBADF (Bad file descriptor) [pid 653] close(12) = -1 EBADF (Bad file descriptor) [pid 653] close(13) = -1 EBADF (Bad file descriptor) [pid 653] close(14) = -1 EBADF (Bad file descriptor) [pid 653] close(15) = -1 EBADF (Bad file descriptor) [pid 653] close(16) = -1 EBADF (Bad file descriptor) [pid 653] close(17) = -1 EBADF (Bad file descriptor) [pid 653] close(18) = -1 EBADF (Bad file descriptor) [pid 653] close(19) = -1 EBADF (Bad file descriptor) [pid 653] close(20) = -1 EBADF (Bad file descriptor) [pid 653] close(21) = -1 EBADF (Bad file descriptor) [pid 653] close(22) = -1 EBADF (Bad file descriptor) [pid 653] close(23) = -1 EBADF (Bad file descriptor) [pid 653] close(24) = -1 EBADF (Bad file descriptor) [pid 653] close(25) = -1 EBADF (Bad file descriptor) [pid 653] close(26) = -1 EBADF (Bad file descriptor) [pid 653] close(27) = -1 EBADF (Bad file descriptor) [pid 653] close(28) = -1 EBADF (Bad file descriptor) [pid 653] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 653] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 653] exit_group(0) = ? [pid 661] open("./file0", O_RDONLY) = 3 [pid 653] +++ exited with 0 +++ [pid 661] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=40, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 661] write(4, "-pids ", 6 [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./38/binderfs") = 0 [pid 383] umount2("./38/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./38/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./38/cgroup") = 0 [pid 383] umount2("./38/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./38/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./38/cgroup.net") = 0 [pid 383] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./38/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 156.512099][ T653] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 156.520043][ T653] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 156.527988][ T653] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 156.535937][ T653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 156.543885][ T653] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000026 [ 156.552009][ T653] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 383] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 661] <... write resumed>) = 6 [pid 661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 661] write(5, "22", 2) = 2 [pid 661] write(4, "+pids ", 6 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./38/file0") = 0 [pid 383] umount2("./38/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./38/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./38/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./38") = 0 [pid 383] mkdir("./39", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 41 ./strace-static-x86_64: Process 662 attached [pid 662] chdir("./39") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [ 156.570432][ T660] FAULT_INJECTION: forcing a failure. [ 156.570432][ T660] name failslab, interval 1, probability 0, space 0, times 0 [ 156.583648][ T660] CPU: 0 PID: 660 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 156.595260][ T660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.605286][ T660] Call Trace: [ 156.608562][ T660] dump_stack_lvl+0x1e2/0x24b [ 156.613237][ T660] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 662] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 662] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 662] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 662] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 156.618697][ T660] ? selinux_kernfs_init_security+0x1a8/0x760 [ 156.624755][ T660] dump_stack+0x15/0x17 [ 156.628897][ T660] should_fail+0x3c0/0x510 [ 156.633289][ T660] ? __kernfs_new_node+0x99/0x6e0 [ 156.638288][ T660] __should_failslab+0x9f/0xe0 [ 156.643025][ T660] should_failslab+0x9/0x20 [ 156.647502][ T660] __kmalloc_track_caller+0x5f/0x350 [ 156.652759][ T660] kstrdup_const+0x55/0x90 [ 156.657148][ T660] __kernfs_new_node+0x99/0x6e0 [ 156.661972][ T660] ? is_module_text_address+0xe1/0x140 [ 156.667403][ T660] ? kernfs_new_node+0x170/0x170 [ 156.672313][ T660] ? ptr_to_hashval+0x60/0x60 [ 156.676961][ T660] ? arch_stack_walk+0xf8/0x140 [ 156.681791][ T660] ? snprintf+0xd6/0x120 [ 156.686014][ T660] kernfs_new_node+0x97/0x170 [ 156.690665][ T660] __kernfs_create_file+0x4a/0x270 [ 156.695754][ T660] cgroup_addrm_files+0xab8/0xfe0 [ 156.700749][ T660] ? ____kasan_kmalloc+0xdc/0x110 [ 156.705744][ T660] ? __kasan_kmalloc+0x9/0x10 [ 156.710391][ T660] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 156.715908][ T660] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 156.722036][ T660] ? delete_node+0x759/0x7b0 [ 156.726610][ T660] ? __kasan_check_read+0x11/0x20 [ 156.731614][ T660] ? delete_node+0x759/0x7b0 [ 156.736175][ T660] ? __kasan_check_write+0x14/0x20 [ 156.741257][ T660] ? idr_replace+0x1c4/0x230 [ 156.745816][ T660] ? idr_get_next+0x4b0/0x4b0 [ 156.750470][ T660] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 156.755467][ T660] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 156.760637][ T660] css_populate_dir+0x137/0x370 [ 156.765462][ T660] cgroup_apply_control_enable+0x8b9/0x12f0 [ 156.771327][ T660] cgroup_apply_control+0x93/0x710 [ 156.776411][ T660] ? css_next_child+0x160/0x160 [ 156.781229][ T660] ? stack_trace_save+0x12d/0x1f0 [ 156.786225][ T660] ? io_schedule+0x120/0x120 [ 156.790796][ T660] ? kernfs_fop_write_iter+0x15e/0x410 [ 156.796233][ T660] ? __kasan_check_write+0x14/0x20 [ 156.801317][ T660] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 156.806571][ T660] cgroup_subtree_control_write+0xd19/0x1310 [ 156.812529][ T660] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 156.818489][ T660] ? __kasan_check_write+0x14/0x20 [ 156.823578][ T660] ? _copy_from_iter+0x3fb/0xd60 [ 156.828506][ T660] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 156.834465][ T660] cgroup_file_write+0x28e/0x590 [ 156.839377][ T660] ? cgroup_seqfile_stop+0xc0/0xc0 [ 156.844463][ T660] ? mutex_lock+0xa6/0x110 [ 156.848849][ T660] ? mutex_trylock+0xb0/0xb0 [ 156.853420][ T660] ? __kasan_check_write+0x14/0x20 [ 156.858503][ T660] kernfs_fop_write_iter+0x2d0/0x410 [ 156.863759][ T660] ? cgroup_seqfile_stop+0xc0/0xc0 [ 156.868842][ T660] vfs_write+0xc1c/0xf40 [ 156.873057][ T660] ? __kasan_check_write+0x14/0x20 [ 156.878138][ T660] ? kernel_write+0x3c0/0x3c0 [ 156.882787][ T660] ? _raw_spin_unlock_irq+0x4e/0x70 [ 156.887957][ T660] ? ptrace_stop+0x6ff/0x9f0 [ 156.892520][ T660] ? __kasan_check_read+0x11/0x20 [ 156.897513][ T660] ? __fdget_pos+0x27e/0x310 [ 156.902075][ T660] ksys_write+0x198/0x2c0 [ 156.906377][ T660] ? do_notify_parent+0xa60/0xa60 [ 156.911372][ T660] ? __ia32_sys_read+0x90/0x90 [ 156.916104][ T660] ? __ia32_sys_open+0x270/0x270 [ 156.921024][ T660] __x64_sys_write+0x7b/0x90 [ 156.925597][ T660] do_syscall_64+0x34/0x70 [ 156.929995][ T660] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 156.935866][ T660] RIP: 0033:0x7fc8ece62c09 [ 156.940263][ T660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 156.959848][ T660] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 662] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 660] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 662] open("./file0", O_RDONLY) = 3 [pid 660] close(3 [pid 662] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 660] <... close resumed>) = 0 [pid 662] write(4, "-pids ", 6 [pid 660] close(4) = 0 [pid 660] close(5) = 0 [pid 660] close(6) = -1 EBADF (Bad file descriptor) [pid 660] close(7) = -1 EBADF (Bad file descriptor) [pid 660] close(8) = -1 EBADF (Bad file descriptor) [pid 660] close(9) = -1 EBADF (Bad file descriptor) [pid 660] close(10) = -1 EBADF (Bad file descriptor) [pid 660] close(11) = -1 EBADF (Bad file descriptor) [pid 660] close(12) = -1 EBADF (Bad file descriptor) [pid 660] close(13) = -1 EBADF (Bad file descriptor) [pid 660] close(14) = -1 EBADF (Bad file descriptor) [pid 660] close(15) = -1 EBADF (Bad file descriptor) [pid 660] close(16) = -1 EBADF (Bad file descriptor) [pid 660] close(17) = -1 EBADF (Bad file descriptor) [pid 660] close(18) = -1 EBADF (Bad file descriptor) [pid 660] close(19) = -1 EBADF (Bad file descriptor) [pid 660] close(20) = -1 EBADF (Bad file descriptor) [pid 660] close(21) = -1 EBADF (Bad file descriptor) [pid 660] close(22) = -1 EBADF (Bad file descriptor) [pid 660] close(23) = -1 EBADF (Bad file descriptor) [pid 660] close(24) = -1 EBADF (Bad file descriptor) [pid 660] close(25) = -1 EBADF (Bad file descriptor) [pid 660] close(26) = -1 EBADF (Bad file descriptor) [pid 660] close(27) = -1 EBADF (Bad file descriptor) [pid 660] close(28) = -1 EBADF (Bad file descriptor) [pid 660] close(29) = -1 EBADF (Bad file descriptor) [pid 660] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [ 156.968242][ T660] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 156.976197][ T660] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 156.984150][ T660] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 156.992097][ T660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 157.000042][ T660] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 157.008117][ T660] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 660] exit_group(0) = ? [pid 660] +++ exited with 0 +++ [ 157.030527][ T661] FAULT_INJECTION: forcing a failure. [ 157.030527][ T661] name failslab, interval 1, probability 0, space 0, times 0 [ 157.043208][ T661] CPU: 0 PID: 661 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 157.054812][ T661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.064842][ T661] Call Trace: [ 157.068119][ T661] dump_stack_lvl+0x1e2/0x24b [ 157.072771][ T661] ? bfq_pos_tree_add_move+0x43e/0x43e [ 157.078208][ T661] ? selinux_kernfs_init_security+0x1a8/0x760 [ 157.084248][ T661] dump_stack+0x15/0x17 [ 157.088379][ T661] should_fail+0x3c0/0x510 [ 157.092779][ T661] ? __kernfs_new_node+0x99/0x6e0 [ 157.097778][ T661] __should_failslab+0x9f/0xe0 [ 157.102519][ T661] should_failslab+0x9/0x20 [ 157.106998][ T661] __kmalloc_track_caller+0x5f/0x350 [ 157.112263][ T661] kstrdup_const+0x55/0x90 [ 157.116658][ T661] __kernfs_new_node+0x99/0x6e0 [ 157.121484][ T661] ? is_module_text_address+0xe1/0x140 [ 157.126924][ T661] ? kernfs_new_node+0x170/0x170 [ 157.131836][ T661] ? ptr_to_hashval+0x60/0x60 [ 157.136493][ T661] ? arch_stack_walk+0xf8/0x140 [ 157.141325][ T661] ? snprintf+0xd6/0x120 [ 157.145548][ T661] kernfs_new_node+0x97/0x170 [ 157.150204][ T661] __kernfs_create_file+0x4a/0x270 [ 157.155296][ T661] cgroup_addrm_files+0xab8/0xfe0 [ 157.160301][ T661] ? ____kasan_kmalloc+0xdc/0x110 [ 157.165305][ T661] ? __kasan_kmalloc+0x9/0x10 [ 157.169958][ T661] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 157.175481][ T661] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 157.181618][ T661] ? delete_node+0x759/0x7b0 [ 157.186187][ T661] ? __kasan_check_read+0x11/0x20 [ 157.191187][ T661] ? delete_node+0x759/0x7b0 [ 157.195756][ T661] ? __kasan_check_write+0x14/0x20 [ 157.200845][ T661] ? idr_replace+0x1c4/0x230 [ 157.205414][ T661] ? idr_get_next+0x4b0/0x4b0 [ 157.210067][ T661] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 157.215065][ T661] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 157.220245][ T661] css_populate_dir+0x137/0x370 [ 157.225076][ T661] cgroup_apply_control_enable+0x8b9/0x12f0 [ 157.230946][ T661] cgroup_apply_control+0x93/0x710 [ 157.236035][ T661] ? css_next_child+0x160/0x160 [ 157.240862][ T661] ? io_schedule+0x120/0x120 [ 157.245437][ T661] ? kernfs_fop_write_iter+0x15e/0x410 [ 157.250870][ T661] ? __kasan_check_write+0x14/0x20 [ 157.255958][ T661] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 157.261249][ T661] cgroup_subtree_control_write+0xd19/0x1310 [ 157.267210][ T661] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 157.273165][ T661] ? __kasan_check_write+0x14/0x20 [ 157.278270][ T661] ? _copy_from_iter+0x3fb/0xd60 [ 157.283193][ T661] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 157.289158][ T661] cgroup_file_write+0x28e/0x590 [ 157.294090][ T661] ? cgroup_seqfile_stop+0xc0/0xc0 [ 157.299190][ T661] ? mutex_lock+0xa6/0x110 [ 157.303585][ T661] ? mutex_trylock+0xb0/0xb0 [ 157.308157][ T661] ? __kasan_check_write+0x14/0x20 [ 157.313252][ T661] kernfs_fop_write_iter+0x2d0/0x410 [ 157.318534][ T661] ? cgroup_seqfile_stop+0xc0/0xc0 [ 157.323635][ T661] vfs_write+0xc1c/0xf40 [ 157.327857][ T661] ? __kasan_check_write+0x14/0x20 [ 157.332949][ T661] ? kernel_write+0x3c0/0x3c0 [ 157.337603][ T661] ? _raw_spin_unlock_irq+0x4e/0x70 [ 157.342782][ T661] ? ptrace_stop+0x6ff/0x9f0 [ 157.347355][ T661] ? __kasan_check_read+0x11/0x20 [ 157.352360][ T661] ? __fdget_pos+0x27e/0x310 [ 157.356930][ T661] ksys_write+0x198/0x2c0 [ 157.361246][ T661] ? do_notify_parent+0xa60/0xa60 [ 157.366249][ T661] ? __ia32_sys_read+0x90/0x90 [ 157.370990][ T661] ? __ia32_sys_open+0x270/0x270 [ 157.375907][ T661] __x64_sys_write+0x7b/0x90 [ 157.380475][ T661] do_syscall_64+0x34/0x70 [ 157.384869][ T661] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 157.390740][ T661] RIP: 0033:0x7fc8ece62c09 [ 157.395137][ T661] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 157.414716][ T661] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 157.423112][ T661] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 375] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./50/binderfs", [pid 661] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 661] close(3 [pid 375] unlink("./50/binderfs" [pid 661] <... close resumed>) = 0 [pid 661] close(4 [pid 375] <... unlink resumed>) = 0 [pid 661] <... close resumed>) = 0 [pid 375] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 661] close(5 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./50/cgroup", [pid 661] <... close resumed>) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 661] close(6 [pid 375] unlink("./50/cgroup" [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 661] close(7 [pid 375] <... unlink resumed>) = 0 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW [pid 661] close(8 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] lstat("./50/cgroup.net", [pid 661] close(9 [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./50/cgroup.net" [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... unlink resumed>) = 0 [pid 661] close(10 [pid 375] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 661] close(11 [pid 375] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... openat resumed>) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 661] close(12 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] rmdir("./50/file0" [pid 661] close(13 [pid 375] <... rmdir resumed>) = 0 [pid 375] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./50/cgroup.cpu" [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... unlink resumed>) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 661] close(14 [pid 375] close(3) = 0 [pid 375] rmdir("./50" [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... rmdir resumed>) = 0 [pid 375] mkdir("./51", 0777 [pid 661] close(15 [pid 375] <... mkdir resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 663 attached [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 53 [pid 663] chdir("./51") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 663] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 663] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 661] close(16 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] <... openat resumed>) = 3 [pid 661] close(17 [pid 663] write(3, "1000", 4 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] <... write resumed>) = 4 [pid 661] close(18 [pid 663] close(3 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] <... close resumed>) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs" [pid 661] close(19 [pid 663] <... symlink resumed>) = 0 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] mkdirat(AT_FDCWD, "./file0", 000 [pid 661] close(20 [pid 663] <... mkdirat resumed>) = 0 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 661] close(21 [pid 663] <... mount resumed>) = 0 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] open("./file0", O_RDONLY [pid 661] close(22 [pid 663] <... open resumed>) = 3 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] openat(3, "cgroup.subtree_control", O_RDWR [pid 661] close(23 [pid 663] <... openat resumed>) = 4 [pid 661] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] write(4, "-pids ", 6 [pid 661] close(24) = -1 EBADF (Bad file descriptor) [pid 661] close(25) = -1 EBADF (Bad file descriptor) [pid 661] close(26) = -1 EBADF (Bad file descriptor) [pid 661] close(27) = -1 EBADF (Bad file descriptor) [pid 661] close(28) = -1 EBADF (Bad file descriptor) [pid 661] close(29) = -1 EBADF (Bad file descriptor) [pid 661] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 661] exit_group(0) = ? [pid 661] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./42/binderfs") = 0 [pid 380] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./42/cgroup") = 0 [pid 380] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./42/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./42/cgroup.net") = 0 [pid 380] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./42/file0") = 0 [pid 380] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./42/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./42") = 0 [pid 380] mkdir("./43", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 664 attached , child_tidptr=0x555556fab5d0) = 45 [pid 664] chdir("./43") = 0 [pid 664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 664] setpgid(0, 0) = 0 [pid 664] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 664] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 664] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 664] write(3, "1000", 4) = 4 [pid 664] close(3) = 0 [pid 664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 664] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 664] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 664] open("./file0", O_RDONLY) = 3 [pid 664] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 157.431061][ T661] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 157.439011][ T661] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 157.446959][ T661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 157.454910][ T661] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [ 157.466706][ T661] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 664] write(4, "-pids ", 6 [pid 663] <... write resumed>) = 6 [pid 662] <... write resumed>) = 6 [pid 659] <... write resumed>) = 6 [pid 664] <... write resumed>) = 6 [pid 663] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 658] <... write resumed>) = 6 [pid 657] <... write resumed>) = 6 [pid 664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 663] <... openat resumed>) = 5 [pid 662] <... openat resumed>) = 5 [pid 659] <... openat resumed>) = 5 [pid 658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 657] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 664] <... openat resumed>) = 5 [pid 663] write(5, "22", 2 [pid 662] write(5, "22", 2 [pid 659] write(5, "22", 2 [pid 662] <... write resumed>) = 2 [pid 659] <... write resumed>) = 2 [pid 658] <... openat resumed>) = 5 [pid 657] <... openat resumed>) = 5 [pid 664] write(5, "22", 2 [pid 663] <... write resumed>) = 2 [pid 662] write(4, "+pids ", 6 [pid 659] write(4, "+pids ", 6 [pid 658] write(5, "22", 2 [pid 657] write(5, "22", 2 [pid 664] <... write resumed>) = 2 [pid 663] write(4, "+pids ", 6 [pid 658] <... write resumed>) = 2 [pid 657] <... write resumed>) = 2 [pid 664] write(4, "+pids ", 6 [pid 658] write(4, "+pids ", 6 [ 157.522118][ T662] FAULT_INJECTION: forcing a failure. [ 157.522118][ T662] name failslab, interval 1, probability 0, space 0, times 0 [ 157.534755][ T662] CPU: 1 PID: 662 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 157.546354][ T662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.556384][ T662] Call Trace: [ 157.559652][ T662] dump_stack_lvl+0x1e2/0x24b [ 157.564319][ T662] ? bfq_pos_tree_add_move+0x43e/0x43e [ 157.569764][ T662] ? selinux_kernfs_init_security+0x1a8/0x760 [ 157.575807][ T662] dump_stack+0x15/0x17 [ 157.579945][ T662] should_fail+0x3c0/0x510 [ 157.584335][ T662] ? __kernfs_new_node+0x99/0x6e0 [ 157.589343][ T662] __should_failslab+0x9f/0xe0 [ 157.594091][ T662] should_failslab+0x9/0x20 [ 157.598569][ T662] __kmalloc_track_caller+0x5f/0x350 [ 157.603825][ T662] kstrdup_const+0x55/0x90 [ 157.608213][ T662] __kernfs_new_node+0x99/0x6e0 [ 157.613047][ T662] ? is_module_text_address+0xe1/0x140 [ 157.618488][ T662] ? kernfs_new_node+0x170/0x170 [ 157.623407][ T662] ? ptr_to_hashval+0x60/0x60 [ 157.628072][ T662] ? arch_stack_walk+0xf8/0x140 [ 157.632903][ T662] ? snprintf+0xd6/0x120 [ 157.637121][ T662] kernfs_new_node+0x97/0x170 [ 157.641771][ T662] __kernfs_create_file+0x4a/0x270 [ 157.646865][ T662] cgroup_addrm_files+0xab8/0xfe0 [ 157.651873][ T662] ? ____kasan_kmalloc+0xdc/0x110 [ 157.656869][ T662] ? __kasan_kmalloc+0x9/0x10 [ 157.661529][ T662] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 157.667059][ T662] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 157.673183][ T662] ? delete_node+0x759/0x7b0 [ 157.677744][ T662] ? __kasan_check_read+0x11/0x20 [ 157.682743][ T662] ? delete_node+0x759/0x7b0 [ 157.687308][ T662] ? __kasan_check_write+0x14/0x20 [ 157.692393][ T662] ? idr_replace+0x1c4/0x230 [ 157.696960][ T662] ? idr_get_next+0x4b0/0x4b0 [ 157.701621][ T662] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 157.706627][ T662] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 157.711805][ T662] css_populate_dir+0x137/0x370 [ 157.716646][ T662] cgroup_apply_control_enable+0x8b9/0x12f0 [ 157.722535][ T662] cgroup_apply_control+0x93/0x710 [ 157.727629][ T662] ? css_next_child+0x160/0x160 [ 157.732462][ T662] ? stack_trace_save+0x12d/0x1f0 [ 157.737467][ T662] ? io_schedule+0x120/0x120 [ 157.742029][ T662] ? kernfs_fop_write_iter+0x15e/0x410 [ 157.747475][ T662] ? __kasan_check_write+0x14/0x20 [ 157.752576][ T662] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 157.757835][ T662] cgroup_subtree_control_write+0xd19/0x1310 [ 157.763790][ T662] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 157.769743][ T662] ? __kasan_check_write+0x14/0x20 [ 157.774837][ T662] ? _copy_from_iter+0x3fb/0xd60 [ 157.779758][ T662] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 157.785714][ T662] cgroup_file_write+0x28e/0x590 [ 157.790633][ T662] ? cgroup_seqfile_stop+0xc0/0xc0 [ 157.795727][ T662] ? mutex_lock+0xa6/0x110 [ 157.800114][ T662] ? mutex_trylock+0xb0/0xb0 [ 157.804685][ T662] ? __kasan_check_write+0x14/0x20 [ 157.809779][ T662] kernfs_fop_write_iter+0x2d0/0x410 [ 157.815037][ T662] ? cgroup_seqfile_stop+0xc0/0xc0 [ 157.820124][ T662] vfs_write+0xc1c/0xf40 [ 157.824343][ T662] ? __kasan_check_write+0x14/0x20 [ 157.829428][ T662] ? kernel_write+0x3c0/0x3c0 [ 157.834078][ T662] ? _raw_spin_unlock_irq+0x4e/0x70 [ 157.839251][ T662] ? ptrace_stop+0x6ff/0x9f0 [ 157.843817][ T662] ? __kasan_check_read+0x11/0x20 [ 157.848822][ T662] ? __fdget_pos+0x27e/0x310 [ 157.853406][ T662] ksys_write+0x198/0x2c0 [ 157.857729][ T662] ? do_notify_parent+0xa60/0xa60 [ 157.862737][ T662] ? __ia32_sys_read+0x90/0x90 [ 157.867479][ T662] ? __ia32_sys_open+0x270/0x270 [ 157.872403][ T662] __x64_sys_write+0x7b/0x90 [ 157.876970][ T662] do_syscall_64+0x34/0x70 [ 157.881363][ T662] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 157.887228][ T662] RIP: 0033:0x7fc8ece62c09 [ 157.891628][ T662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 157.911217][ T662] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 657] write(4, "+pids ", 6 [pid 662] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 662] close(3) = 0 [pid 662] close(4) = 0 [pid 662] close(5) = 0 [pid 662] close(6) = -1 EBADF (Bad file descriptor) [pid 662] close(7) = -1 EBADF (Bad file descriptor) [pid 662] close(8) = -1 EBADF (Bad file descriptor) [pid 662] close(9) = -1 EBADF (Bad file descriptor) [pid 662] close(10) = -1 EBADF (Bad file descriptor) [pid 662] close(11) = -1 EBADF (Bad file descriptor) [pid 662] close(12) = -1 EBADF (Bad file descriptor) [pid 662] close(13) = -1 EBADF (Bad file descriptor) [pid 662] close(14) = -1 EBADF (Bad file descriptor) [pid 662] close(15) = -1 EBADF (Bad file descriptor) [pid 662] close(16) = -1 EBADF (Bad file descriptor) [pid 662] close(17) = -1 EBADF (Bad file descriptor) [pid 662] close(18) = -1 EBADF (Bad file descriptor) [pid 662] close(19) = -1 EBADF (Bad file descriptor) [pid 662] close(20) = -1 EBADF (Bad file descriptor) [pid 662] close(21) = -1 EBADF (Bad file descriptor) [pid 662] close(22) = -1 EBADF (Bad file descriptor) [pid 662] close(23) = -1 EBADF (Bad file descriptor) [pid 662] close(24) = -1 EBADF (Bad file descriptor) [pid 662] close(25) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 662] close(26) = -1 EBADF (Bad file descriptor) [pid 662] close(27) = -1 EBADF (Bad file descriptor) [pid 662] close(28) = -1 EBADF (Bad file descriptor) [pid 662] close(29) = -1 EBADF (Bad file descriptor) [pid 662] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 662] exit_group(0) = ? [pid 662] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 383] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./39/binderfs") = 0 [pid 383] umount2("./39/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./39/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./39/cgroup") = 0 [pid 383] umount2("./39/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./39/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./39/cgroup.net") = 0 [pid 383] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./39/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./39/file0") = 0 [pid 383] umount2("./39/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./39/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./39/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./39") = 0 [pid 383] mkdir("./40", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 665 attached , child_tidptr=0x555556fab5d0) = 42 [pid 665] chdir("./40") = 0 [pid 665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 665] setpgid(0, 0) = 0 [pid 665] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 665] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 665] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 665] write(3, "1000", 4) = 4 [pid 665] close(3) = 0 [pid 665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 665] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 665] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 665] open("./file0", O_RDONLY) = 3 [pid 665] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 157.919607][ T662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 157.927553][ T662] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 157.935503][ T662] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 157.943459][ T662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 157.951426][ T662] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000027 [ 157.959840][ T662] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 665] write(4, "-pids ", 6) = 6 [pid 665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 665] write(5, "22", 2) = 2 [ 157.980502][ T658] FAULT_INJECTION: forcing a failure. [ 157.980502][ T658] name failslab, interval 1, probability 0, space 0, times 0 [ 157.993141][ T658] CPU: 0 PID: 658 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 158.004751][ T658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.014788][ T658] Call Trace: [ 158.018071][ T658] dump_stack_lvl+0x1e2/0x24b [ 158.022725][ T658] ? bfq_pos_tree_add_move+0x43e/0x43e [ 158.028184][ T658] ? selinux_kernfs_init_security+0x1a8/0x760 [ 158.034239][ T658] dump_stack+0x15/0x17 [ 158.038377][ T658] should_fail+0x3c0/0x510 [ 158.042788][ T658] ? __kernfs_new_node+0x99/0x6e0 [ 158.047797][ T658] __should_failslab+0x9f/0xe0 [ 158.052536][ T658] should_failslab+0x9/0x20 [ 158.057013][ T658] __kmalloc_track_caller+0x5f/0x350 [ 158.062272][ T658] kstrdup_const+0x55/0x90 [ 158.066670][ T658] __kernfs_new_node+0x99/0x6e0 [ 158.071503][ T658] ? is_module_text_address+0xe1/0x140 [ 158.076948][ T658] ? kernfs_new_node+0x170/0x170 [ 158.081874][ T658] ? ptr_to_hashval+0x60/0x60 [ 158.086526][ T658] ? arch_stack_walk+0xf8/0x140 [ 158.091359][ T658] ? snprintf+0xd6/0x120 [ 158.095584][ T658] kernfs_new_node+0x97/0x170 [ 158.100243][ T658] __kernfs_create_file+0x4a/0x270 [ 158.105336][ T658] cgroup_addrm_files+0xab8/0xfe0 [ 158.110335][ T658] ? ____kasan_kmalloc+0xdc/0x110 [ 158.115339][ T658] ? __kasan_kmalloc+0x9/0x10 [ 158.120000][ T658] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 158.125532][ T658] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 158.131679][ T658] ? delete_node+0x759/0x7b0 [ 158.136260][ T658] ? __kasan_check_read+0x11/0x20 [ 158.141262][ T658] ? delete_node+0x759/0x7b0 [ 158.145824][ T658] ? __kasan_check_write+0x14/0x20 [ 158.150919][ T658] ? idr_replace+0x1c4/0x230 [ 158.155500][ T658] ? idr_get_next+0x4b0/0x4b0 [ 158.160151][ T658] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 158.165156][ T658] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 158.170330][ T658] css_populate_dir+0x137/0x370 [ 158.175154][ T658] cgroup_apply_control_enable+0x8b9/0x12f0 [ 158.181022][ T658] cgroup_apply_control+0x93/0x710 [ 158.186119][ T658] ? css_next_child+0x160/0x160 [ 158.191734][ T658] ? stack_trace_save+0x12d/0x1f0 [ 158.196738][ T658] ? io_schedule+0x120/0x120 [ 158.201320][ T658] ? kernfs_fop_write_iter+0x15e/0x410 [ 158.206766][ T658] ? __kasan_check_write+0x14/0x20 [ 158.211861][ T658] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 158.217132][ T658] cgroup_subtree_control_write+0xd19/0x1310 [ 158.223105][ T658] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 158.229073][ T658] ? __kasan_check_write+0x14/0x20 [ 158.234185][ T658] ? _copy_from_iter+0x3fb/0xd60 [ 158.239110][ T658] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 158.245084][ T658] cgroup_file_write+0x28e/0x590 [ 158.250009][ T658] ? cgroup_seqfile_stop+0xc0/0xc0 [ 158.255121][ T658] ? mutex_lock+0xa6/0x110 [ 158.259526][ T658] ? mutex_trylock+0xb0/0xb0 [ 158.264104][ T658] ? __kasan_check_write+0x14/0x20 [ 158.269199][ T658] kernfs_fop_write_iter+0x2d0/0x410 [ 158.274464][ T658] ? cgroup_seqfile_stop+0xc0/0xc0 [ 158.279562][ T658] vfs_write+0xc1c/0xf40 [ 158.283784][ T658] ? __kasan_check_write+0x14/0x20 [ 158.288878][ T658] ? kernel_write+0x3c0/0x3c0 [ 158.293529][ T658] ? _raw_spin_unlock_irq+0x4e/0x70 [ 158.298711][ T658] ? ptrace_stop+0x6ff/0x9f0 [ 158.303281][ T658] ? __kasan_check_read+0x11/0x20 [ 158.308279][ T658] ? __fdget_pos+0x27e/0x310 [ 158.312843][ T658] ksys_write+0x198/0x2c0 [ 158.317146][ T658] ? do_notify_parent+0xa60/0xa60 [ 158.322153][ T658] ? __ia32_sys_read+0x90/0x90 [ 158.326900][ T658] ? __ia32_sys_open+0x270/0x270 [ 158.331811][ T658] __x64_sys_write+0x7b/0x90 [ 158.336378][ T658] do_syscall_64+0x34/0x70 [ 158.340774][ T658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 158.346638][ T658] RIP: 0033:0x7fc8ece62c09 [ 158.351028][ T658] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 158.370612][ T658] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 665] write(4, "+pids ", 6 [pid 658] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 658] close(3) = 0 [pid 658] close(4) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = -1 EBADF (Bad file descriptor) [pid 658] close(7) = -1 EBADF (Bad file descriptor) [pid 658] close(8) = -1 EBADF (Bad file descriptor) [pid 658] close(9) = -1 EBADF (Bad file descriptor) [pid 658] close(10) = -1 EBADF (Bad file descriptor) [pid 658] close(11) = -1 EBADF (Bad file descriptor) [pid 658] close(12) = -1 EBADF (Bad file descriptor) [pid 658] close(13) = -1 EBADF (Bad file descriptor) [pid 658] close(14) = -1 EBADF (Bad file descriptor) [pid 658] close(15) = -1 EBADF (Bad file descriptor) [pid 658] close(16) = -1 EBADF (Bad file descriptor) [pid 658] close(17) = -1 EBADF (Bad file descriptor) [pid 658] close(18) = -1 EBADF (Bad file descriptor) [pid 658] close(19) = -1 EBADF (Bad file descriptor) [pid 658] close(20) = -1 EBADF (Bad file descriptor) [pid 658] close(21) = -1 EBADF (Bad file descriptor) [pid 658] close(22) = -1 EBADF (Bad file descriptor) [pid 658] close(23) = -1 EBADF (Bad file descriptor) [pid 658] close(24) = -1 EBADF (Bad file descriptor) [pid 658] close(25) = -1 EBADF (Bad file descriptor) [pid 658] close(26) = -1 EBADF (Bad file descriptor) [pid 658] close(27) = -1 EBADF (Bad file descriptor) [pid 658] close(28) = -1 EBADF (Bad file descriptor) [pid 658] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 658] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 658] exit_group(0) = ? [pid 658] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./49/binderfs") = 0 [pid 382] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./49/cgroup") = 0 [pid 382] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./49/cgroup.net") = 0 [pid 382] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./49/file0") = 0 [pid 382] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./49/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./49") = 0 [pid 382] mkdir("./50", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 666 attached [pid 666] chdir("./50") = 0 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 52 [pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 666] setpgid(0, 0) = 0 [pid 666] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 666] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 666] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 666] write(3, "1000", 4) = 4 [pid 666] close(3) = 0 [pid 666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 666] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 666] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 666] open("./file0", O_RDONLY) = 3 [pid 666] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 158.379011][ T658] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 158.386970][ T658] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 158.394932][ T658] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 158.402886][ T658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 158.410867][ T658] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [ 158.421153][ T658] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 158.460428][ T657] FAULT_INJECTION: forcing a failure. [ 158.460428][ T657] name failslab, interval 1, probability 0, space 0, times 0 [ 158.473174][ T657] CPU: 1 PID: 657 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 158.484776][ T657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.494812][ T657] Call Trace: [ 158.498091][ T657] dump_stack_lvl+0x1e2/0x24b [ 158.502747][ T657] ? bfq_pos_tree_add_move+0x43e/0x43e [ 158.508191][ T657] ? selinux_kernfs_init_security+0x1a8/0x760 [ 158.514243][ T657] dump_stack+0x15/0x17 [ 158.518380][ T657] should_fail+0x3c0/0x510 [ 158.522775][ T657] ? __kernfs_new_node+0x99/0x6e0 [ 158.527773][ T657] __should_failslab+0x9f/0xe0 [ 158.532513][ T657] should_failslab+0x9/0x20 [ 158.536993][ T657] __kmalloc_track_caller+0x5f/0x350 [ 158.542254][ T657] kstrdup_const+0x55/0x90 [ 158.546646][ T657] __kernfs_new_node+0x99/0x6e0 [ 158.551480][ T657] ? is_module_text_address+0xe1/0x140 [ 158.556926][ T657] ? kernfs_new_node+0x170/0x170 [ 158.561851][ T657] ? ptr_to_hashval+0x60/0x60 [ 158.566512][ T657] ? arch_stack_walk+0xf8/0x140 [ 158.571345][ T657] ? snprintf+0xd6/0x120 [ 158.575571][ T657] kernfs_new_node+0x97/0x170 [ 158.580228][ T657] __kernfs_create_file+0x4a/0x270 [ 158.585331][ T657] cgroup_addrm_files+0xab8/0xfe0 [ 158.590341][ T657] ? ____kasan_kmalloc+0xdc/0x110 [ 158.595338][ T657] ? __kasan_kmalloc+0x9/0x10 [ 158.600170][ T657] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 158.605699][ T657] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 158.611825][ T657] ? delete_node+0x759/0x7b0 [ 158.616392][ T657] ? __kasan_check_read+0x11/0x20 [ 158.621394][ T657] ? delete_node+0x759/0x7b0 [ 158.625987][ T657] ? __kasan_check_write+0x14/0x20 [ 158.631076][ T657] ? idr_replace+0x1c4/0x230 [ 158.635640][ T657] ? idr_get_next+0x4b0/0x4b0 [ 158.640300][ T657] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 158.645297][ T657] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 158.650468][ T657] css_populate_dir+0x137/0x370 [ 158.655295][ T657] cgroup_apply_control_enable+0x8b9/0x12f0 [ 158.661171][ T657] cgroup_apply_control+0x93/0x710 [ 158.666276][ T657] ? css_next_child+0x160/0x160 [ 158.671109][ T657] ? io_schedule+0x120/0x120 [ 158.675680][ T657] ? kernfs_fop_write_iter+0x15e/0x410 [ 158.681119][ T657] ? __kasan_check_write+0x14/0x20 [ 158.686203][ T657] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 158.691461][ T657] cgroup_subtree_control_write+0xd19/0x1310 [ 158.697425][ T657] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 158.703400][ T657] ? __kasan_check_write+0x14/0x20 [ 158.708509][ T657] ? _copy_from_iter+0x3fb/0xd60 [ 158.713440][ T657] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 158.719406][ T657] cgroup_file_write+0x28e/0x590 [ 158.724328][ T657] ? cgroup_seqfile_stop+0xc0/0xc0 [ 158.729414][ T657] ? mutex_lock+0xa6/0x110 [ 158.733811][ T657] ? mutex_trylock+0xb0/0xb0 [ 158.738388][ T657] ? __kasan_check_write+0x14/0x20 [ 158.743472][ T657] kernfs_fop_write_iter+0x2d0/0x410 [ 158.748734][ T657] ? cgroup_seqfile_stop+0xc0/0xc0 [ 158.753834][ T657] vfs_write+0xc1c/0xf40 [ 158.758061][ T657] ? __kasan_check_write+0x14/0x20 [ 158.763156][ T657] ? kernel_write+0x3c0/0x3c0 [ 158.767814][ T657] ? _raw_spin_unlock_irq+0x4e/0x70 [ 158.773008][ T657] ? ptrace_stop+0x6ff/0x9f0 [ 158.777587][ T657] ? __kasan_check_read+0x11/0x20 [ 158.782592][ T657] ? __fdget_pos+0x27e/0x310 [ 158.787161][ T657] ksys_write+0x198/0x2c0 [ 158.791480][ T657] ? do_notify_parent+0xa60/0xa60 [ 158.796486][ T657] ? __ia32_sys_read+0x90/0x90 [ 158.801230][ T657] ? __ia32_sys_open+0x270/0x270 [ 158.806153][ T657] __x64_sys_write+0x7b/0x90 [ 158.810725][ T657] do_syscall_64+0x34/0x70 [ 158.815115][ T657] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 158.820987][ T657] RIP: 0033:0x7fc8ece62c09 [ 158.825385][ T657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 158.844964][ T657] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.853349][ T657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 666] write(4, "-pids ", 6 [pid 657] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 657] close(3) = 0 [pid 657] close(4) = 0 [pid 657] close(5) = 0 [pid 657] close(6) = -1 EBADF (Bad file descriptor) [pid 657] close(7) = -1 EBADF (Bad file descriptor) [pid 657] close(8) = -1 EBADF (Bad file descriptor) [pid 657] close(9) = -1 EBADF (Bad file descriptor) [pid 657] close(10) = -1 EBADF (Bad file descriptor) [pid 657] close(11) = -1 EBADF (Bad file descriptor) [pid 657] close(12) = -1 EBADF (Bad file descriptor) [pid 657] close(13) = -1 EBADF (Bad file descriptor) [pid 657] close(14) = -1 EBADF (Bad file descriptor) [pid 657] close(15) = -1 EBADF (Bad file descriptor) [pid 657] close(16) = -1 EBADF (Bad file descriptor) [pid 657] close(17) = -1 EBADF (Bad file descriptor) [pid 657] close(18) = -1 EBADF (Bad file descriptor) [pid 657] close(19) = -1 EBADF (Bad file descriptor) [pid 657] close(20) = -1 EBADF (Bad file descriptor) [pid 657] close(21) = -1 EBADF (Bad file descriptor) [pid 657] close(22) = -1 EBADF (Bad file descriptor) [pid 657] close(23) = -1 EBADF (Bad file descriptor) [pid 657] close(24) = -1 EBADF (Bad file descriptor) [pid 657] close(25) = -1 EBADF (Bad file descriptor) [pid 657] close(26) = -1 EBADF (Bad file descriptor) [pid 657] close(27) = -1 EBADF (Bad file descriptor) [pid 657] close(28) = -1 EBADF (Bad file descriptor) [pid 657] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 657] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 657] exit_group(0) = ? [pid 657] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./47/binderfs") = 0 [pid 381] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./47/cgroup") = 0 [pid 381] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./47/cgroup.net") = 0 [pid 381] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./47/file0") = 0 [pid 381] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./47/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./47") = 0 [pid 381] mkdir("./48", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 667 attached , child_tidptr=0x555556fab5d0) = 50 [pid 667] chdir("./48") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 667] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 667] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 667] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 667] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 667] open("./file0", O_RDONLY) = 3 [pid 667] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 158.861301][ T657] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 158.869255][ T657] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 158.877204][ T657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 158.885158][ T657] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [ 158.893505][ T657] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 158.930423][ T659] FAULT_INJECTION: forcing a failure. [ 158.930423][ T659] name failslab, interval 1, probability 0, space 0, times 0 [ 158.943110][ T659] CPU: 0 PID: 659 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 158.954815][ T659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.964873][ T659] Call Trace: [ 158.968145][ T659] dump_stack_lvl+0x1e2/0x24b [ 158.972803][ T659] ? bfq_pos_tree_add_move+0x43e/0x43e [ 158.978248][ T659] ? selinux_kernfs_init_security+0x1a8/0x760 [ 158.984297][ T659] dump_stack+0x15/0x17 [ 158.988440][ T659] should_fail+0x3c0/0x510 [ 158.992930][ T659] ? __kernfs_new_node+0x99/0x6e0 [ 158.997940][ T659] __should_failslab+0x9f/0xe0 [ 159.002691][ T659] should_failslab+0x9/0x20 [ 159.007171][ T659] __kmalloc_track_caller+0x5f/0x350 [ 159.012438][ T659] kstrdup_const+0x55/0x90 [ 159.016852][ T659] __kernfs_new_node+0x99/0x6e0 [ 159.021693][ T659] ? is_module_text_address+0xe1/0x140 [ 159.027132][ T659] ? kernfs_new_node+0x170/0x170 [ 159.032057][ T659] ? ptr_to_hashval+0x60/0x60 [ 159.036715][ T659] ? arch_stack_walk+0xf8/0x140 [ 159.041557][ T659] ? snprintf+0xd6/0x120 [ 159.045794][ T659] kernfs_new_node+0x97/0x170 [ 159.050458][ T659] __kernfs_create_file+0x4a/0x270 [ 159.055552][ T659] cgroup_addrm_files+0xab8/0xfe0 [ 159.060552][ T659] ? ____kasan_kmalloc+0xdc/0x110 [ 159.065559][ T659] ? __kasan_kmalloc+0x9/0x10 [ 159.070230][ T659] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 159.075761][ T659] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 159.081906][ T659] ? delete_node+0x759/0x7b0 [ 159.086479][ T659] ? __kasan_check_read+0x11/0x20 [ 159.091476][ T659] ? delete_node+0x759/0x7b0 [ 159.096044][ T659] ? __kasan_check_write+0x14/0x20 [ 159.101145][ T659] ? idr_replace+0x1c4/0x230 [ 159.105713][ T659] ? idr_get_next+0x4b0/0x4b0 [ 159.110365][ T659] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 159.115364][ T659] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 159.120540][ T659] css_populate_dir+0x137/0x370 [ 159.125367][ T659] cgroup_apply_control_enable+0x8b9/0x12f0 [ 159.131236][ T659] cgroup_apply_control+0x93/0x710 [ 159.136335][ T659] ? css_next_child+0x160/0x160 [ 159.141168][ T659] ? stack_trace_save+0x12d/0x1f0 [ 159.146167][ T659] ? io_schedule+0x120/0x120 [ 159.150734][ T659] ? kernfs_fop_write_iter+0x15e/0x410 [ 159.156167][ T659] ? __kasan_check_write+0x14/0x20 [ 159.161260][ T659] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 159.166532][ T659] cgroup_subtree_control_write+0xd19/0x1310 [ 159.172487][ T659] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 159.178440][ T659] ? __kasan_check_write+0x14/0x20 [ 159.183532][ T659] ? _copy_from_iter+0x3fb/0xd60 [ 159.188452][ T659] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 159.194408][ T659] cgroup_file_write+0x28e/0x590 [ 159.199318][ T659] ? cgroup_seqfile_stop+0xc0/0xc0 [ 159.204409][ T659] ? mutex_lock+0xa6/0x110 [ 159.208820][ T659] ? mutex_trylock+0xb0/0xb0 [ 159.213396][ T659] ? __kasan_check_write+0x14/0x20 [ 159.218483][ T659] kernfs_fop_write_iter+0x2d0/0x410 [ 159.223740][ T659] ? cgroup_seqfile_stop+0xc0/0xc0 [ 159.228849][ T659] vfs_write+0xc1c/0xf40 [ 159.233080][ T659] ? __kasan_check_write+0x14/0x20 [ 159.238174][ T659] ? kernel_write+0x3c0/0x3c0 [ 159.242824][ T659] ? _raw_spin_unlock_irq+0x4e/0x70 [ 159.248003][ T659] ? ptrace_stop+0x6ff/0x9f0 [ 159.252586][ T659] ? __kasan_check_read+0x11/0x20 [ 159.257594][ T659] ? __fdget_pos+0x27e/0x310 [ 159.262164][ T659] ksys_write+0x198/0x2c0 [ 159.266555][ T659] ? do_notify_parent+0xa60/0xa60 [ 159.271562][ T659] ? __ia32_sys_read+0x90/0x90 [ 159.276308][ T659] ? __ia32_sys_open+0x270/0x270 [ 159.281219][ T659] __x64_sys_write+0x7b/0x90 [ 159.285796][ T659] do_syscall_64+0x34/0x70 [ 159.290206][ T659] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 159.296091][ T659] RIP: 0033:0x7fc8ece62c09 [ 159.300496][ T659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.320090][ T659] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 667] write(4, "-pids ", 6 [pid 659] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 659] close(3) = 0 [pid 659] close(4) = 0 [pid 659] close(5) = 0 [pid 659] close(6) = -1 EBADF (Bad file descriptor) [pid 659] close(7) = -1 EBADF (Bad file descriptor) [pid 659] close(8) = -1 EBADF (Bad file descriptor) [pid 659] close(9) = -1 EBADF (Bad file descriptor) [pid 659] close(10) = -1 EBADF (Bad file descriptor) [pid 659] close(11) = -1 EBADF (Bad file descriptor) [pid 659] close(12) = -1 EBADF (Bad file descriptor) [pid 659] close(13) = -1 EBADF (Bad file descriptor) [pid 659] close(14) = -1 EBADF (Bad file descriptor) [pid 659] close(15) = -1 EBADF (Bad file descriptor) [pid 659] close(16) = -1 EBADF (Bad file descriptor) [pid 659] close(17) = -1 EBADF (Bad file descriptor) [pid 659] close(18) = -1 EBADF (Bad file descriptor) [pid 659] close(19) = -1 EBADF (Bad file descriptor) [pid 659] close(20) = -1 EBADF (Bad file descriptor) [pid 659] close(21) = -1 EBADF (Bad file descriptor) [pid 659] close(22) = -1 EBADF (Bad file descriptor) [pid 659] close(23) = -1 EBADF (Bad file descriptor) [pid 659] close(24) = -1 EBADF (Bad file descriptor) [pid 659] close(25) = -1 EBADF (Bad file descriptor) [pid 659] close(26) = -1 EBADF (Bad file descriptor) [pid 659] close(27) = -1 EBADF (Bad file descriptor) [pid 659] close(28) = -1 EBADF (Bad file descriptor) [pid 659] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 659] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 659] exit_group(0) = ? [pid 659] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./44/binderfs") = 0 [pid 376] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./44/cgroup") = 0 [pid 376] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./44/cgroup.net") = 0 [pid 376] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./44/file0") = 0 [pid 376] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./44/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./44") = 0 [pid 376] mkdir("./45", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 668 attached [pid 668] chdir("./45") = 0 [pid 668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 668] setpgid(0, 0) = 0 [pid 668] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 47 [pid 668] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 668] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 668] write(3, "1000", 4) = 4 [pid 668] close(3) = 0 [pid 668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 668] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 668] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 668] open("./file0", O_RDONLY) = 3 [pid 668] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 159.328578][ T659] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 159.336522][ T659] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 159.344474][ T659] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 159.352421][ T659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 159.360376][ T659] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 159.370791][ T659] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 159.410505][ T664] FAULT_INJECTION: forcing a failure. [ 159.410505][ T664] name failslab, interval 1, probability 0, space 0, times 0 [ 159.423194][ T664] CPU: 0 PID: 664 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 159.434803][ T664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.444841][ T664] Call Trace: [ 159.448115][ T664] dump_stack_lvl+0x1e2/0x24b [ 159.452809][ T664] ? panic+0x7d7/0x7d7 [ 159.456866][ T664] ? bfq_pos_tree_add_move+0x43e/0x43e [ 159.462315][ T664] ? find_next_bit+0xd6/0x120 [ 159.466979][ T664] ? cpumask_next+0x11/0x30 [ 159.471468][ T664] dump_stack+0x15/0x17 [ 159.475616][ T664] should_fail+0x3c0/0x510 [ 159.480013][ T664] ? percpu_ref_init+0xd0/0x330 [ 159.484855][ T664] __should_failslab+0x9f/0xe0 [ 159.489601][ T664] should_failslab+0x9/0x20 [ 159.494086][ T664] kmem_cache_alloc_trace+0x3a/0x330 [ 159.499364][ T664] percpu_ref_init+0xd0/0x330 [ 159.504026][ T664] ? cgroup_setup_root+0xea0/0xea0 [ 159.509120][ T664] cgroup_apply_control_enable+0x3a2/0x12f0 [ 159.514992][ T664] cgroup_apply_control+0x93/0x710 [ 159.520096][ T664] ? css_next_child+0x160/0x160 [ 159.525016][ T664] ? stack_trace_save+0x12d/0x1f0 [ 159.530026][ T664] ? io_schedule+0x120/0x120 [ 159.534599][ T664] ? kernfs_fop_write_iter+0x15e/0x410 [ 159.540048][ T664] ? __kasan_check_write+0x14/0x20 [ 159.545144][ T664] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 159.550413][ T664] cgroup_subtree_control_write+0xd19/0x1310 [ 159.556375][ T664] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 159.563725][ T664] ? __kasan_check_write+0x14/0x20 [ 159.568820][ T664] ? _copy_from_iter+0x3fb/0xd60 [ 159.573751][ T664] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 159.579709][ T664] cgroup_file_write+0x28e/0x590 [ 159.584631][ T664] ? cgroup_seqfile_stop+0xc0/0xc0 [ 159.589724][ T664] ? mutex_lock+0xa6/0x110 [ 159.594120][ T664] ? mutex_trylock+0xb0/0xb0 [ 159.598687][ T664] ? __kasan_check_write+0x14/0x20 [ 159.603777][ T664] kernfs_fop_write_iter+0x2d0/0x410 [ 159.609040][ T664] ? cgroup_seqfile_stop+0xc0/0xc0 [ 159.614130][ T664] vfs_write+0xc1c/0xf40 [ 159.618348][ T664] ? __kasan_check_write+0x14/0x20 [ 159.623438][ T664] ? kernel_write+0x3c0/0x3c0 [ 159.628091][ T664] ? _raw_spin_unlock_irq+0x4e/0x70 [ 159.633273][ T664] ? ptrace_stop+0x6ff/0x9f0 [ 159.637846][ T664] ? __kasan_check_read+0x11/0x20 [ 159.642849][ T664] ? __fdget_pos+0x27e/0x310 [ 159.647416][ T664] ksys_write+0x198/0x2c0 [ 159.651744][ T664] ? do_notify_parent+0xa60/0xa60 [ 159.656747][ T664] ? __ia32_sys_read+0x90/0x90 [ 159.661488][ T664] ? __ia32_sys_open+0x270/0x270 [ 159.666403][ T664] __x64_sys_write+0x7b/0x90 [ 159.670969][ T664] do_syscall_64+0x34/0x70 [ 159.675364][ T664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 159.681237][ T664] RIP: 0033:0x7fc8ece62c09 [ 159.685633][ T664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 668] write(4, "-pids ", 6 [pid 664] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 664] close(3) = 0 [pid 664] close(4) = 0 [pid 664] close(5) = 0 [pid 664] close(6) = -1 EBADF (Bad file descriptor) [pid 664] close(7) = -1 EBADF (Bad file descriptor) [pid 664] close(8) = -1 EBADF (Bad file descriptor) [pid 664] close(9) = -1 EBADF (Bad file descriptor) [pid 664] close(10) = -1 EBADF (Bad file descriptor) [pid 664] close(11) = -1 EBADF (Bad file descriptor) [pid 664] close(12) = -1 EBADF (Bad file descriptor) [pid 664] close(13) = -1 EBADF (Bad file descriptor) [pid 664] close(14) = -1 EBADF (Bad file descriptor) [pid 664] close(15) = -1 EBADF (Bad file descriptor) [pid 664] close(16) = -1 EBADF (Bad file descriptor) [pid 664] close(17) = -1 EBADF (Bad file descriptor) [pid 664] close(18) = -1 EBADF (Bad file descriptor) [pid 664] close(19) = -1 EBADF (Bad file descriptor) [pid 664] close(20) = -1 EBADF (Bad file descriptor) [pid 664] close(21) = -1 EBADF (Bad file descriptor) [pid 664] close(22) = -1 EBADF (Bad file descriptor) [pid 664] close(23) = -1 EBADF (Bad file descriptor) [pid 664] close(24) = -1 EBADF (Bad file descriptor) [pid 664] close(25) = -1 EBADF (Bad file descriptor) [pid 664] close(26) = -1 EBADF (Bad file descriptor) [pid 664] close(27) = -1 EBADF (Bad file descriptor) [pid 664] close(28) = -1 EBADF (Bad file descriptor) [pid 664] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 664] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 664] exit_group(0) = ? [pid 664] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=45, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./43/binderfs") = 0 [pid 380] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./43/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./43/cgroup") = 0 [pid 380] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./43/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./43/cgroup.net") = 0 [pid 380] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./43/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./43/file0") = 0 [pid 380] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./43/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./43") = 0 [pid 380] mkdir("./44", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 669 attached [pid 669] chdir("./44" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 46 [pid 669] <... chdir resumed>) = 0 [pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 669] setpgid(0, 0) = 0 [pid 669] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 669] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 669] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 669] write(3, "1000", 4) = 4 [pid 669] close(3) = 0 [pid 669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 669] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 669] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 159.705230][ T664] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.713631][ T664] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 159.721581][ T664] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 159.729534][ T664] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 159.737483][ T664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 159.745432][ T664] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [pid 669] open("./file0", O_RDONLY) = 3 [pid 669] openat(3, "cgroup.subtree_control", O_RDWR [pid 667] <... write resumed>) = 6 [pid 668] <... write resumed>) = 6 [pid 669] <... openat resumed>) = 4 [pid 669] write(4, "-pids ", 6 [pid 668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 668] <... openat resumed>) = 5 [pid 667] <... openat resumed>) = 5 [pid 668] write(5, "22", 2 [pid 667] write(5, "22", 2 [pid 668] <... write resumed>) = 2 [pid 667] <... write resumed>) = 2 [pid 668] write(4, "+pids ", 6 [ 159.780463][ T663] FAULT_INJECTION: forcing a failure. [ 159.780463][ T663] name failslab, interval 1, probability 0, space 0, times 0 [ 159.793487][ T663] CPU: 0 PID: 663 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 159.805116][ T663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.815159][ T663] Call Trace: [ 159.818445][ T663] dump_stack_lvl+0x1e2/0x24b [ 159.823120][ T663] ? bfq_pos_tree_add_move+0x43e/0x43e [ 159.828570][ T663] ? selinux_kernfs_init_security+0x1a8/0x760 [ 159.834626][ T663] dump_stack+0x15/0x17 [ 159.838775][ T663] should_fail+0x3c0/0x510 [ 159.843168][ T663] ? __kernfs_new_node+0x99/0x6e0 [ 159.848187][ T663] __should_failslab+0x9f/0xe0 [ 159.852947][ T663] should_failslab+0x9/0x20 [ 159.857438][ T663] __kmalloc_track_caller+0x5f/0x350 [ 159.862700][ T663] kstrdup_const+0x55/0x90 [ 159.867101][ T663] __kernfs_new_node+0x99/0x6e0 [ 159.871931][ T663] ? is_module_text_address+0xe1/0x140 [ 159.877462][ T663] ? kernfs_new_node+0x170/0x170 [ 159.882379][ T663] ? ptr_to_hashval+0x60/0x60 [ 159.887036][ T663] ? arch_stack_walk+0xf8/0x140 [ 159.891867][ T663] ? snprintf+0xd6/0x120 [ 159.896084][ T663] kernfs_new_node+0x97/0x170 [ 159.900739][ T663] __kernfs_create_file+0x4a/0x270 [ 159.905831][ T663] cgroup_addrm_files+0xab8/0xfe0 [ 159.910831][ T663] ? ____kasan_kmalloc+0xdc/0x110 [ 159.915829][ T663] ? __kasan_kmalloc+0x9/0x10 [ 159.920479][ T663] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 159.926000][ T663] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 159.932130][ T663] ? delete_node+0x759/0x7b0 [ 159.936693][ T663] ? __kasan_check_read+0x11/0x20 [ 159.941693][ T663] ? delete_node+0x759/0x7b0 [ 159.946352][ T663] ? __kasan_check_write+0x14/0x20 [ 159.951444][ T663] ? idr_replace+0x1c4/0x230 [ 159.956011][ T663] ? idr_get_next+0x4b0/0x4b0 [ 159.960679][ T663] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 159.965692][ T663] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 159.970881][ T663] css_populate_dir+0x137/0x370 [ 159.975717][ T663] cgroup_apply_control_enable+0x8b9/0x12f0 [ 159.981596][ T663] cgroup_apply_control+0x93/0x710 [ 159.986699][ T663] ? css_next_child+0x160/0x160 [ 159.991537][ T663] ? stack_trace_save+0x12d/0x1f0 [ 159.996547][ T663] ? io_schedule+0x120/0x120 [ 160.001112][ T663] ? kernfs_fop_write_iter+0x15e/0x410 [ 160.006542][ T663] ? __kasan_check_write+0x14/0x20 [ 160.011628][ T663] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 160.016888][ T663] cgroup_subtree_control_write+0xd19/0x1310 [ 160.022847][ T663] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.028805][ T663] ? __kasan_check_write+0x14/0x20 [ 160.033895][ T663] ? _copy_from_iter+0x3fb/0xd60 [ 160.038822][ T663] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.044783][ T663] cgroup_file_write+0x28e/0x590 [ 160.049700][ T663] ? cgroup_seqfile_stop+0xc0/0xc0 [ 160.054789][ T663] ? mutex_lock+0xa6/0x110 [ 160.059188][ T663] ? mutex_trylock+0xb0/0xb0 [ 160.063763][ T663] ? __kasan_check_write+0x14/0x20 [ 160.068856][ T663] kernfs_fop_write_iter+0x2d0/0x410 [ 160.074118][ T663] ? cgroup_seqfile_stop+0xc0/0xc0 [ 160.079211][ T663] vfs_write+0xc1c/0xf40 [ 160.083437][ T663] ? __kasan_check_write+0x14/0x20 [ 160.088550][ T663] ? kernel_write+0x3c0/0x3c0 [ 160.093221][ T663] ? _raw_spin_unlock_irq+0x4e/0x70 [ 160.098398][ T663] ? ptrace_stop+0x6ff/0x9f0 [ 160.102980][ T663] ? __kasan_check_read+0x11/0x20 [ 160.107997][ T663] ? __fdget_pos+0x27e/0x310 [ 160.112568][ T663] ksys_write+0x198/0x2c0 [ 160.116875][ T663] ? do_notify_parent+0xa60/0xa60 [ 160.121877][ T663] ? __ia32_sys_read+0x90/0x90 [ 160.126616][ T663] ? __ia32_sys_open+0x270/0x270 [ 160.131528][ T663] __x64_sys_write+0x7b/0x90 [ 160.136103][ T663] do_syscall_64+0x34/0x70 [ 160.140505][ T663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 160.146374][ T663] RIP: 0033:0x7fc8ece62c09 [ 160.150769][ T663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.170358][ T663] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 667] write(4, "+pids ", 6 [pid 663] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 663] close(3) = 0 [pid 663] close(4) = 0 [pid 663] close(5) = 0 [pid 663] close(6) = -1 EBADF (Bad file descriptor) [pid 663] close(7) = -1 EBADF (Bad file descriptor) [pid 663] close(8) = -1 EBADF (Bad file descriptor) [pid 663] close(9) = -1 EBADF (Bad file descriptor) [pid 663] close(10) = -1 EBADF (Bad file descriptor) [pid 663] close(11) = -1 EBADF (Bad file descriptor) [pid 663] close(12) = -1 EBADF (Bad file descriptor) [pid 663] close(13) = -1 EBADF (Bad file descriptor) [pid 663] close(14) = -1 EBADF (Bad file descriptor) [pid 663] close(15) = -1 EBADF (Bad file descriptor) [pid 663] close(16) = -1 EBADF (Bad file descriptor) [pid 663] close(17) = -1 EBADF (Bad file descriptor) [pid 663] close(18) = -1 EBADF (Bad file descriptor) [pid 663] close(19) = -1 EBADF (Bad file descriptor) [pid 663] close(20) = -1 EBADF (Bad file descriptor) [pid 663] close(21) = -1 EBADF (Bad file descriptor) [pid 663] close(22) = -1 EBADF (Bad file descriptor) [pid 663] close(23) = -1 EBADF (Bad file descriptor) [pid 663] close(24) = -1 EBADF (Bad file descriptor) [pid 663] close(25) = -1 EBADF (Bad file descriptor) [pid 663] close(26) = -1 EBADF (Bad file descriptor) [pid 663] close(27) = -1 EBADF (Bad file descriptor) [pid 663] close(28) = -1 EBADF (Bad file descriptor) [pid 663] close(29) = -1 EBADF (Bad file descriptor) [pid 663] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 663] exit_group(0) = ? [pid 663] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./51/binderfs") = 0 [pid 375] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./51/cgroup") = 0 [pid 375] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./51/cgroup.net") = 0 [pid 375] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 160.178747][ T663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 160.186692][ T663] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 160.194640][ T663] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 160.202585][ T663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 160.210535][ T663] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [ 160.221168][ T663] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./51/file0") = 0 [pid 375] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./51/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./51") = 0 [pid 375] mkdir("./52", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 670 attached [pid 670] chdir("./52" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 54 [pid 670] <... chdir resumed>) = 0 [pid 670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 670] setpgid(0, 0) = 0 [pid 670] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 670] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 160.250428][ T665] FAULT_INJECTION: forcing a failure. [ 160.250428][ T665] name failslab, interval 1, probability 0, space 0, times 0 [ 160.263624][ T665] CPU: 0 PID: 665 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 160.275246][ T665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.285299][ T665] Call Trace: [ 160.288571][ T665] dump_stack_lvl+0x1e2/0x24b [ 160.293227][ T665] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 670] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 670] write(3, "1000", 4) = 4 [pid 670] close(3) = 0 [pid 670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 670] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 160.298663][ T665] ? selinux_kernfs_init_security+0x1a8/0x760 [ 160.304709][ T665] dump_stack+0x15/0x17 [ 160.308848][ T665] should_fail+0x3c0/0x510 [ 160.313245][ T665] ? __kernfs_new_node+0x99/0x6e0 [ 160.318248][ T665] __should_failslab+0x9f/0xe0 [ 160.322997][ T665] should_failslab+0x9/0x20 [ 160.327497][ T665] __kmalloc_track_caller+0x5f/0x350 [ 160.332772][ T665] kstrdup_const+0x55/0x90 [ 160.337180][ T665] __kernfs_new_node+0x99/0x6e0 [ 160.342005][ T665] ? is_module_text_address+0xe1/0x140 [ 160.347441][ T665] ? kernfs_new_node+0x170/0x170 [ 160.352365][ T665] ? ptr_to_hashval+0x60/0x60 [ 160.357024][ T665] ? arch_stack_walk+0xf8/0x140 [ 160.361849][ T665] ? snprintf+0xd6/0x120 [ 160.366068][ T665] kernfs_new_node+0x97/0x170 [ 160.370719][ T665] __kernfs_create_file+0x4a/0x270 [ 160.375816][ T665] cgroup_addrm_files+0xab8/0xfe0 [ 160.380822][ T665] ? ____kasan_kmalloc+0xdc/0x110 [ 160.385829][ T665] ? __kasan_kmalloc+0x9/0x10 [ 160.390483][ T665] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 160.396006][ T665] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 160.402141][ T665] ? delete_node+0x759/0x7b0 [ 160.406717][ T665] ? __kasan_check_read+0x11/0x20 [ 160.411717][ T665] ? delete_node+0x759/0x7b0 [ 160.416281][ T665] ? __kasan_check_write+0x14/0x20 [ 160.421368][ T665] ? idr_replace+0x1c4/0x230 [ 160.425939][ T665] ? idr_get_next+0x4b0/0x4b0 [ 160.430598][ T665] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 160.435602][ T665] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 160.440781][ T665] css_populate_dir+0x137/0x370 [ 160.445622][ T665] cgroup_apply_control_enable+0x8b9/0x12f0 [ 160.451505][ T665] cgroup_apply_control+0x93/0x710 [ 160.456603][ T665] ? css_next_child+0x160/0x160 [ 160.461437][ T665] ? io_schedule+0x120/0x120 [ 160.466011][ T665] ? kernfs_fop_write_iter+0x15e/0x410 [ 160.471453][ T665] ? __kasan_check_write+0x14/0x20 [ 160.476541][ T665] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 160.481804][ T665] cgroup_subtree_control_write+0xd19/0x1310 [ 160.487758][ T665] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.493713][ T665] ? __kasan_check_write+0x14/0x20 [ 160.498804][ T665] ? _copy_from_iter+0x3fb/0xd60 [ 160.503717][ T665] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.509678][ T665] cgroup_file_write+0x28e/0x590 [ 160.514600][ T665] ? cgroup_seqfile_stop+0xc0/0xc0 [ 160.519695][ T665] ? mutex_lock+0xa6/0x110 [ 160.524087][ T665] ? mutex_trylock+0xb0/0xb0 [ 160.528651][ T665] ? __kasan_check_write+0x14/0x20 [ 160.533744][ T665] kernfs_fop_write_iter+0x2d0/0x410 [ 160.539011][ T665] ? cgroup_seqfile_stop+0xc0/0xc0 [ 160.544110][ T665] vfs_write+0xc1c/0xf40 [ 160.548348][ T665] ? __kasan_check_write+0x14/0x20 [ 160.553447][ T665] ? kernel_write+0x3c0/0x3c0 [ 160.558094][ T665] ? _raw_spin_unlock_irq+0x4e/0x70 [ 160.563273][ T665] ? ptrace_stop+0x6ff/0x9f0 [ 160.567847][ T665] ? __kasan_check_read+0x11/0x20 [ 160.572846][ T665] ? __fdget_pos+0x27e/0x310 [ 160.577413][ T665] ksys_write+0x198/0x2c0 [ 160.581722][ T665] ? do_notify_parent+0xa60/0xa60 [ 160.586734][ T665] ? __ia32_sys_read+0x90/0x90 [ 160.591482][ T665] ? __ia32_sys_open+0x270/0x270 [ 160.596391][ T665] __x64_sys_write+0x7b/0x90 [ 160.600956][ T665] do_syscall_64+0x34/0x70 [ 160.605348][ T665] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 160.611216][ T665] RIP: 0033:0x7fc8ece62c09 [ 160.615609][ T665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 160.635187][ T665] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 160.643581][ T665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 670] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 665] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 670] <... mount resumed>) = 0 [pid 670] open("./file0", O_RDONLY [pid 665] close(3 [pid 670] <... open resumed>) = 3 [pid 665] <... close resumed>) = 0 [pid 670] openat(3, "cgroup.subtree_control", O_RDWR [pid 665] close(4 [pid 670] <... openat resumed>) = 4 [pid 665] <... close resumed>) = 0 [pid 670] write(4, "-pids ", 6 [pid 665] close(5) = 0 [pid 665] close(6) = -1 EBADF (Bad file descriptor) [pid 665] close(7) = -1 EBADF (Bad file descriptor) [pid 665] close(8) = -1 EBADF (Bad file descriptor) [pid 665] close(9) = -1 EBADF (Bad file descriptor) [pid 665] close(10) = -1 EBADF (Bad file descriptor) [pid 665] close(11) = -1 EBADF (Bad file descriptor) [pid 665] close(12) = -1 EBADF (Bad file descriptor) [pid 665] close(13) = -1 EBADF (Bad file descriptor) [pid 665] close(14) = -1 EBADF (Bad file descriptor) [pid 665] close(15) = -1 EBADF (Bad file descriptor) [pid 665] close(16) = -1 EBADF (Bad file descriptor) [pid 665] close(17) = -1 EBADF (Bad file descriptor) [pid 665] close(18) = -1 EBADF (Bad file descriptor) [pid 665] close(19) = -1 EBADF (Bad file descriptor) [pid 665] close(20) = -1 EBADF (Bad file descriptor) [pid 665] close(21) = -1 EBADF (Bad file descriptor) [pid 665] close(22) = -1 EBADF (Bad file descriptor) [pid 665] close(23) = -1 EBADF (Bad file descriptor) [pid 665] close(24) = -1 EBADF (Bad file descriptor) [pid 665] close(25) = -1 EBADF (Bad file descriptor) [pid 665] close(26) = -1 EBADF (Bad file descriptor) [pid 665] close(27) = -1 EBADF (Bad file descriptor) [pid 665] close(28) = -1 EBADF (Bad file descriptor) [pid 665] close(29) = -1 EBADF (Bad file descriptor) [pid 665] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 665] exit_group(0) = ? [pid 665] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=42, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 160.651539][ T665] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 160.659490][ T665] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 160.667447][ T665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 160.675400][ T665] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000028 [ 160.685752][ T665] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 383] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./40/binderfs") = 0 [pid 383] umount2("./40/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./40/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./40/cgroup") = 0 [pid 383] umount2("./40/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./40/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./40/cgroup.net") = 0 [ 160.710459][ T667] FAULT_INJECTION: forcing a failure. [ 160.710459][ T667] name failslab, interval 1, probability 0, space 0, times 0 [ 160.723374][ T667] CPU: 1 PID: 667 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 160.734988][ T667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.745038][ T667] Call Trace: [ 160.748398][ T667] dump_stack_lvl+0x1e2/0x24b [ 160.753060][ T667] ? bfq_pos_tree_add_move+0x43e/0x43e [ 160.758503][ T667] ? selinux_kernfs_init_security+0x1a8/0x760 [ 160.764550][ T667] dump_stack+0x15/0x17 [ 160.768688][ T667] should_fail+0x3c0/0x510 [ 160.773090][ T667] ? __kernfs_new_node+0x99/0x6e0 [ 160.778202][ T667] __should_failslab+0x9f/0xe0 [ 160.782948][ T667] should_failslab+0x9/0x20 [ 160.787438][ T667] __kmalloc_track_caller+0x5f/0x350 [ 160.792699][ T667] kstrdup_const+0x55/0x90 [ 160.797089][ T667] __kernfs_new_node+0x99/0x6e0 [ 160.801926][ T667] ? is_module_text_address+0xe1/0x140 [ 160.807358][ T667] ? kernfs_new_node+0x170/0x170 [ 160.812271][ T667] ? ptr_to_hashval+0x60/0x60 [ 160.816923][ T667] ? arch_stack_walk+0xf8/0x140 [ 160.821755][ T667] ? snprintf+0xd6/0x120 [ 160.825982][ T667] kernfs_new_node+0x97/0x170 [ 160.830645][ T667] __kernfs_create_file+0x4a/0x270 [ 160.835752][ T667] cgroup_addrm_files+0xab8/0xfe0 [ 160.840760][ T667] ? ____kasan_kmalloc+0xdc/0x110 [ 160.845757][ T667] ? __kasan_kmalloc+0x9/0x10 [ 160.850412][ T667] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 160.855930][ T667] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 160.862056][ T667] ? delete_node+0x759/0x7b0 [ 160.866632][ T667] ? __kasan_check_read+0x11/0x20 [ 160.871640][ T667] ? delete_node+0x759/0x7b0 [ 160.876204][ T667] ? __kasan_check_write+0x14/0x20 [ 160.881291][ T667] ? idr_replace+0x1c4/0x230 [ 160.885860][ T667] ? idr_get_next+0x4b0/0x4b0 [ 160.890522][ T667] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 160.895521][ T667] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 160.900720][ T667] css_populate_dir+0x137/0x370 [ 160.905548][ T667] cgroup_apply_control_enable+0x8b9/0x12f0 [ 160.911416][ T667] cgroup_apply_control+0x93/0x710 [ 160.916501][ T667] ? css_next_child+0x160/0x160 [ 160.921322][ T667] ? stack_trace_save+0x12d/0x1f0 [ 160.926321][ T667] ? io_schedule+0x120/0x120 [ 160.931030][ T667] ? kernfs_fop_write_iter+0x15e/0x410 [ 160.936469][ T667] ? __kasan_check_write+0x14/0x20 [ 160.941553][ T667] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 160.946811][ T667] cgroup_subtree_control_write+0xd19/0x1310 [ 160.952774][ T667] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.958742][ T667] ? __kasan_check_write+0x14/0x20 [ 160.963828][ T667] ? _copy_from_iter+0x3fb/0xd60 [ 160.968743][ T667] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 160.974703][ T667] cgroup_file_write+0x28e/0x590 [ 160.979635][ T667] ? cgroup_seqfile_stop+0xc0/0xc0 [ 160.984747][ T667] ? mutex_lock+0xa6/0x110 [ 160.989144][ T667] ? mutex_trylock+0xb0/0xb0 [ 160.993713][ T667] ? __kasan_check_write+0x14/0x20 [ 160.998813][ T667] kernfs_fop_write_iter+0x2d0/0x410 [ 161.004086][ T667] ? cgroup_seqfile_stop+0xc0/0xc0 [ 161.009199][ T667] vfs_write+0xc1c/0xf40 [ 161.013424][ T667] ? __kasan_check_write+0x14/0x20 [ 161.018508][ T667] ? kernel_write+0x3c0/0x3c0 [ 161.023156][ T667] ? _raw_spin_unlock_irq+0x4e/0x70 [ 161.028340][ T667] ? ptrace_stop+0x6ff/0x9f0 [ 161.032914][ T667] ? __kasan_check_read+0x11/0x20 [ 161.037912][ T667] ? __fdget_pos+0x27e/0x310 [ 161.042483][ T667] ksys_write+0x198/0x2c0 [ 161.046801][ T667] ? do_notify_parent+0xa60/0xa60 [ 161.051868][ T667] ? __ia32_sys_read+0x90/0x90 [ 161.056614][ T667] ? __ia32_sys_open+0x270/0x270 [ 161.061669][ T667] __x64_sys_write+0x7b/0x90 [ 161.066237][ T667] do_syscall_64+0x34/0x70 [ 161.070638][ T667] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 161.076503][ T667] RIP: 0033:0x7fc8ece62c09 [ 161.080891][ T667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.100471][ T667] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 383] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 667] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 383] <... umount2 resumed>) = 0 [pid 667] close(3 [pid 383] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 667] <... close resumed>) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./40/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./40/file0") = 0 [pid 667] close(4 [pid 383] umount2("./40/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./40/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./40/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./40") = 0 [pid 667] <... close resumed>) = 0 [pid 383] mkdir("./41", 0777 [pid 667] close(5 [pid 383] <... mkdir resumed>) = 0 [pid 667] <... close resumed>) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 671 attached [pid 667] close(6 [pid 671] chdir("./41" [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 43 [pid 671] <... chdir resumed>) = 0 [pid 667] close(7 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] <... prctl resumed>) = 0 [pid 667] close(8 [pid 671] setpgid(0, 0 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] <... setpgid resumed>) = 0 [pid 667] close(9) = -1 EBADF (Bad file descriptor) [pid 667] close(10) = -1 EBADF (Bad file descriptor) [pid 667] close(11 [pid 671] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 667] close(12) = -1 EBADF (Bad file descriptor) [pid 667] close(13) = -1 EBADF (Bad file descriptor) [pid 667] close(14) = -1 EBADF (Bad file descriptor) [pid 667] close(15 [pid 671] <... symlink resumed>) = 0 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 667] close(16) = -1 EBADF (Bad file descriptor) [pid 667] close(17) = -1 EBADF (Bad file descriptor) [pid 667] close(18) = -1 EBADF (Bad file descriptor) [pid 667] close(19 [pid 671] <... symlink resumed>) = 0 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 667] close(20) = -1 EBADF (Bad file descriptor) [pid 667] close(21 [pid 671] <... symlink resumed>) = 0 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 667] close(22 [pid 671] <... openat resumed>) = 3 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] write(3, "1000", 4 [pid 667] close(23 [pid 671] <... write resumed>) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs" [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 667] close(24) = -1 EBADF (Bad file descriptor) [pid 667] close(25) = -1 EBADF (Bad file descriptor) [pid 667] close(26write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 671] <... symlink resumed>) = 0 [pid 667] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 671] mkdirat(AT_FDCWD, "./file0", 000 [pid 667] close(27) = -1 EBADF (Bad file descriptor) [pid 667] close(28) = -1 EBADF (Bad file descriptor) [pid 667] close(29) = -1 EBADF (Bad file descriptor) [pid 667] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 671] <... mkdirat resumed>) = 0 [pid 667] <... write resumed>) = 89 [pid 671] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 667] exit_group(0) = ? [pid 671] <... mount resumed>) = 0 [pid 667] +++ exited with 0 +++ [pid 671] open("./file0", O_RDONLY [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 671] <... open resumed>) = 3 [pid 671] openat(3, "cgroup.subtree_control", O_RDWR [pid 381] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 671] <... openat resumed>) = 4 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 671] write(4, "-pids ", 6 [pid 381] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./48/binderfs") = 0 [pid 381] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./48/cgroup") = 0 [pid 381] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./48/cgroup.net") = 0 [pid 381] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [ 161.108861][ T667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 161.116807][ T667] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 161.124764][ T667] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 161.132720][ T667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 161.140665][ T667] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [ 161.148769][ T667] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] close(4) = 0 [pid 381] rmdir("./48/file0") = 0 [pid 381] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./48/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./48") = 0 [pid 381] mkdir("./49", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 51 ./strace-static-x86_64: Process 672 attached [pid 672] chdir("./49") = 0 [pid 672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 672] setpgid(0, 0) = 0 [pid 672] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 672] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 672] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 672] write(3, "1000", 4) = 4 [pid 672] close(3) = 0 [pid 672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 672] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 161.180451][ T668] FAULT_INJECTION: forcing a failure. [ 161.180451][ T668] name failslab, interval 1, probability 0, space 0, times 0 [ 161.193130][ T668] CPU: 0 PID: 668 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 161.204758][ T668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.214800][ T668] Call Trace: [ 161.218081][ T668] dump_stack_lvl+0x1e2/0x24b [ 161.222765][ T668] ? bfq_pos_tree_add_move+0x43e/0x43e [ 161.228230][ T668] ? selinux_kernfs_init_security+0x1a8/0x760 [ 161.234287][ T668] dump_stack+0x15/0x17 [ 161.238427][ T668] should_fail+0x3c0/0x510 [ 161.242829][ T668] ? __kernfs_new_node+0x99/0x6e0 [ 161.247825][ T668] __should_failslab+0x9f/0xe0 [ 161.252572][ T668] should_failslab+0x9/0x20 [ 161.257065][ T668] __kmalloc_track_caller+0x5f/0x350 [ 161.262349][ T668] kstrdup_const+0x55/0x90 [ 161.266754][ T668] __kernfs_new_node+0x99/0x6e0 [ 161.271595][ T668] ? is_module_text_address+0xe1/0x140 [ 161.277032][ T668] ? kernfs_new_node+0x170/0x170 [ 161.281958][ T668] ? ptr_to_hashval+0x60/0x60 [ 161.286626][ T668] ? arch_stack_walk+0xf8/0x140 [ 161.291460][ T668] ? snprintf+0xd6/0x120 [ 161.295685][ T668] kernfs_new_node+0x97/0x170 [ 161.300339][ T668] __kernfs_create_file+0x4a/0x270 [ 161.305427][ T668] cgroup_addrm_files+0xab8/0xfe0 [ 161.310444][ T668] ? ____kasan_kmalloc+0xdc/0x110 [ 161.315463][ T668] ? __kasan_kmalloc+0x9/0x10 [ 161.320152][ T668] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 161.325693][ T668] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 161.331845][ T668] ? delete_node+0x759/0x7b0 [ 161.336425][ T668] ? __kasan_check_read+0x11/0x20 [ 161.341429][ T668] ? delete_node+0x759/0x7b0 [ 161.346003][ T668] ? __kasan_check_write+0x14/0x20 [ 161.351108][ T668] ? idr_replace+0x1c4/0x230 [ 161.355775][ T668] ? idr_get_next+0x4b0/0x4b0 [ 161.360432][ T668] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 161.365437][ T668] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 161.370617][ T668] css_populate_dir+0x137/0x370 [ 161.375459][ T668] cgroup_apply_control_enable+0x8b9/0x12f0 [ 161.381338][ T668] cgroup_apply_control+0x93/0x710 [ 161.386425][ T668] ? css_next_child+0x160/0x160 [ 161.391264][ T668] ? stack_trace_save+0x12d/0x1f0 [ 161.396274][ T668] ? io_schedule+0x120/0x120 [ 161.400838][ T668] ? kernfs_fop_write_iter+0x15e/0x410 [ 161.406276][ T668] ? __kasan_check_write+0x14/0x20 [ 161.411377][ T668] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 161.416653][ T668] cgroup_subtree_control_write+0xd19/0x1310 [ 161.422618][ T668] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 161.428581][ T668] ? __kasan_check_write+0x14/0x20 [ 161.433691][ T668] ? _copy_from_iter+0x3fb/0xd60 [ 161.438749][ T668] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 161.444717][ T668] cgroup_file_write+0x28e/0x590 [ 161.449632][ T668] ? cgroup_seqfile_stop+0xc0/0xc0 [ 161.454721][ T668] ? mutex_lock+0xa6/0x110 [ 161.459112][ T668] ? mutex_trylock+0xb0/0xb0 [ 161.463688][ T668] ? __kasan_check_write+0x14/0x20 [ 161.468790][ T668] kernfs_fop_write_iter+0x2d0/0x410 [ 161.474075][ T668] ? cgroup_seqfile_stop+0xc0/0xc0 [ 161.479177][ T668] vfs_write+0xc1c/0xf40 [ 161.483401][ T668] ? __kasan_check_write+0x14/0x20 [ 161.488484][ T668] ? kernel_write+0x3c0/0x3c0 [ 161.493133][ T668] ? _raw_spin_unlock_irq+0x4e/0x70 [ 161.498310][ T668] ? ptrace_stop+0x6ff/0x9f0 [ 161.502890][ T668] ? __kasan_check_read+0x11/0x20 [ 161.507890][ T668] ? __fdget_pos+0x27e/0x310 [ 161.512455][ T668] ksys_write+0x198/0x2c0 [ 161.516759][ T668] ? do_notify_parent+0xa60/0xa60 [ 161.521767][ T668] ? __ia32_sys_read+0x90/0x90 [ 161.526525][ T668] ? __ia32_sys_open+0x270/0x270 [ 161.531444][ T668] __x64_sys_write+0x7b/0x90 [ 161.536014][ T668] do_syscall_64+0x34/0x70 [ 161.540405][ T668] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 161.546270][ T668] RIP: 0033:0x7fc8ece62c09 [ 161.550663][ T668] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 161.570249][ T668] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 672] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 668] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 668] close(3) = 0 [pid 668] close(4) = 0 [pid 668] close(5) = 0 [pid 668] close(6) = -1 EBADF (Bad file descriptor) [pid 668] close(7) = -1 EBADF (Bad file descriptor) [pid 668] close(8) = -1 EBADF (Bad file descriptor) [pid 668] close(9) = -1 EBADF (Bad file descriptor) [pid 668] close(10) = -1 EBADF (Bad file descriptor) [pid 668] close(11) = -1 EBADF (Bad file descriptor) [pid 668] close(12) = -1 EBADF (Bad file descriptor) [pid 668] close(13) = -1 EBADF (Bad file descriptor) [pid 668] close(14) = -1 EBADF (Bad file descriptor) [pid 668] close(15) = -1 EBADF (Bad file descriptor) [pid 668] close(16) = -1 EBADF (Bad file descriptor) [pid 668] close(17) = -1 EBADF (Bad file descriptor) [pid 668] close(18) = -1 EBADF (Bad file descriptor) [pid 668] close(19) = -1 EBADF (Bad file descriptor) [pid 668] close(20) = -1 EBADF (Bad file descriptor) [pid 668] close(21) = -1 EBADF (Bad file descriptor) [pid 668] close(22) = -1 EBADF (Bad file descriptor) [pid 668] close(23) = -1 EBADF (Bad file descriptor) [pid 668] close(24) = -1 EBADF (Bad file descriptor) [pid 668] close(25) = -1 EBADF (Bad file descriptor) [pid 668] close(26) = -1 EBADF (Bad file descriptor) [pid 668] close(27) = -1 EBADF (Bad file descriptor) [pid 668] close(28) = -1 EBADF (Bad file descriptor) [pid 668] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 668] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 668] exit_group(0) = ? [pid 672] <... mount resumed>) = 0 [pid 668] +++ exited with 0 +++ [pid 672] open("./file0", O_RDONLY [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 672] <... open resumed>) = 3 [pid 672] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 672] write(4, "-pids ", 6 [pid 376] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./45/binderfs") = 0 [pid 376] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./45/cgroup") = 0 [pid 376] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./45/cgroup.net") = 0 [pid 376] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./45/file0") = 0 [pid 376] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./45/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./45") = 0 [pid 376] mkdir("./46", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 673 attached , child_tidptr=0x555556fab5d0) = 48 [pid 673] chdir("./46") = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 673] setpgid(0, 0) = 0 [pid 673] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 673] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 673] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 673] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 673] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 672] <... write resumed>) = 6 [pid 671] <... write resumed>) = 6 [pid 670] <... write resumed>) = 6 [pid 669] <... write resumed>) = 6 [pid 666] <... write resumed>) = 6 [pid 673] <... mount resumed>) = 0 [pid 672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 671] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 673] open("./file0", O_RDONLY [pid 672] <... openat resumed>) = 5 [pid 673] <... open resumed>) = 3 [pid 672] write(5, "22", 2 [pid 671] <... openat resumed>) = 5 [pid 673] openat(3, "cgroup.subtree_control", O_RDWR [pid 672] <... write resumed>) = 2 [pid 670] <... openat resumed>) = 5 [pid 673] <... openat resumed>) = 4 [ 161.578641][ T668] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 161.586595][ T668] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 161.594548][ T668] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 161.602511][ T668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 161.610503][ T668] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002d [ 161.621123][ T668] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 672] write(4, "+pids ", 6 [pid 669] <... openat resumed>) = 5 [pid 673] write(4, "-pids ", 6 [pid 671] write(5, "22", 2 [pid 670] write(5, "22", 2 [pid 669] write(5, "22", 2 [pid 666] <... openat resumed>) = 5 [pid 671] <... write resumed>) = 2 [pid 670] <... write resumed>) = 2 [pid 669] <... write resumed>) = 2 [pid 666] write(5, "22", 2 [pid 671] write(4, "+pids ", 6 [pid 670] write(4, "+pids ", 6 [pid 669] write(4, "+pids ", 6 [pid 666] <... write resumed>) = 2 [ 161.642794][ T672] FAULT_INJECTION: forcing a failure. [ 161.642794][ T672] name failslab, interval 1, probability 0, space 0, times 0 [ 161.656169][ T672] CPU: 0 PID: 672 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 161.667779][ T672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.677807][ T672] Call Trace: [ 161.681084][ T672] dump_stack_lvl+0x1e2/0x24b [ 161.685747][ T672] ? panic+0x7d7/0x7d7 [ 161.689788][ T672] ? bfq_pos_tree_add_move+0x43e/0x43e [ 161.695223][ T672] ? find_next_bit+0xd6/0x120 [ 161.699873][ T672] ? cpumask_next+0x11/0x30 [ 161.704350][ T672] dump_stack+0x15/0x17 [ 161.708480][ T672] should_fail+0x3c0/0x510 [ 161.712870][ T672] ? percpu_ref_init+0xd0/0x330 [ 161.717703][ T672] __should_failslab+0x9f/0xe0 [ 161.722450][ T672] should_failslab+0x9/0x20 [ 161.726940][ T672] kmem_cache_alloc_trace+0x3a/0x330 [ 161.732215][ T672] percpu_ref_init+0xd0/0x330 [ 161.736877][ T672] ? cgroup_setup_root+0xea0/0xea0 [ 161.741989][ T672] cgroup_apply_control_enable+0x3a2/0x12f0 [ 161.747854][ T672] cgroup_apply_control+0x93/0x710 [ 161.752939][ T672] ? css_next_child+0x160/0x160 [ 161.757777][ T672] ? stack_trace_save+0x12d/0x1f0 [ 161.762785][ T672] ? io_schedule+0x120/0x120 [ 161.767358][ T672] ? kernfs_fop_write_iter+0x15e/0x410 [ 161.772809][ T672] ? __kasan_check_write+0x14/0x20 [ 161.777911][ T672] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 161.783177][ T672] cgroup_subtree_control_write+0xd19/0x1310 [ 161.789132][ T672] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 161.795083][ T672] ? __kasan_check_write+0x14/0x20 [ 161.800171][ T672] ? _copy_from_iter+0x3fb/0xd60 [ 161.805095][ T672] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 161.811046][ T672] cgroup_file_write+0x28e/0x590 [ 161.815955][ T672] ? cgroup_seqfile_stop+0xc0/0xc0 [ 161.821047][ T672] ? mutex_lock+0xa6/0x110 [ 161.825446][ T672] ? mutex_trylock+0xb0/0xb0 [ 161.830007][ T672] ? __kasan_check_write+0x14/0x20 [ 161.835090][ T672] kernfs_fop_write_iter+0x2d0/0x410 [ 161.840348][ T672] ? cgroup_seqfile_stop+0xc0/0xc0 [ 161.845435][ T672] vfs_write+0xc1c/0xf40 [ 161.849849][ T672] ? __kasan_check_write+0x14/0x20 [ 161.854938][ T672] ? kernel_write+0x3c0/0x3c0 [ 161.859587][ T672] ? _raw_spin_unlock_irq+0x4e/0x70 [ 161.864757][ T672] ? ptrace_stop+0x6ff/0x9f0 [ 161.869331][ T672] ? __kasan_check_read+0x11/0x20 [ 161.874338][ T672] ? __fdget_pos+0x27e/0x310 [ 161.878908][ T672] ksys_write+0x198/0x2c0 [ 161.883221][ T672] ? do_notify_parent+0xa60/0xa60 [ 161.888228][ T672] ? __ia32_sys_read+0x90/0x90 [ 161.892973][ T672] ? __ia32_sys_open+0x270/0x270 [ 161.897883][ T672] __x64_sys_write+0x7b/0x90 [ 161.902446][ T672] do_syscall_64+0x34/0x70 [ 161.906839][ T672] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 161.912703][ T672] RIP: 0033:0x7fc8ece62c09 [ 161.917093][ T672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 666] write(4, "+pids ", 6 [pid 672] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 672] close(3) = 0 [pid 672] close(4) = 0 [pid 672] close(5) = 0 [pid 672] close(6) = -1 EBADF (Bad file descriptor) [pid 672] close(7) = -1 EBADF (Bad file descriptor) [pid 672] close(8) = -1 EBADF (Bad file descriptor) [pid 672] close(9) = -1 EBADF (Bad file descriptor) [pid 672] close(10) = -1 EBADF (Bad file descriptor) [pid 672] close(11) = -1 EBADF (Bad file descriptor) [pid 672] close(12) = -1 EBADF (Bad file descriptor) [pid 672] close(13) = -1 EBADF (Bad file descriptor) [pid 672] close(14) = -1 EBADF (Bad file descriptor) [pid 672] close(15) = -1 EBADF (Bad file descriptor) [pid 672] close(16) = -1 EBADF (Bad file descriptor) [pid 672] close(17) = -1 EBADF (Bad file descriptor) [pid 672] close(18) = -1 EBADF (Bad file descriptor) [pid 672] close(19) = -1 EBADF (Bad file descriptor) [pid 672] close(20) = -1 EBADF (Bad file descriptor) [pid 672] close(21) = -1 EBADF (Bad file descriptor) [pid 672] close(22) = -1 EBADF (Bad file descriptor) [pid 672] close(23) = -1 EBADF (Bad file descriptor) [pid 672] close(24) = -1 EBADF (Bad file descriptor) [pid 672] close(25) = -1 EBADF (Bad file descriptor) [pid 672] close(26) = -1 EBADF (Bad file descriptor) [pid 672] close(27) = -1 EBADF (Bad file descriptor) [pid 672] close(28) = -1 EBADF (Bad file descriptor) [pid 672] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 672] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 672] exit_group(0) = ? [pid 672] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./49/binderfs") = 0 [pid 381] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./49/cgroup") = 0 [pid 381] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./49/cgroup.net") = 0 [pid 381] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./49/file0") = 0 [pid 381] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./49/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./49") = 0 [pid 381] mkdir("./50", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 674 attached [pid 674] chdir("./50") = 0 [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 52 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [ 161.936678][ T672] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.945076][ T672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 161.953039][ T672] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 161.960987][ T672] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 161.968940][ T672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 161.976989][ T672] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [pid 674] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 674] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 674] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 162.000523][ T666] FAULT_INJECTION: forcing a failure. [ 162.000523][ T666] name failslab, interval 1, probability 0, space 0, times 0 [ 162.013436][ T666] CPU: 0 PID: 666 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 162.025053][ T666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.035093][ T666] Call Trace: [ 162.038356][ T666] dump_stack_lvl+0x1e2/0x24b [ 162.043008][ T666] ? bfq_pos_tree_add_move+0x43e/0x43e [ 162.048439][ T666] ? selinux_kernfs_init_security+0x1a8/0x760 [ 162.054486][ T666] dump_stack+0x15/0x17 [ 162.058623][ T666] should_fail+0x3c0/0x510 [ 162.063016][ T666] ? __kernfs_new_node+0x99/0x6e0 [ 162.068019][ T666] __should_failslab+0x9f/0xe0 [ 162.072777][ T666] should_failslab+0x9/0x20 [ 162.077261][ T666] __kmalloc_track_caller+0x5f/0x350 [ 162.082517][ T666] kstrdup_const+0x55/0x90 [ 162.086911][ T666] __kernfs_new_node+0x99/0x6e0 [ 162.091744][ T666] ? is_module_text_address+0xe1/0x140 [ 162.097186][ T666] ? kernfs_new_node+0x170/0x170 [ 162.102106][ T666] ? ptr_to_hashval+0x60/0x60 [ 162.106753][ T666] ? arch_stack_walk+0xf8/0x140 [ 162.111586][ T666] ? snprintf+0xd6/0x120 [ 162.115798][ T666] kernfs_new_node+0x97/0x170 [ 162.120456][ T666] __kernfs_create_file+0x4a/0x270 [ 162.125560][ T666] cgroup_addrm_files+0xab8/0xfe0 [ 162.130568][ T666] ? ____kasan_kmalloc+0xdc/0x110 [ 162.135562][ T666] ? __kasan_kmalloc+0x9/0x10 [ 162.140210][ T666] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 162.145728][ T666] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 162.151853][ T666] ? delete_node+0x759/0x7b0 [ 162.156427][ T666] ? __kasan_check_read+0x11/0x20 [ 162.161429][ T666] ? delete_node+0x759/0x7b0 [ 162.165988][ T666] ? __kasan_check_write+0x14/0x20 [ 162.171072][ T666] ? idr_replace+0x1c4/0x230 [ 162.175638][ T666] ? idr_get_next+0x4b0/0x4b0 [ 162.180296][ T666] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 162.185292][ T666] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 162.190464][ T666] css_populate_dir+0x137/0x370 [ 162.195288][ T666] cgroup_apply_control_enable+0x8b9/0x12f0 [ 162.201151][ T666] cgroup_apply_control+0x93/0x710 [ 162.206237][ T666] ? css_next_child+0x160/0x160 [ 162.211061][ T666] ? io_schedule+0x120/0x120 [ 162.215623][ T666] ? kernfs_fop_write_iter+0x15e/0x410 [ 162.221051][ T666] ? __kasan_check_write+0x14/0x20 [ 162.226134][ T666] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 162.231388][ T666] cgroup_subtree_control_write+0xd19/0x1310 [ 162.237344][ T666] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 162.243299][ T666] ? __kasan_check_write+0x14/0x20 [ 162.248382][ T666] ? _copy_from_iter+0x3fb/0xd60 [ 162.253290][ T666] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 162.259238][ T666] cgroup_file_write+0x28e/0x590 [ 162.264154][ T666] ? cgroup_seqfile_stop+0xc0/0xc0 [ 162.269261][ T666] ? mutex_lock+0xa6/0x110 [ 162.273767][ T666] ? mutex_trylock+0xb0/0xb0 [ 162.278338][ T666] ? __kasan_check_write+0x14/0x20 [ 162.283447][ T666] kernfs_fop_write_iter+0x2d0/0x410 [ 162.288715][ T666] ? cgroup_seqfile_stop+0xc0/0xc0 [ 162.293810][ T666] vfs_write+0xc1c/0xf40 [ 162.298025][ T666] ? __kasan_check_write+0x14/0x20 [ 162.303118][ T666] ? kernel_write+0x3c0/0x3c0 [ 162.307776][ T666] ? _raw_spin_unlock_irq+0x4e/0x70 [ 162.312946][ T666] ? ptrace_stop+0x6ff/0x9f0 [ 162.317512][ T666] ? __kasan_check_read+0x11/0x20 [ 162.322514][ T666] ? __fdget_pos+0x27e/0x310 [ 162.327078][ T666] ksys_write+0x198/0x2c0 [ 162.331391][ T666] ? do_notify_parent+0xa60/0xa60 [ 162.336407][ T666] ? __ia32_sys_read+0x90/0x90 [ 162.341152][ T666] ? __ia32_sys_open+0x270/0x270 [ 162.346082][ T666] __x64_sys_write+0x7b/0x90 [ 162.350658][ T666] do_syscall_64+0x34/0x70 [ 162.355056][ T666] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 162.360926][ T666] RIP: 0033:0x7fc8ece62c09 [ 162.365325][ T666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.384909][ T666] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.393293][ T666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 674] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 666] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 674] open("./file0", O_RDONLY) = 3 [pid 674] openat(3, "cgroup.subtree_control", O_RDWR [pid 666] close(3 [pid 674] <... openat resumed>) = 4 [pid 674] write(4, "-pids ", 6 [pid 666] <... close resumed>) = 0 [pid 666] close(4) = 0 [pid 666] close(5) = 0 [pid 666] close(6) = -1 EBADF (Bad file descriptor) [pid 666] close(7) = -1 EBADF (Bad file descriptor) [pid 666] close(8) = -1 EBADF (Bad file descriptor) [pid 666] close(9) = -1 EBADF (Bad file descriptor) [pid 666] close(10) = -1 EBADF (Bad file descriptor) [pid 666] close(11) = -1 EBADF (Bad file descriptor) [pid 666] close(12) = -1 EBADF (Bad file descriptor) [pid 666] close(13) = -1 EBADF (Bad file descriptor) [pid 666] close(14) = -1 EBADF (Bad file descriptor) [pid 666] close(15) = -1 EBADF (Bad file descriptor) [pid 666] close(16) = -1 EBADF (Bad file descriptor) [pid 666] close(17) = -1 EBADF (Bad file descriptor) [pid 666] close(18) = -1 EBADF (Bad file descriptor) [pid 666] close(19) = -1 EBADF (Bad file descriptor) [pid 666] close(20) = -1 EBADF (Bad file descriptor) [pid 666] close(21) = -1 EBADF (Bad file descriptor) [pid 666] close(22) = -1 EBADF (Bad file descriptor) [pid 666] close(23) = -1 EBADF (Bad file descriptor) [pid 666] close(24) = -1 EBADF (Bad file descriptor) [pid 666] close(25) = -1 EBADF (Bad file descriptor) [pid 666] close(26) = -1 EBADF (Bad file descriptor) [pid 666] close(27) = -1 EBADF (Bad file descriptor) [pid 666] close(28) = -1 EBADF (Bad file descriptor) [pid 666] close(29) = -1 EBADF (Bad file descriptor) [pid 666] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 666] exit_group(0) = ? [pid 666] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [ 162.401237][ T666] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 162.409204][ T666] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 162.417150][ T666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 162.425115][ T666] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 162.435643][ T666] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 382] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 673] <... write resumed>) = 6 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./50/binderfs") = 0 [pid 382] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./50/cgroup") = 0 [pid 382] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./50/cgroup.net") = 0 [pid 382] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 673] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 382] <... umount2 resumed>) = 0 [pid 382] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [ 162.460563][ T670] FAULT_INJECTION: forcing a failure. [ 162.460563][ T670] name failslab, interval 1, probability 0, space 0, times 0 [ 162.473261][ T670] CPU: 1 PID: 670 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 162.484875][ T670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.494909][ T670] Call Trace: [ 162.498184][ T670] dump_stack_lvl+0x1e2/0x24b [ 162.502841][ T670] ? bfq_pos_tree_add_move+0x43e/0x43e [ 162.508277][ T670] ? selinux_kernfs_init_security+0x1a8/0x760 [ 162.514319][ T670] dump_stack+0x15/0x17 [ 162.518453][ T670] should_fail+0x3c0/0x510 [ 162.522846][ T670] ? __kernfs_new_node+0x99/0x6e0 [ 162.527861][ T670] __should_failslab+0x9f/0xe0 [ 162.532621][ T670] should_failslab+0x9/0x20 [ 162.537201][ T670] __kmalloc_track_caller+0x5f/0x350 [ 162.542466][ T670] kstrdup_const+0x55/0x90 [ 162.546865][ T670] __kernfs_new_node+0x99/0x6e0 [ 162.551697][ T670] ? is_module_text_address+0xe1/0x140 [ 162.557145][ T670] ? kernfs_new_node+0x170/0x170 [ 162.562066][ T670] ? ptr_to_hashval+0x60/0x60 [ 162.566725][ T670] ? arch_stack_walk+0xf8/0x140 [ 162.571561][ T670] ? snprintf+0xd6/0x120 [ 162.575789][ T670] kernfs_new_node+0x97/0x170 [ 162.580445][ T670] __kernfs_create_file+0x4a/0x270 [ 162.585542][ T670] cgroup_addrm_files+0xab8/0xfe0 [ 162.590547][ T670] ? ____kasan_kmalloc+0xdc/0x110 [ 162.595547][ T670] ? __kasan_kmalloc+0x9/0x10 [ 162.600210][ T670] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 162.605733][ T670] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 162.611869][ T670] ? delete_node+0x759/0x7b0 [ 162.616439][ T670] ? __kasan_check_read+0x11/0x20 [ 162.621440][ T670] ? delete_node+0x759/0x7b0 [ 162.626006][ T670] ? __kasan_check_write+0x14/0x20 [ 162.631099][ T670] ? idr_replace+0x1c4/0x230 [ 162.635665][ T670] ? idr_get_next+0x4b0/0x4b0 [ 162.640317][ T670] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 162.645317][ T670] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 162.650493][ T670] css_populate_dir+0x137/0x370 [ 162.655325][ T670] cgroup_apply_control_enable+0x8b9/0x12f0 [ 162.661199][ T670] cgroup_apply_control+0x93/0x710 [ 162.666289][ T670] ? css_next_child+0x160/0x160 [ 162.671116][ T670] ? stack_trace_save+0x12d/0x1f0 [ 162.676118][ T670] ? io_schedule+0x120/0x120 [ 162.680684][ T670] ? kernfs_fop_write_iter+0x15e/0x410 [ 162.686119][ T670] ? __kasan_check_write+0x14/0x20 [ 162.691216][ T670] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 162.696486][ T670] cgroup_subtree_control_write+0xd19/0x1310 [ 162.702444][ T670] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 162.708405][ T670] ? __kasan_check_write+0x14/0x20 [ 162.713508][ T670] ? _copy_from_iter+0x3fb/0xd60 [ 162.718427][ T670] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 162.724382][ T670] cgroup_file_write+0x28e/0x590 [ 162.729295][ T670] ? cgroup_seqfile_stop+0xc0/0xc0 [ 162.734395][ T670] ? mutex_lock+0xa6/0x110 [ 162.738794][ T670] ? mutex_trylock+0xb0/0xb0 [ 162.743364][ T670] ? __kasan_check_write+0x14/0x20 [ 162.748477][ T670] kernfs_fop_write_iter+0x2d0/0x410 [ 162.753743][ T670] ? cgroup_seqfile_stop+0xc0/0xc0 [ 162.758833][ T670] vfs_write+0xc1c/0xf40 [ 162.763058][ T670] ? __kasan_check_write+0x14/0x20 [ 162.768145][ T670] ? kernel_write+0x3c0/0x3c0 [ 162.772815][ T670] ? _raw_spin_unlock_irq+0x4e/0x70 [ 162.777999][ T670] ? ptrace_stop+0x6ff/0x9f0 [ 162.782577][ T670] ? __kasan_check_read+0x11/0x20 [ 162.787583][ T670] ? __fdget_pos+0x27e/0x310 [ 162.792157][ T670] ksys_write+0x198/0x2c0 [ 162.796473][ T670] ? do_notify_parent+0xa60/0xa60 [ 162.801480][ T670] ? __ia32_sys_read+0x90/0x90 [ 162.806225][ T670] ? __ia32_sys_open+0x270/0x270 [ 162.811140][ T670] __x64_sys_write+0x7b/0x90 [ 162.815709][ T670] do_syscall_64+0x34/0x70 [ 162.820116][ T670] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 162.825994][ T670] RIP: 0033:0x7fc8ece62c09 [ 162.830390][ T670] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 162.849983][ T670] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./50/file0") = 0 [pid 382] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./50/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./50") = 0 [pid 382] mkdir("./51", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 53 [pid 673] <... openat resumed>) = 5 [pid 673] write(5, "22", 2) = 2 [pid 673] write(4, "+pids ", 6./strace-static-x86_64: Process 675 attached [pid 675] chdir("./51") = 0 [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 675] setpgid(0, 0) = 0 [pid 675] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 675] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 675] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 675] write(3, "1000", 4) = 4 [pid 675] close(3) = 0 [pid 675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 675] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 675] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 670] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 675] open("./file0", O_RDONLY [pid 670] close(3 [pid 675] <... open resumed>) = 3 [pid 670] <... close resumed>) = 0 [pid 675] openat(3, "cgroup.subtree_control", O_RDWR [pid 670] close(4) = 0 [pid 670] close(5) = 0 [pid 670] close(6) = -1 EBADF (Bad file descriptor) [pid 670] close(7) = -1 EBADF (Bad file descriptor) [pid 670] close(8) = -1 EBADF (Bad file descriptor) [pid 670] close(9) = -1 EBADF (Bad file descriptor) [pid 670] close(10) = -1 EBADF (Bad file descriptor) [pid 670] close(11) = -1 EBADF (Bad file descriptor) [pid 670] close(12) = -1 EBADF (Bad file descriptor) [pid 670] close(13) = -1 EBADF (Bad file descriptor) [pid 670] close(14) = -1 EBADF (Bad file descriptor) [pid 670] close(15) = -1 EBADF (Bad file descriptor) [pid 670] close(16) = -1 EBADF (Bad file descriptor) [pid 670] close(17) = -1 EBADF (Bad file descriptor) [pid 670] close(18) = -1 EBADF (Bad file descriptor) [pid 670] close(19) = -1 EBADF (Bad file descriptor) [pid 670] close(20) = -1 EBADF (Bad file descriptor) [pid 670] close(21) = -1 EBADF (Bad file descriptor) [pid 670] close(22) = -1 EBADF (Bad file descriptor) [pid 670] close(23) = -1 EBADF (Bad file descriptor) [pid 670] close(24) = -1 EBADF (Bad file descriptor) [pid 670] close(25) = -1 EBADF (Bad file descriptor) [pid 670] close(26) = -1 EBADF (Bad file descriptor) [pid 670] close(27) = -1 EBADF (Bad file descriptor) [pid 670] close(28) = -1 EBADF (Bad file descriptor) [pid 670] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 670] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 670] exit_group(0) = ? [pid 670] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 675] <... openat resumed>) = 4 [pid 675] write(4, "-pids ", 6 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./52/binderfs") = 0 [pid 375] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./52/cgroup") = 0 [pid 375] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./52/cgroup.net") = 0 [pid 375] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./52/file0") = 0 [pid 375] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./52/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./52") = 0 [pid 375] mkdir("./53", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 676 attached , child_tidptr=0x555556fab5d0) = 55 [pid 676] chdir("./53") = 0 [ 162.858383][ T670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 162.866344][ T670] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 162.874297][ T670] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 162.882252][ T670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 162.890202][ T670] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [ 162.901158][ T670] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 676] setpgid(0, 0) = 0 [pid 676] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 675] <... write resumed>) = 6 [pid 676] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 676] <... symlink resumed>) = 0 [pid 675] <... openat resumed>) = 5 [pid 676] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 675] write(5, "22", 2 [pid 676] <... symlink resumed>) = 0 [pid 675] <... write resumed>) = 2 [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 675] write(4, "+pids ", 6 [pid 676] <... openat resumed>) = 3 [pid 676] write(3, "1000", 4) = 4 [pid 676] close(3) = 0 [pid 676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 676] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 162.930481][ T673] FAULT_INJECTION: forcing a failure. [ 162.930481][ T673] name failslab, interval 1, probability 0, space 0, times 0 [ 162.943297][ T673] CPU: 1 PID: 673 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 162.954907][ T673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.964940][ T673] Call Trace: [ 162.968211][ T673] dump_stack_lvl+0x1e2/0x24b [ 162.972864][ T673] ? bfq_pos_tree_add_move+0x43e/0x43e [ 162.978296][ T673] dump_stack+0x15/0x17 [ 162.982426][ T673] should_fail+0x3c0/0x510 [ 162.986840][ T673] ? __kernfs_new_node+0x99/0x6e0 [ 162.991839][ T673] __should_failslab+0x9f/0xe0 [ 162.996578][ T673] should_failslab+0x9/0x20 [ 163.001068][ T673] __kmalloc_track_caller+0x5f/0x350 [ 163.006337][ T673] kstrdup_const+0x55/0x90 [ 163.010729][ T673] __kernfs_new_node+0x99/0x6e0 [ 163.015562][ T673] ? is_module_text_address+0xe1/0x140 [ 163.020998][ T673] ? kernfs_new_node+0x170/0x170 [ 163.025914][ T673] ? ptr_to_hashval+0x60/0x60 [ 163.030563][ T673] ? arch_stack_walk+0xf8/0x140 [ 163.035400][ T673] ? snprintf+0xd6/0x120 [ 163.039634][ T673] kernfs_new_node+0x97/0x170 [ 163.044305][ T673] __kernfs_create_file+0x4a/0x270 [ 163.049399][ T673] cgroup_addrm_files+0xab8/0xfe0 [ 163.054405][ T673] ? ____kasan_kmalloc+0xdc/0x110 [ 163.059410][ T673] ? __kasan_kmalloc+0x9/0x10 [ 163.064060][ T673] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 163.069579][ T673] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 163.075714][ T673] ? delete_node+0x759/0x7b0 [ 163.080280][ T673] ? __kasan_check_read+0x11/0x20 [ 163.085285][ T673] ? delete_node+0x759/0x7b0 [ 163.089867][ T673] ? __kasan_check_write+0x14/0x20 [ 163.094963][ T673] ? idr_replace+0x1c4/0x230 [ 163.099527][ T673] ? idr_get_next+0x4b0/0x4b0 [ 163.104177][ T673] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 163.109183][ T673] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 163.114363][ T673] css_populate_dir+0x137/0x370 [ 163.119196][ T673] cgroup_apply_control_enable+0x8b9/0x12f0 [ 163.125077][ T673] cgroup_apply_control+0x93/0x710 [ 163.130170][ T673] ? css_next_child+0x160/0x160 [ 163.135005][ T673] ? io_schedule+0x120/0x120 [ 163.139571][ T673] ? kernfs_fop_write_iter+0x15e/0x410 [ 163.145006][ T673] ? __kasan_check_write+0x14/0x20 [ 163.150099][ T673] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 163.155357][ T673] cgroup_subtree_control_write+0xd19/0x1310 [ 163.161312][ T673] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 163.167263][ T673] ? __kasan_check_write+0x14/0x20 [ 163.172347][ T673] ? _copy_from_iter+0x3fb/0xd60 [ 163.177266][ T673] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 163.183234][ T673] cgroup_file_write+0x28e/0x590 [ 163.188150][ T673] ? cgroup_seqfile_stop+0xc0/0xc0 [ 163.193245][ T673] ? mutex_lock+0xa6/0x110 [ 163.197652][ T673] ? mutex_trylock+0xb0/0xb0 [ 163.202236][ T673] ? __kasan_check_write+0x14/0x20 [ 163.207333][ T673] kernfs_fop_write_iter+0x2d0/0x410 [ 163.212602][ T673] ? cgroup_seqfile_stop+0xc0/0xc0 [ 163.217699][ T673] vfs_write+0xc1c/0xf40 [ 163.221914][ T673] ? __kasan_check_write+0x14/0x20 [ 163.227006][ T673] ? kernel_write+0x3c0/0x3c0 [ 163.231675][ T673] ? _raw_spin_unlock_irq+0x4e/0x70 [ 163.236875][ T673] ? ptrace_stop+0x6ff/0x9f0 [ 163.241471][ T673] ? __kasan_check_read+0x11/0x20 [ 163.246476][ T673] ? __fdget_pos+0x27e/0x310 [ 163.251043][ T673] ksys_write+0x198/0x2c0 [ 163.255348][ T673] ? do_notify_parent+0xa60/0xa60 [ 163.260354][ T673] ? __ia32_sys_read+0x90/0x90 [ 163.265103][ T673] ? __ia32_sys_open+0x270/0x270 [ 163.270024][ T673] __x64_sys_write+0x7b/0x90 [ 163.274599][ T673] do_syscall_64+0x34/0x70 [ 163.278991][ T673] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 163.284855][ T673] RIP: 0033:0x7fc8ece62c09 [ 163.289256][ T673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.308844][ T673] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 163.317230][ T673] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 676] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 676] open("./file0", O_RDONLY [pid 673] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 676] <... open resumed>) = 3 [pid 673] close(3) = 0 [pid 673] close(4) = 0 [pid 673] close(5) = 0 [pid 673] close(6) = -1 EBADF (Bad file descriptor) [pid 676] openat(3, "cgroup.subtree_control", O_RDWR [pid 673] close(7) = -1 EBADF (Bad file descriptor) [pid 676] <... openat resumed>) = 4 [pid 673] close(8) = -1 EBADF (Bad file descriptor) [pid 673] close(9) = -1 EBADF (Bad file descriptor) [pid 673] close(10) = -1 EBADF (Bad file descriptor) [pid 673] close(11) = -1 EBADF (Bad file descriptor) [pid 673] close(12) = -1 EBADF (Bad file descriptor) [pid 673] close(13) = -1 EBADF (Bad file descriptor) [pid 673] close(14) = -1 EBADF (Bad file descriptor) [pid 673] close(15) = -1 EBADF (Bad file descriptor) [pid 673] close(16) = -1 EBADF (Bad file descriptor) [pid 673] close(17) = -1 EBADF (Bad file descriptor) [pid 673] close(18) = -1 EBADF (Bad file descriptor) [pid 673] close(19) = -1 EBADF (Bad file descriptor) [pid 673] close(20) = -1 EBADF (Bad file descriptor) [pid 673] close(21) = -1 EBADF (Bad file descriptor) [pid 673] close(22) = -1 EBADF (Bad file descriptor) [pid 673] close(23) = -1 EBADF (Bad file descriptor) [pid 673] close(24) = -1 EBADF (Bad file descriptor) [pid 673] close(25) = -1 EBADF (Bad file descriptor) [pid 673] close(26) = -1 EBADF (Bad file descriptor) [pid 673] close(27) = -1 EBADF (Bad file descriptor) [pid 673] close(28) = -1 EBADF (Bad file descriptor) [pid 673] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 673] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 673] exit_group(0) = ? [pid 676] write(4, "-pids ", 6 [pid 673] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./46/binderfs") = 0 [pid 376] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./46/cgroup") = 0 [pid 376] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./46/cgroup.net") = 0 [pid 376] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./46/file0") = 0 [pid 376] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./46/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./46") = 0 [pid 376] mkdir("./47", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 677 attached , child_tidptr=0x555556fab5d0) = 49 [pid 677] chdir("./47") = 0 [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 677] setpgid(0, 0) = 0 [pid 677] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 677] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 677] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 677] write(3, "1000", 4) = 4 [pid 677] close(3) = 0 [pid 677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 677] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 677] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 677] open("./file0", O_RDONLY) = 3 [pid 677] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 163.325187][ T673] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 163.333152][ T673] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 163.341108][ T673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 163.349055][ T673] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 163.357952][ T673] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 677] write(4, "-pids ", 6) = 6 [pid 676] <... write resumed>) = 6 [pid 677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 677] write(5, "22", 2) = 2 [pid 677] write(4, "+pids ", 6 [pid 676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 676] write(5, "22", 2) = 2 [ 163.410496][ T669] FAULT_INJECTION: forcing a failure. [ 163.410496][ T669] name failslab, interval 1, probability 0, space 0, times 0 [ 163.423137][ T669] CPU: 0 PID: 669 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 163.434743][ T669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.444784][ T669] Call Trace: [ 163.448063][ T669] dump_stack_lvl+0x1e2/0x24b [ 163.452716][ T669] ? bfq_pos_tree_add_move+0x43e/0x43e [ 163.458160][ T669] ? selinux_kernfs_init_security+0x1a8/0x760 [ 163.464217][ T669] dump_stack+0x15/0x17 [ 163.468360][ T669] should_fail+0x3c0/0x510 [ 163.472766][ T669] ? __kernfs_new_node+0x99/0x6e0 [ 163.477776][ T669] __should_failslab+0x9f/0xe0 [ 163.482515][ T669] should_failslab+0x9/0x20 [ 163.486994][ T669] __kmalloc_track_caller+0x5f/0x350 [ 163.492262][ T669] kstrdup_const+0x55/0x90 [ 163.496696][ T669] __kernfs_new_node+0x99/0x6e0 [ 163.501532][ T669] ? is_module_text_address+0xe1/0x140 [ 163.506975][ T669] ? kernfs_new_node+0x170/0x170 [ 163.511896][ T669] ? ptr_to_hashval+0x60/0x60 [ 163.516548][ T669] ? arch_stack_walk+0xf8/0x140 [ 163.521378][ T669] ? snprintf+0xd6/0x120 [ 163.525606][ T669] kernfs_new_node+0x97/0x170 [ 163.530263][ T669] __kernfs_create_file+0x4a/0x270 [ 163.535356][ T669] cgroup_addrm_files+0xab8/0xfe0 [ 163.540375][ T669] ? ____kasan_kmalloc+0xdc/0x110 [ 163.545382][ T669] ? __kasan_kmalloc+0x9/0x10 [ 163.550045][ T669] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 163.555568][ T669] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 163.561699][ T669] ? delete_node+0x759/0x7b0 [ 163.566272][ T669] ? __kasan_check_read+0x11/0x20 [ 163.571279][ T669] ? delete_node+0x759/0x7b0 [ 163.575843][ T669] ? __kasan_check_write+0x14/0x20 [ 163.580932][ T669] ? idr_replace+0x1c4/0x230 [ 163.585508][ T669] ? idr_get_next+0x4b0/0x4b0 [ 163.590176][ T669] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 163.595184][ T669] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 163.600364][ T669] css_populate_dir+0x137/0x370 [ 163.605200][ T669] cgroup_apply_control_enable+0x8b9/0x12f0 [ 163.611069][ T669] cgroup_apply_control+0x93/0x710 [ 163.616155][ T669] ? css_next_child+0x160/0x160 [ 163.621041][ T669] ? stack_trace_save+0x12d/0x1f0 [ 163.626049][ T669] ? io_schedule+0x120/0x120 [ 163.630613][ T669] ? kernfs_fop_write_iter+0x15e/0x410 [ 163.636047][ T669] ? __kasan_check_write+0x14/0x20 [ 163.641131][ T669] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 163.646389][ T669] cgroup_subtree_control_write+0xd19/0x1310 [ 163.652341][ T669] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 163.658293][ T669] ? __kasan_check_write+0x14/0x20 [ 163.663379][ T669] ? _copy_from_iter+0x3fb/0xd60 [ 163.668299][ T669] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 163.674268][ T669] cgroup_file_write+0x28e/0x590 [ 163.679192][ T669] ? cgroup_seqfile_stop+0xc0/0xc0 [ 163.684277][ T669] ? mutex_lock+0xa6/0x110 [ 163.688675][ T669] ? mutex_trylock+0xb0/0xb0 [ 163.693245][ T669] ? __kasan_check_write+0x14/0x20 [ 163.698338][ T669] kernfs_fop_write_iter+0x2d0/0x410 [ 163.703602][ T669] ? cgroup_seqfile_stop+0xc0/0xc0 [ 163.708696][ T669] vfs_write+0xc1c/0xf40 [ 163.712923][ T669] ? __kasan_check_write+0x14/0x20 [ 163.718012][ T669] ? kernel_write+0x3c0/0x3c0 [ 163.722668][ T669] ? _raw_spin_unlock_irq+0x4e/0x70 [ 163.727840][ T669] ? ptrace_stop+0x6ff/0x9f0 [ 163.732405][ T669] ? __kasan_check_read+0x11/0x20 [ 163.737403][ T669] ? __fdget_pos+0x27e/0x310 [ 163.741967][ T669] ksys_write+0x198/0x2c0 [ 163.746276][ T669] ? do_notify_parent+0xa60/0xa60 [ 163.751274][ T669] ? __ia32_sys_read+0x90/0x90 [ 163.756010][ T669] ? __ia32_sys_open+0x270/0x270 [ 163.760937][ T669] __x64_sys_write+0x7b/0x90 [ 163.765514][ T669] do_syscall_64+0x34/0x70 [ 163.769903][ T669] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 163.775776][ T669] RIP: 0033:0x7fc8ece62c09 [ 163.780172][ T669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.799782][ T669] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 676] write(4, "+pids ", 6 [pid 669] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 669] close(3) = 0 [pid 669] close(4) = 0 [pid 669] close(5) = 0 [pid 669] close(6) = -1 EBADF (Bad file descriptor) [pid 669] close(7) = -1 EBADF (Bad file descriptor) [pid 669] close(8) = -1 EBADF (Bad file descriptor) [pid 669] close(9) = -1 EBADF (Bad file descriptor) [pid 669] close(10) = -1 EBADF (Bad file descriptor) [pid 669] close(11) = -1 EBADF (Bad file descriptor) [pid 669] close(12) = -1 EBADF (Bad file descriptor) [pid 669] close(13) = -1 EBADF (Bad file descriptor) [pid 669] close(14) = -1 EBADF (Bad file descriptor) [pid 669] close(15) = -1 EBADF (Bad file descriptor) [pid 669] close(16) = -1 EBADF (Bad file descriptor) [pid 669] close(17) = -1 EBADF (Bad file descriptor) [pid 669] close(18) = -1 EBADF (Bad file descriptor) [pid 669] close(19) = -1 EBADF (Bad file descriptor) [pid 669] close(20) = -1 EBADF (Bad file descriptor) [pid 669] close(21) = -1 EBADF (Bad file descriptor) [pid 669] close(22) = -1 EBADF (Bad file descriptor) [pid 669] close(23) = -1 EBADF (Bad file descriptor) [pid 669] close(24) = -1 EBADF (Bad file descriptor) [pid 669] close(25) = -1 EBADF (Bad file descriptor) [pid 669] close(26) = -1 EBADF (Bad file descriptor) [pid 669] close(27) = -1 EBADF (Bad file descriptor) [pid 669] close(28) = -1 EBADF (Bad file descriptor) [pid 669] close(29) = -1 EBADF (Bad file descriptor) [pid 669] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [ 163.808178][ T669] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 163.816133][ T669] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 163.824077][ T669] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 163.832022][ T669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 163.839970][ T669] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 163.848008][ T669] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 669] exit_group(0) = ? [pid 669] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./44/binderfs") = 0 [pid 380] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./44/cgroup") = 0 [pid 380] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./44/cgroup.net") = 0 [ 163.870605][ T676] FAULT_INJECTION: forcing a failure. [ 163.870605][ T676] name failslab, interval 1, probability 0, space 0, times 0 [ 163.883256][ T676] CPU: 0 PID: 676 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 163.894870][ T676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.904922][ T676] Call Trace: [ 163.908197][ T676] dump_stack_lvl+0x1e2/0x24b [ 163.912859][ T676] ? panic+0x7d7/0x7d7 [ 163.916906][ T676] ? bfq_pos_tree_add_move+0x43e/0x43e [ 163.922338][ T676] ? find_next_bit+0xd6/0x120 [ 163.926994][ T676] ? cpumask_next+0x11/0x30 [ 163.931503][ T676] dump_stack+0x15/0x17 [ 163.935633][ T676] should_fail+0x3c0/0x510 [ 163.940024][ T676] ? percpu_ref_init+0xd0/0x330 [ 163.944858][ T676] __should_failslab+0x9f/0xe0 [ 163.949598][ T676] should_failslab+0x9/0x20 [ 163.954076][ T676] kmem_cache_alloc_trace+0x3a/0x330 [ 163.959341][ T676] percpu_ref_init+0xd0/0x330 [ 163.963999][ T676] ? cgroup_setup_root+0xea0/0xea0 [ 163.969098][ T676] cgroup_apply_control_enable+0x3a2/0x12f0 [ 163.974964][ T676] cgroup_apply_control+0x93/0x710 [ 163.980048][ T676] ? css_next_child+0x160/0x160 [ 163.984882][ T676] ? io_schedule+0x120/0x120 [ 163.989461][ T676] ? kernfs_fop_write_iter+0x15e/0x410 [ 163.994996][ T676] ? __kasan_check_write+0x14/0x20 [ 164.000086][ T676] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 164.005346][ T676] cgroup_subtree_control_write+0xd19/0x1310 [ 164.011304][ T676] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 164.017272][ T676] ? __kasan_check_write+0x14/0x20 [ 164.022364][ T676] ? _copy_from_iter+0x3fb/0xd60 [ 164.027283][ T676] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 164.033236][ T676] cgroup_file_write+0x28e/0x590 [ 164.038147][ T676] ? cgroup_seqfile_stop+0xc0/0xc0 [ 164.043237][ T676] ? mutex_lock+0xa6/0x110 [ 164.047646][ T676] ? mutex_trylock+0xb0/0xb0 [ 164.052256][ T676] ? __kasan_check_write+0x14/0x20 [ 164.057344][ T676] kernfs_fop_write_iter+0x2d0/0x410 [ 164.062609][ T676] ? cgroup_seqfile_stop+0xc0/0xc0 [ 164.067706][ T676] vfs_write+0xc1c/0xf40 [ 164.071925][ T676] ? __kasan_check_write+0x14/0x20 [ 164.077009][ T676] ? kernel_write+0x3c0/0x3c0 [ 164.081663][ T676] ? _raw_spin_unlock_irq+0x4e/0x70 [ 164.086834][ T676] ? ptrace_stop+0x6ff/0x9f0 [ 164.091396][ T676] ? __kasan_check_read+0x11/0x20 [ 164.096396][ T676] ? __fdget_pos+0x27e/0x310 [ 164.100961][ T676] ksys_write+0x198/0x2c0 [ 164.105271][ T676] ? do_notify_parent+0xa60/0xa60 [ 164.110280][ T676] ? __ia32_sys_read+0x90/0x90 [ 164.115022][ T676] ? __ia32_sys_open+0x270/0x270 [ 164.119953][ T676] __x64_sys_write+0x7b/0x90 [ 164.124529][ T676] do_syscall_64+0x34/0x70 [ 164.128925][ T676] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 164.134792][ T676] RIP: 0033:0x7fc8ece62c09 [ 164.139190][ T676] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.158781][ T676] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.167168][ T676] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 164.175117][ T676] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 164.183069][ T676] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 164.191029][ T676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 164.198980][ T676] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [ 164.207111][ T380] ------------[ cut here ]------------ [ 164.212609][ T380] WARNING: CPU: 1 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [pid 380] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOWwrite to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 676] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 676] close(3) = 0 [pid 676] close(4) = 0 [pid 676] close(5) = 0 [pid 676] close(6) = -1 EBADF (Bad file descriptor) [pid 676] close(7) = -1 EBADF (Bad file descriptor) [pid 676] close(8) = -1 EBADF (Bad file descriptor) [pid 676] close(9) = -1 EBADF (Bad file descriptor) [pid 676] close(10) = -1 EBADF (Bad file descriptor) [pid 676] close(11) = -1 EBADF (Bad file descriptor) [pid 676] close(12) = -1 EBADF (Bad file descriptor) [pid 676] close(13) = -1 EBADF (Bad file descriptor) [pid 676] close(14) = -1 EBADF (Bad file descriptor) [pid 676] close(15) = -1 EBADF (Bad file descriptor) [pid 676] close(16) = -1 EBADF (Bad file descriptor) [pid 676] close(17) = -1 EBADF (Bad file descriptor) [pid 676] close(18) = -1 EBADF (Bad file descriptor) [pid 676] close(19) = -1 EBADF (Bad file descriptor) [pid 676] close(20) = -1 EBADF (Bad file descriptor) [pid 676] close(21) = -1 EBADF (Bad file descriptor) [pid 676] close(22) = -1 EBADF (Bad file descriptor) [pid 676] close(23) = -1 EBADF (Bad file descriptor) [pid 676] close(24) = -1 EBADF (Bad file descriptor) [pid 676] close(25) = -1 EBADF (Bad file descriptor) [pid 676] close(26) = -1 EBADF (Bad file descriptor) [pid 676] close(27) = -1 EBADF (Bad file descriptor) [pid 676] close(28) = -1 EBADF (Bad file descriptor) [pid 676] close(29) = -1 EBADF (Bad file descriptor) [pid 676] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 676] exit_group(0) = ? [pid 676] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 164.221554][ T380] Modules linked in: [ 164.225443][ T380] CPU: 1 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 164.237078][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.247260][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 164.252975][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 164.272600][ T380] RSP: 0018:ffffc90000b27ca0 EFLAGS: 00010293 [ 164.278669][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 164.286658][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 164.294629][ T380] RBP: ffffc90000b27d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 164.302595][ T380] R10: fffff52000164f85 R11: 1ffff92000164f84 R12: dffffc0000000000 [ 164.310564][ T380] R13: ffff88811d952380 R14: ffffc90000b27d00 R15: 1ffff92000164f9c [ 164.318521][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 164.327458][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.334051][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506a0 [ 164.342050][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 164.350009][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 164.357982][ T380] Call Trace: [ 164.361273][ T380] ? lockref_get_or_lock+0x340/0x340 [ 164.366544][ T380] ? umount_tree+0xf50/0xf50 [ 164.371162][ T380] ? vfs_submount+0xb0/0xb0 [ 164.375653][ T380] ? dput+0x2b6/0x320 [ 164.379625][ T380] path_umount+0x1fe/0xfb0 [ 164.384038][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 164.389045][ T380] ? user_path_at_empty+0x40/0x50 [ 164.394063][ T380] __x64_sys_umount+0x122/0x170 [ 164.398893][ T380] ? path_umount+0xfb0/0xfb0 [ 164.403492][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 164.409453][ T380] do_syscall_64+0x34/0x70 [ 164.413872][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 164.419742][ T380] RIP: 0033:0x7fc8ece63fb7 [ 164.424165][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 164.443775][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 164.452226][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 164.460234][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [pid 375] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] <... umount2 resumed>) = 0 [pid 375] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... openat resumed>) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./44/file0", [pid 375] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./53/binderfs" [pid 380] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] <... unlink resumed>) = 0 [pid 380] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./53/cgroup") = 0 [pid 375] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./53/cgroup.net") = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./53/file0") = 0 [pid 375] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./53/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./53") = 0 [pid 375] mkdir("./54", 0777 [pid 380] <... openat resumed>) = 4 [pid 375] <... mkdir resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 56 ./strace-static-x86_64: Process 678 attached [pid 678] chdir("./54" [pid 380] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 678] <... chdir resumed>) = 0 [pid 678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 678] setpgid(0, 0) = 0 [pid 678] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 678] <... symlink resumed>) = 0 [pid 678] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 380] close(4 [pid 678] <... symlink resumed>) = 0 [pid 678] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 380] <... close resumed>) = 0 [ 164.468200][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 164.476182][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 164.484154][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002d [ 164.492138][ T380] ---[ end trace d4de1ca9cdcd1999 ]--- [pid 380] rmdir("./44/file0") = 0 [pid 678] <... symlink resumed>) = 0 [pid 678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 678] write(3, "1000", 4) = 4 [pid 678] close(3) = 0 [pid 678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 678] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 678] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./44/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./44") = 0 [pid 380] mkdir("./45", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 47 ./strace-static-x86_64: Process 679 attached [pid 679] chdir("./45") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 679] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 679] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 164.520522][ T671] FAULT_INJECTION: forcing a failure. [ 164.520522][ T671] name failslab, interval 1, probability 0, space 0, times 0 [ 164.533547][ T671] CPU: 0 PID: 671 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 164.545174][ T671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.555215][ T671] Call Trace: [ 164.558512][ T671] dump_stack_lvl+0x1e2/0x24b [ 164.563176][ T671] ? panic+0x7d7/0x7d7 [ 164.567230][ T671] ? bfq_pos_tree_add_move+0x43e/0x43e [ 164.572673][ T671] ? find_next_bit+0xd6/0x120 [ 164.577331][ T671] ? cpumask_next+0x11/0x30 [ 164.581820][ T671] dump_stack+0x15/0x17 [ 164.585954][ T671] should_fail+0x3c0/0x510 [ 164.590355][ T671] ? percpu_ref_init+0xd0/0x330 [ 164.595181][ T671] __should_failslab+0x9f/0xe0 [ 164.599921][ T671] should_failslab+0x9/0x20 [ 164.604408][ T671] kmem_cache_alloc_trace+0x3a/0x330 [ 164.609680][ T671] percpu_ref_init+0xd0/0x330 [ 164.614339][ T671] ? cgroup_setup_root+0xea0/0xea0 [ 164.619441][ T671] cgroup_apply_control_enable+0x3a2/0x12f0 [ 164.625319][ T671] cgroup_apply_control+0x93/0x710 [ 164.630413][ T671] ? css_next_child+0x160/0x160 [ 164.635235][ T671] ? stack_trace_save+0x12d/0x1f0 [ 164.640240][ T671] ? io_schedule+0x120/0x120 [ 164.644806][ T671] ? kernfs_fop_write_iter+0x15e/0x410 [ 164.650249][ T671] ? __kasan_check_write+0x14/0x20 [ 164.655368][ T671] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 164.660643][ T671] cgroup_subtree_control_write+0xd19/0x1310 [ 164.666607][ T671] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 164.672558][ T671] ? __kasan_check_write+0x14/0x20 [ 164.677643][ T671] ? _copy_from_iter+0x3fb/0xd60 [ 164.682558][ T671] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 164.688530][ T671] cgroup_file_write+0x28e/0x590 [ 164.693452][ T671] ? cgroup_seqfile_stop+0xc0/0xc0 [ 164.698536][ T671] ? mutex_lock+0xa6/0x110 [ 164.702939][ T671] ? mutex_trylock+0xb0/0xb0 [ 164.707509][ T671] ? __kasan_check_write+0x14/0x20 [ 164.712593][ T671] kernfs_fop_write_iter+0x2d0/0x410 [ 164.717850][ T671] ? cgroup_seqfile_stop+0xc0/0xc0 [ 164.722958][ T671] vfs_write+0xc1c/0xf40 [ 164.727185][ T671] ? __kasan_check_write+0x14/0x20 [ 164.732286][ T671] ? kernel_write+0x3c0/0x3c0 [ 164.736952][ T671] ? _raw_spin_unlock_irq+0x4e/0x70 [ 164.742127][ T671] ? ptrace_stop+0x6ff/0x9f0 [ 164.746706][ T671] ? __kasan_check_read+0x11/0x20 [ 164.751719][ T671] ? __fdget_pos+0x27e/0x310 [ 164.756314][ T671] ksys_write+0x198/0x2c0 [ 164.760644][ T671] ? do_notify_parent+0xa60/0xa60 [ 164.765653][ T671] ? __ia32_sys_read+0x90/0x90 [ 164.770394][ T671] ? __ia32_sys_open+0x270/0x270 [ 164.775308][ T671] __x64_sys_write+0x7b/0x90 [ 164.779885][ T671] do_syscall_64+0x34/0x70 [ 164.784301][ T671] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 164.790172][ T671] RIP: 0033:0x7fc8ece62c09 [ 164.794573][ T671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 679] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 678] <... mount resumed>) = 0 [pid 671] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 679] <... mount resumed>) = 0 [pid 671] close(3) = 0 [pid 671] close(4) = 0 [pid 671] close(5) = 0 [pid 671] close(6) = -1 EBADF (Bad file descriptor) [pid 671] close(7) = -1 EBADF (Bad file descriptor) [pid 671] close(8) = -1 EBADF (Bad file descriptor) [pid 671] close(9) = -1 EBADF (Bad file descriptor) [pid 671] close(10) = -1 EBADF (Bad file descriptor) [pid 671] close(11) = -1 EBADF (Bad file descriptor) [pid 671] close(12) = -1 EBADF (Bad file descriptor) [pid 671] close(13) = -1 EBADF (Bad file descriptor) [pid 671] close(14) = -1 EBADF (Bad file descriptor) [pid 671] close(15) = -1 EBADF (Bad file descriptor) [pid 671] close(16) = -1 EBADF (Bad file descriptor) [pid 671] close(17) = -1 EBADF (Bad file descriptor) [pid 671] close(18) = -1 EBADF (Bad file descriptor) [pid 671] close(19) = -1 EBADF (Bad file descriptor) [pid 671] close(20) = -1 EBADF (Bad file descriptor) [pid 671] close(21) = -1 EBADF (Bad file descriptor) [pid 671] close(22) = -1 EBADF (Bad file descriptor) [pid 671] close(23) = -1 EBADF (Bad file descriptor) [pid 671] close(24) = -1 EBADF (Bad file descriptor) [pid 671] close(25) = -1 EBADF (Bad file descriptor) [pid 671] close(26) = -1 EBADF (Bad file descriptor) [pid 671] close(27) = -1 EBADF (Bad file descriptor) [pid 671] close(28) = -1 EBADF (Bad file descriptor) [pid 671] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 671] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 679] open("./file0", O_RDONLY [pid 678] open("./file0", O_RDONLY [pid 671] <... write resumed>) = 89 [pid 671] exit_group(0) = ? [pid 679] <... open resumed>) = 3 [pid 678] <... open resumed>) = 3 [pid 671] +++ exited with 0 +++ [pid 679] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 679] write(4, "-pids ", 6 [pid 678] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=43, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 678] <... openat resumed>) = 4 [pid 678] write(4, "-pids ", 6 [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./41/binderfs") = 0 [pid 383] umount2("./41/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./41/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./41/cgroup") = 0 [pid 383] umount2("./41/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./41/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./41/cgroup.net") = 0 [ 164.814152][ T671] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 164.822541][ T671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 164.830486][ T671] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 164.838435][ T671] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 164.846379][ T671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 164.854335][ T671] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000029 [ 164.871238][ T383] ------------[ cut here ]------------ [ 164.876724][ T383] WARNING: CPU: 0 PID: 383 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 164.885715][ T383] Modules linked in: [ 164.889615][ T383] CPU: 0 PID: 383 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 164.901260][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.911335][ T383] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 164.916952][ T383] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 164.936573][ T383] RSP: 0018:ffffc90000b87ca0 EFLAGS: 00010293 [ 164.942651][ T383] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e3b40 [ 164.950622][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 164.958593][ T383] RBP: ffffc90000b87d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 164.966583][ T383] R10: fffff52000170f85 R11: 1ffff92000170f84 R12: dffffc0000000000 [ 164.974558][ T383] R13: ffff88811e1f1880 R14: ffffc90000b87d00 R15: 1ffff92000170f9c [ 164.982534][ T383] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 164.991474][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.998033][ T383] CR2: 00007ffd7d0e1c18 CR3: 0000000104bfa000 CR4: 00000000003506b0 [ 165.006093][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 165.014078][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 165.022058][ T383] Call Trace: [ 165.025346][ T383] ? lockref_get_or_lock+0x340/0x340 [ 165.030642][ T383] ? umount_tree+0xf50/0xf50 [ 165.035234][ T383] ? vfs_submount+0xb0/0xb0 [ 165.039722][ T383] ? dput+0x2b6/0x320 [ 165.043716][ T383] path_umount+0x1fe/0xfb0 [ 165.048124][ T383] ? namespace_unlock+0x4f0/0x4f0 [ 165.053153][ T383] ? user_path_at_empty+0x40/0x50 [ 165.058163][ T383] __x64_sys_umount+0x122/0x170 [ 165.063015][ T383] ? path_umount+0xfb0/0xfb0 [ 165.067609][ T383] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 165.073601][ T383] do_syscall_64+0x34/0x70 [ 165.078003][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 165.083913][ T383] RIP: 0033:0x7fc8ece63fb7 [ 165.088320][ T383] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.107926][ T383] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [pid 383] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 679] <... write resumed>) = 6 [pid 678] <... write resumed>) = 6 [pid 674] <... write resumed>) = 6 [pid 383] <... umount2 resumed>) = 0 [pid 383] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./41/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [ 165.116355][ T383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 165.124331][ T383] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 165.132323][ T383] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 165.140328][ T383] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 165.148290][ T383] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002a [ 165.156702][ T383] ---[ end trace d4de1ca9cdcd199a ]--- [ 165.162384][ T677] FAULT_INJECTION: forcing a failure. [pid 383] close(4) = 0 [pid 383] rmdir("./41/file0") = 0 [pid 383] umount2("./41/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./41/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./41/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./41") = 0 [pid 383] mkdir("./42", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 680 attached [pid 680] chdir("./42" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 44 [pid 680] <... chdir resumed>) = 0 [pid 680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 680] setpgid(0, 0) = 0 [pid 680] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 680] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 680] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 680] write(3, "1000", 4) = 4 [pid 680] close(3) = 0 [pid 680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 680] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 680] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 679] <... openat resumed>) = 5 [pid 678] <... openat resumed>) = 5 [pid 679] write(5, "22", 2 [pid 678] write(5, "22", 2 [pid 679] <... write resumed>) = 2 [pid 678] <... write resumed>) = 2 [pid 679] write(4, "+pids ", 6 [ 165.162384][ T677] name failslab, interval 1, probability 0, space 0, times 0 [ 165.175067][ T677] CPU: 0 PID: 677 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 165.186681][ T677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.196723][ T677] Call Trace: [ 165.200000][ T677] dump_stack_lvl+0x1e2/0x24b [ 165.204673][ T677] ? bfq_pos_tree_add_move+0x43e/0x43e [ 165.210118][ T677] ? selinux_kernfs_init_security+0x1a8/0x760 [ 165.216177][ T677] dump_stack+0x15/0x17 [ 165.220318][ T677] should_fail+0x3c0/0x510 [ 165.224708][ T677] ? __kernfs_new_node+0x99/0x6e0 [ 165.229719][ T677] __should_failslab+0x9f/0xe0 [ 165.234468][ T677] should_failslab+0x9/0x20 [ 165.238945][ T677] __kmalloc_track_caller+0x5f/0x350 [ 165.244216][ T677] kstrdup_const+0x55/0x90 [ 165.248636][ T677] __kernfs_new_node+0x99/0x6e0 [ 165.253469][ T677] ? is_module_text_address+0xe1/0x140 [ 165.258912][ T677] ? kernfs_new_node+0x170/0x170 [ 165.263832][ T677] ? ptr_to_hashval+0x60/0x60 [ 165.268482][ T677] ? arch_stack_walk+0xf8/0x140 [ 165.273321][ T677] ? snprintf+0xd6/0x120 [ 165.277552][ T677] kernfs_new_node+0x97/0x170 [ 165.282230][ T677] __kernfs_create_file+0x4a/0x270 [ 165.287339][ T677] cgroup_addrm_files+0xab8/0xfe0 [ 165.292345][ T677] ? ____kasan_kmalloc+0xdc/0x110 [ 165.297351][ T677] ? __kasan_kmalloc+0x9/0x10 [ 165.302005][ T677] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 165.307533][ T677] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 165.313682][ T677] ? delete_node+0x759/0x7b0 [ 165.318247][ T677] ? __kasan_check_read+0x11/0x20 [ 165.323262][ T677] ? delete_node+0x759/0x7b0 [ 165.327842][ T677] ? __kasan_check_write+0x14/0x20 [ 165.332936][ T677] ? idr_replace+0x1c4/0x230 [ 165.337505][ T677] ? idr_get_next+0x4b0/0x4b0 [ 165.342174][ T677] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 165.347183][ T677] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 165.352363][ T677] css_populate_dir+0x137/0x370 [ 165.357198][ T677] cgroup_apply_control_enable+0x8b9/0x12f0 [ 165.363066][ T677] cgroup_apply_control+0x93/0x710 [ 165.368162][ T677] ? css_next_child+0x160/0x160 [ 165.372999][ T677] ? io_schedule+0x120/0x120 [ 165.377567][ T677] ? kernfs_fop_write_iter+0x15e/0x410 [ 165.383008][ T677] ? __kasan_check_write+0x14/0x20 [ 165.388101][ T677] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 165.393371][ T677] cgroup_subtree_control_write+0xd19/0x1310 [ 165.399348][ T677] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 165.405304][ T677] ? __kasan_check_write+0x14/0x20 [ 165.410390][ T677] ? _copy_from_iter+0x3fb/0xd60 [ 165.415312][ T677] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 165.421374][ T677] cgroup_file_write+0x28e/0x590 [ 165.426300][ T677] ? cgroup_seqfile_stop+0xc0/0xc0 [ 165.431386][ T677] ? mutex_lock+0xa6/0x110 [ 165.435778][ T677] ? mutex_trylock+0xb0/0xb0 [ 165.440355][ T677] ? __kasan_check_write+0x14/0x20 [ 165.445450][ T677] kernfs_fop_write_iter+0x2d0/0x410 [ 165.450715][ T677] ? cgroup_seqfile_stop+0xc0/0xc0 [ 165.455811][ T677] vfs_write+0xc1c/0xf40 [ 165.460028][ T677] ? __kasan_check_write+0x14/0x20 [ 165.465117][ T677] ? kernel_write+0x3c0/0x3c0 [ 165.469780][ T677] ? _raw_spin_unlock_irq+0x4e/0x70 [ 165.474954][ T677] ? ptrace_stop+0x6ff/0x9f0 [ 165.479518][ T677] ? __kasan_check_read+0x11/0x20 [ 165.484517][ T677] ? __fdget_pos+0x27e/0x310 [ 165.489096][ T677] ksys_write+0x198/0x2c0 [ 165.493410][ T677] ? do_notify_parent+0xa60/0xa60 [ 165.498420][ T677] ? __ia32_sys_read+0x90/0x90 [ 165.503167][ T677] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 165.509209][ T677] __x64_sys_write+0x7b/0x90 [ 165.513776][ T677] do_syscall_64+0x34/0x70 [ 165.518169][ T677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 165.524041][ T677] RIP: 0033:0x7fc8ece62c09 [ 165.528429][ T677] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 165.548005][ T677] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 165.556395][ T677] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 165.564451][ T677] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 678] write(4, "+pids ", 6 [pid 674] <... openat resumed>) = 5 [pid 677] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 674] write(5, "22", 2 [pid 680] <... mount resumed>) = 0 [pid 677] close(3 [pid 674] <... write resumed>) = 2 [pid 677] <... close resumed>) = 0 [pid 674] write(4, "+pids ", 6 [pid 677] close(4) = 0 [pid 677] close(5) = 0 [pid 677] close(6) = -1 EBADF (Bad file descriptor) [pid 677] close(7) = -1 EBADF (Bad file descriptor) [pid 677] close(8) = -1 EBADF (Bad file descriptor) [pid 677] close(9) = -1 EBADF (Bad file descriptor) [pid 677] close(10) = -1 EBADF (Bad file descriptor) [pid 677] close(11) = -1 EBADF (Bad file descriptor) [pid 677] close(12) = -1 EBADF (Bad file descriptor) [pid 677] close(13) = -1 EBADF (Bad file descriptor) [pid 677] close(14) = -1 EBADF (Bad file descriptor) [pid 677] close(15) = -1 EBADF (Bad file descriptor) [pid 677] close(16) = -1 EBADF (Bad file descriptor) [pid 677] close(17) = -1 EBADF (Bad file descriptor) [pid 677] close(18) = -1 EBADF (Bad file descriptor) [pid 677] close(19) = -1 EBADF (Bad file descriptor) [pid 677] close(20) = -1 EBADF (Bad file descriptor) [pid 677] close(21) = -1 EBADF (Bad file descriptor) [pid 677] close(22) = -1 EBADF (Bad file descriptor) [pid 677] close(23) = -1 EBADF (Bad file descriptor) [pid 677] close(24) = -1 EBADF (Bad file descriptor) [pid 677] close(25) = -1 EBADF (Bad file descriptor) [pid 677] close(26) = -1 EBADF (Bad file descriptor) [pid 677] close(27) = -1 EBADF (Bad file descriptor) [pid 677] close(28) = -1 EBADF (Bad file descriptor) [pid 677] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 677] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 677] exit_group(0) = ? [pid 680] open("./file0", O_RDONLY [pid 677] +++ exited with 0 +++ [pid 680] <... open resumed>) = 3 [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 680] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 680] write(4, "-pids ", 6 [pid 376] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./47/binderfs") = 0 [pid 376] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./47/cgroup") = 0 [pid 376] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./47/cgroup.net") = 0 [pid 376] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./47/file0") = 0 [pid 376] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./47/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./47") = 0 [pid 376] mkdir("./48", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 681 attached , child_tidptr=0x555556fab5d0) = 50 [pid 681] chdir("./48") = 0 [pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 681] setpgid(0, 0) = 0 [pid 681] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 681] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 681] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 681] write(3, "1000", 4) = 4 [pid 681] close(3) = 0 [pid 681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 681] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 681] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 681] open("./file0", O_RDONLY) = 3 [pid 681] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 165.572405][ T677] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 165.580362][ T677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 165.588315][ T677] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [ 165.596539][ T677] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 165.621090][ T679] FAULT_INJECTION: forcing a failure. [ 165.621090][ T679] name failslab, interval 1, probability 0, space 0, times 0 [ 165.633799][ T679] CPU: 1 PID: 679 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 165.645415][ T679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.655449][ T679] Call Trace: [ 165.658732][ T679] dump_stack_lvl+0x1e2/0x24b [ 165.663403][ T679] ? bfq_pos_tree_add_move+0x43e/0x43e [ 165.668851][ T679] ? selinux_kernfs_init_security+0x1a8/0x760 [ 165.674905][ T679] dump_stack+0x15/0x17 [ 165.679046][ T679] should_fail+0x3c0/0x510 [ 165.683462][ T679] ? __kernfs_new_node+0x99/0x6e0 [ 165.688480][ T679] __should_failslab+0x9f/0xe0 [ 165.693221][ T679] should_failslab+0x9/0x20 [ 165.697702][ T679] __kmalloc_track_caller+0x5f/0x350 [ 165.702975][ T679] kstrdup_const+0x55/0x90 [ 165.707378][ T679] __kernfs_new_node+0x99/0x6e0 [ 165.712214][ T679] ? is_module_text_address+0xe1/0x140 [ 165.717668][ T679] ? kernfs_new_node+0x170/0x170 [ 165.722597][ T679] ? ptr_to_hashval+0x60/0x60 [ 165.727257][ T679] ? arch_stack_walk+0xf8/0x140 [ 165.732085][ T679] ? snprintf+0xd6/0x120 [ 165.736303][ T679] kernfs_new_node+0x97/0x170 [ 165.740955][ T679] __kernfs_create_file+0x4a/0x270 [ 165.746046][ T679] cgroup_addrm_files+0xab8/0xfe0 [ 165.751052][ T679] ? ____kasan_kmalloc+0xdc/0x110 [ 165.756063][ T679] ? __kasan_kmalloc+0x9/0x10 [ 165.760734][ T679] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 165.766265][ T679] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 165.772404][ T679] ? delete_node+0x759/0x7b0 [ 165.776989][ T679] ? __kasan_check_read+0x11/0x20 [ 165.782005][ T679] ? delete_node+0x759/0x7b0 [ 165.786570][ T679] ? __kasan_check_write+0x14/0x20 [ 165.791754][ T679] ? idr_replace+0x1c4/0x230 [ 165.796339][ T679] ? idr_get_next+0x4b0/0x4b0 [ 165.801005][ T679] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 165.806003][ T679] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 165.811181][ T679] css_populate_dir+0x137/0x370 [ 165.816018][ T679] cgroup_apply_control_enable+0x8b9/0x12f0 [ 165.821890][ T679] cgroup_apply_control+0x93/0x710 [ 165.826976][ T679] ? css_next_child+0x160/0x160 [ 165.831813][ T679] ? io_schedule+0x120/0x120 [ 165.836391][ T679] ? kernfs_fop_write_iter+0x15e/0x410 [ 165.841833][ T679] ? __kasan_check_write+0x14/0x20 [ 165.846928][ T679] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 165.852199][ T679] cgroup_subtree_control_write+0xd19/0x1310 [ 165.858178][ T679] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 165.864150][ T679] ? __kasan_check_write+0x14/0x20 [ 165.869248][ T679] ? _copy_from_iter+0x3fb/0xd60 [ 165.874170][ T679] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 165.880140][ T679] cgroup_file_write+0x28e/0x590 [ 165.885061][ T679] ? cgroup_seqfile_stop+0xc0/0xc0 [ 165.890153][ T679] ? mutex_lock+0xa6/0x110 [ 165.894557][ T679] ? mutex_trylock+0xb0/0xb0 [ 165.899143][ T679] ? __kasan_check_write+0x14/0x20 [ 165.904241][ T679] kernfs_fop_write_iter+0x2d0/0x410 [ 165.909511][ T679] ? cgroup_seqfile_stop+0xc0/0xc0 [ 165.914601][ T679] vfs_write+0xc1c/0xf40 [ 165.918823][ T679] ? __kasan_check_write+0x14/0x20 [ 165.923919][ T679] ? kernel_write+0x3c0/0x3c0 [ 165.928589][ T679] ? _raw_spin_unlock_irq+0x4e/0x70 [ 165.933770][ T679] ? ptrace_stop+0x6ff/0x9f0 [ 165.938335][ T679] ? __kasan_check_read+0x11/0x20 [ 165.943331][ T679] ? __fdget_pos+0x27e/0x310 [ 165.947894][ T679] ksys_write+0x198/0x2c0 [ 165.952197][ T679] ? do_notify_parent+0xa60/0xa60 [ 165.957197][ T679] ? __ia32_sys_read+0x90/0x90 [ 165.961947][ T679] ? __ia32_sys_open+0x270/0x270 [ 165.966870][ T679] __x64_sys_write+0x7b/0x90 [ 165.971436][ T679] do_syscall_64+0x34/0x70 [ 165.975846][ T679] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 165.981716][ T679] RIP: 0033:0x7fc8ece62c09 [ 165.986104][ T679] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.005681][ T679] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.014068][ T679] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 681] write(4, "-pids ", 6 [pid 679] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 679] close(3) = 0 [pid 679] close(4) = 0 [pid 679] close(5) = 0 [pid 679] close(6) = -1 EBADF (Bad file descriptor) [pid 679] close(7) = -1 EBADF (Bad file descriptor) [pid 679] close(8) = -1 EBADF (Bad file descriptor) [pid 679] close(9) = -1 EBADF (Bad file descriptor) [pid 679] close(10) = -1 EBADF (Bad file descriptor) [pid 679] close(11) = -1 EBADF (Bad file descriptor) [pid 679] close(12) = -1 EBADF (Bad file descriptor) [pid 679] close(13) = -1 EBADF (Bad file descriptor) [pid 679] close(14) = -1 EBADF (Bad file descriptor) [pid 679] close(15) = -1 EBADF (Bad file descriptor) [pid 679] close(16) = -1 EBADF (Bad file descriptor) [pid 679] close(17) = -1 EBADF (Bad file descriptor) [pid 679] close(18) = -1 EBADF (Bad file descriptor) [pid 679] close(19) = -1 EBADF (Bad file descriptor) [pid 679] close(20) = -1 EBADF (Bad file descriptor) [pid 679] close(21) = -1 EBADF (Bad file descriptor) [pid 679] close(22) = -1 EBADF (Bad file descriptor) [pid 679] close(23) = -1 EBADF (Bad file descriptor) [pid 679] close(24) = -1 EBADF (Bad file descriptor) [pid 679] close(25) = -1 EBADF (Bad file descriptor) [pid 679] close(26) = -1 EBADF (Bad file descriptor) [pid 679] close(27) = -1 EBADF (Bad file descriptor) [pid 679] close(28write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 679] close(29) = -1 EBADF (Bad file descriptor) [pid 679] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 679] exit_group(0) = ? [pid 679] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./45/binderfs") = 0 [pid 380] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./45/cgroup") = 0 [pid 380] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./45/cgroup.net") = 0 [pid 380] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./45/file0") = 0 [pid 380] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./45/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./45") = 0 [pid 380] mkdir("./46", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 682 attached , child_tidptr=0x555556fab5d0) = 48 [pid 682] chdir("./46") = 0 [ 166.022014][ T679] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 166.029973][ T679] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 166.037928][ T679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 166.045891][ T679] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002d [ 166.055282][ T679] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 682] setpgid(0, 0) = 0 [pid 682] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 682] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 682] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 682] write(3, "1000", 4) = 4 [pid 682] close(3) = 0 [pid 682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 682] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 166.080801][ T675] FAULT_INJECTION: forcing a failure. [ 166.080801][ T675] name failslab, interval 1, probability 0, space 0, times 0 [ 166.093946][ T675] CPU: 0 PID: 675 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 166.105561][ T675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.115597][ T675] Call Trace: [ 166.118882][ T675] dump_stack_lvl+0x1e2/0x24b [ 166.123551][ T675] ? panic+0x7d7/0x7d7 [ 166.127602][ T675] ? bfq_pos_tree_add_move+0x43e/0x43e [ 166.133036][ T675] ? find_next_bit+0xd6/0x120 [ 166.137686][ T675] ? cpumask_next+0x11/0x30 [ 166.142181][ T675] dump_stack+0x15/0x17 [ 166.146321][ T675] should_fail+0x3c0/0x510 [ 166.150716][ T675] ? percpu_ref_init+0xd0/0x330 [ 166.155543][ T675] __should_failslab+0x9f/0xe0 [ 166.160281][ T675] should_failslab+0x9/0x20 [ 166.164766][ T675] kmem_cache_alloc_trace+0x3a/0x330 [ 166.170046][ T675] percpu_ref_init+0xd0/0x330 [ 166.174718][ T675] ? cgroup_setup_root+0xea0/0xea0 [ 166.179824][ T675] cgroup_apply_control_enable+0x3a2/0x12f0 [ 166.185716][ T675] cgroup_apply_control+0x93/0x710 [ 166.190807][ T675] ? css_next_child+0x160/0x160 [ 166.195636][ T675] ? stack_trace_save+0x12d/0x1f0 [ 166.200640][ T675] ? io_schedule+0x120/0x120 [ 166.205203][ T675] ? kernfs_fop_write_iter+0x15e/0x410 [ 166.210633][ T675] ? __kasan_check_write+0x14/0x20 [ 166.215715][ T675] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 166.220973][ T675] cgroup_subtree_control_write+0xd19/0x1310 [ 166.226926][ T675] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 166.232890][ T675] ? __kasan_check_write+0x14/0x20 [ 166.237994][ T675] ? _copy_from_iter+0x3fb/0xd60 [ 166.242996][ T675] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 166.248949][ T675] cgroup_file_write+0x28e/0x590 [ 166.253963][ T675] ? cgroup_seqfile_stop+0xc0/0xc0 [ 166.259051][ T675] ? mutex_lock+0xa6/0x110 [ 166.263458][ T675] ? mutex_trylock+0xb0/0xb0 [ 166.268028][ T675] ? __kasan_check_write+0x14/0x20 [ 166.273117][ T675] kernfs_fop_write_iter+0x2d0/0x410 [ 166.278371][ T675] ? cgroup_seqfile_stop+0xc0/0xc0 [ 166.283465][ T675] vfs_write+0xc1c/0xf40 [ 166.287688][ T675] ? __kasan_check_write+0x14/0x20 [ 166.292779][ T675] ? kernel_write+0x3c0/0x3c0 [ 166.297436][ T675] ? _raw_spin_unlock_irq+0x4e/0x70 [ 166.302613][ T675] ? ptrace_stop+0x6ff/0x9f0 [ 166.307190][ T675] ? __kasan_check_read+0x11/0x20 [ 166.312195][ T675] ? __fdget_pos+0x27e/0x310 [ 166.316759][ T675] ksys_write+0x198/0x2c0 [ 166.321064][ T675] ? do_notify_parent+0xa60/0xa60 [ 166.326061][ T675] ? __ia32_sys_read+0x90/0x90 [ 166.330796][ T675] ? __ia32_sys_open+0x270/0x270 [ 166.335726][ T675] __x64_sys_write+0x7b/0x90 [ 166.340291][ T675] do_syscall_64+0x34/0x70 [ 166.344681][ T675] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 166.350553][ T675] RIP: 0033:0x7fc8ece62c09 [ 166.355038][ T675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 682] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 675] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 682] open("./file0", O_RDONLY [pid 675] close(3 [pid 682] <... open resumed>) = 3 [pid 675] <... close resumed>) = 0 [pid 682] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 675] close(4 [pid 682] write(4, "-pids ", 6 [pid 675] <... close resumed>) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = -1 EBADF (Bad file descriptor) [pid 675] close(7) = -1 EBADF (Bad file descriptor) [pid 675] close(8) = -1 EBADF (Bad file descriptor) [pid 675] close(9) = -1 EBADF (Bad file descriptor) [pid 675] close(10) = -1 EBADF (Bad file descriptor) [pid 675] close(11) = -1 EBADF (Bad file descriptor) [pid 675] close(12) = -1 EBADF (Bad file descriptor) [pid 675] close(13) = -1 EBADF (Bad file descriptor) [pid 675] close(14) = -1 EBADF (Bad file descriptor) [pid 675] close(15) = -1 EBADF (Bad file descriptor) [pid 675] close(16) = -1 EBADF (Bad file descriptor) [pid 675] close(17) = -1 EBADF (Bad file descriptor) [pid 675] close(18) = -1 EBADF (Bad file descriptor) [pid 675] close(19) = -1 EBADF (Bad file descriptor) [pid 675] close(20) = -1 EBADF (Bad file descriptor) [pid 675] close(21) = -1 EBADF (Bad file descriptor) [pid 675] close(22) = -1 EBADF (Bad file descriptor) [pid 675] close(23) = -1 EBADF (Bad file descriptor) [pid 675] close(24) = -1 EBADF (Bad file descriptor) [pid 675] close(25) = -1 EBADF (Bad file descriptor) [pid 675] close(26) = -1 EBADF (Bad file descriptor) [pid 675] close(27) = -1 EBADF (Bad file descriptor) [pid 675] close(28) = -1 EBADF (Bad file descriptor) [pid 675] close(29) = -1 EBADF (Bad file descriptor) [pid 675] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 675] exit_group(0) = ? [pid 675] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./51/binderfs") = 0 [pid 382] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./51/cgroup") = 0 [pid 382] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./51/cgroup.net") = 0 [pid 382] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./51/file0") = 0 [pid 382] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 166.374619][ T675] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.383006][ T675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 166.390960][ T675] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 166.398920][ T675] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 166.406867][ T675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 166.414811][ T675] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [pid 382] unlink("./51/cgroup.cpu" [pid 681] <... write resumed>) = 6 [pid 680] <... write resumed>) = 6 [pid 382] <... unlink resumed>) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./51") = 0 [pid 382] mkdir("./52", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 54 [pid 681] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR./strace-static-x86_64: Process 683 attached ) = 5 [pid 680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 681] write(5, "22", 2) = 2 [pid 681] write(4, "+pids ", 6 [pid 683] chdir("./52") = 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 683] setpgid(0, 0) = 0 [pid 683] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 683] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 683] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 683] write(3, "1000", 4) = 4 [ 166.450441][ T674] FAULT_INJECTION: forcing a failure. [ 166.450441][ T674] name failslab, interval 1, probability 0, space 0, times 0 [ 166.463113][ T674] CPU: 1 PID: 674 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 166.474721][ T674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.484752][ T674] Call Trace: [ 166.488024][ T674] dump_stack_lvl+0x1e2/0x24b [ 166.492700][ T674] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 683] close(3) = 0 [pid 683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 683] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 683] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 680] <... openat resumed>) = 5 [pid 680] write(5, "22", 2) = 2 [ 166.498143][ T674] ? selinux_kernfs_init_security+0x1a8/0x760 [ 166.504208][ T674] dump_stack+0x15/0x17 [ 166.508344][ T674] should_fail+0x3c0/0x510 [ 166.512733][ T674] ? __kernfs_new_node+0x99/0x6e0 [ 166.517741][ T674] __should_failslab+0x9f/0xe0 [ 166.522495][ T674] should_failslab+0x9/0x20 [ 166.526973][ T674] __kmalloc_track_caller+0x5f/0x350 [ 166.532236][ T674] kstrdup_const+0x55/0x90 [ 166.536623][ T674] __kernfs_new_node+0x99/0x6e0 [ 166.541456][ T674] ? is_module_text_address+0xe1/0x140 [ 166.546896][ T674] ? kernfs_new_node+0x170/0x170 [ 166.551817][ T674] ? ptr_to_hashval+0x60/0x60 [ 166.556482][ T674] ? arch_stack_walk+0xf8/0x140 [ 166.561325][ T674] ? snprintf+0xd6/0x120 [ 166.565545][ T674] kernfs_new_node+0x97/0x170 [ 166.570199][ T674] __kernfs_create_file+0x4a/0x270 [ 166.575282][ T674] cgroup_addrm_files+0xab8/0xfe0 [ 166.580286][ T674] ? ____kasan_kmalloc+0xdc/0x110 [ 166.585279][ T674] ? __kasan_kmalloc+0x9/0x10 [ 166.589937][ T674] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 166.595467][ T674] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 166.601602][ T674] ? delete_node+0x759/0x7b0 [ 166.606187][ T674] ? __kasan_check_read+0x11/0x20 [ 166.611199][ T674] ? delete_node+0x759/0x7b0 [ 166.615760][ T674] ? __kasan_check_write+0x14/0x20 [ 166.620853][ T674] ? idr_replace+0x1c4/0x230 [ 166.625432][ T674] ? idr_get_next+0x4b0/0x4b0 [ 166.630096][ T674] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 166.635106][ T674] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 166.640286][ T674] css_populate_dir+0x137/0x370 [ 166.645121][ T674] cgroup_apply_control_enable+0x8b9/0x12f0 [ 166.650992][ T674] cgroup_apply_control+0x93/0x710 [ 166.656084][ T674] ? css_next_child+0x160/0x160 [ 166.660916][ T674] ? stack_trace_save+0x12d/0x1f0 [ 166.665926][ T674] ? io_schedule+0x120/0x120 [ 166.670490][ T674] ? kernfs_fop_write_iter+0x15e/0x410 [ 166.675932][ T674] ? __kasan_check_write+0x14/0x20 [ 166.681026][ T674] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 166.686293][ T674] cgroup_subtree_control_write+0xd19/0x1310 [ 166.692267][ T674] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 166.698238][ T674] ? __kasan_check_write+0x14/0x20 [ 166.703333][ T674] ? _copy_from_iter+0x3fb/0xd60 [ 166.708254][ T674] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 166.714224][ T674] cgroup_file_write+0x28e/0x590 [ 166.719143][ T674] ? cgroup_seqfile_stop+0xc0/0xc0 [ 166.724228][ T674] ? mutex_lock+0xa6/0x110 [ 166.728618][ T674] ? mutex_trylock+0xb0/0xb0 [ 166.733183][ T674] ? __kasan_check_write+0x14/0x20 [ 166.738276][ T674] kernfs_fop_write_iter+0x2d0/0x410 [ 166.743545][ T674] ? cgroup_seqfile_stop+0xc0/0xc0 [ 166.748638][ T674] vfs_write+0xc1c/0xf40 [ 166.752874][ T674] ? __kasan_check_write+0x14/0x20 [ 166.757965][ T674] ? kernel_write+0x3c0/0x3c0 [ 166.762614][ T674] ? _raw_spin_unlock_irq+0x4e/0x70 [ 166.767793][ T674] ? ptrace_stop+0x6ff/0x9f0 [ 166.772380][ T674] ? __kasan_check_read+0x11/0x20 [ 166.777382][ T674] ? __fdget_pos+0x27e/0x310 [ 166.781949][ T674] ksys_write+0x198/0x2c0 [ 166.786252][ T674] ? do_notify_parent+0xa60/0xa60 [ 166.791250][ T674] ? __ia32_sys_read+0x90/0x90 [ 166.795987][ T674] ? __ia32_sys_open+0x270/0x270 [ 166.800907][ T674] __x64_sys_write+0x7b/0x90 [ 166.805488][ T674] do_syscall_64+0x34/0x70 [ 166.809896][ T674] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 166.815778][ T674] RIP: 0033:0x7fc8ece62c09 [ 166.820187][ T674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 166.839769][ T674] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 680] write(4, "+pids ", 6 [pid 674] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 683] <... mount resumed>) = 0 [pid 683] open("./file0", O_RDONLY) = 3 [pid 683] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 683] write(4, "-pids ", 6 [pid 674] close(3) = 0 [pid 674] close(4) = 0 [pid 674] close(5) = 0 [pid 674] close(6) = -1 EBADF (Bad file descriptor) [pid 674] close(7) = -1 EBADF (Bad file descriptor) [pid 674] close(8) = -1 EBADF (Bad file descriptor) [pid 674] close(9) = -1 EBADF (Bad file descriptor) [pid 674] close(10) = -1 EBADF (Bad file descriptor) [pid 674] close(11) = -1 EBADF (Bad file descriptor) [pid 674] close(12) = -1 EBADF (Bad file descriptor) [pid 674] close(13) = -1 EBADF (Bad file descriptor) [pid 674] close(14) = -1 EBADF (Bad file descriptor) [pid 674] close(15) = -1 EBADF (Bad file descriptor) [pid 674] close(16) = -1 EBADF (Bad file descriptor) [pid 674] close(17) = -1 EBADF (Bad file descriptor) [pid 674] close(18) = -1 EBADF (Bad file descriptor) [pid 674] close(19) = -1 EBADF (Bad file descriptor) [pid 674] close(20) = -1 EBADF (Bad file descriptor) [pid 674] close(21) = -1 EBADF (Bad file descriptor) [pid 674] close(22) = -1 EBADF (Bad file descriptor) [pid 674] close(23) = -1 EBADF (Bad file descriptor) [pid 674] close(24) = -1 EBADF (Bad file descriptor) [pid 674] close(25) = -1 EBADF (Bad file descriptor) [pid 674] close(26) = -1 EBADF (Bad file descriptor) [pid 674] close(27) = -1 EBADF (Bad file descriptor) [pid 674] close(28) = -1 EBADF (Bad file descriptor) [pid 674] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 674] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 674] exit_group(0) = ? [pid 674] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./50/binderfs") = 0 [pid 381] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./50/cgroup") = 0 [pid 381] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./50/cgroup.net") = 0 [pid 381] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./50/file0") = 0 [pid 381] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./50/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./50") = 0 [pid 381] mkdir("./51", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 684 attached [pid 684] chdir("./51" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 53 [pid 684] <... chdir resumed>) = 0 [pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 684] setpgid(0, 0) = 0 [pid 684] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 684] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 684] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 684] write(3, "1000", 4) = 4 [pid 684] close(3) = 0 [pid 684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 684] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 684] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 684] open("./file0", O_RDONLY) = 3 [pid 684] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 166.848155][ T674] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 166.856106][ T674] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 166.864160][ T674] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 166.872110][ T674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 166.880065][ T674] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 166.888741][ T674] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 166.930380][ T678] FAULT_INJECTION: forcing a failure. [ 166.930380][ T678] name failslab, interval 1, probability 0, space 0, times 0 [ 166.943024][ T678] CPU: 1 PID: 678 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 166.954625][ T678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.964659][ T678] Call Trace: [ 166.967928][ T678] dump_stack_lvl+0x1e2/0x24b [ 166.972585][ T678] ? bfq_pos_tree_add_move+0x43e/0x43e [ 166.978019][ T678] ? selinux_kernfs_init_security+0x1a8/0x760 [ 166.984058][ T678] dump_stack+0x15/0x17 [ 166.988189][ T678] should_fail+0x3c0/0x510 [ 166.992582][ T678] ? __kernfs_new_node+0x99/0x6e0 [ 166.997579][ T678] __should_failslab+0x9f/0xe0 [ 167.002317][ T678] should_failslab+0x9/0x20 [ 167.006799][ T678] __kmalloc_track_caller+0x5f/0x350 [ 167.012060][ T678] kstrdup_const+0x55/0x90 [ 167.016454][ T678] __kernfs_new_node+0x99/0x6e0 [ 167.021280][ T678] ? is_module_text_address+0xe1/0x140 [ 167.026715][ T678] ? kernfs_new_node+0x170/0x170 [ 167.031626][ T678] ? ptr_to_hashval+0x60/0x60 [ 167.036280][ T678] ? arch_stack_walk+0xf8/0x140 [ 167.041128][ T678] ? snprintf+0xd6/0x120 [ 167.045348][ T678] kernfs_new_node+0x97/0x170 [ 167.049998][ T678] __kernfs_create_file+0x4a/0x270 [ 167.055088][ T678] cgroup_addrm_files+0xab8/0xfe0 [ 167.060088][ T678] ? ____kasan_kmalloc+0xdc/0x110 [ 167.065084][ T678] ? __kasan_kmalloc+0x9/0x10 [ 167.069736][ T678] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 167.075258][ T678] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 167.081385][ T678] ? delete_node+0x759/0x7b0 [ 167.085951][ T678] ? __kasan_check_read+0x11/0x20 [ 167.090951][ T678] ? delete_node+0x759/0x7b0 [ 167.095514][ T678] ? __kasan_check_write+0x14/0x20 [ 167.100603][ T678] ? idr_replace+0x1c4/0x230 [ 167.105168][ T678] ? idr_get_next+0x4b0/0x4b0 [ 167.109819][ T678] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 167.114819][ T678] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 167.119994][ T678] css_populate_dir+0x137/0x370 [ 167.124818][ T678] cgroup_apply_control_enable+0x8b9/0x12f0 [ 167.130690][ T678] cgroup_apply_control+0x93/0x710 [ 167.135774][ T678] ? css_next_child+0x160/0x160 [ 167.140598][ T678] ? io_schedule+0x120/0x120 [ 167.145161][ T678] ? kernfs_fop_write_iter+0x15e/0x410 [ 167.150591][ T678] ? __kasan_check_write+0x14/0x20 [ 167.155677][ T678] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 167.160935][ T678] cgroup_subtree_control_write+0xd19/0x1310 [ 167.166893][ T678] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 167.172848][ T678] ? __kasan_check_write+0x14/0x20 [ 167.177933][ T678] ? _copy_from_iter+0x3fb/0xd60 [ 167.182842][ T678] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 167.188792][ T678] cgroup_file_write+0x28e/0x590 [ 167.193706][ T678] ? cgroup_seqfile_stop+0xc0/0xc0 [ 167.198810][ T678] ? mutex_lock+0xa6/0x110 [ 167.203211][ T678] ? mutex_trylock+0xb0/0xb0 [ 167.207781][ T678] ? __kasan_check_write+0x14/0x20 [ 167.212869][ T678] kernfs_fop_write_iter+0x2d0/0x410 [ 167.218146][ T678] ? cgroup_seqfile_stop+0xc0/0xc0 [ 167.223237][ T678] vfs_write+0xc1c/0xf40 [ 167.227457][ T678] ? __kasan_check_write+0x14/0x20 [ 167.232549][ T678] ? kernel_write+0x3c0/0x3c0 [ 167.237211][ T678] ? _raw_spin_unlock_irq+0x4e/0x70 [ 167.242386][ T678] ? ptrace_stop+0x6ff/0x9f0 [ 167.246955][ T678] ? __kasan_check_read+0x11/0x20 [ 167.251954][ T678] ? __fdget_pos+0x27e/0x310 [ 167.256520][ T678] ksys_write+0x198/0x2c0 [ 167.260827][ T678] ? do_notify_parent+0xa60/0xa60 [ 167.265828][ T678] ? __ia32_sys_read+0x90/0x90 [ 167.270569][ T678] ? __ia32_sys_open+0x270/0x270 [ 167.275480][ T678] __x64_sys_write+0x7b/0x90 [ 167.280047][ T678] do_syscall_64+0x34/0x70 [ 167.284439][ T678] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 167.290305][ T678] RIP: 0033:0x7fc8ece62c09 [ 167.294698][ T678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 167.314276][ T678] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.322667][ T678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 684] write(4, "-pids ", 6 [pid 678] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 678] close(3) = 0 [pid 678] close(4) = 0 [pid 678] close(5) = 0 [pid 678] close(6) = -1 EBADF (Bad file descriptor) [pid 678] close(7) = -1 EBADF (Bad file descriptor) [pid 678] close(8) = -1 EBADF (Bad file descriptor) [pid 678] close(9) = -1 EBADF (Bad file descriptor) [pid 678] close(10) = -1 EBADF (Bad file descriptor) [pid 678] close(11) = -1 EBADF (Bad file descriptor) [pid 678] close(12) = -1 EBADF (Bad file descriptor) [pid 678] close(13) = -1 EBADF (Bad file descriptor) [pid 678] close(14) = -1 EBADF (Bad file descriptor) [pid 678] close(15) = -1 EBADF (Bad file descriptor) [pid 678] close(16) = -1 EBADF (Bad file descriptor) [pid 678] close(17) = -1 EBADF (Bad file descriptor) [pid 678] close(18) = -1 EBADF (Bad file descriptor) [pid 678] close(19) = -1 EBADF (Bad file descriptor) [pid 678] close(20) = -1 EBADF (Bad file descriptor) [pid 678] close(21) = -1 EBADF (Bad file descriptor) [pid 678] close(22) = -1 EBADF (Bad file descriptor) [pid 678] close(23) = -1 EBADF (Bad file descriptor) [pid 678] close(24) = -1 EBADF (Bad file descriptor) [pid 678] close(25) = -1 EBADF (Bad file descriptor) [pid 678] close(26) = -1 EBADF (Bad file descriptor) [pid 678] close(27) = -1 EBADF (Bad file descriptor) [pid 678] close(28) = -1 EBADF (Bad file descriptor) [pid 678] close(29) = -1 EBADF (Bad file descriptor) [pid 678] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 678] exit_group(0) = ? [pid 678] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./54/binderfs") = 0 [pid 375] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./54/cgroup") = 0 [pid 375] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./54/cgroup.net") = 0 [ 167.330614][ T678] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 167.338566][ T678] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 167.346514][ T678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 167.354459][ T678] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 167.364637][ T678] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 167.388334][ T375] ------------[ cut here ]------------ [ 167.393837][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 167.402839][ T375] Modules linked in: [ 167.406727][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 167.418351][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.428421][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 167.434064][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 167.453795][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 167.459856][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 167.467847][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 167.475856][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 167.483847][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 167.491843][ T375] R13: ffff88811e1f0380 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 167.499806][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 167.508751][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.515367][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506a0 [ 167.523359][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.531436][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.539394][ T375] Call Trace: [ 167.542698][ T375] ? io_schedule+0x120/0x120 [ 167.547292][ T375] ? vfs_submount+0xb0/0xb0 [ 167.551820][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 167.557009][ T375] ? __kasan_check_write+0x14/0x20 [ 167.562149][ T375] namespace_unlock+0x448/0x4f0 [ 167.566992][ T375] ? umount_tree+0xf50/0xf50 [ 167.571607][ T375] ? __detach_mounts+0x670/0x670 [ 167.576524][ T375] ? selinux_umount+0xf0/0x130 [ 167.581290][ T375] ? security_sb_umount+0x9d/0xb0 [ 167.586293][ T375] path_umount+0xf03/0xfb0 [ 167.590710][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 167.595720][ T375] ? user_path_at_empty+0x40/0x50 [ 167.600752][ T375] __x64_sys_umount+0x122/0x170 [ 167.605594][ T375] ? path_umount+0xfb0/0xfb0 [ 167.610194][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 167.616162][ T375] do_syscall_64+0x34/0x70 [ 167.620581][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 167.626451][ T375] RIP: 0033:0x7fc8ece63fb7 [ 167.630869][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 167.650473][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 167.658865][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 167.666843][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 167.674811][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 167.682774][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 167.690750][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000037 [ 167.698702][ T375] ---[ end trace d4de1ca9cdcd199b ]--- [ 167.704226][ T375] ------------[ cut here ]------------ [ 167.704414][ T680] FAULT_INJECTION: forcing a failure. [ 167.704414][ T680] name failslab, interval 1, probability 0, space 0, times 0 [ 167.709708][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 167.722270][ T680] CPU: 1 PID: 680 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 167.734034][ T375] Modules linked in: [ 167.745620][ T680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.745624][ T680] Call Trace: [ 167.745646][ T680] dump_stack_lvl+0x1e2/0x24b [ 167.749502][ T375] [ 167.759531][ T680] ? panic+0x7d7/0x7d7 [ 167.759547][ T680] ? bfq_pos_tree_add_move+0x43e/0x43e [ 167.762813][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 167.767453][ T680] ? find_next_bit+0xd6/0x120 [ 167.769753][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.773791][ T680] ? cpumask_next+0x11/0x30 [ 167.773801][ T680] dump_stack+0x15/0x17 [ 167.773815][ T680] should_fail+0x3c0/0x510 [ 167.779250][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 167.790828][ T680] ? percpu_ref_init+0xd0/0x330 [ 167.790837][ T680] __should_failslab+0x9f/0xe0 [ 167.790853][ T680] should_failslab+0x9/0x20 [ 167.795500][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 167.805523][ T680] kmem_cache_alloc_trace+0x3a/0x330 [ 167.805538][ T680] percpu_ref_init+0xd0/0x330 [ 167.810060][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 167.814206][ T680] ? cgroup_setup_root+0xea0/0xea0 [ 167.814219][ T680] cgroup_apply_control_enable+0x3a2/0x12f0 [ 167.814236][ T680] cgroup_apply_control+0x93/0x710 [ 167.818620][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e13c0 [ 167.818636][ T375] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 167.824246][ T680] ? css_next_child+0x160/0x160 [ 167.824257][ T680] ? io_schedule+0x120/0x120 [ 167.824276][ T680] ? kernfs_fop_write_iter+0x15e/0x410 [ 167.829092][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 167.829109][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 167.833847][ T680] ? __kasan_check_write+0x14/0x20 [ 167.833858][ T680] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 167.833875][ T680] cgroup_subtree_control_write+0xd19/0x1310 [ 167.838351][ T375] R13: ffff88811e1f0380 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 167.857932][ T680] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 167.857943][ T680] ? __kasan_check_write+0x14/0x20 [ 167.857964][ T680] ? _copy_from_iter+0x3fb/0xd60 [ 167.863227][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 167.867867][ T680] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 167.873908][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.878982][ T680] cgroup_file_write+0x28e/0x590 [ 167.884849][ T375] CR2: 00007fc8ececd130 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 167.889925][ T680] ? cgroup_seqfile_stop+0xc0/0xc0 [ 167.897877][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.905809][ T680] ? mutex_lock+0xa6/0x110 [ 167.905825][ T680] ? mutex_trylock+0xb0/0xb0 [ 167.910649][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.915205][ T680] ? __kasan_check_write+0x14/0x20 [ 167.920628][ T375] Call Trace: [ 167.928575][ T680] kernfs_fop_write_iter+0x2d0/0x410 [ 167.936525][ T375] ? lockref_get_or_lock+0x340/0x340 [ 167.941593][ T680] ? cgroup_seqfile_stop+0xc0/0xc0 [ 167.941609][ T680] vfs_write+0xc1c/0xf40 [ 167.946864][ T375] ? umount_tree+0xf50/0xf50 [ 167.952806][ T680] ? __kasan_check_write+0x14/0x20 [ 167.952822][ T680] ? kernel_write+0x3c0/0x3c0 [ 167.960771][ T375] ? vfs_submount+0xb0/0xb0 [pid 375] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 684] <... write resumed>) = 6 [ 167.966714][ T680] ? _raw_spin_unlock_irq+0x4e/0x70 [ 167.971800][ T375] ? dput+0x2b6/0x320 [ 167.976698][ T680] ? ptrace_stop+0x6ff/0x9f0 [ 167.985603][ T375] path_umount+0x1fe/0xfb0 [ 167.991544][ T680] ? __kasan_check_read+0x11/0x20 [ 167.991559][ T680] ? __fdget_pos+0x27e/0x310 [ 167.998116][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 168.003017][ T680] ksys_write+0x198/0x2c0 [ 168.003033][ T680] ? do_notify_parent+0xa60/0xa60 [ 168.010991][ T375] ? user_path_at_empty+0x40/0x50 [ 168.016064][ T680] ? __ia32_sys_read+0x90/0x90 [ 168.024021][ T375] __x64_sys_umount+0x122/0x170 [ 168.028405][ T680] ? __ia32_sys_open+0x270/0x270 [ 168.032968][ T375] ? path_umount+0xfb0/0xfb0 [ 168.040900][ T680] __x64_sys_write+0x7b/0x90 [ 168.040917][ T680] do_syscall_64+0x34/0x70 [ 168.046001][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 168.049254][ T680] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.054511][ T375] do_syscall_64+0x34/0x70 [ 168.059757][ T680] RIP: 0033:0x7fc8ece62c09 [ 168.064843][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.069047][ T680] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.073609][ T375] RIP: 0033:0x7fc8ece63fb7 [ 168.078682][ T680] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 168.083339][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.087802][ T680] ORIG_RAX: 0000000000000001 [ 168.092979][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 168.096926][ T680] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 168.101487][ T375] ORIG_RAX: 00000000000000a6 [ 168.105868][ T680] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 168.110864][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 168.115424][ T680] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [pid 684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 680] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 375] <... umount2 resumed>) = 0 [pid 684] <... openat resumed>) = 5 [pid 680] close(3 [pid 375] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 684] write(5, "22", 2 [pid 680] <... close resumed>) = 0 [pid 684] <... write resumed>) = 2 [pid 680] close(4 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 684] write(4, "+pids ", 6 [pid 680] <... close resumed>) = 0 [pid 375] lstat("./54/file0", [pid 680] close(5) = 0 [pid 375] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 680] close(6) = -1 EBADF (Bad file descriptor) [pid 375] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 680] close(7 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(8 [pid 375] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(9) = -1 EBADF (Bad file descriptor) [pid 680] close(10 [pid 375] <... openat resumed>) = 4 [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(11 [pid 375] fstat(4, [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 680] close(12) = -1 EBADF (Bad file descriptor) [pid 375] getdents64(4, [pid 680] close(13) = -1 EBADF (Bad file descriptor) [pid 375] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 680] close(14) = -1 EBADF (Bad file descriptor) [pid 375] getdents64(4, [pid 680] close(15 [pid 375] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(16 [pid 375] close(4 [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(17) = -1 EBADF (Bad file descriptor) [pid 375] <... close resumed>) = 0 [pid 680] close(18) = -1 EBADF (Bad file descriptor) [pid 375] rmdir("./54/file0" [pid 680] close(19) = -1 EBADF (Bad file descriptor) [pid 680] close(20 [pid 375] <... rmdir resumed>) = 0 [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(21 [pid 375] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 680] close(22 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 375] lstat("./54/cgroup.cpu", [pid 680] close(23) = -1 EBADF (Bad file descriptor) [pid 375] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 680] close(24) = -1 EBADF (Bad file descriptor) [pid 375] unlink("./54/cgroup.cpu" [pid 680] close(25) = -1 EBADF (Bad file descriptor) [pid 375] <... unlink resumed>) = 0 [pid 680] close(26) = -1 EBADF (Bad file descriptor) [pid 375] getdents64(3, [pid 680] close(27) = -1 EBADF (Bad file descriptor) [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 680] close(28) = -1 EBADF (Bad file descriptor) [pid 375] close(3 [pid 680] close(29 [pid 375] <... close resumed>) = 0 [pid 680] <... close resumed>) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 680] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 375] rmdir("./54" [pid 680] <... write resumed>) = 89 [pid 680] exit_group(0) = ? [pid 375] <... rmdir resumed>) = 0 [pid 680] +++ exited with 0 +++ [pid 375] mkdir("./55", 0777 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] <... mkdir resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 685 attached [pid 685] chdir("./55" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 57 [pid 685] <... chdir resumed>) = 0 [pid 685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 685] setpgid(0, 0 [pid 383] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 685] <... setpgid resumed>) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 685] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 685] <... symlink resumed>) = 0 [pid 383] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./42/binderfs", [pid 685] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./42/binderfs") = 0 [pid 383] umount2("./42/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./42/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./42/cgroup") = 0 [pid 383] umount2("./42/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 685] <... symlink resumed>) = 0 [pid 383] lstat("./42/cgroup.net", [pid 685] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./42/cgroup.net" [pid 685] <... symlink resumed>) = 0 [pid 383] <... unlink resumed>) = 0 [pid 383] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 383] <... umount2 resumed>) = 0 [pid 383] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./42/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 685] <... openat resumed>) = 3 [pid 383] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 685] write(3, "1000", 4 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 685] <... write resumed>) = 4 [pid 383] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 685] close(3 [pid 383] <... openat resumed>) = 4 [pid 685] <... close resumed>) = 0 [pid 383] fstat(4, [pid 685] symlink("/dev/binderfs", "./binderfs" [pid 383] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 685] <... symlink resumed>) = 0 [pid 383] getdents64(4, [pid 685] mkdirat(AT_FDCWD, "./file0", 000 [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 685] <... mkdirat resumed>) = 0 [pid 383] getdents64(4, [pid 685] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 383] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 685] <... mount resumed>) = 0 [pid 383] close(4 [pid 685] open("./file0", O_RDONLY [pid 383] <... close resumed>) = 0 [pid 685] <... open resumed>) = 3 [pid 383] rmdir("./42/file0" [pid 685] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] <... rmdir resumed>) = 0 [pid 685] <... openat resumed>) = 4 [pid 383] umount2("./42/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 685] write(4, "-pids ", 6 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./42/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./42/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./42") = 0 [pid 383] mkdir("./43", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 686 attached , child_tidptr=0x555556fab5d0) = 45 [pid 686] chdir("./43") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [ 168.120422][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 168.124715][ T680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 168.129715][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 168.134706][ T680] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002a [ 168.318375][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 168.326353][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000037 [ 168.334338][ T375] ---[ end trace d4de1ca9cdcd199c ]--- [pid 686] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 686] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 686] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 168.360545][ T684] FAULT_INJECTION: forcing a failure. [ 168.360545][ T684] name failslab, interval 1, probability 0, space 0, times 0 [ 168.373771][ T684] CPU: 0 PID: 684 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 168.385384][ T684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.395427][ T684] Call Trace: [ 168.398707][ T684] dump_stack_lvl+0x1e2/0x24b [ 168.403368][ T684] ? bfq_pos_tree_add_move+0x43e/0x43e [ 168.408803][ T684] ? selinux_kernfs_init_security+0x1a8/0x760 [ 168.414843][ T684] dump_stack+0x15/0x17 [ 168.418982][ T684] should_fail+0x3c0/0x510 [ 168.423399][ T684] ? __kernfs_new_node+0x99/0x6e0 [ 168.428402][ T684] __should_failslab+0x9f/0xe0 [ 168.433142][ T684] should_failslab+0x9/0x20 [ 168.437621][ T684] __kmalloc_track_caller+0x5f/0x350 [ 168.442886][ T684] kstrdup_const+0x55/0x90 [ 168.447280][ T684] __kernfs_new_node+0x99/0x6e0 [ 168.452107][ T684] ? is_module_text_address+0xe1/0x140 [ 168.457537][ T684] ? kernfs_new_node+0x170/0x170 [ 168.462446][ T684] ? ptr_to_hashval+0x60/0x60 [ 168.467098][ T684] ? arch_stack_walk+0xf8/0x140 [ 168.471922][ T684] ? snprintf+0xd6/0x120 [ 168.476147][ T684] kernfs_new_node+0x97/0x170 [ 168.480805][ T684] __kernfs_create_file+0x4a/0x270 [ 168.485911][ T684] cgroup_addrm_files+0xab8/0xfe0 [ 168.490911][ T684] ? ____kasan_kmalloc+0xdc/0x110 [ 168.495906][ T684] ? __kasan_kmalloc+0x9/0x10 [ 168.500565][ T684] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 168.506090][ T684] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 168.512222][ T684] ? delete_node+0x759/0x7b0 [ 168.516787][ T684] ? __kasan_check_read+0x11/0x20 [ 168.521784][ T684] ? delete_node+0x759/0x7b0 [ 168.526350][ T684] ? __kasan_check_write+0x14/0x20 [ 168.531445][ T684] ? idr_replace+0x1c4/0x230 [ 168.536014][ T684] ? idr_get_next+0x4b0/0x4b0 [ 168.540666][ T684] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 168.545668][ T684] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 168.550850][ T684] css_populate_dir+0x137/0x370 [ 168.555677][ T684] cgroup_apply_control_enable+0x8b9/0x12f0 [ 168.561544][ T684] cgroup_apply_control+0x93/0x710 [ 168.566629][ T684] ? css_next_child+0x160/0x160 [ 168.571453][ T684] ? io_schedule+0x120/0x120 [ 168.576024][ T684] ? kernfs_fop_write_iter+0x15e/0x410 [ 168.581464][ T684] ? __kasan_check_write+0x14/0x20 [ 168.586547][ T684] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 168.591806][ T684] cgroup_subtree_control_write+0xd19/0x1310 [ 168.597756][ T684] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 168.603714][ T684] ? __kasan_check_write+0x14/0x20 [ 168.608797][ T684] ? _copy_from_iter+0x3fb/0xd60 [ 168.613706][ T684] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 168.619657][ T684] cgroup_file_write+0x28e/0x590 [ 168.624566][ T684] ? cgroup_seqfile_stop+0xc0/0xc0 [ 168.629671][ T684] ? mutex_lock+0xa6/0x110 [ 168.634060][ T684] ? mutex_trylock+0xb0/0xb0 [ 168.638623][ T684] ? __kasan_check_write+0x14/0x20 [ 168.643705][ T684] kernfs_fop_write_iter+0x2d0/0x410 [ 168.648965][ T684] ? cgroup_seqfile_stop+0xc0/0xc0 [ 168.654050][ T684] vfs_write+0xc1c/0xf40 [ 168.658263][ T684] ? __kasan_check_write+0x14/0x20 [ 168.663347][ T684] ? kernel_write+0x3c0/0x3c0 [ 168.667997][ T684] ? _raw_spin_unlock_irq+0x4e/0x70 [ 168.673258][ T684] ? ptrace_stop+0x6ff/0x9f0 [ 168.677828][ T684] ? __kasan_check_read+0x11/0x20 [ 168.682837][ T684] ? __fdget_pos+0x27e/0x310 [ 168.687400][ T684] ksys_write+0x198/0x2c0 [ 168.691707][ T684] ? do_notify_parent+0xa60/0xa60 [ 168.696707][ T684] ? __ia32_sys_read+0x90/0x90 [ 168.701472][ T684] ? __ia32_sys_open+0x270/0x270 [ 168.706387][ T684] __x64_sys_write+0x7b/0x90 [ 168.710954][ T684] do_syscall_64+0x34/0x70 [ 168.715345][ T684] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.721211][ T684] RIP: 0033:0x7fc8ece62c09 [ 168.725606][ T684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 168.745192][ T684] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.753586][ T684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 686] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 684] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 686] <... mount resumed>) = 0 [pid 684] close(3) = 0 [pid 684] close(4) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = -1 EBADF (Bad file descriptor) [pid 684] close(7) = -1 EBADF (Bad file descriptor) [pid 684] close(8) = -1 EBADF (Bad file descriptor) [pid 684] close(9) = -1 EBADF (Bad file descriptor) [pid 684] close(10) = -1 EBADF (Bad file descriptor) [pid 684] close(11) = -1 EBADF (Bad file descriptor) [pid 686] open("./file0", O_RDONLY [pid 684] close(12) = -1 EBADF (Bad file descriptor) [pid 684] close(13) = -1 EBADF (Bad file descriptor) [pid 684] close(14) = -1 EBADF (Bad file descriptor) [pid 684] close(15) = -1 EBADF (Bad file descriptor) [pid 684] close(16) = -1 EBADF (Bad file descriptor) [pid 684] close(17) = -1 EBADF (Bad file descriptor) [pid 684] close(18) = -1 EBADF (Bad file descriptor) [pid 684] close(19) = -1 EBADF (Bad file descriptor) [pid 684] close(20) = -1 EBADF (Bad file descriptor) [pid 684] close(21) = -1 EBADF (Bad file descriptor) [pid 684] close(22) = -1 EBADF (Bad file descriptor) [pid 684] close(23) = -1 EBADF (Bad file descriptor) [pid 684] close(24) = -1 EBADF (Bad file descriptor) [pid 684] close(25) = -1 EBADF (Bad file descriptor) [pid 684] close(26) = -1 EBADF (Bad file descriptor) [pid 684] close(27) = -1 EBADF (Bad file descriptor) [pid 684] close(28) = -1 EBADF (Bad file descriptor) [pid 684] close(29) = -1 EBADF (Bad file descriptor) [pid 684] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 684] exit_group(0) = ? [pid 686] <... open resumed>) = 3 [pid 684] +++ exited with 0 +++ [pid 686] openat(3, "cgroup.subtree_control", O_RDWR [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 686] <... openat resumed>) = 4 [pid 686] write(4, "-pids ", 6 [pid 381] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./51/binderfs") = 0 [pid 381] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./51/cgroup") = 0 [pid 381] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./51/cgroup.net") = 0 [pid 381] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./51/file0") = 0 [pid 381] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./51/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./51") = 0 [pid 381] mkdir("./52", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 687 attached , child_tidptr=0x555556fab5d0) = 54 [pid 687] chdir("./52") = 0 [pid 687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 687] setpgid(0, 0) = 0 [pid 687] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 687] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 687] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 687] write(3, "1000", 4) = 4 [pid 687] close(3) = 0 [pid 687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 687] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 687] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 687] open("./file0", O_RDONLY) = 3 [pid 687] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 168.761544][ T684] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 168.769497][ T684] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 168.777450][ T684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 168.785410][ T684] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [ 168.796172][ T684] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 687] write(4, "-pids ", 6 [pid 682] <... write resumed>) = 6 [pid 682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 682] write(5, "22", 2) = 2 [ 168.820803][ T681] FAULT_INJECTION: forcing a failure. [ 168.820803][ T681] name failslab, interval 1, probability 0, space 0, times 0 [ 168.833452][ T681] CPU: 1 PID: 681 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 168.845052][ T681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.855085][ T681] Call Trace: [ 168.858359][ T681] dump_stack_lvl+0x1e2/0x24b [ 168.863013][ T681] ? bfq_pos_tree_add_move+0x43e/0x43e [ 168.868447][ T681] ? selinux_kernfs_init_security+0x1a8/0x760 [ 168.874488][ T681] dump_stack+0x15/0x17 [ 168.878623][ T681] should_fail+0x3c0/0x510 [ 168.883033][ T681] ? __kernfs_new_node+0x99/0x6e0 [ 168.888049][ T681] __should_failslab+0x9f/0xe0 [ 168.892798][ T681] should_failslab+0x9/0x20 [ 168.897293][ T681] __kmalloc_track_caller+0x5f/0x350 [ 168.902561][ T681] kstrdup_const+0x55/0x90 [ 168.906958][ T681] __kernfs_new_node+0x99/0x6e0 [ 168.911790][ T681] ? is_module_text_address+0xe1/0x140 [ 168.917231][ T681] ? kernfs_new_node+0x170/0x170 [ 168.922149][ T681] ? ptr_to_hashval+0x60/0x60 [ 168.926819][ T681] ? arch_stack_walk+0xf8/0x140 [ 168.931651][ T681] ? snprintf+0xd6/0x120 [ 168.935874][ T681] kernfs_new_node+0x97/0x170 [ 168.940532][ T681] __kernfs_create_file+0x4a/0x270 [ 168.945614][ T681] cgroup_addrm_files+0xab8/0xfe0 [ 168.950621][ T681] ? ____kasan_kmalloc+0xdc/0x110 [ 168.955652][ T681] ? __kasan_kmalloc+0x9/0x10 [ 168.960304][ T681] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 168.965824][ T681] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 168.971954][ T681] ? delete_node+0x759/0x7b0 [ 168.976519][ T681] ? __kasan_check_read+0x11/0x20 [ 168.981523][ T681] ? delete_node+0x759/0x7b0 [ 168.986093][ T681] ? __kasan_check_write+0x14/0x20 [ 168.991187][ T681] ? idr_replace+0x1c4/0x230 [ 168.995773][ T681] ? idr_get_next+0x4b0/0x4b0 [ 169.000435][ T681] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 169.005432][ T681] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 169.010603][ T681] css_populate_dir+0x137/0x370 [ 169.015428][ T681] cgroup_apply_control_enable+0x8b9/0x12f0 [ 169.021296][ T681] cgroup_apply_control+0x93/0x710 [ 169.026379][ T681] ? css_next_child+0x160/0x160 [ 169.031209][ T681] ? stack_trace_save+0x12d/0x1f0 [ 169.036218][ T681] ? io_schedule+0x120/0x120 [ 169.040801][ T681] ? kernfs_fop_write_iter+0x15e/0x410 [ 169.046249][ T681] ? __kasan_check_write+0x14/0x20 [ 169.051344][ T681] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 169.056610][ T681] cgroup_subtree_control_write+0xd19/0x1310 [ 169.062574][ T681] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 169.068530][ T681] ? __kasan_check_write+0x14/0x20 [ 169.073625][ T681] ? _copy_from_iter+0x3fb/0xd60 [ 169.078547][ T681] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 169.084500][ T681] cgroup_file_write+0x28e/0x590 [ 169.089411][ T681] ? cgroup_seqfile_stop+0xc0/0xc0 [ 169.094497][ T681] ? mutex_lock+0xa6/0x110 [ 169.098887][ T681] ? mutex_trylock+0xb0/0xb0 [ 169.103451][ T681] ? __kasan_check_write+0x14/0x20 [ 169.108546][ T681] kernfs_fop_write_iter+0x2d0/0x410 [ 169.113817][ T681] ? cgroup_seqfile_stop+0xc0/0xc0 [ 169.118903][ T681] vfs_write+0xc1c/0xf40 [ 169.123132][ T681] ? __kasan_check_write+0x14/0x20 [ 169.128228][ T681] ? kernel_write+0x3c0/0x3c0 [ 169.132888][ T681] ? _raw_spin_unlock_irq+0x4e/0x70 [ 169.138069][ T681] ? ptrace_stop+0x6ff/0x9f0 [ 169.142634][ T681] ? __kasan_check_read+0x11/0x20 [ 169.147641][ T681] ? __fdget_pos+0x27e/0x310 [ 169.152212][ T681] ksys_write+0x198/0x2c0 [ 169.156517][ T681] ? do_notify_parent+0xa60/0xa60 [ 169.161515][ T681] ? __ia32_sys_read+0x90/0x90 [ 169.166261][ T681] ? __ia32_sys_open+0x270/0x270 [ 169.171182][ T681] __x64_sys_write+0x7b/0x90 [ 169.175747][ T681] do_syscall_64+0x34/0x70 [ 169.180139][ T681] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.186018][ T681] RIP: 0033:0x7fc8ece62c09 [ 169.190411][ T681] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.209992][ T681] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 682] write(4, "+pids ", 6 [pid 681] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 681] close(3) = 0 [pid 681] close(4) = 0 [pid 681] close(5) = 0 [pid 681] close(6) = -1 EBADF (Bad file descriptor) [pid 681] close(7) = -1 EBADF (Bad file descriptor) [pid 681] close(8) = -1 EBADF (Bad file descriptor) [pid 681] close(9) = -1 EBADF (Bad file descriptor) [pid 681] close(10) = -1 EBADF (Bad file descriptor) [pid 681] close(11) = -1 EBADF (Bad file descriptor) [pid 681] close(12) = -1 EBADF (Bad file descriptor) [pid 681] close(13) = -1 EBADF (Bad file descriptor) [pid 681] close(14) = -1 EBADF (Bad file descriptor) [pid 681] close(15) = -1 EBADF (Bad file descriptor) [pid 681] close(16) = -1 EBADF (Bad file descriptor) [pid 681] close(17) = -1 EBADF (Bad file descriptor) [pid 681] close(18) = -1 EBADF (Bad file descriptor) [pid 681] close(19) = -1 EBADF (Bad file descriptor) [pid 681] close(20) = -1 EBADF (Bad file descriptor) [pid 681] close(21) = -1 EBADF (Bad file descriptor) [pid 681] close(22) = -1 EBADF (Bad file descriptor) [pid 681] close(23) = -1 EBADF (Bad file descriptor) [pid 681] close(24) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 681] close(25) = -1 EBADF (Bad file descriptor) [pid 681] close(26) = -1 EBADF (Bad file descriptor) [pid 681] close(27) = -1 EBADF (Bad file descriptor) [pid 681] close(28) = -1 EBADF (Bad file descriptor) [pid 681] close(29) = -1 EBADF (Bad file descriptor) [pid 681] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 681] exit_group(0) = ? [pid 681] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./48/binderfs") = 0 [pid 376] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./48/cgroup") = 0 [pid 376] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./48/cgroup.net") = 0 [pid 376] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./48/file0") = 0 [pid 376] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./48/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./48") = 0 [pid 376] mkdir("./49", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 688 attached , child_tidptr=0x555556fab5d0) = 51 [pid 688] chdir("./49") = 0 [pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 688] setpgid(0, 0) = 0 [pid 688] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 688] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 688] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 688] write(3, "1000", 4) = 4 [pid 688] close(3) = 0 [pid 688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 688] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 688] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 688] open("./file0", O_RDONLY) = 3 [pid 688] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 169.218381][ T681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 169.226441][ T681] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 169.234401][ T681] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 169.242358][ T681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 169.250410][ T681] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [ 169.258907][ T681] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 688] write(4, "-pids ", 6) = 6 [pid 685] <... write resumed>) = 6 [pid 683] <... write resumed>) = 6 [pid 688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 685] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 688] <... openat resumed>) = 5 [pid 685] <... openat resumed>) = 5 [pid 688] write(5, "22", 2 [pid 685] write(5, "22", 2 [pid 688] <... write resumed>) = 2 [pid 685] <... write resumed>) = 2 [pid 688] write(4, "+pids ", 6 [pid 685] write(4, "+pids ", 6 [pid 683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 683] write(5, "22", 2) = 2 [ 169.290450][ T682] FAULT_INJECTION: forcing a failure. [ 169.290450][ T682] name failslab, interval 1, probability 0, space 0, times 0 [ 169.303128][ T682] CPU: 1 PID: 682 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 169.314837][ T682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.324880][ T682] Call Trace: [ 169.328168][ T682] dump_stack_lvl+0x1e2/0x24b [ 169.332832][ T682] ? bfq_pos_tree_add_move+0x43e/0x43e [ 169.338277][ T682] ? selinux_kernfs_init_security+0x1a8/0x760 [ 169.344344][ T682] dump_stack+0x15/0x17 [ 169.348489][ T682] should_fail+0x3c0/0x510 [ 169.352882][ T682] ? __kernfs_new_node+0x99/0x6e0 [ 169.357902][ T682] __should_failslab+0x9f/0xe0 [ 169.362649][ T682] should_failslab+0x9/0x20 [ 169.367143][ T682] __kmalloc_track_caller+0x5f/0x350 [ 169.372410][ T682] kstrdup_const+0x55/0x90 [ 169.376801][ T682] __kernfs_new_node+0x99/0x6e0 [ 169.381636][ T682] ? is_module_text_address+0xe1/0x140 [ 169.387080][ T682] ? kernfs_new_node+0x170/0x170 [ 169.392001][ T682] ? ptr_to_hashval+0x60/0x60 [ 169.396671][ T682] ? arch_stack_walk+0xf8/0x140 [ 169.401505][ T682] ? snprintf+0xd6/0x120 [ 169.405721][ T682] kernfs_new_node+0x97/0x170 [ 169.410373][ T682] __kernfs_create_file+0x4a/0x270 [ 169.415462][ T682] cgroup_addrm_files+0xab8/0xfe0 [ 169.420555][ T682] ? ____kasan_kmalloc+0xdc/0x110 [ 169.425578][ T682] ? __kasan_kmalloc+0x9/0x10 [ 169.430236][ T682] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 169.435760][ T682] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 169.442033][ T682] ? delete_node+0x759/0x7b0 [ 169.446605][ T682] ? __kasan_check_read+0x11/0x20 [ 169.451613][ T682] ? delete_node+0x759/0x7b0 [ 169.456197][ T682] ? __kasan_check_write+0x14/0x20 [ 169.461295][ T682] ? idr_replace+0x1c4/0x230 [ 169.465862][ T682] ? idr_get_next+0x4b0/0x4b0 [ 169.470526][ T682] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 169.475532][ T682] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 169.480710][ T682] css_populate_dir+0x137/0x370 [ 169.485555][ T682] cgroup_apply_control_enable+0x8b9/0x12f0 [ 169.491449][ T682] cgroup_apply_control+0x93/0x710 [ 169.496552][ T682] ? css_next_child+0x160/0x160 [ 169.501378][ T682] ? stack_trace_save+0x12d/0x1f0 [ 169.506399][ T682] ? io_schedule+0x120/0x120 [ 169.510980][ T682] ? kernfs_fop_write_iter+0x15e/0x410 [ 169.516422][ T682] ? __kasan_check_write+0x14/0x20 [ 169.521518][ T682] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 169.526777][ T682] cgroup_subtree_control_write+0xd19/0x1310 [ 169.532825][ T682] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 169.538780][ T682] ? __kasan_check_write+0x14/0x20 [ 169.543890][ T682] ? _copy_from_iter+0x3fb/0xd60 [ 169.548801][ T682] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 169.554761][ T682] cgroup_file_write+0x28e/0x590 [ 169.559683][ T682] ? cgroup_seqfile_stop+0xc0/0xc0 [ 169.564868][ T682] ? mutex_lock+0xa6/0x110 [ 169.569259][ T682] ? mutex_trylock+0xb0/0xb0 [ 169.573836][ T682] ? __kasan_check_write+0x14/0x20 [ 169.578941][ T682] kernfs_fop_write_iter+0x2d0/0x410 [ 169.584210][ T682] ? cgroup_seqfile_stop+0xc0/0xc0 [ 169.589308][ T682] vfs_write+0xc1c/0xf40 [ 169.593524][ T682] ? __kasan_check_write+0x14/0x20 [ 169.598617][ T682] ? kernel_write+0x3c0/0x3c0 [ 169.603285][ T682] ? _raw_spin_unlock_irq+0x4e/0x70 [ 169.608463][ T682] ? ptrace_stop+0x6ff/0x9f0 [ 169.613032][ T682] ? __kasan_check_read+0x11/0x20 [ 169.618039][ T682] ? __fdget_pos+0x27e/0x310 [ 169.622600][ T682] ksys_write+0x198/0x2c0 [ 169.626902][ T682] ? do_notify_parent+0xa60/0xa60 [ 169.631909][ T682] ? __ia32_sys_read+0x90/0x90 [ 169.636652][ T682] ? __ia32_sys_open+0x270/0x270 [ 169.641588][ T682] __x64_sys_write+0x7b/0x90 [ 169.646155][ T682] do_syscall_64+0x34/0x70 [ 169.650556][ T682] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.656435][ T682] RIP: 0033:0x7fc8ece62c09 [ 169.660843][ T682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 169.680544][ T682] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 683] write(4, "+pids ", 6 [pid 682] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 682] close(3) = 0 [pid 682] close(4) = 0 [pid 682] close(5) = 0 [pid 682] close(6) = -1 EBADF (Bad file descriptor) [pid 682] close(7) = -1 EBADF (Bad file descriptor) [pid 682] close(8) = -1 EBADF (Bad file descriptor) [pid 682] close(9) = -1 EBADF (Bad file descriptor) [pid 682] close(10) = -1 EBADF (Bad file descriptor) [pid 682] close(11) = -1 EBADF (Bad file descriptor) [pid 682] close(12) = -1 EBADF (Bad file descriptor) [pid 682] close(13) = -1 EBADF (Bad file descriptor) [pid 682] close(14) = -1 EBADF (Bad file descriptor) [pid 682] close(15) = -1 EBADF (Bad file descriptor) [pid 682] close(16) = -1 EBADF (Bad file descriptor) [pid 682] close(17) = -1 EBADF (Bad file descriptor) [pid 682] close(18) = -1 EBADF (Bad file descriptor) [pid 682] close(19) = -1 EBADF (Bad file descriptor) [pid 682] close(20) = -1 EBADF (Bad file descriptor) [pid 682] close(21) = -1 EBADF (Bad file descriptor) [pid 682] close(22) = -1 EBADF (Bad file descriptor) [pid 682] close(23) = -1 EBADF (Bad file descriptor) [pid 682] close(24) = -1 EBADF (Bad file descriptor) [pid 682] close(25) = -1 EBADF (Bad file descriptor) [pid 682] close(26) = -1 EBADF (Bad file descriptor) [pid 682] close(27) = -1 EBADF (Bad file descriptor) [pid 682] close(28) = -1 EBADF (Bad file descriptor) [pid 682] close(29) = -1 EBADF (Bad file descriptor) [pid 682] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 682] exit_group(0) = ? [pid 682] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./46/binderfs") = 0 [pid 380] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./46/cgroup") = 0 [pid 380] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./46/cgroup.net") = 0 [ 169.688934][ T682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 169.696885][ T682] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 169.704839][ T682] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 169.712790][ T682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 169.720741][ T682] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 169.729034][ T682] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 687] <... write resumed>) = 6 [pid 686] <... write resumed>) = 6 [ 169.744840][ T380] ------------[ cut here ]------------ [ 169.750348][ T380] WARNING: CPU: 0 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 169.759265][ T380] Modules linked in: [ 169.763220][ T380] CPU: 0 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 169.770417][ T685] FAULT_INJECTION: forcing a failure. [ 169.770417][ T685] name failslab, interval 1, probability 0, space 0, times 0 [pid 687] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 169.774838][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.797453][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 169.803087][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 169.822719][ T380] RSP: 0018:ffffc90000b27ba0 EFLAGS: 00010293 [ 169.828772][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 169.836740][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 169.844705][ T380] RBP: ffffc90000b27c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 169.852705][ T380] R10: fffff52000164f65 R11: 1ffff92000164f64 R12: dffffc0000000000 [ 169.860681][ T380] R13: ffff88810a2dec40 R14: ffffc90000b27c00 R15: 1ffff92000164f7c [ 169.868648][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 169.877576][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.884160][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506b0 [ 169.892133][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 169.900088][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.908054][ T380] Call Trace: [ 169.911351][ T380] ? io_schedule+0x120/0x120 [ 169.915927][ T380] ? vfs_submount+0xb0/0xb0 [ 169.920420][ T380] ? shrink_dentry_list+0x4ec/0x500 [ 169.925594][ T380] ? __kasan_check_write+0x14/0x20 [ 169.930694][ T380] namespace_unlock+0x448/0x4f0 [ 169.935524][ T380] ? umount_tree+0xf50/0xf50 [ 169.940093][ T380] ? __detach_mounts+0x670/0x670 [ 169.945026][ T380] ? selinux_umount+0xf0/0x130 [ 169.949768][ T380] ? security_sb_umount+0x9d/0xb0 [ 169.954781][ T380] path_umount+0xf03/0xfb0 [ 169.959175][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 169.964188][ T380] ? user_path_at_empty+0x40/0x50 [ 169.969196][ T380] __x64_sys_umount+0x122/0x170 [ 169.974052][ T380] ? path_umount+0xfb0/0xfb0 [ 169.978629][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 169.984604][ T380] do_syscall_64+0x34/0x70 [ 169.989006][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 169.994893][ T380] RIP: 0033:0x7fc8ece63fb7 [ 169.999294][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 170.000256][ T685] CPU: 1 PID: 685 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 170.018896][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 170.030470][ T685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.030474][ T685] Call Trace: [ 170.030495][ T685] dump_stack_lvl+0x1e2/0x24b [ 170.036520][ T380] ORIG_RAX: 00000000000000a6 [ 170.046542][ T685] ? panic+0x7d7/0x7d7 [ 170.046559][ T685] ? bfq_pos_tree_add_move+0x43e/0x43e [ 170.049814][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 170.054454][ T685] ? find_next_bit+0xd6/0x120 [ 170.054470][ T685] ? cpumask_next+0x11/0x30 [ 170.059114][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 170.063144][ T685] dump_stack+0x15/0x17 [ 170.063159][ T685] should_fail+0x3c0/0x510 [ 170.068582][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 170.076519][ T685] ? percpu_ref_init+0xd0/0x330 [ 170.076536][ T685] __should_failslab+0x9f/0xe0 [ 170.081185][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 170.085655][ T685] should_failslab+0x9/0x20 [ 170.093601][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002f [ 170.097725][ T685] kmem_cache_alloc_trace+0x3a/0x330 [ 170.102110][ T380] ---[ end trace d4de1ca9cdcd199d ]--- [ 170.110051][ T685] percpu_ref_init+0xd0/0x330 [ 170.115276][ T380] ------------[ cut here ]------------ [ 170.119599][ T685] ? cgroup_setup_root+0xea0/0xea0 [ 170.127563][ T380] WARNING: CPU: 0 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 170.132005][ T685] cgroup_apply_control_enable+0x3a2/0x12f0 [ 170.132022][ T685] cgroup_apply_control+0x93/0x710 [ 170.139952][ T380] Modules linked in: [ 170.145214][ T685] ? css_next_child+0x160/0x160 [ 170.145229][ T685] ? stack_trace_save+0x12d/0x1f0 [ 170.150663][ T380] CPU: 0 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 170.155301][ T685] ? io_schedule+0x120/0x120 [ 170.160725][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.165801][ T685] ? kernfs_fop_write_iter+0x15e/0x410 [ 170.174705][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 170.180557][ T685] ? __kasan_check_write+0x14/0x20 [ 170.180573][ T685] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 170.185655][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 170.189517][ T685] cgroup_subtree_control_write+0xd19/0x1310 [ 170.194334][ T380] RSP: 0018:ffffc90000b27ca0 EFLAGS: 00010293 [ 170.199326][ T685] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 170.211001][ T380] [ 170.215561][ T685] ? __kasan_check_write+0x14/0x20 [ 170.225587][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 170.231005][ T685] ? _copy_from_iter+0x3fb/0xd60 [ 170.231021][ T685] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 170.236623][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 170.241704][ T685] cgroup_file_write+0x28e/0x590 [ 170.241720][ T685] ? cgroup_seqfile_stop+0xc0/0xc0 [ 170.246975][ T380] RBP: ffffc90000b27d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 170.266542][ T685] ? mutex_lock+0xa6/0x110 [ 170.266558][ T685] ? mutex_trylock+0xb0/0xb0 [ 170.272510][ T380] R10: fffff52000164f85 R11: 1ffff92000164f84 R12: dffffc0000000000 [ 170.278541][ T685] ? __kasan_check_write+0x14/0x20 [ 170.284578][ T380] R13: ffff88810a2dec40 R14: ffffc90000b27d00 R15: 1ffff92000164f9c [ 170.286883][ T685] kernfs_fop_write_iter+0x2d0/0x410 [ 170.291974][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 170.299911][ T685] ? cgroup_seqfile_stop+0xc0/0xc0 [ 170.304820][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.310760][ T685] vfs_write+0xc1c/0xf40 [ 170.310776][ T685] ? __kasan_check_write+0x14/0x20 [ 170.318717][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506b0 [ 170.323617][ T685] ? kernel_write+0x3c0/0x3c0 [ 170.323633][ T685] ? _raw_spin_unlock_irq+0x4e/0x70 [ 170.328709][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.336647][ T685] ? ptrace_stop+0x6ff/0x9f0 [ 170.336663][ T685] ? __kasan_check_read+0x11/0x20 [ 170.341051][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 685] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 685] close(3) = 0 [pid 685] close(4) = 0 [pid 685] close(5) = 0 [pid 685] close(6) = -1 EBADF (Bad file descriptor) [pid 685] close(7) = -1 EBADF (Bad file descriptor) [pid 685] close(8) = -1 EBADF (Bad file descriptor) [pid 685] close(9) = -1 EBADF (Bad file descriptor) [pid 685] close(10) = -1 EBADF (Bad file descriptor) [pid 685] close(11) = -1 EBADF (Bad file descriptor) [pid 685] close(12) = -1 EBADF (Bad file descriptor) [pid 685] close(13) = -1 EBADF (Bad file descriptor) [pid 685] close(14) = -1 EBADF (Bad file descriptor) [pid 685] close(15) = -1 EBADF (Bad file descriptor) [pid 685] close(16) = -1 EBADF (Bad file descriptor) [pid 685] close(17) = -1 EBADF (Bad file descriptor) [pid 685] close(18) = -1 EBADF (Bad file descriptor) [pid 685] close(19) = -1 EBADF (Bad file descriptor) [pid 685] close(20) = -1 EBADF (Bad file descriptor) [pid 685] close(21) = -1 EBADF (Bad file descriptor) [pid 685] close(22) = -1 EBADF (Bad file descriptor) [pid 685] close(23) = -1 EBADF (Bad file descriptor) [pid 685] close(24) = -1 EBADF (Bad file descriptor) [pid 685] close(25) = -1 EBADF (Bad file descriptor) [pid 685] close(26) = -1 EBADF (Bad file descriptor) [pid 685] close(27) = -1 EBADF (Bad file descriptor) [pid 685] close(28) = -1 EBADF (Bad file descriptor) [pid 685] close(29) = -1 EBADF (Bad file descriptor) [pid 685] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 685] exit_group(0) = ? [pid 685] +++ exited with 0 +++ [ 170.345606][ T685] ? __fdget_pos+0x27e/0x310 [ 170.353547][ T380] Call Trace: [ 170.358626][ T685] ksys_write+0x198/0x2c0 [ 170.366576][ T380] ? lockref_get_or_lock+0x340/0x340 [ 170.371903][ T685] ? do_notify_parent+0xa60/0xa60 [ 170.371919][ T685] ? __ia32_sys_read+0x90/0x90 [ 170.380823][ T380] ? umount_tree+0xf50/0xf50 [ 170.385903][ T685] ? __ia32_sys_open+0x270/0x270 [ 170.392463][ T380] ? vfs_submount+0xb0/0xb0 [ 170.396670][ T685] __x64_sys_write+0x7b/0x90 [ 170.401752][ T380] ? dput+0x2b6/0x320 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 170.409690][ T685] do_syscall_64+0x34/0x70 [ 170.414337][ T380] path_umount+0x1fe/0xfb0 [ 170.419501][ T685] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.427449][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 170.431992][ T685] RIP: 0033:0x7fc8ece62c09 [ 170.432007][ T685] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 170.437004][ T380] ? user_path_at_empty+0x40/0x50 [ 170.444934][ T685] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 170.444953][ T685] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 170.449511][ T380] __x64_sys_umount+0x122/0x170 [ 170.452755][ T685] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 170.452762][ T685] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 170.452774][ T685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 170.457073][ T380] ? path_umount+0xfb0/0xfb0 [ 170.462327][ T685] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 170.601009][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 170.606971][ T380] do_syscall_64+0x34/0x70 [ 170.611378][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.617245][ T380] RIP: 0033:0x7fc8ece63fb7 [ 170.621650][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 375] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW [pid 687] <... openat resumed>) = 5 [pid 686] <... openat resumed>) = 5 [pid 687] write(5, "22", 2 [pid 380] <... umount2 resumed>) = 0 [pid 687] <... write resumed>) = 2 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 687] write(4, "+pids ", 6 [pid 375] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 686] write(5, "22", 2 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... openat resumed>) = 3 [pid 686] <... write resumed>) = 2 [pid 375] fstat(3, [pid 686] write(4, "+pids ", 6 [pid 375] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./55/binderfs") = 0 [pid 375] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./55/cgroup") = 0 [pid 375] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./55/cgroup.net") = 0 [ 170.641252][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 170.649653][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 170.657628][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 170.665590][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 170.673553][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 170.681529][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000002f [ 170.689479][ T380] ---[ end trace d4de1ca9cdcd199e ]--- [pid 375] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 170.698583][ T375] ------------[ cut here ]------------ [ 170.704092][ T375] WARNING: CPU: 0 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 170.713055][ T375] Modules linked in: [ 170.716941][ T375] CPU: 0 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 170.728555][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.738633][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 170.744251][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 170.763938][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 170.770009][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffd RCX: ffff8881065e13c0 [ 170.777991][ T375] RDX: 0000000000000000 RSI: 00000000fffffffd RDI: 0000000000000000 [ 170.785963][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 170.793940][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 170.801931][ T375] R13: ffff8881001c56c0 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 170.809889][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 170.818845][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.825427][ T375] CR2: 00007ffd7d0e1c18 CR3: 000000011dd54000 CR4: 00000000003506b0 [ 170.833411][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.841383][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.849333][ T375] Call Trace: [ 170.852637][ T375] ? io_schedule+0x120/0x120 [ 170.857222][ T375] ? vfs_submount+0xb0/0xb0 [ 170.861737][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 170.866918][ T375] ? __kasan_check_write+0x14/0x20 [ 170.872037][ T375] namespace_unlock+0x448/0x4f0 [ 170.876877][ T375] ? umount_tree+0xf50/0xf50 [ 170.881474][ T375] ? __detach_mounts+0x670/0x670 [ 170.886401][ T375] ? selinux_umount+0xf0/0x130 [ 170.891175][ T375] ? security_sb_umount+0x9d/0xb0 [ 170.896181][ T375] path_umount+0xf03/0xfb0 [ 170.900599][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 170.905700][ T375] ? user_path_at_empty+0x40/0x50 [ 170.910735][ T375] __x64_sys_umount+0x122/0x170 [ 170.915579][ T375] ? path_umount+0xfb0/0xfb0 [ 170.920155][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 170.926138][ T375] do_syscall_64+0x34/0x70 [ 170.930561][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 170.936434][ T375] RIP: 0033:0x7fc8ece63fb7 [ 170.940854][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 170.960465][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 170.968856][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 170.976839][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 170.984823][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 170.992797][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 171.000771][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000038 [ 171.008727][ T375] ---[ end trace d4de1ca9cdcd199f ]--- [ 171.014282][ T375] ------------[ cut here ]------------ [ 171.019763][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 171.028686][ T375] Modules linked in: [ 171.032581][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 171.044186][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.054237][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 171.059844][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 171.079439][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 171.085492][ T375] RAX: ffffffff81b68f1a RBX: 00000000fffffffc RCX: ffff8881065e13c0 [ 171.093460][ T375] RDX: 0000000000000000 RSI: 00000000fffffffc RDI: 0000000000000000 [ 171.101427][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 171.109375][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 171.117335][ T375] R13: ffff8881001c56c0 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 171.125300][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 171.134213][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 171.140790][ T375] CR2: 00007ffd7d0e236c CR3: 000000011dd54000 CR4: 00000000003506a0 [ 171.148741][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 171.156717][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 171.164678][ T375] Call Trace: [ 171.167949][ T375] ? lockref_get_or_lock+0x340/0x340 [ 171.173221][ T375] ? umount_tree+0xf50/0xf50 [ 171.177786][ T375] ? vfs_submount+0xb0/0xb0 [ 171.182283][ T375] ? dput+0x2b6/0x320 [ 171.186241][ T375] path_umount+0x1fe/0xfb0 [ 171.190646][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 171.195662][ T375] ? user_path_at_empty+0x40/0x50 [ 171.200793][ T375] __x64_sys_umount+0x122/0x170 [ 171.205640][ T375] ? path_umount+0xfb0/0xfb0 [ 171.210318][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 171.216344][ T375] do_syscall_64+0x34/0x70 [ 171.220803][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 171.226680][ T375] RIP: 0033:0x7fc8ece63fb7 [ 171.231110][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 171.250746][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 171.259145][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 171.267129][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 171.275114][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 171.283098][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 171.291077][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000038 [pid 380] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./46/file0") = 0 [pid 380] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./46/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./46") = 0 [pid 380] mkdir("./47", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 49 ./strace-static-x86_64: Process 689 attached [pid 689] chdir("./47") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 689] setpgid(0, 0) = 0 [pid 689] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 689] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 689] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 689] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 689] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./55/file0") = 0 [pid 375] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./55/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./55") = 0 [pid 375] mkdir("./56", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 58 ./strace-static-x86_64: Process 690 attached [pid 690] chdir("./56") = 0 [pid 690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 690] setpgid(0, 0) = 0 [pid 690] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 690] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 690] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 690] write(3, "1000", 4) = 4 [pid 690] close(3) = 0 [pid 690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 690] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 171.299038][ T375] ---[ end trace d4de1ca9cdcd19a0 ]--- [ 171.304703][ T683] FAULT_INJECTION: forcing a failure. [ 171.304703][ T683] name failslab, interval 1, probability 0, space 0, times 0 [ 171.317575][ T683] CPU: 1 PID: 683 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 171.329186][ T683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.339222][ T683] Call Trace: [ 171.342493][ T683] dump_stack_lvl+0x1e2/0x24b [ 171.347151][ T683] ? panic+0x7d7/0x7d7 [ 171.351203][ T683] ? bfq_pos_tree_add_move+0x43e/0x43e [ 171.356635][ T683] ? find_next_bit+0xd6/0x120 [ 171.361389][ T683] ? cpumask_next+0x11/0x30 [ 171.365872][ T683] dump_stack+0x15/0x17 [ 171.370007][ T683] should_fail+0x3c0/0x510 [ 171.374399][ T683] ? percpu_ref_init+0xd0/0x330 [ 171.379222][ T683] __should_failslab+0x9f/0xe0 [ 171.383976][ T683] should_failslab+0x9/0x20 [ 171.388473][ T683] kmem_cache_alloc_trace+0x3a/0x330 [ 171.393749][ T683] percpu_ref_init+0xd0/0x330 [ 171.398402][ T683] ? cgroup_setup_root+0xea0/0xea0 [ 171.403500][ T683] cgroup_apply_control_enable+0x3a2/0x12f0 [ 171.409385][ T683] cgroup_apply_control+0x93/0x710 [ 171.414477][ T683] ? css_next_child+0x160/0x160 [ 171.419299][ T683] ? stack_trace_save+0x12d/0x1f0 [ 171.424316][ T683] ? io_schedule+0x120/0x120 [ 171.428899][ T683] ? kernfs_fop_write_iter+0x15e/0x410 [ 171.434344][ T683] ? __kasan_check_write+0x14/0x20 [ 171.439434][ T683] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 171.444702][ T683] cgroup_subtree_control_write+0xd19/0x1310 [pid 690] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 382] kill(-54, SIGKILL) = 0 [ 171.450671][ T683] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 171.456635][ T683] ? __kasan_check_write+0x14/0x20 [ 171.461749][ T683] ? _copy_from_iter+0x3fb/0xd60 [ 171.466678][ T683] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 171.472716][ T683] cgroup_file_write+0x28e/0x590 [ 171.477641][ T683] ? cgroup_seqfile_stop+0xc0/0xc0 [ 171.482770][ T683] ? mutex_lock+0xa6/0x110 [ 171.487178][ T683] ? mutex_trylock+0xb0/0xb0 [ 171.491743][ T683] ? __kasan_check_write+0x14/0x20 [ 171.496833][ T683] kernfs_fop_write_iter+0x2d0/0x410 [ 171.502091][ T683] ? cgroup_seqfile_stop+0xc0/0xc0 [ 171.507176][ T683] vfs_write+0xc1c/0xf40 [ 171.511391][ T683] ? __kasan_check_write+0x14/0x20 [ 171.516484][ T683] ? kernel_write+0x3c0/0x3c0 [ 171.521148][ T683] ? _raw_spin_unlock_irq+0x4e/0x70 [ 171.526323][ T683] ? ptrace_stop+0x6ff/0x9f0 [ 171.530888][ T683] ? __kasan_check_read+0x11/0x20 [ 171.535893][ T683] ? __fdget_pos+0x27e/0x310 [ 171.540469][ T683] ksys_write+0x198/0x2c0 [ 171.544818][ T683] ? do_notify_parent+0xa60/0xa60 [ 171.549825][ T683] ? __ia32_sys_read+0x90/0x90 [ 171.554561][ T683] ? __ia32_sys_open+0x270/0x270 [ 171.559476][ T683] __x64_sys_write+0x7b/0x90 [ 171.564059][ T683] do_syscall_64+0x34/0x70 [ 171.568469][ T683] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 171.574350][ T683] RIP: 0033:0x7fc8ece62c09 [ 171.578758][ T683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 382] kill(54, SIGKILL) = 0 [pid 382] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 690] <... mount resumed>) = 0 [pid 689] <... mount resumed>) = 0 [pid 683] <... write resumed>) = ? [pid 690] open("./file0", O_RDONLY [pid 689] open("./file0", O_RDONLY [pid 690] <... open resumed>) = 3 [pid 689] <... open resumed>) = 3 [pid 690] openat(3, "cgroup.subtree_control", O_RDWR [pid 689] openat(3, "cgroup.subtree_control", O_RDWR [pid 683] +++ killed by SIGKILL +++ [pid 690] <... openat resumed>) = 4 [pid 689] <... openat resumed>) = 4 [pid 690] write(4, "-pids ", 6 [pid 689] write(4, "-pids ", 6 [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=54, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 382] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./52/binderfs") = 0 [pid 382] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./52/cgroup") = 0 [pid 382] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./52/cgroup.net") = 0 [pid 382] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./52/file0") = 0 [pid 382] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./52/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./52") = 0 [pid 382] mkdir("./53", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 55 ./strace-static-x86_64: Process 691 attached [pid 691] chdir("./53") = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 691] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 691] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3) = 0 [pid 691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 691] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 691] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 691] open("./file0", O_RDONLY) = 3 [pid 691] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 691] write(4, "-pids ", 6 [pid 689] <... write resumed>) = 6 [pid 689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 689] write(5, "22", 2) = 2 [ 171.598347][ T683] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.606753][ T683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 171.614713][ T683] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 171.622668][ T683] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 171.630623][ T683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 171.638565][ T683] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [ 171.660968][ T688] FAULT_INJECTION: forcing a failure. [ 171.660968][ T688] name failslab, interval 1, probability 0, space 0, times 0 [ 171.673616][ T688] CPU: 1 PID: 688 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 171.685221][ T688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.695249][ T688] Call Trace: [ 171.698517][ T688] dump_stack_lvl+0x1e2/0x24b [ 171.703272][ T688] ? bfq_pos_tree_add_move+0x43e/0x43e [ 171.708717][ T688] ? selinux_kernfs_init_security+0x1a8/0x760 [ 171.714780][ T688] dump_stack+0x15/0x17 [ 171.718916][ T688] should_fail+0x3c0/0x510 [ 171.723314][ T688] ? __kernfs_new_node+0x99/0x6e0 [ 171.728323][ T688] __should_failslab+0x9f/0xe0 [ 171.733057][ T688] should_failslab+0x9/0x20 [ 171.737534][ T688] __kmalloc_track_caller+0x5f/0x350 [ 171.742791][ T688] kstrdup_const+0x55/0x90 [ 171.747177][ T688] __kernfs_new_node+0x99/0x6e0 [ 171.752007][ T688] ? is_module_text_address+0xe1/0x140 [ 171.757445][ T688] ? kernfs_new_node+0x170/0x170 [ 171.762362][ T688] ? ptr_to_hashval+0x60/0x60 [ 171.767017][ T688] ? arch_stack_walk+0xf8/0x140 [ 171.771847][ T688] ? snprintf+0xd6/0x120 [ 171.776063][ T688] kernfs_new_node+0x97/0x170 [ 171.780722][ T688] __kernfs_create_file+0x4a/0x270 [ 171.785813][ T688] cgroup_addrm_files+0xab8/0xfe0 [ 171.790820][ T688] ? ____kasan_kmalloc+0xdc/0x110 [ 171.795823][ T688] ? __kasan_kmalloc+0x9/0x10 [ 171.800479][ T688] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 171.806004][ T688] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 171.812139][ T688] ? delete_node+0x759/0x7b0 [ 171.816715][ T688] ? __kasan_check_read+0x11/0x20 [ 171.821708][ T688] ? delete_node+0x759/0x7b0 [ 171.826283][ T688] ? __kasan_check_write+0x14/0x20 [ 171.831375][ T688] ? idr_replace+0x1c4/0x230 [ 171.835936][ T688] ? idr_get_next+0x4b0/0x4b0 [ 171.840591][ T688] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 171.845597][ T688] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 171.850775][ T688] css_populate_dir+0x137/0x370 [ 171.855607][ T688] cgroup_apply_control_enable+0x8b9/0x12f0 [ 171.861473][ T688] cgroup_apply_control+0x93/0x710 [ 171.866564][ T688] ? css_next_child+0x160/0x160 [ 171.871397][ T688] ? stack_trace_save+0x12d/0x1f0 [ 171.876404][ T688] ? io_schedule+0x120/0x120 [ 171.880974][ T688] ? kernfs_fop_write_iter+0x15e/0x410 [ 171.886409][ T688] ? __kasan_check_write+0x14/0x20 [ 171.891500][ T688] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 171.896767][ T688] cgroup_subtree_control_write+0xd19/0x1310 [ 171.902716][ T688] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 171.908665][ T688] ? __kasan_check_write+0x14/0x20 [ 171.913760][ T688] ? _copy_from_iter+0x3fb/0xd60 [ 171.918681][ T688] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 171.924630][ T688] cgroup_file_write+0x28e/0x590 [ 171.929536][ T688] ? cgroup_seqfile_stop+0xc0/0xc0 [ 171.934625][ T688] ? mutex_lock+0xa6/0x110 [ 171.939031][ T688] ? mutex_trylock+0xb0/0xb0 [ 171.943608][ T688] ? __kasan_check_write+0x14/0x20 [ 171.948694][ T688] kernfs_fop_write_iter+0x2d0/0x410 [ 171.953950][ T688] ? cgroup_seqfile_stop+0xc0/0xc0 [ 171.959059][ T688] vfs_write+0xc1c/0xf40 [ 171.963271][ T688] ? __kasan_check_write+0x14/0x20 [ 171.968361][ T688] ? kernel_write+0x3c0/0x3c0 [ 171.973027][ T688] ? _raw_spin_unlock_irq+0x4e/0x70 [ 171.978202][ T688] ? ptrace_stop+0x6ff/0x9f0 [ 171.982763][ T688] ? __kasan_check_read+0x11/0x20 [ 171.987768][ T688] ? __fdget_pos+0x27e/0x310 [ 171.992341][ T688] ksys_write+0x198/0x2c0 [ 171.996655][ T688] ? do_notify_parent+0xa60/0xa60 [ 172.001660][ T688] ? __ia32_sys_read+0x90/0x90 [ 172.006392][ T688] ? __ia32_sys_open+0x270/0x270 [ 172.011310][ T688] __x64_sys_write+0x7b/0x90 [ 172.015890][ T688] do_syscall_64+0x34/0x70 [ 172.020297][ T688] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 172.026173][ T688] RIP: 0033:0x7fc8ece62c09 [ 172.030582][ T688] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.050176][ T688] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 689] write(4, "+pids ", 6 [pid 688] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 688] close(3) = 0 [pid 688] close(4) = 0 [pid 688] close(5) = 0 [pid 688] close(6) = -1 EBADF (Bad file descriptor) [pid 688] close(7) = -1 EBADF (Bad file descriptor) [pid 688] close(8) = -1 EBADF (Bad file descriptor) [pid 688] close(9) = -1 EBADF (Bad file descriptor) [pid 688] close(10) = -1 EBADF (Bad file descriptor) [pid 688] close(11) = -1 EBADF (Bad file descriptor) [pid 688] close(12) = -1 EBADF (Bad file descriptor) [ 172.058568][ T688] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 172.066521][ T688] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 172.074472][ T688] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 172.082422][ T688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 172.090376][ T688] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [ 172.098605][ T688] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 688] close(13) = -1 EBADF (Bad file descriptor) [pid 688] close(14) = -1 EBADF (Bad file descriptor) [pid 688] close(15) = -1 EBADF (Bad file descriptor) [pid 688] close(16) = -1 EBADF (Bad file descriptor) [pid 688] close(17) = -1 EBADF (Bad file descriptor) [pid 688] close(18) = -1 EBADF (Bad file descriptor) [pid 688] close(19) = -1 EBADF (Bad file descriptor) [pid 688] close(20) = -1 EBADF (Bad file descriptor) [pid 688] close(21) = -1 EBADF (Bad file descriptor) [pid 688] close(22) = -1 EBADF (Bad file descriptor) [pid 688] close(23) = -1 EBADF (Bad file descriptor) [pid 688] close(24) = -1 EBADF (Bad file descriptor) [pid 688] close(25) = -1 EBADF (Bad file descriptor) [pid 688] close(26) = -1 EBADF (Bad file descriptor) [pid 688] close(27) = -1 EBADF (Bad file descriptor) [pid 688] close(28) = -1 EBADF (Bad file descriptor) [pid 688] close(29) = -1 EBADF (Bad file descriptor) [pid 688] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 688] exit_group(0) = ? [pid 688] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 172.110865][ T689] FAULT_INJECTION: forcing a failure. [ 172.110865][ T689] name failslab, interval 1, probability 0, space 0, times 0 [ 172.123631][ T689] CPU: 0 PID: 689 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 172.135255][ T689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.145388][ T689] Call Trace: [ 172.148670][ T689] dump_stack_lvl+0x1e2/0x24b [ 172.153329][ T689] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 376] unlink("./49/binderfs") = 0 [pid 376] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./49/cgroup") = 0 [pid 376] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./49/cgroup.net") = 0 [ 172.158770][ T689] ? selinux_kernfs_init_security+0x1a8/0x760 [ 172.164822][ T689] dump_stack+0x15/0x17 [ 172.168962][ T689] should_fail+0x3c0/0x510 [ 172.173352][ T689] ? __kernfs_new_node+0x99/0x6e0 [ 172.178350][ T689] __should_failslab+0x9f/0xe0 [ 172.183085][ T689] should_failslab+0x9/0x20 [ 172.187571][ T689] __kmalloc_track_caller+0x5f/0x350 [ 172.192837][ T689] kstrdup_const+0x55/0x90 [ 172.197234][ T689] __kernfs_new_node+0x99/0x6e0 [ 172.202068][ T689] ? is_module_text_address+0xe1/0x140 [ 172.207496][ T689] ? kernfs_new_node+0x170/0x170 [ 172.212409][ T689] ? ptr_to_hashval+0x60/0x60 [ 172.217063][ T689] ? arch_stack_walk+0xf8/0x140 [ 172.221893][ T689] ? snprintf+0xd6/0x120 [ 172.226106][ T689] kernfs_new_node+0x97/0x170 [ 172.230758][ T689] __kernfs_create_file+0x4a/0x270 [ 172.235839][ T689] cgroup_addrm_files+0xab8/0xfe0 [ 172.240835][ T689] ? ____kasan_kmalloc+0xdc/0x110 [ 172.245837][ T689] ? __kasan_kmalloc+0x9/0x10 [ 172.250496][ T689] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 172.256028][ T689] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 172.262168][ T689] ? delete_node+0x759/0x7b0 [ 172.266734][ T689] ? __kasan_check_read+0x11/0x20 [ 172.271746][ T689] ? delete_node+0x759/0x7b0 [ 172.276327][ T689] ? __kasan_check_write+0x14/0x20 [ 172.281429][ T689] ? idr_replace+0x1c4/0x230 [ 172.286003][ T689] ? idr_get_next+0x4b0/0x4b0 [ 172.290656][ T689] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 172.295661][ T689] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 172.300845][ T689] css_populate_dir+0x137/0x370 [ 172.305679][ T689] cgroup_apply_control_enable+0x8b9/0x12f0 [ 172.311551][ T689] cgroup_apply_control+0x93/0x710 [ 172.316643][ T689] ? css_next_child+0x160/0x160 [ 172.321473][ T689] ? stack_trace_save+0x12d/0x1f0 [ 172.326480][ T689] ? io_schedule+0x120/0x120 [ 172.331053][ T689] ? kernfs_fop_write_iter+0x15e/0x410 [ 172.336494][ T689] ? __kasan_check_write+0x14/0x20 [ 172.341586][ T689] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 172.346845][ T689] cgroup_subtree_control_write+0xd19/0x1310 [ 172.352797][ T689] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 172.358756][ T689] ? __kasan_check_write+0x14/0x20 [ 172.363850][ T689] ? _copy_from_iter+0x3fb/0xd60 [ 172.368770][ T689] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 172.374728][ T689] cgroup_file_write+0x28e/0x590 [ 172.379639][ T689] ? cgroup_seqfile_stop+0xc0/0xc0 [ 172.384726][ T689] ? mutex_lock+0xa6/0x110 [ 172.389113][ T689] ? mutex_trylock+0xb0/0xb0 [ 172.393674][ T689] ? __kasan_check_write+0x14/0x20 [ 172.398760][ T689] kernfs_fop_write_iter+0x2d0/0x410 [ 172.404016][ T689] ? cgroup_seqfile_stop+0xc0/0xc0 [ 172.409098][ T689] vfs_write+0xc1c/0xf40 [ 172.413323][ T689] ? __kasan_check_write+0x14/0x20 [ 172.418418][ T689] ? kernel_write+0x3c0/0x3c0 [ 172.423077][ T689] ? _raw_spin_unlock_irq+0x4e/0x70 [ 172.428256][ T689] ? ptrace_stop+0x6ff/0x9f0 [ 172.432819][ T689] ? __kasan_check_read+0x11/0x20 [ 172.437816][ T689] ? __fdget_pos+0x27e/0x310 [ 172.442377][ T689] ksys_write+0x198/0x2c0 [ 172.446691][ T689] ? do_notify_parent+0xa60/0xa60 [ 172.451794][ T689] ? __ia32_sys_read+0x90/0x90 [ 172.456542][ T689] ? __ia32_sys_open+0x270/0x270 [ 172.461460][ T689] __x64_sys_write+0x7b/0x90 [ 172.466043][ T689] do_syscall_64+0x34/0x70 [ 172.470447][ T689] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 172.476310][ T689] RIP: 0033:0x7fc8ece62c09 [ 172.480704][ T689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.500284][ T689] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 376] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./49/file0") = 0 [pid 376] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./49/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./49") = 0 [pid 376] mkdir("./50", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 692 attached [pid 692] chdir("./50" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 52 [pid 692] <... chdir resumed>) = 0 [pid 689] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 689] close(3 [pid 692] <... prctl resumed>) = 0 [pid 692] setpgid(0, 0 [pid 689] <... close resumed>) = 0 [pid 692] <... setpgid resumed>) = 0 [pid 689] close(4 [pid 692] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 689] <... close resumed>) = 0 [pid 692] <... symlink resumed>) = 0 [pid 689] close(5 [pid 692] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 689] <... close resumed>) = 0 [pid 692] <... symlink resumed>) = 0 [pid 689] close(6 [pid 692] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] <... symlink resumed>) = 0 [pid 689] close(7 [pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] <... openat resumed>) = 3 [pid 689] close(8 [pid 692] write(3, "1000", 4 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] <... write resumed>) = 4 [pid 689] close(9 [pid 692] close(3 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] <... close resumed>) = 0 [pid 692] symlink("/dev/binderfs", "./binderfs" [pid 689] close(10 [pid 692] <... symlink resumed>) = 0 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] mkdirat(AT_FDCWD, "./file0", 000 [pid 689] close(11 [pid 692] <... mkdirat resumed>) = 0 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 689] close(12 [pid 692] <... mount resumed>) = 0 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] open("./file0", O_RDONLY) = 3 [pid 689] close(13 [pid 692] openat(3, "cgroup.subtree_control", O_RDWR [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 689] close(14 [pid 692] <... openat resumed>) = 4 [pid 689] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 692] write(4, "-pids ", 6 [pid 689] close(15) = -1 EBADF (Bad file descriptor) [pid 689] close(16) = -1 EBADF (Bad file descriptor) [pid 689] close(17) = -1 EBADF (Bad file descriptor) [pid 689] close(18) = -1 EBADF (Bad file descriptor) [pid 689] close(19) = -1 EBADF (Bad file descriptor) [pid 689] close(20) = -1 EBADF (Bad file descriptor) [pid 689] close(21) = -1 EBADF (Bad file descriptor) [pid 689] close(22) = -1 EBADF (Bad file descriptor) [pid 689] close(23) = -1 EBADF (Bad file descriptor) [pid 689] close(24) = -1 EBADF (Bad file descriptor) [pid 689] close(25) = -1 EBADF (Bad file descriptor) [pid 689] close(26) = -1 EBADF (Bad file descriptor) [pid 689] close(27) = -1 EBADF (Bad file descriptor) [pid 689] close(28) = -1 EBADF (Bad file descriptor) [pid 689] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 689] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 689] exit_group(0) = ? [pid 689] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./47/binderfs") = 0 [pid 380] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./47/cgroup") = 0 [pid 380] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./47/cgroup.net") = 0 [ 172.508671][ T689] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 172.516629][ T689] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 172.524668][ T689] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 172.532617][ T689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 172.540562][ T689] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [ 172.551971][ T689] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 691] <... write resumed>) = 6 [pid 690] <... write resumed>) = 6 [ 172.577764][ T380] ------------[ cut here ]------------ [ 172.583259][ T380] WARNING: CPU: 1 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 172.592262][ T380] Modules linked in: [ 172.592608][ T686] FAULT_INJECTION: forcing a failure. [ 172.592608][ T686] name failslab, interval 1, probability 0, space 0, times 0 [ 172.596151][ T380] CPU: 1 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [pid 691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 172.596164][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.630644][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 172.636263][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 172.655994][ T380] RSP: 0018:ffffc90000b27ba0 EFLAGS: 00010293 [ 172.662074][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 172.670025][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 172.670197][ T686] CPU: 0 PID: 686 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 172.678152][ T380] RBP: ffffc90000b27c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 172.689582][ T686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.689586][ T686] Call Trace: [ 172.689602][ T686] dump_stack_lvl+0x1e2/0x24b [ 172.689620][ T686] ? bfq_pos_tree_add_move+0x43e/0x43e [ 172.697571][ T380] R10: fffff52000164f65 R11: 1ffff92000164f64 R12: dffffc0000000000 [ 172.707588][ T686] ? selinux_kernfs_init_security+0x1a8/0x760 [ 172.707604][ T686] dump_stack+0x15/0x17 [ 172.710865][ T380] R13: ffff8881001c5c00 R14: ffffc90000b27c00 R15: 1ffff92000164f7c [ 172.715503][ T686] should_fail+0x3c0/0x510 [ 172.720935][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 172.728869][ T686] ? __kernfs_new_node+0x99/0x6e0 [ 172.734907][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.739025][ T686] __should_failslab+0x9f/0xe0 [ 172.746982][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506a0 [ 172.751342][ T686] should_failslab+0x9/0x20 [ 172.751360][ T686] __kmalloc_track_caller+0x5f/0x350 [ 172.760287][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.765254][ T686] kstrdup_const+0x55/0x90 [ 172.771810][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 172.776540][ T686] __kernfs_new_node+0x99/0x6e0 [ 172.784482][ T380] Call Trace: [ 172.788953][ T686] ? is_module_text_address+0xe1/0x140 [ 172.794212][ T380] ? io_schedule+0x120/0x120 [ 172.802138][ T686] ? kernfs_new_node+0x170/0x170 [ 172.802149][ T686] ? ptr_to_hashval+0x60/0x60 [ 172.802157][ T686] ? arch_stack_walk+0xf8/0x140 [ 172.802172][ T686] ? snprintf+0xd6/0x120 [ 172.806562][ T380] ? vfs_submount+0xb0/0xb0 [ 172.814501][ T686] kernfs_new_node+0x97/0x170 [ 172.814511][ T686] __kernfs_create_file+0x4a/0x270 [ 172.814526][ T686] cgroup_addrm_files+0xab8/0xfe0 [ 172.819343][ T380] ? shrink_dentry_list+0x4ec/0x500 [ 172.822592][ T686] ? ____kasan_kmalloc+0xdc/0x110 [ 172.822600][ T686] ? __kasan_kmalloc+0x9/0x10 [ 172.822617][ T686] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 172.828041][ T380] ? __kasan_check_write+0x14/0x20 [ 172.832594][ T686] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 172.832611][ T686] ? delete_node+0x759/0x7b0 [ 172.837518][ T380] namespace_unlock+0x448/0x4f0 [ 172.842155][ T686] ? __kasan_check_read+0x11/0x20 [ 172.842162][ T686] ? delete_node+0x759/0x7b0 [ 172.842182][ T686] ? __kasan_check_write+0x14/0x20 [ 172.846998][ T380] ? umount_tree+0xf50/0xf50 [ 172.851207][ T686] ? idr_replace+0x1c4/0x230 [ 172.851223][ T686] ? idr_get_next+0x4b0/0x4b0 [ 172.855694][ T380] ? __detach_mounts+0x670/0x670 [ 172.860332][ T686] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 172.860341][ T686] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 172.860350][ T686] css_populate_dir+0x137/0x370 [ 172.860366][ T686] cgroup_apply_control_enable+0x8b9/0x12f0 [ 172.865446][ T380] ? selinux_umount+0xf0/0x130 [ 172.870436][ T686] cgroup_apply_control+0x93/0x710 [ 172.870451][ T686] ? css_next_child+0x160/0x160 [ 172.875620][ T380] ? security_sb_umount+0x9d/0xb0 [ 172.880603][ T686] ? io_schedule+0x120/0x120 [ 172.880613][ T686] ? kernfs_fop_write_iter+0x15e/0x410 [ 172.880628][ T686] ? __kasan_check_write+0x14/0x20 [ 172.885273][ T380] path_umount+0xf03/0xfb0 [ 172.890778][ T686] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 172.890796][ T686] cgroup_subtree_control_write+0xd19/0x1310 [ 172.895909][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 172.901999][ T686] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 172.902009][ T686] ? __kasan_check_write+0x14/0x20 [ 172.902026][ T686] ? _copy_from_iter+0x3fb/0xd60 [ 172.906591][ T380] ? user_path_at_empty+0x40/0x50 [ 172.911403][ T686] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 172.911411][ T686] cgroup_file_write+0x28e/0x590 [ 172.911426][ T686] ? cgroup_seqfile_stop+0xc0/0xc0 [ 172.916423][ T380] __x64_sys_umount+0x122/0x170 [ 172.920975][ T686] ? mutex_lock+0xa6/0x110 [ 172.920984][ T686] ? mutex_trylock+0xb0/0xb0 [ 172.920993][ T686] ? __kasan_check_write+0x14/0x20 [ 172.921008][ T686] kernfs_fop_write_iter+0x2d0/0x410 [ 172.926088][ T380] ? path_umount+0xfb0/0xfb0 [ 172.930639][ T686] ? cgroup_seqfile_stop+0xc0/0xc0 [ 172.930649][ T686] vfs_write+0xc1c/0xf40 [ 172.930670][ T686] ? __kasan_check_write+0x14/0x20 [ 172.935228][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 172.939871][ T686] ? kernel_write+0x3c0/0x3c0 [ 172.944783][ T380] do_syscall_64+0x34/0x70 [ 172.949766][ T686] ? _raw_spin_unlock_irq+0x4e/0x70 [ 172.954941][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 172.959755][ T686] ? ptrace_stop+0x6ff/0x9f0 [ 172.965623][ T380] RIP: 0033:0x7fc8ece63fb7 [ 172.970344][ T686] ? __kasan_check_read+0x11/0x20 [ 172.970361][ T686] ? __fdget_pos+0x27e/0x310 [ 172.975448][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 172.980270][ T686] ksys_write+0x198/0x2c0 [ 172.980282][ T686] ? do_notify_parent+0xa60/0xa60 [ 172.980298][ T686] ? __ia32_sys_read+0x90/0x90 [ 172.985288][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 172.989848][ T686] ? __ia32_sys_open+0x270/0x270 [ 172.995279][ T380] ORIG_RAX: 00000000000000a6 [ 173.000352][ T686] __x64_sys_write+0x7b/0x90 [ 173.000368][ T686] do_syscall_64+0x34/0x70 [ 173.004751][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 173.010007][ T686] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.015958][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 173.020936][ T686] RIP: 0033:0x7fc8ece62c09 [ 173.020946][ T686] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 173.020959][ T686] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 173.026909][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 173.031978][ T686] ORIG_RAX: 0000000000000001 [ 173.031986][ T686] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 173.031998][ T686] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 173.036907][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 173.041891][ T686] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 173.041898][ T686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 173.041904][ T686] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002b [ 173.315939][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000030 [ 173.323938][ T380] ---[ end trace d4de1ca9cdcd19a1 ]--- [pid 690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 691] <... openat resumed>) = 5 [pid 690] <... openat resumed>) = 5 [pid 686] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 691] write(5, "22", 2 [pid 690] write(5, "22", 2 [pid 691] <... write resumed>) = 2 [pid 690] <... write resumed>) = 2 [pid 691] write(4, "+pids ", 6 [pid 690] write(4, "+pids ", 6 [pid 686] close(3) = 0 [pid 686] close(4) = 0 [pid 686] close(5) = 0 [pid 686] close(6) = -1 EBADF (Bad file descriptor) [pid 686] close(7) = -1 EBADF (Bad file descriptor) [pid 686] close(8) = -1 EBADF (Bad file descriptor) [pid 686] close(9) = -1 EBADF (Bad file descriptor) [pid 686] close(10) = -1 EBADF (Bad file descriptor) [pid 686] close(11) = -1 EBADF (Bad file descriptor) [pid 686] close(12) = -1 EBADF (Bad file descriptor) [pid 686] close(13) = -1 EBADF (Bad file descriptor) [pid 686] close(14) = -1 EBADF (Bad file descriptor) [pid 686] close(15) = -1 EBADF (Bad file descriptor) [pid 686] close(16) = -1 EBADF (Bad file descriptor) [pid 686] close(17) = -1 EBADF (Bad file descriptor) [pid 686] close(18) = -1 EBADF (Bad file descriptor) [pid 686] close(19) = -1 EBADF (Bad file descriptor) [pid 686] close(20) = -1 EBADF (Bad file descriptor) [pid 686] close(21) = -1 EBADF (Bad file descriptor) [pid 686] close(22) = -1 EBADF (Bad file descriptor) [pid 686] close(23) = -1 EBADF (Bad file descriptor) [pid 686] close(24) = -1 EBADF (Bad file descriptor) [pid 686] close(25) = -1 EBADF (Bad file descriptor) [pid 686] close(26) = -1 EBADF (Bad file descriptor) [pid 686] close(27) = -1 EBADF (Bad file descriptor) [pid 686] close(28) = -1 EBADF (Bad file descriptor) [pid 686] close(29) = -1 EBADF (Bad file descriptor) [pid 383] kill(-45, SIGKILL) = 0 [pid 383] kill(45, SIGKILL) = 0 [pid 686] +++ killed by SIGKILL +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=45, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=11} --- [pid 383] restart_syscall(<... resuming interrupted kill ...>) = 0 [ 173.329696][ T380] ------------[ cut here ]------------ [ 173.329760][ T686] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 173.335178][ T380] WARNING: CPU: 1 PID: 380 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 173.335187][ T380] Modules linked in: [ 173.355514][ T380] CPU: 1 PID: 380 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 173.367639][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.377745][ T380] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 173.383383][ T380] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 173.403022][ T380] RSP: 0018:ffffc90000b27ca0 EFLAGS: 00010293 [ 173.409090][ T380] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065ebb40 [ 173.417098][ T380] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 173.425083][ T380] RBP: ffffc90000b27d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 173.433080][ T380] R10: fffff52000164f85 R11: 1ffff92000164f84 R12: dffffc0000000000 [ 173.441065][ T380] R13: ffff8881001c5c00 R14: ffffc90000b27d00 R15: 1ffff92000164f9c [ 173.449028][ T380] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 173.457966][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.464556][ T380] CR2: 00007ffd7d0e1c18 CR3: 000000011ddaf000 CR4: 00000000003506a0 [ 173.472554][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 173.480535][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 173.488485][ T380] Call Trace: [ 173.491791][ T380] ? lockref_get_or_lock+0x340/0x340 [ 173.497068][ T380] ? umount_tree+0xf50/0xf50 [ 173.501668][ T380] ? vfs_submount+0xb0/0xb0 [ 173.506160][ T380] ? dput+0x2b6/0x320 [ 173.510128][ T380] path_umount+0x1fe/0xfb0 [ 173.514563][ T380] ? namespace_unlock+0x4f0/0x4f0 [ 173.519575][ T380] ? user_path_at_empty+0x40/0x50 [ 173.524605][ T380] __x64_sys_umount+0x122/0x170 [ 173.529454][ T380] ? path_umount+0xfb0/0xfb0 [ 173.534055][ T380] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 173.540026][ T380] do_syscall_64+0x34/0x70 [ 173.544453][ T380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.550379][ T380] RIP: 0033:0x7fc8ece63fb7 [ 173.554782][ T380] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 383] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] <... umount2 resumed>) = 0 [pid 380] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... openat resumed>) = 3 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4 [pid 383] getdents64(3, [pid 380] <... close resumed>) = 0 [pid 380] rmdir("./47/file0" [pid 383] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] <... rmdir resumed>) = 0 [pid 383] lstat("./43/binderfs", [pid 380] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./47/cgroup.cpu", [pid 383] unlink("./43/binderfs" [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./47/cgroup.cpu" [pid 383] <... unlink resumed>) = 0 [pid 383] umount2("./43/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... unlink resumed>) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./47") = 0 [pid 383] lstat("./43/cgroup", [pid 380] mkdir("./48", 0777 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./43/cgroup" [pid 380] <... mkdir resumed>) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 383] <... unlink resumed>) = 0 [pid 383] umount2("./43/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./43/cgroup.net", [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 50 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./43/cgroup.net"./strace-static-x86_64: Process 693 attached [pid 693] chdir("./48" [pid 383] <... unlink resumed>) = 0 [pid 383] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 693] <... chdir resumed>) = 0 [pid 693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] <... umount2 resumed>) = 0 [pid 693] setpgid(0, 0 [pid 383] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 693] <... setpgid resumed>) = 0 [pid 693] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 693] <... symlink resumed>) = 0 [pid 383] lstat("./43/file0", [pid 693] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 693] <... symlink resumed>) = 0 [pid 383] umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 693] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 693] <... symlink resumed>) = 0 [pid 383] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 383] <... openat resumed>) = 4 [pid 693] <... openat resumed>) = 3 [pid 383] fstat(4, [pid 693] write(3, "1000", 4) = 4 [pid 383] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 693] close(3 [pid 383] getdents64(4, [pid 693] <... close resumed>) = 0 [pid 383] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 693] symlink("/dev/binderfs", "./binderfs" [pid 383] getdents64(4, [pid 693] <... symlink resumed>) = 0 [pid 383] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 693] mkdirat(AT_FDCWD, "./file0", 000 [pid 383] close(4 [pid 693] <... mkdirat resumed>) = 0 [pid 383] <... close resumed>) = 0 [pid 693] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 383] rmdir("./43/file0" [pid 693] <... mount resumed>) = 0 [pid 693] open("./file0", O_RDONLY) = 3 [pid 693] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] <... rmdir resumed>) = 0 [pid 693] <... openat resumed>) = 4 [pid 383] umount2("./43/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 693] write(4, "-pids ", 6 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./43/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./43/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [ 173.574396][ T380] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 173.582822][ T380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 173.590793][ T380] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 173.598754][ T380] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 173.606722][ T380] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 173.614698][ T380] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000030 [ 173.622668][ T380] ---[ end trace d4de1ca9cdcd19a2 ]--- [pid 383] close(3) = 0 [pid 383] rmdir("./43") = 0 [pid 383] mkdir("./44", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 46 ./strace-static-x86_64: Process 694 attached [pid 694] chdir("./44") = 0 [pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 694] setpgid(0, 0) = 0 [pid 694] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 694] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 694] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 694] write(3, "1000", 4) = 4 [pid 694] close(3) = 0 [pid 694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 694] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 173.650490][ T690] FAULT_INJECTION: forcing a failure. [ 173.650490][ T690] name failslab, interval 1, probability 0, space 0, times 0 [ 173.663149][ T690] CPU: 0 PID: 690 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 173.674758][ T690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.684798][ T690] Call Trace: [ 173.688076][ T690] dump_stack_lvl+0x1e2/0x24b [ 173.692732][ T690] ? bfq_pos_tree_add_move+0x43e/0x43e [ 173.698166][ T690] ? selinux_kernfs_init_security+0x1a8/0x760 [ 173.704213][ T690] dump_stack+0x15/0x17 [ 173.708362][ T690] should_fail+0x3c0/0x510 [ 173.712772][ T690] ? __kernfs_new_node+0x99/0x6e0 [ 173.717780][ T690] __should_failslab+0x9f/0xe0 [ 173.722517][ T690] should_failslab+0x9/0x20 [ 173.726998][ T690] __kmalloc_track_caller+0x5f/0x350 [ 173.732268][ T690] kstrdup_const+0x55/0x90 [ 173.736676][ T690] __kernfs_new_node+0x99/0x6e0 [ 173.741517][ T690] ? is_module_text_address+0xe1/0x140 [ 173.746960][ T690] ? kernfs_new_node+0x170/0x170 [ 173.751886][ T690] ? ptr_to_hashval+0x60/0x60 [ 173.756537][ T690] ? arch_stack_walk+0xf8/0x140 [ 173.761366][ T690] ? snprintf+0xd6/0x120 [ 173.765583][ T690] kernfs_new_node+0x97/0x170 [ 173.770236][ T690] __kernfs_create_file+0x4a/0x270 [ 173.775321][ T690] cgroup_addrm_files+0xab8/0xfe0 [ 173.780319][ T690] ? ____kasan_kmalloc+0xdc/0x110 [ 173.785324][ T690] ? __kasan_kmalloc+0x9/0x10 [ 173.789989][ T690] ? kmem_cache_alloc_trace+0x1dd/0x330 [pid 694] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 381] kill(-54, SIGKILL) = 0 [pid 381] kill(54, SIGKILL) = 0 [ 173.795523][ T690] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 173.801670][ T690] ? delete_node+0x759/0x7b0 [ 173.806253][ T690] ? __kasan_check_read+0x11/0x20 [ 173.811262][ T690] ? delete_node+0x759/0x7b0 [ 173.815827][ T690] ? __kasan_check_write+0x14/0x20 [ 173.820931][ T690] ? idr_replace+0x1c4/0x230 [ 173.825507][ T690] ? idr_get_next+0x4b0/0x4b0 [ 173.830162][ T690] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 173.835174][ T690] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 173.840357][ T690] css_populate_dir+0x137/0x370 [ 173.845184][ T690] cgroup_apply_control_enable+0x8b9/0x12f0 [ 173.851054][ T690] cgroup_apply_control+0x93/0x710 [ 173.856148][ T690] ? css_next_child+0x160/0x160 [ 173.860982][ T690] ? io_schedule+0x120/0x120 [ 173.865551][ T690] ? kernfs_fop_write_iter+0x15e/0x410 [ 173.870994][ T690] ? __kasan_check_write+0x14/0x20 [ 173.876112][ T690] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 173.881384][ T690] cgroup_subtree_control_write+0xd19/0x1310 [ 173.887359][ T690] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 173.893314][ T690] ? __kasan_check_write+0x14/0x20 [ 173.898399][ T690] ? _copy_from_iter+0x3fb/0xd60 [ 173.903407][ T690] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 173.909383][ T690] cgroup_file_write+0x28e/0x590 [ 173.914303][ T690] ? cgroup_seqfile_stop+0xc0/0xc0 [ 173.919389][ T690] ? mutex_lock+0xa6/0x110 [ 173.923794][ T690] ? mutex_trylock+0xb0/0xb0 [ 173.928366][ T690] ? __kasan_check_write+0x14/0x20 [ 173.933460][ T690] kernfs_fop_write_iter+0x2d0/0x410 [ 173.938724][ T690] ? cgroup_seqfile_stop+0xc0/0xc0 [ 173.943819][ T690] vfs_write+0xc1c/0xf40 [pid 381] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [ 173.948039][ T690] ? __kasan_check_write+0x14/0x20 [ 173.953124][ T690] ? kernel_write+0x3c0/0x3c0 [ 173.957772][ T690] ? _raw_spin_unlock_irq+0x4e/0x70 [ 173.962943][ T690] ? ptrace_stop+0x6ff/0x9f0 [ 173.967511][ T690] ? __kasan_check_read+0x11/0x20 [ 173.972513][ T690] ? __fdget_pos+0x27e/0x310 [ 173.977103][ T690] ksys_write+0x198/0x2c0 [ 173.981414][ T690] ? do_notify_parent+0xa60/0xa60 [ 173.986420][ T690] ? __ia32_sys_read+0x90/0x90 [ 173.991159][ T690] ? __ia32_sys_open+0x270/0x270 [ 173.996075][ T690] __x64_sys_write+0x7b/0x90 [ 174.000643][ T690] do_syscall_64+0x34/0x70 [ 174.005034][ T690] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 174.010903][ T690] RIP: 0033:0x7fc8ece62c09 [ 174.015293][ T690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 174.034870][ T690] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 174.043257][ T690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 690] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 690] close(3 [pid 694] <... mount resumed>) = 0 [pid 690] <... close resumed>) = 0 [pid 690] close(4) = 0 [pid 690] close(5) = 0 [pid 690] close(6) = -1 EBADF (Bad file descriptor) [pid 690] close(7) = -1 EBADF (Bad file descriptor) [pid 690] close(8) = -1 EBADF (Bad file descriptor) [pid 690] close(9) = -1 EBADF (Bad file descriptor) [pid 690] close(10) = -1 EBADF (Bad file descriptor) [pid 690] close(11) = -1 EBADF (Bad file descriptor) [pid 690] close(12) = -1 EBADF (Bad file descriptor) [pid 690] close(13) = -1 EBADF (Bad file descriptor) [pid 690] close(14) = -1 EBADF (Bad file descriptor) [pid 690] close(15) = -1 EBADF (Bad file descriptor) [pid 690] close(16) = -1 EBADF (Bad file descriptor) [pid 690] close(17) = -1 EBADF (Bad file descriptor) [pid 690] close(18) = -1 EBADF (Bad file descriptor) [pid 690] close(19) = -1 EBADF (Bad file descriptor) [pid 690] close(20) = -1 EBADF (Bad file descriptor) [pid 690] close(21) = -1 EBADF (Bad file descriptor) [pid 690] close(22) = -1 EBADF (Bad file descriptor) [pid 690] close(23) = -1 EBADF (Bad file descriptor) [pid 690] close(24) = -1 EBADF (Bad file descriptor) [pid 690] close(25) = -1 EBADF (Bad file descriptor) [pid 690] close(26) = -1 EBADF (Bad file descriptor) [pid 690] close(27) = -1 EBADF (Bad file descriptor) [pid 690] close(28) = -1 EBADF (Bad file descriptor) [pid 690] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 690] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 690] exit_group(0) = ? [pid 694] open("./file0", O_RDONLY [pid 690] +++ exited with 0 +++ [pid 694] <... open resumed>) = 3 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 694] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 375] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW [pid 694] write(4, "-pids ", 6 [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./56/binderfs") = 0 [pid 375] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./56/cgroup") = 0 [pid 375] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./56/cgroup.net") = 0 [pid 375] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./56/file0") = 0 [pid 375] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./56/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./56") = 0 [pid 375] mkdir("./57", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 695 attached [pid 695] chdir("./57") = 0 [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 59 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 695] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 695] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 695] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 695] open("./file0", O_RDONLY) = 3 [pid 695] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 174.051204][ T690] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 174.059158][ T690] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 174.067131][ T690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 174.075076][ T690] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 174.085226][ T690] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 695] write(4, "-pids ", 6 [pid 693] <... write resumed>) = 6 [pid 693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 693] write(5, "22", 2) = 2 [ 174.110568][ T691] FAULT_INJECTION: forcing a failure. [ 174.110568][ T691] name failslab, interval 1, probability 0, space 0, times 0 [ 174.123565][ T691] CPU: 0 PID: 691 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 174.135187][ T691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.145238][ T691] Call Trace: [ 174.148523][ T691] dump_stack_lvl+0x1e2/0x24b [ 174.153176][ T691] ? panic+0x7d7/0x7d7 [ 174.157217][ T691] ? bfq_pos_tree_add_move+0x43e/0x43e [ 174.162649][ T691] ? find_next_bit+0xd6/0x120 [ 174.167303][ T691] ? cpumask_next+0x11/0x30 [ 174.171782][ T691] dump_stack+0x15/0x17 [ 174.175910][ T691] should_fail+0x3c0/0x510 [ 174.180301][ T691] ? percpu_ref_init+0xd0/0x330 [ 174.185127][ T691] __should_failslab+0x9f/0xe0 [ 174.189863][ T691] should_failslab+0x9/0x20 [ 174.194341][ T691] kmem_cache_alloc_trace+0x3a/0x330 [ 174.199599][ T691] percpu_ref_init+0xd0/0x330 [ 174.204298][ T691] ? cgroup_setup_root+0xea0/0xea0 [ 174.209394][ T691] cgroup_apply_control_enable+0x3a2/0x12f0 [ 174.215262][ T691] cgroup_apply_control+0x93/0x710 [ 174.220346][ T691] ? css_next_child+0x160/0x160 [ 174.225169][ T691] ? io_schedule+0x120/0x120 [ 174.229744][ T691] ? kernfs_fop_write_iter+0x15e/0x410 [ 174.235204][ T691] ? __kasan_check_write+0x14/0x20 [ 174.240298][ T691] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 174.245559][ T691] cgroup_subtree_control_write+0xd19/0x1310 [ 174.251513][ T691] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 174.257464][ T691] ? __kasan_check_write+0x14/0x20 [ 174.262550][ T691] ? _copy_from_iter+0x3fb/0xd60 [ 174.267460][ T691] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 174.273419][ T691] cgroup_file_write+0x28e/0x590 [ 174.278340][ T691] ? cgroup_seqfile_stop+0xc0/0xc0 [ 174.283423][ T691] ? mutex_lock+0xa6/0x110 [ 174.287810][ T691] ? mutex_trylock+0xb0/0xb0 [ 174.292372][ T691] ? __kasan_check_write+0x14/0x20 [ 174.297464][ T691] kernfs_fop_write_iter+0x2d0/0x410 [ 174.302729][ T691] ? cgroup_seqfile_stop+0xc0/0xc0 [ 174.307820][ T691] vfs_write+0xc1c/0xf40 [ 174.312037][ T691] ? __kasan_check_write+0x14/0x20 [ 174.317131][ T691] ? kernel_write+0x3c0/0x3c0 [ 174.321789][ T691] ? _raw_spin_unlock_irq+0x4e/0x70 [ 174.326967][ T691] ? ptrace_stop+0x6ff/0x9f0 [ 174.331539][ T691] ? __kasan_check_read+0x11/0x20 [ 174.336541][ T691] ? __fdget_pos+0x27e/0x310 [ 174.341112][ T691] ksys_write+0x198/0x2c0 [ 174.345415][ T691] ? do_notify_parent+0xa60/0xa60 [ 174.350411][ T691] ? __ia32_sys_read+0x90/0x90 [ 174.355147][ T691] ? __ia32_sys_open+0x270/0x270 [ 174.360061][ T691] __x64_sys_write+0x7b/0x90 [ 174.364633][ T691] do_syscall_64+0x34/0x70 [ 174.369048][ T691] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 174.374931][ T691] RIP: 0033:0x7fc8ece62c09 [ 174.379325][ T691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 174.398909][ T691] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 693] write(4, "+pids ", 6 [pid 691] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 691] close(3) = 0 [pid 691] close(4) = 0 [pid 691] close(5) = 0 [pid 691] close(6) = -1 EBADF (Bad file descriptor) [pid 691] close(7) = -1 EBADF (Bad file descriptor) [pid 691] close(8) = -1 EBADF (Bad file descriptor) [pid 691] close(9) = -1 EBADF (Bad file descriptor) [pid 691] close(10) = -1 EBADF (Bad file descriptor) [pid 691] close(11) = -1 EBADF (Bad file descriptor) [pid 691] close(12) = -1 EBADF (Bad file descriptor) [pid 691] close(13) = -1 EBADF (Bad file descriptor) [pid 691] close(14) = -1 EBADF (Bad file descriptor) [pid 691] close(15) = -1 EBADF (Bad file descriptor) [pid 691] close(16) = -1 EBADF (Bad file descriptor) [pid 691] close(17) = -1 EBADF (Bad file descriptor) [pid 691] close(18) = -1 EBADF (Bad file descriptor) [pid 691] close(19) = -1 EBADF (Bad file descriptor) [pid 691] close(20) = -1 EBADF (Bad file descriptor) [pid 691] close(21) = -1 EBADF (Bad file descriptor) [pid 691] close(22) = -1 EBADF (Bad file descriptor) [pid 691] close(23) = -1 EBADF (Bad file descriptor) [pid 691] close(24) = -1 EBADF (Bad file descriptor) [pid 691] close(25) = -1 EBADF (Bad file descriptor) [pid 691] close(26) = -1 EBADF (Bad file descriptor) [pid 691] close(27) = -1 EBADF (Bad file descriptor) [pid 691] close(28) = -1 EBADF (Bad file descriptor) [pid 691] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 691] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 691] exit_group(0) = ? [pid 691] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./53/binderfs") = 0 [pid 382] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./53/cgroup") = 0 [pid 382] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./53/cgroup.net") = 0 [pid 382] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./53/file0") = 0 [pid 382] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./53/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./53") = 0 [pid 382] mkdir("./54", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 696 attached [pid 696] chdir("./54") = 0 [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 56 [pid 696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 696] setpgid(0, 0) = 0 [pid 696] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 696] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 696] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 696] write(3, "1000", 4) = 4 [pid 696] close(3) = 0 [ 174.407308][ T691] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 174.415266][ T691] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 174.423211][ T691] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 174.431164][ T691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 174.439121][ T691] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [pid 696] symlink("/dev/binderfs", "./binderfs" [pid 694] <... write resumed>) = 6 [pid 696] <... symlink resumed>) = 0 [pid 694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 696] mkdirat(AT_FDCWD, "./file0", 000 [pid 694] <... openat resumed>) = 5 [pid 696] <... mkdirat resumed>) = 0 [pid 694] write(5, "22", 2 [pid 696] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 694] <... write resumed>) = 2 [ 174.470523][ T693] FAULT_INJECTION: forcing a failure. [ 174.470523][ T693] name failslab, interval 1, probability 0, space 0, times 0 [ 174.483714][ T693] CPU: 0 PID: 693 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 174.495337][ T693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.505368][ T693] Call Trace: [ 174.508648][ T693] dump_stack_lvl+0x1e2/0x24b [ 174.513326][ T693] ? bfq_pos_tree_add_move+0x43e/0x43e [ 174.518772][ T693] ? selinux_kernfs_init_security+0x1a8/0x760 [ 174.524827][ T693] dump_stack+0x15/0x17 [ 174.528974][ T693] should_fail+0x3c0/0x510 [ 174.533381][ T693] ? __kernfs_new_node+0x99/0x6e0 [ 174.538388][ T693] __should_failslab+0x9f/0xe0 [ 174.543135][ T693] should_failslab+0x9/0x20 [ 174.547615][ T693] __kmalloc_track_caller+0x5f/0x350 [ 174.552875][ T693] kstrdup_const+0x55/0x90 [ 174.557265][ T693] __kernfs_new_node+0x99/0x6e0 [ 174.562191][ T693] ? is_module_text_address+0xe1/0x140 [ 174.567642][ T693] ? kernfs_new_node+0x170/0x170 [ 174.572566][ T693] ? ptr_to_hashval+0x60/0x60 [ 174.577214][ T693] ? arch_stack_walk+0xf8/0x140 [ 174.582041][ T693] ? snprintf+0xd6/0x120 [ 174.586259][ T693] kernfs_new_node+0x97/0x170 [ 174.590911][ T693] __kernfs_create_file+0x4a/0x270 [ 174.595998][ T693] cgroup_addrm_files+0xab8/0xfe0 [ 174.601005][ T693] ? ____kasan_kmalloc+0xdc/0x110 [ 174.606272][ T693] ? __kasan_kmalloc+0x9/0x10 [ 174.610932][ T693] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 174.616472][ T693] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 174.622612][ T693] ? delete_node+0x759/0x7b0 [ 174.627176][ T693] ? __kasan_check_read+0x11/0x20 [ 174.632171][ T693] ? delete_node+0x759/0x7b0 [ 174.636735][ T693] ? __kasan_check_write+0x14/0x20 [ 174.641820][ T693] ? idr_replace+0x1c4/0x230 [ 174.646387][ T693] ? idr_get_next+0x4b0/0x4b0 [ 174.651045][ T693] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 174.656055][ T693] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 174.661234][ T693] css_populate_dir+0x137/0x370 [ 174.666062][ T693] cgroup_apply_control_enable+0x8b9/0x12f0 [ 174.671942][ T693] cgroup_apply_control+0x93/0x710 [ 174.677044][ T693] ? css_next_child+0x160/0x160 [ 174.681869][ T693] ? stack_trace_save+0x12d/0x1f0 [ 174.686867][ T693] ? io_schedule+0x120/0x120 [ 174.691441][ T693] ? kernfs_fop_write_iter+0x15e/0x410 [ 174.696891][ T693] ? __kasan_check_write+0x14/0x20 [ 174.701988][ T693] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 174.707247][ T693] cgroup_subtree_control_write+0xd19/0x1310 [ 174.713204][ T693] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 174.719166][ T693] ? __kasan_check_write+0x14/0x20 [ 174.724272][ T693] ? _copy_from_iter+0x3fb/0xd60 [ 174.729202][ T693] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 174.735165][ T693] cgroup_file_write+0x28e/0x590 [ 174.740082][ T693] ? cgroup_seqfile_stop+0xc0/0xc0 [ 174.745179][ T693] ? mutex_lock+0xa6/0x110 [ 174.749585][ T693] ? mutex_trylock+0xb0/0xb0 [ 174.754161][ T693] ? __kasan_check_write+0x14/0x20 [ 174.759255][ T693] kernfs_fop_write_iter+0x2d0/0x410 [ 174.764522][ T693] ? cgroup_seqfile_stop+0xc0/0xc0 [ 174.769609][ T693] vfs_write+0xc1c/0xf40 [ 174.773825][ T693] ? __kasan_check_write+0x14/0x20 [ 174.778917][ T693] ? kernel_write+0x3c0/0x3c0 [ 174.783581][ T693] ? _raw_spin_unlock_irq+0x4e/0x70 [ 174.788759][ T693] ? ptrace_stop+0x6ff/0x9f0 [ 174.793340][ T693] ? __kasan_check_read+0x11/0x20 [ 174.798345][ T693] ? __fdget_pos+0x27e/0x310 [ 174.802918][ T693] ksys_write+0x198/0x2c0 [ 174.807240][ T693] ? do_notify_parent+0xa60/0xa60 [ 174.812249][ T693] ? __ia32_sys_read+0x90/0x90 [ 174.816996][ T693] ? __ia32_sys_open+0x270/0x270 [ 174.821916][ T693] __x64_sys_write+0x7b/0x90 [ 174.826483][ T693] do_syscall_64+0x34/0x70 [ 174.830874][ T693] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 174.836753][ T693] RIP: 0033:0x7fc8ece62c09 [ 174.841158][ T693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 174.860755][ T693] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 694] write(4, "+pids ", 6 [pid 696] <... mount resumed>) = 0 [pid 693] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 696] open("./file0", O_RDONLY [pid 693] close(3 [pid 696] <... open resumed>) = 3 [pid 693] <... close resumed>) = 0 [pid 693] close(4 [pid 696] openat(3, "cgroup.subtree_control", O_RDWR [pid 693] <... close resumed>) = 0 [pid 693] close(5) = 0 [pid 693] close(6) = -1 EBADF (Bad file descriptor) [pid 693] close(7) = -1 EBADF (Bad file descriptor) [pid 693] close(8) = -1 EBADF (Bad file descriptor) [pid 693] close(9) = -1 EBADF (Bad file descriptor) [pid 693] close(10) = -1 EBADF (Bad file descriptor) [pid 693] close(11) = -1 EBADF (Bad file descriptor) [pid 693] close(12) = -1 EBADF (Bad file descriptor) [pid 693] close(13) = -1 EBADF (Bad file descriptor) [pid 693] close(14) = -1 EBADF (Bad file descriptor) [pid 693] close(15) = -1 EBADF (Bad file descriptor) [pid 693] close(16) = -1 EBADF (Bad file descriptor) [pid 693] close(17) = -1 EBADF (Bad file descriptor) [pid 693] close(18) = -1 EBADF (Bad file descriptor) [pid 693] close(19) = -1 EBADF (Bad file descriptor) [pid 693] close(20) = -1 EBADF (Bad file descriptor) [pid 693] close(21) = -1 EBADF (Bad file descriptor) [pid 693] close(22) = -1 EBADF (Bad file descriptor) [pid 693] close(23) = -1 EBADF (Bad file descriptor) [pid 693] close(24) = -1 EBADF (Bad file descriptor) [pid 693] close(25) = -1 EBADF (Bad file descriptor) [pid 693] close(26) = -1 EBADF (Bad file descriptor) [pid 693] close(27) = -1 EBADF (Bad file descriptor) [pid 693] close(28) = -1 EBADF (Bad file descriptor) [pid 693] close(29) = -1 EBADF (Bad file descriptor) [pid 693] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 693] exit_group(0) = ? [pid 696] <... openat resumed>) = 4 [pid 693] +++ exited with 0 +++ [pid 696] write(4, "-pids ", 6 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./48/binderfs") = 0 [pid 380] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./48/cgroup") = 0 [pid 380] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./48/cgroup.net") = 0 [pid 380] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 174.869163][ T693] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 174.877119][ T693] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 174.885067][ T693] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 174.893022][ T693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 174.900978][ T693] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [ 174.910561][ T693] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./48/file0") = 0 [pid 380] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./48/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./48") = 0 [pid 380] mkdir("./49", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 51 ./strace-static-x86_64: Process 697 attached [pid 697] chdir("./49") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 697] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 697] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 174.930508][ T694] FAULT_INJECTION: forcing a failure. [ 174.930508][ T694] name failslab, interval 1, probability 0, space 0, times 0 [ 174.943519][ T694] CPU: 1 PID: 694 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 174.955138][ T694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.965184][ T694] Call Trace: [ 174.968456][ T694] dump_stack_lvl+0x1e2/0x24b [ 174.973108][ T694] ? bfq_pos_tree_add_move+0x43e/0x43e [ 174.978548][ T694] ? selinux_kernfs_init_security+0x1a8/0x760 [ 174.984599][ T694] dump_stack+0x15/0x17 [ 174.988727][ T694] should_fail+0x3c0/0x510 [ 174.993126][ T694] ? __kernfs_new_node+0x99/0x6e0 [ 174.998134][ T694] __should_failslab+0x9f/0xe0 [ 175.002875][ T694] should_failslab+0x9/0x20 [ 175.007352][ T694] __kmalloc_track_caller+0x5f/0x350 [ 175.012607][ T694] kstrdup_const+0x55/0x90 [ 175.016993][ T694] __kernfs_new_node+0x99/0x6e0 [ 175.021816][ T694] ? is_module_text_address+0xe1/0x140 [ 175.027248][ T694] ? kernfs_new_node+0x170/0x170 [ 175.032163][ T694] ? ptr_to_hashval+0x60/0x60 [ 175.036818][ T694] ? arch_stack_walk+0xf8/0x140 [ 175.041643][ T694] ? snprintf+0xd6/0x120 [ 175.045856][ T694] kernfs_new_node+0x97/0x170 [ 175.050503][ T694] __kernfs_create_file+0x4a/0x270 [ 175.055587][ T694] cgroup_addrm_files+0xab8/0xfe0 [ 175.060582][ T694] ? ____kasan_kmalloc+0xdc/0x110 [ 175.065586][ T694] ? __kasan_kmalloc+0x9/0x10 [ 175.070244][ T694] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 175.075760][ T694] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 175.081888][ T694] ? delete_node+0x759/0x7b0 [ 175.086459][ T694] ? __kasan_check_read+0x11/0x20 [ 175.091464][ T694] ? delete_node+0x759/0x7b0 [ 175.096031][ T694] ? __kasan_check_write+0x14/0x20 [ 175.101114][ T694] ? idr_replace+0x1c4/0x230 [ 175.105677][ T694] ? idr_get_next+0x4b0/0x4b0 [ 175.110335][ T694] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 175.115339][ T694] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 175.120535][ T694] css_populate_dir+0x137/0x370 [ 175.125362][ T694] cgroup_apply_control_enable+0x8b9/0x12f0 [ 175.131227][ T694] cgroup_apply_control+0x93/0x710 [ 175.136309][ T694] ? css_next_child+0x160/0x160 [ 175.141130][ T694] ? stack_trace_save+0x12d/0x1f0 [ 175.146181][ T694] ? io_schedule+0x120/0x120 [ 175.150754][ T694] ? kernfs_fop_write_iter+0x15e/0x410 [ 175.156206][ T694] ? __kasan_check_write+0x14/0x20 [ 175.161297][ T694] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 175.166554][ T694] cgroup_subtree_control_write+0xd19/0x1310 [ 175.172516][ T694] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 175.178473][ T694] ? __kasan_check_write+0x14/0x20 [ 175.183560][ T694] ? _copy_from_iter+0x3fb/0xd60 [ 175.188478][ T694] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 175.194444][ T694] cgroup_file_write+0x28e/0x590 [ 175.199361][ T694] ? cgroup_seqfile_stop+0xc0/0xc0 [ 175.204458][ T694] ? mutex_lock+0xa6/0x110 [ 175.208854][ T694] ? mutex_trylock+0xb0/0xb0 [ 175.213433][ T694] ? __kasan_check_write+0x14/0x20 [ 175.218530][ T694] kernfs_fop_write_iter+0x2d0/0x410 [ 175.223792][ T694] ? cgroup_seqfile_stop+0xc0/0xc0 [ 175.228885][ T694] vfs_write+0xc1c/0xf40 [ 175.233114][ T694] ? __kasan_check_write+0x14/0x20 [ 175.238206][ T694] ? kernel_write+0x3c0/0x3c0 [ 175.242855][ T694] ? _raw_spin_unlock_irq+0x4e/0x70 [ 175.248025][ T694] ? ptrace_stop+0x6ff/0x9f0 [ 175.252588][ T694] ? __kasan_check_read+0x11/0x20 [ 175.257601][ T694] ? __fdget_pos+0x27e/0x310 [ 175.262169][ T694] ksys_write+0x198/0x2c0 [ 175.266481][ T694] ? do_notify_parent+0xa60/0xa60 [ 175.271483][ T694] ? __ia32_sys_read+0x90/0x90 [ 175.276224][ T694] ? __ia32_sys_open+0x270/0x270 [ 175.281144][ T694] __x64_sys_write+0x7b/0x90 [ 175.285715][ T694] do_syscall_64+0x34/0x70 [ 175.290121][ T694] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 175.295985][ T694] RIP: 0033:0x7fc8ece62c09 [ 175.300372][ T694] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.319951][ T694] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 697] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 694] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 697] <... mount resumed>) = 0 [pid 694] close(3) = 0 [pid 694] close(4) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = -1 EBADF (Bad file descriptor) [pid 694] close(7) = -1 EBADF (Bad file descriptor) [pid 694] close(8) = -1 EBADF (Bad file descriptor) [pid 694] close(9) = -1 EBADF (Bad file descriptor) [pid 694] close(10) = -1 EBADF (Bad file descriptor) [pid 694] close(11) = -1 EBADF (Bad file descriptor) [pid 694] close(12) = -1 EBADF (Bad file descriptor) [pid 694] close(13) = -1 EBADF (Bad file descriptor) [pid 694] close(14) = -1 EBADF (Bad file descriptor) [pid 694] close(15) = -1 EBADF (Bad file descriptor) [pid 694] close(16) = -1 EBADF (Bad file descriptor) [pid 694] close(17) = -1 EBADF (Bad file descriptor) [pid 694] close(18) = -1 EBADF (Bad file descriptor) [pid 694] close(19) = -1 EBADF (Bad file descriptor) [pid 697] open("./file0", O_RDONLY [pid 694] close(20) = -1 EBADF (Bad file descriptor) [pid 694] close(21) = -1 EBADF (Bad file descriptor) [pid 694] close(22) = -1 EBADF (Bad file descriptor) [pid 694] close(23) = -1 EBADF (Bad file descriptor) [pid 694] close(24) = -1 EBADF (Bad file descriptor) [pid 694] close(25) = -1 EBADF (Bad file descriptor) [pid 694] close(26) = -1 EBADF (Bad file descriptor) [pid 694] close(27) = -1 EBADF (Bad file descriptor) [pid 694] close(28) = -1 EBADF (Bad file descriptor) [pid 694] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 694] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 694] exit_group(0) = ? [pid 694] +++ exited with 0 +++ [pid 697] <... open resumed>) = 3 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=46, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 697] openat(3, "cgroup.subtree_control", O_RDWR [pid 383] restart_syscall(<... resuming interrupted clone ...> [pid 697] <... openat resumed>) = 4 [pid 697] write(4, "-pids ", 6 [pid 383] <... restart_syscall resumed>) = 0 [pid 383] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./44/binderfs") = 0 [pid 383] umount2("./44/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./44/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./44/cgroup") = 0 [pid 383] umount2("./44/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./44/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./44/cgroup.net") = 0 [pid 383] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./44/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./44/file0") = 0 [pid 383] umount2("./44/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./44/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./44/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./44") = 0 [pid 383] mkdir("./45", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 47 ./strace-static-x86_64: Process 698 attached [pid 698] chdir("./45") = 0 [pid 698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 698] setpgid(0, 0) = 0 [pid 698] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 698] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 698] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 698] write(3, "1000", 4) = 4 [pid 698] close(3) = 0 [pid 698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 698] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 698] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 698] open("./file0", O_RDONLY) = 3 [pid 698] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 698] write(4, "-pids ", 6) = 6 [pid 695] <... write resumed>) = 6 [pid 698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 175.328340][ T694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 175.336288][ T694] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 175.344235][ T694] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 175.352187][ T694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 175.360146][ T694] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002c [ 175.368880][ T694] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 695] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 698] <... openat resumed>) = 5 [pid 695] <... openat resumed>) = 5 [pid 698] write(5, "22", 2 [pid 695] write(5, "22", 2 [pid 698] <... write resumed>) = 2 [pid 695] <... write resumed>) = 2 [pid 698] write(4, "+pids ", 6 [ 175.410387][ T687] FAULT_INJECTION: forcing a failure. [ 175.410387][ T687] name failslab, interval 1, probability 0, space 0, times 0 [ 175.423032][ T687] CPU: 1 PID: 687 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 175.434641][ T687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.444691][ T687] Call Trace: [ 175.447955][ T687] dump_stack_lvl+0x1e2/0x24b [ 175.452801][ T687] ? bfq_pos_tree_add_move+0x43e/0x43e [ 175.458246][ T687] ? selinux_kernfs_init_security+0x1a8/0x760 [ 175.464303][ T687] dump_stack+0x15/0x17 [ 175.468445][ T687] should_fail+0x3c0/0x510 [ 175.472927][ T687] ? __kernfs_new_node+0x99/0x6e0 [ 175.477933][ T687] __should_failslab+0x9f/0xe0 [ 175.482687][ T687] should_failslab+0x9/0x20 [ 175.487163][ T687] __kmalloc_track_caller+0x5f/0x350 [ 175.492430][ T687] kstrdup_const+0x55/0x90 [ 175.496821][ T687] __kernfs_new_node+0x99/0x6e0 [ 175.501647][ T687] ? is_module_text_address+0xe1/0x140 [ 175.507146][ T687] ? kernfs_new_node+0x170/0x170 [ 175.512063][ T687] ? ptr_to_hashval+0x60/0x60 [ 175.516719][ T687] ? arch_stack_walk+0xf8/0x140 [ 175.521549][ T687] ? snprintf+0xd6/0x120 [ 175.525787][ T687] kernfs_new_node+0x97/0x170 [ 175.530453][ T687] __kernfs_create_file+0x4a/0x270 [ 175.535557][ T687] cgroup_addrm_files+0xab8/0xfe0 [ 175.540553][ T687] ? ____kasan_kmalloc+0xdc/0x110 [ 175.545559][ T687] ? __kasan_kmalloc+0x9/0x10 [ 175.550225][ T687] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 175.555754][ T687] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 175.561884][ T687] ? delete_node+0x759/0x7b0 [ 175.566452][ T687] ? __kasan_check_read+0x11/0x20 [ 175.571451][ T687] ? delete_node+0x759/0x7b0 [ 175.576012][ T687] ? __kasan_check_write+0x14/0x20 [ 175.581098][ T687] ? idr_replace+0x1c4/0x230 [ 175.585662][ T687] ? idr_get_next+0x4b0/0x4b0 [ 175.590308][ T687] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 175.595302][ T687] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 175.600487][ T687] css_populate_dir+0x137/0x370 [ 175.605321][ T687] cgroup_apply_control_enable+0x8b9/0x12f0 [ 175.611184][ T687] cgroup_apply_control+0x93/0x710 [ 175.616267][ T687] ? css_next_child+0x160/0x160 [ 175.621091][ T687] ? io_schedule+0x120/0x120 [ 175.625659][ T687] ? kernfs_fop_write_iter+0x15e/0x410 [ 175.631105][ T687] ? __kasan_check_write+0x14/0x20 [ 175.636188][ T687] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 175.641455][ T687] cgroup_subtree_control_write+0xd19/0x1310 [ 175.647419][ T687] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 175.653373][ T687] ? __kasan_check_write+0x14/0x20 [ 175.658457][ T687] ? _copy_from_iter+0x3fb/0xd60 [ 175.663378][ T687] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 175.669340][ T687] cgroup_file_write+0x28e/0x590 [ 175.674260][ T687] ? cgroup_seqfile_stop+0xc0/0xc0 [ 175.679352][ T687] ? mutex_lock+0xa6/0x110 [ 175.683751][ T687] ? mutex_trylock+0xb0/0xb0 [ 175.688313][ T687] ? __kasan_check_write+0x14/0x20 [ 175.693403][ T687] kernfs_fop_write_iter+0x2d0/0x410 [ 175.698676][ T687] ? cgroup_seqfile_stop+0xc0/0xc0 [ 175.703765][ T687] vfs_write+0xc1c/0xf40 [ 175.707987][ T687] ? __kasan_check_write+0x14/0x20 [ 175.713083][ T687] ? kernel_write+0x3c0/0x3c0 [ 175.717742][ T687] ? _raw_spin_unlock_irq+0x4e/0x70 [ 175.722919][ T687] ? ptrace_stop+0x6ff/0x9f0 [ 175.727491][ T687] ? __kasan_check_read+0x11/0x20 [ 175.732494][ T687] ? __fdget_pos+0x27e/0x310 [ 175.737073][ T687] ksys_write+0x198/0x2c0 [ 175.741399][ T687] ? do_notify_parent+0xa60/0xa60 [ 175.746413][ T687] ? __ia32_sys_read+0x90/0x90 [ 175.751156][ T687] ? __ia32_sys_open+0x270/0x270 [ 175.756071][ T687] __x64_sys_write+0x7b/0x90 [ 175.760639][ T687] do_syscall_64+0x34/0x70 [ 175.765045][ T687] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 175.770920][ T687] RIP: 0033:0x7fc8ece62c09 [ 175.775745][ T687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 175.795414][ T687] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 175.803801][ T687] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 695] write(4, "+pids ", 6 [pid 687] <... write resumed>) = ? [pid 687] +++ killed by SIGKILL +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=54, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7} --- [pid 381] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./52/binderfs") = 0 [pid 381] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./52/cgroup") = 0 [pid 381] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./52/cgroup.net") = 0 [pid 381] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./52/file0") = 0 [pid 381] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./52/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./52") = 0 [pid 381] mkdir("./53", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 699 attached , child_tidptr=0x555556fab5d0) = 55 [pid 699] chdir("./53") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 699] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 699] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 699] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 699] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 699] open("./file0", O_RDONLY) = 3 [pid 699] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 175.811747][ T687] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 175.819698][ T687] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 175.827654][ T687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 175.835598][ T687] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [ 175.844122][ T687] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 699] write(4, "-pids ", 6) = 6 [pid 696] <... write resumed>) = 6 [pid 692] <... write resumed>) = 6 [pid 699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 699] write(5, "22", 2) = 2 [pid 699] write(4, "+pids ", 6 [pid 692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 692] <... openat resumed>) = 5 [pid 696] write(5, "22", 2 [pid 692] write(5, "22", 2 [pid 696] <... write resumed>) = 2 [pid 692] <... write resumed>) = 2 [pid 696] write(4, "+pids ", 6 [ 175.880492][ T695] FAULT_INJECTION: forcing a failure. [ 175.880492][ T695] name failslab, interval 1, probability 0, space 0, times 0 [ 175.893454][ T695] CPU: 0 PID: 695 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 175.905082][ T695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.915121][ T695] Call Trace: [ 175.918400][ T695] dump_stack_lvl+0x1e2/0x24b [ 175.923063][ T695] ? bfq_pos_tree_add_move+0x43e/0x43e [ 175.928498][ T695] ? selinux_kernfs_init_security+0x1a8/0x760 [ 175.934537][ T695] dump_stack+0x15/0x17 [ 175.938687][ T695] should_fail+0x3c0/0x510 [ 175.943077][ T695] ? __kernfs_new_node+0x99/0x6e0 [ 175.948076][ T695] __should_failslab+0x9f/0xe0 [ 175.952907][ T695] should_failslab+0x9/0x20 [ 175.957386][ T695] __kmalloc_track_caller+0x5f/0x350 [ 175.962716][ T695] kstrdup_const+0x55/0x90 [ 175.967105][ T695] __kernfs_new_node+0x99/0x6e0 [ 175.971935][ T695] ? is_module_text_address+0xe1/0x140 [ 175.977379][ T695] ? kernfs_new_node+0x170/0x170 [ 175.982298][ T695] ? ptr_to_hashval+0x60/0x60 [ 175.986943][ T695] ? arch_stack_walk+0xf8/0x140 [ 175.991766][ T695] ? snprintf+0xd6/0x120 [ 175.995978][ T695] kernfs_new_node+0x97/0x170 [ 176.000624][ T695] __kernfs_create_file+0x4a/0x270 [ 176.005801][ T695] cgroup_addrm_files+0xab8/0xfe0 [ 176.010796][ T695] ? ____kasan_kmalloc+0xdc/0x110 [ 176.015789][ T695] ? __kasan_kmalloc+0x9/0x10 [ 176.020440][ T695] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 176.026046][ T695] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 176.032181][ T695] ? delete_node+0x759/0x7b0 [ 176.036757][ T695] ? __kasan_check_read+0x11/0x20 [ 176.041752][ T695] ? delete_node+0x759/0x7b0 [ 176.046322][ T695] ? __kasan_check_write+0x14/0x20 [ 176.051418][ T695] ? idr_replace+0x1c4/0x230 [ 176.055990][ T695] ? idr_get_next+0x4b0/0x4b0 [ 176.060653][ T695] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 176.065651][ T695] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 176.070823][ T695] css_populate_dir+0x137/0x370 [ 176.075654][ T695] cgroup_apply_control_enable+0x8b9/0x12f0 [ 176.081537][ T695] cgroup_apply_control+0x93/0x710 [ 176.086634][ T695] ? css_next_child+0x160/0x160 [ 176.091477][ T695] ? stack_trace_save+0x12d/0x1f0 [ 176.096489][ T695] ? io_schedule+0x120/0x120 [ 176.101062][ T695] ? kernfs_fop_write_iter+0x15e/0x410 [ 176.106507][ T695] ? __kasan_check_write+0x14/0x20 [ 176.111595][ T695] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 176.116853][ T695] cgroup_subtree_control_write+0xd19/0x1310 [ 176.122806][ T695] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.128761][ T695] ? __kasan_check_write+0x14/0x20 [ 176.133853][ T695] ? _copy_from_iter+0x3fb/0xd60 [ 176.138780][ T695] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.144749][ T695] cgroup_file_write+0x28e/0x590 [ 176.149671][ T695] ? cgroup_seqfile_stop+0xc0/0xc0 [ 176.154758][ T695] ? mutex_lock+0xa6/0x110 [ 176.159190][ T695] ? mutex_trylock+0xb0/0xb0 [ 176.163758][ T695] ? __kasan_check_write+0x14/0x20 [ 176.168848][ T695] kernfs_fop_write_iter+0x2d0/0x410 [ 176.174201][ T695] ? cgroup_seqfile_stop+0xc0/0xc0 [ 176.179297][ T695] vfs_write+0xc1c/0xf40 [ 176.183512][ T695] ? __kasan_check_write+0x14/0x20 [ 176.188599][ T695] ? kernel_write+0x3c0/0x3c0 [ 176.193251][ T695] ? _raw_spin_unlock_irq+0x4e/0x70 [ 176.198423][ T695] ? ptrace_stop+0x6ff/0x9f0 [ 176.202989][ T695] ? __kasan_check_read+0x11/0x20 [ 176.207994][ T695] ? __fdget_pos+0x27e/0x310 [ 176.212570][ T695] ksys_write+0x198/0x2c0 [ 176.216876][ T695] ? do_notify_parent+0xa60/0xa60 [ 176.221884][ T695] ? __ia32_sys_read+0x90/0x90 [ 176.226629][ T695] ? __ia32_sys_open+0x270/0x270 [ 176.231539][ T695] __x64_sys_write+0x7b/0x90 [ 176.236114][ T695] do_syscall_64+0x34/0x70 [ 176.240514][ T695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 176.246379][ T695] RIP: 0033:0x7fc8ece62c09 [ 176.250771][ T695] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 176.270352][ T695] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 692] write(4, "+pids ", 6 [pid 695] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 695] close(3) = 0 [pid 695] close(4) = 0 [pid 695] close(5) = 0 [pid 695] close(6) = -1 EBADF (Bad file descriptor) [pid 695] close(7) = -1 EBADF (Bad file descriptor) [pid 695] close(8) = -1 EBADF (Bad file descriptor) [pid 695] close(9) = -1 EBADF (Bad file descriptor) [pid 695] close(10) = -1 EBADF (Bad file descriptor) [pid 695] close(11) = -1 EBADF (Bad file descriptor) [pid 695] close(12) = -1 EBADF (Bad file descriptor) [pid 695] close(13) = -1 EBADF (Bad file descriptor) [pid 695] close(14) = -1 EBADF (Bad file descriptor) [pid 695] close(15) = -1 EBADF (Bad file descriptor) [pid 695] close(16) = -1 EBADF (Bad file descriptor) [pid 695] close(17) = -1 EBADF (Bad file descriptor) [pid 695] close(18) = -1 EBADF (Bad file descriptor) [pid 695] close(19) = -1 EBADF (Bad file descriptor) [pid 695] close(20) = -1 EBADF (Bad file descriptor) [pid 695] close(21) = -1 EBADF (Bad file descriptor) [pid 695] close(22) = -1 EBADF (Bad file descriptor) [pid 695] close(23) = -1 EBADF (Bad file descriptor) [pid 695] close(24) = -1 EBADF (Bad file descriptor) [pid 695] close(25) = -1 EBADF (Bad file descriptor) [pid 695] close(26) = -1 EBADF (Bad file descriptor) [pid 695] close(27) = -1 EBADF (Bad file descriptor) [pid 695] close(28) = -1 EBADF (Bad file descriptor) [pid 695] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 695] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 695] exit_group(0) = ? [pid 695] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./57/binderfs") = 0 [pid 375] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./57/cgroup") = 0 [pid 375] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./57/cgroup.net") = 0 [pid 375] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./57/file0") = 0 [pid 375] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./57/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./57") = 0 [pid 375] mkdir("./58", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 700 attached [pid 700] chdir("./58" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 60 [pid 700] <... chdir resumed>) = 0 [pid 700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 700] setpgid(0, 0) = 0 [pid 700] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 700] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 700] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 700] write(3, "1000", 4) = 4 [pid 700] close(3) = 0 [pid 700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 700] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 700] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 700] open("./file0", O_RDONLY) = 3 [pid 700] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 176.278742][ T695] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 176.286716][ T695] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 176.294680][ T695] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 176.302630][ T695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 176.310587][ T695] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 [ 176.320234][ T695] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 176.342088][ T699] FAULT_INJECTION: forcing a failure. [ 176.342088][ T699] name failslab, interval 1, probability 0, space 0, times 0 [ 176.354764][ T699] CPU: 1 PID: 699 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 176.366389][ T699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.376556][ T699] Call Trace: [ 176.379839][ T699] dump_stack_lvl+0x1e2/0x24b [ 176.384495][ T699] ? panic+0x7d7/0x7d7 [ 176.388540][ T699] ? bfq_pos_tree_add_move+0x43e/0x43e [ 176.393975][ T699] ? find_next_bit+0xd6/0x120 [ 176.398625][ T699] ? cpumask_next+0x11/0x30 [ 176.403108][ T699] dump_stack+0x15/0x17 [ 176.407242][ T699] should_fail+0x3c0/0x510 [ 176.411638][ T699] ? percpu_ref_init+0xd0/0x330 [ 176.416470][ T699] __should_failslab+0x9f/0xe0 [ 176.421213][ T699] should_failslab+0x9/0x20 [ 176.425701][ T699] kmem_cache_alloc_trace+0x3a/0x330 [ 176.430965][ T699] percpu_ref_init+0xd0/0x330 [ 176.435622][ T699] ? cgroup_setup_root+0xea0/0xea0 [ 176.440718][ T699] cgroup_apply_control_enable+0x3a2/0x12f0 [ 176.446590][ T699] cgroup_apply_control+0x93/0x710 [ 176.451677][ T699] ? css_next_child+0x160/0x160 [ 176.456503][ T699] ? stack_trace_save+0x12d/0x1f0 [ 176.461505][ T699] ? io_schedule+0x120/0x120 [ 176.466073][ T699] ? kernfs_fop_write_iter+0x15e/0x410 [ 176.471509][ T699] ? __kasan_check_write+0x14/0x20 [ 176.476616][ T699] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 176.481893][ T699] cgroup_subtree_control_write+0xd19/0x1310 [ 176.487867][ T699] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.493845][ T699] ? __kasan_check_write+0x14/0x20 [ 176.498962][ T699] ? _copy_from_iter+0x3fb/0xd60 [ 176.503889][ T699] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.509867][ T699] cgroup_file_write+0x28e/0x590 [ 176.514804][ T699] ? cgroup_seqfile_stop+0xc0/0xc0 [ 176.519900][ T699] ? mutex_lock+0xa6/0x110 [ 176.524302][ T699] ? mutex_trylock+0xb0/0xb0 [ 176.528879][ T699] ? __kasan_check_write+0x14/0x20 [ 176.533980][ T699] kernfs_fop_write_iter+0x2d0/0x410 [ 176.539251][ T699] ? cgroup_seqfile_stop+0xc0/0xc0 [ 176.544345][ T699] vfs_write+0xc1c/0xf40 [ 176.548566][ T699] ? __kasan_check_write+0x14/0x20 [ 176.553654][ T699] ? kernel_write+0x3c0/0x3c0 [ 176.558443][ T699] ? _raw_spin_unlock_irq+0x4e/0x70 [ 176.563636][ T699] ? ptrace_stop+0x6ff/0x9f0 [ 176.568207][ T699] ? __kasan_check_read+0x11/0x20 [ 176.573219][ T699] ? __fdget_pos+0x27e/0x310 [ 176.577880][ T699] ksys_write+0x198/0x2c0 [ 176.582192][ T699] ? do_notify_parent+0xa60/0xa60 [ 176.587325][ T699] ? __ia32_sys_read+0x90/0x90 [ 176.592077][ T699] ? __ia32_sys_open+0x270/0x270 [ 176.596992][ T699] __x64_sys_write+0x7b/0x90 [ 176.601571][ T699] do_syscall_64+0x34/0x70 [ 176.605983][ T699] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 176.611867][ T699] RIP: 0033:0x7fc8ece62c09 [ 176.616266][ T699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 700] write(4, "-pids ", 6 [pid 699] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 699] close(3) = 0 [pid 699] close(4) = 0 [pid 699] close(5) = 0 [pid 699] close(6) = -1 EBADF (Bad file descriptor) [pid 699] close(7) = -1 EBADF (Bad file descriptor) [pid 699] close(8) = -1 EBADF (Bad file descriptor) [pid 699] close(9) = -1 EBADF (Bad file descriptor) [pid 699] close(10) = -1 EBADF (Bad file descriptor) [pid 699] close(11) = -1 EBADF (Bad file descriptor) [pid 699] close(12) = -1 EBADF (Bad file descriptor) [pid 699] close(13) = -1 EBADF (Bad file descriptor) [pid 699] close(14) = -1 EBADF (Bad file descriptor) [pid 699] close(15) = -1 EBADF (Bad file descriptor) [pid 699] close(16) = -1 EBADF (Bad file descriptor) [pid 699] close(17) = -1 EBADF (Bad file descriptor) [pid 699] close(18) = -1 EBADF (Bad file descriptor) [pid 699] close(19) = -1 EBADF (Bad file descriptor) [pid 699] close(20) = -1 EBADF (Bad file descriptor) [pid 699] close(21) = -1 EBADF (Bad file descriptor) [pid 699] close(22) = -1 EBADF (Bad file descriptor) [pid 699] close(23) = -1 EBADF (Bad file descriptor) [pid 699] close(24) = -1 EBADF (Bad file descriptor) [pid 699] close(25) = -1 EBADF (Bad file descriptor) [pid 699] close(26) = -1 EBADF (Bad file descriptor) [pid 699] close(27) = -1 EBADF (Bad file descriptor) [pid 699] close(28) = -1 EBADF (Bad file descriptor) [pid 699] close(29) = -1 EBADF (Bad file descriptor) [pid 699] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 699] exit_group(0) = ? [pid 699] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./53/binderfs") = 0 [pid 381] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./53/cgroup") = 0 [pid 381] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./53/cgroup.net") = 0 [pid 381] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./53/file0") = 0 [pid 381] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./53/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./53") = 0 [pid 381] mkdir("./54", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 701 attached [pid 701] chdir("./54" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 56 [pid 701] <... chdir resumed>) = 0 [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 701] setpgid(0, 0) = 0 [pid 701] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 701] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 701] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 701] write(3, "1000", 4) = 4 [pid 701] close(3) = 0 [pid 701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 701] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 701] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 701] open("./file0", O_RDONLY) = 3 [pid 701] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 176.635865][ T699] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 176.644263][ T699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 176.652223][ T699] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 176.660180][ T699] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 176.668151][ T699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 176.676106][ T699] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [pid 701] write(4, "-pids ", 6 [pid 700] <... write resumed>) = 6 [pid 700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 700] write(5, "22", 2) = 2 [ 176.710472][ T698] FAULT_INJECTION: forcing a failure. [ 176.710472][ T698] name failslab, interval 1, probability 0, space 0, times 0 [ 176.723325][ T698] CPU: 1 PID: 698 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 176.734950][ T698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.745004][ T698] Call Trace: [ 176.748291][ T698] dump_stack_lvl+0x1e2/0x24b [ 176.752948][ T698] ? bfq_pos_tree_add_move+0x43e/0x43e [ 176.758381][ T698] ? selinux_kernfs_init_security+0x1a8/0x760 [ 176.764422][ T698] dump_stack+0x15/0x17 [ 176.768570][ T698] should_fail+0x3c0/0x510 [ 176.772966][ T698] ? __kernfs_new_node+0x99/0x6e0 [ 176.777973][ T698] __should_failslab+0x9f/0xe0 [ 176.782714][ T698] should_failslab+0x9/0x20 [ 176.787192][ T698] __kmalloc_track_caller+0x5f/0x350 [ 176.792456][ T698] kstrdup_const+0x55/0x90 [ 176.796845][ T698] __kernfs_new_node+0x99/0x6e0 [ 176.801671][ T698] ? is_module_text_address+0xe1/0x140 [ 176.807103][ T698] ? kernfs_new_node+0x170/0x170 [ 176.812015][ T698] ? ptr_to_hashval+0x60/0x60 [ 176.816669][ T698] ? arch_stack_walk+0xf8/0x140 [ 176.821589][ T698] ? snprintf+0xd6/0x120 [ 176.825821][ T698] kernfs_new_node+0x97/0x170 [ 176.830484][ T698] __kernfs_create_file+0x4a/0x270 [ 176.835577][ T698] cgroup_addrm_files+0xab8/0xfe0 [ 176.840585][ T698] ? ____kasan_kmalloc+0xdc/0x110 [ 176.845588][ T698] ? __kasan_kmalloc+0x9/0x10 [ 176.850237][ T698] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 176.855836][ T698] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 176.861967][ T698] ? delete_node+0x759/0x7b0 [ 176.866617][ T698] ? __kasan_check_read+0x11/0x20 [ 176.871616][ T698] ? delete_node+0x759/0x7b0 [ 176.876179][ T698] ? __kasan_check_write+0x14/0x20 [ 176.881271][ T698] ? idr_replace+0x1c4/0x230 [ 176.885832][ T698] ? idr_get_next+0x4b0/0x4b0 [ 176.890490][ T698] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 176.895498][ T698] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 176.900674][ T698] css_populate_dir+0x137/0x370 [ 176.905519][ T698] cgroup_apply_control_enable+0x8b9/0x12f0 [ 176.911406][ T698] cgroup_apply_control+0x93/0x710 [ 176.916500][ T698] ? css_next_child+0x160/0x160 [ 176.921320][ T698] ? stack_trace_save+0x12d/0x1f0 [ 176.926403][ T698] ? io_schedule+0x120/0x120 [ 176.930966][ T698] ? kernfs_fop_write_iter+0x15e/0x410 [ 176.936412][ T698] ? __kasan_check_write+0x14/0x20 [ 176.941510][ T698] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 176.946777][ T698] cgroup_subtree_control_write+0xd19/0x1310 [ 176.952748][ T698] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.958717][ T698] ? __kasan_check_write+0x14/0x20 [ 176.963812][ T698] ? _copy_from_iter+0x3fb/0xd60 [ 176.968728][ T698] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 176.974698][ T698] cgroup_file_write+0x28e/0x590 [ 176.979618][ T698] ? cgroup_seqfile_stop+0xc0/0xc0 [ 176.984702][ T698] ? mutex_lock+0xa6/0x110 [ 176.989092][ T698] ? mutex_trylock+0xb0/0xb0 [ 176.993657][ T698] ? __kasan_check_write+0x14/0x20 [ 176.998750][ T698] kernfs_fop_write_iter+0x2d0/0x410 [ 177.004013][ T698] ? cgroup_seqfile_stop+0xc0/0xc0 [ 177.009095][ T698] vfs_write+0xc1c/0xf40 [ 177.013310][ T698] ? __kasan_check_write+0x14/0x20 [ 177.018402][ T698] ? kernel_write+0x3c0/0x3c0 [ 177.023067][ T698] ? _raw_spin_unlock_irq+0x4e/0x70 [ 177.028253][ T698] ? ptrace_stop+0x6ff/0x9f0 [ 177.032827][ T698] ? __kasan_check_read+0x11/0x20 [ 177.037830][ T698] ? __fdget_pos+0x27e/0x310 [ 177.042391][ T698] ksys_write+0x198/0x2c0 [ 177.046696][ T698] ? do_notify_parent+0xa60/0xa60 [ 177.051704][ T698] ? __ia32_sys_read+0x90/0x90 [ 177.056448][ T698] ? __ia32_sys_open+0x270/0x270 [ 177.061356][ T698] __x64_sys_write+0x7b/0x90 [ 177.065925][ T698] do_syscall_64+0x34/0x70 [ 177.070332][ T698] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 177.076213][ T698] RIP: 0033:0x7fc8ece62c09 [ 177.080618][ T698] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.100202][ T698] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 700] write(4, "+pids ", 6 [pid 698] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 698] close(3) = 0 [pid 698] close(4) = 0 [pid 698] close(5) = 0 [pid 698] close(6) = -1 EBADF (Bad file descriptor) [pid 698] close(7) = -1 EBADF (Bad file descriptor) [pid 698] close(8) = -1 EBADF (Bad file descriptor) [pid 698] close(9) = -1 EBADF (Bad file descriptor) [pid 698] close(10) = -1 EBADF (Bad file descriptor) [pid 698] close(11) = -1 EBADF (Bad file descriptor) [pid 698] close(12) = -1 EBADF (Bad file descriptor) [pid 698] close(13) = -1 EBADF (Bad file descriptor) [pid 698] close(14) = -1 EBADF (Bad file descriptor) [pid 698] close(15) = -1 EBADF (Bad file descriptor) [pid 698] close(16) = -1 EBADF (Bad file descriptor) [pid 698] close(17) = -1 EBADF (Bad file descriptor) [pid 698] close(18) = -1 EBADF (Bad file descriptor) [pid 698] close(19) = -1 EBADF (Bad file descriptor) [pid 698] close(20) = -1 EBADF (Bad file descriptor) [pid 698] close(21) = -1 EBADF (Bad file descriptor) [pid 698] close(22) = -1 EBADF (Bad file descriptor) [pid 698] close(23) = -1 EBADF (Bad file descriptor) [pid 698] close(24) = -1 EBADF (Bad file descriptor) [pid 698] close(25) = -1 EBADF (Bad file descriptor) [pid 698] close(26) = -1 EBADF (Bad file descriptor) [pid 698] close(27) = -1 EBADF (Bad file descriptor) [pid 698] close(28) = -1 EBADF (Bad file descriptor) [pid 698] close(29) = -1 EBADF (Bad file descriptor) [pid 698] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 698] exit_group(0) = ? [pid 698] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 383] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./45/binderfs") = 0 [pid 383] umount2("./45/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./45/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./45/cgroup") = 0 [pid 383] umount2("./45/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./45/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./45/cgroup.net") = 0 [pid 383] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./45/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./45/file0") = 0 [pid 383] umount2("./45/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./45/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./45/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./45") = 0 [pid 383] mkdir("./46", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 702 attached , child_tidptr=0x555556fab5d0) = 48 [pid 702] chdir("./46") = 0 [pid 702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 177.108592][ T698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 177.116538][ T698] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 177.124492][ T698] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 177.132450][ T698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 177.140402][ T698] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002d [ 177.148458][ T698] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 702] setpgid(0, 0) = 0 [pid 702] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 702] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 702] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 702] write(3, "1000", 4) = 4 [pid 702] close(3) = 0 [pid 702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 702] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 177.173283][ T700] FAULT_INJECTION: forcing a failure. [ 177.173283][ T700] name failslab, interval 1, probability 0, space 0, times 0 [ 177.186000][ T700] CPU: 1 PID: 700 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 177.197610][ T700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.207640][ T700] Call Trace: [ 177.210912][ T700] dump_stack_lvl+0x1e2/0x24b [ 177.215567][ T700] ? bfq_pos_tree_add_move+0x43e/0x43e [ 177.221001][ T700] ? selinux_kernfs_init_security+0x1a8/0x760 [ 177.227048][ T700] dump_stack+0x15/0x17 [ 177.231181][ T700] should_fail+0x3c0/0x510 [ 177.235571][ T700] ? __kernfs_new_node+0x99/0x6e0 [ 177.240568][ T700] __should_failslab+0x9f/0xe0 [ 177.245307][ T700] should_failslab+0x9/0x20 [ 177.249788][ T700] __kmalloc_track_caller+0x5f/0x350 [ 177.255047][ T700] kstrdup_const+0x55/0x90 [ 177.259440][ T700] __kernfs_new_node+0x99/0x6e0 [ 177.264264][ T700] ? is_module_text_address+0xe1/0x140 [ 177.269704][ T700] ? kernfs_new_node+0x170/0x170 [ 177.274620][ T700] ? ptr_to_hashval+0x60/0x60 [ 177.279276][ T700] ? arch_stack_walk+0xf8/0x140 [ 177.284113][ T700] ? snprintf+0xd6/0x120 [ 177.288332][ T700] kernfs_new_node+0x97/0x170 [ 177.292986][ T700] __kernfs_create_file+0x4a/0x270 [ 177.298071][ T700] cgroup_addrm_files+0xab8/0xfe0 [ 177.303069][ T700] ? ____kasan_kmalloc+0xdc/0x110 [ 177.308081][ T700] ? __kasan_kmalloc+0x9/0x10 [ 177.312749][ T700] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 177.318280][ T700] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 177.324415][ T700] ? delete_node+0x759/0x7b0 [ 177.328990][ T700] ? __kasan_check_read+0x11/0x20 [ 177.333997][ T700] ? delete_node+0x759/0x7b0 [ 177.338567][ T700] ? __kasan_check_write+0x14/0x20 [ 177.343660][ T700] ? idr_replace+0x1c4/0x230 [ 177.348229][ T700] ? idr_get_next+0x4b0/0x4b0 [ 177.352887][ T700] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 177.357888][ T700] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 177.363060][ T700] css_populate_dir+0x137/0x370 [ 177.367887][ T700] cgroup_apply_control_enable+0x8b9/0x12f0 [ 177.373773][ T700] cgroup_apply_control+0x93/0x710 [ 177.378870][ T700] ? css_next_child+0x160/0x160 [ 177.383716][ T700] ? io_schedule+0x120/0x120 [ 177.388294][ T700] ? kernfs_fop_write_iter+0x15e/0x410 [ 177.393731][ T700] ? __kasan_check_write+0x14/0x20 [ 177.398827][ T700] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 177.404094][ T700] cgroup_subtree_control_write+0xd19/0x1310 [ 177.410058][ T700] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 177.416018][ T700] ? __kasan_check_write+0x14/0x20 [ 177.421111][ T700] ? _copy_from_iter+0x3fb/0xd60 [ 177.426032][ T700] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 177.431987][ T700] cgroup_file_write+0x28e/0x590 [ 177.436913][ T700] ? cgroup_seqfile_stop+0xc0/0xc0 [ 177.442007][ T700] ? mutex_lock+0xa6/0x110 [ 177.446402][ T700] ? mutex_trylock+0xb0/0xb0 [ 177.450973][ T700] ? __kasan_check_write+0x14/0x20 [ 177.456062][ T700] kernfs_fop_write_iter+0x2d0/0x410 [ 177.461325][ T700] ? cgroup_seqfile_stop+0xc0/0xc0 [ 177.466416][ T700] vfs_write+0xc1c/0xf40 [ 177.470639][ T700] ? __kasan_check_write+0x14/0x20 [ 177.475815][ T700] ? kernel_write+0x3c0/0x3c0 [ 177.480470][ T700] ? _raw_spin_unlock_irq+0x4e/0x70 [ 177.485644][ T700] ? ptrace_stop+0x6ff/0x9f0 [ 177.490211][ T700] ? __kasan_check_read+0x11/0x20 [ 177.495253][ T700] ? __fdget_pos+0x27e/0x310 [ 177.499821][ T700] ksys_write+0x198/0x2c0 [ 177.504128][ T700] ? do_notify_parent+0xa60/0xa60 [ 177.509126][ T700] ? __ia32_sys_read+0x90/0x90 [ 177.513864][ T700] ? __ia32_sys_open+0x270/0x270 [ 177.518785][ T700] __x64_sys_write+0x7b/0x90 [ 177.523439][ T700] do_syscall_64+0x34/0x70 [ 177.527832][ T700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 177.533700][ T700] RIP: 0033:0x7fc8ece62c09 [ 177.538099][ T700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 177.557687][ T700] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.566077][ T700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 702] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] kill(-52, SIGKILL) = 0 [pid 376] kill(52, SIGKILL [pid 702] <... mount resumed>) = 0 [pid 376] <... kill resumed>) = 0 [pid 702] open("./file0", O_RDONLY) = 3 [pid 702] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 702] write(4, "-pids ", 6 [pid 700] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 700] close(3) = 0 [pid 700] close(4) = 0 [pid 700] close(5) = 0 [pid 700] close(6) = -1 EBADF (Bad file descriptor) [pid 700] close(7) = -1 EBADF (Bad file descriptor) [pid 700] close(8) = -1 EBADF (Bad file descriptor) [pid 700] close(9) = -1 EBADF (Bad file descriptor) [pid 700] close(10) = -1 EBADF (Bad file descriptor) [pid 700] close(11) = -1 EBADF (Bad file descriptor) [pid 700] close(12) = -1 EBADF (Bad file descriptor) [pid 700] close(13) = -1 EBADF (Bad file descriptor) [pid 700] close(14) = -1 EBADF (Bad file descriptor) [pid 700] close(15) = -1 EBADF (Bad file descriptor) [pid 700] close(16) = -1 EBADF (Bad file descriptor) [pid 700] close(17) = -1 EBADF (Bad file descriptor) [pid 700] close(18) = -1 EBADF (Bad file descriptor) [pid 700] close(19) = -1 EBADF (Bad file descriptor) [pid 700] close(20) = -1 EBADF (Bad file descriptor) [pid 700] close(21) = -1 EBADF (Bad file descriptor) [pid 700] close(22) = -1 EBADF (Bad file descriptor) [pid 700] close(23) = -1 EBADF (Bad file descriptor) [pid 700] close(24) = -1 EBADF (Bad file descriptor) [pid 700] close(25) = -1 EBADF (Bad file descriptor) [pid 700] close(26) = -1 EBADF (Bad file descriptor) [pid 700] close(27) = -1 EBADF (Bad file descriptor) [pid 700] close(28) = -1 EBADF (Bad file descriptor) [pid 700] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 700] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 700] exit_group(0) = ? [pid 700] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./58/binderfs") = 0 [pid 375] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [ 177.574029][ T700] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 177.581979][ T700] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 177.589934][ T700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 177.597884][ T700] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [ 177.606965][ T700] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 702] <... write resumed>) = 6 [pid 697] <... write resumed>) = 6 [pid 375] unlink("./58/cgroup") = 0 [pid 375] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./58/cgroup.net") = 0 [pid 375] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 702] write(5, "22", 2) = 2 [pid 702] write(4, "+pids ", 6 [pid 697] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 697] write(5, "22", 2) = 2 [pid 697] write(4, "+pids ", 6 [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./58/file0") = 0 [pid 375] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./58/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./58") = 0 [pid 375] mkdir("./59", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 703 attached [pid 703] chdir("./59" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 61 [pid 703] <... chdir resumed>) = 0 [pid 703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 703] setpgid(0, 0) = 0 [pid 703] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 703] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 703] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 703] write(3, "1000", 4) = 4 [pid 703] close(3) = 0 [pid 703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 703] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 177.640431][ T692] FAULT_INJECTION: forcing a failure. [ 177.640431][ T692] name failslab, interval 1, probability 0, space 0, times 0 [ 177.653096][ T692] CPU: 0 PID: 692 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 177.664720][ T692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.674768][ T692] Call Trace: [ 177.678047][ T692] dump_stack_lvl+0x1e2/0x24b [ 177.682700][ T692] ? bfq_pos_tree_add_move+0x43e/0x43e [ 177.688139][ T692] ? selinux_kernfs_init_security+0x1a8/0x760 [ 177.694188][ T692] dump_stack+0x15/0x17 [ 177.698332][ T692] should_fail+0x3c0/0x510 [ 177.702736][ T692] ? __kernfs_new_node+0x99/0x6e0 [ 177.707745][ T692] __should_failslab+0x9f/0xe0 [ 177.712491][ T692] should_failslab+0x9/0x20 [ 177.716970][ T692] __kmalloc_track_caller+0x5f/0x350 [ 177.722229][ T692] kstrdup_const+0x55/0x90 [ 177.726622][ T692] __kernfs_new_node+0x99/0x6e0 [ 177.731455][ T692] ? is_module_text_address+0xe1/0x140 [pid 703] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [ 177.736909][ T692] ? kernfs_new_node+0x170/0x170 [ 177.741831][ T692] ? ptr_to_hashval+0x60/0x60 [ 177.746489][ T692] ? arch_stack_walk+0xf8/0x140 [ 177.751323][ T692] ? snprintf+0xd6/0x120 [ 177.755537][ T692] kernfs_new_node+0x97/0x170 [ 177.760199][ T692] __kernfs_create_file+0x4a/0x270 [ 177.765311][ T692] cgroup_addrm_files+0xab8/0xfe0 [ 177.770310][ T692] ? ____kasan_kmalloc+0xdc/0x110 [ 177.775309][ T692] ? __kasan_kmalloc+0x9/0x10 [ 177.779970][ T692] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 177.785500][ T692] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 177.791633][ T692] ? delete_node+0x759/0x7b0 [ 177.796228][ T692] ? __kasan_check_read+0x11/0x20 [ 177.801235][ T692] ? delete_node+0x759/0x7b0 [ 177.805806][ T692] ? __kasan_check_write+0x14/0x20 [ 177.810909][ T692] ? idr_replace+0x1c4/0x230 [ 177.815498][ T692] ? idr_get_next+0x4b0/0x4b0 [ 177.820156][ T692] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 177.825163][ T692] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 177.830337][ T692] css_populate_dir+0x137/0x370 [ 177.835164][ T692] cgroup_apply_control_enable+0x8b9/0x12f0 [ 177.841039][ T692] cgroup_apply_control+0x93/0x710 [ 177.846131][ T692] ? css_next_child+0x160/0x160 [ 177.850965][ T692] ? io_schedule+0x120/0x120 [ 177.855537][ T692] ? kernfs_fop_write_iter+0x15e/0x410 [ 177.860971][ T692] ? __kasan_check_write+0x14/0x20 [ 177.866060][ T692] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 177.871320][ T692] cgroup_subtree_control_write+0xd19/0x1310 [ 177.877274][ T692] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 177.883237][ T692] ? __kasan_check_write+0x14/0x20 [ 177.888332][ T692] ? _copy_from_iter+0x3fb/0xd60 [ 177.893251][ T692] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 177.899207][ T692] cgroup_file_write+0x28e/0x590 [ 177.904125][ T692] ? cgroup_seqfile_stop+0xc0/0xc0 [ 177.909217][ T692] ? mutex_lock+0xa6/0x110 [ 177.913605][ T692] ? mutex_trylock+0xb0/0xb0 [ 177.918174][ T692] ? __kasan_check_write+0x14/0x20 [ 177.923269][ T692] kernfs_fop_write_iter+0x2d0/0x410 [ 177.928524][ T692] ? cgroup_seqfile_stop+0xc0/0xc0 [ 177.933620][ T692] vfs_write+0xc1c/0xf40 [ 177.937851][ T692] ? __kasan_check_write+0x14/0x20 [ 177.942944][ T692] ? kernel_write+0x3c0/0x3c0 [ 177.947594][ T692] ? _raw_spin_unlock_irq+0x4e/0x70 [ 177.953032][ T692] ? ptrace_stop+0x6ff/0x9f0 [ 177.957603][ T692] ? __kasan_check_read+0x11/0x20 [ 177.962612][ T692] ? __fdget_pos+0x27e/0x310 [ 177.967180][ T692] ksys_write+0x198/0x2c0 [ 177.971493][ T692] ? do_notify_parent+0xa60/0xa60 [ 177.976510][ T692] ? __ia32_sys_read+0x90/0x90 [ 177.981267][ T692] ? __ia32_sys_open+0x270/0x270 [ 177.986187][ T692] __x64_sys_write+0x7b/0x90 [ 177.990753][ T692] do_syscall_64+0x34/0x70 [ 177.995153][ T692] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 178.001025][ T692] RIP: 0033:0x7fc8ece62c09 [ 178.005413][ T692] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.024995][ T692] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.033384][ T692] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 703] <... mount resumed>) = 0 [pid 692] <... write resumed>) = ? [pid 703] open("./file0", O_RDONLY) = 3 [pid 692] +++ killed by SIGKILL +++ [pid 703] openat(3, "cgroup.subtree_control", O_RDWR [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=52, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 703] <... openat resumed>) = 4 [pid 376] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 703] write(4, "-pids ", 6 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./50/binderfs") = 0 [pid 376] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./50/cgroup") = 0 [pid 376] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./50/cgroup.net") = 0 [pid 376] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./50/file0") = 0 [pid 376] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./50/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./50/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./50") = 0 [pid 376] mkdir("./51", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 704 attached , child_tidptr=0x555556fab5d0) = 53 [pid 704] chdir("./51") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 704] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 704] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 704] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 704] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 704] open("./file0", O_RDONLY) = 3 [pid 704] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 178.041336][ T692] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 178.049298][ T692] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 178.057246][ T692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 178.065198][ T692] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 178.073299][ T692] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 704] write(4, "-pids ", 6 [pid 701] <... write resumed>) = 6 [pid 701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 701] write(5, "22", 2) = 2 [ 178.110758][ T696] FAULT_INJECTION: forcing a failure. [ 178.110758][ T696] name failslab, interval 1, probability 0, space 0, times 0 [ 178.123517][ T696] CPU: 0 PID: 696 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 178.135130][ T696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.145166][ T696] Call Trace: [ 178.148446][ T696] dump_stack_lvl+0x1e2/0x24b [ 178.153129][ T696] ? bfq_pos_tree_add_move+0x43e/0x43e [ 178.158565][ T696] ? selinux_kernfs_init_security+0x1a8/0x760 [ 178.164610][ T696] dump_stack+0x15/0x17 [ 178.168745][ T696] should_fail+0x3c0/0x510 [ 178.173141][ T696] ? __kernfs_new_node+0x99/0x6e0 [ 178.178148][ T696] __should_failslab+0x9f/0xe0 [ 178.182893][ T696] should_failslab+0x9/0x20 [ 178.187376][ T696] __kmalloc_track_caller+0x5f/0x350 [ 178.192636][ T696] kstrdup_const+0x55/0x90 [ 178.197029][ T696] __kernfs_new_node+0x99/0x6e0 [ 178.201856][ T696] ? is_module_text_address+0xe1/0x140 [ 178.207294][ T696] ? kernfs_new_node+0x170/0x170 [ 178.212208][ T696] ? ptr_to_hashval+0x60/0x60 [ 178.216859][ T696] ? arch_stack_walk+0xf8/0x140 [ 178.221687][ T696] ? snprintf+0xd6/0x120 [ 178.225905][ T696] kernfs_new_node+0x97/0x170 [ 178.230559][ T696] __kernfs_create_file+0x4a/0x270 [ 178.235647][ T696] cgroup_addrm_files+0xab8/0xfe0 [ 178.240651][ T696] ? ____kasan_kmalloc+0xdc/0x110 [ 178.245654][ T696] ? __kasan_kmalloc+0x9/0x10 [ 178.250309][ T696] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 178.255831][ T696] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 178.261963][ T696] ? delete_node+0x759/0x7b0 [ 178.266534][ T696] ? __kasan_check_read+0x11/0x20 [ 178.271537][ T696] ? delete_node+0x759/0x7b0 [ 178.276105][ T696] ? __kasan_check_write+0x14/0x20 [ 178.281198][ T696] ? idr_replace+0x1c4/0x230 [ 178.285769][ T696] ? idr_get_next+0x4b0/0x4b0 [ 178.290424][ T696] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 178.295424][ T696] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 178.300597][ T696] css_populate_dir+0x137/0x370 [ 178.305427][ T696] cgroup_apply_control_enable+0x8b9/0x12f0 [ 178.311297][ T696] cgroup_apply_control+0x93/0x710 [ 178.316387][ T696] ? css_next_child+0x160/0x160 [ 178.321244][ T696] ? io_schedule+0x120/0x120 [ 178.325813][ T696] ? kernfs_fop_write_iter+0x15e/0x410 [ 178.331253][ T696] ? __kasan_check_write+0x14/0x20 [ 178.336343][ T696] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 178.341607][ T696] cgroup_subtree_control_write+0xd19/0x1310 [ 178.347565][ T696] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 178.353520][ T696] ? __kasan_check_write+0x14/0x20 [ 178.358610][ T696] ? _copy_from_iter+0x3fb/0xd60 [ 178.363526][ T696] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 178.369480][ T696] cgroup_file_write+0x28e/0x590 [ 178.374395][ T696] ? cgroup_seqfile_stop+0xc0/0xc0 [ 178.379484][ T696] ? mutex_lock+0xa6/0x110 [ 178.383886][ T696] ? mutex_trylock+0xb0/0xb0 [ 178.388456][ T696] ? __kasan_check_write+0x14/0x20 [ 178.393544][ T696] kernfs_fop_write_iter+0x2d0/0x410 [ 178.398805][ T696] ? cgroup_seqfile_stop+0xc0/0xc0 [ 178.403904][ T696] vfs_write+0xc1c/0xf40 [ 178.408125][ T696] ? __kasan_check_write+0x14/0x20 [ 178.413222][ T696] ? kernel_write+0x3c0/0x3c0 [ 178.417876][ T696] ? _raw_spin_unlock_irq+0x4e/0x70 [ 178.423050][ T696] ? ptrace_stop+0x6ff/0x9f0 [ 178.427620][ T696] ? __kasan_check_read+0x11/0x20 [ 178.432619][ T696] ? __fdget_pos+0x27e/0x310 [ 178.437188][ T696] ksys_write+0x198/0x2c0 [ 178.441584][ T696] ? do_notify_parent+0xa60/0xa60 [ 178.446585][ T696] ? __ia32_sys_read+0x90/0x90 [ 178.451328][ T696] ? __ia32_sys_open+0x270/0x270 [ 178.456243][ T696] __x64_sys_write+0x7b/0x90 [ 178.460824][ T696] do_syscall_64+0x34/0x70 [ 178.465227][ T696] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 178.471101][ T696] RIP: 0033:0x7fc8ece62c09 [ 178.475502][ T696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.495134][ T696] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 178.503532][ T696] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 701] write(4, "+pids ", 6 [pid 696] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 696] close(3) = 0 [pid 696] close(4) = 0 [pid 696] close(5) = 0 [pid 696] close(6) = -1 EBADF (Bad file descriptor) [pid 696] close(7) = -1 EBADF (Bad file descriptor) [pid 696] close(8) = -1 EBADF (Bad file descriptor) [pid 696] close(9) = -1 EBADF (Bad file descriptor) [pid 696] close(10) = -1 EBADF (Bad file descriptor) [pid 696] close(11) = -1 EBADF (Bad file descriptor) [pid 696] close(12) = -1 EBADF (Bad file descriptor) [pid 696] close(13) = -1 EBADF (Bad file descriptor) [pid 696] close(14) = -1 EBADF (Bad file descriptor) [pid 696] close(15) = -1 EBADF (Bad file descriptor) [pid 696] close(16) = -1 EBADF (Bad file descriptor) [pid 696] close(17) = -1 EBADF (Bad file descriptor) [pid 696] close(18) = -1 EBADF (Bad file descriptor) [pid 696] close(19) = -1 EBADF (Bad file descriptor) [pid 696] close(20) = -1 EBADF (Bad file descriptor) [pid 696] close(21) = -1 EBADF (Bad file descriptor) [pid 696] close(22) = -1 EBADF (Bad file descriptor) [pid 696] close(23) = -1 EBADF (Bad file descriptor) [pid 696] close(24) = -1 EBADF (Bad file descriptor) [pid 696] close(25) = -1 EBADF (Bad file descriptor) [pid 696] close(26) = -1 EBADF (Bad file descriptor) [pid 696] close(27) = -1 EBADF (Bad file descriptor) [pid 696] close(28) = -1 EBADF (Bad file descriptor) [pid 696] close(29) = -1 EBADF (Bad file descriptor) [pid 696] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 696] exit_group(0) = ? [pid 696] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./54/binderfs") = 0 [pid 382] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./54/cgroup") = 0 [pid 382] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./54/cgroup.net") = 0 [pid 382] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./54/file0") = 0 [pid 382] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./54/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./54") = 0 [pid 382] mkdir("./55", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 705 attached , child_tidptr=0x555556fab5d0) = 57 [ 178.511495][ T696] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 178.519459][ T696] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 178.527421][ T696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 178.535378][ T696] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 178.545453][ T696] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 705] chdir("./55") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 705] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 705] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 705] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 705] open("./file0", O_RDONLY) = 3 [pid 705] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 178.600398][ T701] FAULT_INJECTION: forcing a failure. [ 178.600398][ T701] name failslab, interval 1, probability 0, space 0, times 0 [ 178.613303][ T701] CPU: 0 PID: 701 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 178.624911][ T701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.634939][ T701] Call Trace: [ 178.638305][ T701] dump_stack_lvl+0x1e2/0x24b [ 178.642966][ T701] ? bfq_pos_tree_add_move+0x43e/0x43e [ 178.648417][ T701] ? selinux_kernfs_init_security+0x1a8/0x760 [ 178.654475][ T701] dump_stack+0x15/0x17 [ 178.658609][ T701] should_fail+0x3c0/0x510 [ 178.663022][ T701] ? __kernfs_new_node+0x99/0x6e0 [ 178.668045][ T701] __should_failslab+0x9f/0xe0 [ 178.672794][ T701] should_failslab+0x9/0x20 [ 178.677274][ T701] __kmalloc_track_caller+0x5f/0x350 [ 178.682539][ T701] kstrdup_const+0x55/0x90 [ 178.686929][ T701] __kernfs_new_node+0x99/0x6e0 [ 178.691762][ T701] ? is_module_text_address+0xe1/0x140 [ 178.697205][ T701] ? kernfs_new_node+0x170/0x170 [ 178.702127][ T701] ? ptr_to_hashval+0x60/0x60 [ 178.706786][ T701] ? arch_stack_walk+0xf8/0x140 [ 178.711622][ T701] ? snprintf+0xd6/0x120 [ 178.715850][ T701] kernfs_new_node+0x97/0x170 [ 178.720511][ T701] __kernfs_create_file+0x4a/0x270 [ 178.725616][ T701] cgroup_addrm_files+0xab8/0xfe0 [ 178.730652][ T701] ? ____kasan_kmalloc+0xdc/0x110 [ 178.735658][ T701] ? __kasan_kmalloc+0x9/0x10 [ 178.740310][ T701] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 178.745836][ T701] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 178.752065][ T701] ? delete_node+0x759/0x7b0 [ 178.756638][ T701] ? __kasan_check_read+0x11/0x20 [ 178.761633][ T701] ? delete_node+0x759/0x7b0 [ 178.766202][ T701] ? __kasan_check_write+0x14/0x20 [ 178.771296][ T701] ? idr_replace+0x1c4/0x230 [ 178.775870][ T701] ? idr_get_next+0x4b0/0x4b0 [ 178.780531][ T701] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 178.785535][ T701] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 178.790712][ T701] css_populate_dir+0x137/0x370 [ 178.795548][ T701] cgroup_apply_control_enable+0x8b9/0x12f0 [ 178.801430][ T701] cgroup_apply_control+0x93/0x710 [ 178.806523][ T701] ? css_next_child+0x160/0x160 [ 178.811355][ T701] ? stack_trace_save+0x12d/0x1f0 [ 178.816353][ T701] ? io_schedule+0x120/0x120 [ 178.820919][ T701] ? kernfs_fop_write_iter+0x15e/0x410 [ 178.826359][ T701] ? __kasan_check_write+0x14/0x20 [ 178.831446][ T701] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 178.836714][ T701] cgroup_subtree_control_write+0xd19/0x1310 [ 178.842677][ T701] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 178.848630][ T701] ? __kasan_check_write+0x14/0x20 [ 178.853715][ T701] ? _copy_from_iter+0x3fb/0xd60 [ 178.858631][ T701] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 178.864593][ T701] cgroup_file_write+0x28e/0x590 [ 178.869512][ T701] ? cgroup_seqfile_stop+0xc0/0xc0 [ 178.874613][ T701] ? mutex_lock+0xa6/0x110 [ 178.879025][ T701] ? mutex_trylock+0xb0/0xb0 [ 178.883591][ T701] ? __kasan_check_write+0x14/0x20 [ 178.888676][ T701] kernfs_fop_write_iter+0x2d0/0x410 [ 178.893941][ T701] ? cgroup_seqfile_stop+0xc0/0xc0 [ 178.899041][ T701] vfs_write+0xc1c/0xf40 [ 178.903275][ T701] ? __kasan_check_write+0x14/0x20 [ 178.908381][ T701] ? kernel_write+0x3c0/0x3c0 [ 178.913043][ T701] ? _raw_spin_unlock_irq+0x4e/0x70 [ 178.918217][ T701] ? ptrace_stop+0x6ff/0x9f0 [ 178.922787][ T701] ? __kasan_check_read+0x11/0x20 [ 178.927788][ T701] ? __fdget_pos+0x27e/0x310 [ 178.932362][ T701] ksys_write+0x198/0x2c0 [ 178.936764][ T701] ? do_notify_parent+0xa60/0xa60 [ 178.941772][ T701] ? __ia32_sys_read+0x90/0x90 [ 178.946527][ T701] ? __ia32_sys_open+0x270/0x270 [ 178.951456][ T701] __x64_sys_write+0x7b/0x90 [ 178.956026][ T701] do_syscall_64+0x34/0x70 [ 178.960420][ T701] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 178.966292][ T701] RIP: 0033:0x7fc8ece62c09 [ 178.970687][ T701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 178.990263][ T701] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 705] write(4, "-pids ", 6 [pid 701] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 701] close(3) = 0 [pid 701] close(4) = 0 [pid 701] close(5) = 0 [pid 701] close(6) = -1 EBADF (Bad file descriptor) [pid 701] close(7) = -1 EBADF (Bad file descriptor) [pid 701] close(8) = -1 EBADF (Bad file descriptor) [pid 701] close(9) = -1 EBADF (Bad file descriptor) [pid 701] close(10) = -1 EBADF (Bad file descriptor) [pid 701] close(11) = -1 EBADF (Bad file descriptor) [pid 701] close(12) = -1 EBADF (Bad file descriptor) [pid 701] close(13) = -1 EBADF (Bad file descriptor) [pid 701] close(14) = -1 EBADF (Bad file descriptor) [pid 701] close(15) = -1 EBADF (Bad file descriptor) [pid 701] close(16) = -1 EBADF (Bad file descriptor) [pid 701] close(17) = -1 EBADF (Bad file descriptor) [pid 701] close(18) = -1 EBADF (Bad file descriptor) [pid 701] close(19) = -1 EBADF (Bad file descriptor) [pid 701] close(20) = -1 EBADF (Bad file descriptor) [pid 701] close(21) = -1 EBADF (Bad file descriptor) [pid 701] close(22) = -1 EBADF (Bad file descriptor) [pid 701] close(23) = -1 EBADF (Bad file descriptor) [pid 701] close(24) = -1 EBADF (Bad file descriptor) [pid 701] close(25) = -1 EBADF (Bad file descriptor) [pid 701] close(26) = -1 EBADF (Bad file descriptor) [pid 701] close(27) = -1 EBADF (Bad file descriptor) [pid 701] close(28) = -1 EBADF (Bad file descriptor) [pid 701] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 701] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 701] exit_group(0) = ? [pid 701] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 381] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./54/binderfs") = 0 [pid 381] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./54/cgroup") = 0 [pid 381] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./54/cgroup.net") = 0 [ 178.998652][ T701] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 179.006600][ T701] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 179.014641][ T701] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 179.022585][ T701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 179.030546][ T701] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 179.040309][ T701] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 179.054890][ T381] ------------[ cut here ]------------ [ 179.060391][ T381] WARNING: CPU: 1 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 179.069354][ T381] Modules linked in: [ 179.073275][ T381] CPU: 1 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 179.084895][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.094995][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 179.101452][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 179.121088][ T381] RSP: 0018:ffffc90000b37ba0 EFLAGS: 00010293 [ 179.127150][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 179.135127][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 179.143103][ T381] RBP: ffffc90000b37c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 179.151100][ T381] R10: fffff52000166f65 R11: 1ffff92000166f64 R12: dffffc0000000000 [ 179.159054][ T381] R13: ffff88810a2dee00 R14: ffffc90000b37c00 R15: 1ffff92000166f7c [ 179.167030][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 179.175963][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.182546][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506a0 [ 179.190532][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.198487][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 179.206455][ T381] Call Trace: [ 179.209731][ T381] ? io_schedule+0x120/0x120 [ 179.214339][ T381] ? vfs_submount+0xb0/0xb0 [ 179.218833][ T381] ? shrink_dentry_list+0x4ec/0x500 [ 179.224041][ T381] ? __kasan_check_write+0x14/0x20 [ 179.229140][ T381] namespace_unlock+0x448/0x4f0 [ 179.234048][ T381] ? umount_tree+0xf50/0xf50 [ 179.238645][ T381] ? __detach_mounts+0x670/0x670 [ 179.243597][ T381] ? selinux_umount+0xf0/0x130 [ 179.248362][ T381] ? security_sb_umount+0x9d/0xb0 [ 179.253398][ T381] path_umount+0xf03/0xfb0 [ 179.257805][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 179.262830][ T381] ? user_path_at_empty+0x40/0x50 [ 179.267844][ T381] __x64_sys_umount+0x122/0x170 [ 179.272713][ T381] ? path_umount+0xfb0/0xfb0 [ 179.277289][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 179.283270][ T381] do_syscall_64+0x34/0x70 [ 179.287690][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 179.293634][ T381] RIP: 0033:0x7fc8ece63fb7 [ 179.298167][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.317802][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 179.326227][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 179.334208][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 179.342200][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 179.350189][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 179.358148][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000037 [ 179.366134][ T381] ---[ end trace d4de1ca9cdcd19a3 ]--- [ 179.371640][ T381] ------------[ cut here ]------------ [ 179.377082][ T381] WARNING: CPU: 1 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 179.386158][ T381] Modules linked in: [ 179.386732][ T697] FAULT_INJECTION: forcing a failure. [ 179.386732][ T697] name failslab, interval 1, probability 0, space 0, times 0 [ 179.390056][ T381] CPU: 1 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 179.390063][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.390079][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 179.390090][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 179.390096][ T381] RSP: 0018:ffffc90000b37ca0 EFLAGS: 00010293 [ 179.402734][ T697] CPU: 0 PID: 697 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 179.402748][ T697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.414360][ T381] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065813c0 [ 179.424369][ T697] Call Trace: [ 179.424388][ T697] dump_stack_lvl+0x1e2/0x24b [ 179.424405][ T697] ? bfq_pos_tree_add_move+0x43e/0x43e [ 179.430007][ T381] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 179.449590][ T697] ? selinux_kernfs_init_security+0x1a8/0x760 [ 179.449602][ T697] dump_stack+0x15/0x17 [ 179.449612][ T697] should_fail+0x3c0/0x510 [ 179.449621][ T697] ? __kernfs_new_node+0x99/0x6e0 [ 179.449631][ T697] __should_failslab+0x9f/0xe0 [ 179.449649][ T697] should_failslab+0x9/0x20 [ 179.455700][ T381] RBP: ffffc90000b37d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 179.467295][ T697] __kmalloc_track_caller+0x5f/0x350 [ 179.467308][ T697] kstrdup_const+0x55/0x90 [ 179.467326][ T697] __kernfs_new_node+0x99/0x6e0 [ 179.477374][ T381] R10: fffff52000166f85 R11: 1ffff92000166f84 R12: dffffc0000000000 [ 179.485309][ T697] ? is_module_text_address+0xe1/0x140 [ 179.485321][ T697] ? kernfs_new_node+0x170/0x170 [ 179.485340][ T697] ? ptr_to_hashval+0x60/0x60 [ 179.488596][ T381] R13: ffff88810a2dee00 R14: ffffc90000b37d00 R15: 1ffff92000166f9c [ 179.493276][ T697] ? arch_stack_walk+0xf8/0x140 [ 179.493286][ T697] ? snprintf+0xd6/0x120 [ 179.493302][ T697] kernfs_new_node+0x97/0x170 [ 179.498740][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 179.506685][ T697] __kernfs_create_file+0x4a/0x270 [ 179.506696][ T697] cgroup_addrm_files+0xab8/0xfe0 [ 179.506706][ T697] ? ____kasan_kmalloc+0xdc/0x110 [ 179.506714][ T697] ? __kasan_kmalloc+0x9/0x10 [ 179.506732][ T697] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 179.512773][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.516907][ T697] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 179.521310][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506a0 [ 179.526278][ T697] ? delete_node+0x759/0x7b0 [ 179.531021][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 179.535482][ T697] ? __kasan_check_read+0x11/0x20 [ 179.543429][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 179.548677][ T697] ? delete_node+0x759/0x7b0 [ 179.553069][ T381] Call Trace: [ 179.557891][ T697] ? __kasan_check_write+0x14/0x20 [ 179.565870][ T381] ? lockref_get_or_lock+0x340/0x340 [ 179.571256][ T697] ? idr_replace+0x1c4/0x230 [ 179.571272][ T697] ? idr_get_next+0x4b0/0x4b0 [ 179.576179][ T381] ? umount_tree+0xf50/0xf50 [ 179.580815][ T697] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 179.580824][ T697] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 179.580840][ T697] css_populate_dir+0x137/0x370 [ 179.588784][ T381] ? vfs_submount+0xb0/0xb0 [ 179.593596][ T697] cgroup_apply_control_enable+0x8b9/0x12f0 [ 179.593614][ T697] cgroup_apply_control+0x93/0x710 [ 179.597827][ T381] ? dput+0x2b6/0x320 [ 179.602475][ T697] ? css_next_child+0x160/0x160 [ 179.602483][ T697] ? stack_trace_save+0x12d/0x1f0 [ 179.602499][ T697] ? io_schedule+0x120/0x120 [ 179.611411][ T381] path_umount+0x1fe/0xfb0 [ 179.616477][ T697] ? kernfs_fop_write_iter+0x15e/0x410 [ 179.621492][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 179.626461][ T697] ? __kasan_check_write+0x14/0x20 [ 179.631140][ T381] ? user_path_at_empty+0x40/0x50 [ 179.636648][ T697] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 179.643215][ T381] __x64_sys_umount+0x122/0x170 [ 179.649328][ T697] cgroup_subtree_control_write+0xd19/0x1310 [ 179.657285][ T381] ? path_umount+0xfb0/0xfb0 [ 179.661836][ T697] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 179.661853][ T697] ? __kasan_check_write+0x14/0x20 [ 179.669800][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 179.674786][ T697] ? _copy_from_iter+0x3fb/0xd60 [ 179.674795][ T697] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 179.674809][ T697] cgroup_file_write+0x28e/0x590 [ 179.682781][ T381] do_syscall_64+0x34/0x70 [ 179.687322][ T697] ? cgroup_seqfile_stop+0xc0/0xc0 [ 179.690603][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 179.695656][ T697] ? mutex_lock+0xa6/0x110 [ 179.700916][ T381] RIP: 0033:0x7fc8ece63fb7 [ 179.705468][ T697] ? mutex_trylock+0xb0/0xb0 [ 179.710118][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.714669][ T697] ? __kasan_check_write+0x14/0x20 [ 179.714680][ T697] kernfs_fop_write_iter+0x2d0/0x410 [ 179.714694][ T697] ? cgroup_seqfile_stop+0xc0/0xc0 [ 179.719686][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 179.724851][ T697] vfs_write+0xc1c/0xf40 [ 179.724867][ T697] ? __kasan_check_write+0x14/0x20 [ 179.729685][ T381] ORIG_RAX: 00000000000000a6 [ 179.734243][ T697] ? kernel_write+0x3c0/0x3c0 [ 179.734252][ T697] ? _raw_spin_unlock_irq+0x4e/0x70 [ 179.734267][ T697] ? ptrace_stop+0x6ff/0x9f0 [ 179.740130][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 179.745209][ T697] ? __kasan_check_read+0x11/0x20 [ 179.745219][ T697] ? __fdget_pos+0x27e/0x310 [pid 381] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 703] <... write resumed>) = 6 [pid 703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 380] kill(-51, SIGKILL) = 0 [pid 380] kill(51, SIGKILL) = 0 [ 179.745227][ T697] ksys_write+0x198/0x2c0 [ 179.745244][ T697] ? do_notify_parent+0xa60/0xa60 [ 179.749198][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 179.754018][ T697] ? __ia32_sys_read+0x90/0x90 [ 179.754027][ T697] ? __ia32_sys_open+0x270/0x270 [ 179.754043][ T697] __x64_sys_write+0x7b/0x90 [ 179.759033][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 179.763592][ T697] do_syscall_64+0x34/0x70 [ 179.763607][ T697] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 179.767990][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 179.773410][ T697] RIP: 0033:0x7fc8ece62c09 [ 179.773421][ T697] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 179.773427][ T697] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 179.773438][ T697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 381] <... umount2 resumed>) = 0 [pid 381] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./54/file0" [pid 703] <... openat resumed>) = 5 [pid 703] write(5, "22", 2) = 2 [pid 703] write(4, "+pids ", 6 [pid 697] <... write resumed>) = ? [pid 381] <... rmdir resumed>) = 0 [pid 381] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./54/cgroup.cpu" [pid 697] +++ killed by SIGKILL +++ [pid 381] <... unlink resumed>) = 0 [pid 381] getdents64(3, [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=51, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./54") = 0 [pid 381] mkdir("./55", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 706 attached , child_tidptr=0x555556fab5d0) = 57 [pid 380] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 706] chdir("./55" [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 706] <... chdir resumed>) = 0 [pid 380] <... openat resumed>) = 3 [pid 706] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 706] <... prctl resumed>) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 706] setpgid(0, 0 [pid 380] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 706] <... setpgid resumed>) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 706] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 380] lstat("./49/binderfs", [pid 706] <... symlink resumed>) = 0 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 706] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 380] unlink("./49/binderfs" [pid 706] <... symlink resumed>) = 0 [pid 706] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 380] <... unlink resumed>) = 0 [pid 706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 706] write(3, "1000", 4) = 4 [pid 706] close(3) = 0 [pid 706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 706] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 706] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 706] open("./file0", O_RDONLY) = 3 [pid 706] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 706] write(4, "-pids ", 6 [pid 380] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./49/cgroup") = 0 [pid 380] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./49/cgroup.net") = 0 [pid 380] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 179.773451][ T697] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 179.778443][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000037 [ 179.783515][ T697] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 179.783522][ T697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 179.783540][ T697] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [ 179.788533][ T381] ---[ end trace d4de1ca9cdcd19a4 ]--- [ 180.101213][ T697] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 706] <... write resumed>) = 6 [pid 705] <... write resumed>) = 6 [pid 704] <... write resumed>) = 6 [pid 706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 706] <... openat resumed>) = 5 [pid 705] <... openat resumed>) = 5 [pid 704] <... openat resumed>) = 5 [pid 706] write(5, "22", 2 [pid 705] write(5, "22", 2 [pid 704] write(5, "22", 2 [pid 706] <... write resumed>) = 2 [pid 705] <... write resumed>) = 2 [pid 704] <... write resumed>) = 2 [pid 706] write(4, "+pids ", 6 [pid 705] write(4, "+pids ", 6 [pid 704] write(4, "+pids ", 6 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./49/file0") = 0 [pid 380] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./49/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./49") = 0 [pid 380] mkdir("./50", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 52 ./strace-static-x86_64: Process 707 attached [pid 707] chdir("./50") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 707] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 707] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 180.141150][ T702] FAULT_INJECTION: forcing a failure. [ 180.141150][ T702] name failslab, interval 1, probability 0, space 0, times 0 [ 180.153817][ T702] CPU: 1 PID: 702 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 180.165435][ T702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.175479][ T702] Call Trace: [ 180.178758][ T702] dump_stack_lvl+0x1e2/0x24b [ 180.183409][ T702] ? bfq_pos_tree_add_move+0x43e/0x43e [ 180.188844][ T702] ? selinux_kernfs_init_security+0x1a8/0x760 [ 180.194883][ T702] dump_stack+0x15/0x17 [ 180.199011][ T702] should_fail+0x3c0/0x510 [ 180.203400][ T702] ? __kernfs_new_node+0x99/0x6e0 [ 180.208417][ T702] __should_failslab+0x9f/0xe0 [ 180.213163][ T702] should_failslab+0x9/0x20 [ 180.217642][ T702] __kmalloc_track_caller+0x5f/0x350 [ 180.222906][ T702] kstrdup_const+0x55/0x90 [ 180.227314][ T702] __kernfs_new_node+0x99/0x6e0 [ 180.232151][ T702] ? is_module_text_address+0xe1/0x140 [ 180.237591][ T702] ? kernfs_new_node+0x170/0x170 [ 180.242513][ T702] ? ptr_to_hashval+0x60/0x60 [ 180.247161][ T702] ? arch_stack_walk+0xf8/0x140 [ 180.252001][ T702] ? snprintf+0xd6/0x120 [ 180.256253][ T702] kernfs_new_node+0x97/0x170 [ 180.261013][ T702] __kernfs_create_file+0x4a/0x270 [ 180.266114][ T702] cgroup_addrm_files+0xab8/0xfe0 [ 180.271124][ T702] ? ____kasan_kmalloc+0xdc/0x110 [ 180.276133][ T702] ? __kasan_kmalloc+0x9/0x10 [ 180.280806][ T702] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 180.286333][ T702] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 180.292474][ T702] ? delete_node+0x759/0x7b0 [ 180.297054][ T702] ? __kasan_check_read+0x11/0x20 [ 180.302061][ T702] ? delete_node+0x759/0x7b0 [ 180.306634][ T702] ? __kasan_check_write+0x14/0x20 [ 180.311732][ T702] ? idr_replace+0x1c4/0x230 [ 180.316333][ T702] ? idr_get_next+0x4b0/0x4b0 [ 180.320989][ T702] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 180.325995][ T702] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 180.331180][ T702] css_populate_dir+0x137/0x370 [ 180.336008][ T702] cgroup_apply_control_enable+0x8b9/0x12f0 [ 180.341877][ T702] cgroup_apply_control+0x93/0x710 [ 180.346975][ T702] ? css_next_child+0x160/0x160 [ 180.351894][ T702] ? stack_trace_save+0x12d/0x1f0 [ 180.356891][ T702] ? io_schedule+0x120/0x120 [ 180.361463][ T702] ? kernfs_fop_write_iter+0x15e/0x410 [ 180.366907][ T702] ? __kasan_check_write+0x14/0x20 [ 180.372001][ T702] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 180.377280][ T702] cgroup_subtree_control_write+0xd19/0x1310 [ 180.383239][ T702] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 180.389204][ T702] ? __kasan_check_write+0x14/0x20 [ 180.394300][ T702] ? _copy_from_iter+0x3fb/0xd60 [ 180.399217][ T702] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 180.405188][ T702] cgroup_file_write+0x28e/0x590 [ 180.410111][ T702] ? cgroup_seqfile_stop+0xc0/0xc0 [ 180.415204][ T702] ? mutex_lock+0xa6/0x110 [ 180.419621][ T702] ? mutex_trylock+0xb0/0xb0 [ 180.424211][ T702] ? __kasan_check_write+0x14/0x20 [ 180.429309][ T702] kernfs_fop_write_iter+0x2d0/0x410 [ 180.434570][ T702] ? cgroup_seqfile_stop+0xc0/0xc0 [ 180.439662][ T702] vfs_write+0xc1c/0xf40 [ 180.443901][ T702] ? __kasan_check_write+0x14/0x20 [ 180.449001][ T702] ? kernel_write+0x3c0/0x3c0 [ 180.453655][ T702] ? _raw_spin_unlock_irq+0x4e/0x70 [ 180.458833][ T702] ? ptrace_stop+0x6ff/0x9f0 [ 180.463414][ T702] ? __kasan_check_read+0x11/0x20 [ 180.468418][ T702] ? __fdget_pos+0x27e/0x310 [ 180.472991][ T702] ksys_write+0x198/0x2c0 [ 180.477312][ T702] ? do_notify_parent+0xa60/0xa60 [ 180.482319][ T702] ? __ia32_sys_read+0x90/0x90 [ 180.487059][ T702] ? __ia32_sys_open+0x270/0x270 [ 180.491987][ T702] __x64_sys_write+0x7b/0x90 [ 180.496560][ T702] do_syscall_64+0x34/0x70 [ 180.500958][ T702] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 180.506825][ T702] RIP: 0033:0x7fc8ece62c09 [ 180.511214][ T702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 180.530802][ T702] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 707] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 707] open("./file0", O_RDONLY) = 3 [pid 707] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 707] write(4, "-pids ", 6 [pid 702] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 702] close(3) = 0 [pid 702] close(4) = 0 [pid 702] close(5) = 0 [pid 702] close(6) = -1 EBADF (Bad file descriptor) [pid 702] close(7) = -1 EBADF (Bad file descriptor) [pid 702] close(8) = -1 EBADF (Bad file descriptor) [pid 702] close(9) = -1 EBADF (Bad file descriptor) [pid 702] close(10) = -1 EBADF (Bad file descriptor) [pid 702] close(11) = -1 EBADF (Bad file descriptor) [pid 702] close(12) = -1 EBADF (Bad file descriptor) [pid 702] close(13) = -1 EBADF (Bad file descriptor) [pid 702] close(14) = -1 EBADF (Bad file descriptor) [pid 702] close(15) = -1 EBADF (Bad file descriptor) [pid 702] close(16) = -1 EBADF (Bad file descriptor) [pid 702] close(17) = -1 EBADF (Bad file descriptor) [pid 702] close(18) = -1 EBADF (Bad file descriptor) [pid 702] close(19) = -1 EBADF (Bad file descriptor) [pid 702] close(20) = -1 EBADF (Bad file descriptor) [pid 702] close(21) = -1 EBADF (Bad file descriptor) [pid 702] close(22) = -1 EBADF (Bad file descriptor) [pid 702] close(23) = -1 EBADF (Bad file descriptor) [pid 702] close(24) = -1 EBADF (Bad file descriptor) [pid 702] close(25) = -1 EBADF (Bad file descriptor) [pid 702] close(26) = -1 EBADF (Bad file descriptor) [pid 702] close(27) = -1 EBADF (Bad file descriptor) [pid 702] close(28) = -1 EBADF (Bad file descriptor) [pid 702] close(29) = -1 EBADF (Bad file descriptor) [pid 702] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 702] exit_group(0) = ? [pid 702] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=48, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./46/binderfs") = 0 [pid 383] umount2("./46/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./46/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./46/cgroup") = 0 [pid 383] umount2("./46/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./46/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./46/cgroup.net") = 0 [pid 383] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./46/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./46/file0") = 0 [pid 383] umount2("./46/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./46/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./46/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./46") = 0 [pid 383] mkdir("./47", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 708 attached [pid 708] chdir("./47" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 49 [pid 708] <... chdir resumed>) = 0 [pid 708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 708] setpgid(0, 0) = 0 [pid 708] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 708] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 708] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 708] write(3, "1000", 4) = 4 [pid 708] close(3) = 0 [pid 708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 708] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 708] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 708] open("./file0", O_RDONLY) = 3 [pid 708] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 180.539209][ T702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 180.547170][ T702] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 180.555127][ T702] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 180.563082][ T702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 180.571037][ T702] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002e [ 180.579861][ T702] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 708] write(4, "-pids ", 6) = 6 [pid 707] <... write resumed>) = 6 [pid 708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 708] write(5, "22", 2) = 2 [pid 708] write(4, "+pids ", 6 [pid 707] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 707] write(5, "22", 2) = 2 [ 180.620353][ T704] FAULT_INJECTION: forcing a failure. [ 180.620353][ T704] name failslab, interval 1, probability 0, space 0, times 0 [ 180.633042][ T704] CPU: 0 PID: 704 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 180.644653][ T704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.654695][ T704] Call Trace: [ 180.657966][ T704] dump_stack_lvl+0x1e2/0x24b [ 180.662619][ T704] ? bfq_pos_tree_add_move+0x43e/0x43e [ 180.668055][ T704] ? selinux_kernfs_init_security+0x1a8/0x760 [ 180.674096][ T704] dump_stack+0x15/0x17 [ 180.678232][ T704] should_fail+0x3c0/0x510 [ 180.682640][ T704] ? __kernfs_new_node+0x99/0x6e0 [ 180.687650][ T704] __should_failslab+0x9f/0xe0 [ 180.692390][ T704] should_failslab+0x9/0x20 [ 180.696867][ T704] __kmalloc_track_caller+0x5f/0x350 [ 180.702124][ T704] kstrdup_const+0x55/0x90 [ 180.706514][ T704] __kernfs_new_node+0x99/0x6e0 [ 180.711342][ T704] ? is_module_text_address+0xe1/0x140 [ 180.716774][ T704] ? kernfs_new_node+0x170/0x170 [ 180.721684][ T704] ? ptr_to_hashval+0x60/0x60 [ 180.726333][ T704] ? arch_stack_walk+0xf8/0x140 [ 180.731172][ T704] ? snprintf+0xd6/0x120 [ 180.735403][ T704] kernfs_new_node+0x97/0x170 [ 180.740071][ T704] __kernfs_create_file+0x4a/0x270 [ 180.745172][ T704] cgroup_addrm_files+0xab8/0xfe0 [ 180.750182][ T704] ? ____kasan_kmalloc+0xdc/0x110 [ 180.755186][ T704] ? __kasan_kmalloc+0x9/0x10 [ 180.759839][ T704] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 180.765371][ T704] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 180.771507][ T704] ? delete_node+0x759/0x7b0 [ 180.776078][ T704] ? __kasan_check_read+0x11/0x20 [ 180.781074][ T704] ? delete_node+0x759/0x7b0 [ 180.785648][ T704] ? __kasan_check_write+0x14/0x20 [ 180.790745][ T704] ? idr_replace+0x1c4/0x230 [ 180.795306][ T704] ? idr_get_next+0x4b0/0x4b0 [ 180.799959][ T704] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 180.804966][ T704] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 180.810145][ T704] css_populate_dir+0x137/0x370 [ 180.814985][ T704] cgroup_apply_control_enable+0x8b9/0x12f0 [ 180.820872][ T704] cgroup_apply_control+0x93/0x710 [ 180.825967][ T704] ? css_next_child+0x160/0x160 [ 180.830793][ T704] ? stack_trace_save+0x12d/0x1f0 [ 180.835807][ T704] ? io_schedule+0x120/0x120 [ 180.840371][ T704] ? kernfs_fop_write_iter+0x15e/0x410 [ 180.845815][ T704] ? __kasan_check_write+0x14/0x20 [ 180.850908][ T704] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 180.856170][ T704] cgroup_subtree_control_write+0xd19/0x1310 [ 180.862123][ T704] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 180.868076][ T704] ? __kasan_check_write+0x14/0x20 [ 180.873169][ T704] ? _copy_from_iter+0x3fb/0xd60 [ 180.878174][ T704] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 180.884131][ T704] cgroup_file_write+0x28e/0x590 [ 180.889046][ T704] ? cgroup_seqfile_stop+0xc0/0xc0 [ 180.894139][ T704] ? mutex_lock+0xa6/0x110 [ 180.898548][ T704] ? mutex_trylock+0xb0/0xb0 [ 180.903126][ T704] ? __kasan_check_write+0x14/0x20 [ 180.908212][ T704] kernfs_fop_write_iter+0x2d0/0x410 [ 180.913471][ T704] ? cgroup_seqfile_stop+0xc0/0xc0 [ 180.918555][ T704] vfs_write+0xc1c/0xf40 [ 180.922775][ T704] ? __kasan_check_write+0x14/0x20 [ 180.927868][ T704] ? kernel_write+0x3c0/0x3c0 [ 180.932540][ T704] ? _raw_spin_unlock_irq+0x4e/0x70 [ 180.937725][ T704] ? ptrace_stop+0x6ff/0x9f0 [ 180.942288][ T704] ? __kasan_check_read+0x11/0x20 [ 180.947297][ T704] ? __fdget_pos+0x27e/0x310 [ 180.951876][ T704] ksys_write+0x198/0x2c0 [ 180.956194][ T704] ? do_notify_parent+0xa60/0xa60 [ 180.961200][ T704] ? __ia32_sys_read+0x90/0x90 [ 180.965945][ T704] ? __ia32_sys_open+0x270/0x270 [ 180.970874][ T704] __x64_sys_write+0x7b/0x90 [ 180.975454][ T704] do_syscall_64+0x34/0x70 [ 180.979856][ T704] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 180.985735][ T704] RIP: 0033:0x7fc8ece62c09 [ 180.990145][ T704] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.009730][ T704] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 707] write(4, "+pids ", 6 [pid 704] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 704] close(3) = 0 [pid 704] close(4) = 0 [pid 704] close(5) = 0 [pid 704] close(6) = -1 EBADF (Bad file descriptor) [pid 704] close(7) = -1 EBADF (Bad file descriptor) [pid 704] close(8) = -1 EBADF (Bad file descriptor) [pid 704] close(9) = -1 EBADF (Bad file descriptor) [pid 704] close(10) = -1 EBADF (Bad file descriptor) [pid 704] close(11) = -1 EBADF (Bad file descriptor) [pid 704] close(12) = -1 EBADF (Bad file descriptor) [pid 704] close(13) = -1 EBADF (Bad file descriptor) [pid 704] close(14) = -1 EBADF (Bad file descriptor) [pid 704] close(15) = -1 EBADF (Bad file descriptor) [pid 704] close(16) = -1 EBADF (Bad file descriptor) [pid 704] close(17) = -1 EBADF (Bad file descriptor) [pid 704] close(18) = -1 EBADF (Bad file descriptor) [pid 704] close(19) = -1 EBADF (Bad file descriptor) [pid 704] close(20) = -1 EBADF (Bad file descriptor) [pid 704] close(21) = -1 EBADF (Bad file descriptor) [pid 704] close(22) = -1 EBADF (Bad file descriptor) [pid 704] close(23) = -1 EBADF (Bad file descriptor) [pid 704] close(24) = -1 EBADF (Bad file descriptor) [pid 704] close(25) = -1 EBADF (Bad file descriptor) [pid 704] close(26) = -1 EBADF (Bad file descriptor) [pid 704] close(27) = -1 EBADF (Bad file descriptor) [pid 704] close(28) = -1 EBADF (Bad file descriptor) [pid 704] close(29) = -1 EBADF (Bad file descriptor) [pid 704] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 704] exit_group(0) = ? [pid 704] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./51/binderfs") = 0 [pid 376] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./51/cgroup") = 0 [pid 376] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./51/cgroup.net") = 0 [pid 376] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./51/file0") = 0 [pid 376] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 181.018128][ T704] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 181.026092][ T704] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 181.034037][ T704] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 181.041989][ T704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 181.049935][ T704] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [ 181.059650][ T704] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 181.090762][ T707] FAULT_INJECTION: forcing a failure. [ 181.090762][ T707] name failslab, interval 1, probability 0, space 0, times 0 [ 181.103426][ T707] CPU: 1 PID: 707 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 181.115038][ T707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.125076][ T707] Call Trace: [ 181.128348][ T707] dump_stack_lvl+0x1e2/0x24b [ 181.133012][ T707] ? bfq_pos_tree_add_move+0x43e/0x43e [ 181.138451][ T707] ? selinux_kernfs_init_security+0x1a8/0x760 [ 181.144493][ T707] dump_stack+0x15/0x17 [ 181.148626][ T707] should_fail+0x3c0/0x510 [ 181.153024][ T707] ? __kernfs_new_node+0x99/0x6e0 [ 181.158028][ T707] __should_failslab+0x9f/0xe0 [ 181.162769][ T707] should_failslab+0x9/0x20 [ 181.167248][ T707] __kmalloc_track_caller+0x5f/0x350 [ 181.172527][ T707] kstrdup_const+0x55/0x90 [ 181.176921][ T707] __kernfs_new_node+0x99/0x6e0 [ 181.181751][ T707] ? is_module_text_address+0xe1/0x140 [ 181.187192][ T707] ? kernfs_new_node+0x170/0x170 [ 181.192116][ T707] ? ptr_to_hashval+0x60/0x60 [ 181.196768][ T707] ? arch_stack_walk+0xf8/0x140 [ 181.201600][ T707] ? snprintf+0xd6/0x120 [ 181.205820][ T707] kernfs_new_node+0x97/0x170 [ 181.210474][ T707] __kernfs_create_file+0x4a/0x270 [ 181.215563][ T707] cgroup_addrm_files+0xab8/0xfe0 [ 181.220563][ T707] ? ____kasan_kmalloc+0xdc/0x110 [ 181.225562][ T707] ? __kasan_kmalloc+0x9/0x10 [ 181.230218][ T707] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 181.235740][ T707] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 181.241869][ T707] ? delete_node+0x759/0x7b0 [ 181.246435][ T707] ? __kasan_check_read+0x11/0x20 [ 181.251435][ T707] ? delete_node+0x759/0x7b0 [ 181.256002][ T707] ? __kasan_check_write+0x14/0x20 [ 181.261094][ T707] ? idr_replace+0x1c4/0x230 [ 181.265659][ T707] ? idr_get_next+0x4b0/0x4b0 [ 181.270312][ T707] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 181.275327][ T707] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 181.280513][ T707] css_populate_dir+0x137/0x370 [ 181.285350][ T707] cgroup_apply_control_enable+0x8b9/0x12f0 [ 181.291234][ T707] cgroup_apply_control+0x93/0x710 [ 181.296332][ T707] ? css_next_child+0x160/0x160 [ 181.301168][ T707] ? io_schedule+0x120/0x120 [ 181.305737][ T707] ? kernfs_fop_write_iter+0x15e/0x410 [ 181.311183][ T707] ? __kasan_check_write+0x14/0x20 [ 181.316279][ T707] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 181.321548][ T707] cgroup_subtree_control_write+0xd19/0x1310 [ 181.327526][ T707] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 181.333491][ T707] ? __kasan_check_write+0x14/0x20 [ 181.338590][ T707] ? _copy_from_iter+0x3fb/0xd60 [ 181.343507][ T707] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 181.349481][ T707] cgroup_file_write+0x28e/0x590 [ 181.354406][ T707] ? cgroup_seqfile_stop+0xc0/0xc0 [ 181.359508][ T707] ? mutex_lock+0xa6/0x110 [ 181.363908][ T707] ? mutex_trylock+0xb0/0xb0 [ 181.368479][ T707] ? __kasan_check_write+0x14/0x20 [ 181.373579][ T707] kernfs_fop_write_iter+0x2d0/0x410 [ 181.378858][ T707] ? cgroup_seqfile_stop+0xc0/0xc0 [ 181.383961][ T707] vfs_write+0xc1c/0xf40 [ 181.388202][ T707] ? __kasan_check_write+0x14/0x20 [ 181.393299][ T707] ? kernel_write+0x3c0/0x3c0 [ 181.397959][ T707] ? _raw_spin_unlock_irq+0x4e/0x70 [ 181.403144][ T707] ? ptrace_stop+0x6ff/0x9f0 [ 181.407715][ T707] ? __kasan_check_read+0x11/0x20 [ 181.412720][ T707] ? __fdget_pos+0x27e/0x310 [ 181.417299][ T707] ksys_write+0x198/0x2c0 [ 181.421613][ T707] ? do_notify_parent+0xa60/0xa60 [ 181.426617][ T707] ? __ia32_sys_read+0x90/0x90 [ 181.431361][ T707] ? __ia32_sys_open+0x270/0x270 [ 181.436290][ T707] __x64_sys_write+0x7b/0x90 [ 181.440866][ T707] do_syscall_64+0x34/0x70 [ 181.445263][ T707] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 181.451131][ T707] RIP: 0033:0x7fc8ece62c09 [ 181.455538][ T707] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.475135][ T707] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 181.483532][ T707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 376] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./51/cgroup.cpu") = 0 [pid 707] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 707] close(3 [pid 376] close(3) = 0 [pid 707] <... close resumed>) = 0 [pid 376] rmdir("./51" [pid 707] close(4) = 0 [pid 707] close(5) = 0 [pid 707] close(6) = -1 EBADF (Bad file descriptor) [pid 707] close(7) = -1 EBADF (Bad file descriptor) [pid 707] close(8) = -1 EBADF (Bad file descriptor) [pid 707] close(9) = -1 EBADF (Bad file descriptor) [pid 707] close(10) = -1 EBADF (Bad file descriptor) [pid 707] close(11) = -1 EBADF (Bad file descriptor) [pid 707] close(12) = -1 EBADF (Bad file descriptor) [pid 707] close(13) = -1 EBADF (Bad file descriptor) [pid 707] close(14) = -1 EBADF (Bad file descriptor) [pid 707] close(15) = -1 EBADF (Bad file descriptor) [pid 707] close(16) = -1 EBADF (Bad file descriptor) [pid 707] close(17) = -1 EBADF (Bad file descriptor) [pid 707] close(18) = -1 EBADF (Bad file descriptor) [pid 707] close(19) = -1 EBADF (Bad file descriptor) [pid 707] close(20) = -1 EBADF (Bad file descriptor) [pid 707] close(21) = -1 EBADF (Bad file descriptor) [pid 707] close(22) = -1 EBADF (Bad file descriptor) [pid 707] close(23) = -1 EBADF (Bad file descriptor) [pid 707] close(24) = -1 EBADF (Bad file descriptor) [pid 707] close(25) = -1 EBADF (Bad file descriptor) [pid 707] close(26) = -1 EBADF (Bad file descriptor) [pid 707] close(27) = -1 EBADF (Bad file descriptor) [pid 707] close(28) = -1 EBADF (Bad file descriptor) [pid 707] close(29) = -1 EBADF (Bad file descriptor) [pid 707] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 707] exit_group(0) = ? [pid 707] +++ exited with 0 +++ [pid 376] <... rmdir resumed>) = 0 [pid 376] mkdir("./52", 0777 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...> [pid 376] <... mkdir resumed>) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 54 ./strace-static-x86_64: Process 709 attached [pid 709] chdir("./52" [pid 380] <... restart_syscall resumed>) = 0 [pid 709] <... chdir resumed>) = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 709] setpgid(0, 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 709] <... setpgid resumed>) = 0 [pid 380] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./50/binderfs" [pid 709] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 380] <... unlink resumed>) = 0 [pid 380] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 709] <... symlink resumed>) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 709] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 380] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./50/cgroup" [pid 709] <... symlink resumed>) = 0 [pid 709] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 380] <... unlink resumed>) = 0 [pid 380] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./50/cgroup.net") = 0 [pid 380] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 709] <... symlink resumed>) = 0 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 380] lstat("./50/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 709] <... openat resumed>) = 3 [pid 380] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 709] write(3, "1000", 4 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./50/file0") = 0 [pid 709] <... write resumed>) = 4 [pid 380] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 709] close(3 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./50/cgroup.cpu", [pid 709] <... close resumed>) = 0 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs" [pid 380] unlink("./50/cgroup.cpu") = 0 [pid 380] getdents64(3, [pid 709] <... symlink resumed>) = 0 [pid 380] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./50") = 0 [pid 380] mkdir("./51", 0777 [pid 709] mkdirat(AT_FDCWD, "./file0", 000 [pid 380] <... mkdir resumed>) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 709] <... mkdirat resumed>) = 0 ./strace-static-x86_64: Process 710 attached [pid 709] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 53 [pid 709] <... mount resumed>) = 0 [pid 709] open("./file0", O_RDONLY [pid 710] chdir("./51" [pid 709] <... open resumed>) = 3 [pid 710] <... chdir resumed>) = 0 [pid 709] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 709] write(4, "-pids ", 6 [pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 710] setpgid(0, 0) = 0 [pid 710] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 710] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 710] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 710] write(3, "1000", 4) = 4 [pid 710] close(3) = 0 [pid 710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 710] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 710] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 710] open("./file0", O_RDONLY) = 3 [pid 710] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 181.491486][ T707] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 181.499449][ T707] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 181.507405][ T707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 181.515359][ T707] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 181.523486][ T707] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 181.550437][ T705] FAULT_INJECTION: forcing a failure. [ 181.550437][ T705] name failslab, interval 1, probability 0, space 0, times 0 [ 181.563129][ T705] CPU: 1 PID: 705 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 181.574734][ T705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.584766][ T705] Call Trace: [ 181.588050][ T705] dump_stack_lvl+0x1e2/0x24b [ 181.592714][ T705] ? bfq_pos_tree_add_move+0x43e/0x43e [ 181.598158][ T705] ? selinux_kernfs_init_security+0x1a8/0x760 [ 181.604212][ T705] dump_stack+0x15/0x17 [ 181.608349][ T705] should_fail+0x3c0/0x510 [ 181.612752][ T705] ? __kernfs_new_node+0x99/0x6e0 [ 181.617759][ T705] __should_failslab+0x9f/0xe0 [ 181.622508][ T705] should_failslab+0x9/0x20 [ 181.627008][ T705] __kmalloc_track_caller+0x5f/0x350 [ 181.632276][ T705] kstrdup_const+0x55/0x90 [ 181.636668][ T705] __kernfs_new_node+0x99/0x6e0 [ 181.641499][ T705] ? is_module_text_address+0xe1/0x140 [ 181.646951][ T705] ? kernfs_new_node+0x170/0x170 [ 181.651877][ T705] ? ptr_to_hashval+0x60/0x60 [ 181.656529][ T705] ? arch_stack_walk+0xf8/0x140 [ 181.661360][ T705] ? snprintf+0xd6/0x120 [ 181.665586][ T705] kernfs_new_node+0x97/0x170 [ 181.670249][ T705] __kernfs_create_file+0x4a/0x270 [ 181.675341][ T705] cgroup_addrm_files+0xab8/0xfe0 [ 181.680346][ T705] ? ____kasan_kmalloc+0xdc/0x110 [ 181.685351][ T705] ? __kasan_kmalloc+0x9/0x10 [ 181.690004][ T705] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 181.695524][ T705] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 181.701649][ T705] ? delete_node+0x759/0x7b0 [ 181.706213][ T705] ? __kasan_check_read+0x11/0x20 [ 181.711220][ T705] ? delete_node+0x759/0x7b0 [ 181.715798][ T705] ? __kasan_check_write+0x14/0x20 [ 181.720896][ T705] ? idr_replace+0x1c4/0x230 [ 181.725461][ T705] ? idr_get_next+0x4b0/0x4b0 [ 181.730111][ T705] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 181.735123][ T705] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 181.740311][ T705] css_populate_dir+0x137/0x370 [ 181.745140][ T705] cgroup_apply_control_enable+0x8b9/0x12f0 [ 181.751010][ T705] cgroup_apply_control+0x93/0x710 [ 181.756106][ T705] ? css_next_child+0x160/0x160 [ 181.760941][ T705] ? stack_trace_save+0x12d/0x1f0 [ 181.765945][ T705] ? io_schedule+0x120/0x120 [ 181.770517][ T705] ? kernfs_fop_write_iter+0x15e/0x410 [ 181.775957][ T705] ? __kasan_check_write+0x14/0x20 [ 181.781059][ T705] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 181.786326][ T705] cgroup_subtree_control_write+0xd19/0x1310 [ 181.792283][ T705] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 181.798239][ T705] ? __kasan_check_write+0x14/0x20 [ 181.803335][ T705] ? _copy_from_iter+0x3fb/0xd60 [ 181.808343][ T705] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 181.814295][ T705] cgroup_file_write+0x28e/0x590 [ 181.819215][ T705] ? cgroup_seqfile_stop+0xc0/0xc0 [ 181.824408][ T705] ? mutex_lock+0xa6/0x110 [ 181.828904][ T705] ? mutex_trylock+0xb0/0xb0 [ 181.833505][ T705] ? __kasan_check_write+0x14/0x20 [ 181.838603][ T705] kernfs_fop_write_iter+0x2d0/0x410 [ 181.843871][ T705] ? cgroup_seqfile_stop+0xc0/0xc0 [ 181.848970][ T705] vfs_write+0xc1c/0xf40 [ 181.853281][ T705] ? __kasan_check_write+0x14/0x20 [ 181.858381][ T705] ? kernel_write+0x3c0/0x3c0 [ 181.863054][ T705] ? _raw_spin_unlock_irq+0x4e/0x70 [ 181.868234][ T705] ? ptrace_stop+0x6ff/0x9f0 [ 181.872801][ T705] ? __kasan_check_read+0x11/0x20 [ 181.877807][ T705] ? __fdget_pos+0x27e/0x310 [ 181.882389][ T705] ksys_write+0x198/0x2c0 [ 181.886717][ T705] ? do_notify_parent+0xa60/0xa60 [ 181.891723][ T705] ? __ia32_sys_read+0x90/0x90 [ 181.896460][ T705] ? __ia32_sys_open+0x270/0x270 [ 181.901378][ T705] __x64_sys_write+0x7b/0x90 [ 181.905966][ T705] do_syscall_64+0x34/0x70 [ 181.910375][ T705] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 181.916252][ T705] RIP: 0033:0x7fc8ece62c09 [ 181.920660][ T705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 181.940251][ T705] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 710] write(4, "-pids ", 6 [pid 705] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 705] close(3) = 0 [pid 705] close(4) = 0 [pid 705] close(5) = 0 [pid 705] close(6) = -1 EBADF (Bad file descriptor) [pid 705] close(7) = -1 EBADF (Bad file descriptor) [pid 705] close(8) = -1 EBADF (Bad file descriptor) [pid 705] close(9) = -1 EBADF (Bad file descriptor) [pid 705] close(10) = -1 EBADF (Bad file descriptor) [pid 705] close(11) = -1 EBADF (Bad file descriptor) [pid 705] close(12) = -1 EBADF (Bad file descriptor) [pid 705] close(13) = -1 EBADF (Bad file descriptor) [pid 705] close(14) = -1 EBADF (Bad file descriptor) [pid 705] close(15) = -1 EBADF (Bad file descriptor) [pid 705] close(16) = -1 EBADF (Bad file descriptor) [pid 705] close(17) = -1 EBADF (Bad file descriptor) [pid 705] close(18) = -1 EBADF (Bad file descriptor) [pid 705] close(19) = -1 EBADF (Bad file descriptor) [pid 705] close(20) = -1 EBADF (Bad file descriptor) [pid 705] close(21) = -1 EBADF (Bad file descriptor) [pid 705] close(22) = -1 EBADF (Bad file descriptor) [pid 705] close(23) = -1 EBADF (Bad file descriptor) [pid 705] close(24) = -1 EBADF (Bad file descriptor) [pid 705] close(25) = -1 EBADF (Bad file descriptor) [pid 705] close(26) = -1 EBADF (Bad file descriptor) [pid 705] close(27) = -1 EBADF (Bad file descriptor) [pid 705] close(28) = -1 EBADF (Bad file descriptor) [pid 705] close(29) = -1 EBADF (Bad file descriptor) [pid 705] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 705] exit_group(0) = ? [pid 705] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./55/binderfs") = 0 [pid 382] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./55/cgroup") = 0 [pid 382] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./55/cgroup.net") = 0 [pid 382] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./55/file0") = 0 [pid 382] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./55/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./55") = 0 [pid 382] mkdir("./56", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 711 attached [pid 711] chdir("./56" [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 58 [pid 711] <... chdir resumed>) = 0 [pid 711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 711] setpgid(0, 0) = 0 [pid 711] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 711] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 711] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 711] write(3, "1000", 4) = 4 [pid 711] close(3) = 0 [pid 711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 711] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 711] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 711] open("./file0", O_RDONLY) = 3 [pid 711] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 181.948647][ T705] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 181.956606][ T705] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 181.964550][ T705] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 181.972503][ T705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 181.980451][ T705] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 181.988524][ T705] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 711] write(4, "-pids ", 6) = 6 [pid 711] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 711] write(5, "22", 2) = 2 [ 182.020398][ T703] FAULT_INJECTION: forcing a failure. [ 182.020398][ T703] name failslab, interval 1, probability 0, space 0, times 0 [ 182.033337][ T703] CPU: 0 PID: 703 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 182.044952][ T703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.054988][ T703] Call Trace: [ 182.058269][ T703] dump_stack_lvl+0x1e2/0x24b [ 182.062924][ T703] ? panic+0x7d7/0x7d7 [ 182.066994][ T703] ? bfq_pos_tree_add_move+0x43e/0x43e [ 182.072449][ T703] ? find_next_bit+0xd6/0x120 [ 182.077116][ T703] ? cpumask_next+0x11/0x30 [ 182.081600][ T703] dump_stack+0x15/0x17 [ 182.085730][ T703] should_fail+0x3c0/0x510 [ 182.090120][ T703] ? percpu_ref_init+0xd0/0x330 [ 182.094945][ T703] __should_failslab+0x9f/0xe0 [ 182.099684][ T703] should_failslab+0x9/0x20 [ 182.104171][ T703] kmem_cache_alloc_trace+0x3a/0x330 [ 182.109440][ T703] percpu_ref_init+0xd0/0x330 [ 182.114100][ T703] ? cgroup_setup_root+0xea0/0xea0 [ 182.119193][ T703] cgroup_apply_control_enable+0x3a2/0x12f0 [ 182.125077][ T703] cgroup_apply_control+0x93/0x710 [ 182.130175][ T703] ? css_next_child+0x160/0x160 [ 182.135006][ T703] ? io_schedule+0x120/0x120 [ 182.139582][ T703] ? kernfs_fop_write_iter+0x15e/0x410 [ 182.145026][ T703] ? __kasan_check_write+0x14/0x20 [ 182.150111][ T703] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 182.155368][ T703] cgroup_subtree_control_write+0xd19/0x1310 [ 182.161326][ T703] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 182.167282][ T703] ? __kasan_check_write+0x14/0x20 [ 182.172374][ T703] ? _copy_from_iter+0x3fb/0xd60 [ 182.177290][ T703] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 182.183246][ T703] cgroup_file_write+0x28e/0x590 [ 182.188165][ T703] ? cgroup_seqfile_stop+0xc0/0xc0 [ 182.193246][ T703] ? mutex_lock+0xa6/0x110 [ 182.197642][ T703] ? mutex_trylock+0xb0/0xb0 [ 182.202211][ T703] ? __kasan_check_write+0x14/0x20 [ 182.207295][ T703] kernfs_fop_write_iter+0x2d0/0x410 [ 182.212553][ T703] ? cgroup_seqfile_stop+0xc0/0xc0 [ 182.217636][ T703] vfs_write+0xc1c/0xf40 [ 182.221954][ T703] ? __kasan_check_write+0x14/0x20 [ 182.227061][ T703] ? kernel_write+0x3c0/0x3c0 [ 182.231721][ T703] ? _raw_spin_unlock_irq+0x4e/0x70 [ 182.236890][ T703] ? ptrace_stop+0x6ff/0x9f0 [ 182.241459][ T703] ? __kasan_check_read+0x11/0x20 [ 182.246476][ T703] ? __fdget_pos+0x27e/0x310 [ 182.251048][ T703] ksys_write+0x198/0x2c0 [ 182.255351][ T703] ? do_notify_parent+0xa60/0xa60 [ 182.260354][ T703] ? __ia32_sys_read+0x90/0x90 [ 182.265097][ T703] ? __ia32_sys_open+0x270/0x270 [ 182.270011][ T703] __x64_sys_write+0x7b/0x90 [ 182.274585][ T703] do_syscall_64+0x34/0x70 [ 182.278980][ T703] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 182.284854][ T703] RIP: 0033:0x7fc8ece62c09 [ 182.289251][ T703] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.308852][ T703] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 711] write(4, "+pids ", 6 [pid 703] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 703] close(3) = 0 [pid 703] close(4) = 0 [pid 703] close(5) = 0 [pid 703] close(6) = -1 EBADF (Bad file descriptor) [pid 703] close(7) = -1 EBADF (Bad file descriptor) [pid 703] close(8) = -1 EBADF (Bad file descriptor) [pid 703] close(9) = -1 EBADF (Bad file descriptor) [pid 703] close(10) = -1 EBADF (Bad file descriptor) [pid 703] close(11) = -1 EBADF (Bad file descriptor) [pid 703] close(12) = -1 EBADF (Bad file descriptor) [pid 703] close(13) = -1 EBADF (Bad file descriptor) [pid 703] close(14) = -1 EBADF (Bad file descriptor) [pid 703] close(15) = -1 EBADF (Bad file descriptor) [pid 703] close(16) = -1 EBADF (Bad file descriptor) [pid 703] close(17) = -1 EBADF (Bad file descriptor) [pid 703] close(18) = -1 EBADF (Bad file descriptor) [pid 703] close(19) = -1 EBADF (Bad file descriptor) [pid 703] close(20) = -1 EBADF (Bad file descriptor) [pid 703] close(21) = -1 EBADF (Bad file descriptor) [pid 703] close(22) = -1 EBADF (Bad file descriptor) [pid 703] close(23) = -1 EBADF (Bad file descriptor) [pid 703] close(24) = -1 EBADF (Bad file descriptor) [pid 703] close(25) = -1 EBADF (Bad file descriptor) [pid 703] close(26) = -1 EBADF (Bad file descriptor) [pid 703] close(27) = -1 EBADF (Bad file descriptor) [pid 703] close(28) = -1 EBADF (Bad file descriptor) [pid 703] close(29) = -1 EBADF (Bad file descriptor) [pid 703] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 703] exit_group(0) = ? [pid 703] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 375] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./59/binderfs") = 0 [pid 375] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./59/cgroup") = 0 [pid 375] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./59/cgroup.net") = 0 [pid 375] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./59/file0") = 0 [pid 375] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./59/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./59") = 0 [pid 375] mkdir("./60", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 712 attached [pid 712] chdir("./60") = 0 [pid 712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 712] setpgid(0, 0) = 0 [pid 712] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 62 [pid 712] <... symlink resumed>) = 0 [pid 712] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 712] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 712] write(3, "1000", 4) = 4 [pid 712] close(3) = 0 [pid 712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 712] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 712] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 712] open("./file0", O_RDONLY) = 3 [pid 712] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 182.317244][ T703] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 182.325194][ T703] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 182.333146][ T703] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 182.341103][ T703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 182.349050][ T703] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [pid 712] write(4, "-pids ", 6) = 6 [pid 710] <... write resumed>) = 6 [pid 709] <... write resumed>) = 6 [pid 710] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 709] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 710] <... openat resumed>) = 5 [pid 709] <... openat resumed>) = 5 [pid 710] write(5, "22", 2 [pid 709] write(5, "22", 2 [pid 710] <... write resumed>) = 2 [pid 709] <... write resumed>) = 2 [pid 710] write(4, "+pids ", 6 [pid 709] write(4, "+pids ", 6 [pid 712] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 712] write(5, "22", 2) = 2 [ 182.380429][ T706] FAULT_INJECTION: forcing a failure. [ 182.380429][ T706] name failslab, interval 1, probability 0, space 0, times 0 [ 182.393053][ T706] CPU: 0 PID: 706 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 182.404661][ T706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.414704][ T706] Call Trace: [ 182.417978][ T706] dump_stack_lvl+0x1e2/0x24b [ 182.422640][ T706] ? bfq_pos_tree_add_move+0x43e/0x43e [ 182.428087][ T706] ? selinux_kernfs_init_security+0x1a8/0x760 [ 182.434154][ T706] dump_stack+0x15/0x17 [ 182.438295][ T706] should_fail+0x3c0/0x510 [ 182.442687][ T706] ? __kernfs_new_node+0x99/0x6e0 [ 182.447693][ T706] __should_failslab+0x9f/0xe0 [ 182.452441][ T706] should_failslab+0x9/0x20 [ 182.456918][ T706] __kmalloc_track_caller+0x5f/0x350 [ 182.462189][ T706] kstrdup_const+0x55/0x90 [ 182.466590][ T706] __kernfs_new_node+0x99/0x6e0 [ 182.471424][ T706] ? is_module_text_address+0xe1/0x140 [ 182.476867][ T706] ? kernfs_new_node+0x170/0x170 [ 182.481796][ T706] ? ptr_to_hashval+0x60/0x60 [ 182.486475][ T706] ? arch_stack_walk+0xf8/0x140 [ 182.491336][ T706] ? snprintf+0xd6/0x120 [ 182.495558][ T706] kernfs_new_node+0x97/0x170 [ 182.500216][ T706] __kernfs_create_file+0x4a/0x270 [ 182.505303][ T706] cgroup_addrm_files+0xab8/0xfe0 [ 182.510308][ T706] ? ____kasan_kmalloc+0xdc/0x110 [ 182.515320][ T706] ? __kasan_kmalloc+0x9/0x10 [ 182.519976][ T706] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 182.525498][ T706] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 182.531627][ T706] ? delete_node+0x759/0x7b0 [ 182.536196][ T706] ? __kasan_check_read+0x11/0x20 [ 182.541197][ T706] ? delete_node+0x759/0x7b0 [ 182.545768][ T706] ? __kasan_check_write+0x14/0x20 [ 182.550866][ T706] ? idr_replace+0x1c4/0x230 [ 182.555429][ T706] ? idr_get_next+0x4b0/0x4b0 [ 182.560080][ T706] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 182.565091][ T706] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 182.570275][ T706] css_populate_dir+0x137/0x370 [ 182.575107][ T706] cgroup_apply_control_enable+0x8b9/0x12f0 [ 182.580979][ T706] cgroup_apply_control+0x93/0x710 [ 182.586075][ T706] ? css_next_child+0x160/0x160 [ 182.590911][ T706] ? stack_trace_save+0x12d/0x1f0 [ 182.595914][ T706] ? io_schedule+0x120/0x120 [ 182.600494][ T706] ? kernfs_fop_write_iter+0x15e/0x410 [ 182.605942][ T706] ? __kasan_check_write+0x14/0x20 [ 182.611029][ T706] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 182.616294][ T706] cgroup_subtree_control_write+0xd19/0x1310 [ 182.622257][ T706] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 182.628235][ T706] ? __kasan_check_write+0x14/0x20 [ 182.633333][ T706] ? _copy_from_iter+0x3fb/0xd60 [ 182.638246][ T706] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 182.644200][ T706] cgroup_file_write+0x28e/0x590 [ 182.649126][ T706] ? cgroup_seqfile_stop+0xc0/0xc0 [ 182.654219][ T706] ? mutex_lock+0xa6/0x110 [ 182.658616][ T706] ? mutex_trylock+0xb0/0xb0 [ 182.663184][ T706] ? __kasan_check_write+0x14/0x20 [ 182.668292][ T706] kernfs_fop_write_iter+0x2d0/0x410 [ 182.673559][ T706] ? cgroup_seqfile_stop+0xc0/0xc0 [ 182.678652][ T706] vfs_write+0xc1c/0xf40 [ 182.682898][ T706] ? __kasan_check_write+0x14/0x20 [ 182.687994][ T706] ? kernel_write+0x3c0/0x3c0 [ 182.692642][ T706] ? _raw_spin_unlock_irq+0x4e/0x70 [ 182.697815][ T706] ? ptrace_stop+0x6ff/0x9f0 [ 182.702378][ T706] ? __kasan_check_read+0x11/0x20 [ 182.707382][ T706] ? __fdget_pos+0x27e/0x310 [ 182.711962][ T706] ksys_write+0x198/0x2c0 [ 182.716289][ T706] ? do_notify_parent+0xa60/0xa60 [ 182.721298][ T706] ? __ia32_sys_read+0x90/0x90 [ 182.726035][ T706] ? __ia32_sys_open+0x270/0x270 [ 182.730957][ T706] __x64_sys_write+0x7b/0x90 [ 182.735539][ T706] do_syscall_64+0x34/0x70 [ 182.739941][ T706] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 182.745807][ T706] RIP: 0033:0x7fc8ece62c09 [ 182.750201][ T706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 182.769792][ T706] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 712] write(4, "+pids ", 6 [pid 706] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 706] close(3) = 0 [pid 706] close(4) = 0 [pid 706] close(5) = 0 [pid 706] close(6) = -1 EBADF (Bad file descriptor) [pid 706] close(7) = -1 EBADF (Bad file descriptor) [pid 706] close(8) = -1 EBADF (Bad file descriptor) [pid 706] close(9) = -1 EBADF (Bad file descriptor) [pid 706] close(10) = -1 EBADF (Bad file descriptor) [pid 706] close(11) = -1 EBADF (Bad file descriptor) [pid 706] close(12) = -1 EBADF (Bad file descriptor) [pid 706] close(13) = -1 EBADF (Bad file descriptor) [pid 706] close(14) = -1 EBADF (Bad file descriptor) [pid 706] close(15) = -1 EBADF (Bad file descriptor) [pid 706] close(16) = -1 EBADF (Bad file descriptor) [pid 706] close(17) = -1 EBADF (Bad file descriptor) [pid 706] close(18) = -1 EBADF (Bad file descriptor) [pid 706] close(19) = -1 EBADF (Bad file descriptor) [pid 706] close(20) = -1 EBADF (Bad file descriptor) [pid 706] close(21) = -1 EBADF (Bad file descriptor) [pid 706] close(22) = -1 EBADF (Bad file descriptor) [pid 706] close(23) = -1 EBADF (Bad file descriptor) [pid 706] close(24) = -1 EBADF (Bad file descriptor) [pid 706] close(25) = -1 EBADF (Bad file descriptor) [pid 706] close(26) = -1 EBADF (Bad file descriptor) [pid 706] close(27) = -1 EBADF (Bad file descriptor) [pid 706] close(28) = -1 EBADF (Bad file descriptor) [pid 706] close(29) = -1 EBADF (Bad file descriptor) [pid 706] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 706] exit_group(0) = ? [pid 706] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./55/binderfs") = 0 [pid 381] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./55/cgroup") = 0 [pid 381] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./55/cgroup.net") = 0 [pid 381] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 182.778200][ T706] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 182.786156][ T706] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 182.794109][ T706] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 182.802065][ T706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 182.810023][ T706] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 182.820427][ T706] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./55/file0") = 0 [pid 381] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./55/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./55") = 0 [pid 381] mkdir("./56", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 58 [ 182.850752][ T711] FAULT_INJECTION: forcing a failure. [ 182.850752][ T711] name failslab, interval 1, probability 0, space 0, times 0 [ 182.863555][ T711] CPU: 0 PID: 711 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 182.875177][ T711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.885211][ T711] Call Trace: [ 182.888486][ T711] dump_stack_lvl+0x1e2/0x24b [ 182.893142][ T711] ? bfq_pos_tree_add_move+0x43e/0x43e [ 182.898579][ T711] ? selinux_kernfs_init_security+0x1a8/0x760 [ 182.904621][ T711] dump_stack+0x15/0x17 [ 182.908755][ T711] should_fail+0x3c0/0x510 [ 182.913150][ T711] ? __kernfs_new_node+0x99/0x6e0 [ 182.918154][ T711] __should_failslab+0x9f/0xe0 [ 182.922898][ T711] should_failslab+0x9/0x20 [ 182.927380][ T711] __kmalloc_track_caller+0x5f/0x350 [ 182.932642][ T711] kstrdup_const+0x55/0x90 [ 182.937047][ T711] __kernfs_new_node+0x99/0x6e0 [ 182.941990][ T711] ? is_module_text_address+0xe1/0x140 [ 182.947433][ T711] ? kernfs_new_node+0x170/0x170 [ 182.952362][ T711] ? ptr_to_hashval+0x60/0x60 [ 182.957021][ T711] ? arch_stack_walk+0xf8/0x140 [ 182.961852][ T711] ? snprintf+0xd6/0x120 [ 182.966078][ T711] kernfs_new_node+0x97/0x170 [ 182.970741][ T711] __kernfs_create_file+0x4a/0x270 [ 182.975838][ T711] cgroup_addrm_files+0xab8/0xfe0 [ 182.980847][ T711] ? ____kasan_kmalloc+0xdc/0x110 [ 182.985848][ T711] ? __kasan_kmalloc+0x9/0x10 [ 182.990505][ T711] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 182.996031][ T711] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 183.002166][ T711] ? delete_node+0x759/0x7b0 [ 183.006737][ T711] ? __kasan_check_read+0x11/0x20 [ 183.011738][ T711] ? delete_node+0x759/0x7b0 [ 183.016312][ T711] ? __kasan_check_write+0x14/0x20 [ 183.021403][ T711] ? idr_replace+0x1c4/0x230 [ 183.025971][ T711] ? idr_get_next+0x4b0/0x4b0 [ 183.030626][ T711] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 183.035628][ T711] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 183.040827][ T711] css_populate_dir+0x137/0x370 [ 183.045659][ T711] cgroup_apply_control_enable+0x8b9/0x12f0 [ 183.051531][ T711] cgroup_apply_control+0x93/0x710 [ 183.056619][ T711] ? css_next_child+0x160/0x160 [ 183.061447][ T711] ? stack_trace_save+0x12d/0x1f0 [ 183.066449][ T711] ? io_schedule+0x120/0x120 [ 183.071016][ T711] ? kernfs_fop_write_iter+0x15e/0x410 [ 183.076451][ T711] ? __kasan_check_write+0x14/0x20 [ 183.081542][ T711] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 183.086808][ T711] cgroup_subtree_control_write+0xd19/0x1310 [ 183.092769][ T711] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 183.098727][ T711] ? __kasan_check_write+0x14/0x20 [ 183.103833][ T711] ? _copy_from_iter+0x3fb/0xd60 [ 183.108754][ T711] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 183.114710][ T711] cgroup_file_write+0x28e/0x590 [ 183.119629][ T711] ? cgroup_seqfile_stop+0xc0/0xc0 [ 183.124721][ T711] ? mutex_lock+0xa6/0x110 [ 183.129117][ T711] ? mutex_trylock+0xb0/0xb0 [ 183.133688][ T711] ? __kasan_check_write+0x14/0x20 [ 183.138779][ T711] kernfs_fop_write_iter+0x2d0/0x410 [ 183.144053][ T711] ? cgroup_seqfile_stop+0xc0/0xc0 [ 183.149151][ T711] vfs_write+0xc1c/0xf40 [ 183.153377][ T711] ? __kasan_check_write+0x14/0x20 [ 183.158471][ T711] ? kernel_write+0x3c0/0x3c0 [ 183.163141][ T711] ? _raw_spin_unlock_irq+0x4e/0x70 [ 183.168323][ T711] ? ptrace_stop+0x6ff/0x9f0 [ 183.172894][ T711] ? __kasan_check_read+0x11/0x20 [ 183.177898][ T711] ? __fdget_pos+0x27e/0x310 [ 183.182468][ T711] ksys_write+0x198/0x2c0 [ 183.186783][ T711] ? do_notify_parent+0xa60/0xa60 [ 183.191789][ T711] ? __ia32_sys_read+0x90/0x90 [ 183.196538][ T711] ? __ia32_sys_open+0x270/0x270 [ 183.201473][ T711] __x64_sys_write+0x7b/0x90 [ 183.206055][ T711] do_syscall_64+0x34/0x70 [ 183.210461][ T711] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 183.216344][ T711] RIP: 0033:0x7fc8ece62c09 [ 183.220746][ T711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.240339][ T711] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 ./strace-static-x86_64: Process 713 attached [pid 713] chdir("./56") = 0 [pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 713] setpgid(0, 0) = 0 [pid 713] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 711] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 713] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 713] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 711] close(3 [pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 711] <... close resumed>) = 0 [ 183.248747][ T711] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 183.256716][ T711] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 183.264682][ T711] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 183.272646][ T711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 183.280599][ T711] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 183.290212][ T711] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 713] <... openat resumed>) = 3 [pid 711] close(4 [pid 713] write(3, "1000", 4) = 4 [pid 713] close(3 [pid 711] <... close resumed>) = 0 [pid 711] close(5) = 0 [pid 711] close(6) = -1 EBADF (Bad file descriptor) [pid 711] close(7) = -1 EBADF (Bad file descriptor) [pid 711] close(8) = -1 EBADF (Bad file descriptor) [pid 711] close(9) = -1 EBADF (Bad file descriptor) [pid 711] close(10) = -1 EBADF (Bad file descriptor) [pid 711] close(11) = -1 EBADF (Bad file descriptor) [pid 711] close(12) = -1 EBADF (Bad file descriptor) [pid 711] close(13) = -1 EBADF (Bad file descriptor) [pid 711] close(14) = -1 EBADF (Bad file descriptor) [pid 711] close(15) = -1 EBADF (Bad file descriptor) [pid 711] close(16) = -1 EBADF (Bad file descriptor) [pid 711] close(17) = -1 EBADF (Bad file descriptor) [pid 711] close(18) = -1 EBADF (Bad file descriptor) [pid 711] close(19) = -1 EBADF (Bad file descriptor) [pid 711] close(20) = -1 EBADF (Bad file descriptor) [pid 711] close(21) = -1 EBADF (Bad file descriptor) [pid 711] close(22) = -1 EBADF (Bad file descriptor) [pid 711] close(23) = -1 EBADF (Bad file descriptor) [pid 711] close(24) = -1 EBADF (Bad file descriptor) [pid 711] close(25) = -1 EBADF (Bad file descriptor) [pid 711] close(26) = -1 EBADF (Bad file descriptor) [pid 711] close(27) = -1 EBADF (Bad file descriptor) [pid 711] close(28) = -1 EBADF (Bad file descriptor) [pid 711] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 711] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 711] exit_group(0 [pid 713] <... close resumed>) = 0 [pid 711] <... exit_group resumed>) = ? [pid 713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 713] mkdirat(AT_FDCWD, "./file0", 000 [pid 711] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 713] <... mkdirat resumed>) = 0 [pid 713] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 382] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./56/binderfs") = 0 [pid 382] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./56/cgroup") = 0 [pid 382] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./56/cgroup.net") = 0 [pid 382] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./56/file0") = 0 [pid 382] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./56/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./56") = 0 [pid 382] mkdir("./57", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 714 attached , child_tidptr=0x555556fab5d0) = 59 [pid 714] chdir("./57") = 0 [pid 714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 714] setpgid(0, 0) = 0 [pid 714] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 714] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 714] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 714] write(3, "1000", 4) = 4 [pid 714] close(3) = 0 [pid 714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 714] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 183.300942][ T708] FAULT_INJECTION: forcing a failure. [ 183.300942][ T708] name failslab, interval 1, probability 0, space 0, times 0 [ 183.323936][ T708] CPU: 0 PID: 708 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 183.335563][ T708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.346398][ T708] Call Trace: [ 183.349670][ T708] dump_stack_lvl+0x1e2/0x24b [ 183.354323][ T708] ? bfq_pos_tree_add_move+0x43e/0x43e [ 183.359763][ T708] ? selinux_kernfs_init_security+0x1a8/0x760 [ 183.365814][ T708] dump_stack+0x15/0x17 [ 183.369954][ T708] should_fail+0x3c0/0x510 [ 183.374355][ T708] ? __kernfs_new_node+0x99/0x6e0 [ 183.379367][ T708] __should_failslab+0x9f/0xe0 [ 183.384112][ T708] should_failslab+0x9/0x20 [ 183.388609][ T708] __kmalloc_track_caller+0x5f/0x350 [ 183.393880][ T708] kstrdup_const+0x55/0x90 [ 183.398279][ T708] __kernfs_new_node+0x99/0x6e0 [ 183.403115][ T708] ? is_module_text_address+0xe1/0x140 [ 183.408544][ T708] ? kernfs_new_node+0x170/0x170 [ 183.413454][ T708] ? ptr_to_hashval+0x60/0x60 [ 183.418118][ T708] ? arch_stack_walk+0xf8/0x140 [ 183.422950][ T708] ? snprintf+0xd6/0x120 [ 183.427166][ T708] kernfs_new_node+0x97/0x170 [ 183.431824][ T708] __kernfs_create_file+0x4a/0x270 [ 183.436908][ T708] cgroup_addrm_files+0xab8/0xfe0 [ 183.441917][ T708] ? ____kasan_kmalloc+0xdc/0x110 [ 183.446923][ T708] ? __kasan_kmalloc+0x9/0x10 [ 183.451670][ T708] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 183.457203][ T708] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 183.463344][ T708] ? delete_node+0x759/0x7b0 [ 183.467925][ T708] ? __kasan_check_read+0x11/0x20 [ 183.472932][ T708] ? delete_node+0x759/0x7b0 [ 183.477509][ T708] ? __kasan_check_write+0x14/0x20 [ 183.482597][ T708] ? idr_replace+0x1c4/0x230 [ 183.487161][ T708] ? idr_get_next+0x4b0/0x4b0 [ 183.491822][ T708] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 183.496830][ T708] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 183.502019][ T708] css_populate_dir+0x137/0x370 [ 183.506849][ T708] cgroup_apply_control_enable+0x8b9/0x12f0 [ 183.512727][ T708] cgroup_apply_control+0x93/0x710 [ 183.517822][ T708] ? css_next_child+0x160/0x160 [ 183.522654][ T708] ? stack_trace_save+0x12d/0x1f0 [ 183.527675][ T708] ? io_schedule+0x120/0x120 [ 183.532252][ T708] ? kernfs_fop_write_iter+0x15e/0x410 [ 183.537703][ T708] ? __kasan_check_write+0x14/0x20 [ 183.542802][ T708] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 183.548066][ T708] cgroup_subtree_control_write+0xd19/0x1310 [ 183.554022][ T708] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 183.559988][ T708] ? __kasan_check_write+0x14/0x20 [ 183.565083][ T708] ? _copy_from_iter+0x3fb/0xd60 [ 183.570008][ T708] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 183.575972][ T708] cgroup_file_write+0x28e/0x590 [ 183.580885][ T708] ? cgroup_seqfile_stop+0xc0/0xc0 [ 183.585977][ T708] ? mutex_lock+0xa6/0x110 [ 183.590367][ T708] ? mutex_trylock+0xb0/0xb0 [ 183.594942][ T708] ? __kasan_check_write+0x14/0x20 [ 183.600036][ T708] kernfs_fop_write_iter+0x2d0/0x410 [ 183.605303][ T708] ? cgroup_seqfile_stop+0xc0/0xc0 [ 183.610389][ T708] vfs_write+0xc1c/0xf40 [ 183.614616][ T708] ? __kasan_check_write+0x14/0x20 [ 183.619710][ T708] ? kernel_write+0x3c0/0x3c0 [ 183.624371][ T708] ? _raw_spin_unlock_irq+0x4e/0x70 [ 183.629553][ T708] ? ptrace_stop+0x6ff/0x9f0 [ 183.634126][ T708] ? __kasan_check_read+0x11/0x20 [ 183.639154][ T708] ? __fdget_pos+0x27e/0x310 [ 183.643743][ T708] ksys_write+0x198/0x2c0 [ 183.648066][ T708] ? do_notify_parent+0xa60/0xa60 [ 183.653085][ T708] ? __ia32_sys_read+0x90/0x90 [ 183.657832][ T708] ? __ia32_sys_open+0x270/0x270 [ 183.662751][ T708] __x64_sys_write+0x7b/0x90 [ 183.667327][ T708] do_syscall_64+0x34/0x70 [ 183.671717][ T708] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 183.677580][ T708] RIP: 0033:0x7fc8ece62c09 [ 183.681981][ T708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 183.701577][ T708] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.710071][ T708] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 183.718029][ T708] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 183.725988][ T708] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 183.733941][ T708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 183.741889][ T708] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000002f [pid 714] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 708] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 713] <... mount resumed>) = 0 [pid 708] close(3) = 0 [pid 708] close(4) = 0 [pid 708] close(5) = 0 [pid 708] close(6) = -1 EBADF (Bad file descriptor) [pid 708] close(7) = -1 EBADF (Bad file descriptor) [pid 708] close(8) = -1 EBADF (Bad file descriptor) [pid 708] close(9) = -1 EBADF (Bad file descriptor) [pid 708] close(10) = -1 EBADF (Bad file descriptor) [pid 708] close(11) = -1 EBADF (Bad file descriptor) [pid 708] close(12) = -1 EBADF (Bad file descriptor) [pid 708] close(13) = -1 EBADF (Bad file descriptor) [pid 708] close(14) = -1 EBADF (Bad file descriptor) [pid 708] close(15) = -1 EBADF (Bad file descriptor) [pid 708] close(16) = -1 EBADF (Bad file descriptor) [pid 708] close(17) = -1 EBADF (Bad file descriptor) [pid 708] close(18) = -1 EBADF (Bad file descriptor) [pid 708] close(19) = -1 EBADF (Bad file descriptor) [pid 708] close(20) = -1 EBADF (Bad file descriptor) [pid 708] close(21) = -1 EBADF (Bad file descriptor) [pid 708] close(22) = -1 EBADF (Bad file descriptor) [pid 708] close(23) = -1 EBADF (Bad file descriptor) [pid 708] close(24) = -1 EBADF (Bad file descriptor) [pid 708] close(25) = -1 EBADF (Bad file descriptor) [pid 708] close(26) = -1 EBADF (Bad file descriptor) [pid 708] close(27) = -1 EBADF (Bad file descriptor) [pid 708] close(28) = -1 EBADF (Bad file descriptor) [pid 708] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 708] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 708] exit_group(0) = ? [pid 714] <... mount resumed>) = 0 [pid 713] open("./file0", O_RDONLY [pid 708] +++ exited with 0 +++ [pid 714] open("./file0", O_RDONLY) = 3 [pid 714] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 714] write(4, "-pids ", 6 [pid 713] <... open resumed>) = 3 [pid 713] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 713] write(4, "-pids ", 6 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=49, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./47/binderfs") = 0 [pid 383] umount2("./47/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./47/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./47/cgroup") = 0 [pid 383] umount2("./47/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./47/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./47/cgroup.net") = 0 [pid 383] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./47/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./47/file0") = 0 [pid 383] umount2("./47/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./47/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./47/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./47") = 0 [pid 383] mkdir("./48", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 715 attached , child_tidptr=0x555556fab5d0) = 50 [pid 715] chdir("./48") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 713] <... write resumed>) = 6 [pid 715] setpgid(0, 0) = 0 [pid 715] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 715] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 715] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 715] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 715] mount(NULL, "./file0", "cgroup2", 0, NULL [ 183.752515][ T708] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 183.771798][ T710] FAULT_INJECTION: forcing a failure. [ 183.771798][ T710] name failslab, interval 1, probability 0, space 0, times 0 [ 183.784479][ T710] CPU: 0 PID: 710 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 183.796093][ T710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.806126][ T710] Call Trace: [ 183.809397][ T710] dump_stack_lvl+0x1e2/0x24b [ 183.814053][ T710] ? bfq_pos_tree_add_move+0x43e/0x43e [ 183.819492][ T710] ? selinux_kernfs_init_security+0x1a8/0x760 [ 183.825537][ T710] dump_stack+0x15/0x17 [ 183.829677][ T710] should_fail+0x3c0/0x510 [ 183.834073][ T710] ? __kernfs_new_node+0x99/0x6e0 [ 183.839076][ T710] __should_failslab+0x9f/0xe0 [ 183.843816][ T710] should_failslab+0x9/0x20 [ 183.848299][ T710] __kmalloc_track_caller+0x5f/0x350 [ 183.853566][ T710] kstrdup_const+0x55/0x90 [ 183.857963][ T710] __kernfs_new_node+0x99/0x6e0 [ 183.862794][ T710] ? is_module_text_address+0xe1/0x140 [ 183.868228][ T710] ? kernfs_new_node+0x170/0x170 [ 183.873141][ T710] ? ptr_to_hashval+0x60/0x60 [ 183.877796][ T710] ? arch_stack_walk+0xf8/0x140 [ 183.882638][ T710] ? snprintf+0xd6/0x120 [ 183.886862][ T710] kernfs_new_node+0x97/0x170 [ 183.891515][ T710] __kernfs_create_file+0x4a/0x270 [ 183.896601][ T710] cgroup_addrm_files+0xab8/0xfe0 [ 183.901602][ T710] ? ____kasan_kmalloc+0xdc/0x110 [ 183.906601][ T710] ? __kasan_kmalloc+0x9/0x10 [ 183.911254][ T710] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 183.916777][ T710] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 183.922911][ T710] ? delete_node+0x759/0x7b0 [ 183.927477][ T710] ? __kasan_check_read+0x11/0x20 [ 183.932478][ T710] ? delete_node+0x759/0x7b0 [ 183.937046][ T710] ? __kasan_check_write+0x14/0x20 [ 183.942134][ T710] ? idr_replace+0x1c4/0x230 [ 183.946702][ T710] ? idr_get_next+0x4b0/0x4b0 [ 183.951354][ T710] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 183.956354][ T710] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 183.961528][ T710] css_populate_dir+0x137/0x370 [ 183.966359][ T710] cgroup_apply_control_enable+0x8b9/0x12f0 [ 183.972232][ T710] cgroup_apply_control+0x93/0x710 [ 183.977321][ T710] ? css_next_child+0x160/0x160 [ 183.982145][ T710] ? stack_trace_save+0x12d/0x1f0 [ 183.987150][ T710] ? io_schedule+0x120/0x120 [ 183.991722][ T710] ? kernfs_fop_write_iter+0x15e/0x410 [ 183.997159][ T710] ? __kasan_check_write+0x14/0x20 [ 184.002247][ T710] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 184.007512][ T710] cgroup_subtree_control_write+0xd19/0x1310 [ 184.013470][ T710] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.019425][ T710] ? __kasan_check_write+0x14/0x20 [ 184.024516][ T710] ? _copy_from_iter+0x3fb/0xd60 [ 184.029430][ T710] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.035386][ T710] cgroup_file_write+0x28e/0x590 [ 184.040299][ T710] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.045389][ T710] ? mutex_lock+0xa6/0x110 [ 184.049786][ T710] ? mutex_trylock+0xb0/0xb0 [ 184.054354][ T710] ? __kasan_check_write+0x14/0x20 [ 184.059443][ T710] kernfs_fop_write_iter+0x2d0/0x410 [ 184.064707][ T710] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.069796][ T710] vfs_write+0xc1c/0xf40 [ 184.074021][ T710] ? __kasan_check_write+0x14/0x20 [ 184.079109][ T710] ? kernel_write+0x3c0/0x3c0 [ 184.083763][ T710] ? _raw_spin_unlock_irq+0x4e/0x70 [ 184.088936][ T710] ? ptrace_stop+0x6ff/0x9f0 [ 184.093506][ T710] ? __kasan_check_read+0x11/0x20 [ 184.098506][ T710] ? __fdget_pos+0x27e/0x310 [ 184.103072][ T710] ksys_write+0x198/0x2c0 [ 184.107379][ T710] ? do_notify_parent+0xa60/0xa60 [ 184.112379][ T710] ? __ia32_sys_read+0x90/0x90 [ 184.117118][ T710] ? __ia32_sys_open+0x270/0x270 [ 184.122035][ T710] __x64_sys_write+0x7b/0x90 [ 184.126604][ T710] do_syscall_64+0x34/0x70 [ 184.130998][ T710] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 184.136866][ T710] RIP: 0033:0x7fc8ece62c09 [ 184.141263][ T710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 184.160843][ T710] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.169232][ T710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 184.177181][ T710] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 184.185220][ T710] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 184.193168][ T710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 713] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 713] write(5, "22", 2) = 2 [pid 713] write(4, "+pids ", 6 [pid 710] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 715] <... mount resumed>) = 0 [pid 710] close(3 [pid 715] open("./file0", O_RDONLY [pid 710] <... close resumed>) = 0 [pid 715] <... open resumed>) = 3 [pid 710] close(4 [pid 715] openat(3, "cgroup.subtree_control", O_RDWR [pid 710] <... close resumed>) = 0 [pid 715] <... openat resumed>) = 4 [pid 710] close(5 [pid 715] write(4, "-pids ", 6 [pid 710] <... close resumed>) = 0 [pid 710] close(6) = -1 EBADF (Bad file descriptor) [pid 710] close(7) = -1 EBADF (Bad file descriptor) [pid 710] close(8) = -1 EBADF (Bad file descriptor) [pid 710] close(9) = -1 EBADF (Bad file descriptor) [pid 710] close(10) = -1 EBADF (Bad file descriptor) [pid 710] close(11) = -1 EBADF (Bad file descriptor) [pid 710] close(12) = -1 EBADF (Bad file descriptor) [pid 710] close(13) = -1 EBADF (Bad file descriptor) [pid 710] close(14) = -1 EBADF (Bad file descriptor) [pid 710] close(15) = -1 EBADF (Bad file descriptor) [pid 710] close(16) = -1 EBADF (Bad file descriptor) [pid 710] close(17) = -1 EBADF (Bad file descriptor) [pid 710] close(18) = -1 EBADF (Bad file descriptor) [pid 710] close(19) = -1 EBADF (Bad file descriptor) [pid 710] close(20) = -1 EBADF (Bad file descriptor) [pid 710] close(21) = -1 EBADF (Bad file descriptor) [pid 710] close(22) = -1 EBADF (Bad file descriptor) [pid 710] close(23) = -1 EBADF (Bad file descriptor) [pid 710] close(24) = -1 EBADF (Bad file descriptor) [pid 710] close(25) = -1 EBADF (Bad file descriptor) [pid 710] close(26) = -1 EBADF (Bad file descriptor) [pid 710] close(27) = -1 EBADF (Bad file descriptor) [pid 710] close(28) = -1 EBADF (Bad file descriptor) [pid 710] close(29) = -1 EBADF (Bad file descriptor) [pid 710] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 710] exit_group(0) = ? [pid 710] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./51/binderfs") = 0 [pid 380] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./51/cgroup") = 0 [pid 380] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./51/cgroup.net") = 0 [pid 715] <... write resumed>) = 6 [pid 714] <... write resumed>) = 6 [pid 715] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 714] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 715] <... openat resumed>) = 5 [pid 714] <... openat resumed>) = 5 [pid 715] write(5, "22", 2 [pid 714] write(5, "22", 2 [pid 715] <... write resumed>) = 2 [pid 714] <... write resumed>) = 2 [pid 715] write(4, "+pids ", 6 [pid 714] write(4, "+pids ", 6 [pid 380] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./51/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./51/file0") = 0 [pid 380] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./51/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./51/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./51") = 0 [ 184.201118][ T710] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [ 184.212479][ T710] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 184.240791][ T713] FAULT_INJECTION: forcing a failure. [ 184.240791][ T713] name failslab, interval 1, probability 0, space 0, times 0 [pid 380] mkdir("./52", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 54 ./strace-static-x86_64: Process 716 attached [pid 716] chdir("./52") = 0 [pid 716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 716] setpgid(0, 0) = 0 [pid 716] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 716] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 716] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 716] write(3, "1000", 4) = 4 [pid 716] close(3) = 0 [pid 716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 716] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 184.253504][ T713] CPU: 0 PID: 713 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 184.265116][ T713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.275151][ T713] Call Trace: [ 184.278488][ T713] dump_stack_lvl+0x1e2/0x24b [ 184.283152][ T713] ? bfq_pos_tree_add_move+0x43e/0x43e [ 184.288705][ T713] ? selinux_kernfs_init_security+0x1a8/0x760 [ 184.294754][ T713] dump_stack+0x15/0x17 [ 184.298887][ T713] should_fail+0x3c0/0x510 [ 184.303283][ T713] ? __kernfs_new_node+0x99/0x6e0 [ 184.308291][ T713] __should_failslab+0x9f/0xe0 [ 184.313048][ T713] should_failslab+0x9/0x20 [ 184.317554][ T713] __kmalloc_track_caller+0x5f/0x350 [ 184.322827][ T713] kstrdup_const+0x55/0x90 [ 184.327219][ T713] __kernfs_new_node+0x99/0x6e0 [ 184.332052][ T713] ? is_module_text_address+0xe1/0x140 [ 184.337491][ T713] ? kernfs_new_node+0x170/0x170 [ 184.342401][ T713] ? ptr_to_hashval+0x60/0x60 [ 184.347070][ T713] ? arch_stack_walk+0xf8/0x140 [ 184.351926][ T713] ? snprintf+0xd6/0x120 [ 184.356163][ T713] kernfs_new_node+0x97/0x170 [ 184.360837][ T713] __kernfs_create_file+0x4a/0x270 [ 184.365932][ T713] cgroup_addrm_files+0xab8/0xfe0 [ 184.370946][ T713] ? ____kasan_kmalloc+0xdc/0x110 [ 184.375957][ T713] ? __kasan_kmalloc+0x9/0x10 [ 184.380610][ T713] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 184.386131][ T713] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 184.392257][ T713] ? delete_node+0x759/0x7b0 [ 184.396820][ T713] ? __kasan_check_read+0x11/0x20 [ 184.401827][ T713] ? delete_node+0x759/0x7b0 [ 184.406412][ T713] ? __kasan_check_write+0x14/0x20 [ 184.411509][ T713] ? idr_replace+0x1c4/0x230 [ 184.416072][ T713] ? idr_get_next+0x4b0/0x4b0 [ 184.420722][ T713] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 184.425729][ T713] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 184.430910][ T713] css_populate_dir+0x137/0x370 [ 184.435738][ T713] cgroup_apply_control_enable+0x8b9/0x12f0 [ 184.441612][ T713] cgroup_apply_control+0x93/0x710 [ 184.446699][ T713] ? css_next_child+0x160/0x160 [ 184.451522][ T713] ? io_schedule+0x120/0x120 [ 184.456086][ T713] ? kernfs_fop_write_iter+0x15e/0x410 [ 184.461519][ T713] ? __kasan_check_write+0x14/0x20 [ 184.466604][ T713] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 184.471864][ T713] cgroup_subtree_control_write+0xd19/0x1310 [ 184.477826][ T713] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.483785][ T713] ? __kasan_check_write+0x14/0x20 [ 184.488885][ T713] ? _copy_from_iter+0x3fb/0xd60 [ 184.493811][ T713] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.499788][ T713] cgroup_file_write+0x28e/0x590 [ 184.504712][ T713] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.509804][ T713] ? mutex_lock+0xa6/0x110 [ 184.514217][ T713] ? mutex_trylock+0xb0/0xb0 [ 184.518791][ T713] ? __kasan_check_write+0x14/0x20 [ 184.523902][ T713] kernfs_fop_write_iter+0x2d0/0x410 [ 184.529175][ T713] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.534267][ T713] vfs_write+0xc1c/0xf40 [ 184.538485][ T713] ? __kasan_check_write+0x14/0x20 [ 184.543569][ T713] ? kernel_write+0x3c0/0x3c0 [ 184.548221][ T713] ? _raw_spin_unlock_irq+0x4e/0x70 [ 184.553409][ T713] ? ptrace_stop+0x6ff/0x9f0 [ 184.557970][ T713] ? __kasan_check_read+0x11/0x20 [ 184.562973][ T713] ? __fdget_pos+0x27e/0x310 [ 184.567543][ T713] ksys_write+0x198/0x2c0 [ 184.571862][ T713] ? do_notify_parent+0xa60/0xa60 [ 184.576866][ T713] ? __ia32_sys_read+0x90/0x90 [ 184.581621][ T713] ? __ia32_sys_open+0x270/0x270 [ 184.586532][ T713] __x64_sys_write+0x7b/0x90 [ 184.591093][ T713] do_syscall_64+0x34/0x70 [ 184.595484][ T713] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 184.601360][ T713] RIP: 0033:0x7fc8ece62c09 [ 184.605767][ T713] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 184.625445][ T713] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 184.633833][ T713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 184.641786][ T713] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 184.649740][ T713] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [pid 716] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 713] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 716] <... mount resumed>) = 0 [pid 713] close(3 [pid 716] open("./file0", O_RDONLY [pid 713] <... close resumed>) = 0 [pid 716] <... open resumed>) = 3 [pid 713] close(4 [pid 716] openat(3, "cgroup.subtree_control", O_RDWR [pid 713] <... close resumed>) = 0 [pid 716] <... openat resumed>) = 4 [pid 713] close(5 [pid 716] write(4, "-pids ", 6 [pid 713] <... close resumed>) = 0 [pid 713] close(6) = -1 EBADF (Bad file descriptor) [pid 713] close(7) = -1 EBADF (Bad file descriptor) [pid 713] close(8) = -1 EBADF (Bad file descriptor) [pid 713] close(9) = -1 EBADF (Bad file descriptor) [pid 713] close(10) = -1 EBADF (Bad file descriptor) [pid 713] close(11) = -1 EBADF (Bad file descriptor) [pid 713] close(12) = -1 EBADF (Bad file descriptor) [pid 713] close(13) = -1 EBADF (Bad file descriptor) [pid 713] close(14) = -1 EBADF (Bad file descriptor) [pid 713] close(15) = -1 EBADF (Bad file descriptor) [pid 713] close(16) = -1 EBADF (Bad file descriptor) [pid 713] close(17) = -1 EBADF (Bad file descriptor) [pid 713] close(18) = -1 EBADF (Bad file descriptor) [pid 713] close(19) = -1 EBADF (Bad file descriptor) [pid 713] close(20) = -1 EBADF (Bad file descriptor) [pid 713] close(21) = -1 EBADF (Bad file descriptor) [pid 713] close(22) = -1 EBADF (Bad file descriptor) [pid 713] close(23) = -1 EBADF (Bad file descriptor) [pid 713] close(24) = -1 EBADF (Bad file descriptor) [pid 713] close(25) = -1 EBADF (Bad file descriptor) [pid 713] close(26) = -1 EBADF (Bad file descriptor) [pid 713] close(27) = -1 EBADF (Bad file descriptor) [pid 713] close(28) = -1 EBADF (Bad file descriptor) [pid 713] close(29) = -1 EBADF (Bad file descriptor) [pid 713] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 713] exit_group(0) = ? [pid 713] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 184.657694][ T713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 184.665640][ T713] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 184.675638][ T713] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 184.700424][ T714] FAULT_INJECTION: forcing a failure. [ 184.700424][ T714] name failslab, interval 1, probability 0, space 0, times 0 [ 184.713106][ T714] CPU: 0 PID: 714 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 184.724708][ T714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.734736][ T714] Call Trace: [ 184.738007][ T714] dump_stack_lvl+0x1e2/0x24b [ 184.742664][ T714] ? bfq_pos_tree_add_move+0x43e/0x43e [ 184.748097][ T714] ? selinux_kernfs_init_security+0x1a8/0x760 [ 184.754138][ T714] dump_stack+0x15/0x17 [ 184.758270][ T714] should_fail+0x3c0/0x510 [ 184.763011][ T714] ? __kernfs_new_node+0x99/0x6e0 [ 184.768013][ T714] __should_failslab+0x9f/0xe0 [ 184.772753][ T714] should_failslab+0x9/0x20 [ 184.777230][ T714] __kmalloc_track_caller+0x5f/0x350 [ 184.782490][ T714] kstrdup_const+0x55/0x90 [ 184.786888][ T714] __kernfs_new_node+0x99/0x6e0 [ 184.791715][ T714] ? is_module_text_address+0xe1/0x140 [ 184.797146][ T714] ? kernfs_new_node+0x170/0x170 [ 184.802063][ T714] ? ptr_to_hashval+0x60/0x60 [ 184.806713][ T714] ? arch_stack_walk+0xf8/0x140 [ 184.811536][ T714] ? snprintf+0xd6/0x120 [ 184.815756][ T714] kernfs_new_node+0x97/0x170 [ 184.820410][ T714] __kernfs_create_file+0x4a/0x270 [ 184.825495][ T714] cgroup_addrm_files+0xab8/0xfe0 [ 184.830497][ T714] ? ____kasan_kmalloc+0xdc/0x110 [ 184.835496][ T714] ? __kasan_kmalloc+0x9/0x10 [ 184.840150][ T714] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 184.845673][ T714] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 184.851798][ T714] ? delete_node+0x759/0x7b0 [ 184.856365][ T714] ? __kasan_check_read+0x11/0x20 [ 184.861361][ T714] ? delete_node+0x759/0x7b0 [ 184.865924][ T714] ? __kasan_check_write+0x14/0x20 [ 184.871010][ T714] ? idr_replace+0x1c4/0x230 [ 184.875575][ T714] ? idr_get_next+0x4b0/0x4b0 [ 184.880227][ T714] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 184.885226][ T714] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 184.890402][ T714] css_populate_dir+0x137/0x370 [ 184.895228][ T714] cgroup_apply_control_enable+0x8b9/0x12f0 [ 184.901097][ T714] cgroup_apply_control+0x93/0x710 [ 184.906186][ T714] ? css_next_child+0x160/0x160 [ 184.911012][ T714] ? stack_trace_save+0x12d/0x1f0 [ 184.916011][ T714] ? io_schedule+0x120/0x120 [ 184.920576][ T714] ? kernfs_fop_write_iter+0x15e/0x410 [ 184.926008][ T714] ? __kasan_check_write+0x14/0x20 [ 184.931094][ T714] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 184.936354][ T714] cgroup_subtree_control_write+0xd19/0x1310 [ 184.942308][ T714] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.948263][ T714] ? __kasan_check_write+0x14/0x20 [ 184.953348][ T714] ? _copy_from_iter+0x3fb/0xd60 [ 184.958259][ T714] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 184.964211][ T714] cgroup_file_write+0x28e/0x590 [ 184.969130][ T714] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.974217][ T714] ? mutex_lock+0xa6/0x110 [ 184.978620][ T714] ? mutex_trylock+0xb0/0xb0 [ 184.983195][ T714] ? __kasan_check_write+0x14/0x20 [ 184.988286][ T714] kernfs_fop_write_iter+0x2d0/0x410 [ 184.993543][ T714] ? cgroup_seqfile_stop+0xc0/0xc0 [ 184.998635][ T714] vfs_write+0xc1c/0xf40 [ 185.002858][ T714] ? __kasan_check_write+0x14/0x20 [ 185.007946][ T714] ? kernel_write+0x3c0/0x3c0 [ 185.012601][ T714] ? _raw_spin_unlock_irq+0x4e/0x70 [ 185.017773][ T714] ? ptrace_stop+0x6ff/0x9f0 [ 185.022336][ T714] ? __kasan_check_read+0x11/0x20 [ 185.027334][ T714] ? __fdget_pos+0x27e/0x310 [ 185.031897][ T714] ksys_write+0x198/0x2c0 [ 185.036205][ T714] ? do_notify_parent+0xa60/0xa60 [ 185.041204][ T714] ? __ia32_sys_read+0x90/0x90 [ 185.045943][ T714] ? __ia32_sys_open+0x270/0x270 [ 185.050856][ T714] __x64_sys_write+0x7b/0x90 [ 185.055423][ T714] do_syscall_64+0x34/0x70 [ 185.059816][ T714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 185.065681][ T714] RIP: 0033:0x7fc8ece62c09 [ 185.070073][ T714] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.089649][ T714] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 381] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 716] <... write resumed>) = 6 [pid 716] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 716] write(5, "22", 2) = 2 [pid 716] write(4, "+pids ", 6 [pid 381] <... openat resumed>) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./56/binderfs") = 0 [pid 381] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./56/cgroup") = 0 [pid 381] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./56/cgroup.net") = 0 [pid 381] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 714] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 714] close(3 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 714] <... close resumed>) = 0 [pid 381] lstat("./56/file0", [pid 714] close(4 [pid 381] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 714] <... close resumed>) = 0 [pid 381] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 714] close(5 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 714] <... close resumed>) = 0 [pid 381] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 714] close(6 [pid 381] <... openat resumed>) = 4 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] fstat(4, [pid 714] close(7 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] getdents64(4, [pid 714] close(8 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] getdents64(4, [pid 714] close(9 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] close(4 [pid 714] close(10 [pid 381] <... close resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] rmdir("./56/file0" [pid 714] close(11 [pid 381] <... rmdir resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 714] close(12 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] lstat("./56/cgroup.cpu", [pid 714] close(13 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] unlink("./56/cgroup.cpu" [pid 714] close(14 [pid 381] <... unlink resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] getdents64(3, [pid 714] close(15 [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] close(3 [pid 714] close(16 [pid 381] <... close resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] rmdir("./56" [pid 714] close(17 [pid 381] <... rmdir resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] mkdir("./57", 0777 [pid 714] close(18 [pid 381] <... mkdir resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 714] close(19./strace-static-x86_64: Process 717 attached ) = -1 EBADF (Bad file descriptor) [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 59 [pid 717] chdir("./57" [pid 714] close(20) = -1 EBADF (Bad file descriptor) [pid 717] <... chdir resumed>) = 0 [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 714] close(21 [pid 717] <... prctl resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] setpgid(0, 0 [pid 714] close(22 [pid 717] <... setpgid resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 714] close(23 [pid 717] <... symlink resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 714] close(24 [pid 717] <... symlink resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 714] close(25 [pid 717] <... symlink resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 714] close(26 [pid 717] <... openat resumed>) = 3 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] write(3, "1000", 4 [pid 714] close(27 [pid 717] <... write resumed>) = 4 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] close(3 [pid 714] close(28 [pid 717] <... close resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] symlink("/dev/binderfs", "./binderfs" [pid 714] close(29 [pid 717] <... symlink resumed>) = 0 [pid 714] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 717] mkdirat(AT_FDCWD, "./file0", 000 [pid 714] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 717] <... mkdirat resumed>) = 0 write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 717] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 714] <... write resumed>) = 89 [pid 717] <... mount resumed>) = 0 [pid 714] exit_group(0 [pid 717] open("./file0", O_RDONLY [pid 714] <... exit_group resumed>) = ? [pid 717] <... open resumed>) = 3 [pid 714] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 717] openat(3, "cgroup.subtree_control", O_RDWR [pid 382] restart_syscall(<... resuming interrupted clone ...> [pid 717] <... openat resumed>) = 4 [pid 717] write(4, "-pids ", 6 [pid 382] <... restart_syscall resumed>) = 0 [pid 382] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./57/binderfs") = 0 [pid 382] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./57/cgroup") = 0 [pid 382] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./57/cgroup.net") = 0 [pid 382] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./57/file0") = 0 [pid 382] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./57/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./57") = 0 [pid 382] mkdir("./58", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 718 attached , child_tidptr=0x555556fab5d0) = 60 [pid 718] chdir("./58") = 0 [pid 718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 718] setpgid(0, 0) = 0 [ 185.098037][ T714] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 185.105988][ T714] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 185.113933][ T714] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 185.121878][ T714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 185.129824][ T714] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 [ 185.141197][ T714] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 718] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 718] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 718] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 718] write(3, "1000", 4) = 4 [pid 718] close(3) = 0 [pid 718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 718] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 185.170775][ T716] FAULT_INJECTION: forcing a failure. [ 185.170775][ T716] name failslab, interval 1, probability 0, space 0, times 0 [ 185.183976][ T716] CPU: 0 PID: 716 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 185.195591][ T716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.205624][ T716] Call Trace: [ 185.208891][ T716] dump_stack_lvl+0x1e2/0x24b [ 185.213555][ T716] ? bfq_pos_tree_add_move+0x43e/0x43e [ 185.219002][ T716] ? selinux_kernfs_init_security+0x1a8/0x760 [ 185.225043][ T716] dump_stack+0x15/0x17 [ 185.229175][ T716] should_fail+0x3c0/0x510 [ 185.233564][ T716] ? __kernfs_new_node+0x99/0x6e0 [ 185.238564][ T716] __should_failslab+0x9f/0xe0 [ 185.243313][ T716] should_failslab+0x9/0x20 [ 185.247810][ T716] __kmalloc_track_caller+0x5f/0x350 [ 185.253094][ T716] kstrdup_const+0x55/0x90 [ 185.257502][ T716] __kernfs_new_node+0x99/0x6e0 [ 185.262339][ T716] ? is_module_text_address+0xe1/0x140 [ 185.267777][ T716] ? kernfs_new_node+0x170/0x170 [ 185.272695][ T716] ? ptr_to_hashval+0x60/0x60 [ 185.277361][ T716] ? arch_stack_walk+0xf8/0x140 [ 185.282191][ T716] ? snprintf+0xd6/0x120 [ 185.286411][ T716] kernfs_new_node+0x97/0x170 [ 185.291068][ T716] __kernfs_create_file+0x4a/0x270 [ 185.296164][ T716] cgroup_addrm_files+0xab8/0xfe0 [ 185.301175][ T716] ? ____kasan_kmalloc+0xdc/0x110 [ 185.306177][ T716] ? __kasan_kmalloc+0x9/0x10 [ 185.310830][ T716] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 185.316351][ T716] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 185.322477][ T716] ? delete_node+0x759/0x7b0 [ 185.327049][ T716] ? __kasan_check_read+0x11/0x20 [ 185.332053][ T716] ? delete_node+0x759/0x7b0 [ 185.336724][ T716] ? __kasan_check_write+0x14/0x20 [ 185.341819][ T716] ? idr_replace+0x1c4/0x230 [ 185.346383][ T716] ? idr_get_next+0x4b0/0x4b0 [ 185.351033][ T716] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 185.356033][ T716] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 185.361224][ T716] css_populate_dir+0x137/0x370 [ 185.366061][ T716] cgroup_apply_control_enable+0x8b9/0x12f0 [ 185.371948][ T716] cgroup_apply_control+0x93/0x710 [ 185.377046][ T716] ? css_next_child+0x160/0x160 [ 185.381867][ T716] ? stack_trace_save+0x12d/0x1f0 [ 185.386869][ T716] ? io_schedule+0x120/0x120 [ 185.391444][ T716] ? kernfs_fop_write_iter+0x15e/0x410 [ 185.396885][ T716] ? __kasan_check_write+0x14/0x20 [ 185.401987][ T716] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 185.407252][ T716] cgroup_subtree_control_write+0xd19/0x1310 [ 185.413228][ T716] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 185.419197][ T716] ? __kasan_check_write+0x14/0x20 [ 185.424295][ T716] ? _copy_from_iter+0x3fb/0xd60 [ 185.429206][ T716] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 185.435218][ T716] cgroup_file_write+0x28e/0x590 [ 185.440149][ T716] ? cgroup_seqfile_stop+0xc0/0xc0 [ 185.445245][ T716] ? mutex_lock+0xa6/0x110 [ 185.449636][ T716] ? mutex_trylock+0xb0/0xb0 [ 185.454206][ T716] ? __kasan_check_write+0x14/0x20 [ 185.459292][ T716] kernfs_fop_write_iter+0x2d0/0x410 [ 185.464554][ T716] ? cgroup_seqfile_stop+0xc0/0xc0 [ 185.469647][ T716] vfs_write+0xc1c/0xf40 [ 185.473876][ T716] ? __kasan_check_write+0x14/0x20 [ 185.478977][ T716] ? kernel_write+0x3c0/0x3c0 [ 185.483650][ T716] ? _raw_spin_unlock_irq+0x4e/0x70 [ 185.488829][ T716] ? ptrace_stop+0x6ff/0x9f0 [ 185.493393][ T716] ? __kasan_check_read+0x11/0x20 [ 185.498400][ T716] ? __fdget_pos+0x27e/0x310 [ 185.502980][ T716] ksys_write+0x198/0x2c0 [ 185.507304][ T716] ? do_notify_parent+0xa60/0xa60 [ 185.512313][ T716] ? __ia32_sys_read+0x90/0x90 [ 185.517045][ T716] ? __ia32_sys_open+0x270/0x270 [ 185.521962][ T716] __x64_sys_write+0x7b/0x90 [ 185.526543][ T716] do_syscall_64+0x34/0x70 [ 185.530953][ T716] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 185.536836][ T716] RIP: 0033:0x7fc8ece62c09 [ 185.541242][ T716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 185.560832][ T716] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 718] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 716] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 718] <... mount resumed>) = 0 [pid 716] close(3) = 0 [pid 716] close(4) = 0 [pid 716] close(5) = 0 [pid 716] close(6) = -1 EBADF (Bad file descriptor) [pid 716] close(7) = -1 EBADF (Bad file descriptor) [pid 716] close(8) = -1 EBADF (Bad file descriptor) [pid 716] close(9) = -1 EBADF (Bad file descriptor) [pid 716] close(10) = -1 EBADF (Bad file descriptor) [pid 716] close(11) = -1 EBADF (Bad file descriptor) [pid 716] close(12) = -1 EBADF (Bad file descriptor) [pid 716] close(13) = -1 EBADF (Bad file descriptor) [pid 716] close(14) = -1 EBADF (Bad file descriptor) [pid 716] close(15) = -1 EBADF (Bad file descriptor) [pid 716] close(16) = -1 EBADF (Bad file descriptor) [pid 716] close(17) = -1 EBADF (Bad file descriptor) [pid 716] close(18) = -1 EBADF (Bad file descriptor) [pid 716] close(19) = -1 EBADF (Bad file descriptor) [pid 716] close(20) = -1 EBADF (Bad file descriptor) [pid 716] close(21) = -1 EBADF (Bad file descriptor) [pid 716] close(22) = -1 EBADF (Bad file descriptor) [pid 716] close(23) = -1 EBADF (Bad file descriptor) [pid 716] close(24) = -1 EBADF (Bad file descriptor) [pid 716] close(25) = -1 EBADF (Bad file descriptor) [pid 716] close(26) = -1 EBADF (Bad file descriptor) [pid 716] close(27) = -1 EBADF (Bad file descriptor) [pid 716] close(28) = -1 EBADF (Bad file descriptor) [pid 716] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 716] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 716] exit_group(0) = ? [pid 718] open("./file0", O_RDONLY [pid 716] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 718] <... open resumed>) = 3 [pid 718] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 718] write(4, "-pids ", 6 [pid 380] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./52/binderfs") = 0 [pid 380] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./52/cgroup") = 0 [pid 380] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./52/cgroup.net") = 0 [pid 380] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./52/file0") = 0 [pid 380] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./52/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./52") = 0 [pid 380] mkdir("./53", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 719 attached , child_tidptr=0x555556fab5d0) = 55 [pid 719] chdir("./53") = 0 [pid 719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 719] setpgid(0, 0) = 0 [pid 719] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 719] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 719] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 719] write(3, "1000", 4) = 4 [pid 719] close(3) = 0 [pid 719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 719] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 719] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 719] open("./file0", O_RDONLY) = 3 [pid 719] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 185.569220][ T716] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 185.577174][ T716] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 185.585130][ T716] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 185.593081][ T716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 185.601040][ T716] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [ 185.611258][ T716] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 719] write(4, "-pids ", 6 [pid 718] <... write resumed>) = 6 [pid 718] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 718] write(5, "22", 2) = 2 [ 185.640463][ T712] FAULT_INJECTION: forcing a failure. [ 185.640463][ T712] name failslab, interval 1, probability 0, space 0, times 0 [ 185.653571][ T712] CPU: 0 PID: 712 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 185.665185][ T712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.675215][ T712] Call Trace: [ 185.678492][ T712] dump_stack_lvl+0x1e2/0x24b [ 185.683153][ T712] ? bfq_pos_tree_add_move+0x43e/0x43e [ 185.688583][ T712] ? selinux_kernfs_init_security+0x1a8/0x760 [ 185.694622][ T712] dump_stack+0x15/0x17 [ 185.698751][ T712] should_fail+0x3c0/0x510 [ 185.703138][ T712] ? __kernfs_new_node+0x99/0x6e0 [ 185.708145][ T712] __should_failslab+0x9f/0xe0 [ 185.712895][ T712] should_failslab+0x9/0x20 [ 185.717370][ T712] __kmalloc_track_caller+0x5f/0x350 [ 185.722627][ T712] kstrdup_const+0x55/0x90 [ 185.727013][ T712] __kernfs_new_node+0x99/0x6e0 [ 185.731847][ T712] ? is_module_text_address+0xe1/0x140 [ 185.737293][ T712] ? kernfs_new_node+0x170/0x170 [ 185.742211][ T712] ? ptr_to_hashval+0x60/0x60 [ 185.746860][ T712] ? arch_stack_walk+0xf8/0x140 [ 185.751689][ T712] ? snprintf+0xd6/0x120 [ 185.755908][ T712] kernfs_new_node+0x97/0x170 [ 185.760555][ T712] __kernfs_create_file+0x4a/0x270 [ 185.765644][ T712] cgroup_addrm_files+0xab8/0xfe0 [ 185.770650][ T712] ? ____kasan_kmalloc+0xdc/0x110 [ 185.775646][ T712] ? __kasan_kmalloc+0x9/0x10 [ 185.780297][ T712] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 185.785817][ T712] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 185.791946][ T712] ? delete_node+0x759/0x7b0 [ 185.796526][ T712] ? __kasan_check_read+0x11/0x20 [ 185.801529][ T712] ? delete_node+0x759/0x7b0 [ 185.806099][ T712] ? __kasan_check_write+0x14/0x20 [ 185.811192][ T712] ? idr_replace+0x1c4/0x230 [ 185.815754][ T712] ? idr_get_next+0x4b0/0x4b0 [ 185.820413][ T712] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 185.825522][ T712] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 185.830698][ T712] css_populate_dir+0x137/0x370 [ 185.835533][ T712] cgroup_apply_control_enable+0x8b9/0x12f0 [ 185.841417][ T712] cgroup_apply_control+0x93/0x710 [ 185.846512][ T712] ? css_next_child+0x160/0x160 [ 185.851340][ T712] ? io_schedule+0x120/0x120 [ 185.855900][ T712] ? kernfs_fop_write_iter+0x15e/0x410 [ 185.861329][ T712] ? __kasan_check_write+0x14/0x20 [ 185.866424][ T712] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 185.871689][ T712] cgroup_subtree_control_write+0xd19/0x1310 [ 185.877648][ T712] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 185.883611][ T712] ? __kasan_check_write+0x14/0x20 [ 185.888694][ T712] ? _copy_from_iter+0x3fb/0xd60 [ 185.893607][ T712] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 185.899564][ T712] cgroup_file_write+0x28e/0x590 [ 185.904474][ T712] ? cgroup_seqfile_stop+0xc0/0xc0 [ 185.909563][ T712] ? mutex_lock+0xa6/0x110 [ 185.913967][ T712] ? mutex_trylock+0xb0/0xb0 [ 185.918541][ T712] ? __kasan_check_write+0x14/0x20 [ 185.923634][ T712] kernfs_fop_write_iter+0x2d0/0x410 [ 185.928903][ T712] ? cgroup_seqfile_stop+0xc0/0xc0 [ 185.933984][ T712] vfs_write+0xc1c/0xf40 [ 185.938197][ T712] ? __kasan_check_write+0x14/0x20 [ 185.943287][ T712] ? kernel_write+0x3c0/0x3c0 [ 185.947947][ T712] ? _raw_spin_unlock_irq+0x4e/0x70 [ 185.953123][ T712] ? ptrace_stop+0x6ff/0x9f0 [ 185.957695][ T712] ? __kasan_check_read+0x11/0x20 [ 185.962700][ T712] ? __fdget_pos+0x27e/0x310 [ 185.967271][ T712] ksys_write+0x198/0x2c0 [ 185.971579][ T712] ? do_notify_parent+0xa60/0xa60 [ 185.976584][ T712] ? __ia32_sys_read+0x90/0x90 [ 185.981329][ T712] ? __ia32_sys_open+0x270/0x270 [ 185.986237][ T712] __x64_sys_write+0x7b/0x90 [ 185.990806][ T712] do_syscall_64+0x34/0x70 [ 185.995204][ T712] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 186.001064][ T712] RIP: 0033:0x7fc8ece62c09 [ 186.005450][ T712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.025027][ T712] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.033412][ T712] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 718] write(4, "+pids ", 6 [pid 712] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 712] close(3) = 0 [pid 712] close(4) = 0 [pid 712] close(5) = 0 [pid 712] close(6) = -1 EBADF (Bad file descriptor) [pid 712] close(7) = -1 EBADF (Bad file descriptor) [pid 712] close(8) = -1 EBADF (Bad file descriptor) [pid 712] close(9) = -1 EBADF (Bad file descriptor) [pid 712] close(10) = -1 EBADF (Bad file descriptor) [pid 712] close(11) = -1 EBADF (Bad file descriptor) [pid 712] close(12) = -1 EBADF (Bad file descriptor) [pid 712] close(13) = -1 EBADF (Bad file descriptor) [pid 712] close(14) = -1 EBADF (Bad file descriptor) [pid 712] close(15) = -1 EBADF (Bad file descriptor) [pid 712] close(16) = -1 EBADF (Bad file descriptor) [pid 712] close(17) = -1 EBADF (Bad file descriptor) [pid 712] close(18) = -1 EBADF (Bad file descriptor) [pid 712] close(19) = -1 EBADF (Bad file descriptor) [pid 712] close(20) = -1 EBADF (Bad file descriptor) [pid 712] close(21) = -1 EBADF (Bad file descriptor) [pid 712] close(22) = -1 EBADF (Bad file descriptor) [pid 712] close(23) = -1 EBADF (Bad file descriptor) [pid 712] close(24) = -1 EBADF (Bad file descriptor) [pid 712] close(25) = -1 EBADF (Bad file descriptor) [pid 712] close(26) = -1 EBADF (Bad file descriptor) [pid 712] close(27) = -1 EBADF (Bad file descriptor) [pid 712] close(28) = -1 EBADF (Bad file descriptor) [pid 712] close(29) = -1 EBADF (Bad file descriptor) [pid 712] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 712] exit_group(0) = ? [pid 712] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./60/binderfs") = 0 [pid 375] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./60/cgroup") = 0 [pid 375] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./60/cgroup.net") = 0 [ 186.041356][ T712] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 186.049314][ T712] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 186.057270][ T712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 186.065214][ T712] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003c [ 186.075680][ T712] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 375] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 717] <... write resumed>) = 6 [ 186.104048][ T375] ------------[ cut here ]------------ [ 186.109562][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 186.118515][ T375] Modules linked in: [ 186.122551][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 186.134176][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.140478][ T709] FAULT_INJECTION: forcing a failure. [ 186.140478][ T709] name failslab, interval 1, probability 0, space 0, times 0 [ 186.144239][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 186.144254][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 186.182044][ T375] RSP: 0018:ffffc9000095fba0 EFLAGS: 00010293 [ 186.183667][ T709] CPU: 0 PID: 709 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 186.188104][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 186.199687][ T709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.199691][ T709] Call Trace: [ 186.199707][ T709] dump_stack_lvl+0x1e2/0x24b [ 186.199718][ T709] ? bfq_pos_tree_add_move+0x43e/0x43e [ 186.199728][ T709] ? selinux_kernfs_init_security+0x1a8/0x760 [ 186.199744][ T709] dump_stack+0x15/0x17 [ 186.207701][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 186.217715][ T709] should_fail+0x3c0/0x510 [ 186.217725][ T709] ? __kernfs_new_node+0x99/0x6e0 [ 186.217742][ T709] __should_failslab+0x9f/0xe0 [ 186.221008][ T375] RBP: ffffc9000095fc70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 186.225646][ T709] should_failslab+0x9/0x20 [ 186.231078][ T375] R10: fffff5200012bf65 R11: 1ffff9200012bf64 R12: dffffc0000000000 [ 186.237108][ T709] __kmalloc_track_caller+0x5f/0x350 [ 186.241236][ T375] R13: ffff88811cae9180 R14: ffffc9000095fc00 R15: 1ffff9200012bf7c [ 186.249170][ T709] kstrdup_const+0x55/0x90 [ 186.253559][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 186.258545][ T709] __kernfs_new_node+0x99/0x6e0 [ 186.263280][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.271224][ T709] ? is_module_text_address+0xe1/0x140 [ 186.271236][ T709] ? kernfs_new_node+0x170/0x170 [ 186.271254][ T709] ? ptr_to_hashval+0x60/0x60 [ 186.275727][ T375] CR2: 00007fc8ece1cc86 CR3: 000000011dd54000 CR4: 00000000003506a0 [ 186.283666][ T709] ? arch_stack_walk+0xf8/0x140 [ 186.283677][ T709] ? snprintf+0xd6/0x120 [ 186.283686][ T709] kernfs_new_node+0x97/0x170 [ 186.283704][ T709] __kernfs_create_file+0x4a/0x270 [ 186.288958][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 186.296897][ T709] cgroup_addrm_files+0xab8/0xfe0 [ 186.296908][ T709] ? ____kasan_kmalloc+0xdc/0x110 [ 186.296923][ T709] ? __kasan_kmalloc+0x9/0x10 [ 186.301322][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 186.310213][ T709] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 186.310233][ T709] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 186.315045][ T375] Call Trace: [ 186.321599][ T709] ? delete_node+0x759/0x7b0 [ 186.321609][ T709] ? __kasan_check_read+0x11/0x20 [ 186.321623][ T709] ? delete_node+0x759/0x7b0 [ 186.327055][ T375] ? io_schedule+0x120/0x120 [ 186.331953][ T709] ? __kasan_check_write+0x14/0x20 [ 186.331964][ T709] ? idr_replace+0x1c4/0x230 [ 186.331980][ T709] ? idr_get_next+0x4b0/0x4b0 [ 186.336630][ T375] ? vfs_submount+0xb0/0xb0 [ 186.344565][ T709] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 186.344574][ T709] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 186.344584][ T709] css_populate_dir+0x137/0x370 [ 186.344595][ T709] cgroup_apply_control_enable+0x8b9/0x12f0 [ 186.344614][ T709] cgroup_apply_control+0x93/0x710 [ 186.349434][ T375] ? shrink_dentry_list+0x4ec/0x500 [ 186.353644][ T709] ? css_next_child+0x160/0x160 [ 186.353653][ T709] ? stack_trace_save+0x12d/0x1f0 [ 186.353668][ T709] ? io_schedule+0x120/0x120 [ 186.358312][ T375] ? __kasan_check_write+0x14/0x20 [ 186.363384][ T709] ? kernfs_fop_write_iter+0x15e/0x410 [ 186.363393][ T709] ? __kasan_check_write+0x14/0x20 [ 186.363413][ T709] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 186.371367][ T375] namespace_unlock+0x448/0x4f0 [ 186.376349][ T709] cgroup_subtree_control_write+0xd19/0x1310 [ 186.381376][ T375] ? umount_tree+0xf50/0xf50 [ 186.386010][ T709] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 186.393970][ T375] ? __detach_mounts+0x670/0x670 [ 186.399472][ T709] ? __kasan_check_write+0x14/0x20 [ 186.405618][ T375] ? selinux_umount+0xf0/0x130 [ 186.408851][ T709] ? _copy_from_iter+0x3fb/0xd60 [ 186.413415][ T375] ? security_sb_umount+0x9d/0xb0 [ 186.418401][ T709] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 186.422967][ T375] path_umount+0xf03/0xfb0 [ 186.427522][ T709] cgroup_file_write+0x28e/0x590 [ 186.432611][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 186.437158][ T709] ? cgroup_seqfile_stop+0xc0/0xc0 [ 186.441813][ T375] ? user_path_at_empty+0x40/0x50 [ 186.446280][ T709] ? mutex_lock+0xa6/0x110 [ 186.451280][ T375] __x64_sys_umount+0x122/0x170 [ 186.456437][ T709] ? mutex_trylock+0xb0/0xb0 [ 186.461457][ T375] ? path_umount+0xfb0/0xfb0 [ 186.467277][ T709] ? __kasan_check_write+0x14/0x20 [ 186.472370][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 186.477520][ T709] kernfs_fop_write_iter+0x2d0/0x410 [ 186.482347][ T375] do_syscall_64+0x34/0x70 [ 186.487329][ T709] ? cgroup_seqfile_stop+0xc0/0xc0 [ 186.491896][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 186.496963][ T709] vfs_write+0xc1c/0xf40 [ 186.502396][ T375] RIP: 0033:0x7fc8ece63fb7 [ 186.507475][ T709] ? __kasan_check_write+0x14/0x20 [ 186.512736][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.517543][ T709] ? kernel_write+0x3c0/0x3c0 [ 186.523516][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 186.528053][ T709] ? _raw_spin_unlock_irq+0x4e/0x70 [ 186.534007][ T375] ORIG_RAX: 00000000000000a6 [ 186.538906][ T709] ? ptrace_stop+0x6ff/0x9f0 [ 186.543995][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 186.548720][ T709] ? __kasan_check_read+0x11/0x20 [ 186.553628][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 186.558614][ T709] ? __fdget_pos+0x27e/0x310 [ 186.564566][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 186.568945][ T709] ksys_write+0x198/0x2c0 [ 186.573856][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 186.578845][ T709] ? do_notify_parent+0xa60/0xa60 [ 186.583939][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000003d [ 186.588911][ T709] ? __ia32_sys_read+0x90/0x90 [ 186.593303][ T375] ---[ end trace d4de1ca9cdcd19a5 ]--- [ 186.598116][ T709] ? __ia32_sys_open+0x270/0x270 [ 186.770641][ T709] __x64_sys_write+0x7b/0x90 [ 186.775209][ T709] do_syscall_64+0x34/0x70 [ 186.779601][ T709] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 186.785475][ T709] RIP: 0033:0x7fc8ece62c09 [ 186.789871][ T709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 186.809448][ T709] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 186.817837][ T709] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 186.825780][ T709] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 186.833727][ T709] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 186.841671][ T709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 186.849618][ T709] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [pid 717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 717] write(5, "22", 2) = 2 [pid 717] write(4, "+pids ", 6 [pid 376] kill(-54, SIGKILL) = 0 [pid 376] kill(54, SIGKILL) = 0 [pid 709] <... write resumed>) = ? [pid 709] +++ killed by SIGKILL +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=54, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3} --- [pid 376] restart_syscall(<... resuming interrupted kill ...>) = 0 [ 186.858292][ T375] ------------[ cut here ]------------ [ 186.859692][ T709] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 186.863795][ T375] WARNING: CPU: 1 PID: 375 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 186.863799][ T375] Modules linked in: [ 186.863816][ T375] CPU: 1 PID: 375 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 186.863822][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.863840][ T375] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 186.911341][ T375] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 186.930943][ T375] RSP: 0018:ffffc9000095fca0 EFLAGS: 00010293 [ 186.936989][ T375] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e13c0 [ 186.944970][ T375] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 186.952947][ T375] RBP: ffffc9000095fd70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 186.960928][ T375] R10: fffff5200012bf85 R11: 1ffff9200012bf84 R12: dffffc0000000000 [ 186.968879][ T375] R13: ffff88811cae9180 R14: ffffc9000095fd00 R15: 1ffff9200012bf9c [ 186.976843][ T375] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 186.985762][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.992333][ T375] CR2: 00007fc8ece1cc86 CR3: 000000011dd54000 CR4: 00000000003506a0 [ 187.000304][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 187.008257][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 187.016255][ T375] Call Trace: [ 187.019538][ T375] ? lockref_get_or_lock+0x340/0x340 [ 187.024823][ T375] ? umount_tree+0xf50/0xf50 [ 187.029394][ T375] ? vfs_submount+0xb0/0xb0 [ 187.033890][ T375] ? dput+0x2b6/0x320 [ 187.037847][ T375] path_umount+0x1fe/0xfb0 [ 187.042259][ T375] ? namespace_unlock+0x4f0/0x4f0 [ 187.047259][ T375] ? user_path_at_empty+0x40/0x50 [ 187.052279][ T375] __x64_sys_umount+0x122/0x170 [ 187.057113][ T375] ? path_umount+0xfb0/0xfb0 [ 187.061694][ T375] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 187.067657][ T375] do_syscall_64+0x34/0x70 [ 187.072072][ T375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 187.077945][ T375] RIP: 0033:0x7fc8ece63fb7 [ 187.082368][ T375] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 376] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] <... umount2 resumed>) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./52/binderfs") = 0 [pid 376] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./52/cgroup") = 0 [pid 376] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./52/cgroup.net") = 0 [pid 376] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./60/file0") = 0 [pid 375] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./60/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./60") = 0 [pid 375] mkdir("./61", 0777) = 0 [pid 376] <... umount2 resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 63 ./strace-static-x86_64: Process 720 attached [pid 720] chdir("./61") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 376] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 720] <... prctl resumed>) = 0 [pid 720] setpgid(0, 0) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 720] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 720] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 720] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 376] lstat("./52/file0", [pid 720] <... symlink resumed>) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 720] write(3, "1000", 4 [pid 376] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./52/file0" [pid 720] <... write resumed>) = 4 [pid 720] close(3 [pid 376] <... rmdir resumed>) = 0 [pid 376] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./52/cgroup.cpu") = 0 [pid 376] getdents64(3, [pid 720] <... close resumed>) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs" [pid 376] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./52") = 0 [pid 376] mkdir("./53", 0777 [pid 720] <... symlink resumed>) = 0 [pid 720] mkdirat(AT_FDCWD, "./file0", 000 [pid 376] <... mkdir resumed>) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 720] <... mkdirat resumed>) = 0 [pid 720] mount(NULL, "./file0", "cgroup2", 0, NULL./strace-static-x86_64: Process 721 attached [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 55 [pid 721] chdir("./53") = 0 [pid 721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] <... mount resumed>) = 0 [pid 721] setpgid(0, 0 [pid 720] open("./file0", O_RDONLY [pid 721] <... setpgid resumed>) = 0 [pid 720] <... open resumed>) = 3 [pid 720] openat(3, "cgroup.subtree_control", O_RDWR [pid 721] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 720] <... openat resumed>) = 4 [pid 720] write(4, "-pids ", 6 [pid 721] <... symlink resumed>) = 0 [pid 721] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 721] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 721] write(3, "1000", 4) = 4 [pid 721] close(3) = 0 [pid 721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 721] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 721] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 721] open("./file0", O_RDONLY) = 3 [pid 721] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 187.101977][ T375] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 187.110380][ T375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 187.118337][ T375] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 187.126308][ T375] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 187.134269][ T375] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 187.142230][ T375] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000003d [ 187.150195][ T375] ---[ end trace d4de1ca9cdcd19a6 ]--- [pid 721] write(4, "-pids ", 6) = 6 [pid 719] <... write resumed>) = 6 [pid 721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 721] write(5, "22", 2) = 2 [pid 721] write(4, "+pids ", 6 [pid 719] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 719] write(5, "22", 2) = 2 [ 187.190559][ T715] FAULT_INJECTION: forcing a failure. [ 187.190559][ T715] name failslab, interval 1, probability 0, space 0, times 0 [ 187.203296][ T715] CPU: 0 PID: 715 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 187.214905][ T715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.224932][ T715] Call Trace: [ 187.228210][ T715] dump_stack_lvl+0x1e2/0x24b [ 187.232871][ T715] ? panic+0x7d7/0x7d7 [ 187.236919][ T715] ? bfq_pos_tree_add_move+0x43e/0x43e [ 187.242369][ T715] ? find_next_bit+0xd6/0x120 [ 187.247020][ T715] ? cpumask_next+0x11/0x30 [ 187.251495][ T715] dump_stack+0x15/0x17 [ 187.255623][ T715] should_fail+0x3c0/0x510 [ 187.260018][ T715] ? percpu_ref_init+0xd0/0x330 [ 187.264852][ T715] __should_failslab+0x9f/0xe0 [ 187.269587][ T715] should_failslab+0x9/0x20 [ 187.274065][ T715] kmem_cache_alloc_trace+0x3a/0x330 [ 187.279324][ T715] percpu_ref_init+0xd0/0x330 [ 187.283989][ T715] ? cgroup_setup_root+0xea0/0xea0 [ 187.289090][ T715] cgroup_apply_control_enable+0x3a2/0x12f0 [ 187.294977][ T715] cgroup_apply_control+0x93/0x710 [ 187.300068][ T715] ? css_next_child+0x160/0x160 [ 187.304896][ T715] ? stack_trace_save+0x12d/0x1f0 [ 187.309898][ T715] ? io_schedule+0x120/0x120 [ 187.314470][ T715] ? kernfs_fop_write_iter+0x15e/0x410 [ 187.319913][ T715] ? __kasan_check_write+0x14/0x20 [ 187.325000][ T715] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 187.330259][ T715] cgroup_subtree_control_write+0xd19/0x1310 [ 187.336213][ T715] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 187.342164][ T715] ? __kasan_check_write+0x14/0x20 [ 187.347249][ T715] ? _copy_from_iter+0x3fb/0xd60 [ 187.352159][ T715] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 187.358114][ T715] cgroup_file_write+0x28e/0x590 [ 187.363046][ T715] ? cgroup_seqfile_stop+0xc0/0xc0 [ 187.368139][ T715] ? mutex_lock+0xa6/0x110 [ 187.372531][ T715] ? mutex_trylock+0xb0/0xb0 [ 187.377098][ T715] ? __kasan_check_write+0x14/0x20 [ 187.382191][ T715] kernfs_fop_write_iter+0x2d0/0x410 [ 187.387455][ T715] ? cgroup_seqfile_stop+0xc0/0xc0 [ 187.392565][ T715] vfs_write+0xc1c/0xf40 [ 187.396799][ T715] ? __kasan_check_write+0x14/0x20 [ 187.401890][ T715] ? kernel_write+0x3c0/0x3c0 [ 187.406553][ T715] ? _raw_spin_unlock_irq+0x4e/0x70 [ 187.411739][ T715] ? ptrace_stop+0x6ff/0x9f0 [ 187.416308][ T715] ? __kasan_check_read+0x11/0x20 [ 187.421310][ T715] ? __fdget_pos+0x27e/0x310 [ 187.425880][ T715] ksys_write+0x198/0x2c0 [ 187.430188][ T715] ? do_notify_parent+0xa60/0xa60 [ 187.435322][ T715] ? __ia32_sys_read+0x90/0x90 [ 187.440157][ T715] ? __ia32_sys_open+0x270/0x270 [ 187.445076][ T715] __x64_sys_write+0x7b/0x90 [ 187.449646][ T715] do_syscall_64+0x34/0x70 [ 187.454047][ T715] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 187.459913][ T715] RIP: 0033:0x7fc8ece62c09 [ 187.464308][ T715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 719] write(4, "+pids ", 6 [pid 715] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 715] close(3) = 0 [pid 715] close(4) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = -1 EBADF (Bad file descriptor) [pid 715] close(7) = -1 EBADF (Bad file descriptor) [pid 715] close(8) = -1 EBADF (Bad file descriptor) [pid 715] close(9) = -1 EBADF (Bad file descriptor) [pid 715] close(10) = -1 EBADF (Bad file descriptor) [pid 715] close(11) = -1 EBADF (Bad file descriptor) [pid 715] close(12) = -1 EBADF (Bad file descriptor) [pid 715] close(13) = -1 EBADF (Bad file descriptor) [pid 715] close(14) = -1 EBADF (Bad file descriptor) [pid 715] close(15) = -1 EBADF (Bad file descriptor) [pid 715] close(16) = -1 EBADF (Bad file descriptor) [pid 715] close(17) = -1 EBADF (Bad file descriptor) [pid 715] close(18) = -1 EBADF (Bad file descriptor) [pid 715] close(19) = -1 EBADF (Bad file descriptor) [pid 715] close(20) = -1 EBADF (Bad file descriptor) [pid 715] close(21) = -1 EBADF (Bad file descriptor) [pid 715] close(22) = -1 EBADF (Bad file descriptor) [pid 715] close(23) = -1 EBADF (Bad file descriptor) [pid 715] close(24) = -1 EBADF (Bad file descriptor) [pid 715] close(25) = -1 EBADF (Bad file descriptor) [pid 715] close(26) = -1 EBADF (Bad file descriptor) [pid 715] close(27) = -1 EBADF (Bad file descriptor) [pid 715] close(28) = -1 EBADF (Bad file descriptor) [pid 715] close(29) = -1 EBADF (Bad file descriptor) [pid 715] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 715] exit_group(0) = ? [pid 715] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./48/binderfs") = 0 [pid 383] umount2("./48/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./48/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./48/cgroup") = 0 [pid 383] umount2("./48/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./48/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./48/cgroup.net") = 0 [pid 383] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./48/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./48/file0") = 0 [pid 383] umount2("./48/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./48/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./48/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./48") = 0 [pid 383] mkdir("./49", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 722 attached [ 187.483904][ T715] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.492302][ T715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 187.500253][ T715] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 187.508202][ T715] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 187.516149][ T715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 187.524101][ T715] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000030 [pid 722] chdir("./49" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 51 [pid 722] <... chdir resumed>) = 0 [pid 722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 722] setpgid(0, 0) = 0 [pid 722] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 722] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 722] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 722] write(3, "1000", 4) = 4 [pid 722] close(3) = 0 [pid 722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 722] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 187.552518][ T721] FAULT_INJECTION: forcing a failure. [ 187.552518][ T721] name failslab, interval 1, probability 0, space 0, times 0 [ 187.565202][ T721] CPU: 1 PID: 721 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 187.576807][ T721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.586842][ T721] Call Trace: [ 187.590116][ T721] dump_stack_lvl+0x1e2/0x24b [ 187.594767][ T721] ? bfq_pos_tree_add_move+0x43e/0x43e [ 187.600204][ T721] ? selinux_kernfs_init_security+0x1a8/0x760 [ 187.606251][ T721] dump_stack+0x15/0x17 [ 187.610400][ T721] should_fail+0x3c0/0x510 [ 187.614809][ T721] ? __kernfs_new_node+0x99/0x6e0 [ 187.619814][ T721] __should_failslab+0x9f/0xe0 [ 187.624549][ T721] should_failslab+0x9/0x20 [ 187.629024][ T721] __kmalloc_track_caller+0x5f/0x350 [ 187.634291][ T721] kstrdup_const+0x55/0x90 [ 187.638682][ T721] __kernfs_new_node+0x99/0x6e0 [ 187.643506][ T721] ? is_module_text_address+0xe1/0x140 [ 187.648939][ T721] ? kernfs_new_node+0x170/0x170 [ 187.653848][ T721] ? ptr_to_hashval+0x60/0x60 [ 187.658496][ T721] ? arch_stack_walk+0xf8/0x140 [ 187.663329][ T721] ? snprintf+0xd6/0x120 [ 187.667560][ T721] kernfs_new_node+0x97/0x170 [ 187.672226][ T721] __kernfs_create_file+0x4a/0x270 [ 187.677311][ T721] cgroup_addrm_files+0xab8/0xfe0 [ 187.682326][ T721] ? ____kasan_kmalloc+0xdc/0x110 [ 187.687328][ T721] ? __kasan_kmalloc+0x9/0x10 [ 187.691978][ T721] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 187.697525][ T721] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 187.703652][ T721] ? delete_node+0x759/0x7b0 [ 187.708327][ T721] ? __kasan_check_read+0x11/0x20 [ 187.713338][ T721] ? delete_node+0x759/0x7b0 [ 187.717919][ T721] ? __kasan_check_write+0x14/0x20 [ 187.723004][ T721] ? idr_replace+0x1c4/0x230 [ 187.727576][ T721] ? idr_get_next+0x4b0/0x4b0 [ 187.732233][ T721] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 187.737235][ T721] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 187.742409][ T721] css_populate_dir+0x137/0x370 [ 187.747234][ T721] cgroup_apply_control_enable+0x8b9/0x12f0 [ 187.753107][ T721] cgroup_apply_control+0x93/0x710 [ 187.758191][ T721] ? css_next_child+0x160/0x160 [ 187.763012][ T721] ? stack_trace_save+0x12d/0x1f0 [ 187.768016][ T721] ? io_schedule+0x120/0x120 [ 187.772588][ T721] ? kernfs_fop_write_iter+0x15e/0x410 [ 187.778019][ T721] ? __kasan_check_write+0x14/0x20 [ 187.783105][ T721] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 187.788372][ T721] cgroup_subtree_control_write+0xd19/0x1310 [ 187.794332][ T721] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 187.800294][ T721] ? __kasan_check_write+0x14/0x20 [ 187.805391][ T721] ? _copy_from_iter+0x3fb/0xd60 [ 187.810312][ T721] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 187.816265][ T721] cgroup_file_write+0x28e/0x590 [ 187.821178][ T721] ? cgroup_seqfile_stop+0xc0/0xc0 [ 187.826271][ T721] ? mutex_lock+0xa6/0x110 [ 187.830667][ T721] ? mutex_trylock+0xb0/0xb0 [ 187.835235][ T721] ? __kasan_check_write+0x14/0x20 [ 187.840330][ T721] kernfs_fop_write_iter+0x2d0/0x410 [ 187.845600][ T721] ? cgroup_seqfile_stop+0xc0/0xc0 [ 187.850694][ T721] vfs_write+0xc1c/0xf40 [ 187.854918][ T721] ? __kasan_check_write+0x14/0x20 [ 187.860006][ T721] ? kernel_write+0x3c0/0x3c0 [ 187.864654][ T721] ? _raw_spin_unlock_irq+0x4e/0x70 [ 187.869837][ T721] ? ptrace_stop+0x6ff/0x9f0 [ 187.874420][ T721] ? __kasan_check_read+0x11/0x20 [ 187.879427][ T721] ? __fdget_pos+0x27e/0x310 [ 187.883989][ T721] ksys_write+0x198/0x2c0 [ 187.888291][ T721] ? do_notify_parent+0xa60/0xa60 [ 187.893297][ T721] ? __ia32_sys_read+0x90/0x90 [ 187.898046][ T721] ? __ia32_sys_open+0x270/0x270 [ 187.902963][ T721] __x64_sys_write+0x7b/0x90 [ 187.907535][ T721] do_syscall_64+0x34/0x70 [ 187.911939][ T721] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 187.917817][ T721] RIP: 0033:0x7fc8ece62c09 [ 187.922219][ T721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 187.941887][ T721] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 722] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 721] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 722] <... mount resumed>) = 0 [pid 722] open("./file0", O_RDONLY [pid 721] close(3 [pid 722] <... open resumed>) = 3 [pid 722] openat(3, "cgroup.subtree_control", O_RDWR [pid 721] <... close resumed>) = 0 [pid 722] <... openat resumed>) = 4 [pid 722] write(4, "-pids ", 6 [pid 721] close(4) = 0 [pid 721] close(5) = 0 [pid 721] close(6) = -1 EBADF (Bad file descriptor) [pid 721] close(7) = -1 EBADF (Bad file descriptor) [pid 721] close(8) = -1 EBADF (Bad file descriptor) [pid 721] close(9) = -1 EBADF (Bad file descriptor) [pid 721] close(10) = -1 EBADF (Bad file descriptor) [pid 721] close(11) = -1 EBADF (Bad file descriptor) [pid 721] close(12) = -1 EBADF (Bad file descriptor) [pid 721] close(13) = -1 EBADF (Bad file descriptor) [pid 721] close(14) = -1 EBADF (Bad file descriptor) [pid 721] close(15) = -1 EBADF (Bad file descriptor) [pid 721] close(16) = -1 EBADF (Bad file descriptor) [pid 721] close(17) = -1 EBADF (Bad file descriptor) [pid 721] close(18) = -1 EBADF (Bad file descriptor) [pid 721] close(19) = -1 EBADF (Bad file descriptor) [pid 721] close(20) = -1 EBADF (Bad file descriptor) [pid 721] close(21) = -1 EBADF (Bad file descriptor) [pid 721] close(22) = -1 EBADF (Bad file descriptor) [pid 721] close(23) = -1 EBADF (Bad file descriptor) [pid 721] close(24) = -1 EBADF (Bad file descriptor) [pid 721] close(25) = -1 EBADF (Bad file descriptor) [pid 721] close(26) = -1 EBADF (Bad file descriptor) [pid 721] close(27) = -1 EBADF (Bad file descriptor) [pid 721] close(28) = -1 EBADF (Bad file descriptor) [pid 721] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 721] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 721] exit_group(0) = ? [pid 721] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./53/binderfs") = 0 [pid 376] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./53/cgroup") = 0 [pid 376] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./53/cgroup.net") = 0 [pid 376] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./53/file0") = 0 [pid 376] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./53/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./53") = 0 [pid 376] mkdir("./54", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 723 attached , child_tidptr=0x555556fab5d0) = 56 [pid 723] chdir("./54") = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 723] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 723] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 723] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 723] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 723] open("./file0", O_RDONLY) = 3 [pid 723] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 187.950285][ T721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 187.958238][ T721] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 187.966193][ T721] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 187.974144][ T721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 187.982097][ T721] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [ 187.991301][ T721] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 188.020386][ T717] FAULT_INJECTION: forcing a failure. [ 188.020386][ T717] name failslab, interval 1, probability 0, space 0, times 0 [ 188.033075][ T717] CPU: 0 PID: 717 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 188.044686][ T717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.054726][ T717] Call Trace: [ 188.058002][ T717] dump_stack_lvl+0x1e2/0x24b [ 188.062652][ T717] ? bfq_pos_tree_add_move+0x43e/0x43e [ 188.068084][ T717] ? selinux_kernfs_init_security+0x1a8/0x760 [ 188.074125][ T717] dump_stack+0x15/0x17 [ 188.078251][ T717] should_fail+0x3c0/0x510 [ 188.082665][ T717] ? __kernfs_new_node+0x99/0x6e0 [ 188.087668][ T717] __should_failslab+0x9f/0xe0 [ 188.092414][ T717] should_failslab+0x9/0x20 [ 188.096893][ T717] __kmalloc_track_caller+0x5f/0x350 [ 188.102147][ T717] kstrdup_const+0x55/0x90 [ 188.106536][ T717] __kernfs_new_node+0x99/0x6e0 [ 188.111356][ T717] ? is_module_text_address+0xe1/0x140 [ 188.116784][ T717] ? kernfs_new_node+0x170/0x170 [ 188.121702][ T717] ? ptr_to_hashval+0x60/0x60 [ 188.126359][ T717] ? arch_stack_walk+0xf8/0x140 [ 188.131180][ T717] ? snprintf+0xd6/0x120 [ 188.135400][ T717] kernfs_new_node+0x97/0x170 [ 188.140048][ T717] __kernfs_create_file+0x4a/0x270 [ 188.145133][ T717] cgroup_addrm_files+0xab8/0xfe0 [ 188.150134][ T717] ? ____kasan_kmalloc+0xdc/0x110 [ 188.155137][ T717] ? __kasan_kmalloc+0x9/0x10 [ 188.159782][ T717] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 188.165307][ T717] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 188.171431][ T717] ? delete_node+0x759/0x7b0 [ 188.175999][ T717] ? __kasan_check_read+0x11/0x20 [ 188.181002][ T717] ? delete_node+0x759/0x7b0 [ 188.185569][ T717] ? __kasan_check_write+0x14/0x20 [ 188.190656][ T717] ? idr_replace+0x1c4/0x230 [ 188.195226][ T717] ? idr_get_next+0x4b0/0x4b0 [ 188.199883][ T717] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 188.204897][ T717] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 188.210085][ T717] css_populate_dir+0x137/0x370 [ 188.214922][ T717] cgroup_apply_control_enable+0x8b9/0x12f0 [ 188.220802][ T717] cgroup_apply_control+0x93/0x710 [ 188.225907][ T717] ? css_next_child+0x160/0x160 [ 188.230737][ T717] ? io_schedule+0x120/0x120 [ 188.235300][ T717] ? kernfs_fop_write_iter+0x15e/0x410 [ 188.240739][ T717] ? __kasan_check_write+0x14/0x20 [ 188.245842][ T717] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 188.251126][ T717] cgroup_subtree_control_write+0xd19/0x1310 [ 188.257093][ T717] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 188.263046][ T717] ? __kasan_check_write+0x14/0x20 [ 188.268130][ T717] ? _copy_from_iter+0x3fb/0xd60 [ 188.273040][ T717] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 188.278995][ T717] cgroup_file_write+0x28e/0x590 [ 188.283919][ T717] ? cgroup_seqfile_stop+0xc0/0xc0 [ 188.289010][ T717] ? mutex_lock+0xa6/0x110 [ 188.293410][ T717] ? mutex_trylock+0xb0/0xb0 [ 188.297981][ T717] ? __kasan_check_write+0x14/0x20 [ 188.303077][ T717] kernfs_fop_write_iter+0x2d0/0x410 [ 188.308347][ T717] ? cgroup_seqfile_stop+0xc0/0xc0 [ 188.313440][ T717] vfs_write+0xc1c/0xf40 [ 188.317664][ T717] ? __kasan_check_write+0x14/0x20 [ 188.322766][ T717] ? kernel_write+0x3c0/0x3c0 [ 188.327426][ T717] ? _raw_spin_unlock_irq+0x4e/0x70 [ 188.332604][ T717] ? ptrace_stop+0x6ff/0x9f0 [ 188.337190][ T717] ? __kasan_check_read+0x11/0x20 [ 188.342196][ T717] ? __fdget_pos+0x27e/0x310 [ 188.346756][ T717] ksys_write+0x198/0x2c0 [ 188.351060][ T717] ? do_notify_parent+0xa60/0xa60 [ 188.356066][ T717] ? __ia32_sys_read+0x90/0x90 [ 188.360810][ T717] ? __ia32_sys_open+0x270/0x270 [ 188.365719][ T717] __x64_sys_write+0x7b/0x90 [ 188.370291][ T717] do_syscall_64+0x34/0x70 [ 188.374688][ T717] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 188.380559][ T717] RIP: 0033:0x7fc8ece62c09 [ 188.384953][ T717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 188.404541][ T717] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.412942][ T717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 723] write(4, "-pids ", 6 [pid 717] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 717] close(3) = 0 [pid 717] close(4) = 0 [pid 717] close(5) = 0 [pid 717] close(6) = -1 EBADF (Bad file descriptor) [pid 717] close(7) = -1 EBADF (Bad file descriptor) [pid 717] close(8) = -1 EBADF (Bad file descriptor) [pid 717] close(9) = -1 EBADF (Bad file descriptor) [pid 717] close(10) = -1 EBADF (Bad file descriptor) [pid 717] close(11) = -1 EBADF (Bad file descriptor) [pid 717] close(12) = -1 EBADF (Bad file descriptor) [pid 717] close(13) = -1 EBADF (Bad file descriptor) [pid 717] close(14) = -1 EBADF (Bad file descriptor) [pid 717] close(15) = -1 EBADF (Bad file descriptor) [pid 717] close(16) = -1 EBADF (Bad file descriptor) [pid 717] close(17) = -1 EBADF (Bad file descriptor) [pid 717] close(18) = -1 EBADF (Bad file descriptor) [pid 717] close(19) = -1 EBADF (Bad file descriptor) [pid 717] close(20) = -1 EBADF (Bad file descriptor) [pid 717] close(21) = -1 EBADF (Bad file descriptor) [pid 717] close(22) = -1 EBADF (Bad file descriptor) [pid 717] close(23) = -1 EBADF (Bad file descriptor) [pid 717] close(24) = -1 EBADF (Bad file descriptor) [pid 717] close(25) = -1 EBADF (Bad file descriptor) [pid 717] close(26) = -1 EBADF (Bad file descriptor) [pid 717] close(27) = -1 EBADF (Bad file descriptor) [pid 717] close(28) = -1 EBADF (Bad file descriptor) [pid 717] close(29) = -1 EBADF (Bad file descriptor) [pid 717] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 717] exit_group(0) = ? [pid 717] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./57/binderfs") = 0 [pid 381] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./57/cgroup") = 0 [pid 381] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./57/cgroup.net") = 0 [pid 381] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./57/file0") = 0 [pid 381] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./57/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./57") = 0 [pid 381] mkdir("./58", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 724 attached [pid 724] chdir("./58") = 0 [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 60 [pid 724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 724] setpgid(0, 0) = 0 [ 188.420898][ T717] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 188.428852][ T717] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 188.436806][ T717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 188.444765][ T717] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 [ 188.454292][ T717] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 724] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 724] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 724] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 724] write(3, "1000", 4) = 4 [pid 724] close(3) = 0 [pid 724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 724] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 188.490794][ T718] FAULT_INJECTION: forcing a failure. [ 188.490794][ T718] name failslab, interval 1, probability 0, space 0, times 0 [ 188.503822][ T718] CPU: 0 PID: 718 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 188.515438][ T718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.525995][ T718] Call Trace: [ 188.529259][ T718] dump_stack_lvl+0x1e2/0x24b [ 188.533908][ T718] ? bfq_pos_tree_add_move+0x43e/0x43e [ 188.539337][ T718] ? selinux_kernfs_init_security+0x1a8/0x760 [ 188.545380][ T718] dump_stack+0x15/0x17 [ 188.549509][ T718] should_fail+0x3c0/0x510 [ 188.553896][ T718] ? __kernfs_new_node+0x99/0x6e0 [ 188.558891][ T718] __should_failslab+0x9f/0xe0 [ 188.563635][ T718] should_failslab+0x9/0x20 [ 188.568116][ T718] __kmalloc_track_caller+0x5f/0x350 [ 188.573381][ T718] kstrdup_const+0x55/0x90 [ 188.577806][ T718] __kernfs_new_node+0x99/0x6e0 [ 188.582732][ T718] ? is_module_text_address+0xe1/0x140 [ 188.588173][ T718] ? kernfs_new_node+0x170/0x170 [ 188.593092][ T718] ? ptr_to_hashval+0x60/0x60 [ 188.597749][ T718] ? arch_stack_walk+0xf8/0x140 [ 188.602575][ T718] ? snprintf+0xd6/0x120 [ 188.606788][ T718] kernfs_new_node+0x97/0x170 [ 188.611612][ T718] __kernfs_create_file+0x4a/0x270 [ 188.616699][ T718] cgroup_addrm_files+0xab8/0xfe0 [ 188.621697][ T718] ? ____kasan_kmalloc+0xdc/0x110 [ 188.626693][ T718] ? __kasan_kmalloc+0x9/0x10 [ 188.631349][ T718] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 188.636878][ T718] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 188.643006][ T718] ? delete_node+0x759/0x7b0 [ 188.647571][ T718] ? __kasan_check_read+0x11/0x20 [ 188.652563][ T718] ? delete_node+0x759/0x7b0 [ 188.657124][ T718] ? __kasan_check_write+0x14/0x20 [ 188.662210][ T718] ? idr_replace+0x1c4/0x230 [ 188.666785][ T718] ? idr_get_next+0x4b0/0x4b0 [ 188.671438][ T718] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 188.676453][ T718] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 188.681626][ T718] css_populate_dir+0x137/0x370 [ 188.686455][ T718] cgroup_apply_control_enable+0x8b9/0x12f0 [ 188.692324][ T718] cgroup_apply_control+0x93/0x710 [ 188.697406][ T718] ? css_next_child+0x160/0x160 [ 188.702245][ T718] ? io_schedule+0x120/0x120 [ 188.706824][ T718] ? kernfs_fop_write_iter+0x15e/0x410 [ 188.712258][ T718] ? __kasan_check_write+0x14/0x20 [ 188.717344][ T718] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 188.722597][ T718] cgroup_subtree_control_write+0xd19/0x1310 [ 188.728548][ T718] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 188.734508][ T718] ? __kasan_check_write+0x14/0x20 [ 188.739609][ T718] ? _copy_from_iter+0x3fb/0xd60 [ 188.744527][ T718] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 188.750476][ T718] cgroup_file_write+0x28e/0x590 [ 188.755385][ T718] ? cgroup_seqfile_stop+0xc0/0xc0 [ 188.760466][ T718] ? mutex_lock+0xa6/0x110 [ 188.764852][ T718] ? mutex_trylock+0xb0/0xb0 [ 188.769413][ T718] ? __kasan_check_write+0x14/0x20 [ 188.774507][ T718] kernfs_fop_write_iter+0x2d0/0x410 [ 188.779772][ T718] ? cgroup_seqfile_stop+0xc0/0xc0 [ 188.784865][ T718] vfs_write+0xc1c/0xf40 [ 188.789087][ T718] ? __kasan_check_write+0x14/0x20 [ 188.794170][ T718] ? kernel_write+0x3c0/0x3c0 [ 188.798825][ T718] ? _raw_spin_unlock_irq+0x4e/0x70 [ 188.804013][ T718] ? ptrace_stop+0x6ff/0x9f0 [ 188.808583][ T718] ? __kasan_check_read+0x11/0x20 [ 188.813578][ T718] ? __fdget_pos+0x27e/0x310 [ 188.818149][ T718] ksys_write+0x198/0x2c0 [ 188.822459][ T718] ? do_notify_parent+0xa60/0xa60 [ 188.827453][ T718] ? __ia32_sys_read+0x90/0x90 [ 188.832197][ T718] ? __ia32_sys_open+0x270/0x270 [ 188.837114][ T718] __x64_sys_write+0x7b/0x90 [ 188.841674][ T718] do_syscall_64+0x34/0x70 [ 188.846060][ T718] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 188.851920][ T718] RIP: 0033:0x7fc8ece62c09 [ 188.856306][ T718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 188.875885][ T718] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.884281][ T718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 724] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 718] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 724] open("./file0", O_RDONLY) = 3 [pid 724] openat(3, "cgroup.subtree_control", O_RDWR [pid 718] close(3 [pid 724] <... openat resumed>) = 4 [pid 724] write(4, "-pids ", 6 [pid 718] <... close resumed>) = 0 [pid 718] close(4) = 0 [pid 718] close(5) = 0 [pid 718] close(6) = -1 EBADF (Bad file descriptor) [pid 718] close(7) = -1 EBADF (Bad file descriptor) [pid 718] close(8) = -1 EBADF (Bad file descriptor) [pid 718] close(9) = -1 EBADF (Bad file descriptor) [pid 718] close(10) = -1 EBADF (Bad file descriptor) [pid 718] close(11) = -1 EBADF (Bad file descriptor) [pid 718] close(12) = -1 EBADF (Bad file descriptor) [pid 718] close(13) = -1 EBADF (Bad file descriptor) [pid 718] close(14) = -1 EBADF (Bad file descriptor) [pid 718] close(15) = -1 EBADF (Bad file descriptor) [pid 718] close(16) = -1 EBADF (Bad file descriptor) [pid 718] close(17) = -1 EBADF (Bad file descriptor) [pid 718] close(18) = -1 EBADF (Bad file descriptor) [pid 718] close(19) = -1 EBADF (Bad file descriptor) [pid 718] close(20) = -1 EBADF (Bad file descriptor) [pid 718] close(21) = -1 EBADF (Bad file descriptor) [pid 718] close(22) = -1 EBADF (Bad file descriptor) [pid 718] close(23) = -1 EBADF (Bad file descriptor) [pid 718] close(24) = -1 EBADF (Bad file descriptor) [pid 718] close(25) = -1 EBADF (Bad file descriptor) [pid 718] close(26) = -1 EBADF (Bad file descriptor) [pid 718] close(27) = -1 EBADF (Bad file descriptor) [pid 718] close(28) = -1 EBADF (Bad file descriptor) [pid 718] close(29) = -1 EBADF (Bad file descriptor) [pid 718] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 718] exit_group(0) = ? [pid 718] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./58/binderfs") = 0 [pid 382] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./58/cgroup") = 0 [pid 382] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./58/cgroup.net") = 0 [pid 382] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./58/file0") = 0 [pid 382] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./58/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./58") = 0 [pid 382] mkdir("./59", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 725 attached , child_tidptr=0x555556fab5d0) = 61 [pid 725] chdir("./59") = 0 [pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 725] setpgid(0, 0) = 0 [pid 725] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 725] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 725] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 725] write(3, "1000", 4) = 4 [pid 725] close(3) = 0 [pid 725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 725] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 725] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 725] open("./file0", O_RDONLY) = 3 [pid 725] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 188.892330][ T718] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 188.900274][ T718] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 188.908227][ T718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 188.916186][ T718] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [ 188.924455][ T718] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 725] write(4, "-pids ", 6) = 6 [pid 724] <... write resumed>) = 6 [pid 723] <... write resumed>) = 6 [pid 722] <... write resumed>) = 6 [pid 720] <... write resumed>) = 6 [pid 725] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 723] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 725] <... openat resumed>) = 5 [pid 723] <... openat resumed>) = 5 [pid 725] write(5, "22", 2 [pid 723] write(5, "22", 2 [pid 725] <... write resumed>) = 2 [pid 723] <... write resumed>) = 2 [pid 725] write(4, "+pids ", 6 [pid 723] write(4, "+pids ", 6 [pid 724] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 724] write(5, "22", 2) = 2 [pid 724] write(4, "+pids ", 6 [pid 722] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 722] write(5, "22", 2) = 2 [pid 722] write(4, "+pids ", 6 [pid 720] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 720] write(5, "22", 2) = 2 [ 188.961880][ T719] FAULT_INJECTION: forcing a failure. [ 188.961880][ T719] name failslab, interval 1, probability 0, space 0, times 0 [ 188.974532][ T719] CPU: 1 PID: 719 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 188.986139][ T719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.996271][ T719] Call Trace: [ 188.999555][ T719] dump_stack_lvl+0x1e2/0x24b [ 189.004210][ T719] ? bfq_pos_tree_add_move+0x43e/0x43e [ 189.009651][ T719] ? selinux_kernfs_init_security+0x1a8/0x760 [ 189.015714][ T719] dump_stack+0x15/0x17 [ 189.019863][ T719] should_fail+0x3c0/0x510 [ 189.024271][ T719] ? __kernfs_new_node+0x99/0x6e0 [ 189.029279][ T719] __should_failslab+0x9f/0xe0 [ 189.034026][ T719] should_failslab+0x9/0x20 [ 189.038523][ T719] __kmalloc_track_caller+0x5f/0x350 [ 189.043800][ T719] kstrdup_const+0x55/0x90 [ 189.048206][ T719] __kernfs_new_node+0x99/0x6e0 [ 189.053043][ T719] ? is_module_text_address+0xe1/0x140 [ 189.058475][ T719] ? kernfs_new_node+0x170/0x170 [ 189.063393][ T719] ? ptr_to_hashval+0x60/0x60 [ 189.068050][ T719] ? arch_stack_walk+0xf8/0x140 [ 189.072884][ T719] ? snprintf+0xd6/0x120 [ 189.077108][ T719] kernfs_new_node+0x97/0x170 [ 189.081758][ T719] __kernfs_create_file+0x4a/0x270 [ 189.086846][ T719] cgroup_addrm_files+0xab8/0xfe0 [ 189.091845][ T719] ? ____kasan_kmalloc+0xdc/0x110 [ 189.096838][ T719] ? __kasan_kmalloc+0x9/0x10 [ 189.101495][ T719] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 189.107025][ T719] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 189.113159][ T719] ? delete_node+0x759/0x7b0 [ 189.117732][ T719] ? __kasan_check_read+0x11/0x20 [ 189.122729][ T719] ? delete_node+0x759/0x7b0 [ 189.127300][ T719] ? __kasan_check_write+0x14/0x20 [ 189.132404][ T719] ? idr_replace+0x1c4/0x230 [ 189.136975][ T719] ? idr_get_next+0x4b0/0x4b0 [ 189.141629][ T719] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 189.146798][ T719] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 189.151968][ T719] css_populate_dir+0x137/0x370 [ 189.156802][ T719] cgroup_apply_control_enable+0x8b9/0x12f0 [ 189.162676][ T719] cgroup_apply_control+0x93/0x710 [ 189.167762][ T719] ? css_next_child+0x160/0x160 [ 189.172584][ T719] ? io_schedule+0x120/0x120 [ 189.177150][ T719] ? kernfs_fop_write_iter+0x15e/0x410 [ 189.182589][ T719] ? __kasan_check_write+0x14/0x20 [ 189.187690][ T719] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 189.192969][ T719] cgroup_subtree_control_write+0xd19/0x1310 [ 189.198931][ T719] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 189.204883][ T719] ? __kasan_check_write+0x14/0x20 [ 189.209978][ T719] ? _copy_from_iter+0x3fb/0xd60 [ 189.214899][ T719] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 189.220860][ T719] cgroup_file_write+0x28e/0x590 [ 189.225785][ T719] ? cgroup_seqfile_stop+0xc0/0xc0 [ 189.230880][ T719] ? mutex_lock+0xa6/0x110 [ 189.235280][ T719] ? mutex_trylock+0xb0/0xb0 [ 189.239849][ T719] ? __kasan_check_write+0x14/0x20 [ 189.244949][ T719] kernfs_fop_write_iter+0x2d0/0x410 [ 189.250219][ T719] ? cgroup_seqfile_stop+0xc0/0xc0 [ 189.255314][ T719] vfs_write+0xc1c/0xf40 [ 189.259540][ T719] ? __kasan_check_write+0x14/0x20 [ 189.264711][ T719] ? kernel_write+0x3c0/0x3c0 [ 189.269362][ T719] ? _raw_spin_unlock_irq+0x4e/0x70 [ 189.274546][ T719] ? ptrace_stop+0x6ff/0x9f0 [ 189.279134][ T719] ? __kasan_check_read+0x11/0x20 [ 189.284180][ T719] ? __fdget_pos+0x27e/0x310 [ 189.288768][ T719] ksys_write+0x198/0x2c0 [ 189.293073][ T719] ? do_notify_parent+0xa60/0xa60 [ 189.298070][ T719] ? __ia32_sys_read+0x90/0x90 [ 189.302803][ T719] ? __ia32_sys_open+0x270/0x270 [ 189.307719][ T719] __x64_sys_write+0x7b/0x90 [ 189.312301][ T719] do_syscall_64+0x34/0x70 [ 189.316699][ T719] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 189.322576][ T719] RIP: 0033:0x7fc8ece62c09 [ 189.326986][ T719] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.346572][ T719] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 189.354965][ T719] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 720] write(4, "+pids ", 6 [pid 719] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 719] close(3) = 0 [pid 719] close(4) = 0 [pid 719] close(5) = 0 [pid 719] close(6) = -1 EBADF (Bad file descriptor) [pid 719] close(7) = -1 EBADF (Bad file descriptor) [pid 719] close(8) = -1 EBADF (Bad file descriptor) [pid 719] close(9) = -1 EBADF (Bad file descriptor) [pid 719] close(10) = -1 EBADF (Bad file descriptor) [pid 719] close(11) = -1 EBADF (Bad file descriptor) [pid 719] close(12) = -1 EBADF (Bad file descriptor) [pid 719] close(13) = -1 EBADF (Bad file descriptor) [pid 719] close(14) = -1 EBADF (Bad file descriptor) [pid 719] close(15) = -1 EBADF (Bad file descriptor) [pid 719] close(16) = -1 EBADF (Bad file descriptor) [pid 719] close(17) = -1 EBADF (Bad file descriptor) [pid 719] close(18) = -1 EBADF (Bad file descriptor) [pid 719] close(19) = -1 EBADF (Bad file descriptor) [pid 719] close(20) = -1 EBADF (Bad file descriptor) [pid 719] close(21) = -1 EBADF (Bad file descriptor) [pid 719] close(22) = -1 EBADF (Bad file descriptor) [pid 719] close(23) = -1 EBADF (Bad file descriptor) [pid 719] close(24) = -1 EBADF (Bad file descriptor) [pid 719] close(25) = -1 EBADF (Bad file descriptor) [pid 719] close(26) = -1 EBADF (Bad file descriptor) [pid 719] close(27) = -1 EBADF (Bad file descriptor) [pid 719] close(28) = -1 EBADF (Bad file descriptor) [pid 719] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 719] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 719] exit_group(0) = ? [pid 719] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./53/binderfs") = 0 [pid 380] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./53/cgroup") = 0 [pid 380] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./53/cgroup.net") = 0 [pid 380] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./53/file0") = 0 [pid 380] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./53/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./53") = 0 [pid 380] mkdir("./54", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 726 attached , child_tidptr=0x555556fab5d0) = 56 [pid 726] chdir("./54") = 0 [pid 726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 726] setpgid(0, 0) = 0 [pid 726] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 726] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 726] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 726] write(3, "1000", 4) = 4 [pid 726] close(3) = 0 [pid 726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 726] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 189.362920][ T719] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 189.370865][ T719] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 189.378816][ T719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 189.386763][ T719] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [ 189.395256][ T719] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 726] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 726] open("./file0", O_RDONLY) = 3 [pid 726] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 189.420564][ T725] FAULT_INJECTION: forcing a failure. [ 189.420564][ T725] name failslab, interval 1, probability 0, space 0, times 0 [ 189.433254][ T725] CPU: 0 PID: 725 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 189.444863][ T725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.454899][ T725] Call Trace: [ 189.458166][ T725] dump_stack_lvl+0x1e2/0x24b [ 189.462830][ T725] ? bfq_pos_tree_add_move+0x43e/0x43e [ 189.468288][ T725] ? selinux_kernfs_init_security+0x1a8/0x760 [ 189.474340][ T725] dump_stack+0x15/0x17 [ 189.478469][ T725] should_fail+0x3c0/0x510 [ 189.482859][ T725] ? __kernfs_new_node+0x99/0x6e0 [ 189.487879][ T725] __should_failslab+0x9f/0xe0 [ 189.492626][ T725] should_failslab+0x9/0x20 [ 189.497103][ T725] __kmalloc_track_caller+0x5f/0x350 [ 189.502362][ T725] kstrdup_const+0x55/0x90 [ 189.506752][ T725] __kernfs_new_node+0x99/0x6e0 [ 189.511585][ T725] ? is_module_text_address+0xe1/0x140 [ 189.517030][ T725] ? kernfs_new_node+0x170/0x170 [ 189.521954][ T725] ? ptr_to_hashval+0x60/0x60 [ 189.526956][ T725] ? arch_stack_walk+0xf8/0x140 [ 189.531789][ T725] ? snprintf+0xd6/0x120 [ 189.536004][ T725] kernfs_new_node+0x97/0x170 [ 189.540663][ T725] __kernfs_create_file+0x4a/0x270 [ 189.545756][ T725] cgroup_addrm_files+0xab8/0xfe0 [ 189.550760][ T725] ? ____kasan_kmalloc+0xdc/0x110 [ 189.555766][ T725] ? __kasan_kmalloc+0x9/0x10 [ 189.560424][ T725] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 189.565940][ T725] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 189.572148][ T725] ? delete_node+0x759/0x7b0 [ 189.576722][ T725] ? __kasan_check_read+0x11/0x20 [ 189.581726][ T725] ? delete_node+0x759/0x7b0 [ 189.586301][ T725] ? __kasan_check_write+0x14/0x20 [ 189.591384][ T725] ? idr_replace+0x1c4/0x230 [ 189.595946][ T725] ? idr_get_next+0x4b0/0x4b0 [ 189.600597][ T725] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 189.605605][ T725] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 189.610777][ T725] css_populate_dir+0x137/0x370 [ 189.615599][ T725] cgroup_apply_control_enable+0x8b9/0x12f0 [ 189.621480][ T725] cgroup_apply_control+0x93/0x710 [ 189.626747][ T725] ? css_next_child+0x160/0x160 [ 189.631578][ T725] ? stack_trace_save+0x12d/0x1f0 [ 189.636583][ T725] ? io_schedule+0x120/0x120 [ 189.641155][ T725] ? kernfs_fop_write_iter+0x15e/0x410 [ 189.646587][ T725] ? __kasan_check_write+0x14/0x20 [ 189.651675][ T725] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 189.656940][ T725] cgroup_subtree_control_write+0xd19/0x1310 [ 189.662899][ T725] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 189.668865][ T725] ? __kasan_check_write+0x14/0x20 [ 189.673954][ T725] ? _copy_from_iter+0x3fb/0xd60 [ 189.678878][ T725] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 189.684834][ T725] cgroup_file_write+0x28e/0x590 [ 189.689754][ T725] ? cgroup_seqfile_stop+0xc0/0xc0 [ 189.694853][ T725] ? mutex_lock+0xa6/0x110 [ 189.699246][ T725] ? mutex_trylock+0xb0/0xb0 [ 189.703823][ T725] ? __kasan_check_write+0x14/0x20 [ 189.708919][ T725] kernfs_fop_write_iter+0x2d0/0x410 [ 189.714177][ T725] ? cgroup_seqfile_stop+0xc0/0xc0 [ 189.719269][ T725] vfs_write+0xc1c/0xf40 [ 189.723502][ T725] ? __kasan_check_write+0x14/0x20 [ 189.728594][ T725] ? kernel_write+0x3c0/0x3c0 [ 189.733244][ T725] ? _raw_spin_unlock_irq+0x4e/0x70 [ 189.738503][ T725] ? ptrace_stop+0x6ff/0x9f0 [ 189.743064][ T725] ? __kasan_check_read+0x11/0x20 [ 189.748062][ T725] ? __fdget_pos+0x27e/0x310 [ 189.752627][ T725] ksys_write+0x198/0x2c0 [ 189.756928][ T725] ? do_notify_parent+0xa60/0xa60 [ 189.761927][ T725] ? __ia32_sys_read+0x90/0x90 [ 189.766663][ T725] ? __ia32_sys_open+0x270/0x270 [ 189.771585][ T725] __x64_sys_write+0x7b/0x90 [ 189.776160][ T725] do_syscall_64+0x34/0x70 [ 189.780549][ T725] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 189.786500][ T725] RIP: 0033:0x7fc8ece62c09 [ 189.790888][ T725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 189.810466][ T725] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 726] write(4, "-pids ", 6 [pid 725] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 725] close(3) = 0 [pid 725] close(4) = 0 [pid 725] close(5) = 0 [pid 725] close(6) = -1 EBADF (Bad file descriptor) [pid 725] close(7) = -1 EBADF (Bad file descriptor) [pid 725] close(8) = -1 EBADF (Bad file descriptor) [pid 725] close(9) = -1 EBADF (Bad file descriptor) [pid 725] close(10) = -1 EBADF (Bad file descriptor) [pid 725] close(11) = -1 EBADF (Bad file descriptor) [pid 725] close(12) = -1 EBADF (Bad file descriptor) [pid 725] close(13) = -1 EBADF (Bad file descriptor) [pid 725] close(14) = -1 EBADF (Bad file descriptor) [pid 725] close(15) = -1 EBADF (Bad file descriptor) [pid 725] close(16) = -1 EBADF (Bad file descriptor) [pid 725] close(17) = -1 EBADF (Bad file descriptor) [pid 725] close(18) = -1 EBADF (Bad file descriptor) [pid 725] close(19) = -1 EBADF (Bad file descriptor) [pid 725] close(20) = -1 EBADF (Bad file descriptor) [pid 725] close(21) = -1 EBADF (Bad file descriptor) [pid 725] close(22) = -1 EBADF (Bad file descriptor) [pid 725] close(23) = -1 EBADF (Bad file descriptor) [pid 725] close(24) = -1 EBADF (Bad file descriptor) [pid 725] close(25) = -1 EBADF (Bad file descriptor) [pid 725] close(26) = -1 EBADF (Bad file descriptor) [pid 725] close(27) = -1 EBADF (Bad file descriptor) [pid 725] close(28) = -1 EBADF (Bad file descriptor) [pid 725] close(29) = -1 EBADF (Bad file descriptor) [pid 725] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 725] exit_group(0) = ? [pid 725] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./59/binderfs") = 0 [pid 382] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./59/cgroup") = 0 [pid 382] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./59/cgroup.net") = 0 [pid 382] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 189.818850][ T725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 189.826797][ T725] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 189.834757][ T725] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 189.842708][ T725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 189.850665][ T725] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [ 189.861150][ T725] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 382] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./59/file0") = 0 [pid 382] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./59/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./59") = 0 [pid 382] mkdir("./60", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 62 ./strace-static-x86_64: Process 727 attached [pid 727] chdir("./60") = 0 [pid 727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 727] setpgid(0, 0) = 0 [pid 727] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 727] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 727] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 727] write(3, "1000", 4) = 4 [pid 727] close(3) = 0 [pid 727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 727] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 189.890430][ T720] FAULT_INJECTION: forcing a failure. [ 189.890430][ T720] name failslab, interval 1, probability 0, space 0, times 0 [ 189.903479][ T720] CPU: 1 PID: 720 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 189.915098][ T720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.925134][ T720] Call Trace: [ 189.928399][ T720] dump_stack_lvl+0x1e2/0x24b [ 189.933050][ T720] ? bfq_pos_tree_add_move+0x43e/0x43e [ 189.938481][ T720] ? selinux_kernfs_init_security+0x1a8/0x760 [ 189.944520][ T720] dump_stack+0x15/0x17 [ 189.948649][ T720] should_fail+0x3c0/0x510 [ 189.953038][ T720] ? __kernfs_new_node+0x99/0x6e0 [ 189.958031][ T720] __should_failslab+0x9f/0xe0 [ 189.962769][ T720] should_failslab+0x9/0x20 [ 189.967260][ T720] __kmalloc_track_caller+0x5f/0x350 [ 189.972527][ T720] kstrdup_const+0x55/0x90 [ 189.976920][ T720] __kernfs_new_node+0x99/0x6e0 [ 189.981765][ T720] ? is_module_text_address+0xe1/0x140 [ 189.987197][ T720] ? kernfs_new_node+0x170/0x170 [ 189.992106][ T720] ? ptr_to_hashval+0x60/0x60 [ 189.996755][ T720] ? arch_stack_walk+0xf8/0x140 [ 190.001588][ T720] ? snprintf+0xd6/0x120 [ 190.005820][ T720] kernfs_new_node+0x97/0x170 [ 190.010486][ T720] __kernfs_create_file+0x4a/0x270 [ 190.015578][ T720] cgroup_addrm_files+0xab8/0xfe0 [ 190.020585][ T720] ? ____kasan_kmalloc+0xdc/0x110 [ 190.025591][ T720] ? __kasan_kmalloc+0x9/0x10 [ 190.030242][ T720] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 190.035761][ T720] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 190.041886][ T720] ? delete_node+0x759/0x7b0 [ 190.046447][ T720] ? __kasan_check_read+0x11/0x20 [ 190.051452][ T720] ? delete_node+0x759/0x7b0 [ 190.056033][ T720] ? __kasan_check_write+0x14/0x20 [ 190.061126][ T720] ? idr_replace+0x1c4/0x230 [ 190.065693][ T720] ? idr_get_next+0x4b0/0x4b0 [ 190.070342][ T720] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 190.075347][ T720] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 190.080525][ T720] css_populate_dir+0x137/0x370 [ 190.085350][ T720] cgroup_apply_control_enable+0x8b9/0x12f0 [ 190.091217][ T720] cgroup_apply_control+0x93/0x710 [ 190.096306][ T720] ? css_next_child+0x160/0x160 [ 190.101130][ T720] ? stack_trace_save+0x12d/0x1f0 [ 190.106158][ T720] ? io_schedule+0x120/0x120 [ 190.110739][ T720] ? kernfs_fop_write_iter+0x15e/0x410 [ 190.116182][ T720] ? __kasan_check_write+0x14/0x20 [ 190.121267][ T720] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 190.126526][ T720] cgroup_subtree_control_write+0xd19/0x1310 [ 190.132478][ T720] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 190.138436][ T720] ? __kasan_check_write+0x14/0x20 [ 190.143528][ T720] ? _copy_from_iter+0x3fb/0xd60 [ 190.148436][ T720] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 190.154389][ T720] cgroup_file_write+0x28e/0x590 [ 190.159307][ T720] ? cgroup_seqfile_stop+0xc0/0xc0 [ 190.164401][ T720] ? mutex_lock+0xa6/0x110 [ 190.168789][ T720] ? mutex_trylock+0xb0/0xb0 [ 190.173351][ T720] ? __kasan_check_write+0x14/0x20 [ 190.178444][ T720] kernfs_fop_write_iter+0x2d0/0x410 [ 190.183709][ T720] ? cgroup_seqfile_stop+0xc0/0xc0 [ 190.188800][ T720] vfs_write+0xc1c/0xf40 [ 190.193024][ T720] ? __kasan_check_write+0x14/0x20 [ 190.198117][ T720] ? kernel_write+0x3c0/0x3c0 [ 190.202769][ T720] ? _raw_spin_unlock_irq+0x4e/0x70 [ 190.207937][ T720] ? ptrace_stop+0x6ff/0x9f0 [ 190.212510][ T720] ? __kasan_check_read+0x11/0x20 [ 190.217519][ T720] ? __fdget_pos+0x27e/0x310 [ 190.222090][ T720] ksys_write+0x198/0x2c0 [ 190.226654][ T720] ? do_notify_parent+0xa60/0xa60 [ 190.231658][ T720] ? __ia32_sys_read+0x90/0x90 [ 190.236426][ T720] ? __ia32_sys_open+0x270/0x270 [ 190.241358][ T720] __x64_sys_write+0x7b/0x90 [ 190.245925][ T720] do_syscall_64+0x34/0x70 [ 190.250320][ T720] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 190.256184][ T720] RIP: 0033:0x7fc8ece62c09 [ 190.260574][ T720] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.280160][ T720] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 727] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 720] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 727] <... mount resumed>) = 0 [pid 727] open("./file0", O_RDONLY [pid 720] close(3 [pid 727] <... open resumed>) = 3 [pid 727] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 727] write(4, "-pids ", 6 [pid 720] <... close resumed>) = 0 [pid 720] close(4) = 0 [pid 720] close(5) = 0 [pid 720] close(6) = -1 EBADF (Bad file descriptor) [pid 720] close(7) = -1 EBADF (Bad file descriptor) [pid 720] close(8) = -1 EBADF (Bad file descriptor) [pid 720] close(9) = -1 EBADF (Bad file descriptor) [pid 720] close(10) = -1 EBADF (Bad file descriptor) [pid 720] close(11) = -1 EBADF (Bad file descriptor) [pid 720] close(12) = -1 EBADF (Bad file descriptor) [pid 720] close(13) = -1 EBADF (Bad file descriptor) [pid 720] close(14) = -1 EBADF (Bad file descriptor) [pid 720] close(15) = -1 EBADF (Bad file descriptor) [pid 720] close(16) = -1 EBADF (Bad file descriptor) [pid 720] close(17) = -1 EBADF (Bad file descriptor) [pid 720] close(18) = -1 EBADF (Bad file descriptor) [pid 720] close(19) = -1 EBADF (Bad file descriptor) [pid 720] close(20) = -1 EBADF (Bad file descriptor) [pid 720] close(21) = -1 EBADF (Bad file descriptor) [pid 720] close(22) = -1 EBADF (Bad file descriptor) [pid 720] close(23) = -1 EBADF (Bad file descriptor) [pid 720] close(24) = -1 EBADF (Bad file descriptor) [pid 720] close(25) = -1 EBADF (Bad file descriptor) [pid 720] close(26) = -1 EBADF (Bad file descriptor) [pid 720] close(27) = -1 EBADF (Bad file descriptor) [pid 720] close(28) = -1 EBADF (Bad file descriptor) [pid 720] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 720] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 720] exit_group(0) = ? [pid 720] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 375] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./61/binderfs") = 0 [pid 375] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./61/cgroup") = 0 [pid 375] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./61/cgroup.net") = 0 [pid 375] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./61/file0") = 0 [pid 375] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./61/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./61") = 0 [pid 375] mkdir("./62", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 728 attached , child_tidptr=0x555556fab5d0) = 64 [ 190.288661][ T720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 190.296626][ T720] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 190.304577][ T720] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 190.312531][ T720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 190.320491][ T720] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003d [ 190.328947][ T720] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 728] chdir("./62") = 0 [pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 727] <... write resumed>) = 6 [pid 728] <... prctl resumed>) = 0 [pid 727] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 728] setpgid(0, 0 [pid 727] <... openat resumed>) = 5 [pid 728] <... setpgid resumed>) = 0 [pid 727] write(5, "22", 2 [pid 728] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 727] <... write resumed>) = 2 [pid 728] <... symlink resumed>) = 0 [pid 727] write(4, "+pids ", 6 [pid 728] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 728] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 728] write(3, "1000", 4) = 4 [pid 728] close(3) = 0 [pid 728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 728] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 190.350402][ T722] FAULT_INJECTION: forcing a failure. [ 190.350402][ T722] name failslab, interval 1, probability 0, space 0, times 0 [ 190.363065][ T722] CPU: 1 PID: 722 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 190.374676][ T722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.384714][ T722] Call Trace: [ 190.387990][ T722] dump_stack_lvl+0x1e2/0x24b [ 190.392649][ T722] ? bfq_pos_tree_add_move+0x43e/0x43e [ 190.398094][ T722] ? selinux_kernfs_init_security+0x1a8/0x760 [ 190.404157][ T722] dump_stack+0x15/0x17 [ 190.408303][ T722] should_fail+0x3c0/0x510 [ 190.412707][ T722] ? __kernfs_new_node+0x99/0x6e0 [ 190.417705][ T722] __should_failslab+0x9f/0xe0 [ 190.422459][ T722] should_failslab+0x9/0x20 [ 190.426952][ T722] __kmalloc_track_caller+0x5f/0x350 [ 190.432218][ T722] kstrdup_const+0x55/0x90 [ 190.436700][ T722] __kernfs_new_node+0x99/0x6e0 [ 190.441527][ T722] ? is_module_text_address+0xe1/0x140 [ 190.446968][ T722] ? kernfs_new_node+0x170/0x170 [ 190.451888][ T722] ? ptr_to_hashval+0x60/0x60 [ 190.456535][ T722] ? arch_stack_walk+0xf8/0x140 [ 190.461359][ T722] ? snprintf+0xd6/0x120 [ 190.465572][ T722] kernfs_new_node+0x97/0x170 [ 190.470223][ T722] __kernfs_create_file+0x4a/0x270 [ 190.475308][ T722] cgroup_addrm_files+0xab8/0xfe0 [ 190.480308][ T722] ? ____kasan_kmalloc+0xdc/0x110 [ 190.485312][ T722] ? __kasan_kmalloc+0x9/0x10 [ 190.489990][ T722] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 190.495533][ T722] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 190.501667][ T722] ? delete_node+0x759/0x7b0 [ 190.506261][ T722] ? __kasan_check_read+0x11/0x20 [ 190.511274][ T722] ? delete_node+0x759/0x7b0 [ 190.515843][ T722] ? __kasan_check_write+0x14/0x20 [ 190.520934][ T722] ? idr_replace+0x1c4/0x230 [ 190.525497][ T722] ? idr_get_next+0x4b0/0x4b0 [ 190.530162][ T722] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 190.535177][ T722] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 190.540358][ T722] css_populate_dir+0x137/0x370 [ 190.545198][ T722] cgroup_apply_control_enable+0x8b9/0x12f0 [ 190.551093][ T722] cgroup_apply_control+0x93/0x710 [ 190.556189][ T722] ? css_next_child+0x160/0x160 [ 190.561071][ T722] ? stack_trace_save+0x12d/0x1f0 [ 190.566078][ T722] ? io_schedule+0x120/0x120 [ 190.570660][ T722] ? kernfs_fop_write_iter+0x15e/0x410 [ 190.576101][ T722] ? __kasan_check_write+0x14/0x20 [ 190.581190][ T722] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 190.586455][ T722] cgroup_subtree_control_write+0xd19/0x1310 [ 190.592417][ T722] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 190.598375][ T722] ? __kasan_check_write+0x14/0x20 [ 190.603462][ T722] ? _copy_from_iter+0x3fb/0xd60 [ 190.608375][ T722] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 190.614328][ T722] cgroup_file_write+0x28e/0x590 [ 190.619239][ T722] ? cgroup_seqfile_stop+0xc0/0xc0 [ 190.624327][ T722] ? mutex_lock+0xa6/0x110 [ 190.628716][ T722] ? mutex_trylock+0xb0/0xb0 [ 190.633290][ T722] ? __kasan_check_write+0x14/0x20 [ 190.638375][ T722] kernfs_fop_write_iter+0x2d0/0x410 [ 190.643641][ T722] ? cgroup_seqfile_stop+0xc0/0xc0 [ 190.648726][ T722] vfs_write+0xc1c/0xf40 [ 190.653030][ T722] ? __kasan_check_write+0x14/0x20 [ 190.658121][ T722] ? kernel_write+0x3c0/0x3c0 [ 190.662772][ T722] ? _raw_spin_unlock_irq+0x4e/0x70 [ 190.667947][ T722] ? ptrace_stop+0x6ff/0x9f0 [ 190.672513][ T722] ? __kasan_check_read+0x11/0x20 [ 190.677515][ T722] ? __fdget_pos+0x27e/0x310 [ 190.682080][ T722] ksys_write+0x198/0x2c0 [ 190.686385][ T722] ? do_notify_parent+0xa60/0xa60 [ 190.691390][ T722] ? __ia32_sys_read+0x90/0x90 [ 190.696127][ T722] ? __ia32_sys_open+0x270/0x270 [ 190.701037][ T722] __x64_sys_write+0x7b/0x90 [ 190.705601][ T722] do_syscall_64+0x34/0x70 [ 190.709993][ T722] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 190.715860][ T722] RIP: 0033:0x7fc8ece62c09 [ 190.720254][ T722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 190.740092][ T722] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 728] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 728] open("./file0", O_RDONLY) = 3 [pid 728] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 728] write(4, "-pids ", 6 [pid 722] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 722] close(3) = 0 [pid 722] close(4) = 0 [pid 722] close(5) = 0 [pid 722] close(6) = -1 EBADF (Bad file descriptor) [pid 722] close(7) = -1 EBADF (Bad file descriptor) [pid 722] close(8) = -1 EBADF (Bad file descriptor) [pid 722] close(9) = -1 EBADF (Bad file descriptor) [pid 722] close(10) = -1 EBADF (Bad file descriptor) [pid 722] close(11) = -1 EBADF (Bad file descriptor) [pid 722] close(12) = -1 EBADF (Bad file descriptor) [pid 722] close(13) = -1 EBADF (Bad file descriptor) [pid 722] close(14) = -1 EBADF (Bad file descriptor) [pid 722] close(15) = -1 EBADF (Bad file descriptor) [pid 722] close(16) = -1 EBADF (Bad file descriptor) [pid 722] close(17) = -1 EBADF (Bad file descriptor) [pid 722] close(18) = -1 EBADF (Bad file descriptor) [pid 722] close(19) = -1 EBADF (Bad file descriptor) [pid 722] close(20) = -1 EBADF (Bad file descriptor) [pid 722] close(21) = -1 EBADF (Bad file descriptor) [pid 722] close(22) = -1 EBADF (Bad file descriptor) [pid 722] close(23) = -1 EBADF (Bad file descriptor) [pid 722] close(24) = -1 EBADF (Bad file descriptor) [pid 722] close(25) = -1 EBADF (Bad file descriptor) [pid 722] close(26) = -1 EBADF (Bad file descriptor) [pid 722] close(27) = -1 EBADF (Bad file descriptor) [pid 722] close(28) = -1 EBADF (Bad file descriptor) [pid 722] close(29) = -1 EBADF (Bad file descriptor) [pid 722] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 722] exit_group(0) = ? [pid 722] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=51, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./49/binderfs") = 0 [pid 383] umount2("./49/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./49/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./49/cgroup") = 0 [pid 383] umount2("./49/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./49/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./49/cgroup.net") = 0 [pid 383] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./49/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./49/file0") = 0 [pid 383] umount2("./49/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./49/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./49/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./49") = 0 [pid 383] mkdir("./50", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 729 attached [pid 729] chdir("./50" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 52 [pid 729] <... chdir resumed>) = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 729] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 729] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 729] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 729] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 729] open("./file0", O_RDONLY) = 3 [pid 729] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 190.748480][ T722] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 190.756427][ T722] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 190.764376][ T722] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 190.772322][ T722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 190.780270][ T722] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000031 [ 190.788878][ T722] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 729] write(4, "-pids ", 6) = 6 [pid 729] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 729] write(5, "22", 2) = 2 [ 190.830417][ T723] FAULT_INJECTION: forcing a failure. [ 190.830417][ T723] name failslab, interval 1, probability 0, space 0, times 0 [ 190.843492][ T723] CPU: 0 PID: 723 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 190.855098][ T723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.865133][ T723] Call Trace: [ 190.868401][ T723] dump_stack_lvl+0x1e2/0x24b [ 190.873052][ T723] ? bfq_pos_tree_add_move+0x43e/0x43e [ 190.878485][ T723] ? selinux_kernfs_init_security+0x1a8/0x760 [ 190.884525][ T723] dump_stack+0x15/0x17 [ 190.888653][ T723] should_fail+0x3c0/0x510 [ 190.893047][ T723] ? __kernfs_new_node+0x99/0x6e0 [ 190.898058][ T723] __should_failslab+0x9f/0xe0 [ 190.902795][ T723] should_failslab+0x9/0x20 [ 190.907271][ T723] __kmalloc_track_caller+0x5f/0x350 [ 190.912528][ T723] kstrdup_const+0x55/0x90 [ 190.916922][ T723] __kernfs_new_node+0x99/0x6e0 [ 190.921742][ T723] ? is_module_text_address+0xe1/0x140 [ 190.927261][ T723] ? kernfs_new_node+0x170/0x170 [ 190.932170][ T723] ? ptr_to_hashval+0x60/0x60 [ 190.936816][ T723] ? arch_stack_walk+0xf8/0x140 [ 190.941637][ T723] ? snprintf+0xd6/0x120 [ 190.945858][ T723] kernfs_new_node+0x97/0x170 [ 190.950513][ T723] __kernfs_create_file+0x4a/0x270 [ 190.955604][ T723] cgroup_addrm_files+0xab8/0xfe0 [ 190.960599][ T723] ? ____kasan_kmalloc+0xdc/0x110 [ 190.965594][ T723] ? __kasan_kmalloc+0x9/0x10 [ 190.970252][ T723] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 190.975770][ T723] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 190.981893][ T723] ? delete_node+0x759/0x7b0 [ 190.986456][ T723] ? __kasan_check_read+0x11/0x20 [ 190.991451][ T723] ? delete_node+0x759/0x7b0 [ 190.996011][ T723] ? __kasan_check_write+0x14/0x20 [ 191.001103][ T723] ? idr_replace+0x1c4/0x230 [ 191.005706][ T723] ? idr_get_next+0x4b0/0x4b0 [ 191.010357][ T723] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 191.015351][ T723] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 191.020524][ T723] css_populate_dir+0x137/0x370 [ 191.025350][ T723] cgroup_apply_control_enable+0x8b9/0x12f0 [ 191.031219][ T723] cgroup_apply_control+0x93/0x710 [ 191.036303][ T723] ? css_next_child+0x160/0x160 [ 191.041140][ T723] ? stack_trace_save+0x12d/0x1f0 [ 191.046156][ T723] ? io_schedule+0x120/0x120 [ 191.050730][ T723] ? kernfs_fop_write_iter+0x15e/0x410 [ 191.056160][ T723] ? __kasan_check_write+0x14/0x20 [ 191.061244][ T723] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 191.066497][ T723] cgroup_subtree_control_write+0xd19/0x1310 [ 191.072447][ T723] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 191.078395][ T723] ? __kasan_check_write+0x14/0x20 [ 191.083488][ T723] ? _copy_from_iter+0x3fb/0xd60 [ 191.088410][ T723] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 191.094360][ T723] cgroup_file_write+0x28e/0x590 [ 191.099268][ T723] ? cgroup_seqfile_stop+0xc0/0xc0 [ 191.104352][ T723] ? mutex_lock+0xa6/0x110 [ 191.108825][ T723] ? mutex_trylock+0xb0/0xb0 [ 191.113385][ T723] ? __kasan_check_write+0x14/0x20 [ 191.118473][ T723] kernfs_fop_write_iter+0x2d0/0x410 [ 191.123736][ T723] ? cgroup_seqfile_stop+0xc0/0xc0 [ 191.128818][ T723] vfs_write+0xc1c/0xf40 [ 191.133030][ T723] ? __kasan_check_write+0x14/0x20 [ 191.138120][ T723] ? kernel_write+0x3c0/0x3c0 [ 191.142769][ T723] ? _raw_spin_unlock_irq+0x4e/0x70 [ 191.147941][ T723] ? ptrace_stop+0x6ff/0x9f0 [ 191.152504][ T723] ? __kasan_check_read+0x11/0x20 [ 191.157500][ T723] ? __fdget_pos+0x27e/0x310 [ 191.162063][ T723] ksys_write+0x198/0x2c0 [ 191.166376][ T723] ? do_notify_parent+0xa60/0xa60 [ 191.171378][ T723] ? __ia32_sys_read+0x90/0x90 [ 191.176115][ T723] ? __ia32_sys_open+0x270/0x270 [ 191.181025][ T723] __x64_sys_write+0x7b/0x90 [ 191.185591][ T723] do_syscall_64+0x34/0x70 [ 191.189977][ T723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 191.195857][ T723] RIP: 0033:0x7fc8ece62c09 [ 191.200247][ T723] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 191.219824][ T723] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 729] write(4, "+pids ", 6 [pid 723] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 723] close(3) = 0 [pid 723] close(4) = 0 [pid 723] close(5) = 0 [pid 723] close(6) = -1 EBADF (Bad file descriptor) [pid 723] close(7) = -1 EBADF (Bad file descriptor) [pid 723] close(8) = -1 EBADF (Bad file descriptor) [pid 723] close(9) = -1 EBADF (Bad file descriptor) [pid 723] close(10) = -1 EBADF (Bad file descriptor) [pid 723] close(11) = -1 EBADF (Bad file descriptor) [pid 723] close(12) = -1 EBADF (Bad file descriptor) [pid 723] close(13) = -1 EBADF (Bad file descriptor) [pid 723] close(14) = -1 EBADF (Bad file descriptor) [pid 723] close(15) = -1 EBADF (Bad file descriptor) [pid 723] close(16) = -1 EBADF (Bad file descriptor) [pid 723] close(17) = -1 EBADF (Bad file descriptor) [pid 723] close(18) = -1 EBADF (Bad file descriptor) [pid 723] close(19) = -1 EBADF (Bad file descriptor) [pid 723] close(20) = -1 EBADF (Bad file descriptor) [pid 723] close(21) = -1 EBADF (Bad file descriptor) [pid 723] close(22) = -1 EBADF (Bad file descriptor) [pid 723] close(23) = -1 EBADF (Bad file descriptor) [pid 723] close(24) = -1 EBADF (Bad file descriptor) [pid 723] close(25) = -1 EBADF (Bad file descriptor) [pid 723] close(26) = -1 EBADF (Bad file descriptor) [pid 723] close(27) = -1 EBADF (Bad file descriptor) [pid 723] close(28) = -1 EBADF (Bad file descriptor) [pid 723] close(29) = -1 EBADF (Bad file descriptor) [pid 723] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 723] exit_group(0) = ? [pid 723] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 191.228214][ T723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 191.236157][ T723] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 191.244099][ T723] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 191.252041][ T723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 191.259991][ T723] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 191.268079][ T723] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 376] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./54/binderfs") = 0 [pid 376] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./54/cgroup") = 0 [pid 376] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./54/cgroup.net") = 0 [pid 376] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./54/file0") = 0 [pid 376] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./54/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./54") = 0 [pid 376] mkdir("./55", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 730 attached , child_tidptr=0x555556fab5d0) = 57 [pid 730] chdir("./55") = 0 [pid 730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 730] setpgid(0, 0) = 0 [pid 730] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 730] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 730] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 730] write(3, "1000", 4) = 4 [pid 730] close(3) = 0 [pid 730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 730] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 191.290507][ T724] FAULT_INJECTION: forcing a failure. [ 191.290507][ T724] name failslab, interval 1, probability 0, space 0, times 0 [ 191.311924][ T724] CPU: 1 PID: 724 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 191.323554][ T724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.333595][ T724] Call Trace: [ 191.336864][ T724] dump_stack_lvl+0x1e2/0x24b [ 191.341527][ T724] ? bfq_pos_tree_add_move+0x43e/0x43e [ 191.346966][ T724] ? selinux_kernfs_init_security+0x1a8/0x760 [ 191.353017][ T724] dump_stack+0x15/0x17 [ 191.357163][ T724] should_fail+0x3c0/0x510 [ 191.361561][ T724] ? __kernfs_new_node+0x99/0x6e0 [ 191.366556][ T724] __should_failslab+0x9f/0xe0 [ 191.371317][ T724] should_failslab+0x9/0x20 [ 191.375815][ T724] __kmalloc_track_caller+0x5f/0x350 [ 191.381085][ T724] kstrdup_const+0x55/0x90 [ 191.385486][ T724] __kernfs_new_node+0x99/0x6e0 [ 191.390308][ T724] ? is_module_text_address+0xe1/0x140 [ 191.395745][ T724] ? kernfs_new_node+0x170/0x170 [ 191.400667][ T724] ? ptr_to_hashval+0x60/0x60 [ 191.405328][ T724] ? arch_stack_walk+0xf8/0x140 [ 191.410159][ T724] ? snprintf+0xd6/0x120 [ 191.414378][ T724] kernfs_new_node+0x97/0x170 [ 191.419034][ T724] __kernfs_create_file+0x4a/0x270 [ 191.424123][ T724] cgroup_addrm_files+0xab8/0xfe0 [ 191.429122][ T724] ? ____kasan_kmalloc+0xdc/0x110 [ 191.434119][ T724] ? __kasan_kmalloc+0x9/0x10 [ 191.438777][ T724] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 191.444317][ T724] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 191.450598][ T724] ? delete_node+0x759/0x7b0 [ 191.455166][ T724] ? __kasan_check_read+0x11/0x20 [ 191.460174][ T724] ? delete_node+0x759/0x7b0 [ 191.464740][ T724] ? __kasan_check_write+0x14/0x20 [ 191.469851][ T724] ? idr_replace+0x1c4/0x230 [ 191.474427][ T724] ? idr_get_next+0x4b0/0x4b0 [ 191.479076][ T724] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 191.484085][ T724] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 191.489267][ T724] css_populate_dir+0x137/0x370 [ 191.494094][ T724] cgroup_apply_control_enable+0x8b9/0x12f0 [ 191.499962][ T724] cgroup_apply_control+0x93/0x710 [ 191.505073][ T724] ? css_next_child+0x160/0x160 [ 191.509906][ T724] ? stack_trace_save+0x12d/0x1f0 [ 191.514910][ T724] ? io_schedule+0x120/0x120 [ 191.519486][ T724] ? kernfs_fop_write_iter+0x15e/0x410 [ 191.525321][ T724] ? __kasan_check_write+0x14/0x20 [ 191.530414][ T724] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 191.535682][ T724] cgroup_subtree_control_write+0xd19/0x1310 [ 191.541643][ T724] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 191.547622][ T724] ? __kasan_check_write+0x14/0x20 [ 191.552831][ T724] ? _copy_from_iter+0x3fb/0xd60 [ 191.557784][ T724] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 191.563752][ T724] cgroup_file_write+0x28e/0x590 [ 191.568690][ T724] ? cgroup_seqfile_stop+0xc0/0xc0 [ 191.573807][ T724] ? mutex_lock+0xa6/0x110 [ 191.578217][ T724] ? mutex_trylock+0xb0/0xb0 [ 191.582822][ T724] ? __kasan_check_write+0x14/0x20 [ 191.587942][ T724] kernfs_fop_write_iter+0x2d0/0x410 [ 191.593219][ T724] ? cgroup_seqfile_stop+0xc0/0xc0 [ 191.598330][ T724] vfs_write+0xc1c/0xf40 [ 191.602663][ T724] ? __kasan_check_write+0x14/0x20 [ 191.607762][ T724] ? kernel_write+0x3c0/0x3c0 [ 191.612434][ T724] ? _raw_spin_unlock_irq+0x4e/0x70 [ 191.617621][ T724] ? ptrace_stop+0x6ff/0x9f0 [ 191.622193][ T724] ? __kasan_check_read+0x11/0x20 [ 191.627198][ T724] ? __fdget_pos+0x27e/0x310 [ 191.631784][ T724] ksys_write+0x198/0x2c0 [ 191.636091][ T724] ? do_notify_parent+0xa60/0xa60 [ 191.641099][ T724] ? __ia32_sys_read+0x90/0x90 [ 191.645846][ T724] ? __ia32_sys_open+0x270/0x270 [ 191.650770][ T724] __x64_sys_write+0x7b/0x90 [ 191.655343][ T724] do_syscall_64+0x34/0x70 [ 191.659734][ T724] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 191.665607][ T724] RIP: 0033:0x7fc8ece62c09 [ 191.669997][ T724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 191.689577][ T724] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.697964][ T724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 191.705914][ T724] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 191.713859][ T724] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 191.721806][ T724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 191.729755][ T724] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [pid 730] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 724] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 730] open("./file0", O_RDONLY [pid 724] close(3 [pid 730] <... open resumed>) = 3 [pid 730] openat(3, "cgroup.subtree_control", O_RDWR [pid 724] <... close resumed>) = 0 [pid 730] <... openat resumed>) = 4 [pid 730] write(4, "-pids ", 6 [pid 724] close(4) = 0 [pid 724] close(5) = 0 [pid 724] close(6) = -1 EBADF (Bad file descriptor) [pid 724] close(7) = -1 EBADF (Bad file descriptor) [pid 724] close(8) = -1 EBADF (Bad file descriptor) [pid 724] close(9) = -1 EBADF (Bad file descriptor) [pid 724] close(10) = -1 EBADF (Bad file descriptor) [pid 724] close(11) = -1 EBADF (Bad file descriptor) [pid 724] close(12) = -1 EBADF (Bad file descriptor) [pid 724] close(13) = -1 EBADF (Bad file descriptor) [pid 724] close(14) = -1 EBADF (Bad file descriptor) [pid 724] close(15) = -1 EBADF (Bad file descriptor) [pid 724] close(16) = -1 EBADF (Bad file descriptor) [pid 724] close(17) = -1 EBADF (Bad file descriptor) [pid 724] close(18) = -1 EBADF (Bad file descriptor) [pid 724] close(19) = -1 EBADF (Bad file descriptor) [pid 724] close(20) = -1 EBADF (Bad file descriptor) [pid 724] close(21) = -1 EBADF (Bad file descriptor) [pid 724] close(22) = -1 EBADF (Bad file descriptor) [pid 724] close(23) = -1 EBADF (Bad file descriptor) [pid 724] close(24) = -1 EBADF (Bad file descriptor) [pid 724] close(25) = -1 EBADF (Bad file descriptor) [pid 724] close(26) = -1 EBADF (Bad file descriptor) [pid 724] close(27) = -1 EBADF (Bad file descriptor) [pid 724] close(28) = -1 EBADF (Bad file descriptor) [pid 724] close(29) = -1 EBADF (Bad file descriptor) [pid 724] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 724] exit_group(0) = ? [pid 724] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...> [pid 726] <... write resumed>) = 6 [pid 730] <... write resumed>) = 6 [pid 730] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 381] <... restart_syscall resumed>) = 0 [pid 730] <... openat resumed>) = 5 [pid 726] <... openat resumed>) = 5 [pid 730] write(5, "22", 2 [pid 726] write(5, "22", 2 [pid 730] <... write resumed>) = 2 [pid 726] <... write resumed>) = 2 [pid 381] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] write(4, "+pids ", 6 [pid 726] write(4, "+pids ", 6 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./58/binderfs") = 0 [pid 381] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./58/cgroup") = 0 [pid 381] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./58/cgroup.net") = 0 [ 191.738224][ T724] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 191.760534][ T729] FAULT_INJECTION: forcing a failure. [ 191.760534][ T729] name failslab, interval 1, probability 0, space 0, times 0 [ 191.773218][ T729] CPU: 0 PID: 729 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 191.784834][ T729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.794877][ T729] Call Trace: [ 191.798146][ T729] dump_stack_lvl+0x1e2/0x24b [ 191.802796][ T729] ? bfq_pos_tree_add_move+0x43e/0x43e [ 191.808236][ T729] ? selinux_kernfs_init_security+0x1a8/0x760 [ 191.814279][ T729] dump_stack+0x15/0x17 [ 191.818407][ T729] should_fail+0x3c0/0x510 [ 191.823055][ T729] ? __kernfs_new_node+0x99/0x6e0 [ 191.828061][ T729] __should_failslab+0x9f/0xe0 [ 191.832816][ T729] should_failslab+0x9/0x20 [ 191.837293][ T729] __kmalloc_track_caller+0x5f/0x350 [ 191.842551][ T729] kstrdup_const+0x55/0x90 [ 191.846946][ T729] __kernfs_new_node+0x99/0x6e0 [ 191.851785][ T729] ? is_module_text_address+0xe1/0x140 [ 191.857214][ T729] ? kernfs_new_node+0x170/0x170 [ 191.862126][ T729] ? ptr_to_hashval+0x60/0x60 [ 191.866772][ T729] ? arch_stack_walk+0xf8/0x140 [ 191.871594][ T729] ? snprintf+0xd6/0x120 [ 191.875807][ T729] kernfs_new_node+0x97/0x170 [ 191.880458][ T729] __kernfs_create_file+0x4a/0x270 [ 191.885539][ T729] cgroup_addrm_files+0xab8/0xfe0 [ 191.890533][ T729] ? ____kasan_kmalloc+0xdc/0x110 [ 191.895526][ T729] ? __kasan_kmalloc+0x9/0x10 [ 191.900181][ T729] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 191.905807][ T729] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 191.911940][ T729] ? delete_node+0x759/0x7b0 [ 191.916516][ T729] ? __kasan_check_read+0x11/0x20 [ 191.921511][ T729] ? delete_node+0x759/0x7b0 [ 191.926085][ T729] ? __kasan_check_write+0x14/0x20 [ 191.931179][ T729] ? idr_replace+0x1c4/0x230 [ 191.935751][ T729] ? idr_get_next+0x4b0/0x4b0 [ 191.940408][ T729] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 191.945407][ T729] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 191.950587][ T729] css_populate_dir+0x137/0x370 [ 191.955421][ T729] cgroup_apply_control_enable+0x8b9/0x12f0 [ 191.961297][ T729] cgroup_apply_control+0x93/0x710 [ 191.966391][ T729] ? css_next_child+0x160/0x160 [ 191.971251][ T729] ? stack_trace_save+0x12d/0x1f0 [ 191.976254][ T729] ? io_schedule+0x120/0x120 [ 191.980829][ T729] ? kernfs_fop_write_iter+0x15e/0x410 [ 191.986269][ T729] ? __kasan_check_write+0x14/0x20 [ 191.991362][ T729] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 191.996620][ T729] cgroup_subtree_control_write+0xd19/0x1310 [ 192.002574][ T729] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.008542][ T729] ? __kasan_check_write+0x14/0x20 [ 192.013635][ T729] ? _copy_from_iter+0x3fb/0xd60 [ 192.018551][ T729] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.024509][ T729] cgroup_file_write+0x28e/0x590 [ 192.029416][ T729] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.034497][ T729] ? mutex_lock+0xa6/0x110 [ 192.038884][ T729] ? mutex_trylock+0xb0/0xb0 [ 192.043466][ T729] ? __kasan_check_write+0x14/0x20 [ 192.048549][ T729] kernfs_fop_write_iter+0x2d0/0x410 [ 192.053805][ T729] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.058889][ T729] vfs_write+0xc1c/0xf40 [ 192.063101][ T729] ? __kasan_check_write+0x14/0x20 [ 192.068186][ T729] ? kernel_write+0x3c0/0x3c0 [ 192.072834][ T729] ? _raw_spin_unlock_irq+0x4e/0x70 [ 192.078005][ T729] ? ptrace_stop+0x6ff/0x9f0 [ 192.082568][ T729] ? __kasan_check_read+0x11/0x20 [ 192.087566][ T729] ? __fdget_pos+0x27e/0x310 [ 192.092128][ T729] ksys_write+0x198/0x2c0 [ 192.096429][ T729] ? do_notify_parent+0xa60/0xa60 [ 192.101430][ T729] ? __ia32_sys_read+0x90/0x90 [ 192.106175][ T729] ? __ia32_sys_open+0x270/0x270 [ 192.111089][ T729] __x64_sys_write+0x7b/0x90 [ 192.115660][ T729] do_syscall_64+0x34/0x70 [ 192.120047][ T729] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.125907][ T729] RIP: 0033:0x7fc8ece62c09 [ 192.130295][ T729] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.149872][ T729] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.158256][ T729] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 192.166199][ T729] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 192.174149][ T729] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 192.182100][ T729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 381] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./58/file0" [pid 729] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] <... rmdir resumed>) = 0 [pid 729] close(3 [pid 381] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 729] <... close resumed>) = 0 [pid 381] lstat("./58/cgroup.cpu", [pid 729] close(4 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./58/cgroup.cpu") = 0 [pid 729] <... close resumed>) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 729] close(5 [pid 381] rmdir("./58" [pid 729] <... close resumed>) = 0 [pid 381] <... rmdir resumed>) = 0 [pid 381] mkdir("./59", 0777 [pid 729] close(6 [pid 381] <... mkdir resumed>) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 731 attached [pid 729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 61 [pid 731] chdir("./59") = 0 [pid 731] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 729] close(7 [pid 731] <... prctl resumed>) = 0 [pid 731] setpgid(0, 0) = 0 [pid 729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 731] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 731] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 729] close(8 [pid 731] <... symlink resumed>) = 0 [pid 731] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 731] <... openat resumed>) = 3 [pid 731] write(3, "1000", 4 [pid 729] close(9 [pid 731] <... write resumed>) = 4 [pid 731] close(3) = 0 [pid 731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 731] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 731] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 731] open("./file0", O_RDONLY [pid 729] close(10 [pid 731] <... open resumed>) = 3 [pid 731] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 731] write(4, "-pids ", 6 [pid 729] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 729] close(11) = -1 EBADF (Bad file descriptor) [pid 729] close(12) = -1 EBADF (Bad file descriptor) [pid 729] close(13) = -1 EBADF (Bad file descriptor) [pid 729] close(14) = -1 EBADF (Bad file descriptor) [pid 729] close(15) = -1 EBADF (Bad file descriptor) [pid 729] close(16) = -1 EBADF (Bad file descriptor) [pid 729] close(17) = -1 EBADF (Bad file descriptor) [pid 729] close(18) = -1 EBADF (Bad file descriptor) [pid 729] close(19) = -1 EBADF (Bad file descriptor) [pid 729] close(20) = -1 EBADF (Bad file descriptor) [pid 729] close(21) = -1 EBADF (Bad file descriptor) [pid 729] close(22) = -1 EBADF (Bad file descriptor) [pid 729] close(23) = -1 EBADF (Bad file descriptor) [pid 729] close(24) = -1 EBADF (Bad file descriptor) [pid 729] close(25) = -1 EBADF (Bad file descriptor) [pid 729] close(26) = -1 EBADF (Bad file descriptor) [pid 729] close(27) = -1 EBADF (Bad file descriptor) [pid 729] close(28) = -1 EBADF (Bad file descriptor) [pid 729] close(29) = -1 EBADF (Bad file descriptor) [pid 729] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [ 192.190043][ T729] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000032 [ 192.198077][ T729] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 192.220624][ T730] FAULT_INJECTION: forcing a failure. [ 192.220624][ T730] name failslab, interval 1, probability 0, space 0, times 0 [pid 729] exit_group(0) = ? [pid 729] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=52, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./50/binderfs") = 0 [pid 383] umount2("./50/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./50/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./50/cgroup") = 0 [pid 383] umount2("./50/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./50/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./50/cgroup.net") = 0 [ 192.233755][ T730] CPU: 0 PID: 730 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 192.245369][ T730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.255397][ T730] Call Trace: [ 192.258666][ T730] dump_stack_lvl+0x1e2/0x24b [ 192.263318][ T730] ? panic+0x7d7/0x7d7 [ 192.267360][ T730] ? bfq_pos_tree_add_move+0x43e/0x43e [ 192.272790][ T730] ? find_next_bit+0xd6/0x120 [ 192.277439][ T730] ? cpumask_next+0x11/0x30 [ 192.281986][ T730] dump_stack+0x15/0x17 [ 192.286262][ T730] should_fail+0x3c0/0x510 [ 192.290667][ T730] ? percpu_ref_init+0xd0/0x330 [ 192.295495][ T730] __should_failslab+0x9f/0xe0 [ 192.300319][ T730] should_failslab+0x9/0x20 [ 192.304803][ T730] kmem_cache_alloc_trace+0x3a/0x330 [ 192.310072][ T730] percpu_ref_init+0xd0/0x330 [ 192.314732][ T730] ? cgroup_setup_root+0xea0/0xea0 [ 192.319825][ T730] cgroup_apply_control_enable+0x3a2/0x12f0 [ 192.325697][ T730] cgroup_apply_control+0x93/0x710 [ 192.330785][ T730] ? css_next_child+0x160/0x160 [ 192.335608][ T730] ? io_schedule+0x120/0x120 [ 192.340177][ T730] ? kernfs_fop_write_iter+0x15e/0x410 [ 192.345627][ T730] ? __kasan_check_write+0x14/0x20 [ 192.350735][ T730] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 192.356015][ T730] cgroup_subtree_control_write+0xd19/0x1310 [ 192.361982][ T730] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.367933][ T730] ? __kasan_check_write+0x14/0x20 [ 192.373017][ T730] ? _copy_from_iter+0x3fb/0xd60 [ 192.377935][ T730] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.383900][ T730] cgroup_file_write+0x28e/0x590 [ 192.388813][ T730] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.393896][ T730] ? mutex_lock+0xa6/0x110 [ 192.398286][ T730] ? mutex_trylock+0xb0/0xb0 [ 192.402850][ T730] ? __kasan_check_write+0x14/0x20 [ 192.407935][ T730] kernfs_fop_write_iter+0x2d0/0x410 [ 192.413203][ T730] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.418298][ T730] vfs_write+0xc1c/0xf40 [ 192.422973][ T730] ? __kasan_check_write+0x14/0x20 [ 192.428061][ T730] ? kernel_write+0x3c0/0x3c0 [ 192.432713][ T730] ? _raw_spin_unlock_irq+0x4e/0x70 [ 192.437880][ T730] ? ptrace_stop+0x6ff/0x9f0 [ 192.442457][ T730] ? __kasan_check_read+0x11/0x20 [ 192.447461][ T730] ? __fdget_pos+0x27e/0x310 [ 192.452023][ T730] ksys_write+0x198/0x2c0 [ 192.456328][ T730] ? do_notify_parent+0xa60/0xa60 [ 192.461325][ T730] ? __ia32_sys_read+0x90/0x90 [ 192.466059][ T730] ? __ia32_sys_open+0x270/0x270 [ 192.470982][ T730] __x64_sys_write+0x7b/0x90 [ 192.475561][ T730] do_syscall_64+0x34/0x70 [ 192.480014][ T730] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.485889][ T730] RIP: 0033:0x7fc8ece62c09 [ 192.490309][ T730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.509889][ T730] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.518278][ T730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 192.526226][ T730] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 192.534171][ T730] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [pid 383] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 383] <... umount2 resumed>) = 0 [pid 730] close(3 [pid 383] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... close resumed>) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./50/file0", [pid 730] close(4 [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./50/file0" [pid 730] <... close resumed>) = 0 [pid 383] <... rmdir resumed>) = 0 [pid 383] umount2("./50/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] close(5 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] lstat("./50/cgroup.cpu", [pid 730] <... close resumed>) = 0 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./50/cgroup.cpu" [pid 730] close(6 [pid 383] <... unlink resumed>) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./50" [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 383] <... rmdir resumed>) = 0 [pid 730] close(7 [pid 383] mkdir("./51", 0777) = 0 [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 732 attached [pid 732] chdir("./51" [pid 730] close(8 [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 53 [pid 732] <... chdir resumed>) = 0 [pid 732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 732] setpgid(0, 0) = 0 [pid 732] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 732] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 732] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 730] close(9 [pid 732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 732] write(3, "1000", 4) = 4 [pid 732] close(3) = 0 [pid 732] symlink("/dev/binderfs", "./binderfs" [pid 730] close(10 [pid 732] <... symlink resumed>) = 0 [pid 732] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 732] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 730] close(11 [pid 732] open("./file0", O_RDONLY) = 3 [pid 732] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 732] write(4, "-pids ", 6 [pid 730] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 730] close(12) = -1 EBADF (Bad file descriptor) [pid 730] close(13) = -1 EBADF (Bad file descriptor) [pid 730] close(14) = -1 EBADF (Bad file descriptor) [pid 730] close(15) = -1 EBADF (Bad file descriptor) [pid 730] close(16) = -1 EBADF (Bad file descriptor) [pid 730] close(17) = -1 EBADF (Bad file descriptor) [pid 730] close(18) = -1 EBADF (Bad file descriptor) [pid 730] close(19) = -1 EBADF (Bad file descriptor) [pid 730] close(20) = -1 EBADF (Bad file descriptor) [pid 730] close(21) = -1 EBADF (Bad file descriptor) [pid 730] close(22) = -1 EBADF (Bad file descriptor) [pid 730] close(23) = -1 EBADF (Bad file descriptor) [pid 730] close(24) = -1 EBADF (Bad file descriptor) [pid 730] close(25) = -1 EBADF (Bad file descriptor) [pid 730] close(26) = -1 EBADF (Bad file descriptor) [pid 730] close(27) = -1 EBADF (Bad file descriptor) [pid 730] close(28) = -1 EBADF (Bad file descriptor) [pid 730] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 730] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 730] exit_group(0) = ? [pid 730] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./55/binderfs") = 0 [pid 376] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./55/cgroup") = 0 [pid 376] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./55/cgroup.net") = 0 [ 192.542116][ T730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 192.550068][ T730] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 192.570413][ T726] FAULT_INJECTION: forcing a failure. [ 192.570413][ T726] name failslab, interval 1, probability 0, space 0, times 0 [ 192.583179][ T726] CPU: 0 PID: 726 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 192.594793][ T726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.604824][ T726] Call Trace: [ 192.608092][ T726] dump_stack_lvl+0x1e2/0x24b [ 192.612748][ T726] ? bfq_pos_tree_add_move+0x43e/0x43e [ 192.618188][ T726] ? selinux_kernfs_init_security+0x1a8/0x760 [ 192.624243][ T726] dump_stack+0x15/0x17 [ 192.628374][ T726] should_fail+0x3c0/0x510 [ 192.632769][ T726] ? __kernfs_new_node+0x99/0x6e0 [ 192.637783][ T726] __should_failslab+0x9f/0xe0 [ 192.642532][ T726] should_failslab+0x9/0x20 [ 192.647010][ T726] __kmalloc_track_caller+0x5f/0x350 [ 192.652267][ T726] kstrdup_const+0x55/0x90 [ 192.656653][ T726] __kernfs_new_node+0x99/0x6e0 [ 192.661477][ T726] ? is_module_text_address+0xe1/0x140 [ 192.666917][ T726] ? kernfs_new_node+0x170/0x170 [ 192.671837][ T726] ? ptr_to_hashval+0x60/0x60 [ 192.676495][ T726] ? arch_stack_walk+0xf8/0x140 [ 192.681327][ T726] ? snprintf+0xd6/0x120 [ 192.685550][ T726] kernfs_new_node+0x97/0x170 [ 192.690212][ T726] __kernfs_create_file+0x4a/0x270 [ 192.695474][ T726] cgroup_addrm_files+0xab8/0xfe0 [ 192.700481][ T726] ? ____kasan_kmalloc+0xdc/0x110 [ 192.705487][ T726] ? __kasan_kmalloc+0x9/0x10 [ 192.710145][ T726] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 192.715677][ T726] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 192.721808][ T726] ? delete_node+0x759/0x7b0 [ 192.726544][ T726] ? __kasan_check_read+0x11/0x20 [ 192.731546][ T726] ? delete_node+0x759/0x7b0 [ 192.736117][ T726] ? __kasan_check_write+0x14/0x20 [ 192.741215][ T726] ? idr_replace+0x1c4/0x230 [ 192.745789][ T726] ? idr_get_next+0x4b0/0x4b0 [ 192.750436][ T726] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 192.755439][ T726] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 192.760617][ T726] css_populate_dir+0x137/0x370 [ 192.765439][ T726] cgroup_apply_control_enable+0x8b9/0x12f0 [ 192.771305][ T726] cgroup_apply_control+0x93/0x710 [ 192.776395][ T726] ? css_next_child+0x160/0x160 [ 192.781227][ T726] ? io_schedule+0x120/0x120 [ 192.785966][ T726] ? kernfs_fop_write_iter+0x15e/0x410 [ 192.791404][ T726] ? __kasan_check_write+0x14/0x20 [ 192.796484][ T726] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 192.801750][ T726] cgroup_subtree_control_write+0xd19/0x1310 [ 192.807712][ T726] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.813665][ T726] ? __kasan_check_write+0x14/0x20 [ 192.818758][ T726] ? _copy_from_iter+0x3fb/0xd60 [ 192.824028][ T726] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 192.830001][ T726] cgroup_file_write+0x28e/0x590 [ 192.834910][ T726] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.839998][ T726] ? mutex_lock+0xa6/0x110 [ 192.844385][ T726] ? mutex_trylock+0xb0/0xb0 [ 192.848954][ T726] ? __kasan_check_write+0x14/0x20 [ 192.854049][ T726] kernfs_fop_write_iter+0x2d0/0x410 [ 192.859307][ T726] ? cgroup_seqfile_stop+0xc0/0xc0 [ 192.864403][ T726] vfs_write+0xc1c/0xf40 [ 192.868638][ T726] ? __kasan_check_write+0x14/0x20 [ 192.873732][ T726] ? kernel_write+0x3c0/0x3c0 [ 192.878380][ T726] ? _raw_spin_unlock_irq+0x4e/0x70 [ 192.883559][ T726] ? ptrace_stop+0x6ff/0x9f0 [ 192.888130][ T726] ? __kasan_check_read+0x11/0x20 [ 192.893135][ T726] ? __fdget_pos+0x27e/0x310 [ 192.897707][ T726] ksys_write+0x198/0x2c0 [ 192.902011][ T726] ? do_notify_parent+0xa60/0xa60 [ 192.907012][ T726] ? __ia32_sys_read+0x90/0x90 [ 192.911756][ T726] ? __ia32_sys_open+0x270/0x270 [ 192.916669][ T726] __x64_sys_write+0x7b/0x90 [ 192.921240][ T726] do_syscall_64+0x34/0x70 [ 192.925993][ T726] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.931867][ T726] RIP: 0033:0x7fc8ece62c09 [ 192.936268][ T726] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 192.955861][ T726] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 192.964262][ T726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 192.972214][ T726] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 192.980161][ T726] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 192.988118][ T726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 376] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 726] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 376] rmdir("./55/file0" [pid 726] close(3) = 0 [pid 376] <... rmdir resumed>) = 0 [pid 726] close(4 [pid 376] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 726] <... close resumed>) = 0 [pid 376] lstat("./55/cgroup.cpu", [pid 726] close(5 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 726] <... close resumed>) = 0 [pid 376] unlink("./55/cgroup.cpu") = 0 [pid 726] close(6) = -1 EBADF (Bad file descriptor) [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 726] close(7 [pid 376] close(3 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] <... close resumed>) = 0 [pid 726] close(8 [pid 376] rmdir("./55") = 0 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 376] mkdir("./56", 0777) = 0 [pid 726] close(9 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 733 attached [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 733] chdir("./56") = 0 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 58 [pid 733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 733] setpgid(0, 0) = 0 [pid 733] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 726] close(10 [pid 733] <... symlink resumed>) = 0 [pid 733] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 733] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 726] close(11 [pid 733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 733] write(3, "1000", 4) = 4 [pid 733] close(3) = 0 [pid 733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 733] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 726] close(12 [pid 733] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 733] open("./file0", O_RDONLY) = 3 [pid 733] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 726] close(13 [pid 733] write(4, "-pids ", 6 [pid 726] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 726] close(14) = -1 EBADF (Bad file descriptor) [pid 726] close(15) = -1 EBADF (Bad file descriptor) [pid 726] close(16) = -1 EBADF (Bad file descriptor) [pid 726] close(17) = -1 EBADF (Bad file descriptor) [pid 726] close(18) = -1 EBADF (Bad file descriptor) [pid 726] close(19) = -1 EBADF (Bad file descriptor) [pid 726] close(20) = -1 EBADF (Bad file descriptor) [pid 726] close(21) = -1 EBADF (Bad file descriptor) [pid 726] close(22) = -1 EBADF (Bad file descriptor) [pid 726] close(23) = -1 EBADF (Bad file descriptor) [pid 726] close(24) = -1 EBADF (Bad file descriptor) [pid 726] close(25) = -1 EBADF (Bad file descriptor) [pid 726] close(26) = -1 EBADF (Bad file descriptor) [pid 726] close(27) = -1 EBADF (Bad file descriptor) [pid 726] close(28) = -1 EBADF (Bad file descriptor) [pid 726] close(29) = -1 EBADF (Bad file descriptor) [pid 726] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 726] exit_group(0) = ? [pid 726] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 733] <... write resumed>) = 6 [pid 733] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 733] write(5, "22", 2) = 2 [pid 733] write(4, "+pids ", 6 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./54/binderfs") = 0 [pid 380] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./54/cgroup") = 0 [pid 380] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./54/cgroup.net") = 0 [ 192.996078][ T726] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 193.004113][ T726] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 193.030660][ T727] FAULT_INJECTION: forcing a failure. [ 193.030660][ T727] name failslab, interval 1, probability 0, space 0, times 0 [ 193.043332][ T727] CPU: 0 PID: 727 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 193.054952][ T727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.065002][ T727] Call Trace: [ 193.068282][ T727] dump_stack_lvl+0x1e2/0x24b [ 193.072936][ T727] ? bfq_pos_tree_add_move+0x43e/0x43e [ 193.078371][ T727] ? selinux_kernfs_init_security+0x1a8/0x760 [ 193.084417][ T727] dump_stack+0x15/0x17 [ 193.088566][ T727] should_fail+0x3c0/0x510 [ 193.092984][ T727] ? __kernfs_new_node+0x99/0x6e0 [ 193.097990][ T727] __should_failslab+0x9f/0xe0 [ 193.102733][ T727] should_failslab+0x9/0x20 [ 193.107212][ T727] __kmalloc_track_caller+0x5f/0x350 [ 193.112469][ T727] kstrdup_const+0x55/0x90 [ 193.116863][ T727] __kernfs_new_node+0x99/0x6e0 [ 193.121695][ T727] ? is_module_text_address+0xe1/0x140 [ 193.127141][ T727] ? kernfs_new_node+0x170/0x170 [ 193.132058][ T727] ? ptr_to_hashval+0x60/0x60 [ 193.136714][ T727] ? arch_stack_walk+0xf8/0x140 [ 193.141549][ T727] ? snprintf+0xd6/0x120 [ 193.145760][ T727] kernfs_new_node+0x97/0x170 [ 193.150408][ T727] __kernfs_create_file+0x4a/0x270 [ 193.155491][ T727] cgroup_addrm_files+0xab8/0xfe0 [ 193.160494][ T727] ? ____kasan_kmalloc+0xdc/0x110 [ 193.165497][ T727] ? __kasan_kmalloc+0x9/0x10 [ 193.170153][ T727] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 193.175691][ T727] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 193.181839][ T727] ? delete_node+0x759/0x7b0 [ 193.186402][ T727] ? __kasan_check_read+0x11/0x20 [ 193.191396][ T727] ? delete_node+0x759/0x7b0 [ 193.195955][ T727] ? __kasan_check_write+0x14/0x20 [ 193.201037][ T727] ? idr_replace+0x1c4/0x230 [ 193.205599][ T727] ? idr_get_next+0x4b0/0x4b0 [ 193.210252][ T727] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 193.215257][ T727] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 193.220425][ T727] css_populate_dir+0x137/0x370 [ 193.225262][ T727] cgroup_apply_control_enable+0x8b9/0x12f0 [ 193.231136][ T727] cgroup_apply_control+0x93/0x710 [ 193.236226][ T727] ? css_next_child+0x160/0x160 [ 193.241059][ T727] ? stack_trace_save+0x12d/0x1f0 [ 193.246064][ T727] ? io_schedule+0x120/0x120 [ 193.250637][ T727] ? kernfs_fop_write_iter+0x15e/0x410 [ 193.256087][ T727] ? __kasan_check_write+0x14/0x20 [ 193.261182][ T727] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 193.266443][ T727] cgroup_subtree_control_write+0xd19/0x1310 [ 193.272402][ T727] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 193.278357][ T727] ? __kasan_check_write+0x14/0x20 [ 193.283441][ T727] ? _copy_from_iter+0x3fb/0xd60 [ 193.288353][ T727] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 193.294312][ T727] cgroup_file_write+0x28e/0x590 [ 193.299234][ T727] ? cgroup_seqfile_stop+0xc0/0xc0 [ 193.304317][ T727] ? mutex_lock+0xa6/0x110 [ 193.308716][ T727] ? mutex_trylock+0xb0/0xb0 [ 193.313284][ T727] ? __kasan_check_write+0x14/0x20 [ 193.318375][ T727] kernfs_fop_write_iter+0x2d0/0x410 [ 193.323756][ T727] ? cgroup_seqfile_stop+0xc0/0xc0 [ 193.328843][ T727] vfs_write+0xc1c/0xf40 [ 193.333064][ T727] ? __kasan_check_write+0x14/0x20 [ 193.338162][ T727] ? kernel_write+0x3c0/0x3c0 [ 193.342823][ T727] ? _raw_spin_unlock_irq+0x4e/0x70 [ 193.348011][ T727] ? ptrace_stop+0x6ff/0x9f0 [ 193.352582][ T727] ? __kasan_check_read+0x11/0x20 [ 193.357587][ T727] ? __fdget_pos+0x27e/0x310 [ 193.362167][ T727] ksys_write+0x198/0x2c0 [ 193.366867][ T727] ? do_notify_parent+0xa60/0xa60 [ 193.371880][ T727] ? __ia32_sys_read+0x90/0x90 [ 193.376629][ T727] ? __ia32_sys_open+0x270/0x270 [ 193.381544][ T727] __x64_sys_write+0x7b/0x90 [ 193.386127][ T727] do_syscall_64+0x34/0x70 [ 193.390541][ T727] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 193.396405][ T727] RIP: 0033:0x7fc8ece62c09 [ 193.400792][ T727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.420367][ T727] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.428752][ T727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 193.436831][ T727] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 380] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./54/file0" [pid 727] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 380] <... rmdir resumed>) = 0 [pid 380] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 727] close(3 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] lstat("./54/cgroup.cpu", [pid 727] <... close resumed>) = 0 [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./54/cgroup.cpu" [pid 727] close(4 [pid 380] <... unlink resumed>) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3 [pid 727] <... close resumed>) = 0 [pid 380] <... close resumed>) = 0 [pid 380] rmdir("./54" [pid 727] close(5 [pid 380] <... rmdir resumed>) = 0 [pid 380] mkdir("./55", 0777 [pid 727] <... close resumed>) = 0 [pid 380] <... mkdir resumed>) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 734 attached [pid 727] close(6 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 57 [pid 734] chdir("./55" [pid 727] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 734] <... chdir resumed>) = 0 [pid 734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 734] setpgid(0, 0) = 0 [pid 734] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 734] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 727] close(7 [pid 734] <... symlink resumed>) = 0 [pid 734] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 727] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 734] <... openat resumed>) = 3 [pid 734] write(3, "1000", 4 [pid 727] close(8 [pid 734] <... write resumed>) = 4 [pid 734] close(3) = 0 [pid 734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 734] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 734] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 727] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 734] <... mount resumed>) = 0 [pid 734] open("./file0", O_RDONLY [pid 727] close(9 [pid 734] <... open resumed>) = 3 [pid 734] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 734] write(4, "-pids ", 6 [pid 727] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 727] close(10) = -1 EBADF (Bad file descriptor) [pid 727] close(11) = -1 EBADF (Bad file descriptor) [pid 727] close(12) = -1 EBADF (Bad file descriptor) [pid 727] close(13) = -1 EBADF (Bad file descriptor) [pid 727] close(14) = -1 EBADF (Bad file descriptor) [pid 727] close(15) = -1 EBADF (Bad file descriptor) [pid 727] close(16) = -1 EBADF (Bad file descriptor) [pid 727] close(17) = -1 EBADF (Bad file descriptor) [pid 727] close(18) = -1 EBADF (Bad file descriptor) [pid 727] close(19) = -1 EBADF (Bad file descriptor) [pid 727] close(20) = -1 EBADF (Bad file descriptor) [pid 727] close(21) = -1 EBADF (Bad file descriptor) [pid 727] close(22) = -1 EBADF (Bad file descriptor) [pid 727] close(23) = -1 EBADF (Bad file descriptor) [pid 727] close(24) = -1 EBADF (Bad file descriptor) [pid 727] close(25) = -1 EBADF (Bad file descriptor) [pid 727] close(26) = -1 EBADF (Bad file descriptor) [pid 727] close(27) = -1 EBADF (Bad file descriptor) [pid 727] close(28) = -1 EBADF (Bad file descriptor) [pid 727] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 727] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 727] exit_group(0) = ? [pid 727] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./60/binderfs") = 0 [pid 382] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./60/cgroup") = 0 [pid 382] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./60/cgroup.net") = 0 [pid 382] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./60/file0") = 0 [pid 382] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./60/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./60") = 0 [pid 382] mkdir("./61", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 735 attached [pid 735] chdir("./61" [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 63 [pid 735] <... chdir resumed>) = 0 [pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 735] setpgid(0, 0) = 0 [pid 735] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 735] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 735] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 735] write(3, "1000", 4) = 4 [pid 735] close(3) = 0 [pid 735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 735] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 735] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 735] open("./file0", O_RDONLY) = 3 [pid 735] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 193.444789][ T727] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 193.452739][ T727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 193.460696][ T727] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003c [ 193.468999][ T727] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 735] write(4, "-pids ", 6) = 6 [pid 728] <... write resumed>) = 6 [pid 735] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 728] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 735] <... openat resumed>) = 5 [pid 728] <... openat resumed>) = 5 [pid 735] write(5, "22", 2 [pid 728] write(5, "22", 2 [pid 735] <... write resumed>) = 2 [pid 728] <... write resumed>) = 2 [pid 735] write(4, "+pids ", 6 [ 193.520432][ T733] FAULT_INJECTION: forcing a failure. [ 193.520432][ T733] name failslab, interval 1, probability 0, space 0, times 0 [ 193.534010][ T733] CPU: 0 PID: 733 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 193.545629][ T733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.555662][ T733] Call Trace: [ 193.558947][ T733] dump_stack_lvl+0x1e2/0x24b [ 193.563721][ T733] ? bfq_pos_tree_add_move+0x43e/0x43e [ 193.569158][ T733] ? selinux_kernfs_init_security+0x1a8/0x760 [ 193.575200][ T733] dump_stack+0x15/0x17 [ 193.579340][ T733] should_fail+0x3c0/0x510 [ 193.583846][ T733] ? __kernfs_new_node+0x99/0x6e0 [ 193.588852][ T733] __should_failslab+0x9f/0xe0 [ 193.593595][ T733] should_failslab+0x9/0x20 [ 193.598073][ T733] __kmalloc_track_caller+0x5f/0x350 [ 193.603334][ T733] kstrdup_const+0x55/0x90 [ 193.607722][ T733] __kernfs_new_node+0x99/0x6e0 [ 193.612550][ T733] ? is_module_text_address+0xe1/0x140 [ 193.617979][ T733] ? kernfs_new_node+0x170/0x170 [ 193.622890][ T733] ? ptr_to_hashval+0x60/0x60 [ 193.627540][ T733] ? arch_stack_walk+0xf8/0x140 [ 193.632364][ T733] ? snprintf+0xd6/0x120 [ 193.636579][ T733] kernfs_new_node+0x97/0x170 [ 193.641236][ T733] __kernfs_create_file+0x4a/0x270 [ 193.646324][ T733] cgroup_addrm_files+0xab8/0xfe0 [ 193.651407][ T733] ? ____kasan_kmalloc+0xdc/0x110 [ 193.656406][ T733] ? __kasan_kmalloc+0x9/0x10 [ 193.661056][ T733] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 193.666577][ T733] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 193.672708][ T733] ? delete_node+0x759/0x7b0 [ 193.677279][ T733] ? __kasan_check_read+0x11/0x20 [ 193.682275][ T733] ? delete_node+0x759/0x7b0 [ 193.686924][ T733] ? __kasan_check_write+0x14/0x20 [ 193.692012][ T733] ? idr_replace+0x1c4/0x230 [ 193.696575][ T733] ? idr_get_next+0x4b0/0x4b0 [ 193.701222][ T733] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 193.706220][ T733] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 193.711398][ T733] css_populate_dir+0x137/0x370 [ 193.716223][ T733] cgroup_apply_control_enable+0x8b9/0x12f0 [ 193.722348][ T733] cgroup_apply_control+0x93/0x710 [ 193.727438][ T733] ? css_next_child+0x160/0x160 [ 193.732258][ T733] ? stack_trace_save+0x12d/0x1f0 [ 193.737251][ T733] ? io_schedule+0x120/0x120 [ 193.741814][ T733] ? kernfs_fop_write_iter+0x15e/0x410 [ 193.747248][ T733] ? __kasan_check_write+0x14/0x20 [ 193.752335][ T733] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 193.757589][ T733] cgroup_subtree_control_write+0xd19/0x1310 [ 193.763549][ T733] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 193.769506][ T733] ? __kasan_check_write+0x14/0x20 [ 193.774598][ T733] ? _copy_from_iter+0x3fb/0xd60 [ 193.779506][ T733] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 193.785457][ T733] cgroup_file_write+0x28e/0x590 [ 193.790375][ T733] ? cgroup_seqfile_stop+0xc0/0xc0 [ 193.795463][ T733] ? mutex_lock+0xa6/0x110 [ 193.799848][ T733] ? mutex_trylock+0xb0/0xb0 [ 193.804411][ T733] ? __kasan_check_write+0x14/0x20 [ 193.809495][ T733] kernfs_fop_write_iter+0x2d0/0x410 [ 193.814749][ T733] ? cgroup_seqfile_stop+0xc0/0xc0 [ 193.819954][ T733] vfs_write+0xc1c/0xf40 [ 193.824177][ T733] ? __kasan_check_write+0x14/0x20 [ 193.829271][ T733] ? kernel_write+0x3c0/0x3c0 [ 193.833921][ T733] ? _raw_spin_unlock_irq+0x4e/0x70 [ 193.839089][ T733] ? ptrace_stop+0x6ff/0x9f0 [ 193.843652][ T733] ? __kasan_check_read+0x11/0x20 [ 193.848656][ T733] ? __fdget_pos+0x27e/0x310 [ 193.853226][ T733] ksys_write+0x198/0x2c0 [ 193.857528][ T733] ? do_notify_parent+0xa60/0xa60 [ 193.862527][ T733] ? __ia32_sys_read+0x90/0x90 [ 193.867259][ T733] ? __ia32_sys_open+0x270/0x270 [ 193.872177][ T733] __x64_sys_write+0x7b/0x90 [ 193.876752][ T733] do_syscall_64+0x34/0x70 [ 193.881140][ T733] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 193.887001][ T733] RIP: 0033:0x7fc8ece62c09 [ 193.891387][ T733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 193.910963][ T733] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 728] write(4, "+pids ", 6 [pid 733] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 733] close(3) = 0 [pid 733] close(4) = 0 [pid 733] close(5) = 0 [pid 733] close(6) = -1 EBADF (Bad file descriptor) [pid 733] close(7) = -1 EBADF (Bad file descriptor) [pid 733] close(8) = -1 EBADF (Bad file descriptor) [pid 733] close(9) = -1 EBADF (Bad file descriptor) [pid 733] close(10) = -1 EBADF (Bad file descriptor) [pid 733] close(11) = -1 EBADF (Bad file descriptor) [pid 733] close(12) = -1 EBADF (Bad file descriptor) [pid 733] close(13) = -1 EBADF (Bad file descriptor) [pid 733] close(14) = -1 EBADF (Bad file descriptor) [pid 733] close(15) = -1 EBADF (Bad file descriptor) [pid 733] close(16) = -1 EBADF (Bad file descriptor) [pid 733] close(17) = -1 EBADF (Bad file descriptor) [pid 733] close(18) = -1 EBADF (Bad file descriptor) [pid 733] close(19) = -1 EBADF (Bad file descriptor) [pid 733] close(20) = -1 EBADF (Bad file descriptor) [pid 733] close(21) = -1 EBADF (Bad file descriptor) [pid 733] close(22) = -1 EBADF (Bad file descriptor) [pid 733] close(23) = -1 EBADF (Bad file descriptor) [pid 733] close(24) = -1 EBADF (Bad file descriptor) [pid 733] close(25) = -1 EBADF (Bad file descriptor) [pid 733] close(26) = -1 EBADF (Bad file descriptor) [pid 733] close(27) = -1 EBADF (Bad file descriptor) [pid 733] close(28) = -1 EBADF (Bad file descriptor) [pid 733] close(29) = -1 EBADF (Bad file descriptor) [pid 733] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 733] exit_group(0) = ? [pid 733] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./56/binderfs") = 0 [pid 376] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./56/cgroup") = 0 [pid 376] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./56/cgroup.net") = 0 [pid 376] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./56/file0") = 0 [pid 376] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./56/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./56") = 0 [pid 376] mkdir("./57", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 736 attached [pid 736] chdir("./57" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 59 [pid 736] <... chdir resumed>) = 0 [pid 736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 736] setpgid(0, 0) = 0 [pid 736] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 736] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 736] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 736] write(3, "1000", 4) = 4 [pid 736] close(3) = 0 [pid 736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 736] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 736] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 731] <... write resumed>) = 6 [pid 731] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 193.919366][ T733] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 193.927308][ T733] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 193.935252][ T733] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 193.943200][ T733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 193.951147][ T733] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 193.959320][ T733] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 731] write(5, "22", 2) = 2 [pid 731] write(4, "+pids ", 6 [ 194.000558][ T728] FAULT_INJECTION: forcing a failure. [ 194.000558][ T728] name failslab, interval 1, probability 0, space 0, times 0 [ 194.013237][ T728] CPU: 0 PID: 728 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 194.024852][ T728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.034883][ T728] Call Trace: [ 194.038149][ T728] dump_stack_lvl+0x1e2/0x24b [ 194.042810][ T728] ? bfq_pos_tree_add_move+0x43e/0x43e [ 194.048248][ T728] ? selinux_kernfs_init_security+0x1a8/0x760 [ 194.054295][ T728] dump_stack+0x15/0x17 [ 194.058441][ T728] should_fail+0x3c0/0x510 [ 194.062834][ T728] ? __kernfs_new_node+0x99/0x6e0 [ 194.067836][ T728] __should_failslab+0x9f/0xe0 [ 194.072573][ T728] should_failslab+0x9/0x20 [ 194.077054][ T728] __kmalloc_track_caller+0x5f/0x350 [ 194.082318][ T728] kstrdup_const+0x55/0x90 [ 194.086706][ T728] __kernfs_new_node+0x99/0x6e0 [ 194.091534][ T728] ? is_module_text_address+0xe1/0x140 [ 194.096966][ T728] ? kernfs_new_node+0x170/0x170 [ 194.101881][ T728] ? ptr_to_hashval+0x60/0x60 [ 194.106530][ T728] ? arch_stack_walk+0xf8/0x140 [ 194.111356][ T728] ? snprintf+0xd6/0x120 [ 194.115571][ T728] kernfs_new_node+0x97/0x170 [ 194.120221][ T728] __kernfs_create_file+0x4a/0x270 [ 194.125566][ T728] cgroup_addrm_files+0xab8/0xfe0 [ 194.130563][ T728] ? ____kasan_kmalloc+0xdc/0x110 [ 194.135561][ T728] ? __kasan_kmalloc+0x9/0x10 [ 194.140214][ T728] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 194.145732][ T728] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 194.151859][ T728] ? delete_node+0x759/0x7b0 [ 194.156424][ T728] ? __kasan_check_read+0x11/0x20 [ 194.161422][ T728] ? delete_node+0x759/0x7b0 [ 194.165986][ T728] ? __kasan_check_write+0x14/0x20 [ 194.171084][ T728] ? idr_replace+0x1c4/0x230 [ 194.175662][ T728] ? idr_get_next+0x4b0/0x4b0 [ 194.180323][ T728] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 194.185337][ T728] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 194.190517][ T728] css_populate_dir+0x137/0x370 [ 194.195356][ T728] cgroup_apply_control_enable+0x8b9/0x12f0 [ 194.201234][ T728] cgroup_apply_control+0x93/0x710 [ 194.206329][ T728] ? css_next_child+0x160/0x160 [ 194.211154][ T728] ? stack_trace_save+0x12d/0x1f0 [ 194.216155][ T728] ? io_schedule+0x120/0x120 [ 194.220721][ T728] ? kernfs_fop_write_iter+0x15e/0x410 [ 194.226413][ T728] ? __kasan_check_write+0x14/0x20 [ 194.231500][ T728] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 194.236762][ T728] cgroup_subtree_control_write+0xd19/0x1310 [ 194.242720][ T728] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 194.248678][ T728] ? __kasan_check_write+0x14/0x20 [ 194.253764][ T728] ? _copy_from_iter+0x3fb/0xd60 [ 194.258677][ T728] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 194.264628][ T728] cgroup_file_write+0x28e/0x590 [ 194.269555][ T728] ? cgroup_seqfile_stop+0xc0/0xc0 [ 194.274648][ T728] ? mutex_lock+0xa6/0x110 [ 194.279057][ T728] ? mutex_trylock+0xb0/0xb0 [ 194.283639][ T728] ? __kasan_check_write+0x14/0x20 [ 194.288733][ T728] kernfs_fop_write_iter+0x2d0/0x410 [ 194.293998][ T728] ? cgroup_seqfile_stop+0xc0/0xc0 [ 194.299109][ T728] vfs_write+0xc1c/0xf40 [ 194.303335][ T728] ? __kasan_check_write+0x14/0x20 [ 194.308429][ T728] ? kernel_write+0x3c0/0x3c0 [ 194.313091][ T728] ? _raw_spin_unlock_irq+0x4e/0x70 [ 194.318272][ T728] ? ptrace_stop+0x6ff/0x9f0 [ 194.322856][ T728] ? __kasan_check_read+0x11/0x20 [ 194.327866][ T728] ? __fdget_pos+0x27e/0x310 [ 194.332436][ T728] ksys_write+0x198/0x2c0 [ 194.336747][ T728] ? do_notify_parent+0xa60/0xa60 [ 194.341758][ T728] ? __ia32_sys_read+0x90/0x90 [ 194.346505][ T728] ? __ia32_sys_open+0x270/0x270 [ 194.351425][ T728] __x64_sys_write+0x7b/0x90 [ 194.355998][ T728] do_syscall_64+0x34/0x70 [ 194.360395][ T728] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 194.366264][ T728] RIP: 0033:0x7fc8ece62c09 [ 194.370658][ T728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 194.390243][ T728] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 736] open("./file0", O_RDONLY) = 3 [pid 736] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 736] write(4, "-pids ", 6 [pid 728] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 728] close(3) = 0 [pid 728] close(4) = 0 [pid 728] close(5) = 0 [pid 728] close(6) = -1 EBADF (Bad file descriptor) [pid 728] close(7) = -1 EBADF (Bad file descriptor) [pid 728] close(8) = -1 EBADF (Bad file descriptor) [pid 728] close(9) = -1 EBADF (Bad file descriptor) [pid 728] close(10) = -1 EBADF (Bad file descriptor) [pid 728] close(11) = -1 EBADF (Bad file descriptor) [pid 728] close(12) = -1 EBADF (Bad file descriptor) [pid 728] close(13) = -1 EBADF (Bad file descriptor) [pid 728] close(14) = -1 EBADF (Bad file descriptor) [pid 728] close(15) = -1 EBADF (Bad file descriptor) [pid 728] close(16) = -1 EBADF (Bad file descriptor) [pid 728] close(17) = -1 EBADF (Bad file descriptor) [pid 728] close(18) = -1 EBADF (Bad file descriptor) [pid 728] close(19) = -1 EBADF (Bad file descriptor) [pid 728] close(20) = -1 EBADF (Bad file descriptor) [pid 728] close(21) = -1 EBADF (Bad file descriptor) [pid 728] close(22) = -1 EBADF (Bad file descriptor) [pid 728] close(23) = -1 EBADF (Bad file descriptor) [pid 728] close(24) = -1 EBADF (Bad file descriptor) [pid 728] close(25) = -1 EBADF (Bad file descriptor) [pid 728] close(26) = -1 EBADF (Bad file descriptor) [pid 728] close(27) = -1 EBADF (Bad file descriptor) [pid 728] close(28) = -1 EBADF (Bad file descriptor) [pid 728] close(29) = -1 EBADF (Bad file descriptor) [pid 728] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 728] exit_group(0) = ? [pid 728] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./62/binderfs") = 0 [pid 375] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./62/cgroup") = 0 [pid 375] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./62/cgroup.net") = 0 [pid 375] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./62/file0") = 0 [pid 375] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./62/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./62") = 0 [pid 375] mkdir("./63", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 737 attached [pid 737] chdir("./63") = 0 [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 65 [pid 737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 737] setpgid(0, 0) = 0 [pid 737] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 737] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 737] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 737] write(3, "1000", 4) = 4 [pid 737] close(3) = 0 [pid 737] symlink("/dev/binderfs", "./binderfs") = 0 [ 194.398637][ T728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 194.406583][ T728] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 194.414529][ T728] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 194.422478][ T728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 194.430430][ T728] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003e [ 194.441756][ T728] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 737] mkdirat(AT_FDCWD, "./file0", 000 [pid 734] <... write resumed>) = 6 [pid 737] <... mkdirat resumed>) = 0 [pid 737] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 734] write(5, "22", 2) = 2 [ 194.480416][ T735] FAULT_INJECTION: forcing a failure. [ 194.480416][ T735] name failslab, interval 1, probability 0, space 0, times 0 [ 194.493035][ T735] CPU: 1 PID: 735 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 194.506273][ T735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.516312][ T735] Call Trace: [ 194.519588][ T735] dump_stack_lvl+0x1e2/0x24b [ 194.524260][ T735] ? bfq_pos_tree_add_move+0x43e/0x43e [ 194.529700][ T735] ? selinux_kernfs_init_security+0x1a8/0x760 [ 194.535776][ T735] dump_stack+0x15/0x17 [ 194.539912][ T735] should_fail+0x3c0/0x510 [ 194.544303][ T735] ? __kernfs_new_node+0x99/0x6e0 [ 194.549314][ T735] __should_failslab+0x9f/0xe0 [ 194.554069][ T735] should_failslab+0x9/0x20 [ 194.558561][ T735] __kmalloc_track_caller+0x5f/0x350 [ 194.563818][ T735] kstrdup_const+0x55/0x90 [ 194.568206][ T735] __kernfs_new_node+0x99/0x6e0 [ 194.573037][ T735] ? is_module_text_address+0xe1/0x140 [ 194.578474][ T735] ? kernfs_new_node+0x170/0x170 [ 194.583393][ T735] ? ptr_to_hashval+0x60/0x60 [ 194.588057][ T735] ? arch_stack_walk+0xf8/0x140 [ 194.592887][ T735] ? snprintf+0xd6/0x120 [ 194.597101][ T735] kernfs_new_node+0x97/0x170 [ 194.601758][ T735] __kernfs_create_file+0x4a/0x270 [ 194.606845][ T735] cgroup_addrm_files+0xab8/0xfe0 [ 194.611849][ T735] ? ____kasan_kmalloc+0xdc/0x110 [ 194.616843][ T735] ? __kasan_kmalloc+0x9/0x10 [ 194.621490][ T735] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 194.627006][ T735] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 194.633128][ T735] ? delete_node+0x759/0x7b0 [ 194.637692][ T735] ? __kasan_check_read+0x11/0x20 [ 194.642700][ T735] ? delete_node+0x759/0x7b0 [ 194.647274][ T735] ? __kasan_check_write+0x14/0x20 [ 194.652358][ T735] ? idr_replace+0x1c4/0x230 [ 194.656920][ T735] ? idr_get_next+0x4b0/0x4b0 [ 194.661571][ T735] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 194.666576][ T735] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 194.671753][ T735] css_populate_dir+0x137/0x370 [ 194.676596][ T735] cgroup_apply_control_enable+0x8b9/0x12f0 [ 194.682486][ T735] cgroup_apply_control+0x93/0x710 [ 194.687592][ T735] ? css_next_child+0x160/0x160 [ 194.692421][ T735] ? stack_trace_save+0x12d/0x1f0 [ 194.697436][ T735] ? io_schedule+0x120/0x120 [ 194.702017][ T735] ? kernfs_fop_write_iter+0x15e/0x410 [ 194.707458][ T735] ? __kasan_check_write+0x14/0x20 [ 194.712556][ T735] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 194.717834][ T735] cgroup_subtree_control_write+0xd19/0x1310 [ 194.723792][ T735] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 194.729745][ T735] ? __kasan_check_write+0x14/0x20 [ 194.734845][ T735] ? _copy_from_iter+0x3fb/0xd60 [ 194.739779][ T735] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 194.745733][ T735] cgroup_file_write+0x28e/0x590 [ 194.750645][ T735] ? cgroup_seqfile_stop+0xc0/0xc0 [ 194.755764][ T735] ? mutex_lock+0xa6/0x110 [ 194.760193][ T735] ? mutex_trylock+0xb0/0xb0 [ 194.764787][ T735] ? __kasan_check_write+0x14/0x20 [ 194.769881][ T735] kernfs_fop_write_iter+0x2d0/0x410 [ 194.775147][ T735] ? cgroup_seqfile_stop+0xc0/0xc0 [ 194.780240][ T735] vfs_write+0xc1c/0xf40 [ 194.784459][ T735] ? __kasan_check_write+0x14/0x20 [ 194.789545][ T735] ? kernel_write+0x3c0/0x3c0 [ 194.794210][ T735] ? _raw_spin_unlock_irq+0x4e/0x70 [ 194.799390][ T735] ? ptrace_stop+0x6ff/0x9f0 [ 194.803953][ T735] ? __kasan_check_read+0x11/0x20 [ 194.808955][ T735] ? __fdget_pos+0x27e/0x310 [ 194.813536][ T735] ksys_write+0x198/0x2c0 [ 194.817855][ T735] ? do_notify_parent+0xa60/0xa60 [ 194.822861][ T735] ? __ia32_sys_read+0x90/0x90 [ 194.827613][ T735] ? __ia32_sys_open+0x270/0x270 [ 194.832532][ T735] __x64_sys_write+0x7b/0x90 [ 194.837109][ T735] do_syscall_64+0x34/0x70 [ 194.841519][ T735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 194.847397][ T735] RIP: 0033:0x7fc8ece62c09 [ 194.851799][ T735] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 194.871389][ T735] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 734] write(4, "+pids ", 6 [pid 735] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 737] <... mount resumed>) = 0 [pid 737] open("./file0", O_RDONLY [pid 735] close(3 [pid 737] <... open resumed>) = 3 [pid 737] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 737] write(4, "-pids ", 6 [pid 735] <... close resumed>) = 0 [pid 735] close(4) = 0 [pid 735] close(5) = 0 [pid 735] close(6) = -1 EBADF (Bad file descriptor) [pid 735] close(7) = -1 EBADF (Bad file descriptor) [pid 735] close(8) = -1 EBADF (Bad file descriptor) [pid 735] close(9) = -1 EBADF (Bad file descriptor) [pid 735] close(10) = -1 EBADF (Bad file descriptor) [pid 735] close(11) = -1 EBADF (Bad file descriptor) [pid 735] close(12) = -1 EBADF (Bad file descriptor) [pid 735] close(13) = -1 EBADF (Bad file descriptor) [pid 735] close(14) = -1 EBADF (Bad file descriptor) [pid 735] close(15) = -1 EBADF (Bad file descriptor) [pid 735] close(16) = -1 EBADF (Bad file descriptor) [pid 735] close(17) = -1 EBADF (Bad file descriptor) [pid 735] close(18) = -1 EBADF (Bad file descriptor) [pid 735] close(19) = -1 EBADF (Bad file descriptor) [pid 735] close(20) = -1 EBADF (Bad file descriptor) [pid 735] close(21) = -1 EBADF (Bad file descriptor) [pid 735] close(22) = -1 EBADF (Bad file descriptor) [pid 735] close(23) = -1 EBADF (Bad file descriptor) [pid 735] close(24) = -1 EBADF (Bad file descriptor) [pid 735] close(25) = -1 EBADF (Bad file descriptor) [pid 735] close(26) = -1 EBADF (Bad file descriptor) [pid 735] close(27) = -1 EBADF (Bad file descriptor) [pid 735] close(28) = -1 EBADF (Bad file descriptor) [pid 735] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 735] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 735] exit_group(0) = ? [pid 735] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./61/binderfs") = 0 [pid 382] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./61/cgroup") = 0 [pid 382] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./61/cgroup.net") = 0 [pid 382] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./61/file0") = 0 [pid 382] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./61/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./61") = 0 [pid 382] mkdir("./62", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 738 attached , child_tidptr=0x555556fab5d0) = 64 [pid 738] chdir("./62") = 0 [pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 738] setpgid(0, 0) = 0 [pid 738] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 738] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 738] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 738] write(3, "1000", 4) = 4 [pid 738] close(3) = 0 [pid 738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 738] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 738] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 738] open("./file0", O_RDONLY) = 3 [pid 738] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 194.879791][ T735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 194.887743][ T735] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 194.895838][ T735] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 194.903790][ T735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 194.911746][ T735] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003d [ 194.920450][ T735] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 194.950393][ T734] FAULT_INJECTION: forcing a failure. [ 194.950393][ T734] name failslab, interval 1, probability 0, space 0, times 0 [ 194.963150][ T734] CPU: 0 PID: 734 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 194.974757][ T734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.984784][ T734] Call Trace: [ 194.988050][ T734] dump_stack_lvl+0x1e2/0x24b [ 194.992704][ T734] ? bfq_pos_tree_add_move+0x43e/0x43e [ 194.998135][ T734] ? selinux_kernfs_init_security+0x1a8/0x760 [ 195.004179][ T734] dump_stack+0x15/0x17 [ 195.008307][ T734] should_fail+0x3c0/0x510 [ 195.012699][ T734] ? __kernfs_new_node+0x99/0x6e0 [ 195.017703][ T734] __should_failslab+0x9f/0xe0 [ 195.022441][ T734] should_failslab+0x9/0x20 [ 195.026927][ T734] __kmalloc_track_caller+0x5f/0x350 [ 195.032210][ T734] kstrdup_const+0x55/0x90 [ 195.036604][ T734] __kernfs_new_node+0x99/0x6e0 [ 195.041451][ T734] ? is_module_text_address+0xe1/0x140 [ 195.046902][ T734] ? kernfs_new_node+0x170/0x170 [ 195.051821][ T734] ? ptr_to_hashval+0x60/0x60 [ 195.056475][ T734] ? arch_stack_walk+0xf8/0x140 [ 195.061304][ T734] ? snprintf+0xd6/0x120 [ 195.065520][ T734] kernfs_new_node+0x97/0x170 [ 195.070184][ T734] __kernfs_create_file+0x4a/0x270 [ 195.075282][ T734] cgroup_addrm_files+0xab8/0xfe0 [ 195.080293][ T734] ? ____kasan_kmalloc+0xdc/0x110 [ 195.085297][ T734] ? __kasan_kmalloc+0x9/0x10 [ 195.089964][ T734] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 195.095496][ T734] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 195.101630][ T734] ? delete_node+0x759/0x7b0 [ 195.106223][ T734] ? __kasan_check_read+0x11/0x20 [ 195.111229][ T734] ? delete_node+0x759/0x7b0 [ 195.115792][ T734] ? __kasan_check_write+0x14/0x20 [ 195.120887][ T734] ? idr_replace+0x1c4/0x230 [ 195.125467][ T734] ? idr_get_next+0x4b0/0x4b0 [ 195.130135][ T734] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 195.135139][ T734] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 195.140322][ T734] css_populate_dir+0x137/0x370 [ 195.145157][ T734] cgroup_apply_control_enable+0x8b9/0x12f0 [ 195.151030][ T734] cgroup_apply_control+0x93/0x710 [ 195.156121][ T734] ? css_next_child+0x160/0x160 [ 195.160961][ T734] ? stack_trace_save+0x12d/0x1f0 [ 195.165963][ T734] ? io_schedule+0x120/0x120 [ 195.170527][ T734] ? kernfs_fop_write_iter+0x15e/0x410 [ 195.175960][ T734] ? __kasan_check_write+0x14/0x20 [ 195.181057][ T734] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 195.186340][ T734] cgroup_subtree_control_write+0xd19/0x1310 [ 195.192302][ T734] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 195.198258][ T734] ? __kasan_check_write+0x14/0x20 [ 195.203343][ T734] ? _copy_from_iter+0x3fb/0xd60 [ 195.208262][ T734] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 195.214233][ T734] cgroup_file_write+0x28e/0x590 [ 195.219144][ T734] ? cgroup_seqfile_stop+0xc0/0xc0 [ 195.224576][ T734] ? mutex_lock+0xa6/0x110 [ 195.228975][ T734] ? mutex_trylock+0xb0/0xb0 [ 195.233547][ T734] ? __kasan_check_write+0x14/0x20 [ 195.238632][ T734] kernfs_fop_write_iter+0x2d0/0x410 [ 195.243889][ T734] ? cgroup_seqfile_stop+0xc0/0xc0 [ 195.248972][ T734] vfs_write+0xc1c/0xf40 [ 195.253190][ T734] ? __kasan_check_write+0x14/0x20 [ 195.258288][ T734] ? kernel_write+0x3c0/0x3c0 [ 195.262955][ T734] ? _raw_spin_unlock_irq+0x4e/0x70 [ 195.268135][ T734] ? ptrace_stop+0x6ff/0x9f0 [ 195.272700][ T734] ? __kasan_check_read+0x11/0x20 [ 195.277707][ T734] ? __fdget_pos+0x27e/0x310 [ 195.282293][ T734] ksys_write+0x198/0x2c0 [ 195.286612][ T734] ? do_notify_parent+0xa60/0xa60 [ 195.291619][ T734] ? __ia32_sys_read+0x90/0x90 [ 195.296352][ T734] ? __ia32_sys_open+0x270/0x270 [ 195.301272][ T734] __x64_sys_write+0x7b/0x90 [ 195.305855][ T734] do_syscall_64+0x34/0x70 [ 195.310260][ T734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 195.316139][ T734] RIP: 0033:0x7fc8ece62c09 [ 195.320543][ T734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.340220][ T734] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 738] write(4, "-pids ", 6 [pid 734] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 734] close(3) = 0 [pid 734] close(4) = 0 [pid 734] close(5) = 0 [pid 734] close(6) = -1 EBADF (Bad file descriptor) [pid 734] close(7) = -1 EBADF (Bad file descriptor) [pid 734] close(8) = -1 EBADF (Bad file descriptor) [pid 734] close(9) = -1 EBADF (Bad file descriptor) [pid 734] close(10) = -1 EBADF (Bad file descriptor) [pid 734] close(11) = -1 EBADF (Bad file descriptor) [pid 734] close(12) = -1 EBADF (Bad file descriptor) [pid 734] close(13) = -1 EBADF (Bad file descriptor) [pid 734] close(14) = -1 EBADF (Bad file descriptor) [pid 734] close(15) = -1 EBADF (Bad file descriptor) [pid 734] close(16) = -1 EBADF (Bad file descriptor) [pid 734] close(17) = -1 EBADF (Bad file descriptor) [pid 734] close(18) = -1 EBADF (Bad file descriptor) [pid 734] close(19) = -1 EBADF (Bad file descriptor) [pid 734] close(20) = -1 EBADF (Bad file descriptor) [pid 734] close(21) = -1 EBADF (Bad file descriptor) [pid 734] close(22) = -1 EBADF (Bad file descriptor) [pid 734] close(23) = -1 EBADF (Bad file descriptor) [pid 734] close(24) = -1 EBADF (Bad file descriptor) [pid 734] close(25) = -1 EBADF (Bad file descriptor) [pid 734] close(26) = -1 EBADF (Bad file descriptor) [pid 734] close(27) = -1 EBADF (Bad file descriptor) [pid 734] close(28) = -1 EBADF (Bad file descriptor) [pid 734] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 734] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 734] exit_group(0) = ? [pid 734] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./55/binderfs") = 0 [pid 380] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./55/cgroup") = 0 [pid 380] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./55/cgroup.net") = 0 [pid 380] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./55/file0") = 0 [pid 380] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./55/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./55") = 0 [pid 380] mkdir("./56", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 739 attached [pid 739] chdir("./56") = 0 [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 58 [pid 739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 739] setpgid(0, 0) = 0 [pid 739] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 739] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 739] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 739] write(3, "1000", 4) = 4 [pid 739] close(3) = 0 [pid 739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 739] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 739] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 739] open("./file0", O_RDONLY) = 3 [pid 739] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 195.348613][ T734] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 195.356573][ T734] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 195.364524][ T734] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 195.372478][ T734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 195.380422][ T734] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 195.389559][ T734] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 739] write(4, "-pids ", 6) = 6 [pid 737] <... write resumed>) = 6 [pid 736] <... write resumed>) = 6 [pid 739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 739] write(5, "22", 2) = 2 [pid 739] write(4, "+pids ", 6 [pid 737] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 737] write(5, "22", 2) = 2 [pid 737] write(4, "+pids ", 6 [pid 736] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 736] write(5, "22", 2) = 2 [ 195.430418][ T731] FAULT_INJECTION: forcing a failure. [ 195.430418][ T731] name failslab, interval 1, probability 0, space 0, times 0 [ 195.443169][ T731] CPU: 0 PID: 731 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 195.454781][ T731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.464810][ T731] Call Trace: [ 195.468077][ T731] dump_stack_lvl+0x1e2/0x24b [ 195.472729][ T731] ? bfq_pos_tree_add_move+0x43e/0x43e [ 195.478161][ T731] ? selinux_kernfs_init_security+0x1a8/0x760 [ 195.484223][ T731] dump_stack+0x15/0x17 [ 195.488368][ T731] should_fail+0x3c0/0x510 [ 195.492759][ T731] ? __kernfs_new_node+0x99/0x6e0 [ 195.497759][ T731] __should_failslab+0x9f/0xe0 [ 195.502497][ T731] should_failslab+0x9/0x20 [ 195.506985][ T731] __kmalloc_track_caller+0x5f/0x350 [ 195.512260][ T731] kstrdup_const+0x55/0x90 [ 195.516669][ T731] __kernfs_new_node+0x99/0x6e0 [ 195.521490][ T731] ? is_module_text_address+0xe1/0x140 [ 195.527348][ T731] ? kernfs_new_node+0x170/0x170 [ 195.532266][ T731] ? ptr_to_hashval+0x60/0x60 [ 195.536923][ T731] ? arch_stack_walk+0xf8/0x140 [ 195.541753][ T731] ? snprintf+0xd6/0x120 [ 195.545988][ T731] kernfs_new_node+0x97/0x170 [ 195.550645][ T731] __kernfs_create_file+0x4a/0x270 [ 195.555740][ T731] cgroup_addrm_files+0xab8/0xfe0 [ 195.560749][ T731] ? ____kasan_kmalloc+0xdc/0x110 [ 195.565758][ T731] ? __kasan_kmalloc+0x9/0x10 [ 195.570411][ T731] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 195.575937][ T731] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 195.582070][ T731] ? delete_node+0x759/0x7b0 [ 195.586642][ T731] ? __kasan_check_read+0x11/0x20 [ 195.591646][ T731] ? delete_node+0x759/0x7b0 [ 195.596211][ T731] ? __kasan_check_write+0x14/0x20 [ 195.601310][ T731] ? idr_replace+0x1c4/0x230 [ 195.605891][ T731] ? idr_get_next+0x4b0/0x4b0 [ 195.610544][ T731] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 195.615538][ T731] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 195.620711][ T731] css_populate_dir+0x137/0x370 [ 195.625543][ T731] cgroup_apply_control_enable+0x8b9/0x12f0 [ 195.631419][ T731] cgroup_apply_control+0x93/0x710 [ 195.636511][ T731] ? css_next_child+0x160/0x160 [ 195.641340][ T731] ? stack_trace_save+0x12d/0x1f0 [ 195.646335][ T731] ? io_schedule+0x120/0x120 [ 195.650898][ T731] ? kernfs_fop_write_iter+0x15e/0x410 [ 195.656329][ T731] ? __kasan_check_write+0x14/0x20 [ 195.661413][ T731] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 195.666671][ T731] cgroup_subtree_control_write+0xd19/0x1310 [ 195.672633][ T731] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 195.678594][ T731] ? __kasan_check_write+0x14/0x20 [ 195.683683][ T731] ? _copy_from_iter+0x3fb/0xd60 [ 195.688598][ T731] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 195.694550][ T731] cgroup_file_write+0x28e/0x590 [ 195.699459][ T731] ? cgroup_seqfile_stop+0xc0/0xc0 [ 195.704543][ T731] ? mutex_lock+0xa6/0x110 [ 195.708935][ T731] ? mutex_trylock+0xb0/0xb0 [ 195.713503][ T731] ? __kasan_check_write+0x14/0x20 [ 195.718592][ T731] kernfs_fop_write_iter+0x2d0/0x410 [ 195.723863][ T731] ? cgroup_seqfile_stop+0xc0/0xc0 [ 195.728955][ T731] vfs_write+0xc1c/0xf40 [ 195.733175][ T731] ? __kasan_check_write+0x14/0x20 [ 195.738271][ T731] ? kernel_write+0x3c0/0x3c0 [ 195.742919][ T731] ? _raw_spin_unlock_irq+0x4e/0x70 [ 195.748089][ T731] ? ptrace_stop+0x6ff/0x9f0 [ 195.752653][ T731] ? __kasan_check_read+0x11/0x20 [ 195.757647][ T731] ? __fdget_pos+0x27e/0x310 [ 195.762209][ T731] ksys_write+0x198/0x2c0 [ 195.766516][ T731] ? do_notify_parent+0xa60/0xa60 [ 195.771519][ T731] ? __ia32_sys_read+0x90/0x90 [ 195.776262][ T731] ? __ia32_sys_open+0x270/0x270 [ 195.781185][ T731] __x64_sys_write+0x7b/0x90 [ 195.785752][ T731] do_syscall_64+0x34/0x70 [ 195.790146][ T731] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 195.796014][ T731] RIP: 0033:0x7fc8ece62c09 [ 195.800413][ T731] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 195.820001][ T731] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 736] write(4, "+pids ", 6 [pid 731] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 731] close(3) = 0 [pid 731] close(4) = 0 [pid 731] close(5) = 0 [pid 731] close(6) = -1 EBADF (Bad file descriptor) [pid 731] close(7) = -1 EBADF (Bad file descriptor) [pid 731] close(8) = -1 EBADF (Bad file descriptor) [pid 731] close(9) = -1 EBADF (Bad file descriptor) [pid 731] close(10) = -1 EBADF (Bad file descriptor) [pid 731] close(11) = -1 EBADF (Bad file descriptor) [pid 731] close(12) = -1 EBADF (Bad file descriptor) [pid 731] close(13) = -1 EBADF (Bad file descriptor) [pid 731] close(14) = -1 EBADF (Bad file descriptor) [pid 731] close(15) = -1 EBADF (Bad file descriptor) [pid 731] close(16) = -1 EBADF (Bad file descriptor) [pid 731] close(17) = -1 EBADF (Bad file descriptor) [pid 731] close(18) = -1 EBADF (Bad file descriptor) [pid 731] close(19) = -1 EBADF (Bad file descriptor) [pid 731] close(20) = -1 EBADF (Bad file descriptor) [pid 731] close(21) = -1 EBADF (Bad file descriptor) [pid 731] close(22) = -1 EBADF (Bad file descriptor) [pid 731] close(23) = -1 EBADF (Bad file descriptor) [pid 731] close(24) = -1 EBADF (Bad file descriptor) [pid 731] close(25) = -1 EBADF (Bad file descriptor) [pid 731] close(26) = -1 EBADF (Bad file descriptor) [pid 731] close(27) = -1 EBADF (Bad file descriptor) [pid 731] close(28) = -1 EBADF (Bad file descriptor) [pid 731] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 731] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 731] exit_group(0) = ? [pid 731] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./59/binderfs") = 0 [pid 381] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 195.828390][ T731] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 195.836343][ T731] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 195.844290][ T731] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 195.852234][ T731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 195.860181][ T731] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [ 195.868303][ T731] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./59/cgroup") = 0 [pid 381] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./59/cgroup.net") = 0 [ 195.890696][ T736] FAULT_INJECTION: forcing a failure. [ 195.890696][ T736] name failslab, interval 1, probability 0, space 0, times 0 [ 195.903628][ T736] CPU: 0 PID: 736 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 195.915237][ T736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.925702][ T736] Call Trace: [ 195.928987][ T736] dump_stack_lvl+0x1e2/0x24b [ 195.933645][ T736] ? panic+0x7d7/0x7d7 [ 195.937695][ T736] ? bfq_pos_tree_add_move+0x43e/0x43e [ 195.943130][ T736] ? find_next_bit+0xd6/0x120 [ 195.947776][ T736] ? cpumask_next+0x11/0x30 [ 195.952253][ T736] dump_stack+0x15/0x17 [ 195.956381][ T736] should_fail+0x3c0/0x510 [ 195.960774][ T736] ? percpu_ref_init+0xd0/0x330 [ 195.965605][ T736] __should_failslab+0x9f/0xe0 [ 195.970356][ T736] should_failslab+0x9/0x20 [ 195.974839][ T736] kmem_cache_alloc_trace+0x3a/0x330 [ 195.980095][ T736] percpu_ref_init+0xd0/0x330 [ 195.984749][ T736] ? cgroup_setup_root+0xea0/0xea0 [ 195.989832][ T736] cgroup_apply_control_enable+0x3a2/0x12f0 [ 195.995696][ T736] cgroup_apply_control+0x93/0x710 [ 196.000780][ T736] ? css_next_child+0x160/0x160 [ 196.005601][ T736] ? stack_trace_save+0x12d/0x1f0 [ 196.010602][ T736] ? io_schedule+0x120/0x120 [ 196.015161][ T736] ? kernfs_fop_write_iter+0x15e/0x410 [ 196.020609][ T736] ? __kasan_check_write+0x14/0x20 [ 196.025703][ T736] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 196.030967][ T736] cgroup_subtree_control_write+0xd19/0x1310 [ 196.036917][ T736] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.042867][ T736] ? __kasan_check_write+0x14/0x20 [ 196.047947][ T736] ? _copy_from_iter+0x3fb/0xd60 [ 196.052857][ T736] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.058809][ T736] cgroup_file_write+0x28e/0x590 [ 196.063718][ T736] ? cgroup_seqfile_stop+0xc0/0xc0 [ 196.068801][ T736] ? mutex_lock+0xa6/0x110 [ 196.073188][ T736] ? mutex_trylock+0xb0/0xb0 [ 196.077753][ T736] ? __kasan_check_write+0x14/0x20 [ 196.082837][ T736] kernfs_fop_write_iter+0x2d0/0x410 [ 196.088105][ T736] ? cgroup_seqfile_stop+0xc0/0xc0 [ 196.093191][ T736] vfs_write+0xc1c/0xf40 [ 196.097405][ T736] ? __kasan_check_write+0x14/0x20 [ 196.102994][ T736] ? kernel_write+0x3c0/0x3c0 [ 196.107652][ T736] ? _raw_spin_unlock_irq+0x4e/0x70 [ 196.112831][ T736] ? ptrace_stop+0x6ff/0x9f0 [ 196.117403][ T736] ? __kasan_check_read+0x11/0x20 [ 196.122670][ T736] ? __fdget_pos+0x27e/0x310 [ 196.127237][ T736] ksys_write+0x198/0x2c0 [ 196.131548][ T736] ? do_notify_parent+0xa60/0xa60 [ 196.136542][ T736] ? __ia32_sys_read+0x90/0x90 [ 196.141279][ T736] ? __ia32_sys_open+0x270/0x270 [ 196.146187][ T736] __x64_sys_write+0x7b/0x90 [ 196.150750][ T736] do_syscall_64+0x34/0x70 [ 196.155141][ T736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 196.161007][ T736] RIP: 0033:0x7fc8ece62c09 [ 196.165398][ T736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 381] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 736] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] <... umount2 resumed>) = 0 [pid 736] close(3 [pid 381] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 736] <... close resumed>) = 0 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] lstat("./59/file0", [pid 736] close(4 [pid 381] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 736] <... close resumed>) = 0 [pid 381] <... openat resumed>) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 736] close(5 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 736] <... close resumed>) = 0 [pid 381] getdents64(4, [pid 736] close(6 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4 [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... close resumed>) = 0 [pid 381] rmdir("./59/file0" [pid 736] close(7 [pid 381] <... rmdir resumed>) = 0 [pid 381] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./59/cgroup.cpu", [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 736] close(8 [pid 381] unlink("./59/cgroup.cpu" [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... unlink resumed>) = 0 [pid 381] getdents64(3, [pid 736] close(9 [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./59" [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... rmdir resumed>) = 0 [pid 381] mkdir("./60", 0777 [pid 736] close(10 [pid 381] <... mkdir resumed>) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 740 attached [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 62 [pid 740] chdir("./60") = 0 [pid 740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 740] setpgid(0, 0) = 0 [pid 740] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 740] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 740] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 740] write(3, "1000", 4) = 4 [pid 740] close(3) = 0 [pid 740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 740] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 740] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 740] open("./file0", O_RDONLY [pid 736] close(11 [pid 740] <... open resumed>) = 3 [pid 740] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 740] write(4, "-pids ", 6 [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 736] close(12) = -1 EBADF (Bad file descriptor) [pid 736] close(13) = -1 EBADF (Bad file descriptor) [pid 736] close(14) = -1 EBADF (Bad file descriptor) [pid 736] close(15) = -1 EBADF (Bad file descriptor) [pid 736] close(16) = -1 EBADF (Bad file descriptor) [pid 736] close(17) = -1 EBADF (Bad file descriptor) [pid 736] close(18) = -1 EBADF (Bad file descriptor) [pid 736] close(19) = -1 EBADF (Bad file descriptor) [pid 736] close(20) = -1 EBADF (Bad file descriptor) [pid 736] close(21) = -1 EBADF (Bad file descriptor) [pid 736] close(22) = -1 EBADF (Bad file descriptor) [ 196.184974][ T736] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 196.193363][ T736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 196.201308][ T736] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 196.209255][ T736] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 196.217197][ T736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 196.225487][ T736] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 736] close(23) = -1 EBADF (Bad file descriptor) [pid 732] <... write resumed>) = 6 [pid 736] close(24 [pid 732] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 732] <... openat resumed>) = 5 [pid 736] close(25 [pid 732] write(5, "22", 2 [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 732] <... write resumed>) = 2 [pid 736] close(26 [pid 732] write(4, "+pids ", 6 [pid 736] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 736] close(27) = -1 EBADF (Bad file descriptor) [pid 736] close(28) = -1 EBADF (Bad file descriptor) [pid 736] close(29) = -1 EBADF (Bad file descriptor) [pid 736] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 736] exit_group(0) = ? [pid 736] +++ exited with 0 +++ [ 196.250583][ T739] FAULT_INJECTION: forcing a failure. [ 196.250583][ T739] name failslab, interval 1, probability 0, space 0, times 0 [ 196.263361][ T739] CPU: 0 PID: 739 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 196.274967][ T739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.284996][ T739] Call Trace: [ 196.288264][ T739] dump_stack_lvl+0x1e2/0x24b [ 196.292922][ T739] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./57/binderfs") = 0 [pid 376] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./57/cgroup") = 0 [pid 376] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./57/cgroup.net") = 0 [ 196.298375][ T739] ? selinux_kernfs_init_security+0x1a8/0x760 [ 196.304427][ T739] dump_stack+0x15/0x17 [ 196.308563][ T739] should_fail+0x3c0/0x510 [ 196.312962][ T739] ? __kernfs_new_node+0x99/0x6e0 [ 196.317963][ T739] __should_failslab+0x9f/0xe0 [ 196.322704][ T739] should_failslab+0x9/0x20 [ 196.327181][ T739] __kmalloc_track_caller+0x5f/0x350 [ 196.332448][ T739] kstrdup_const+0x55/0x90 [ 196.336862][ T739] __kernfs_new_node+0x99/0x6e0 [ 196.341699][ T739] ? is_module_text_address+0xe1/0x140 [ 196.347140][ T739] ? kernfs_new_node+0x170/0x170 [ 196.352064][ T739] ? ptr_to_hashval+0x60/0x60 [ 196.356723][ T739] ? arch_stack_walk+0xf8/0x140 [ 196.361569][ T739] ? snprintf+0xd6/0x120 [ 196.365784][ T739] kernfs_new_node+0x97/0x170 [ 196.370434][ T739] __kernfs_create_file+0x4a/0x270 [ 196.375518][ T739] cgroup_addrm_files+0xab8/0xfe0 [ 196.380611][ T739] ? ____kasan_kmalloc+0xdc/0x110 [ 196.385619][ T739] ? __kasan_kmalloc+0x9/0x10 [ 196.390291][ T739] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 196.395812][ T739] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 196.401940][ T739] ? delete_node+0x759/0x7b0 [ 196.406510][ T739] ? __kasan_check_read+0x11/0x20 [ 196.411508][ T739] ? delete_node+0x759/0x7b0 [ 196.416073][ T739] ? __kasan_check_write+0x14/0x20 [ 196.421162][ T739] ? idr_replace+0x1c4/0x230 [ 196.425733][ T739] ? idr_get_next+0x4b0/0x4b0 [ 196.430389][ T739] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 196.435401][ T739] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 196.440581][ T739] css_populate_dir+0x137/0x370 [ 196.445426][ T739] cgroup_apply_control_enable+0x8b9/0x12f0 [ 196.451300][ T739] cgroup_apply_control+0x93/0x710 [ 196.456388][ T739] ? css_next_child+0x160/0x160 [ 196.461215][ T739] ? stack_trace_save+0x12d/0x1f0 [ 196.466238][ T739] ? io_schedule+0x120/0x120 [ 196.470807][ T739] ? kernfs_fop_write_iter+0x15e/0x410 [ 196.476243][ T739] ? __kasan_check_write+0x14/0x20 [ 196.481335][ T739] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 196.486597][ T739] cgroup_subtree_control_write+0xd19/0x1310 [ 196.492555][ T739] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.498513][ T739] ? __kasan_check_write+0x14/0x20 [ 196.503601][ T739] ? _copy_from_iter+0x3fb/0xd60 [ 196.508514][ T739] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.514467][ T739] cgroup_file_write+0x28e/0x590 [ 196.519381][ T739] ? cgroup_seqfile_stop+0xc0/0xc0 [ 196.524469][ T739] ? mutex_lock+0xa6/0x110 [ 196.528861][ T739] ? mutex_trylock+0xb0/0xb0 [ 196.533427][ T739] ? __kasan_check_write+0x14/0x20 [ 196.538513][ T739] kernfs_fop_write_iter+0x2d0/0x410 [ 196.543777][ T739] ? cgroup_seqfile_stop+0xc0/0xc0 [ 196.548869][ T739] vfs_write+0xc1c/0xf40 [ 196.553086][ T739] ? __kasan_check_write+0x14/0x20 [ 196.558172][ T739] ? kernel_write+0x3c0/0x3c0 [ 196.562824][ T739] ? _raw_spin_unlock_irq+0x4e/0x70 [ 196.567997][ T739] ? ptrace_stop+0x6ff/0x9f0 [ 196.572562][ T739] ? __kasan_check_read+0x11/0x20 [ 196.577579][ T739] ? __fdget_pos+0x27e/0x310 [ 196.582157][ T739] ksys_write+0x198/0x2c0 [ 196.586472][ T739] ? do_notify_parent+0xa60/0xa60 [ 196.591477][ T739] ? __ia32_sys_read+0x90/0x90 [ 196.596230][ T739] ? __ia32_sys_open+0x270/0x270 [ 196.601147][ T739] __x64_sys_write+0x7b/0x90 [ 196.605716][ T739] do_syscall_64+0x34/0x70 [ 196.610110][ T739] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 196.615978][ T739] RIP: 0033:0x7fc8ece62c09 [ 196.620370][ T739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 196.640355][ T739] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 376] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./57/file0") = 0 [pid 376] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./57/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./57") = 0 [pid 376] mkdir("./58", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 60 ./strace-static-x86_64: Process 741 attached [pid 739] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 741] chdir("./58" [pid 739] close(3 [pid 741] <... chdir resumed>) = 0 [pid 739] <... close resumed>) = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 739] close(4 [pid 741] setpgid(0, 0 [pid 739] <... close resumed>) = 0 [pid 741] <... setpgid resumed>) = 0 [pid 739] close(5 [pid 741] symlink("/syzcgroup/unified/syz1", "./cgroup" [pid 739] <... close resumed>) = 0 [pid 739] close(6 [pid 741] <... symlink resumed>) = 0 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 739] close(7 [pid 741] <... symlink resumed>) = 0 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 739] close(8) = -1 EBADF (Bad file descriptor) [pid 741] <... symlink resumed>) = 0 [pid 739] close(9 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 739] close(10 [pid 741] <... openat resumed>) = 3 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] write(3, "1000", 4 [pid 739] close(11 [pid 741] <... write resumed>) = 4 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] close(3 [pid 739] close(12 [pid 741] <... close resumed>) = 0 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] symlink("/dev/binderfs", "./binderfs" [pid 739] close(13) = -1 EBADF (Bad file descriptor) [pid 741] <... symlink resumed>) = 0 [pid 739] close(14) = -1 EBADF (Bad file descriptor) [pid 739] close(15 [pid 741] mkdirat(AT_FDCWD, "./file0", 000 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 739] close(16 [pid 741] <... mkdirat resumed>) = 0 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 739] close(17 [pid 741] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] <... mount resumed>) = 0 [pid 739] close(18 [pid 741] open("./file0", O_RDONLY [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 741] <... open resumed>) = 3 [pid 739] close(19) = -1 EBADF (Bad file descriptor) [pid 741] openat(3, "cgroup.subtree_control", O_RDWR [pid 739] close(20) = -1 EBADF (Bad file descriptor) [pid 741] <... openat resumed>) = 4 [pid 739] close(21 [pid 741] write(4, "-pids ", 6 [pid 739] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 739] close(22) = -1 EBADF (Bad file descriptor) [pid 739] close(23) = -1 EBADF (Bad file descriptor) [pid 739] close(24) = -1 EBADF (Bad file descriptor) [pid 739] close(25) = -1 EBADF (Bad file descriptor) [pid 739] close(26) = -1 EBADF (Bad file descriptor) [pid 739] close(27) = -1 EBADF (Bad file descriptor) [pid 739] close(28) = -1 EBADF (Bad file descriptor) [pid 739] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 739] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 739] exit_group(0) = ? [pid 739] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./56/binderfs") = 0 [ 196.648748][ T739] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 196.656697][ T739] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 196.664648][ T739] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 196.672597][ T739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 196.680543][ T739] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 196.692135][ T739] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./56/cgroup") = 0 [pid 380] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./56/cgroup.net") = 0 [pid 380] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [ 196.711063][ T737] FAULT_INJECTION: forcing a failure. [ 196.711063][ T737] name failslab, interval 1, probability 0, space 0, times 0 [ 196.723720][ T737] CPU: 1 PID: 737 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 196.735329][ T737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.745370][ T737] Call Trace: [ 196.748661][ T737] dump_stack_lvl+0x1e2/0x24b [ 196.753322][ T737] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 380] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./56/file0") = 0 [pid 380] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./56/cgroup.cpu") = 0 [ 196.758761][ T737] ? selinux_kernfs_init_security+0x1a8/0x760 [ 196.764825][ T737] dump_stack+0x15/0x17 [ 196.768969][ T737] should_fail+0x3c0/0x510 [ 196.773360][ T737] ? __kernfs_new_node+0x99/0x6e0 [ 196.778369][ T737] __should_failslab+0x9f/0xe0 [ 196.783116][ T737] should_failslab+0x9/0x20 [ 196.787594][ T737] __kmalloc_track_caller+0x5f/0x350 [ 196.792859][ T737] kstrdup_const+0x55/0x90 [ 196.797277][ T737] __kernfs_new_node+0x99/0x6e0 [ 196.802123][ T737] ? is_module_text_address+0xe1/0x140 [ 196.807566][ T737] ? kernfs_new_node+0x170/0x170 [ 196.812492][ T737] ? ptr_to_hashval+0x60/0x60 [ 196.817166][ T737] ? arch_stack_walk+0xf8/0x140 [ 196.821999][ T737] ? snprintf+0xd6/0x120 [ 196.826227][ T737] kernfs_new_node+0x97/0x170 [ 196.830878][ T737] __kernfs_create_file+0x4a/0x270 [ 196.835963][ T737] cgroup_addrm_files+0xab8/0xfe0 [ 196.840965][ T737] ? ____kasan_kmalloc+0xdc/0x110 [ 196.845968][ T737] ? __kasan_kmalloc+0x9/0x10 [ 196.850619][ T737] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 196.856137][ T737] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 196.862263][ T737] ? delete_node+0x759/0x7b0 [ 196.866828][ T737] ? __kasan_check_read+0x11/0x20 [ 196.871831][ T737] ? delete_node+0x759/0x7b0 [ 196.876409][ T737] ? __kasan_check_write+0x14/0x20 [ 196.881512][ T737] ? idr_replace+0x1c4/0x230 [ 196.886074][ T737] ? idr_get_next+0x4b0/0x4b0 [ 196.890734][ T737] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 196.895739][ T737] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 196.900915][ T737] css_populate_dir+0x137/0x370 [ 196.905748][ T737] cgroup_apply_control_enable+0x8b9/0x12f0 [ 196.911613][ T737] cgroup_apply_control+0x93/0x710 [ 196.916703][ T737] ? css_next_child+0x160/0x160 [ 196.921539][ T737] ? stack_trace_save+0x12d/0x1f0 [ 196.926544][ T737] ? io_schedule+0x120/0x120 [ 196.931120][ T737] ? kernfs_fop_write_iter+0x15e/0x410 [ 196.936559][ T737] ? __kasan_check_write+0x14/0x20 [ 196.941643][ T737] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 196.946907][ T737] cgroup_subtree_control_write+0xd19/0x1310 [ 196.952879][ T737] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.958850][ T737] ? __kasan_check_write+0x14/0x20 [ 196.963939][ T737] ? _copy_from_iter+0x3fb/0xd60 [ 196.968854][ T737] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 196.974820][ T737] cgroup_file_write+0x28e/0x590 [ 196.979732][ T737] ? cgroup_seqfile_stop+0xc0/0xc0 [ 196.984825][ T737] ? mutex_lock+0xa6/0x110 [ 196.989228][ T737] ? mutex_trylock+0xb0/0xb0 [ 196.993813][ T737] ? __kasan_check_write+0x14/0x20 [ 196.998906][ T737] kernfs_fop_write_iter+0x2d0/0x410 [ 197.004169][ T737] ? cgroup_seqfile_stop+0xc0/0xc0 [ 197.009260][ T737] vfs_write+0xc1c/0xf40 [ 197.013472][ T737] ? __kasan_check_write+0x14/0x20 [ 197.018561][ T737] ? kernel_write+0x3c0/0x3c0 [ 197.023655][ T737] ? _raw_spin_unlock_irq+0x4e/0x70 [ 197.028834][ T737] ? ptrace_stop+0x6ff/0x9f0 [ 197.033416][ T737] ? __kasan_check_read+0x11/0x20 [ 197.038417][ T737] ? __fdget_pos+0x27e/0x310 [ 197.042989][ T737] ksys_write+0x198/0x2c0 [ 197.047301][ T737] ? do_notify_parent+0xa60/0xa60 [ 197.052305][ T737] ? __ia32_sys_read+0x90/0x90 [ 197.057049][ T737] ? __ia32_sys_open+0x270/0x270 [ 197.061961][ T737] __x64_sys_write+0x7b/0x90 [ 197.066544][ T737] do_syscall_64+0x34/0x70 [ 197.070952][ T737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 197.076832][ T737] RIP: 0033:0x7fc8ece62c09 [ 197.081225][ T737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.100810][ T737] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./56") = 0 [pid 380] mkdir("./57", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 59 ./strace-static-x86_64: Process 742 attached [pid 742] chdir("./57") = 0 [pid 742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 742] setpgid(0, 0) = 0 [pid 742] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 742] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 742] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 742] write(3, "1000", 4) = 4 [pid 742] close(3) = 0 [pid 742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 742] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 742] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 737] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 742] <... mount resumed>) = 0 [pid 737] close(3) = 0 [pid 737] close(4) = 0 [pid 737] close(5) = 0 [pid 737] close(6) = -1 EBADF (Bad file descriptor) [pid 737] close(7) = -1 EBADF (Bad file descriptor) [pid 737] close(8) = -1 EBADF (Bad file descriptor) [pid 737] close(9) = -1 EBADF (Bad file descriptor) [pid 737] close(10) = -1 EBADF (Bad file descriptor) [pid 737] close(11) = -1 EBADF (Bad file descriptor) [pid 737] close(12) = -1 EBADF (Bad file descriptor) [pid 737] close(13) = -1 EBADF (Bad file descriptor) [pid 737] close(14) = -1 EBADF (Bad file descriptor) [pid 737] close(15) = -1 EBADF (Bad file descriptor) [pid 737] close(16) = -1 EBADF (Bad file descriptor) [pid 737] close(17) = -1 EBADF (Bad file descriptor) [pid 737] close(18) = -1 EBADF (Bad file descriptor) [pid 742] open("./file0", O_RDONLY [pid 737] close(19) = -1 EBADF (Bad file descriptor) [pid 737] close(20) = -1 EBADF (Bad file descriptor) [pid 737] close(21) = -1 EBADF (Bad file descriptor) [pid 737] close(22) = -1 EBADF (Bad file descriptor) [pid 737] close(23) = -1 EBADF (Bad file descriptor) [pid 737] close(24) = -1 EBADF (Bad file descriptor) [pid 737] close(25) = -1 EBADF (Bad file descriptor) [pid 737] close(26) = -1 EBADF (Bad file descriptor) [pid 737] close(27) = -1 EBADF (Bad file descriptor) [pid 737] close(28) = -1 EBADF (Bad file descriptor) [pid 737] close(29) = -1 EBADF (Bad file descriptor) [pid 737] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 737] exit_group(0) = ? [pid 742] <... open resumed>) = 3 [pid 737] +++ exited with 0 +++ [pid 742] openat(3, "cgroup.subtree_control", O_RDWR [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 742] <... openat resumed>) = 4 [pid 742] write(4, "-pids ", 6 [pid 375] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./63/binderfs") = 0 [pid 375] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./63/cgroup") = 0 [pid 375] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./63/cgroup.net") = 0 [pid 375] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./63/file0") = 0 [pid 375] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./63/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./63") = 0 [pid 375] mkdir("./64", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 743 attached , child_tidptr=0x555556fab5d0) = 66 [pid 743] chdir("./64") = 0 [pid 743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 743] setpgid(0, 0) = 0 [pid 743] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 743] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 743] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 743] write(3, "1000", 4) = 4 [pid 743] close(3) = 0 [pid 743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 743] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 743] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 743] open("./file0", O_RDONLY) = 3 [pid 743] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 743] write(4, "-pids ", 6 [pid 741] <... write resumed>) = 6 [ 197.109206][ T737] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 197.117151][ T737] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 197.125105][ T737] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 197.133057][ T737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 197.141008][ T737] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003f [ 197.149863][ T737] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 741] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 741] write(5, "22", 2) = 2 [ 197.180402][ T732] FAULT_INJECTION: forcing a failure. [ 197.180402][ T732] name failslab, interval 1, probability 0, space 0, times 0 [ 197.193046][ T732] CPU: 1 PID: 732 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 197.204651][ T732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.214763][ T732] Call Trace: [ 197.218040][ T732] dump_stack_lvl+0x1e2/0x24b [ 197.222702][ T732] ? panic+0x7d7/0x7d7 [ 197.226749][ T732] ? bfq_pos_tree_add_move+0x43e/0x43e [ 197.232201][ T732] ? find_next_bit+0xd6/0x120 [ 197.236866][ T732] ? cpumask_next+0x11/0x30 [ 197.241352][ T732] dump_stack+0x15/0x17 [ 197.245488][ T732] should_fail+0x3c0/0x510 [ 197.249896][ T732] ? percpu_ref_init+0xd0/0x330 [ 197.254723][ T732] __should_failslab+0x9f/0xe0 [ 197.259464][ T732] should_failslab+0x9/0x20 [ 197.263939][ T732] kmem_cache_alloc_trace+0x3a/0x330 [ 197.269194][ T732] percpu_ref_init+0xd0/0x330 [ 197.273868][ T732] ? cgroup_setup_root+0xea0/0xea0 [ 197.278994][ T732] cgroup_apply_control_enable+0x3a2/0x12f0 [ 197.284886][ T732] cgroup_apply_control+0x93/0x710 [ 197.289981][ T732] ? css_next_child+0x160/0x160 [ 197.294813][ T732] ? stack_trace_save+0x12d/0x1f0 [ 197.299822][ T732] ? io_schedule+0x120/0x120 [ 197.304403][ T732] ? kernfs_fop_write_iter+0x15e/0x410 [ 197.309845][ T732] ? __kasan_check_write+0x14/0x20 [ 197.314937][ T732] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 197.320198][ T732] cgroup_subtree_control_write+0xd19/0x1310 [ 197.326154][ T732] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 197.332106][ T732] ? __kasan_check_write+0x14/0x20 [ 197.337187][ T732] ? _copy_from_iter+0x3fb/0xd60 [ 197.342096][ T732] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 197.348046][ T732] cgroup_file_write+0x28e/0x590 [ 197.352960][ T732] ? cgroup_seqfile_stop+0xc0/0xc0 [ 197.358053][ T732] ? mutex_lock+0xa6/0x110 [ 197.362442][ T732] ? mutex_trylock+0xb0/0xb0 [ 197.367006][ T732] ? __kasan_check_write+0x14/0x20 [ 197.372089][ T732] kernfs_fop_write_iter+0x2d0/0x410 [ 197.377344][ T732] ? cgroup_seqfile_stop+0xc0/0xc0 [ 197.382427][ T732] vfs_write+0xc1c/0xf40 [ 197.386650][ T732] ? __kasan_check_write+0x14/0x20 [ 197.391748][ T732] ? kernel_write+0x3c0/0x3c0 [ 197.396414][ T732] ? _raw_spin_unlock_irq+0x4e/0x70 [ 197.401857][ T732] ? ptrace_stop+0x6ff/0x9f0 [ 197.406440][ T732] ? __kasan_check_read+0x11/0x20 [ 197.411445][ T732] ? __fdget_pos+0x27e/0x310 [ 197.416011][ T732] ksys_write+0x198/0x2c0 [ 197.420313][ T732] ? do_notify_parent+0xa60/0xa60 [ 197.425310][ T732] ? __ia32_sys_read+0x90/0x90 [ 197.430053][ T732] ? __ia32_sys_open+0x270/0x270 [ 197.434971][ T732] __x64_sys_write+0x7b/0x90 [ 197.439533][ T732] do_syscall_64+0x34/0x70 [ 197.443922][ T732] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 197.449784][ T732] RIP: 0033:0x7fc8ece62c09 [ 197.454170][ T732] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 741] write(4, "+pids ", 6 [pid 732] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 732] close(3) = 0 [pid 732] close(4) = 0 [pid 732] close(5) = 0 [pid 732] close(6) = -1 EBADF (Bad file descriptor) [pid 732] close(7) = -1 EBADF (Bad file descriptor) [pid 732] close(8) = -1 EBADF (Bad file descriptor) [pid 732] close(9) = -1 EBADF (Bad file descriptor) [pid 732] close(10) = -1 EBADF (Bad file descriptor) [pid 732] close(11) = -1 EBADF (Bad file descriptor) [pid 732] close(12) = -1 EBADF (Bad file descriptor) [pid 732] close(13) = -1 EBADF (Bad file descriptor) [pid 732] close(14) = -1 EBADF (Bad file descriptor) [pid 732] close(15) = -1 EBADF (Bad file descriptor) [pid 732] close(16) = -1 EBADF (Bad file descriptor) [pid 732] close(17) = -1 EBADF (Bad file descriptor) [pid 732] close(18) = -1 EBADF (Bad file descriptor) [pid 732] close(19) = -1 EBADF (Bad file descriptor) [pid 732] close(20) = -1 EBADF (Bad file descriptor) [pid 732] close(21) = -1 EBADF (Bad file descriptor) [pid 732] close(22) = -1 EBADF (Bad file descriptor) [pid 732] close(23) = -1 EBADF (Bad file descriptor) [pid 732] close(24) = -1 EBADF (Bad file descriptor) [pid 732] close(25) = -1 EBADF (Bad file descriptor) [pid 732] close(26) = -1 EBADF (Bad file descriptor) [pid 732] close(27) = -1 EBADF (Bad file descriptor) [pid 732] close(28) = -1 EBADF (Bad file descriptor) [pid 732] close(29) = -1 EBADF (Bad file descriptor) [pid 732] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 732] exit_group(0) = ? [pid 732] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./51/binderfs") = 0 [pid 383] umount2("./51/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./51/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./51/cgroup") = 0 [pid 383] umount2("./51/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./51/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./51/cgroup.net") = 0 [ 197.473751][ T732] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.482144][ T732] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 197.490100][ T732] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 197.498045][ T732] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 197.505999][ T732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 197.513960][ T732] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000033 [ 197.531210][ T383] ------------[ cut here ]------------ [ 197.536712][ T383] WARNING: CPU: 0 PID: 383 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 197.545649][ T383] Modules linked in: [ 197.549539][ T383] CPU: 0 PID: 383 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 197.550731][ T741] FAULT_INJECTION: forcing a failure. [ 197.550731][ T741] name failslab, interval 1, probability 0, space 0, times 0 [ 197.561210][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.574466][ T741] CPU: 1 PID: 741 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 197.583822][ T383] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 197.595382][ T741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.595387][ T741] Call Trace: [ 197.595406][ T741] dump_stack_lvl+0x1e2/0x24b [ 197.595416][ T741] ? bfq_pos_tree_add_move+0x43e/0x43e [ 197.595435][ T741] ? selinux_kernfs_init_security+0x1a8/0x760 [ 197.601042][ T383] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 197.611055][ T741] dump_stack+0x15/0x17 [ 197.611072][ T741] should_fail+0x3c0/0x510 [ 197.614325][ T383] RSP: 0018:ffffc90000b87ba0 EFLAGS: 00010293 [ 197.618971][ T741] ? __kernfs_new_node+0x99/0x6e0 [ 197.624399][ T383] [ 197.630425][ T741] __should_failslab+0x9f/0xe0 [ 197.630450][ T741] should_failslab+0x9/0x20 [ 197.650030][ T383] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e3b40 [ 197.654146][ T741] __kmalloc_track_caller+0x5f/0x350 [ 197.654163][ T741] kstrdup_const+0x55/0x90 [ 197.658545][ T383] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 197.664573][ T741] __kernfs_new_node+0x99/0x6e0 [ 197.664583][ T741] ? is_module_text_address+0xe1/0x140 [ 197.664598][ T741] ? kernfs_new_node+0x170/0x170 [ 197.669587][ T383] RBP: ffffc90000b87c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 197.671887][ T741] ? ptr_to_hashval+0x60/0x60 [ 197.671902][ T741] ? arch_stack_walk+0xf8/0x140 [ 197.676645][ T383] R10: fffff52000170f65 R11: 1ffff92000170f64 R12: dffffc0000000000 [ 197.681116][ T741] ? snprintf+0xd6/0x120 [ 197.681132][ T741] kernfs_new_node+0x97/0x170 [ 197.689073][ T383] R13: ffff88811976ac40 R14: ffffc90000b87c00 R15: 1ffff92000170f7c [ 197.694318][ T741] __kernfs_create_file+0x4a/0x270 [ 197.694335][ T741] cgroup_addrm_files+0xab8/0xfe0 [ 197.698723][ T383] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 197.706657][ T741] ? ____kasan_kmalloc+0xdc/0x110 [ 197.706673][ T741] ? __kasan_kmalloc+0x9/0x10 [ 197.711495][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.716918][ T741] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 197.721827][ T383] CR2: 00007ffd7d0e1c18 CR3: 0000000104bfa000 CR4: 00000000003506b0 [ 197.729767][ T741] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 197.734414][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 197.739225][ T741] ? delete_node+0x759/0x7b0 [ 197.747171][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 197.751375][ T741] ? __kasan_check_read+0x11/0x20 [ 197.751389][ T741] ? delete_node+0x759/0x7b0 [ 197.756030][ T383] Call Trace: [ 197.763973][ T741] ? __kasan_check_write+0x14/0x20 [ 197.763990][ T741] ? idr_replace+0x1c4/0x230 [ 197.769067][ T383] ? io_schedule+0x120/0x120 [ 197.774051][ T741] ? idr_get_next+0x4b0/0x4b0 [ 197.774066][ T741] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 197.782974][ T383] ? vfs_submount+0xb0/0xb0 [ 197.787957][ T741] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 197.792611][ T383] ? shrink_dentry_list+0x4ec/0x500 [ 197.799158][ T741] css_populate_dir+0x137/0x370 [ 197.804675][ T383] ? __kasan_check_write+0x14/0x20 [ 197.812607][ T741] cgroup_apply_control_enable+0x8b9/0x12f0 [ 197.812623][ T741] cgroup_apply_control+0x93/0x710 [ 197.818744][ T383] namespace_unlock+0x448/0x4f0 [ 197.826680][ T741] ? css_next_child+0x160/0x160 [ 197.826696][ T741] ? stack_trace_save+0x12d/0x1f0 [ 197.831259][ T383] ? umount_tree+0xf50/0xf50 [ 197.839192][ T741] ? io_schedule+0x120/0x120 [ 197.844190][ T383] ? __detach_mounts+0x670/0x670 [ 197.848741][ T741] ? kernfs_fop_write_iter+0x15e/0x410 [ 197.852000][ T383] ? selinux_umount+0xf0/0x130 [ 197.857074][ T741] ? __kasan_check_write+0x14/0x20 [ 197.861634][ T383] ? security_sb_umount+0x9d/0xb0 [ 197.866186][ T741] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 197.870833][ T383] path_umount+0xf03/0xfb0 [ 197.875819][ T741] cgroup_subtree_control_write+0xd19/0x1310 [ 197.880293][ T383] ? namespace_unlock+0x4f0/0x4f0 [ 197.885454][ T741] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 197.890622][ T383] ? user_path_at_empty+0x40/0x50 [ 197.895434][ T741] ? __kasan_check_write+0x14/0x20 [ 197.900517][ T383] __x64_sys_umount+0x122/0x170 [ 197.906370][ T741] ? _copy_from_iter+0x3fb/0xd60 [ 197.911453][ T383] ? path_umount+0xfb0/0xfb0 [ 197.916268][ T741] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 197.921092][ T383] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 197.926072][ T741] cgroup_file_write+0x28e/0x590 [ 197.930634][ T383] do_syscall_64+0x34/0x70 [ 197.935185][ T741] ? cgroup_seqfile_stop+0xc0/0xc0 [ 197.940093][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 197.945511][ T741] ? mutex_lock+0xa6/0x110 [ 197.945519][ T741] ? mutex_trylock+0xb0/0xb0 [ 197.945535][ T741] ? __kasan_check_write+0x14/0x20 [ 197.950272][ T383] RIP: 0033:0x7fc8ece63fb7 [ 197.955346][ T741] kernfs_fop_write_iter+0x2d0/0x410 [ 197.960344][ T383] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 197.965600][ T741] ? cgroup_seqfile_stop+0xc0/0xc0 [ 197.969980][ T383] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 197.975922][ T741] vfs_write+0xc1c/0xf40 [ 197.975937][ T741] ? __kasan_check_write+0x14/0x20 [ 197.980940][ T383] ORIG_RAX: 00000000000000a6 [ 197.986883][ T741] ? kernel_write+0x3c0/0x3c0 [ 197.991877][ T383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 197.996952][ T741] ? _raw_spin_unlock_irq+0x4e/0x70 [pid 383] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 741] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 741] close(3) = 0 [pid 741] close(4) = 0 [pid 741] close(5) = 0 [pid 741] close(6) = -1 EBADF (Bad file descriptor) [pid 741] close(7) = -1 EBADF (Bad file descriptor) [pid 741] close(8) = -1 EBADF (Bad file descriptor) [pid 741] close(9) = -1 EBADF (Bad file descriptor) [pid 741] close(10) = -1 EBADF (Bad file descriptor) [pid 741] close(11) = -1 EBADF (Bad file descriptor) [pid 741] close(12) = -1 EBADF (Bad file descriptor) [pid 741] close(13) = -1 EBADF (Bad file descriptor) [pid 741] close(14) = -1 EBADF (Bad file descriptor) [pid 741] close(15) = -1 EBADF (Bad file descriptor) [pid 741] close(16) = -1 EBADF (Bad file descriptor) [pid 741] close(17) = -1 EBADF (Bad file descriptor) [pid 741] close(18) = -1 EBADF (Bad file descriptor) [pid 741] close(19) = -1 EBADF (Bad file descriptor) [pid 741] close(20) = -1 EBADF (Bad file descriptor) [pid 741] close(21) = -1 EBADF (Bad file descriptor) [pid 741] close(22) = -1 EBADF (Bad file descriptor) [pid 741] close(23) = -1 EBADF (Bad file descriptor) [pid 741] close(24) = -1 EBADF (Bad file descriptor) [pid 741] close(25) = -1 EBADF (Bad file descriptor) [pid 741] close(26) = -1 EBADF (Bad file descriptor) [pid 741] close(27) = -1 EBADF (Bad file descriptor) [pid 741] close(28) = -1 EBADF (Bad file descriptor) [pid 741] close(29) = -1 EBADF (Bad file descriptor) [pid 741] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 741] exit_group(0) = ? [pid 741] +++ exited with 0 +++ [ 198.001769][ T383] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 198.006669][ T741] ? ptrace_stop+0x6ff/0x9f0 [ 198.011231][ T383] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 198.017172][ T741] ? __kasan_check_read+0x11/0x20 [ 198.023122][ T383] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 198.028024][ T741] ? __fdget_pos+0x27e/0x310 [ 198.032408][ T383] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000034 [ 198.037482][ T741] ksys_write+0x198/0x2c0 [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 198.043346][ T383] ---[ end trace d4de1ca9cdcd19a7 ]--- [ 198.047729][ T741] ? do_notify_parent+0xa60/0xa60 [ 198.052396][ T383] ------------[ cut here ]------------ [ 198.057365][ T741] ? __ia32_sys_read+0x90/0x90 [ 198.061777][ T383] WARNING: CPU: 0 PID: 383 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 198.066999][ T741] ? __ia32_sys_open+0x270/0x270 [ 198.086571][ T383] Modules linked in: [ 198.091643][ T741] __x64_sys_write+0x7b/0x90 [ 198.091660][ T741] do_syscall_64+0x34/0x70 [ 198.097686][ T383] [ 198.101895][ T741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 198.101909][ T741] RIP: 0033:0x7fc8ece62c09 [ 198.106993][ T383] CPU: 0 PID: 383 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 198.111633][ T741] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.111647][ T741] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 198.116291][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.124658][ T741] ORIG_RAX: 0000000000000001 [ 198.124666][ T741] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 198.124679][ T741] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 198.129850][ T383] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 198.137869][ T741] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 198.137875][ T741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 198.137888][ T741] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [ 198.142451][ T383] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 198.156565][ T741] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 198.163433][ T383] RSP: 0018:ffffc90000b87ca0 EFLAGS: 00010293 [ 198.370184][ T383] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e3b40 [ 198.378147][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 198.386119][ T383] RBP: ffffc90000b87d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 198.394082][ T383] R10: fffff52000170f85 R11: 1ffff92000170f84 R12: dffffc0000000000 [ 198.402044][ T383] R13: ffff88811976ac40 R14: ffffc90000b87d00 R15: 1ffff92000170f9c [ 198.409994][ T383] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 198.418926][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.425520][ T383] CR2: 00007ffd7d0e1c18 CR3: 0000000104bfa000 CR4: 00000000003506b0 [ 198.433488][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 198.441468][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 198.449421][ T383] Call Trace: [ 198.452712][ T383] ? lockref_get_or_lock+0x340/0x340 [ 198.457976][ T383] ? umount_tree+0xf50/0xf50 [ 198.462575][ T383] ? vfs_submount+0xb0/0xb0 [ 198.467073][ T383] ? dput+0x2b6/0x320 [ 198.471090][ T383] path_umount+0x1fe/0xfb0 [ 198.475496][ T383] ? namespace_unlock+0x4f0/0x4f0 [ 198.480540][ T383] ? user_path_at_empty+0x40/0x50 [ 198.485549][ T383] __x64_sys_umount+0x122/0x170 [ 198.490411][ T383] ? path_umount+0xfb0/0xfb0 [ 198.494996][ T383] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 198.500988][ T383] do_syscall_64+0x34/0x70 [ 198.505401][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 198.511299][ T383] RIP: 0033:0x7fc8ece63fb7 [ 198.515706][ T383] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.535324][ T383] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 198.543741][ T383] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 198.551713][ T383] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 198.559666][ T383] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 198.567645][ T383] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 198.575608][ T383] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000034 [pid 376] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... umount2 resumed>) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] <... openat resumed>) = 3 [pid 383] lstat("./51/file0", [pid 376] fstat(3, [pid 383] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] getdents64(3, [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] <... openat resumed>) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] lstat("./58/binderfs", [pid 383] close(4 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] <... close resumed>) = 0 [pid 376] unlink("./58/binderfs" [pid 383] rmdir("./51/file0") = 0 [pid 376] <... unlink resumed>) = 0 [pid 383] umount2("./51/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./51/cgroup.cpu", [pid 376] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] unlink("./51/cgroup.cpu" [pid 376] lstat("./58/cgroup", [pid 383] <... unlink resumed>) = 0 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./58/cgroup" [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] <... unlink resumed>) = 0 [pid 376] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] close(3 [pid 376] lstat("./58/cgroup.net", [pid 383] <... close resumed>) = 0 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] rmdir("./51" [pid 376] unlink("./58/cgroup.net" [pid 383] <... rmdir resumed>) = 0 [pid 376] <... unlink resumed>) = 0 [pid 376] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] mkdir("./52", 0777) = 0 [pid 376] <... umount2 resumed>) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 376] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 744 attached ) = -1 EINVAL (Invalid argument) [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 54 [pid 376] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 744] chdir("./52" [pid 376] <... openat resumed>) = 4 [pid 744] <... chdir resumed>) = 0 [pid 376] fstat(4, [pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 376] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 744] <... prctl resumed>) = 0 [pid 376] getdents64(4, [pid 744] setpgid(0, 0 [pid 376] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 744] <... setpgid resumed>) = 0 [pid 376] getdents64(4, [pid 744] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 376] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 744] <... symlink resumed>) = 0 [pid 376] close(4 [pid 744] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 376] <... close resumed>) = 0 [pid 376] rmdir("./58/file0" [pid 744] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 376] <... rmdir resumed>) = 0 [pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./58/cgroup.cpu", [pid 744] <... openat resumed>) = 3 [pid 744] write(3, "1000", 4 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 744] <... write resumed>) = 4 [pid 376] unlink("./58/cgroup.cpu" [pid 744] close(3) = 0 [pid 376] <... unlink resumed>) = 0 [pid 744] symlink("/dev/binderfs", "./binderfs" [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 744] <... symlink resumed>) = 0 [pid 376] close(3 [pid 744] mkdirat(AT_FDCWD, "./file0", 000 [pid 376] <... close resumed>) = 0 [pid 376] rmdir("./58" [pid 744] <... mkdirat resumed>) = 0 [pid 376] <... rmdir resumed>) = 0 [pid 744] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] mkdir("./59", 0777 [pid 744] <... mount resumed>) = 0 [pid 744] open("./file0", O_RDONLY) = 3 [pid 376] <... mkdir resumed>) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 744] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 744] write(4, "-pids ", 6 [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 61 ./strace-static-x86_64: Process 745 attached [pid 745] chdir("./59") = 0 [pid 745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 745] setpgid(0, 0) = 0 [pid 745] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 745] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 745] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 745] write(3, "1000", 4 [pid 742] <... write resumed>) = 6 [pid 742] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 740] <... write resumed>) = 6 [pid 738] <... write resumed>) = 6 [pid 745] <... write resumed>) = 4 [pid 744] <... write resumed>) = 6 [pid 743] <... write resumed>) = 6 [pid 742] <... openat resumed>) = 5 [pid 740] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 738] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 745] close(3 [pid 744] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 743] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 742] write(5, "22", 2 [pid 740] <... openat resumed>) = 5 [pid 745] <... close resumed>) = 0 [pid 744] <... openat resumed>) = 5 [pid 743] <... openat resumed>) = 5 [pid 742] <... write resumed>) = 2 [pid 740] write(5, "22", 2 [pid 738] <... openat resumed>) = 5 [ 198.583573][ T383] ---[ end trace d4de1ca9cdcd19a8 ]--- [pid 745] symlink("/dev/binderfs", "./binderfs" [pid 744] write(5, "22", 2 [pid 743] write(5, "22", 2 [pid 742] write(4, "+pids ", 6 [pid 740] <... write resumed>) = 2 [pid 738] write(5, "22", 2 [pid 745] <... symlink resumed>) = 0 [pid 744] <... write resumed>) = 2 [pid 743] <... write resumed>) = 2 [pid 740] write(4, "+pids ", 6 [pid 738] <... write resumed>) = 2 [pid 745] mkdirat(AT_FDCWD, "./file0", 000 [pid 744] write(4, "+pids ", 6 [pid 743] write(4, "+pids ", 6 [pid 738] write(4, "+pids ", 6 [pid 745] <... mkdirat resumed>) = 0 [ 198.608233][ T742] FAULT_INJECTION: forcing a failure. [ 198.608233][ T742] name failslab, interval 1, probability 0, space 0, times 0 [ 198.620967][ T742] CPU: 0 PID: 742 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 198.632583][ T742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.642621][ T742] Call Trace: [ 198.645887][ T742] dump_stack_lvl+0x1e2/0x24b [ 198.650544][ T742] ? bfq_pos_tree_add_move+0x43e/0x43e [ 198.655992][ T742] ? selinux_kernfs_init_security+0x1a8/0x760 [ 198.662041][ T742] dump_stack+0x15/0x17 [ 198.666171][ T742] should_fail+0x3c0/0x510 [ 198.670565][ T742] ? __kernfs_new_node+0x99/0x6e0 [ 198.675568][ T742] __should_failslab+0x9f/0xe0 [ 198.680302][ T742] should_failslab+0x9/0x20 [ 198.684781][ T742] __kmalloc_track_caller+0x5f/0x350 [ 198.690036][ T742] kstrdup_const+0x55/0x90 [ 198.694441][ T742] __kernfs_new_node+0x99/0x6e0 [ 198.699358][ T742] ? is_module_text_address+0xe1/0x140 [ 198.704793][ T742] ? kernfs_new_node+0x170/0x170 [ 198.709756][ T742] ? ptr_to_hashval+0x60/0x60 [ 198.714410][ T742] ? arch_stack_walk+0xf8/0x140 [ 198.719237][ T742] ? snprintf+0xd6/0x120 [ 198.723455][ T742] kernfs_new_node+0x97/0x170 [ 198.728110][ T742] __kernfs_create_file+0x4a/0x270 [ 198.733197][ T742] cgroup_addrm_files+0xab8/0xfe0 [ 198.738196][ T742] ? ____kasan_kmalloc+0xdc/0x110 [ 198.743196][ T742] ? __kasan_kmalloc+0x9/0x10 [ 198.747852][ T742] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 198.753379][ T742] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 198.759506][ T742] ? delete_node+0x759/0x7b0 [ 198.764071][ T742] ? __kasan_check_read+0x11/0x20 [ 198.769078][ T742] ? delete_node+0x759/0x7b0 [ 198.773644][ T742] ? __kasan_check_write+0x14/0x20 [ 198.778731][ T742] ? idr_replace+0x1c4/0x230 [ 198.783297][ T742] ? idr_get_next+0x4b0/0x4b0 [ 198.787951][ T742] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 198.792949][ T742] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 198.798122][ T742] css_populate_dir+0x137/0x370 [ 198.802948][ T742] cgroup_apply_control_enable+0x8b9/0x12f0 [ 198.808817][ T742] cgroup_apply_control+0x93/0x710 [ 198.813901][ T742] ? css_next_child+0x160/0x160 [ 198.818728][ T742] ? stack_trace_save+0x12d/0x1f0 [ 198.823726][ T742] ? io_schedule+0x120/0x120 [ 198.828289][ T742] ? kernfs_fop_write_iter+0x15e/0x410 [ 198.833722][ T742] ? __kasan_check_write+0x14/0x20 [ 198.838810][ T742] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 198.844069][ T742] cgroup_subtree_control_write+0xd19/0x1310 [ 198.850021][ T742] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 198.855973][ T742] ? __kasan_check_write+0x14/0x20 [ 198.861060][ T742] ? _copy_from_iter+0x3fb/0xd60 [ 198.865969][ T742] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 198.871922][ T742] cgroup_file_write+0x28e/0x590 [ 198.876833][ T742] ? cgroup_seqfile_stop+0xc0/0xc0 [ 198.881921][ T742] ? mutex_lock+0xa6/0x110 [ 198.886312][ T742] ? mutex_trylock+0xb0/0xb0 [ 198.890879][ T742] ? __kasan_check_write+0x14/0x20 [ 198.895971][ T742] kernfs_fop_write_iter+0x2d0/0x410 [ 198.901231][ T742] ? cgroup_seqfile_stop+0xc0/0xc0 [ 198.906319][ T742] vfs_write+0xc1c/0xf40 [ 198.910540][ T742] ? __kasan_check_write+0x14/0x20 [ 198.915627][ T742] ? kernel_write+0x3c0/0x3c0 [ 198.920279][ T742] ? _raw_spin_unlock_irq+0x4e/0x70 [ 198.925449][ T742] ? ptrace_stop+0x6ff/0x9f0 [ 198.930015][ T742] ? __kasan_check_read+0x11/0x20 [ 198.935012][ T742] ? __fdget_pos+0x27e/0x310 [ 198.939576][ T742] ksys_write+0x198/0x2c0 [ 198.943886][ T742] ? do_notify_parent+0xa60/0xa60 [ 198.948884][ T742] ? __ia32_sys_read+0x90/0x90 [ 198.953624][ T742] ? __ia32_sys_open+0x270/0x270 [ 198.958536][ T742] __x64_sys_write+0x7b/0x90 [ 198.963102][ T742] do_syscall_64+0x34/0x70 [ 198.967496][ T742] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 198.973368][ T742] RIP: 0033:0x7fc8ece62c09 [ 198.977763][ T742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 198.997344][ T742] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 745] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 742] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 745] <... mount resumed>) = 0 [pid 745] open("./file0", O_RDONLY) = 3 [pid 742] close(3 [pid 745] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 742] <... close resumed>) = 0 [pid 745] write(4, "-pids ", 6 [pid 742] close(4) = 0 [pid 742] close(5) = 0 [pid 742] close(6) = -1 EBADF (Bad file descriptor) [pid 742] close(7) = -1 EBADF (Bad file descriptor) [pid 742] close(8) = -1 EBADF (Bad file descriptor) [pid 742] close(9) = -1 EBADF (Bad file descriptor) [pid 742] close(10) = -1 EBADF (Bad file descriptor) [pid 742] close(11) = -1 EBADF (Bad file descriptor) [pid 742] close(12) = -1 EBADF (Bad file descriptor) [pid 742] close(13) = -1 EBADF (Bad file descriptor) [pid 742] close(14) = -1 EBADF (Bad file descriptor) [pid 742] close(15) = -1 EBADF (Bad file descriptor) [pid 742] close(16) = -1 EBADF (Bad file descriptor) [pid 742] close(17) = -1 EBADF (Bad file descriptor) [pid 742] close(18) = -1 EBADF (Bad file descriptor) [pid 742] close(19) = -1 EBADF (Bad file descriptor) [pid 742] close(20) = -1 EBADF (Bad file descriptor) [pid 742] close(21) = -1 EBADF (Bad file descriptor) [pid 742] close(22) = -1 EBADF (Bad file descriptor) [pid 742] close(23) = -1 EBADF (Bad file descriptor) [pid 742] close(24) = -1 EBADF (Bad file descriptor) [pid 742] close(25) = -1 EBADF (Bad file descriptor) [pid 742] close(26) = -1 EBADF (Bad file descriptor) [pid 742] close(27) = -1 EBADF (Bad file descriptor) [pid 742] close(28) = -1 EBADF (Bad file descriptor) [pid 742] close(29) = -1 EBADF (Bad file descriptor) [pid 742] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 742] exit_group(0) = ? [pid 742] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 380] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 199.005735][ T742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 199.013684][ T742] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 199.021632][ T742] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 199.029578][ T742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 199.037528][ T742] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 [ 199.047931][ T742] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./57/binderfs") = 0 [pid 380] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./57/cgroup") = 0 [pid 380] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./57/cgroup.net") = 0 [ 199.070532][ T740] FAULT_INJECTION: forcing a failure. [ 199.070532][ T740] name failslab, interval 1, probability 0, space 0, times 0 [ 199.083168][ T740] CPU: 1 PID: 740 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 199.094781][ T740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.104817][ T740] Call Trace: [ 199.108081][ T740] dump_stack_lvl+0x1e2/0x24b [ 199.112739][ T740] ? bfq_pos_tree_add_move+0x43e/0x43e [ 199.118202][ T740] ? selinux_kernfs_init_security+0x1a8/0x760 [ 199.124248][ T740] dump_stack+0x15/0x17 [ 199.128391][ T740] should_fail+0x3c0/0x510 [ 199.132794][ T740] ? __kernfs_new_node+0x99/0x6e0 [ 199.137796][ T740] __should_failslab+0x9f/0xe0 [ 199.142542][ T740] should_failslab+0x9/0x20 [ 199.147035][ T740] __kmalloc_track_caller+0x5f/0x350 [ 199.152306][ T740] kstrdup_const+0x55/0x90 [ 199.156706][ T740] __kernfs_new_node+0x99/0x6e0 [ 199.161531][ T740] ? is_module_text_address+0xe1/0x140 [ 199.166959][ T740] ? kernfs_new_node+0x170/0x170 [ 199.171880][ T740] ? ptr_to_hashval+0x60/0x60 [ 199.176545][ T740] ? arch_stack_walk+0xf8/0x140 [ 199.181393][ T740] ? snprintf+0xd6/0x120 [ 199.185609][ T740] kernfs_new_node+0x97/0x170 [ 199.190266][ T740] __kernfs_create_file+0x4a/0x270 [ 199.195369][ T740] cgroup_addrm_files+0xab8/0xfe0 [ 199.200386][ T740] ? ____kasan_kmalloc+0xdc/0x110 [ 199.205388][ T740] ? __kasan_kmalloc+0x9/0x10 [ 199.210045][ T740] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 199.215584][ T740] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 199.221720][ T740] ? delete_node+0x759/0x7b0 [ 199.226283][ T740] ? __kasan_check_read+0x11/0x20 [ 199.231288][ T740] ? delete_node+0x759/0x7b0 [ 199.235859][ T740] ? __kasan_check_write+0x14/0x20 [ 199.240953][ T740] ? idr_replace+0x1c4/0x230 [ 199.245525][ T740] ? idr_get_next+0x4b0/0x4b0 [ 199.250178][ T740] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 199.255185][ T740] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 199.260380][ T740] css_populate_dir+0x137/0x370 [ 199.265208][ T740] cgroup_apply_control_enable+0x8b9/0x12f0 [ 199.271072][ T740] cgroup_apply_control+0x93/0x710 [ 199.276166][ T740] ? css_next_child+0x160/0x160 [ 199.280998][ T740] ? io_schedule+0x120/0x120 [ 199.285570][ T740] ? kernfs_fop_write_iter+0x15e/0x410 [ 199.291020][ T740] ? __kasan_check_write+0x14/0x20 [ 199.296122][ T740] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 199.301398][ T740] cgroup_subtree_control_write+0xd19/0x1310 [ 199.307388][ T740] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 199.313343][ T740] ? __kasan_check_write+0x14/0x20 [ 199.318428][ T740] ? _copy_from_iter+0x3fb/0xd60 [ 199.323350][ T740] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 199.329313][ T740] cgroup_file_write+0x28e/0x590 [ 199.334234][ T740] ? cgroup_seqfile_stop+0xc0/0xc0 [ 199.339330][ T740] ? mutex_lock+0xa6/0x110 [ 199.343738][ T740] ? mutex_trylock+0xb0/0xb0 [ 199.348305][ T740] ? __kasan_check_write+0x14/0x20 [ 199.353395][ T740] kernfs_fop_write_iter+0x2d0/0x410 [ 199.358667][ T740] ? cgroup_seqfile_stop+0xc0/0xc0 [ 199.363752][ T740] vfs_write+0xc1c/0xf40 [ 199.367968][ T740] ? __kasan_check_write+0x14/0x20 [ 199.373063][ T740] ? kernel_write+0x3c0/0x3c0 [ 199.377721][ T740] ? _raw_spin_unlock_irq+0x4e/0x70 [ 199.382898][ T740] ? ptrace_stop+0x6ff/0x9f0 [ 199.387471][ T740] ? __kasan_check_read+0x11/0x20 [ 199.392468][ T740] ? __fdget_pos+0x27e/0x310 [ 199.397041][ T740] ksys_write+0x198/0x2c0 [ 199.401361][ T740] ? do_notify_parent+0xa60/0xa60 [ 199.406386][ T740] ? __ia32_sys_read+0x90/0x90 [ 199.411127][ T740] ? __ia32_sys_open+0x270/0x270 [ 199.416043][ T740] __x64_sys_write+0x7b/0x90 [ 199.420618][ T740] do_syscall_64+0x34/0x70 [ 199.425027][ T740] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 199.430900][ T740] RIP: 0033:0x7fc8ece62c09 [ 199.435286][ T740] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 199.454867][ T740] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.463264][ T740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 380] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./57/file0") = 0 [pid 380] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./57/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./57") = 0 [pid 380] mkdir("./58", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 746 attached [pid 746] chdir("./58" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 60 [pid 746] <... chdir resumed>) = 0 [pid 740] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 746] setpgid(0, 0) = 0 [pid 746] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 746] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 746] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 740] close(3 [pid 746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 746] write(3, "1000", 4) = 4 [pid 746] close(3) = 0 [pid 746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 746] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 746] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 746] open("./file0", O_RDONLY) = 3 [pid 740] <... close resumed>) = 0 [pid 746] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 746] write(4, "-pids ", 6 [pid 740] close(4) = 0 [pid 740] close(5) = 0 [pid 740] close(6) = -1 EBADF (Bad file descriptor) [pid 740] close(7) = -1 EBADF (Bad file descriptor) [pid 740] close(8) = -1 EBADF (Bad file descriptor) [pid 740] close(9) = -1 EBADF (Bad file descriptor) [pid 740] close(10) = -1 EBADF (Bad file descriptor) [pid 740] close(11) = -1 EBADF (Bad file descriptor) [pid 740] close(12) = -1 EBADF (Bad file descriptor) [pid 740] close(13) = -1 EBADF (Bad file descriptor) [pid 740] close(14) = -1 EBADF (Bad file descriptor) [pid 740] close(15) = -1 EBADF (Bad file descriptor) [pid 740] close(16) = -1 EBADF (Bad file descriptor) [pid 740] close(17) = -1 EBADF (Bad file descriptor) [pid 740] close(18) = -1 EBADF (Bad file descriptor) [pid 740] close(19) = -1 EBADF (Bad file descriptor) [pid 740] close(20) = -1 EBADF (Bad file descriptor) [pid 740] close(21) = -1 EBADF (Bad file descriptor) [pid 740] close(22) = -1 EBADF (Bad file descriptor) [pid 740] close(23) = -1 EBADF (Bad file descriptor) [pid 740] close(24) = -1 EBADF (Bad file descriptor) [pid 740] close(25) = -1 EBADF (Bad file descriptor) [pid 740] close(26) = -1 EBADF (Bad file descriptor) [pid 740] close(27) = -1 EBADF (Bad file descriptor) [pid 740] close(28) = -1 EBADF (Bad file descriptor) [pid 740] close(29) = -1 EBADF (Bad file descriptor) [pid 740] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 740] exit_group(0) = ? [pid 740] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./60/binderfs") = 0 [pid 381] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./60/cgroup") = 0 [pid 381] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./60/cgroup.net") = 0 [ 199.471214][ T740] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 199.479159][ T740] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 199.487110][ T740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 199.495062][ T740] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003c [ 199.503574][ T740] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 745] <... write resumed>) = 6 [ 199.523854][ T381] ------------[ cut here ]------------ [ 199.529349][ T381] WARNING: CPU: 0 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 199.538294][ T381] Modules linked in: [ 199.542261][ T381] CPU: 0 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 199.553942][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.564026][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 199.569647][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 199.589257][ T381] RSP: 0018:ffffc90000b37ba0 EFLAGS: 00010293 [ 199.595346][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 199.603323][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 199.610596][ T744] FAULT_INJECTION: forcing a failure. [ 199.610596][ T744] name failslab, interval 1, probability 0, space 0, times 0 [ 199.611296][ T381] RBP: ffffc90000b37c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 199.631819][ T381] R10: fffff52000166f65 R11: 1ffff92000166f64 R12: dffffc0000000000 [ 199.634521][ T744] CPU: 1 PID: 744 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 199.639867][ T381] R13: ffff88810eee1dc0 R14: ffffc90000b37c00 R15: 1ffff92000166f7c [ 199.651448][ T744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.651453][ T744] Call Trace: [ 199.651469][ T744] dump_stack_lvl+0x1e2/0x24b [ 199.651486][ T744] ? bfq_pos_tree_add_move+0x43e/0x43e [ 199.659433][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 199.669454][ T744] ? selinux_kernfs_init_security+0x1a8/0x760 [ 199.669469][ T744] dump_stack+0x15/0x17 [ 199.672729][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.677371][ T744] should_fail+0x3c0/0x510 [ 199.682797][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506b0 [ 199.691689][ T744] ? __kernfs_new_node+0x99/0x6e0 [ 199.691706][ T744] __should_failslab+0x9f/0xe0 [ 199.697734][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.701857][ T744] should_failslab+0x9/0x20 [ 199.701874][ T744] __kmalloc_track_caller+0x5f/0x350 [ 199.708427][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.712814][ T744] kstrdup_const+0x55/0x90 [ 199.712829][ T744] __kernfs_new_node+0x99/0x6e0 [ 199.720768][ T381] Call Trace: [ 199.725763][ T744] ? is_module_text_address+0xe1/0x140 [ 199.730498][ T381] ? io_schedule+0x120/0x120 [ 199.738431][ T744] ? kernfs_new_node+0x170/0x170 [ 199.742909][ T381] ? vfs_submount+0xb0/0xb0 [ 199.748152][ T744] ? ptr_to_hashval+0x60/0x60 [ 199.756100][ T381] ? shrink_dentry_list+0x4ec/0x500 [ 199.760471][ T744] ? arch_stack_walk+0xf8/0x140 [ 199.760486][ T744] ? snprintf+0xd6/0x120 [ 199.765307][ T381] ? __kasan_check_write+0x14/0x20 [ 199.768563][ T744] kernfs_new_node+0x97/0x170 [ 199.773995][ T381] namespace_unlock+0x448/0x4f0 [ 199.778545][ T744] __kernfs_create_file+0x4a/0x270 [ 199.783458][ T381] ? umount_tree+0xf50/0xf50 [ 199.787922][ T744] cgroup_addrm_files+0xab8/0xfe0 [ 199.792571][ T381] ? __detach_mounts+0x670/0x670 [ 199.797732][ T744] ? ____kasan_kmalloc+0xdc/0x110 [ 199.802557][ T381] ? selinux_umount+0xf0/0x130 [ 199.806763][ T744] ? __kasan_kmalloc+0x9/0x10 [ 199.811857][ T381] ? security_sb_umount+0x9d/0xb0 [ 199.816495][ T744] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 199.821320][ T381] path_umount+0xf03/0xfb0 [ 199.826393][ T744] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 199.830955][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 199.836026][ T744] ? delete_node+0x759/0x7b0 [ 199.840939][ T381] ? user_path_at_empty+0x40/0x50 [ 199.845928][ T744] ? __kasan_check_read+0x11/0x20 [ 199.850664][ T381] __x64_sys_umount+0x122/0x170 [ 199.855300][ T744] ? delete_node+0x759/0x7b0 [ 199.860299][ T381] ? path_umount+0xfb0/0xfb0 [ 199.865806][ T744] ? __kasan_check_write+0x14/0x20 [ 199.870197][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 199.876306][ T744] ? idr_replace+0x1c4/0x230 [ 199.881303][ T381] do_syscall_64+0x34/0x70 [ 199.885854][ T744] ? idr_get_next+0x4b0/0x4b0 [ 199.890853][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 199.895842][ T744] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 199.900666][ T381] RIP: 0033:0x7fc8ece63fb7 [ 199.905220][ T744] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 199.909777][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 199.914849][ T744] css_populate_dir+0x137/0x370 [ 199.914871][ T744] cgroup_apply_control_enable+0x8b9/0x12f0 [ 199.920814][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 199.925368][ T744] cgroup_apply_control+0x93/0x710 [ 199.929750][ T381] ORIG_RAX: 00000000000000a6 [ 199.934389][ T744] ? css_next_child+0x160/0x160 [ 199.934404][ T744] ? stack_trace_save+0x12d/0x1f0 [ 199.940267][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 199.945255][ T744] ? io_schedule+0x120/0x120 [ 199.949633][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 199.954794][ T744] ? kernfs_fop_write_iter+0x15e/0x410 [ 199.954811][ T744] ? __kasan_check_write+0x14/0x20 [ 199.974391][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 199.979225][ T744] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 199.985090][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 199.991115][ T744] cgroup_subtree_control_write+0xd19/0x1310 [ 199.991131][ T744] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 199.996208][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000003d [ 200.000846][ T744] ? __kasan_check_write+0x14/0x20 [ 200.000870][ T744] ? _copy_from_iter+0x3fb/0xd60 [ 200.005677][ T381] ---[ end trace d4de1ca9cdcd19a9 ]--- [ 200.010667][ T744] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 200.010682][ T744] cgroup_file_write+0x28e/0x590 [ 200.023013][ T381] ------------[ cut here ]------------ [ 200.023185][ T744] ? cgroup_seqfile_stop+0xc0/0xc0 [ 200.031147][ T381] WARNING: CPU: 0 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 200.036562][ T744] ? mutex_lock+0xa6/0x110 [ 200.041644][ T381] Modules linked in: [ 200.049583][ T744] ? mutex_trylock+0xb0/0xb0 [ 200.054834][ T381] [ 200.062772][ T744] ? __kasan_check_write+0x14/0x20 [ 200.062789][ T744] kernfs_fop_write_iter+0x2d0/0x410 [ 200.068734][ T381] CPU: 0 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 200.074672][ T744] ? cgroup_seqfile_stop+0xc0/0xc0 [ 200.074689][ T744] vfs_write+0xc1c/0xf40 [ 200.082635][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.087713][ T744] ? __kasan_check_write+0x14/0x20 [ 200.092628][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 200.098044][ T744] ? kernel_write+0x3c0/0x3c0 [ 200.103995][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 200.108894][ T744] ? _raw_spin_unlock_irq+0x4e/0x70 [pid 745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 382] kill(-64, SIGKILL) = 0 [pid 382] kill(64, SIGKILL) = 0 [ 200.114319][ T381] RSP: 0018:ffffc90000b37ca0 EFLAGS: 00010293 [ 200.119395][ T744] ? ptrace_stop+0x6ff/0x9f0 [ 200.128289][ T381] [ 200.132758][ T744] ? __kasan_check_read+0x11/0x20 [ 200.132774][ T744] ? __fdget_pos+0x27e/0x310 [ 200.136810][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 200.141362][ T744] ksys_write+0x198/0x2c0 [ 200.141379][ T744] ? do_notify_parent+0xa60/0xa60 [ 200.143676][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [pid 744] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 744] close(3) = 0 [pid 744] close(4) = 0 [pid 744] close(5) = 0 [pid 744] close(6) = -1 EBADF (Bad file descriptor) [pid 744] close(7) = -1 EBADF (Bad file descriptor) [pid 744] close(8) = -1 EBADF (Bad file descriptor) [pid 744] close(9) = -1 EBADF (Bad file descriptor) [pid 744] close(10) = -1 EBADF (Bad file descriptor) [pid 744] close(11) = -1 EBADF (Bad file descriptor) [pid 744] close(12) = -1 EBADF (Bad file descriptor) [pid 744] close(13) = -1 EBADF (Bad file descriptor) [pid 744] close(14) = -1 EBADF (Bad file descriptor) [pid 744] close(15) = -1 EBADF (Bad file descriptor) [pid 744] close(16) = -1 EBADF (Bad file descriptor) [pid 744] close(17) = -1 EBADF (Bad file descriptor) [pid 744] close(18) = -1 EBADF (Bad file descriptor) [pid 744] close(19) = -1 EBADF (Bad file descriptor) [pid 744] close(20) = -1 EBADF (Bad file descriptor) [pid 744] close(21) = -1 EBADF (Bad file descriptor) [pid 744] close(22) = -1 EBADF (Bad file descriptor) [pid 744] close(23) = -1 EBADF (Bad file descriptor) [pid 744] close(24) = -1 EBADF (Bad file descriptor) [pid 744] close(25) = -1 EBADF (Bad file descriptor) [pid 744] close(26) = -1 EBADF (Bad file descriptor) [pid 744] close(27) = -1 EBADF (Bad file descriptor) [pid 744] close(28) = -1 EBADF (Bad file descriptor) [pid 744] close(29) = -1 EBADF (Bad file descriptor) [pid 744] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 744] exit_group(0) = ? [pid 744] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=54, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 200.148753][ T744] ? __ia32_sys_read+0x90/0x90 [ 200.154007][ T381] RBP: ffffc90000b37d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 200.165587][ T744] ? __ia32_sys_open+0x270/0x270 [ 200.165603][ T744] __x64_sys_write+0x7b/0x90 [ 200.170682][ T381] R10: fffff52000166f85 R11: 1ffff92000166f84 R12: dffffc0000000000 [ 200.174890][ T744] do_syscall_64+0x34/0x70 [ 200.184925][ T381] R13: ffff88810eee1dc0 R14: ffffc90000b37d00 R15: 1ffff92000166f9c [ 200.190000][ T744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 200.195604][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 200.200242][ T744] RIP: 0033:0x7fc8ece62c09 [ 200.200259][ T744] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 200.219865][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.225005][ T744] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.225026][ T744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 383] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [ 200.231075][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506b0 [ 200.235631][ T744] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 200.237928][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 200.242912][ T744] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 200.242918][ T744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 200.242925][ T744] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000034 [ 200.278025][ T744] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 200.285629][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 200.285634][ T381] Call Trace: [ 200.285650][ T381] ? lockref_get_or_lock+0x340/0x340 [ 200.285669][ T381] ? umount_tree+0xf50/0xf50 [ 200.453035][ T381] ? vfs_submount+0xb0/0xb0 [ 200.457590][ T381] ? dput+0x2b6/0x320 [ 200.461582][ T381] path_umount+0x1fe/0xfb0 [ 200.465989][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 200.471024][ T381] ? user_path_at_empty+0x40/0x50 [ 200.476037][ T381] __x64_sys_umount+0x122/0x170 [ 200.480897][ T381] ? path_umount+0xfb0/0xfb0 [ 200.485473][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 200.491462][ T381] do_syscall_64+0x34/0x70 [ 200.495866][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 200.501755][ T381] RIP: 0033:0x7fc8ece63fb7 [ 200.506153][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 200.525748][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 200.534159][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 200.542122][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 200.550070][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 200.558033][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 200.566001][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 000000000000003d [pid 382] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 745] <... openat resumed>) = 5 [pid 745] write(5, "22", 2 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... umount2 resumed>) = 0 [pid 745] <... write resumed>) = 2 [pid 383] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 745] write(4, "+pids ", 6 [pid 381] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... openat resumed>) = 3 [pid 383] fstat(3, [pid 382] <... openat resumed>) = 3 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] fstat(3, [pid 383] getdents64(3, [pid 382] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 383] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] getdents64(3, [pid 383] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] <... getdents64 resumed>0x555556fad630 /* 2 entries */, 32768) = 48 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] getdents64(3, [pid 383] lstat("./52/binderfs", [pid 382] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] close(3 [pid 383] unlink("./52/binderfs" [pid 382] <... close resumed>) = 0 [pid 381] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] <... unlink resumed>) = 0 [pid 381] getdents64(4, [pid 383] umount2("./52/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./52/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] unlink("./52/cgroup") = 0 [pid 381] close(4 [pid 383] umount2("./52/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] <... close resumed>) = 0 [pid 383] lstat("./52/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./52/cgroup.net") = 0 [pid 383] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./52/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./52/file0") = 0 [pid 383] umount2("./52/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./52/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./52/cgroup.cpu") = 0 [pid 381] rmdir("./60/file0" [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./52" [pid 381] <... rmdir resumed>) = 0 [pid 383] <... rmdir resumed>) = 0 [pid 381] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] mkdir("./53", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 747 attached [pid 747] chdir("./53" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 55 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 747] <... chdir resumed>) = 0 [pid 747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 381] lstat("./60/cgroup.cpu", [pid 747] <... prctl resumed>) = 0 [pid 747] setpgid(0, 0) = 0 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 747] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 381] unlink("./60/cgroup.cpu") = 0 [pid 747] <... symlink resumed>) = 0 [pid 747] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 381] getdents64(3, [pid 747] <... symlink resumed>) = 0 [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 747] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 381] close(3) = 0 [pid 381] rmdir("./60" [pid 747] <... symlink resumed>) = 0 [pid 747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 381] <... rmdir resumed>) = 0 [pid 747] <... openat resumed>) = 3 [pid 747] write(3, "1000", 4) = 4 [pid 381] mkdir("./61", 0777 [pid 747] close(3) = 0 [pid 747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] <... mkdir resumed>) = 0 [pid 747] mkdirat(AT_FDCWD, "./file0", 000 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 747] <... mkdirat resumed>) = 0 [pid 747] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 ./strace-static-x86_64: Process 748 attached [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 63 [pid 748] chdir("./61") = 0 [pid 748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 748] setpgid(0, 0) = 0 [pid 748] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 748] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 748] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 748] write(3, "1000", 4) = 4 [pid 747] open("./file0", O_RDONLY [pid 748] close(3 [pid 747] <... open resumed>) = 3 [pid 748] <... close resumed>) = 0 [pid 748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 748] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 748] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 747] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 200.573973][ T381] ---[ end trace d4de1ca9cdcd19aa ]--- [ 200.598001][ T745] FAULT_INJECTION: forcing a failure. [ 200.598001][ T745] name failslab, interval 1, probability 0, space 0, times 0 [ 200.610804][ T745] CPU: 0 PID: 745 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 200.622418][ T745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.632456][ T745] Call Trace: [ 200.635735][ T745] dump_stack_lvl+0x1e2/0x24b [ 200.640387][ T745] ? bfq_pos_tree_add_move+0x43e/0x43e [ 200.645820][ T745] ? selinux_kernfs_init_security+0x1a8/0x760 [ 200.651867][ T745] dump_stack+0x15/0x17 [ 200.656016][ T745] should_fail+0x3c0/0x510 [ 200.660406][ T745] ? __kernfs_new_node+0x99/0x6e0 [ 200.665408][ T745] __should_failslab+0x9f/0xe0 [ 200.670153][ T745] should_failslab+0x9/0x20 [ 200.674638][ T745] __kmalloc_track_caller+0x5f/0x350 [ 200.679902][ T745] kstrdup_const+0x55/0x90 [ 200.684308][ T745] __kernfs_new_node+0x99/0x6e0 [ 200.689138][ T745] ? is_module_text_address+0xe1/0x140 [ 200.694566][ T745] ? kernfs_new_node+0x170/0x170 [ 200.699491][ T745] ? ptr_to_hashval+0x60/0x60 [ 200.704148][ T745] ? arch_stack_walk+0xf8/0x140 [ 200.708971][ T745] ? snprintf+0xd6/0x120 [ 200.713272][ T745] kernfs_new_node+0x97/0x170 [ 200.717929][ T745] __kernfs_create_file+0x4a/0x270 [ 200.723019][ T745] cgroup_addrm_files+0xab8/0xfe0 [ 200.728015][ T745] ? ____kasan_kmalloc+0xdc/0x110 [ 200.733016][ T745] ? __kasan_kmalloc+0x9/0x10 [ 200.737674][ T745] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 200.743195][ T745] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 200.749322][ T745] ? delete_node+0x759/0x7b0 [ 200.753894][ T745] ? __kasan_check_read+0x11/0x20 [ 200.758898][ T745] ? delete_node+0x759/0x7b0 [ 200.763458][ T745] ? __kasan_check_write+0x14/0x20 [ 200.768546][ T745] ? idr_replace+0x1c4/0x230 [ 200.773112][ T745] ? idr_get_next+0x4b0/0x4b0 [ 200.777760][ T745] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 200.782774][ T745] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 200.787949][ T745] css_populate_dir+0x137/0x370 [ 200.792776][ T745] cgroup_apply_control_enable+0x8b9/0x12f0 [ 200.798644][ T745] cgroup_apply_control+0x93/0x710 [ 200.803733][ T745] ? css_next_child+0x160/0x160 [ 200.808559][ T745] ? io_schedule+0x120/0x120 [ 200.813125][ T745] ? __kasan_check_write+0x14/0x20 [ 200.818218][ T745] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 200.823478][ T745] cgroup_subtree_control_write+0xd19/0x1310 [ 200.829433][ T745] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 200.835476][ T745] ? __kasan_check_write+0x14/0x20 [ 200.840564][ T745] ? _copy_from_iter+0x3fb/0xd60 [ 200.845475][ T745] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 200.851605][ T745] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 200.857556][ T745] cgroup_file_write+0x28e/0x590 [ 200.862468][ T745] ? __check_object_size+0x76/0x3e0 [ 200.867642][ T745] ? cgroup_seqfile_stop+0xc0/0xc0 [ 200.872727][ T745] ? mutex_lock+0xa6/0x110 [ 200.877119][ T745] ? mutex_trylock+0xb0/0xb0 [ 200.881685][ T745] ? __kasan_check_write+0x14/0x20 [ 200.886773][ T745] kernfs_fop_write_iter+0x2d0/0x410 [ 200.892034][ T745] ? cgroup_seqfile_stop+0xc0/0xc0 [ 200.897119][ T745] vfs_write+0xc1c/0xf40 [ 200.901336][ T745] ? __kasan_check_write+0x14/0x20 [ 200.906421][ T745] ? kernel_write+0x3c0/0x3c0 [ 200.911070][ T745] ? _raw_spin_unlock_irq+0x4e/0x70 [ 200.916244][ T745] ? ptrace_stop+0x6ff/0x9f0 [ 200.920807][ T745] ? __kasan_check_read+0x11/0x20 [ 200.925805][ T745] ? __fdget_pos+0x27e/0x310 [ 200.930368][ T745] ksys_write+0x198/0x2c0 [ 200.934673][ T745] ? do_notify_parent+0xa60/0xa60 [ 200.939671][ T745] ? __ia32_sys_read+0x90/0x90 [ 200.944409][ T745] ? __ia32_sys_open+0x270/0x270 [ 200.949325][ T745] __x64_sys_write+0x7b/0x90 [ 200.953891][ T745] do_syscall_64+0x34/0x70 [ 200.958289][ T745] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 200.964154][ T745] RIP: 0033:0x7fc8ece62c09 [ 200.968551][ T745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 200.988128][ T745] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.996515][ T745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 201.004461][ T745] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 201.012410][ T745] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 201.020355][ T745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [pid 747] write(4, "-pids ", 6 [pid 745] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 748] <... mount resumed>) = 0 [pid 745] close(3 [pid 748] open("./file0", O_RDONLY [pid 745] <... close resumed>) = 0 [pid 748] <... open resumed>) = 3 [pid 745] close(4 [pid 748] openat(3, "cgroup.subtree_control", O_RDWR [pid 745] <... close resumed>) = 0 [pid 748] <... openat resumed>) = 4 [pid 745] close(5) = 0 [pid 748] write(4, "-pids ", 6 [pid 745] close(6) = -1 EBADF (Bad file descriptor) [pid 745] close(7) = -1 EBADF (Bad file descriptor) [pid 745] close(8) = -1 EBADF (Bad file descriptor) [pid 745] close(9) = -1 EBADF (Bad file descriptor) [pid 745] close(10) = -1 EBADF (Bad file descriptor) [pid 745] close(11) = -1 EBADF (Bad file descriptor) [pid 745] close(12) = -1 EBADF (Bad file descriptor) [pid 745] close(13) = -1 EBADF (Bad file descriptor) [pid 745] close(14) = -1 EBADF (Bad file descriptor) [pid 745] close(15) = -1 EBADF (Bad file descriptor) [pid 745] close(16) = -1 EBADF (Bad file descriptor) [pid 745] close(17) = -1 EBADF (Bad file descriptor) [pid 745] close(18) = -1 EBADF (Bad file descriptor) [pid 745] close(19) = -1 EBADF (Bad file descriptor) [pid 745] close(20) = -1 EBADF (Bad file descriptor) [pid 745] close(21) = -1 EBADF (Bad file descriptor) [pid 745] close(22) = -1 EBADF (Bad file descriptor) [pid 745] close(23) = -1 EBADF (Bad file descriptor) [pid 745] close(24) = -1 EBADF (Bad file descriptor) [pid 745] close(25) = -1 EBADF (Bad file descriptor) [pid 745] close(26) = -1 EBADF (Bad file descriptor) [pid 745] close(27) = -1 EBADF (Bad file descriptor) [pid 745] close(28) = -1 EBADF (Bad file descriptor) [pid 745] close(29) = -1 EBADF (Bad file descriptor) [pid 745] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 745] exit_group(0) = ? [pid 745] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./59/binderfs", [pid 747] <... write resumed>) = 6 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./59/binderfs") = 0 [pid 376] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./59/cgroup") = 0 [pid 376] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./59/cgroup.net") = 0 [pid 747] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 376] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 747] <... openat resumed>) = 5 [ 201.028300][ T745] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [ 201.038707][ T745] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 201.060550][ T738] FAULT_INJECTION: forcing a failure. [ 201.060550][ T738] name failslab, interval 1, probability 0, space 0, times 0 [ 201.073247][ T738] CPU: 1 PID: 738 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 201.084869][ T738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.094909][ T738] Call Trace: [ 201.098189][ T738] dump_stack_lvl+0x1e2/0x24b [ 201.102849][ T738] ? bfq_pos_tree_add_move+0x43e/0x43e [ 201.108299][ T738] ? selinux_kernfs_init_security+0x1a8/0x760 [ 201.114343][ T738] dump_stack+0x15/0x17 [ 201.118502][ T738] should_fail+0x3c0/0x510 [ 201.122902][ T738] ? __kernfs_new_node+0x99/0x6e0 [ 201.127904][ T738] __should_failslab+0x9f/0xe0 [ 201.132652][ T738] should_failslab+0x9/0x20 [ 201.137144][ T738] __kmalloc_track_caller+0x5f/0x350 [ 201.142409][ T738] kstrdup_const+0x55/0x90 [ 201.146800][ T738] __kernfs_new_node+0x99/0x6e0 [ 201.151621][ T738] ? is_module_text_address+0xe1/0x140 [ 201.157054][ T738] ? kernfs_new_node+0x170/0x170 [ 201.161968][ T738] ? ptr_to_hashval+0x60/0x60 [ 201.166618][ T738] ? arch_stack_walk+0xf8/0x140 [ 201.171447][ T738] ? snprintf+0xd6/0x120 [ 201.175671][ T738] kernfs_new_node+0x97/0x170 [ 201.180324][ T738] __kernfs_create_file+0x4a/0x270 [ 201.185410][ T738] cgroup_addrm_files+0xab8/0xfe0 [ 201.190406][ T738] ? ____kasan_kmalloc+0xdc/0x110 [ 201.195401][ T738] ? __kasan_kmalloc+0x9/0x10 [ 201.200054][ T738] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 201.205577][ T738] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 201.211705][ T738] ? delete_node+0x759/0x7b0 [ 201.216267][ T738] ? __kasan_check_read+0x11/0x20 [ 201.221262][ T738] ? delete_node+0x759/0x7b0 [ 201.225822][ T738] ? __kasan_check_write+0x14/0x20 [ 201.230913][ T738] ? idr_replace+0x1c4/0x230 [ 201.235480][ T738] ? idr_get_next+0x4b0/0x4b0 [ 201.240128][ T738] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 201.245132][ T738] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 201.250304][ T738] css_populate_dir+0x137/0x370 [ 201.255138][ T738] cgroup_apply_control_enable+0x8b9/0x12f0 [ 201.261015][ T738] cgroup_apply_control+0x93/0x710 [ 201.266119][ T738] ? css_next_child+0x160/0x160 [ 201.270943][ T738] ? stack_trace_save+0x12d/0x1f0 [ 201.275956][ T738] ? io_schedule+0x120/0x120 [ 201.280518][ T738] ? kernfs_fop_write_iter+0x15e/0x410 [ 201.285959][ T738] ? __kasan_check_write+0x14/0x20 [ 201.291059][ T738] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 201.296334][ T738] cgroup_subtree_control_write+0xd19/0x1310 [ 201.302297][ T738] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 201.308258][ T738] ? __kasan_check_write+0x14/0x20 [ 201.313344][ T738] ? _copy_from_iter+0x3fb/0xd60 [ 201.318266][ T738] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 201.324230][ T738] cgroup_file_write+0x28e/0x590 [ 201.329139][ T738] ? cgroup_seqfile_stop+0xc0/0xc0 [ 201.334225][ T738] ? mutex_lock+0xa6/0x110 [ 201.338613][ T738] ? mutex_trylock+0xb0/0xb0 [ 201.343178][ T738] ? __kasan_check_write+0x14/0x20 [ 201.348261][ T738] kernfs_fop_write_iter+0x2d0/0x410 [ 201.353519][ T738] ? cgroup_seqfile_stop+0xc0/0xc0 [ 201.358603][ T738] vfs_write+0xc1c/0xf40 [ 201.362817][ T738] ? __kasan_check_write+0x14/0x20 [ 201.367900][ T738] ? kernel_write+0x3c0/0x3c0 [ 201.372546][ T738] ? _raw_spin_unlock_irq+0x4e/0x70 [ 201.377722][ T738] ? ptrace_stop+0x6ff/0x9f0 [ 201.382284][ T738] ? __kasan_check_read+0x11/0x20 [ 201.387285][ T738] ? __fdget_pos+0x27e/0x310 [ 201.391846][ T738] ksys_write+0x198/0x2c0 [ 201.396150][ T738] ? do_notify_parent+0xa60/0xa60 [ 201.401163][ T738] ? __ia32_sys_read+0x90/0x90 [ 201.405897][ T738] ? __ia32_sys_open+0x270/0x270 [ 201.410813][ T738] __x64_sys_write+0x7b/0x90 [ 201.415384][ T738] do_syscall_64+0x34/0x70 [ 201.419782][ T738] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 201.425654][ T738] RIP: 0033:0x7fc8ece62c09 [ 201.430051][ T738] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.449639][ T738] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.458031][ T738] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 201.465976][ T738] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 201.473934][ T738] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [pid 747] write(5, "22", 2) = 2 [pid 747] write(4, "+pids ", 6 [pid 376] <... umount2 resumed>) = 0 [pid 376] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./59/file0") = 0 [pid 376] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./59/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./59") = 0 [pid 376] mkdir("./60", 0777 [pid 738] <... write resumed>) = ? [pid 376] <... mkdir resumed>) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 749 attached [pid 738] +++ killed by SIGKILL +++ [pid 749] chdir("./60" [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=64, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 62 [pid 749] <... chdir resumed>) = 0 [pid 382] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW [pid 749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 749] setpgid(0, 0) = 0 [pid 749] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 749] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 749] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 749] write(3, "1000", 4) = 4 [pid 749] close(3) = 0 [pid 749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 749] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 749] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 749] open("./file0", O_RDONLY) = 3 [pid 749] openat(3, "cgroup.subtree_control", O_RDWR [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 749] <... openat resumed>) = 4 [pid 749] write(4, "-pids ", 6 [pid 382] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./62/binderfs") = 0 [pid 382] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./62/cgroup") = 0 [pid 382] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./62/cgroup.net") = 0 [pid 382] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./62/file0") = 0 [pid 382] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./62/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./62") = 0 [pid 382] mkdir("./63", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 65 ./strace-static-x86_64: Process 750 attached [pid 750] chdir("./63") = 0 [pid 750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 750] setpgid(0, 0) = 0 [pid 750] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 750] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 750] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 750] write(3, "1000", 4) = 4 [pid 750] close(3) = 0 [pid 750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 750] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 750] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 750] open("./file0", O_RDONLY) = 3 [pid 750] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 201.481886][ T738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 201.489831][ T738] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003e [ 201.498517][ T738] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 201.521271][ T747] FAULT_INJECTION: forcing a failure. [pid 750] write(4, "-pids ", 6 [pid 749] <... write resumed>) = 6 [pid 749] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 749] write(5, "22", 2) = 2 [ 201.521271][ T747] name failslab, interval 1, probability 0, space 0, times 0 [ 201.534824][ T747] CPU: 0 PID: 747 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 201.546438][ T747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.556469][ T747] Call Trace: [ 201.559743][ T747] dump_stack_lvl+0x1e2/0x24b [ 201.564399][ T747] ? bfq_pos_tree_add_move+0x43e/0x43e [ 201.569834][ T747] ? selinux_kernfs_init_security+0x1a8/0x760 [ 201.575876][ T747] dump_stack+0x15/0x17 [ 201.580008][ T747] should_fail+0x3c0/0x510 [ 201.584399][ T747] ? __kernfs_new_node+0x99/0x6e0 [ 201.589400][ T747] __should_failslab+0x9f/0xe0 [ 201.594143][ T747] should_failslab+0x9/0x20 [ 201.598625][ T747] __kmalloc_track_caller+0x5f/0x350 [ 201.603888][ T747] kstrdup_const+0x55/0x90 [ 201.608281][ T747] __kernfs_new_node+0x99/0x6e0 [ 201.613106][ T747] ? is_module_text_address+0xe1/0x140 [ 201.618542][ T747] ? kernfs_new_node+0x170/0x170 [ 201.623455][ T747] ? ptr_to_hashval+0x60/0x60 [ 201.628105][ T747] ? arch_stack_walk+0xf8/0x140 [ 201.632950][ T747] ? snprintf+0xd6/0x120 [ 201.637167][ T747] kernfs_new_node+0x97/0x170 [ 201.641818][ T747] __kernfs_create_file+0x4a/0x270 [ 201.646903][ T747] cgroup_addrm_files+0xab8/0xfe0 [ 201.651900][ T747] ? ____kasan_kmalloc+0xdc/0x110 [ 201.656897][ T747] ? __kasan_kmalloc+0x9/0x10 [ 201.661547][ T747] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 201.667069][ T747] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 201.673195][ T747] ? delete_node+0x759/0x7b0 [ 201.677761][ T747] ? __kasan_check_read+0x11/0x20 [ 201.682760][ T747] ? delete_node+0x759/0x7b0 [ 201.687324][ T747] ? __kasan_check_write+0x14/0x20 [ 201.692423][ T747] ? idr_replace+0x1c4/0x230 [ 201.696986][ T747] ? idr_get_next+0x4b0/0x4b0 [ 201.701642][ T747] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 201.706642][ T747] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 201.711818][ T747] css_populate_dir+0x137/0x370 [ 201.716644][ T747] cgroup_apply_control_enable+0x8b9/0x12f0 [ 201.722512][ T747] cgroup_apply_control+0x93/0x710 [ 201.727598][ T747] ? css_next_child+0x160/0x160 [ 201.732423][ T747] ? io_schedule+0x120/0x120 [ 201.736988][ T747] ? kernfs_fop_write_iter+0x15e/0x410 [ 201.742424][ T747] ? __kasan_check_write+0x14/0x20 [ 201.747509][ T747] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 201.752771][ T747] cgroup_subtree_control_write+0xd19/0x1310 [ 201.758726][ T747] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 201.764679][ T747] ? __kasan_check_write+0x14/0x20 [ 201.769765][ T747] ? _copy_from_iter+0x3fb/0xd60 [ 201.774697][ T747] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 201.780649][ T747] cgroup_file_write+0x28e/0x590 [ 201.785564][ T747] ? cgroup_seqfile_stop+0xc0/0xc0 [ 201.790649][ T747] ? mutex_lock+0xa6/0x110 [ 201.795041][ T747] ? mutex_trylock+0xb0/0xb0 [ 201.799603][ T747] ? __kasan_check_write+0x14/0x20 [ 201.804690][ T747] kernfs_fop_write_iter+0x2d0/0x410 [ 201.809948][ T747] ? cgroup_seqfile_stop+0xc0/0xc0 [ 201.815036][ T747] vfs_write+0xc1c/0xf40 [ 201.819256][ T747] ? __kasan_check_write+0x14/0x20 [ 201.824341][ T747] ? kernel_write+0x3c0/0x3c0 [ 201.829001][ T747] ? _raw_spin_unlock_irq+0x4e/0x70 [ 201.834178][ T747] ? ptrace_stop+0x6ff/0x9f0 [ 201.838743][ T747] ? __kasan_check_read+0x11/0x20 [ 201.843739][ T747] ? __fdget_pos+0x27e/0x310 [ 201.848310][ T747] ksys_write+0x198/0x2c0 [ 201.852617][ T747] ? do_notify_parent+0xa60/0xa60 [ 201.857617][ T747] ? __ia32_sys_read+0x90/0x90 [ 201.862358][ T747] ? __ia32_sys_open+0x270/0x270 [ 201.867273][ T747] __x64_sys_write+0x7b/0x90 [ 201.871845][ T747] do_syscall_64+0x34/0x70 [ 201.876239][ T747] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 201.882110][ T747] RIP: 0033:0x7fc8ece62c09 [ 201.886504][ T747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 201.906082][ T747] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.914481][ T747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 201.922430][ T747] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [pid 749] write(4, "+pids ", 6 [pid 747] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 747] close(3) = 0 [pid 747] close(4) = 0 [pid 747] close(5) = 0 [pid 747] close(6) = -1 EBADF (Bad file descriptor) [pid 747] close(7) = -1 EBADF (Bad file descriptor) [pid 747] close(8) = -1 EBADF (Bad file descriptor) [pid 747] close(9) = -1 EBADF (Bad file descriptor) [pid 747] close(10) = -1 EBADF (Bad file descriptor) [pid 747] close(11) = -1 EBADF (Bad file descriptor) [pid 747] close(12) = -1 EBADF (Bad file descriptor) [pid 747] close(13) = -1 EBADF (Bad file descriptor) [pid 747] close(14) = -1 EBADF (Bad file descriptor) [pid 747] close(15) = -1 EBADF (Bad file descriptor) [pid 747] close(16) = -1 EBADF (Bad file descriptor) [pid 747] close(17) = -1 EBADF (Bad file descriptor) [pid 747] close(18) = -1 EBADF (Bad file descriptor) [pid 747] close(19) = -1 EBADF (Bad file descriptor) [pid 747] close(20) = -1 EBADF (Bad file descriptor) [pid 747] close(21) = -1 EBADF (Bad file descriptor) [pid 747] close(22) = -1 EBADF (Bad file descriptor) [pid 747] close(23) = -1 EBADF (Bad file descriptor) [pid 747] close(24) = -1 EBADF (Bad file descriptor) [pid 747] close(25) = -1 EBADF (Bad file descriptor) [pid 747] close(26) = -1 EBADF (Bad file descriptor) [pid 747] close(27) = -1 EBADF (Bad file descriptor) [pid 747] close(28) = -1 EBADF (Bad file descriptor) [pid 747] close(29) = -1 EBADF (Bad file descriptor) [pid 747] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 747] exit_group(0) = ? [pid 747] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=55, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./53/binderfs") = 0 [pid 383] umount2("./53/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./53/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./53/cgroup") = 0 [pid 383] umount2("./53/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./53/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./53/cgroup.net") = 0 [pid 383] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./53/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./53/file0") = 0 [pid 383] umount2("./53/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./53/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./53/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./53") = 0 [pid 383] mkdir("./54", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 751 attached , child_tidptr=0x555556fab5d0) = 56 [pid 751] chdir("./54") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 751] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 751] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 751] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 751] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 751] open("./file0", O_RDONLY) = 3 [pid 751] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 751] write(4, "-pids ", 6 [pid 750] <... write resumed>) = 6 [pid 750] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 201.930377][ T747] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 201.938327][ T747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 201.946276][ T747] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000035 [ 201.955755][ T747] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 750] write(5, "22", 2) = 2 [ 201.990474][ T749] FAULT_INJECTION: forcing a failure. [ 201.990474][ T749] name failslab, interval 1, probability 0, space 0, times 0 [ 202.003176][ T749] CPU: 0 PID: 749 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 202.014783][ T749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.024828][ T749] Call Trace: [ 202.028130][ T749] dump_stack_lvl+0x1e2/0x24b [ 202.032798][ T749] ? bfq_pos_tree_add_move+0x43e/0x43e [ 202.038249][ T749] ? selinux_kernfs_init_security+0x1a8/0x760 [ 202.044305][ T749] dump_stack+0x15/0x17 [ 202.048454][ T749] should_fail+0x3c0/0x510 [ 202.052852][ T749] ? __kernfs_new_node+0x99/0x6e0 [ 202.057848][ T749] __should_failslab+0x9f/0xe0 [ 202.062595][ T749] should_failslab+0x9/0x20 [ 202.067080][ T749] __kmalloc_track_caller+0x5f/0x350 [ 202.072353][ T749] kstrdup_const+0x55/0x90 [ 202.076753][ T749] __kernfs_new_node+0x99/0x6e0 [ 202.081593][ T749] ? is_module_text_address+0xe1/0x140 [ 202.087042][ T749] ? kernfs_new_node+0x170/0x170 [ 202.091965][ T749] ? ptr_to_hashval+0x60/0x60 [ 202.096615][ T749] ? arch_stack_walk+0xf8/0x140 [ 202.101437][ T749] ? snprintf+0xd6/0x120 [ 202.105649][ T749] kernfs_new_node+0x97/0x170 [ 202.110304][ T749] __kernfs_create_file+0x4a/0x270 [ 202.115403][ T749] cgroup_addrm_files+0xab8/0xfe0 [ 202.120415][ T749] ? ____kasan_kmalloc+0xdc/0x110 [ 202.125426][ T749] ? __kasan_kmalloc+0x9/0x10 [ 202.130089][ T749] ? kmem_cache_alloc_trace+0x1dd/0x330 [pid 750] write(4, "+pids ", 6 [pid 375] kill(-66, SIGKILL) = 0 [pid 375] kill(66, SIGKILL) = 0 [ 202.135608][ T749] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 202.141740][ T749] ? delete_node+0x759/0x7b0 [ 202.146314][ T749] ? __kasan_check_read+0x11/0x20 [ 202.151317][ T749] ? delete_node+0x759/0x7b0 [ 202.155895][ T749] ? __kasan_check_write+0x14/0x20 [ 202.160996][ T749] ? idr_replace+0x1c4/0x230 [ 202.165568][ T749] ? idr_get_next+0x4b0/0x4b0 [ 202.170218][ T749] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 202.175214][ T749] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 202.180393][ T749] css_populate_dir+0x137/0x370 [ 202.185240][ T749] cgroup_apply_control_enable+0x8b9/0x12f0 [ 202.191121][ T749] cgroup_apply_control+0x93/0x710 [ 202.196211][ T749] ? css_next_child+0x160/0x160 [ 202.201038][ T749] ? stack_trace_save+0x12d/0x1f0 [ 202.206059][ T749] ? io_schedule+0x120/0x120 [ 202.210628][ T749] ? kernfs_fop_write_iter+0x15e/0x410 [ 202.216059][ T749] ? __kasan_check_write+0x14/0x20 [ 202.221146][ T749] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 202.226408][ T749] cgroup_subtree_control_write+0xd19/0x1310 [ 202.232365][ T749] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 202.238316][ T749] ? __kasan_check_write+0x14/0x20 [ 202.243398][ T749] ? _copy_from_iter+0x3fb/0xd60 [ 202.248315][ T749] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 202.254280][ T749] cgroup_file_write+0x28e/0x590 [ 202.259198][ T749] ? cgroup_seqfile_stop+0xc0/0xc0 [ 202.264281][ T749] ? mutex_lock+0xa6/0x110 [ 202.268679][ T749] ? mutex_trylock+0xb0/0xb0 [ 202.273249][ T749] ? __kasan_check_write+0x14/0x20 [ 202.278350][ T749] kernfs_fop_write_iter+0x2d0/0x410 [ 202.283608][ T749] ? cgroup_seqfile_stop+0xc0/0xc0 [pid 375] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [ 202.288699][ T749] vfs_write+0xc1c/0xf40 [ 202.292931][ T749] ? __kasan_check_write+0x14/0x20 [ 202.298042][ T749] ? kernel_write+0x3c0/0x3c0 [ 202.302693][ T749] ? _raw_spin_unlock_irq+0x4e/0x70 [ 202.307874][ T749] ? ptrace_stop+0x6ff/0x9f0 [ 202.312459][ T749] ? __kasan_check_read+0x11/0x20 [ 202.317472][ T749] ? __fdget_pos+0x27e/0x310 [ 202.322058][ T749] ksys_write+0x198/0x2c0 [ 202.326378][ T749] ? do_notify_parent+0xa60/0xa60 [ 202.331384][ T749] ? __ia32_sys_read+0x90/0x90 [ 202.336128][ T749] ? __ia32_sys_open+0x270/0x270 [ 202.341060][ T749] __x64_sys_write+0x7b/0x90 [ 202.345621][ T749] do_syscall_64+0x34/0x70 [ 202.350023][ T749] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 202.355906][ T749] RIP: 0033:0x7fc8ece62c09 [ 202.360301][ T749] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.379884][ T749] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 749] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 749] close(3) = 0 [pid 749] close(4) = 0 [pid 749] close(5) = 0 [pid 749] close(6) = -1 EBADF (Bad file descriptor) [pid 749] close(7) = -1 EBADF (Bad file descriptor) [pid 749] close(8) = -1 EBADF (Bad file descriptor) [pid 749] close(9) = -1 EBADF (Bad file descriptor) [pid 749] close(10) = -1 EBADF (Bad file descriptor) [pid 749] close(11) = -1 EBADF (Bad file descriptor) [pid 749] close(12) = -1 EBADF (Bad file descriptor) [pid 749] close(13) = -1 EBADF (Bad file descriptor) [pid 749] close(14) = -1 EBADF (Bad file descriptor) [pid 749] close(15) = -1 EBADF (Bad file descriptor) [pid 749] close(16) = -1 EBADF (Bad file descriptor) [pid 749] close(17) = -1 EBADF (Bad file descriptor) [pid 749] close(18) = -1 EBADF (Bad file descriptor) [pid 749] close(19) = -1 EBADF (Bad file descriptor) [pid 749] close(20) = -1 EBADF (Bad file descriptor) [pid 749] close(21) = -1 EBADF (Bad file descriptor) [pid 749] close(22) = -1 EBADF (Bad file descriptor) [pid 749] close(23) = -1 EBADF (Bad file descriptor) [pid 749] close(24) = -1 EBADF (Bad file descriptor) [pid 749] close(25) = -1 EBADF (Bad file descriptor) [pid 749] close(26) = -1 EBADF (Bad file descriptor) [pid 749] close(27) = -1 EBADF (Bad file descriptor) [pid 749] close(28) = -1 EBADF (Bad file descriptor) [pid 749] close(29) = -1 EBADF (Bad file descriptor) [pid 749] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 749] exit_group(0) = ? [pid 749] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./60/binderfs") = 0 [pid 376] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./60/cgroup") = 0 [pid 376] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./60/cgroup.net") = 0 [pid 376] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./60/file0") = 0 [pid 376] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./60/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [ 202.388286][ T749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 202.396241][ T749] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 202.404185][ T749] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 202.412134][ T749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 202.420090][ T749] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003c [ 202.428217][ T749] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 376] rmdir("./60" [pid 751] <... write resumed>) = 6 [pid 748] <... write resumed>) = 6 [pid 746] <... write resumed>) = 6 [pid 376] <... rmdir resumed>) = 0 [pid 376] mkdir("./61", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 752 attached [pid 752] chdir("./61" [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 63 [pid 752] <... chdir resumed>) = 0 [pid 752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 752] setpgid(0, 0) = 0 [pid 752] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 752] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 752] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 752] write(3, "1000", 4) = 4 [pid 752] close(3) = 0 [pid 752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 752] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 752] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 751] write(5, "22", 2) = 2 [pid 751] write(4, "+pids ", 6 [pid 748] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 748] write(5, "22", 2) = 2 [pid 748] write(4, "+pids ", 6 [pid 746] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 746] write(5, "22", 2) = 2 [ 202.460593][ T750] FAULT_INJECTION: forcing a failure. [ 202.460593][ T750] name failslab, interval 1, probability 0, space 0, times 0 [ 202.473341][ T750] CPU: 0 PID: 750 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 202.484945][ T750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.494989][ T750] Call Trace: [ 202.498257][ T750] dump_stack_lvl+0x1e2/0x24b [ 202.502907][ T750] ? bfq_pos_tree_add_move+0x43e/0x43e [ 202.508341][ T750] ? selinux_kernfs_init_security+0x1a8/0x760 [ 202.514389][ T750] dump_stack+0x15/0x17 [ 202.518534][ T750] should_fail+0x3c0/0x510 [ 202.522947][ T750] ? __kernfs_new_node+0x99/0x6e0 [ 202.527954][ T750] __should_failslab+0x9f/0xe0 [ 202.532701][ T750] should_failslab+0x9/0x20 [ 202.537191][ T750] __kmalloc_track_caller+0x5f/0x350 [ 202.542469][ T750] kstrdup_const+0x55/0x90 [ 202.546879][ T750] __kernfs_new_node+0x99/0x6e0 [ 202.551712][ T750] ? is_module_text_address+0xe1/0x140 [ 202.557141][ T750] ? kernfs_new_node+0x170/0x170 [ 202.562053][ T750] ? ptr_to_hashval+0x60/0x60 [ 202.566709][ T750] ? arch_stack_walk+0xf8/0x140 [ 202.571542][ T750] ? snprintf+0xd6/0x120 [ 202.575758][ T750] kernfs_new_node+0x97/0x170 [ 202.580415][ T750] __kernfs_create_file+0x4a/0x270 [ 202.585507][ T750] cgroup_addrm_files+0xab8/0xfe0 [ 202.590512][ T750] ? ____kasan_kmalloc+0xdc/0x110 [ 202.595517][ T750] ? __kasan_kmalloc+0x9/0x10 [ 202.600183][ T750] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 202.605708][ T750] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 202.611832][ T750] ? delete_node+0x759/0x7b0 [ 202.616394][ T750] ? __kasan_check_read+0x11/0x20 [ 202.621401][ T750] ? delete_node+0x759/0x7b0 [ 202.625973][ T750] ? __kasan_check_write+0x14/0x20 [ 202.631066][ T750] ? idr_replace+0x1c4/0x230 [ 202.635637][ T750] ? idr_get_next+0x4b0/0x4b0 [ 202.640288][ T750] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 202.645290][ T750] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 202.650472][ T750] css_populate_dir+0x137/0x370 [ 202.655296][ T750] cgroup_apply_control_enable+0x8b9/0x12f0 [ 202.661158][ T750] cgroup_apply_control+0x93/0x710 [ 202.666253][ T750] ? css_next_child+0x160/0x160 [ 202.671081][ T750] ? stack_trace_save+0x12d/0x1f0 [ 202.676082][ T750] ? io_schedule+0x120/0x120 [ 202.680651][ T750] ? kernfs_fop_write_iter+0x15e/0x410 [ 202.686083][ T750] ? __kasan_check_write+0x14/0x20 [ 202.691176][ T750] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 202.696441][ T750] cgroup_subtree_control_write+0xd19/0x1310 [ 202.702402][ T750] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 202.708362][ T750] ? __kasan_check_write+0x14/0x20 [ 202.713455][ T750] ? _copy_from_iter+0x3fb/0xd60 [ 202.718376][ T750] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 202.724328][ T750] cgroup_file_write+0x28e/0x590 [ 202.729236][ T750] ? cgroup_seqfile_stop+0xc0/0xc0 [ 202.734326][ T750] ? mutex_lock+0xa6/0x110 [ 202.738730][ T750] ? mutex_trylock+0xb0/0xb0 [ 202.743306][ T750] ? __kasan_check_write+0x14/0x20 [ 202.748411][ T750] kernfs_fop_write_iter+0x2d0/0x410 [ 202.753683][ T750] ? cgroup_seqfile_stop+0xc0/0xc0 [ 202.758770][ T750] vfs_write+0xc1c/0xf40 [ 202.762992][ T750] ? __kasan_check_write+0x14/0x20 [ 202.768096][ T750] ? kernel_write+0x3c0/0x3c0 [ 202.772755][ T750] ? _raw_spin_unlock_irq+0x4e/0x70 [ 202.777933][ T750] ? ptrace_stop+0x6ff/0x9f0 [ 202.782514][ T750] ? __kasan_check_read+0x11/0x20 [ 202.787518][ T750] ? __fdget_pos+0x27e/0x310 [ 202.792087][ T750] ksys_write+0x198/0x2c0 [ 202.796412][ T750] ? do_notify_parent+0xa60/0xa60 [ 202.801417][ T750] ? __ia32_sys_read+0x90/0x90 [ 202.806162][ T750] __x64_sys_write+0x7b/0x90 [ 202.810736][ T750] do_syscall_64+0x34/0x70 [ 202.815129][ T750] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 202.821003][ T750] RIP: 0033:0x7fc8ece62c09 [ 202.825397][ T750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 202.844976][ T750] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 202.853366][ T750] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 746] write(4, "+pids ", 6 [pid 752] <... mount resumed>) = 0 [pid 750] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 752] open("./file0", O_RDONLY) = 3 [pid 752] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 752] write(4, "-pids ", 6 [pid 750] close(3) = 0 [pid 750] close(4) = 0 [pid 750] close(5) = 0 [pid 750] close(6) = -1 EBADF (Bad file descriptor) [pid 750] close(7) = -1 EBADF (Bad file descriptor) [pid 750] close(8) = -1 EBADF (Bad file descriptor) [pid 750] close(9) = -1 EBADF (Bad file descriptor) [pid 750] close(10) = -1 EBADF (Bad file descriptor) [pid 750] close(11) = -1 EBADF (Bad file descriptor) [pid 750] close(12) = -1 EBADF (Bad file descriptor) [pid 750] close(13) = -1 EBADF (Bad file descriptor) [pid 750] close(14) = -1 EBADF (Bad file descriptor) [pid 750] close(15) = -1 EBADF (Bad file descriptor) [pid 750] close(16) = -1 EBADF (Bad file descriptor) [pid 750] close(17) = -1 EBADF (Bad file descriptor) [pid 750] close(18) = -1 EBADF (Bad file descriptor) [pid 750] close(19) = -1 EBADF (Bad file descriptor) [pid 750] close(20) = -1 EBADF (Bad file descriptor) [pid 750] close(21) = -1 EBADF (Bad file descriptor) [pid 750] close(22) = -1 EBADF (Bad file descriptor) [pid 750] close(23) = -1 EBADF (Bad file descriptor) [pid 750] close(24) = -1 EBADF (Bad file descriptor) [pid 750] close(25) = -1 EBADF (Bad file descriptor) [pid 750] close(26) = -1 EBADF (Bad file descriptor) [pid 750] close(27) = -1 EBADF (Bad file descriptor) [pid 750] close(28) = -1 EBADF (Bad file descriptor) [pid 750] close(29) = -1 EBADF (Bad file descriptor) [pid 750] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 750] exit_group(0) = ? [pid 750] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./63/binderfs") = 0 [pid 382] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./63/cgroup") = 0 [pid 382] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./63/cgroup.net") = 0 [ 202.861311][ T750] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 202.869261][ T750] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 202.877217][ T750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 202.885161][ T750] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003f [ 202.893306][ T750] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 382] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./63/file0") = 0 [pid 382] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./63/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./63") = 0 [pid 382] mkdir("./64", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 66 [ 202.921101][ T746] FAULT_INJECTION: forcing a failure. [ 202.921101][ T746] name failslab, interval 1, probability 0, space 0, times 0 [ 202.933912][ T746] CPU: 0 PID: 746 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 202.945527][ T746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.955570][ T746] Call Trace: [ 202.958847][ T746] dump_stack_lvl+0x1e2/0x24b [ 202.963496][ T746] ? panic+0x7d7/0x7d7 [ 202.967537][ T746] ? bfq_pos_tree_add_move+0x43e/0x43e [ 202.972976][ T746] ? find_next_bit+0xd6/0x120 [ 202.977639][ T746] ? cpumask_next+0x11/0x30 [ 202.982122][ T746] dump_stack+0x15/0x17 [ 202.986248][ T746] should_fail+0x3c0/0x510 [ 202.990641][ T746] ? percpu_ref_init+0xd0/0x330 [ 202.995470][ T746] __should_failslab+0x9f/0xe0 [ 203.000210][ T746] should_failslab+0x9/0x20 [ 203.004689][ T746] kmem_cache_alloc_trace+0x3a/0x330 [ 203.009952][ T746] percpu_ref_init+0xd0/0x330 [ 203.014603][ T746] ? cgroup_setup_root+0xea0/0xea0 [ 203.019692][ T746] cgroup_apply_control_enable+0x3a2/0x12f0 [ 203.025561][ T746] cgroup_apply_control+0x93/0x710 [ 203.030646][ T746] ? css_next_child+0x160/0x160 [ 203.035470][ T746] ? stack_trace_save+0x12d/0x1f0 [ 203.040471][ T746] ? io_schedule+0x120/0x120 [ 203.045035][ T746] ? kernfs_fop_write_iter+0x15e/0x410 [ 203.050468][ T746] ? __kasan_check_write+0x14/0x20 [ 203.055556][ T746] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 203.060815][ T746] cgroup_subtree_control_write+0xd19/0x1310 [ 203.066769][ T746] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 203.072723][ T746] ? __kasan_check_write+0x14/0x20 [ 203.077809][ T746] ? _copy_from_iter+0x3fb/0xd60 [ 203.082722][ T746] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 203.088674][ T746] cgroup_file_write+0x28e/0x590 [ 203.093585][ T746] ? cgroup_seqfile_stop+0xc0/0xc0 [ 203.098669][ T746] ? mutex_lock+0xa6/0x110 [ 203.103060][ T746] ? mutex_trylock+0xb0/0xb0 [ 203.107625][ T746] ? __kasan_check_write+0x14/0x20 [ 203.112709][ T746] kernfs_fop_write_iter+0x2d0/0x410 [ 203.117967][ T746] ? cgroup_seqfile_stop+0xc0/0xc0 [ 203.123072][ T746] vfs_write+0xc1c/0xf40 [ 203.127288][ T746] ? __kasan_check_write+0x14/0x20 [ 203.132376][ T746] ? kernel_write+0x3c0/0x3c0 [ 203.137027][ T746] ? _raw_spin_unlock_irq+0x4e/0x70 [ 203.142199][ T746] ? ptrace_stop+0x6ff/0x9f0 [ 203.146762][ T746] ? __kasan_check_read+0x11/0x20 [ 203.151760][ T746] ? __fdget_pos+0x27e/0x310 [ 203.156322][ T746] ksys_write+0x198/0x2c0 [ 203.160628][ T746] ? do_notify_parent+0xa60/0xa60 [ 203.165627][ T746] ? __ia32_sys_read+0x90/0x90 [ 203.170364][ T746] ? __ia32_sys_open+0x270/0x270 [ 203.175275][ T746] __x64_sys_write+0x7b/0x90 [ 203.179840][ T746] do_syscall_64+0x34/0x70 [ 203.184239][ T746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 203.190280][ T746] RIP: 0033:0x7fc8ece62c09 [ 203.194671][ T746] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 203.214249][ T746] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 ./strace-static-x86_64: Process 753 attached [pid 746] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 753] chdir("./64" [pid 746] close(3 [pid 753] <... chdir resumed>) = 0 [pid 746] <... close resumed>) = 0 [pid 753] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 746] close(4 [pid 753] <... prctl resumed>) = 0 [pid 746] <... close resumed>) = 0 [pid 753] setpgid(0, 0) = 0 [pid 746] close(5 [pid 753] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 746] <... close resumed>) = 0 [pid 753] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 746] close(6 [pid 753] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 746] close(7 [pid 753] <... openat resumed>) = 3 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] write(3, "1000", 4 [pid 746] close(8 [pid 753] <... write resumed>) = 4 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] close(3) = 0 [pid 746] close(9 [pid 753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 746] close(10 [pid 753] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] open("./file0", O_RDONLY) = 3 [pid 746] close(11 [pid 753] openat(3, "cgroup.subtree_control", O_RDWR [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 753] <... openat resumed>) = 4 [pid 746] close(12 [pid 753] write(4, "-pids ", 6 [pid 746] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 746] close(13) = -1 EBADF (Bad file descriptor) [pid 746] close(14) = -1 EBADF (Bad file descriptor) [pid 746] close(15) = -1 EBADF (Bad file descriptor) [pid 746] close(16) = -1 EBADF (Bad file descriptor) [pid 746] close(17) = -1 EBADF (Bad file descriptor) [pid 746] close(18) = -1 EBADF (Bad file descriptor) [pid 746] close(19) = -1 EBADF (Bad file descriptor) [pid 746] close(20) = -1 EBADF (Bad file descriptor) [pid 746] close(21) = -1 EBADF (Bad file descriptor) [pid 746] close(22) = -1 EBADF (Bad file descriptor) [pid 746] close(23) = -1 EBADF (Bad file descriptor) [pid 746] close(24) = -1 EBADF (Bad file descriptor) [pid 746] close(25) = -1 EBADF (Bad file descriptor) [pid 746] close(26) = -1 EBADF (Bad file descriptor) [pid 746] close(27) = -1 EBADF (Bad file descriptor) [pid 746] close(28) = -1 EBADF (Bad file descriptor) [pid 746] close(29) = -1 EBADF (Bad file descriptor) [pid 746] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 746] exit_group(0) = ? [pid 746] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./58/binderfs") = 0 [pid 380] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./58/cgroup") = 0 [pid 380] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./58/cgroup.net") = 0 [pid 380] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./58/file0") = 0 [pid 380] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./58/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./58") = 0 [pid 380] mkdir("./59", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 754 attached , child_tidptr=0x555556fab5d0) = 61 [pid 754] chdir("./59") = 0 [pid 754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 754] setpgid(0, 0) = 0 [pid 754] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 754] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 754] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 754] write(3, "1000", 4) = 4 [pid 754] close(3) = 0 [pid 754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 754] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 203.222636][ T746] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 203.230582][ T746] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 203.238530][ T746] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 203.246476][ T746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 203.254436][ T746] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [pid 754] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 203.280416][ T743] FAULT_INJECTION: forcing a failure. [ 203.280416][ T743] name failslab, interval 1, probability 0, space 0, times 0 [ 203.293244][ T743] CPU: 1 PID: 743 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 203.304863][ T743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.315060][ T743] Call Trace: [ 203.318336][ T743] dump_stack_lvl+0x1e2/0x24b [ 203.323025][ T743] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 754] open("./file0", O_RDONLY) = 3 [pid 754] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 203.328468][ T743] ? selinux_kernfs_init_security+0x1a8/0x760 [ 203.334506][ T743] dump_stack+0x15/0x17 [ 203.338635][ T743] should_fail+0x3c0/0x510 [ 203.343025][ T743] ? __kernfs_new_node+0x99/0x6e0 [ 203.348038][ T743] __should_failslab+0x9f/0xe0 [ 203.352784][ T743] should_failslab+0x9/0x20 [ 203.357259][ T743] __kmalloc_track_caller+0x5f/0x350 [ 203.362516][ T743] kstrdup_const+0x55/0x90 [ 203.366904][ T743] __kernfs_new_node+0x99/0x6e0 [ 203.371726][ T743] ? is_module_text_address+0xe1/0x140 [ 203.377156][ T743] ? kernfs_new_node+0x170/0x170 [ 203.382066][ T743] ? ptr_to_hashval+0x60/0x60 [ 203.386723][ T743] ? arch_stack_walk+0xf8/0x140 [ 203.391555][ T743] ? snprintf+0xd6/0x120 [ 203.395769][ T743] kernfs_new_node+0x97/0x170 [ 203.400425][ T743] __kernfs_create_file+0x4a/0x270 [ 203.405517][ T743] cgroup_addrm_files+0xab8/0xfe0 [ 203.410511][ T743] ? ____kasan_kmalloc+0xdc/0x110 [ 203.415503][ T743] ? __kasan_kmalloc+0x9/0x10 [ 203.420163][ T743] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 203.425694][ T743] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 203.431840][ T743] ? delete_node+0x759/0x7b0 [ 203.436413][ T743] ? __kasan_check_read+0x11/0x20 [ 203.441415][ T743] ? delete_node+0x759/0x7b0 [ 203.446058][ T743] ? __kasan_check_write+0x14/0x20 [ 203.451159][ T743] ? idr_replace+0x1c4/0x230 [ 203.455744][ T743] ? idr_get_next+0x4b0/0x4b0 [ 203.460408][ T743] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 203.465588][ T743] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 203.470767][ T743] css_populate_dir+0x137/0x370 [ 203.475592][ T743] cgroup_apply_control_enable+0x8b9/0x12f0 [ 203.481572][ T743] cgroup_apply_control+0x93/0x710 [ 203.486660][ T743] ? css_next_child+0x160/0x160 [ 203.491487][ T743] ? stack_trace_save+0x12d/0x1f0 [ 203.496485][ T743] ? io_schedule+0x120/0x120 [ 203.501056][ T743] ? kernfs_fop_write_iter+0x15e/0x410 [ 203.506572][ T743] ? __kasan_check_write+0x14/0x20 [ 203.511664][ T743] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 203.516932][ T743] cgroup_subtree_control_write+0xd19/0x1310 [ 203.522892][ T743] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 203.528869][ T743] ? __kasan_check_write+0x14/0x20 [ 203.533953][ T743] ? _copy_from_iter+0x3fb/0xd60 [ 203.538863][ T743] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 203.544813][ T743] cgroup_file_write+0x28e/0x590 [ 203.549736][ T743] ? cgroup_seqfile_stop+0xc0/0xc0 [ 203.554830][ T743] ? mutex_lock+0xa6/0x110 [ 203.559218][ T743] ? mutex_trylock+0xb0/0xb0 [ 203.563793][ T743] ? __kasan_check_write+0x14/0x20 [ 203.568887][ T743] kernfs_fop_write_iter+0x2d0/0x410 [ 203.574145][ T743] ? cgroup_seqfile_stop+0xc0/0xc0 [ 203.579240][ T743] vfs_write+0xc1c/0xf40 [ 203.583474][ T743] ? __kasan_check_write+0x14/0x20 [ 203.588566][ T743] ? kernel_write+0x3c0/0x3c0 [ 203.593223][ T743] ? _raw_spin_unlock_irq+0x4e/0x70 [ 203.598402][ T743] ? ptrace_stop+0x6ff/0x9f0 [ 203.603148][ T743] ? __kasan_check_read+0x11/0x20 [ 203.608156][ T743] ? __fdget_pos+0x27e/0x310 [ 203.612719][ T743] ksys_write+0x198/0x2c0 [ 203.617023][ T743] ? do_notify_parent+0xa60/0xa60 [ 203.622020][ T743] ? __ia32_sys_read+0x90/0x90 [ 203.626757][ T743] ? __ia32_sys_open+0x270/0x270 [ 203.631670][ T743] __x64_sys_write+0x7b/0x90 [ 203.636236][ T743] do_syscall_64+0x34/0x70 [ 203.640627][ T743] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 203.646491][ T743] RIP: 0033:0x7fc8ece62c09 [ 203.650890][ T743] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 203.670494][ T743] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 754] write(4, "-pids ", 6 [pid 743] <... write resumed>) = ? [pid 743] +++ killed by SIGKILL +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=66, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 375] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./64/binderfs") = 0 [pid 375] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./64/cgroup") = 0 [pid 375] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./64/cgroup.net") = 0 [pid 375] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./64/file0") = 0 [pid 375] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./64/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./64") = 0 [pid 375] mkdir("./65", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 755 attached , child_tidptr=0x555556fab5d0) = 67 [pid 755] chdir("./65") = 0 [pid 755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 755] setpgid(0, 0) = 0 [pid 755] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 755] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 755] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 755] write(3, "1000", 4) = 4 [pid 755] close(3) = 0 [pid 755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 755] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 755] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 755] open("./file0", O_RDONLY) = 3 [pid 755] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 203.678899][ T743] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 203.686853][ T743] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 203.694805][ T743] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 203.702752][ T743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 203.710695][ T743] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000040 [ 203.718772][ T743] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 755] write(4, "-pids ", 6 [pid 753] <... write resumed>) = 6 [pid 752] <... write resumed>) = 6 [pid 753] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 753] write(5, "22", 2) = 2 [pid 753] write(4, "+pids ", 6 [pid 752] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 752] write(5, "22", 2) = 2 [ 203.750410][ T748] FAULT_INJECTION: forcing a failure. [ 203.750410][ T748] name failslab, interval 1, probability 0, space 0, times 0 [ 203.763082][ T748] CPU: 1 PID: 748 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 203.774687][ T748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.784721][ T748] Call Trace: [ 203.787998][ T748] dump_stack_lvl+0x1e2/0x24b [ 203.792658][ T748] ? bfq_pos_tree_add_move+0x43e/0x43e [ 203.798111][ T748] ? selinux_kernfs_init_security+0x1a8/0x760 [ 203.804155][ T748] dump_stack+0x15/0x17 [ 203.808285][ T748] should_fail+0x3c0/0x510 [ 203.812673][ T748] ? __kernfs_new_node+0x99/0x6e0 [ 203.817677][ T748] __should_failslab+0x9f/0xe0 [ 203.822423][ T748] should_failslab+0x9/0x20 [ 203.826901][ T748] __kmalloc_track_caller+0x5f/0x350 [ 203.832167][ T748] kstrdup_const+0x55/0x90 [ 203.836572][ T748] __kernfs_new_node+0x99/0x6e0 [ 203.841406][ T748] ? is_module_text_address+0xe1/0x140 [ 203.846844][ T748] ? kernfs_new_node+0x170/0x170 [ 203.851766][ T748] ? ptr_to_hashval+0x60/0x60 [ 203.856415][ T748] ? arch_stack_walk+0xf8/0x140 [ 203.861245][ T748] ? snprintf+0xd6/0x120 [ 203.865476][ T748] kernfs_new_node+0x97/0x170 [ 203.870136][ T748] __kernfs_create_file+0x4a/0x270 [ 203.875226][ T748] cgroup_addrm_files+0xab8/0xfe0 [ 203.880228][ T748] ? ____kasan_kmalloc+0xdc/0x110 [ 203.885224][ T748] ? __kasan_kmalloc+0x9/0x10 [ 203.889882][ T748] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 203.895410][ T748] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 203.901540][ T748] ? delete_node+0x759/0x7b0 [ 203.906118][ T748] ? __kasan_check_read+0x11/0x20 [ 203.911125][ T748] ? delete_node+0x759/0x7b0 [ 203.915687][ T748] ? __kasan_check_write+0x14/0x20 [ 203.920778][ T748] ? idr_replace+0x1c4/0x230 [ 203.925359][ T748] ? idr_get_next+0x4b0/0x4b0 [ 203.930017][ T748] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 203.935012][ T748] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 203.940191][ T748] css_populate_dir+0x137/0x370 [ 203.945027][ T748] cgroup_apply_control_enable+0x8b9/0x12f0 [ 203.950892][ T748] cgroup_apply_control+0x93/0x710 [ 203.955975][ T748] ? css_next_child+0x160/0x160 [ 203.960803][ T748] ? stack_trace_save+0x12d/0x1f0 [ 203.965808][ T748] ? io_schedule+0x120/0x120 [ 203.970371][ T748] ? kernfs_fop_write_iter+0x15e/0x410 [ 203.975812][ T748] ? __kasan_check_write+0x14/0x20 [ 203.980920][ T748] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 203.986183][ T748] cgroup_subtree_control_write+0xd19/0x1310 [ 203.992151][ T748] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 203.998115][ T748] ? __kasan_check_write+0x14/0x20 [ 204.003202][ T748] ? _copy_from_iter+0x3fb/0xd60 [ 204.008120][ T748] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 204.014091][ T748] cgroup_file_write+0x28e/0x590 [ 204.019010][ T748] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.024091][ T748] ? mutex_lock+0xa6/0x110 [ 204.028479][ T748] ? mutex_trylock+0xb0/0xb0 [ 204.033041][ T748] ? __kasan_check_write+0x14/0x20 [ 204.038132][ T748] kernfs_fop_write_iter+0x2d0/0x410 [ 204.043398][ T748] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.048489][ T748] vfs_write+0xc1c/0xf40 [ 204.052723][ T748] ? __kasan_check_write+0x14/0x20 [ 204.057819][ T748] ? kernel_write+0x3c0/0x3c0 [ 204.062467][ T748] ? _raw_spin_unlock_irq+0x4e/0x70 [ 204.067642][ T748] ? ptrace_stop+0x6ff/0x9f0 [ 204.072224][ T748] ? __kasan_check_read+0x11/0x20 [ 204.077222][ T748] ? __fdget_pos+0x27e/0x310 [ 204.081785][ T748] ksys_write+0x198/0x2c0 [ 204.086085][ T748] ? do_notify_parent+0xa60/0xa60 [ 204.091090][ T748] ? __ia32_sys_read+0x90/0x90 [ 204.095842][ T748] ? __ia32_sys_open+0x270/0x270 [ 204.100759][ T748] __x64_sys_write+0x7b/0x90 [ 204.105322][ T748] do_syscall_64+0x34/0x70 [ 204.109711][ T748] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 204.115576][ T748] RIP: 0033:0x7fc8ece62c09 [ 204.119964][ T748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.139544][ T748] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 752] write(4, "+pids ", 6 [pid 748] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 748] close(3) = 0 [pid 748] close(4) = 0 [pid 748] close(5) = 0 [pid 748] close(6) = -1 EBADF (Bad file descriptor) [pid 748] close(7) = -1 EBADF (Bad file descriptor) [pid 748] close(8) = -1 EBADF (Bad file descriptor) [pid 748] close(9) = -1 EBADF (Bad file descriptor) [pid 748] close(10) = -1 EBADF (Bad file descriptor) [pid 748] close(11) = -1 EBADF (Bad file descriptor) [pid 748] close(12) = -1 EBADF (Bad file descriptor) [pid 748] close(13) = -1 EBADF (Bad file descriptor) [pid 748] close(14) = -1 EBADF (Bad file descriptor) [pid 748] close(15) = -1 EBADF (Bad file descriptor) [pid 748] close(16) = -1 EBADF (Bad file descriptor) [pid 748] close(17) = -1 EBADF (Bad file descriptor) [pid 748] close(18) = -1 EBADF (Bad file descriptor) [pid 748] close(19) = -1 EBADF (Bad file descriptor) [pid 748] close(20) = -1 EBADF (Bad file descriptor) [pid 748] close(21) = -1 EBADF (Bad file descriptor) [pid 748] close(22) = -1 EBADF (Bad file descriptor) [pid 748] close(23) = -1 EBADF (Bad file descriptor) [pid 748] close(24) = -1 EBADF (Bad file descriptor) [pid 748] close(25) = -1 EBADF (Bad file descriptor) [pid 748] close(26) = -1 EBADF (Bad file descriptor) [pid 748] close(27) = -1 EBADF (Bad file descriptor) [pid 748] close(28) = -1 EBADF (Bad file descriptor) [pid 748] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 748] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 748] exit_group(0) = ? [pid 748] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./61/binderfs") = 0 [pid 381] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./61/cgroup") = 0 [pid 381] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./61/cgroup.net") = 0 [pid 381] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 204.147938][ T748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 204.155882][ T748] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 204.163831][ T748] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 204.171784][ T748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 204.179734][ T748] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003d [ 204.188010][ T748] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 755] <... write resumed>) = 6 [pid 755] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 755] write(5, "22", 2) = 2 [pid 755] write(4, "+pids ", 6 [pid 381] <... openat resumed>) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./61/file0") = 0 [pid 381] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./61/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./61") = 0 [pid 381] mkdir("./62", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 64 [ 204.210472][ T753] FAULT_INJECTION: forcing a failure. [ 204.210472][ T753] name failslab, interval 1, probability 0, space 0, times 0 [ 204.223155][ T753] CPU: 0 PID: 753 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 204.234766][ T753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.244799][ T753] Call Trace: [ 204.248077][ T753] dump_stack_lvl+0x1e2/0x24b [ 204.252743][ T753] ? bfq_pos_tree_add_move+0x43e/0x43e ./strace-static-x86_64: Process 756 attached [pid 756] chdir("./62") = 0 [pid 756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 756] setpgid(0, 0) = 0 [pid 756] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 756] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 756] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 756] write(3, "1000", 4) = 4 [pid 756] close(3) = 0 [pid 756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 756] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 204.258195][ T753] ? selinux_kernfs_init_security+0x1a8/0x760 [ 204.264254][ T753] dump_stack+0x15/0x17 [ 204.268406][ T753] should_fail+0x3c0/0x510 [ 204.272809][ T753] ? __kernfs_new_node+0x99/0x6e0 [ 204.277822][ T753] __should_failslab+0x9f/0xe0 [ 204.282580][ T753] should_failslab+0x9/0x20 [ 204.287080][ T753] __kmalloc_track_caller+0x5f/0x350 [ 204.292345][ T753] kstrdup_const+0x55/0x90 [ 204.296734][ T753] __kernfs_new_node+0x99/0x6e0 [ 204.301563][ T753] ? is_module_text_address+0xe1/0x140 [ 204.307002][ T753] ? kernfs_new_node+0x170/0x170 [ 204.311931][ T753] ? ptr_to_hashval+0x60/0x60 [ 204.316593][ T753] ? arch_stack_walk+0xf8/0x140 [ 204.321425][ T753] ? snprintf+0xd6/0x120 [ 204.325650][ T753] kernfs_new_node+0x97/0x170 [ 204.330309][ T753] __kernfs_create_file+0x4a/0x270 [ 204.335403][ T753] cgroup_addrm_files+0xab8/0xfe0 [ 204.340407][ T753] ? ____kasan_kmalloc+0xdc/0x110 [ 204.345413][ T753] ? __kasan_kmalloc+0x9/0x10 [ 204.350062][ T753] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 204.355580][ T753] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 204.361707][ T753] ? delete_node+0x759/0x7b0 [ 204.366294][ T753] ? __kasan_check_read+0x11/0x20 [ 204.371292][ T753] ? delete_node+0x759/0x7b0 [ 204.375852][ T753] ? __kasan_check_write+0x14/0x20 [ 204.380948][ T753] ? idr_replace+0x1c4/0x230 [ 204.385525][ T753] ? idr_get_next+0x4b0/0x4b0 [ 204.390185][ T753] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 204.395180][ T753] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 204.400350][ T753] css_populate_dir+0x137/0x370 [ 204.405173][ T753] cgroup_apply_control_enable+0x8b9/0x12f0 [ 204.411039][ T753] cgroup_apply_control+0x93/0x710 [ 204.416121][ T753] ? css_next_child+0x160/0x160 [ 204.420942][ T753] ? stack_trace_save+0x12d/0x1f0 [ 204.425949][ T753] ? io_schedule+0x120/0x120 [ 204.430522][ T753] ? kernfs_fop_write_iter+0x15e/0x410 [ 204.435960][ T753] ? __kasan_check_write+0x14/0x20 [ 204.441060][ T753] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 204.446321][ T753] cgroup_subtree_control_write+0xd19/0x1310 [ 204.452282][ T753] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 204.458251][ T753] ? __kasan_check_write+0x14/0x20 [ 204.463344][ T753] ? _copy_from_iter+0x3fb/0xd60 [ 204.468266][ T753] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 204.474223][ T753] cgroup_file_write+0x28e/0x590 [ 204.479142][ T753] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.484235][ T753] ? mutex_lock+0xa6/0x110 [ 204.488630][ T753] ? mutex_trylock+0xb0/0xb0 [ 204.493204][ T753] ? __kasan_check_write+0x14/0x20 [ 204.498300][ T753] kernfs_fop_write_iter+0x2d0/0x410 [ 204.503565][ T753] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.508650][ T753] vfs_write+0xc1c/0xf40 [ 204.512977][ T753] ? __kasan_check_write+0x14/0x20 [ 204.518071][ T753] ? kernel_write+0x3c0/0x3c0 [ 204.522719][ T753] ? _raw_spin_unlock_irq+0x4e/0x70 [ 204.527903][ T753] ? ptrace_stop+0x6ff/0x9f0 [ 204.532475][ T753] ? __kasan_check_read+0x11/0x20 [ 204.537476][ T753] ? __fdget_pos+0x27e/0x310 [ 204.542043][ T753] ksys_write+0x198/0x2c0 [ 204.546361][ T753] ? do_notify_parent+0xa60/0xa60 [ 204.551375][ T753] ? __ia32_sys_read+0x90/0x90 [ 204.556121][ T753] ? __ia32_sys_open+0x270/0x270 [ 204.561041][ T753] __x64_sys_write+0x7b/0x90 [ 204.565615][ T753] do_syscall_64+0x34/0x70 [ 204.570015][ T753] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 204.575893][ T753] RIP: 0033:0x7fc8ece62c09 [ 204.580283][ T753] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 204.599861][ T753] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 756] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 753] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 756] open("./file0", O_RDONLY [pid 753] close(3 [pid 756] <... open resumed>) = 3 [pid 753] <... close resumed>) = 0 [pid 756] openat(3, "cgroup.subtree_control", O_RDWR [pid 753] close(4 [pid 756] <... openat resumed>) = 4 [pid 753] <... close resumed>) = 0 [pid 756] write(4, "-pids ", 6 [pid 753] close(5) = 0 [pid 753] close(6) = -1 EBADF (Bad file descriptor) [pid 753] close(7) = -1 EBADF (Bad file descriptor) [pid 753] close(8) = -1 EBADF (Bad file descriptor) [pid 753] close(9) = -1 EBADF (Bad file descriptor) [pid 753] close(10) = -1 EBADF (Bad file descriptor) [pid 753] close(11) = -1 EBADF (Bad file descriptor) [pid 753] close(12) = -1 EBADF (Bad file descriptor) [pid 753] close(13) = -1 EBADF (Bad file descriptor) [pid 753] close(14) = -1 EBADF (Bad file descriptor) [pid 753] close(15) = -1 EBADF (Bad file descriptor) [pid 753] close(16) = -1 EBADF (Bad file descriptor) [pid 753] close(17) = -1 EBADF (Bad file descriptor) [pid 753] close(18) = -1 EBADF (Bad file descriptor) [pid 753] close(19) = -1 EBADF (Bad file descriptor) [pid 753] close(20) = -1 EBADF (Bad file descriptor) [pid 753] close(21) = -1 EBADF (Bad file descriptor) [pid 753] close(22) = -1 EBADF (Bad file descriptor) [pid 753] close(23) = -1 EBADF (Bad file descriptor) [pid 753] close(24) = -1 EBADF (Bad file descriptor) [pid 753] close(25) = -1 EBADF (Bad file descriptor) [pid 753] close(26) = -1 EBADF (Bad file descriptor) [pid 753] close(27) = -1 EBADF (Bad file descriptor) [ 204.608251][ T753] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 204.616197][ T753] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 204.624142][ T753] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 204.632089][ T753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 204.640040][ T753] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000040 [ 204.648180][ T753] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 753] close(28) = -1 EBADF (Bad file descriptor) [pid 753] close(29) = -1 EBADF (Bad file descriptor) [pid 753] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 753] exit_group(0) = ? [pid 753] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./64/binderfs") = 0 [pid 382] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./64/cgroup") = 0 [pid 382] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./64/cgroup.net") = 0 [ 204.670414][ T755] FAULT_INJECTION: forcing a failure. [ 204.670414][ T755] name failslab, interval 1, probability 0, space 0, times 0 [ 204.683388][ T755] CPU: 1 PID: 755 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 204.695002][ T755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.705041][ T755] Call Trace: [ 204.708318][ T755] dump_stack_lvl+0x1e2/0x24b [ 204.712980][ T755] ? bfq_pos_tree_add_move+0x43e/0x43e [ 204.718562][ T755] ? selinux_kernfs_init_security+0x1a8/0x760 [ 204.724622][ T755] dump_stack+0x15/0x17 [ 204.728758][ T755] should_fail+0x3c0/0x510 [ 204.733150][ T755] ? __kernfs_new_node+0x99/0x6e0 [ 204.738148][ T755] __should_failslab+0x9f/0xe0 [ 204.742899][ T755] should_failslab+0x9/0x20 [ 204.747398][ T755] __kmalloc_track_caller+0x5f/0x350 [ 204.752663][ T755] kstrdup_const+0x55/0x90 [ 204.757052][ T755] __kernfs_new_node+0x99/0x6e0 [ 204.761886][ T755] ? is_module_text_address+0xe1/0x140 [ 204.767335][ T755] ? kernfs_new_node+0x170/0x170 [ 204.772256][ T755] ? ptr_to_hashval+0x60/0x60 [ 204.776912][ T755] ? arch_stack_walk+0xf8/0x140 [ 204.781739][ T755] ? snprintf+0xd6/0x120 [ 204.785955][ T755] kernfs_new_node+0x97/0x170 [ 204.790610][ T755] __kernfs_create_file+0x4a/0x270 [ 204.795702][ T755] cgroup_addrm_files+0xab8/0xfe0 [ 204.800712][ T755] ? ____kasan_kmalloc+0xdc/0x110 [ 204.805709][ T755] ? __kasan_kmalloc+0x9/0x10 [ 204.810368][ T755] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 204.815919][ T755] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 204.822054][ T755] ? delete_node+0x759/0x7b0 [ 204.826632][ T755] ? __kasan_check_read+0x11/0x20 [ 204.831649][ T755] ? delete_node+0x759/0x7b0 [ 204.836214][ T755] ? __kasan_check_write+0x14/0x20 [ 204.841315][ T755] ? idr_replace+0x1c4/0x230 [ 204.845889][ T755] ? idr_get_next+0x4b0/0x4b0 [ 204.850538][ T755] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 204.855535][ T755] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 204.860708][ T755] css_populate_dir+0x137/0x370 [ 204.865554][ T755] cgroup_apply_control_enable+0x8b9/0x12f0 [ 204.871431][ T755] cgroup_apply_control+0x93/0x710 [ 204.876519][ T755] ? css_next_child+0x160/0x160 [ 204.881342][ T755] ? stack_trace_save+0x12d/0x1f0 [ 204.886338][ T755] ? io_schedule+0x120/0x120 [ 204.890907][ T755] ? kernfs_fop_write_iter+0x15e/0x410 [ 204.896357][ T755] ? __kasan_check_write+0x14/0x20 [ 204.901457][ T755] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 204.906716][ T755] cgroup_subtree_control_write+0xd19/0x1310 [ 204.912681][ T755] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 204.918642][ T755] ? __kasan_check_write+0x14/0x20 [ 204.923728][ T755] ? _copy_from_iter+0x3fb/0xd60 [ 204.928649][ T755] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 204.934609][ T755] cgroup_file_write+0x28e/0x590 [ 204.939526][ T755] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.944620][ T755] ? mutex_lock+0xa6/0x110 [ 204.949019][ T755] ? mutex_trylock+0xb0/0xb0 [ 204.953594][ T755] ? __kasan_check_write+0x14/0x20 [ 204.958678][ T755] kernfs_fop_write_iter+0x2d0/0x410 [ 204.963941][ T755] ? cgroup_seqfile_stop+0xc0/0xc0 [ 204.969032][ T755] vfs_write+0xc1c/0xf40 [ 204.973267][ T755] ? __kasan_check_write+0x14/0x20 [ 204.978374][ T755] ? kernel_write+0x3c0/0x3c0 [ 204.983033][ T755] ? _raw_spin_unlock_irq+0x4e/0x70 [ 204.988216][ T755] ? ptrace_stop+0x6ff/0x9f0 [ 204.992779][ T755] ? __kasan_check_read+0x11/0x20 [ 204.997777][ T755] ? __fdget_pos+0x27e/0x310 [ 205.002342][ T755] ksys_write+0x198/0x2c0 [ 205.006655][ T755] ? do_notify_parent+0xa60/0xa60 [ 205.011660][ T755] ? __ia32_sys_read+0x90/0x90 [ 205.016399][ T755] ? __ia32_sys_open+0x270/0x270 [ 205.021310][ T755] __x64_sys_write+0x7b/0x90 [ 205.025884][ T755] do_syscall_64+0x34/0x70 [ 205.030273][ T755] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 205.036138][ T755] RIP: 0033:0x7fc8ece62c09 [ 205.040533][ T755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.060121][ T755] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.068518][ T755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 205.076471][ T755] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 205.084424][ T755] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 205.092383][ T755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 205.100348][ T755] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000041 [ 205.109031][ T755] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 205.109343][ T382] ------------[ cut here ]------------ [ 205.121560][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 205.130517][ T382] Modules linked in: [ 205.134416][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 205.146101][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.156336][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 205.162014][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 205.181644][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 205.187699][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 205.195686][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 205.203661][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 205.211644][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [pid 382] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOWwrite to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 755] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 755] close(3) = 0 [pid 755] close(4) = 0 [pid 755] close(5) = 0 [pid 755] close(6) = -1 EBADF (Bad file descriptor) [pid 755] close(7) = -1 EBADF (Bad file descriptor) [pid 755] close(8) = -1 EBADF (Bad file descriptor) [pid 755] close(9) = -1 EBADF (Bad file descriptor) [pid 755] close(10) = -1 EBADF (Bad file descriptor) [pid 755] close(11) = -1 EBADF (Bad file descriptor) [pid 755] close(12) = -1 EBADF (Bad file descriptor) [pid 755] close(13) = -1 EBADF (Bad file descriptor) [pid 755] close(14) = -1 EBADF (Bad file descriptor) [pid 755] close(15) = -1 EBADF (Bad file descriptor) [pid 755] close(16) = -1 EBADF (Bad file descriptor) [pid 755] close(17) = -1 EBADF (Bad file descriptor) [pid 755] close(18) = -1 EBADF (Bad file descriptor) [pid 755] close(19) = -1 EBADF (Bad file descriptor) [pid 755] close(20) = -1 EBADF (Bad file descriptor) [pid 755] close(21) = -1 EBADF (Bad file descriptor) [pid 755] close(22) = -1 EBADF (Bad file descriptor) [pid 755] close(23) = -1 EBADF (Bad file descriptor) [pid 755] close(24) = -1 EBADF (Bad file descriptor) [pid 755] close(25) = -1 EBADF (Bad file descriptor) [pid 755] close(26) = -1 EBADF (Bad file descriptor) [pid 755] close(27) = -1 EBADF (Bad file descriptor) [pid 755] close(28) = -1 EBADF (Bad file descriptor) [pid 755] close(29) = -1 EBADF (Bad file descriptor) [pid 755] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 755] exit_group(0) = ? [pid 755] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 205.219613][ T382] R13: ffff88810eee1880 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 205.227600][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 205.236529][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 205.243141][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 205.251135][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 205.259111][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 205.267093][ T382] Call Trace: [ 205.270388][ T382] ? lockref_get_or_lock+0x340/0x340 [ 205.275660][ T382] ? umount_tree+0xf50/0xf50 [ 205.280267][ T382] ? vfs_submount+0xb0/0xb0 [ 205.284759][ T382] ? dput+0x2b6/0x320 [ 205.288722][ T382] path_umount+0x1fe/0xfb0 [ 205.293151][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 205.298167][ T382] ? user_path_at_empty+0x40/0x50 [ 205.303209][ T382] __x64_sys_umount+0x122/0x170 [ 205.308046][ T382] ? path_umount+0xfb0/0xfb0 [ 205.312651][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 205.318621][ T382] do_syscall_64+0x34/0x70 [ 205.323053][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 205.328929][ T382] RIP: 0033:0x7fc8ece63fb7 [ 205.333360][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.352981][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 205.361407][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [pid 375] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] <... umount2 resumed>) = 0 [pid 375] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./65/binderfs") = 0 [pid 375] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./65/cgroup") = 0 [pid 375] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./65/cgroup.net") = 0 [pid 375] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... umount2 resumed>) = 0 [pid 375] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./65/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./65/file0") = 0 [pid 382] <... openat resumed>) = 4 [pid 375] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, [pid 375] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] unlink("./65/cgroup.cpu" [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] <... unlink resumed>) = 0 [pid 375] getdents64(3, [pid 382] close(4 [pid 375] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] <... close resumed>) = 0 [pid 382] rmdir("./64/file0" [pid 375] close(3) = 0 [pid 375] rmdir("./65" [pid 382] <... rmdir resumed>) = 0 [pid 375] <... rmdir resumed>) = 0 [pid 382] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] mkdir("./66", 0777 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] lstat("./64/cgroup.cpu", [pid 375] <... mkdir resumed>) = 0 [pid 382] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./64/cgroup.cpu" [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 382] <... unlink resumed>) = 0 [pid 382] getdents64(3, ./strace-static-x86_64: Process 757 attached 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3 [pid 375] <... clone resumed>, child_tidptr=0x555556fab5d0) = 68 [pid 382] <... close resumed>) = 0 [pid 757] chdir("./66" [pid 382] rmdir("./64" [pid 757] <... chdir resumed>) = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0 [pid 382] <... rmdir resumed>) = 0 [pid 757] <... setpgid resumed>) = 0 [pid 382] mkdir("./65", 0777 [pid 757] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 382] <... mkdir resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 757] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 757] symlink("/syzcgroup/net/syz0", "./cgroup.net"./strace-static-x86_64: Process 758 attached ) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 67 [pid 758] chdir("./65" [pid 757] <... openat resumed>) = 3 [pid 757] write(3, "1000", 4 [pid 758] <... chdir resumed>) = 0 [pid 758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 758] setpgid(0, 0 [pid 757] <... write resumed>) = 4 [pid 758] <... setpgid resumed>) = 0 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs" [pid 758] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 757] <... symlink resumed>) = 0 [pid 757] mkdirat(AT_FDCWD, "./file0", 000 [pid 758] <... symlink resumed>) = 0 [pid 757] <... mkdirat resumed>) = 0 [pid 757] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 758] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 757] <... mount resumed>) = 0 [pid 757] open("./file0", O_RDONLY) = 3 [pid 758] <... symlink resumed>) = 0 [pid 758] symlink("/syzcgroup/net/syz5", "./cgroup.net" [pid 757] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 758] <... symlink resumed>) = 0 [pid 757] write(4, "-pids ", 6 [ 205.369378][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 205.377375][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 205.385446][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 205.393435][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000041 [ 205.401411][ T382] ---[ end trace d4de1ca9cdcd19ab ]--- [ 205.418534][ T752] FAULT_INJECTION: forcing a failure. [pid 758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 756] <... write resumed>) = 6 [pid 758] write(3, "1000", 4) = 4 [pid 758] close(3) = 0 [pid 758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 758] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 758] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 756] write(5, "22", 2) = 2 [ 205.418534][ T752] name failslab, interval 1, probability 0, space 0, times 0 [ 205.431857][ T752] CPU: 0 PID: 752 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 205.443478][ T752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.453518][ T752] Call Trace: [ 205.456793][ T752] dump_stack_lvl+0x1e2/0x24b [ 205.461459][ T752] ? bfq_pos_tree_add_move+0x43e/0x43e [ 205.466992][ T752] ? selinux_kernfs_init_security+0x1a8/0x760 [ 205.473040][ T752] dump_stack+0x15/0x17 [ 205.477184][ T752] should_fail+0x3c0/0x510 [ 205.481588][ T752] ? __kernfs_new_node+0x99/0x6e0 [ 205.486588][ T752] __should_failslab+0x9f/0xe0 [ 205.491331][ T752] should_failslab+0x9/0x20 [ 205.495815][ T752] __kmalloc_track_caller+0x5f/0x350 [ 205.501112][ T752] kstrdup_const+0x55/0x90 [ 205.505508][ T752] __kernfs_new_node+0x99/0x6e0 [ 205.510341][ T752] ? is_module_text_address+0xe1/0x140 [ 205.515775][ T752] ? kernfs_new_node+0x170/0x170 [ 205.520689][ T752] ? ptr_to_hashval+0x60/0x60 [ 205.525340][ T752] ? arch_stack_walk+0xf8/0x140 [ 205.530177][ T752] ? snprintf+0xd6/0x120 [ 205.534397][ T752] kernfs_new_node+0x97/0x170 [ 205.539049][ T752] __kernfs_create_file+0x4a/0x270 [ 205.544135][ T752] cgroup_addrm_files+0xab8/0xfe0 [ 205.549133][ T752] ? ____kasan_kmalloc+0xdc/0x110 [ 205.554141][ T752] ? __kasan_kmalloc+0x9/0x10 [ 205.558823][ T752] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 205.564342][ T752] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 205.570472][ T752] ? delete_node+0x759/0x7b0 [ 205.575036][ T752] ? __kasan_check_read+0x11/0x20 [ 205.580032][ T752] ? delete_node+0x759/0x7b0 [ 205.584624][ T752] ? __kasan_check_write+0x14/0x20 [ 205.589710][ T752] ? idr_replace+0x1c4/0x230 [ 205.594274][ T752] ? idr_get_next+0x4b0/0x4b0 [ 205.598927][ T752] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 205.603932][ T752] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 205.609123][ T752] css_populate_dir+0x137/0x370 [ 205.613957][ T752] cgroup_apply_control_enable+0x8b9/0x12f0 [ 205.619831][ T752] cgroup_apply_control+0x93/0x710 [ 205.624925][ T752] ? css_next_child+0x160/0x160 [ 205.629748][ T752] ? stack_trace_save+0x12d/0x1f0 [ 205.634756][ T752] ? io_schedule+0x120/0x120 [ 205.639332][ T752] ? kernfs_fop_write_iter+0x15e/0x410 [ 205.644766][ T752] ? __kasan_check_write+0x14/0x20 [ 205.649864][ T752] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 205.655219][ T752] cgroup_subtree_control_write+0xd19/0x1310 [ 205.661173][ T752] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 205.667137][ T752] ? __kasan_check_write+0x14/0x20 [ 205.672234][ T752] ? _copy_from_iter+0x3fb/0xd60 [ 205.677148][ T752] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 205.683101][ T752] cgroup_file_write+0x28e/0x590 [ 205.688013][ T752] ? cgroup_seqfile_stop+0xc0/0xc0 [ 205.693187][ T752] ? mutex_lock+0xa6/0x110 [ 205.697577][ T752] ? mutex_trylock+0xb0/0xb0 [ 205.702145][ T752] ? __kasan_check_write+0x14/0x20 [ 205.707234][ T752] kernfs_fop_write_iter+0x2d0/0x410 [ 205.712494][ T752] ? cgroup_seqfile_stop+0xc0/0xc0 [ 205.717583][ T752] vfs_write+0xc1c/0xf40 [ 205.721806][ T752] ? __kasan_check_write+0x14/0x20 [ 205.726893][ T752] ? kernel_write+0x3c0/0x3c0 [ 205.731544][ T752] ? _raw_spin_unlock_irq+0x4e/0x70 [ 205.736898][ T752] ? ptrace_stop+0x6ff/0x9f0 [ 205.741466][ T752] ? __kasan_check_read+0x11/0x20 [ 205.746466][ T752] ? __fdget_pos+0x27e/0x310 [ 205.751031][ T752] ksys_write+0x198/0x2c0 [ 205.755337][ T752] ? do_notify_parent+0xa60/0xa60 [ 205.760335][ T752] ? __ia32_sys_read+0x90/0x90 [ 205.765077][ T752] ? __ia32_sys_open+0x270/0x270 [ 205.769989][ T752] __x64_sys_write+0x7b/0x90 [ 205.774555][ T752] do_syscall_64+0x34/0x70 [ 205.778947][ T752] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 205.784829][ T752] RIP: 0033:0x7fc8ece62c09 [ 205.789228][ T752] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 205.808807][ T752] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.817195][ T752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 756] write(4, "+pids ", 6 [pid 752] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 758] <... mount resumed>) = 0 [pid 752] close(3 [pid 758] open("./file0", O_RDONLY [pid 752] <... close resumed>) = 0 [pid 758] <... open resumed>) = 3 [pid 752] close(4 [pid 758] openat(3, "cgroup.subtree_control", O_RDWR [pid 752] <... close resumed>) = 0 [pid 758] <... openat resumed>) = 4 [pid 752] close(5 [pid 758] write(4, "-pids ", 6 [pid 752] <... close resumed>) = 0 [pid 752] close(6) = -1 EBADF (Bad file descriptor) [pid 752] close(7) = -1 EBADF (Bad file descriptor) [pid 752] close(8) = -1 EBADF (Bad file descriptor) [pid 752] close(9) = -1 EBADF (Bad file descriptor) [pid 752] close(10) = -1 EBADF (Bad file descriptor) [pid 752] close(11) = -1 EBADF (Bad file descriptor) [pid 752] close(12) = -1 EBADF (Bad file descriptor) [pid 752] close(13) = -1 EBADF (Bad file descriptor) [pid 752] close(14) = -1 EBADF (Bad file descriptor) [pid 752] close(15) = -1 EBADF (Bad file descriptor) [pid 752] close(16) = -1 EBADF (Bad file descriptor) [pid 752] close(17) = -1 EBADF (Bad file descriptor) [pid 752] close(18) = -1 EBADF (Bad file descriptor) [pid 752] close(19) = -1 EBADF (Bad file descriptor) [pid 752] close(20) = -1 EBADF (Bad file descriptor) [pid 752] close(21) = -1 EBADF (Bad file descriptor) [pid 752] close(22) = -1 EBADF (Bad file descriptor) [pid 752] close(23) = -1 EBADF (Bad file descriptor) [pid 752] close(24) = -1 EBADF (Bad file descriptor) [pid 752] close(25) = -1 EBADF (Bad file descriptor) [pid 752] close(26) = -1 EBADF (Bad file descriptor) [pid 752] close(27) = -1 EBADF (Bad file descriptor) [pid 752] close(28) = -1 EBADF (Bad file descriptor) [pid 752] close(29) = -1 EBADF (Bad file descriptor) [pid 752] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 752] exit_group(0) = ? [pid 752] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./61/binderfs") = 0 [pid 376] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./61/cgroup") = 0 [pid 376] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./61/cgroup.net") = 0 [pid 376] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./61/file0") = 0 [pid 376] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./61/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./61") = 0 [pid 376] mkdir("./62", 0777) = 0 [ 205.825146][ T752] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 205.833095][ T752] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 205.841047][ T752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 205.848996][ T752] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003d [ 205.857448][ T752] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 759 attached [pid 759] chdir("./62") = 0 [pid 759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 759] setpgid(0, 0) = 0 [pid 759] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 759] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 759] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 759] write(3, "1000", 4) = 4 [pid 759] close(3) = 0 [pid 759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 759] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 205.890503][ T756] FAULT_INJECTION: forcing a failure. [ 205.890503][ T756] name failslab, interval 1, probability 0, space 0, times 0 [ 205.903640][ T756] CPU: 0 PID: 756 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 205.915257][ T756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.925305][ T756] Call Trace: [ 205.928583][ T756] dump_stack_lvl+0x1e2/0x24b [ 205.933236][ T756] ? bfq_pos_tree_add_move+0x43e/0x43e [ 205.938668][ T756] ? selinux_kernfs_init_security+0x1a8/0x760 [ 205.944708][ T756] dump_stack+0x15/0x17 [ 205.948840][ T756] should_fail+0x3c0/0x510 [ 205.953241][ T756] ? __kernfs_new_node+0x99/0x6e0 [ 205.958256][ T756] __should_failslab+0x9f/0xe0 [ 205.962999][ T756] should_failslab+0x9/0x20 [ 205.967483][ T756] __kmalloc_track_caller+0x5f/0x350 [ 205.972754][ T756] kstrdup_const+0x55/0x90 [ 205.977146][ T756] __kernfs_new_node+0x99/0x6e0 [ 205.981970][ T756] ? is_module_text_address+0xe1/0x140 [ 205.987400][ T756] ? kernfs_new_node+0x170/0x170 [ 205.992310][ T756] ? ptr_to_hashval+0x60/0x60 [ 205.996960][ T756] ? arch_stack_walk+0xf8/0x140 [ 206.001785][ T756] ? snprintf+0xd6/0x120 [ 206.006020][ T756] kernfs_new_node+0x97/0x170 [ 206.010668][ T756] __kernfs_create_file+0x4a/0x270 [ 206.015757][ T756] cgroup_addrm_files+0xab8/0xfe0 [ 206.020764][ T756] ? ____kasan_kmalloc+0xdc/0x110 [ 206.025769][ T756] ? __kasan_kmalloc+0x9/0x10 [ 206.030418][ T756] ? kmem_cache_alloc_trace+0x1dd/0x330 [pid 759] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 376] <... clone resumed>, child_tidptr=0x555556fab5d0) = 64 [ 206.035945][ T756] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 206.042077][ T756] ? delete_node+0x759/0x7b0 [ 206.046636][ T756] ? __kasan_check_read+0x11/0x20 [ 206.051629][ T756] ? delete_node+0x759/0x7b0 [ 206.056205][ T756] ? __kasan_check_write+0x14/0x20 [ 206.061294][ T756] ? idr_replace+0x1c4/0x230 [ 206.065858][ T756] ? idr_get_next+0x4b0/0x4b0 [ 206.070510][ T756] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 206.075508][ T756] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 206.080679][ T756] css_populate_dir+0x137/0x370 [ 206.085509][ T756] cgroup_apply_control_enable+0x8b9/0x12f0 [ 206.091388][ T756] cgroup_apply_control+0x93/0x710 [ 206.096491][ T756] ? css_next_child+0x160/0x160 [ 206.101324][ T756] ? io_schedule+0x120/0x120 [ 206.105896][ T756] ? kernfs_fop_write_iter+0x15e/0x410 [ 206.111329][ T756] ? __kasan_check_write+0x14/0x20 [ 206.116417][ T756] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 206.121677][ T756] cgroup_subtree_control_write+0xd19/0x1310 [ 206.127630][ T756] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 206.133611][ T756] ? __kasan_check_write+0x14/0x20 [ 206.138714][ T756] ? _copy_from_iter+0x3fb/0xd60 [ 206.143640][ T756] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 206.149591][ T756] cgroup_file_write+0x28e/0x590 [ 206.154502][ T756] ? cgroup_seqfile_stop+0xc0/0xc0 [ 206.159587][ T756] ? mutex_lock+0xa6/0x110 [ 206.163974][ T756] ? mutex_trylock+0xb0/0xb0 [ 206.168537][ T756] ? __kasan_check_write+0x14/0x20 [ 206.173624][ T756] kernfs_fop_write_iter+0x2d0/0x410 [ 206.178881][ T756] ? cgroup_seqfile_stop+0xc0/0xc0 [ 206.184083][ T756] vfs_write+0xc1c/0xf40 [ 206.188300][ T756] ? __kasan_check_write+0x14/0x20 [ 206.193386][ T756] ? kernel_write+0x3c0/0x3c0 [ 206.198036][ T756] ? _raw_spin_unlock_irq+0x4e/0x70 [ 206.203211][ T756] ? ptrace_stop+0x6ff/0x9f0 [ 206.207775][ T756] ? __kasan_check_read+0x11/0x20 [ 206.212780][ T756] ? __fdget_pos+0x27e/0x310 [ 206.217351][ T756] ksys_write+0x198/0x2c0 [ 206.221657][ T756] ? do_notify_parent+0xa60/0xa60 [ 206.226653][ T756] ? __ia32_sys_read+0x90/0x90 [ 206.231388][ T756] ? __ia32_sys_open+0x270/0x270 [ 206.236307][ T756] __x64_sys_write+0x7b/0x90 [ 206.240905][ T756] do_syscall_64+0x34/0x70 [ 206.245304][ T756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 206.251178][ T756] RIP: 0033:0x7fc8ece62c09 [ 206.255578][ T756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.275165][ T756] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.283550][ T756] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 756] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 759] <... mount resumed>) = 0 [pid 759] open("./file0", O_RDONLY [pid 756] close(3 [pid 759] <... open resumed>) = 3 [pid 756] <... close resumed>) = 0 [pid 759] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 756] close(4 [pid 759] write(4, "-pids ", 6 [pid 756] <... close resumed>) = 0 [pid 756] close(5) = 0 [pid 756] close(6) = -1 EBADF (Bad file descriptor) [pid 756] close(7) = -1 EBADF (Bad file descriptor) [pid 756] close(8) = -1 EBADF (Bad file descriptor) [pid 756] close(9) = -1 EBADF (Bad file descriptor) [pid 756] close(10) = -1 EBADF (Bad file descriptor) [pid 756] close(11) = -1 EBADF (Bad file descriptor) [pid 756] close(12) = -1 EBADF (Bad file descriptor) [pid 756] close(13) = -1 EBADF (Bad file descriptor) [pid 756] close(14) = -1 EBADF (Bad file descriptor) [pid 756] close(15) = -1 EBADF (Bad file descriptor) [pid 756] close(16) = -1 EBADF (Bad file descriptor) [pid 756] close(17) = -1 EBADF (Bad file descriptor) [pid 756] close(18) = -1 EBADF (Bad file descriptor) [pid 756] close(19) = -1 EBADF (Bad file descriptor) [pid 756] close(20) = -1 EBADF (Bad file descriptor) [pid 756] close(21) = -1 EBADF (Bad file descriptor) [pid 756] close(22) = -1 EBADF (Bad file descriptor) [pid 756] close(23) = -1 EBADF (Bad file descriptor) [pid 756] close(24) = -1 EBADF (Bad file descriptor) [pid 756] close(25) = -1 EBADF (Bad file descriptor) [pid 756] close(26) = -1 EBADF (Bad file descriptor) [pid 756] close(27) = -1 EBADF (Bad file descriptor) [pid 756] close(28) = -1 EBADF (Bad file descriptor) [pid 756] close(29) = -1 EBADF (Bad file descriptor) [pid 756] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 756] exit_group(0) = ? [pid 756] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./62/binderfs") = 0 [pid 381] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./62/cgroup") = 0 [pid 381] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./62/cgroup.net") = 0 [pid 381] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./62/file0") = 0 [pid 381] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./62/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./62") = 0 [pid 381] mkdir("./63", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 760 attached , child_tidptr=0x555556fab5d0) = 65 [pid 760] chdir("./63") = 0 [pid 760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 760] setpgid(0, 0) = 0 [pid 760] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 760] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 760] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 760] write(3, "1000", 4) = 4 [pid 760] close(3) = 0 [pid 760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 760] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 760] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 760] open("./file0", O_RDONLY) = 3 [pid 760] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 760] write(4, "-pids ", 6 [pid 759] <... write resumed>) = 6 [pid 758] <... write resumed>) = 6 [pid 754] <... write resumed>) = 6 [ 206.291503][ T756] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 206.299471][ T756] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 206.307425][ T756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 206.315373][ T756] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003e [ 206.323516][ T756] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 758] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 758] write(5, "22", 2) = 2 [pid 758] write(4, "+pids ", 6 [pid 759] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 759] write(5, "22", 2) = 2 [pid 759] write(4, "+pids ", 6 [pid 754] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 754] write(5, "22", 2) = 2 [ 206.370440][ T751] FAULT_INJECTION: forcing a failure. [ 206.370440][ T751] name failslab, interval 1, probability 0, space 0, times 0 [ 206.383175][ T751] CPU: 1 PID: 751 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 206.394776][ T751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.404815][ T751] Call Trace: [ 206.408109][ T751] dump_stack_lvl+0x1e2/0x24b [ 206.412781][ T751] ? bfq_pos_tree_add_move+0x43e/0x43e [ 206.418220][ T751] ? selinux_kernfs_init_security+0x1a8/0x760 [ 206.424273][ T751] dump_stack+0x15/0x17 [ 206.428408][ T751] should_fail+0x3c0/0x510 [ 206.432804][ T751] ? __kernfs_new_node+0x99/0x6e0 [ 206.437813][ T751] __should_failslab+0x9f/0xe0 [ 206.442557][ T751] should_failslab+0x9/0x20 [ 206.447042][ T751] __kmalloc_track_caller+0x5f/0x350 [ 206.452312][ T751] kstrdup_const+0x55/0x90 [ 206.456708][ T751] __kernfs_new_node+0x99/0x6e0 [ 206.461540][ T751] ? is_module_text_address+0xe1/0x140 [ 206.466983][ T751] ? kernfs_new_node+0x170/0x170 [ 206.471899][ T751] ? ptr_to_hashval+0x60/0x60 [ 206.476553][ T751] ? arch_stack_walk+0xf8/0x140 [ 206.481382][ T751] ? snprintf+0xd6/0x120 [ 206.485601][ T751] kernfs_new_node+0x97/0x170 [ 206.490355][ T751] __kernfs_create_file+0x4a/0x270 [ 206.495458][ T751] cgroup_addrm_files+0xab8/0xfe0 [ 206.500463][ T751] ? ____kasan_kmalloc+0xdc/0x110 [ 206.505466][ T751] ? __kasan_kmalloc+0x9/0x10 [ 206.510121][ T751] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 206.515648][ T751] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 206.521782][ T751] ? delete_node+0x759/0x7b0 [ 206.526354][ T751] ? __kasan_check_read+0x11/0x20 [ 206.531363][ T751] ? delete_node+0x759/0x7b0 [ 206.535933][ T751] ? __kasan_check_write+0x14/0x20 [ 206.541027][ T751] ? idr_replace+0x1c4/0x230 [ 206.545595][ T751] ? idr_get_next+0x4b0/0x4b0 [ 206.550253][ T751] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 206.555255][ T751] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 206.560444][ T751] css_populate_dir+0x137/0x370 [ 206.565279][ T751] cgroup_apply_control_enable+0x8b9/0x12f0 [ 206.571153][ T751] cgroup_apply_control+0x93/0x710 [ 206.576258][ T751] ? css_next_child+0x160/0x160 [ 206.581098][ T751] ? io_schedule+0x120/0x120 [ 206.585673][ T751] ? kernfs_fop_write_iter+0x15e/0x410 [ 206.591113][ T751] ? __kasan_check_write+0x14/0x20 [ 206.596209][ T751] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 206.601477][ T751] cgroup_subtree_control_write+0xd19/0x1310 [ 206.607440][ T751] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 206.613401][ T751] ? __kasan_check_write+0x14/0x20 [ 206.618492][ T751] ? _copy_from_iter+0x3fb/0xd60 [ 206.623405][ T751] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 206.629362][ T751] cgroup_file_write+0x28e/0x590 [ 206.634280][ T751] ? cgroup_seqfile_stop+0xc0/0xc0 [ 206.639369][ T751] ? mutex_lock+0xa6/0x110 [ 206.643765][ T751] ? mutex_trylock+0xb0/0xb0 [ 206.648334][ T751] ? __kasan_check_write+0x14/0x20 [ 206.653423][ T751] kernfs_fop_write_iter+0x2d0/0x410 [ 206.658685][ T751] ? cgroup_seqfile_stop+0xc0/0xc0 [ 206.663774][ T751] vfs_write+0xc1c/0xf40 [ 206.667993][ T751] ? __kasan_check_write+0x14/0x20 [ 206.673080][ T751] ? kernel_write+0x3c0/0x3c0 [ 206.677734][ T751] ? _raw_spin_unlock_irq+0x4e/0x70 [ 206.682914][ T751] ? ptrace_stop+0x6ff/0x9f0 [ 206.687481][ T751] ? __kasan_check_read+0x11/0x20 [ 206.692483][ T751] ? __fdget_pos+0x27e/0x310 [ 206.697051][ T751] ksys_write+0x198/0x2c0 [ 206.701361][ T751] ? do_notify_parent+0xa60/0xa60 [ 206.706359][ T751] ? __ia32_sys_read+0x90/0x90 [ 206.711100][ T751] ? __ia32_sys_open+0x270/0x270 [ 206.716017][ T751] __x64_sys_write+0x7b/0x90 [ 206.720589][ T751] do_syscall_64+0x34/0x70 [ 206.724988][ T751] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 206.730862][ T751] RIP: 0033:0x7fc8ece62c09 [ 206.735257][ T751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 206.754838][ T751] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.763231][ T751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 754] write(4, "+pids ", 6 [pid 751] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 751] close(3) = 0 [pid 751] close(4) = 0 [pid 751] close(5) = 0 [pid 751] close(6) = -1 EBADF (Bad file descriptor) [pid 751] close(7) = -1 EBADF (Bad file descriptor) [pid 751] close(8) = -1 EBADF (Bad file descriptor) [pid 751] close(9) = -1 EBADF (Bad file descriptor) [pid 751] close(10) = -1 EBADF (Bad file descriptor) [pid 751] close(11) = -1 EBADF (Bad file descriptor) [pid 751] close(12) = -1 EBADF (Bad file descriptor) [pid 751] close(13) = -1 EBADF (Bad file descriptor) [pid 751] close(14) = -1 EBADF (Bad file descriptor) [pid 751] close(15) = -1 EBADF (Bad file descriptor) [pid 751] close(16) = -1 EBADF (Bad file descriptor) [pid 751] close(17) = -1 EBADF (Bad file descriptor) [pid 751] close(18) = -1 EBADF (Bad file descriptor) [pid 751] close(19) = -1 EBADF (Bad file descriptor) [pid 751] close(20) = -1 EBADF (Bad file descriptor) [pid 751] close(21) = -1 EBADF (Bad file descriptor) [pid 751] close(22) = -1 EBADF (Bad file descriptor) [pid 751] close(23) = -1 EBADF (Bad file descriptor) [pid 751] close(24) = -1 EBADF (Bad file descriptor) [pid 751] close(25) = -1 EBADF (Bad file descriptor) [pid 751] close(26) = -1 EBADF (Bad file descriptor) [pid 751] close(27) = -1 EBADF (Bad file descriptor) [pid 751] close(28) = -1 EBADF (Bad file descriptor) [pid 751] close(29) = -1 EBADF (Bad file descriptor) [pid 751] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 751] exit_group(0) = ? [pid 751] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 383] umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./54/binderfs") = 0 [pid 383] umount2("./54/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./54/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./54/cgroup") = 0 [pid 383] umount2("./54/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./54/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./54/cgroup.net") = 0 [pid 383] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./54/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./54/file0") = 0 [pid 383] umount2("./54/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./54/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./54/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./54") = 0 [pid 383] mkdir("./55", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 761 attached , child_tidptr=0x555556fab5d0) = 57 [pid 761] chdir("./55") = 0 [pid 761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 761] setpgid(0, 0) = 0 [pid 761] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 761] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [ 206.771179][ T751] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 206.779128][ T751] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 206.787077][ T751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 206.795026][ T751] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000036 [ 206.803668][ T751] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 761] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 761] write(3, "1000", 4) = 4 [pid 761] close(3) = 0 [pid 761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 761] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 206.840385][ T754] FAULT_INJECTION: forcing a failure. [ 206.840385][ T754] name failslab, interval 1, probability 0, space 0, times 0 [ 206.853446][ T754] CPU: 0 PID: 754 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 206.865062][ T754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.875094][ T754] Call Trace: [ 206.878362][ T754] dump_stack_lvl+0x1e2/0x24b [ 206.883019][ T754] ? bfq_pos_tree_add_move+0x43e/0x43e [ 206.888450][ T754] ? selinux_kernfs_init_security+0x1a8/0x760 [ 206.894489][ T754] dump_stack+0x15/0x17 [ 206.898616][ T754] should_fail+0x3c0/0x510 [ 206.903015][ T754] ? __kernfs_new_node+0x99/0x6e0 [ 206.908022][ T754] __should_failslab+0x9f/0xe0 [ 206.912766][ T754] should_failslab+0x9/0x20 [ 206.917246][ T754] __kmalloc_track_caller+0x5f/0x350 [ 206.922505][ T754] kstrdup_const+0x55/0x90 [ 206.926897][ T754] __kernfs_new_node+0x99/0x6e0 [ 206.931722][ T754] ? is_module_text_address+0xe1/0x140 [ 206.937154][ T754] ? kernfs_new_node+0x170/0x170 [ 206.942074][ T754] ? ptr_to_hashval+0x60/0x60 [ 206.946732][ T754] ? arch_stack_walk+0xf8/0x140 [ 206.951570][ T754] ? snprintf+0xd6/0x120 [ 206.955796][ T754] kernfs_new_node+0x97/0x170 [ 206.960447][ T754] __kernfs_create_file+0x4a/0x270 [ 206.965531][ T754] cgroup_addrm_files+0xab8/0xfe0 [ 206.970528][ T754] ? ____kasan_kmalloc+0xdc/0x110 [ 206.975529][ T754] ? __kasan_kmalloc+0x9/0x10 [ 206.980188][ T754] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 206.985727][ T754] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 206.991867][ T754] ? delete_node+0x759/0x7b0 [ 206.996442][ T754] ? __kasan_check_read+0x11/0x20 [ 207.001436][ T754] ? delete_node+0x759/0x7b0 [ 207.005998][ T754] ? __kasan_check_write+0x14/0x20 [ 207.011083][ T754] ? idr_replace+0x1c4/0x230 [ 207.015647][ T754] ? idr_get_next+0x4b0/0x4b0 [ 207.020302][ T754] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 207.025308][ T754] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 207.030489][ T754] css_populate_dir+0x137/0x370 [ 207.035314][ T754] cgroup_apply_control_enable+0x8b9/0x12f0 [ 207.041181][ T754] cgroup_apply_control+0x93/0x710 [ 207.046265][ T754] ? css_next_child+0x160/0x160 [ 207.051094][ T754] ? stack_trace_save+0x12d/0x1f0 [ 207.056106][ T754] ? io_schedule+0x120/0x120 [ 207.060671][ T754] ? kernfs_fop_write_iter+0x15e/0x410 [ 207.066103][ T754] ? __kasan_check_write+0x14/0x20 [ 207.071200][ T754] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 207.076479][ T754] cgroup_subtree_control_write+0xd19/0x1310 [ 207.082440][ T754] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 207.088394][ T754] ? __kasan_check_write+0x14/0x20 [ 207.093480][ T754] ? _copy_from_iter+0x3fb/0xd60 [ 207.098388][ T754] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 207.104341][ T754] cgroup_file_write+0x28e/0x590 [ 207.109250][ T754] ? cgroup_seqfile_stop+0xc0/0xc0 [ 207.114337][ T754] ? mutex_lock+0xa6/0x110 [ 207.118762][ T754] ? mutex_trylock+0xb0/0xb0 [ 207.123355][ T754] ? __kasan_check_write+0x14/0x20 [ 207.128485][ T754] kernfs_fop_write_iter+0x2d0/0x410 [ 207.133748][ T754] ? cgroup_seqfile_stop+0xc0/0xc0 [ 207.138853][ T754] vfs_write+0xc1c/0xf40 [ 207.143070][ T754] ? __kasan_check_write+0x14/0x20 [ 207.148156][ T754] ? kernel_write+0x3c0/0x3c0 [ 207.152807][ T754] ? _raw_spin_unlock_irq+0x4e/0x70 [ 207.157990][ T754] ? ptrace_stop+0x6ff/0x9f0 [ 207.162564][ T754] ? __kasan_check_read+0x11/0x20 [ 207.167569][ T754] ? __fdget_pos+0x27e/0x310 [ 207.172132][ T754] ksys_write+0x198/0x2c0 [ 207.176454][ T754] ? do_notify_parent+0xa60/0xa60 [ 207.181465][ T754] ? __ia32_sys_read+0x90/0x90 [ 207.186217][ T754] ? __ia32_sys_open+0x270/0x270 [ 207.191128][ T754] __x64_sys_write+0x7b/0x90 [ 207.195694][ T754] do_syscall_64+0x34/0x70 [ 207.200097][ T754] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 207.205968][ T754] RIP: 0033:0x7fc8ece62c09 [ 207.210359][ T754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.229936][ T754] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 761] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 754] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 761] open("./file0", O_RDONLY) = 3 [pid 754] close(3 [pid 761] openat(3, "cgroup.subtree_control", O_RDWR [pid 754] <... close resumed>) = 0 [pid 761] <... openat resumed>) = 4 [pid 754] close(4 [pid 761] write(4, "-pids ", 6 [pid 754] <... close resumed>) = 0 [pid 754] close(5) = 0 [pid 754] close(6) = -1 EBADF (Bad file descriptor) [pid 754] close(7) = -1 EBADF (Bad file descriptor) [pid 754] close(8) = -1 EBADF (Bad file descriptor) [pid 754] close(9) = -1 EBADF (Bad file descriptor) [pid 754] close(10) = -1 EBADF (Bad file descriptor) [pid 754] close(11) = -1 EBADF (Bad file descriptor) [pid 754] close(12) = -1 EBADF (Bad file descriptor) [pid 754] close(13) = -1 EBADF (Bad file descriptor) [pid 754] close(14) = -1 EBADF (Bad file descriptor) [pid 754] close(15) = -1 EBADF (Bad file descriptor) [pid 754] close(16) = -1 EBADF (Bad file descriptor) [pid 754] close(17) = -1 EBADF (Bad file descriptor) [pid 754] close(18) = -1 EBADF (Bad file descriptor) [pid 754] close(19) = -1 EBADF (Bad file descriptor) [pid 754] close(20) = -1 EBADF (Bad file descriptor) [pid 754] close(21) = -1 EBADF (Bad file descriptor) [pid 754] close(22) = -1 EBADF (Bad file descriptor) [pid 754] close(23) = -1 EBADF (Bad file descriptor) [pid 754] close(24) = -1 EBADF (Bad file descriptor) [pid 754] close(25) = -1 EBADF (Bad file descriptor) [pid 754] close(26) = -1 EBADF (Bad file descriptor) [pid 754] close(27) = -1 EBADF (Bad file descriptor) [pid 754] close(28) = -1 EBADF (Bad file descriptor) [pid 754] close(29) = -1 EBADF (Bad file descriptor) [pid 754] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 754] exit_group(0) = ? [pid 754] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./59/binderfs") = 0 [pid 380] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./59/cgroup") = 0 [pid 380] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./59/cgroup.net") = 0 [pid 380] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./59/file0") = 0 [pid 380] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./59/cgroup.cpu") = 0 [ 207.238327][ T754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 207.246271][ T754] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 207.254217][ T754] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 207.262179][ T754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 207.270133][ T754] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [ 207.278220][ T754] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 757] <... write resumed>) = 6 [pid 380] close(3) = 0 [pid 380] rmdir("./59") = 0 [pid 380] mkdir("./60", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 62 [pid 757] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR./strace-static-x86_64: Process 762 attached ) = 5 [pid 757] write(5, "22", 2) = 2 [ 207.310949][ T758] FAULT_INJECTION: forcing a failure. [ 207.310949][ T758] name failslab, interval 1, probability 0, space 0, times 0 [ 207.323777][ T758] CPU: 0 PID: 758 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 207.335390][ T758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.345425][ T758] Call Trace: [ 207.348700][ T758] dump_stack_lvl+0x1e2/0x24b [ 207.353363][ T758] ? bfq_pos_tree_add_move+0x43e/0x43e [pid 757] write(4, "+pids ", 6 [pid 762] chdir("./60") = 0 [pid 762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 762] setpgid(0, 0) = 0 [pid 762] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 762] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 762] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 762] write(3, "1000", 4) = 4 [pid 762] close(3) = 0 [pid 762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 762] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 207.358812][ T758] ? selinux_kernfs_init_security+0x1a8/0x760 [ 207.364875][ T758] dump_stack+0x15/0x17 [ 207.369027][ T758] should_fail+0x3c0/0x510 [ 207.373436][ T758] ? __kernfs_new_node+0x99/0x6e0 [ 207.378445][ T758] __should_failslab+0x9f/0xe0 [ 207.383182][ T758] should_failslab+0x9/0x20 [ 207.387662][ T758] __kmalloc_track_caller+0x5f/0x350 [ 207.392923][ T758] kstrdup_const+0x55/0x90 [ 207.397326][ T758] __kernfs_new_node+0x99/0x6e0 [ 207.402170][ T758] ? is_module_text_address+0xe1/0x140 [ 207.407633][ T758] ? kernfs_new_node+0x170/0x170 [ 207.412562][ T758] ? ptr_to_hashval+0x60/0x60 [ 207.417220][ T758] ? arch_stack_walk+0xf8/0x140 [ 207.422047][ T758] ? snprintf+0xd6/0x120 [ 207.426263][ T758] kernfs_new_node+0x97/0x170 [ 207.430915][ T758] __kernfs_create_file+0x4a/0x270 [ 207.436007][ T758] cgroup_addrm_files+0xab8/0xfe0 [ 207.441010][ T758] ? ____kasan_kmalloc+0xdc/0x110 [ 207.446013][ T758] ? __kasan_kmalloc+0x9/0x10 [ 207.450682][ T758] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 207.456217][ T758] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 207.462357][ T758] ? delete_node+0x759/0x7b0 [ 207.466937][ T758] ? __kasan_check_read+0x11/0x20 [ 207.471944][ T758] ? delete_node+0x759/0x7b0 [ 207.476505][ T758] ? __kasan_check_write+0x14/0x20 [ 207.481603][ T758] ? idr_replace+0x1c4/0x230 [ 207.486193][ T758] ? idr_get_next+0x4b0/0x4b0 [ 207.490848][ T758] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 207.495843][ T758] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 207.501016][ T758] css_populate_dir+0x137/0x370 [ 207.505841][ T758] cgroup_apply_control_enable+0x8b9/0x12f0 [ 207.511707][ T758] cgroup_apply_control+0x93/0x710 [ 207.516797][ T758] ? css_next_child+0x160/0x160 [ 207.521629][ T758] ? stack_trace_save+0x12d/0x1f0 [ 207.526626][ T758] ? io_schedule+0x120/0x120 [ 207.531189][ T758] ? kernfs_fop_write_iter+0x15e/0x410 [ 207.536625][ T758] ? __kasan_check_write+0x14/0x20 [ 207.541708][ T758] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 207.546965][ T758] cgroup_subtree_control_write+0xd19/0x1310 [ 207.552917][ T758] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 207.558869][ T758] ? __kasan_check_write+0x14/0x20 [ 207.563961][ T758] ? _copy_from_iter+0x3fb/0xd60 [ 207.568882][ T758] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 207.574834][ T758] cgroup_file_write+0x28e/0x590 [ 207.579743][ T758] ? cgroup_seqfile_stop+0xc0/0xc0 [ 207.584836][ T758] ? mutex_lock+0xa6/0x110 [ 207.589242][ T758] ? mutex_trylock+0xb0/0xb0 [ 207.593816][ T758] ? __kasan_check_write+0x14/0x20 [ 207.598898][ T758] kernfs_fop_write_iter+0x2d0/0x410 [ 207.604155][ T758] ? cgroup_seqfile_stop+0xc0/0xc0 [ 207.609235][ T758] vfs_write+0xc1c/0xf40 [ 207.613451][ T758] ? __kasan_check_write+0x14/0x20 [ 207.618543][ T758] ? kernel_write+0x3c0/0x3c0 [ 207.623199][ T758] ? _raw_spin_unlock_irq+0x4e/0x70 [ 207.628376][ T758] ? ptrace_stop+0x6ff/0x9f0 [ 207.632956][ T758] ? __kasan_check_read+0x11/0x20 [ 207.637962][ T758] ? __fdget_pos+0x27e/0x310 [ 207.642523][ T758] ksys_write+0x198/0x2c0 [ 207.646824][ T758] ? do_notify_parent+0xa60/0xa60 [ 207.651821][ T758] ? __ia32_sys_read+0x90/0x90 [ 207.656564][ T758] ? __ia32_sys_open+0x270/0x270 [ 207.661490][ T758] __x64_sys_write+0x7b/0x90 [ 207.666055][ T758] do_syscall_64+0x34/0x70 [ 207.670446][ T758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 207.676311][ T758] RIP: 0033:0x7fc8ece62c09 [ 207.680701][ T758] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 207.700289][ T758] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 762] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 758] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 762] <... mount resumed>) = 0 [pid 762] open("./file0", O_RDONLY [pid 758] close(3 [pid 762] <... open resumed>) = 3 [pid 758] <... close resumed>) = 0 [pid 762] openat(3, "cgroup.subtree_control", O_RDWR [pid 758] close(4 [pid 762] <... openat resumed>) = 4 [pid 758] <... close resumed>) = 0 [pid 762] write(4, "-pids ", 6 [pid 758] close(5) = 0 [pid 758] close(6) = -1 EBADF (Bad file descriptor) [pid 758] close(7) = -1 EBADF (Bad file descriptor) [pid 758] close(8) = -1 EBADF (Bad file descriptor) [pid 758] close(9) = -1 EBADF (Bad file descriptor) [pid 758] close(10) = -1 EBADF (Bad file descriptor) [pid 758] close(11) = -1 EBADF (Bad file descriptor) [pid 758] close(12) = -1 EBADF (Bad file descriptor) [pid 758] close(13) = -1 EBADF (Bad file descriptor) [pid 758] close(14) = -1 EBADF (Bad file descriptor) [pid 758] close(15) = -1 EBADF (Bad file descriptor) [pid 758] close(16) = -1 EBADF (Bad file descriptor) [pid 758] close(17) = -1 EBADF (Bad file descriptor) [pid 758] close(18) = -1 EBADF (Bad file descriptor) [pid 758] close(19) = -1 EBADF (Bad file descriptor) [pid 758] close(20) = -1 EBADF (Bad file descriptor) [pid 758] close(21) = -1 EBADF (Bad file descriptor) [pid 758] close(22) = -1 EBADF (Bad file descriptor) [pid 758] close(23) = -1 EBADF (Bad file descriptor) [pid 758] close(24) = -1 EBADF (Bad file descriptor) [pid 758] close(25) = -1 EBADF (Bad file descriptor) [pid 758] close(26) = -1 EBADF (Bad file descriptor) [pid 758] close(27) = -1 EBADF (Bad file descriptor) [pid 758] close(28) = -1 EBADF (Bad file descriptor) [pid 758] close(29) = -1 EBADF (Bad file descriptor) [pid 758] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 758] exit_group(0) = ? [pid 758] +++ exited with 0 +++ [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 382] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 382] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./65/binderfs") = 0 [pid 382] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 382] unlink("./65/cgroup") = 0 [pid 382] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./65/cgroup.net") = 0 [ 207.708690][ T758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 207.716634][ T758] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 207.724581][ T758] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 207.732529][ T758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 207.740479][ T758] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000041 [ 207.748617][ T758] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 207.779218][ T382] ------------[ cut here ]------------ [ 207.784728][ T382] WARNING: CPU: 0 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 207.793739][ T382] Modules linked in: [ 207.797643][ T382] CPU: 0 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 207.809287][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.819355][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 207.824999][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 207.844623][ T382] RSP: 0018:ffffc90000b77ba0 EFLAGS: 00010293 [ 207.850728][ T382] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065e4f00 [ 207.858692][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 207.866722][ T382] RBP: ffffc90000b77c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 207.874693][ T382] R10: fffff5200016ef65 R11: 1ffff9200016ef64 R12: dffffc0000000000 [ 207.882671][ T382] R13: ffff88810d5ffc00 R14: ffffc90000b77c00 R15: 1ffff9200016ef7c [ 207.890674][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 207.899596][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.906193][ T382] CR2: 00007ffd7d0e1c18 CR3: 000000011dd7e000 CR4: 00000000003506b0 [ 207.914171][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 207.922150][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 207.930125][ T382] Call Trace: [ 207.933431][ T382] ? io_schedule+0x120/0x120 [ 207.938018][ T382] ? vfs_submount+0xb0/0xb0 [ 207.942527][ T382] ? shrink_dentry_list+0x4ec/0x500 [ 207.947725][ T382] ? __kasan_check_write+0x14/0x20 [ 207.952859][ T382] namespace_unlock+0x448/0x4f0 [ 207.957695][ T382] ? umount_tree+0xf50/0xf50 [ 207.962288][ T382] ? __detach_mounts+0x670/0x670 [ 207.967226][ T382] ? selinux_umount+0xf0/0x130 [ 207.972000][ T382] ? security_sb_umount+0x9d/0xb0 [ 207.977027][ T382] path_umount+0xf03/0xfb0 [ 207.981457][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 207.986471][ T382] ? user_path_at_empty+0x40/0x50 [ 207.991502][ T382] __x64_sys_umount+0x122/0x170 [ 207.996349][ T382] ? path_umount+0xfb0/0xfb0 [ 208.000959][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 208.006922][ T382] do_syscall_64+0x34/0x70 [ 208.011346][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 208.017232][ T382] RIP: 0033:0x7fc8ece63fb7 [ 208.021652][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.041264][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 208.049659][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 208.057630][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 208.065617][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 208.073617][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 208.081598][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000042 [ 208.089551][ T382] ---[ end trace d4de1ca9cdcd19ac ]--- [ 208.095146][ T382] ------------[ cut here ]------------ [ 208.095274][ T759] FAULT_INJECTION: forcing a failure. [ 208.095274][ T759] name failslab, interval 1, probability 0, space 0, times 0 [ 208.100637][ T382] WARNING: CPU: 1 PID: 382 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 208.113201][ T759] CPU: 0 PID: 759 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 208.122110][ T382] Modules linked in: [ 208.133691][ T759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.133696][ T759] Call Trace: [ 208.133717][ T759] dump_stack_lvl+0x1e2/0x24b [ 208.137565][ T382] [ 208.137582][ T382] CPU: 1 PID: 382 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 208.147605][ T759] ? bfq_pos_tree_add_move+0x43e/0x43e [ 208.147623][ T759] ? selinux_kernfs_init_security+0x1a8/0x760 [ 208.150882][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.155527][ T759] dump_stack+0x15/0x17 [ 208.157832][ T382] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 208.169414][ T759] should_fail+0x3c0/0x510 [ 208.169424][ T759] ? __kernfs_new_node+0x99/0x6e0 [ 208.169441][ T759] __should_failslab+0x9f/0xe0 [ 208.174876][ T382] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 208.180900][ T759] should_failslab+0x9/0x20 [ 208.180917][ T759] __kmalloc_track_caller+0x5f/0x350 [ 208.190962][ T382] RSP: 0018:ffffc90000b77ca0 EFLAGS: 00010293 [ 208.195083][ T759] kstrdup_const+0x55/0x90 [ 208.200683][ T382] [ 208.205074][ T759] __kernfs_new_node+0x99/0x6e0 [ 208.210068][ T382] RAX: ffffffff81b68f1a RBX: 00000000fffffffe RCX: ffff8881065e4f00 [ 208.214796][ T759] ? is_module_text_address+0xe1/0x140 [ 208.214812][ T759] ? kernfs_new_node+0x170/0x170 [ 208.234393][ T382] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 208.238863][ T759] ? ptr_to_hashval+0x60/0x60 [ 208.244118][ T382] RBP: ffffc90000b77d70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 208.250146][ T759] ? arch_stack_walk+0xf8/0x140 [ 208.250161][ T759] ? snprintf+0xd6/0x120 [ 208.254550][ T382] R10: fffff5200016ef85 R11: 1ffff9200016ef84 R12: dffffc0000000000 [ 208.256862][ T759] kernfs_new_node+0x97/0x170 [ 208.261684][ T382] R13: ffff88810d5ffc00 R14: ffffc90000b77d00 R15: 1ffff9200016ef9c [ 208.269626][ T759] __kernfs_create_file+0x4a/0x270 [ 208.275064][ T382] FS: 0000555556fab300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 208.279962][ T759] cgroup_addrm_files+0xab8/0xfe0 [ 208.287933][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 208.292567][ T759] ? ____kasan_kmalloc+0xdc/0x110 [ 208.292583][ T759] ? __kasan_kmalloc+0x9/0x10 [ 208.300555][ T382] CR2: 0000000020000000 CR3: 000000011dd7e000 CR4: 00000000003506a0 [ 208.305388][ T759] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 208.309597][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 208.317540][ T759] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 208.317549][ T759] ? delete_node+0x759/0x7b0 [ 208.317559][ T759] ? __kasan_check_read+0x11/0x20 [ 208.317574][ T759] ? delete_node+0x759/0x7b0 [ 208.322226][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 208.330168][ T759] ? __kasan_check_write+0x14/0x20 [ 208.330185][ T759] ? idr_replace+0x1c4/0x230 [ 208.335262][ T382] Call Trace: [ 208.344168][ T759] ? idr_get_next+0x4b0/0x4b0 [ 208.344185][ T759] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 208.349183][ T382] ? lockref_get_or_lock+0x340/0x340 [ 208.355732][ T759] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 208.355742][ T759] css_populate_dir+0x137/0x370 [ 208.355758][ T759] cgroup_apply_control_enable+0x8b9/0x12f0 [ 208.360767][ T382] ? umount_tree+0xf50/0xf50 [ 208.365411][ T759] cgroup_apply_control+0x93/0x710 [ 208.373367][ T382] ? vfs_submount+0xb0/0xb0 [ 208.378874][ T759] ? css_next_child+0x160/0x160 [ 208.386837][ T382] ? dput+0x2b6/0x320 [ 208.392943][ T759] ? stack_trace_save+0x12d/0x1f0 [ 208.392959][ T759] ? io_schedule+0x120/0x120 [ 208.397521][ T382] path_umount+0x1fe/0xfb0 [ 208.402509][ T759] ? kernfs_fop_write_iter+0x15e/0x410 [ 208.402526][ T759] ? __kasan_check_write+0x14/0x20 [ 208.407199][ T382] ? namespace_unlock+0x4f0/0x4f0 [ 208.415152][ T759] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 208.415165][ T759] cgroup_subtree_control_write+0xd19/0x1310 [ 208.415184][ T759] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 208.420287][ T382] ? user_path_at_empty+0x40/0x50 [ 208.424842][ T759] ? __kasan_check_write+0x14/0x20 [ 208.428098][ T382] __x64_sys_umount+0x122/0x170 [ 208.432752][ T759] ? _copy_from_iter+0x3fb/0xd60 [ 208.432764][ T759] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 208.432782][ T759] cgroup_file_write+0x28e/0x590 [ 208.437789][ T382] ? path_umount+0xfb0/0xfb0 [ 208.443036][ T759] ? cgroup_seqfile_stop+0xc0/0xc0 [ 208.443046][ T759] ? mutex_lock+0xa6/0x110 [ 208.443067][ T759] ? mutex_trylock+0xb0/0xb0 [ 208.448237][ T382] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 208.453047][ T759] ? __kasan_check_write+0x14/0x20 [ 208.453066][ T759] kernfs_fop_write_iter+0x2d0/0x410 [ 208.458928][ T382] do_syscall_64+0x34/0x70 [ 208.463482][ T759] ? cgroup_seqfile_stop+0xc0/0xc0 [ 208.463506][ T759] vfs_write+0xc1c/0xf40 [ 208.468585][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 208.473058][ T759] ? __kasan_check_write+0x14/0x20 [ 208.473074][ T759] ? kernel_write+0x3c0/0x3c0 [ 208.477894][ T382] RIP: 0033:0x7fc8ece63fb7 [ 208.481842][ T759] ? _raw_spin_unlock_irq+0x4e/0x70 [pid 382] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 762] <... write resumed>) = 6 [pid 760] <... write resumed>) = 6 [pid 762] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 208.481851][ T759] ? ptrace_stop+0x6ff/0x9f0 [ 208.481867][ T759] ? __kasan_check_read+0x11/0x20 [ 208.486862][ T382] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.491444][ T759] ? __fdget_pos+0x27e/0x310 [ 208.491460][ T759] ksys_write+0x198/0x2c0 [ 208.495849][ T382] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 208.501279][ T759] ? do_notify_parent+0xa60/0xa60 [ 208.501295][ T759] ? __ia32_sys_read+0x90/0x90 [ 208.506372][ T382] ORIG_RAX: 00000000000000a6 [ 208.511364][ T759] ? __ia32_sys_open+0x270/0x270 [ 208.511382][ T759] __x64_sys_write+0x7b/0x90 [ 208.516633][ T382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 208.522578][ T759] do_syscall_64+0x34/0x70 [ 208.522594][ T759] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 208.528549][ T382] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 208.533533][ T759] RIP: 0033:0x7fc8ece62c09 [ 208.533543][ T759] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 208.533559][ T759] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 208.538642][ T382] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 208.543629][ T759] ORIG_RAX: 0000000000000001 [ 208.543637][ T759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 208.543650][ T759] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 208.548564][ T382] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [ 208.554504][ T759] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 208.554511][ T759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 208.554524][ T759] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003e [ 208.559432][ T382] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000042 [ 208.826576][ T382] ---[ end trace d4de1ca9cdcd19ad ]--- [pid 760] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 759] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 762] <... openat resumed>) = 5 [pid 760] <... openat resumed>) = 5 [pid 759] close(3 [pid 382] <... umount2 resumed>) = 0 [pid 762] write(5, "22", 2 [pid 760] write(5, "22", 2 [pid 762] <... write resumed>) = 2 [pid 759] <... close resumed>) = 0 [pid 760] <... write resumed>) = 2 [pid 382] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 762] write(4, "+pids ", 6 [pid 760] write(4, "+pids ", 6 [pid 759] close(4) = 0 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 759] close(5 [pid 382] lstat("./65/file0", [pid 759] <... close resumed>) = 0 [pid 759] close(6 [pid 382] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 759] close(7) = -1 EBADF (Bad file descriptor) [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 759] close(8 [pid 382] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... openat resumed>) = 4 [pid 759] close(9 [pid 382] fstat(4, [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, [pid 759] close(10) = -1 EBADF (Bad file descriptor) [pid 382] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 759] close(11 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4 [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... close resumed>) = 0 [pid 759] close(12 [pid 382] rmdir("./65/file0" [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 759] close(13) = -1 EBADF (Bad file descriptor) [pid 759] close(14 [pid 382] <... rmdir resumed>) = 0 [pid 382] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 759] close(15) = -1 EBADF (Bad file descriptor) [pid 759] close(16 [pid 382] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] lstat("./65/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./65/cgroup.cpu" [pid 759] close(17) = -1 EBADF (Bad file descriptor) [pid 759] close(18) = -1 EBADF (Bad file descriptor) [pid 382] <... unlink resumed>) = 0 [pid 759] close(19) = -1 EBADF (Bad file descriptor) [pid 759] close(20) = -1 EBADF (Bad file descriptor) [pid 759] close(21 [pid 382] getdents64(3, [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 759] close(22 [pid 382] close(3) = 0 [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 382] rmdir("./65" [pid 759] close(23) = -1 EBADF (Bad file descriptor) [pid 759] close(24) = -1 EBADF (Bad file descriptor) [pid 759] close(25) = -1 EBADF (Bad file descriptor) [pid 759] close(26) = -1 EBADF (Bad file descriptor) [pid 759] close(27 [pid 382] <... rmdir resumed>) = 0 [pid 382] mkdir("./66", 0777 [pid 759] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 759] close(28) = -1 EBADF (Bad file descriptor) [pid 759] close(29write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 759] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 759] exit_group(0) = ? [pid 382] <... mkdir resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 759] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 376] restart_syscall(<... resuming interrupted clone ...> [pid 382] <... clone resumed>, child_tidptr=0x555556fab5d0) = 68 [pid 376] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 763 attached [pid 763] chdir("./66") = 0 [pid 376] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW [pid 763] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 763] <... prctl resumed>) = 0 [pid 376] <... openat resumed>) = 3 [pid 376] fstat(3, [pid 763] setpgid(0, 0 [pid 376] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 763] <... setpgid resumed>) = 0 [pid 763] symlink("/syzcgroup/unified/syz5", "./cgroup" [pid 376] getdents64(3, [pid 763] <... symlink resumed>) = 0 [pid 376] <... getdents64 resumed>0x555556fad630 /* 7 entries */, 32768) = 208 [pid 763] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu" [pid 376] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 763] <... symlink resumed>) = 0 [pid 376] unlink("./62/binderfs" [pid 763] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 376] <... unlink resumed>) = 0 [pid 763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW [pid 763] <... openat resumed>) = 3 [pid 376] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] lstat("./62/cgroup", [pid 763] write(3, "1000", 4 [pid 376] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 763] <... write resumed>) = 4 [pid 376] unlink("./62/cgroup" [pid 763] close(3) = 0 [pid 763] symlink("/dev/binderfs", "./binderfs" [pid 376] <... unlink resumed>) = 0 [pid 376] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./62/cgroup.net" [pid 763] <... symlink resumed>) = 0 [pid 376] <... unlink resumed>) = 0 [ 208.832046][ T759] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 376] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 763] mkdirat(AT_FDCWD, "./file0", 000 [pid 761] <... write resumed>) = 6 [pid 376] <... umount2 resumed>) = 0 [pid 376] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./62/file0") = 0 [pid 376] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./62/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./62") = 0 [pid 376] mkdir("./63", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 65 [pid 763] <... mkdirat resumed>) = 0 [pid 763] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 761] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 761] write(5, "22", 2) = 2 [pid 761] write(4, "+pids ", 6./strace-static-x86_64: Process 764 attached [pid 764] chdir("./63") = 0 [pid 764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 764] setpgid(0, 0) = 0 [pid 764] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 764] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 764] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 764] write(3, "1000", 4) = 4 [pid 764] close(3) = 0 [pid 764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 764] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 208.865492][ T757] FAULT_INJECTION: forcing a failure. [ 208.865492][ T757] name failslab, interval 1, probability 0, space 0, times 0 [ 208.878191][ T757] CPU: 0 PID: 757 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 208.889798][ T757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.899831][ T757] Call Trace: [ 208.903109][ T757] dump_stack_lvl+0x1e2/0x24b [ 208.907760][ T757] ? panic+0x7d7/0x7d7 [ 208.911803][ T757] ? bfq_pos_tree_add_move+0x43e/0x43e [ 208.917233][ T757] ? find_next_bit+0xd6/0x120 [ 208.921882][ T757] ? cpumask_next+0x11/0x30 [ 208.926357][ T757] dump_stack+0x15/0x17 [ 208.930491][ T757] should_fail+0x3c0/0x510 [ 208.934889][ T757] ? percpu_ref_init+0xd0/0x330 [ 208.939734][ T757] __should_failslab+0x9f/0xe0 [ 208.944483][ T757] should_failslab+0x9/0x20 [ 208.948963][ T757] kmem_cache_alloc_trace+0x3a/0x330 [ 208.954221][ T757] percpu_ref_init+0xd0/0x330 [ 208.958868][ T757] ? cgroup_setup_root+0xea0/0xea0 [ 208.963961][ T757] cgroup_apply_control_enable+0x3a2/0x12f0 [ 208.969847][ T757] cgroup_apply_control+0x93/0x710 [ 208.974941][ T757] ? css_next_child+0x160/0x160 [ 208.979767][ T757] ? io_schedule+0x120/0x120 [ 208.984338][ T757] ? kernfs_fop_write_iter+0x15e/0x410 [ 208.989779][ T757] ? __kasan_check_write+0x14/0x20 [ 208.994872][ T757] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 209.000146][ T757] cgroup_subtree_control_write+0xd19/0x1310 [ 209.006119][ T757] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.012080][ T757] ? __kasan_check_write+0x14/0x20 [ 209.017173][ T757] ? _copy_from_iter+0x3fb/0xd60 [ 209.022081][ T757] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.028031][ T757] cgroup_file_write+0x28e/0x590 [ 209.032948][ T757] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.038040][ T757] ? mutex_lock+0xa6/0x110 [ 209.042431][ T757] ? mutex_trylock+0xb0/0xb0 [ 209.046993][ T757] ? __kasan_check_write+0x14/0x20 [ 209.052088][ T757] kernfs_fop_write_iter+0x2d0/0x410 [ 209.057357][ T757] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.062446][ T757] vfs_write+0xc1c/0xf40 [ 209.066670][ T757] ? __kasan_check_write+0x14/0x20 [ 209.071753][ T757] ? kernel_write+0x3c0/0x3c0 [ 209.076402][ T757] ? _raw_spin_unlock_irq+0x4e/0x70 [ 209.081572][ T757] ? ptrace_stop+0x6ff/0x9f0 [ 209.086147][ T757] ? __kasan_check_read+0x11/0x20 [ 209.091155][ T757] ? __fdget_pos+0x27e/0x310 [ 209.095716][ T757] ksys_write+0x198/0x2c0 [ 209.100022][ T757] ? do_notify_parent+0xa60/0xa60 [ 209.105023][ T757] ? __ia32_sys_read+0x90/0x90 [ 209.109766][ T757] ? __ia32_sys_open+0x270/0x270 [ 209.114690][ T757] __x64_sys_write+0x7b/0x90 [ 209.119253][ T757] do_syscall_64+0x34/0x70 [ 209.123646][ T757] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 209.129519][ T757] RIP: 0033:0x7fc8ece62c09 [ 209.133914][ T757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.153493][ T757] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 764] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 763] <... mount resumed>) = 0 [pid 757] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 757] close(3) = 0 [pid 757] close(4) = 0 [pid 757] close(5) = 0 [pid 757] close(6) = -1 EBADF (Bad file descriptor) [pid 757] close(7) = -1 EBADF (Bad file descriptor) [pid 757] close(8) = -1 EBADF (Bad file descriptor) [pid 757] close(9) = -1 EBADF (Bad file descriptor) [pid 757] close(10) = -1 EBADF (Bad file descriptor) [pid 757] close(11) = -1 EBADF (Bad file descriptor) [pid 757] close(12) = -1 EBADF (Bad file descriptor) [pid 757] close(13) = -1 EBADF (Bad file descriptor) [pid 757] close(14) = -1 EBADF (Bad file descriptor) [pid 757] close(15) = -1 EBADF (Bad file descriptor) [pid 757] close(16) = -1 EBADF (Bad file descriptor) [pid 757] close(17) = -1 EBADF (Bad file descriptor) [pid 757] close(18) = -1 EBADF (Bad file descriptor) [pid 757] close(19) = -1 EBADF (Bad file descriptor) [pid 757] close(20) = -1 EBADF (Bad file descriptor) [pid 757] close(21) = -1 EBADF (Bad file descriptor) [pid 757] close(22) = -1 EBADF (Bad file descriptor) [pid 757] close(23) = -1 EBADF (Bad file descriptor) [pid 757] close(24) = -1 EBADF (Bad file descriptor) [pid 757] close(25) = -1 EBADF (Bad file descriptor) [pid 757] close(26) = -1 EBADF (Bad file descriptor) [pid 757] close(27) = -1 EBADF (Bad file descriptor) [pid 757] close(28) = -1 EBADF (Bad file descriptor) [pid 757] close(29) = -1 EBADF (Bad file descriptor) [pid 757] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 757] exit_group(0) = ? [pid 764] open("./file0", O_RDONLY [pid 763] open("./file0", O_RDONLY [pid 757] +++ exited with 0 +++ [pid 764] <... open resumed>) = 3 [pid 764] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 764] write(4, "-pids ", 6 [pid 763] <... open resumed>) = 3 [pid 763] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 763] write(4, "-pids ", 6 [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 375] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./66/binderfs") = 0 [pid 375] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./66/cgroup") = 0 [pid 375] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./66/cgroup.net") = 0 [pid 375] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./66/file0") = 0 [pid 375] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./66/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./66") = 0 [pid 375] mkdir("./67", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 765 attached , child_tidptr=0x555556fab5d0) = 69 [pid 765] chdir("./67") = 0 [pid 765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 765] setpgid(0, 0) = 0 [pid 765] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 765] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 765] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 765] write(3, "1000", 4) = 4 [pid 765] close(3) = 0 [pid 765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 765] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 765] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [ 209.161885][ T757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 209.169840][ T757] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 209.177905][ T757] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 209.185860][ T757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 209.193817][ T757] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000042 [pid 765] open("./file0", O_RDONLY) = 3 [pid 765] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 209.220757][ T762] FAULT_INJECTION: forcing a failure. [ 209.220757][ T762] name failslab, interval 1, probability 0, space 0, times 0 [ 209.233417][ T762] CPU: 1 PID: 762 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 209.245037][ T762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.255088][ T762] Call Trace: [ 209.258375][ T762] dump_stack_lvl+0x1e2/0x24b [ 209.263038][ T762] ? bfq_pos_tree_add_move+0x43e/0x43e [ 209.268480][ T762] ? selinux_kernfs_init_security+0x1a8/0x760 [ 209.274539][ T762] dump_stack+0x15/0x17 [ 209.278684][ T762] should_fail+0x3c0/0x510 [ 209.283074][ T762] ? __kernfs_new_node+0x99/0x6e0 [ 209.288083][ T762] __should_failslab+0x9f/0xe0 [ 209.292830][ T762] should_failslab+0x9/0x20 [ 209.297309][ T762] __kmalloc_track_caller+0x5f/0x350 [ 209.302573][ T762] kstrdup_const+0x55/0x90 [ 209.306978][ T762] __kernfs_new_node+0x99/0x6e0 [ 209.311811][ T762] ? is_module_text_address+0xe1/0x140 [ 209.317249][ T762] ? kernfs_new_node+0x170/0x170 [ 209.322163][ T762] ? ptr_to_hashval+0x60/0x60 [ 209.326821][ T762] ? arch_stack_walk+0xf8/0x140 [ 209.331648][ T762] ? snprintf+0xd6/0x120 [ 209.335870][ T762] kernfs_new_node+0x97/0x170 [ 209.340525][ T762] __kernfs_create_file+0x4a/0x270 [ 209.345629][ T762] cgroup_addrm_files+0xab8/0xfe0 [ 209.350639][ T762] ? ____kasan_kmalloc+0xdc/0x110 [ 209.355642][ T762] ? __kasan_kmalloc+0x9/0x10 [ 209.360308][ T762] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 209.365839][ T762] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 209.371974][ T762] ? delete_node+0x759/0x7b0 [ 209.376550][ T762] ? __kasan_check_read+0x11/0x20 [ 209.381562][ T762] ? delete_node+0x759/0x7b0 [ 209.386133][ T762] ? __kasan_check_write+0x14/0x20 [ 209.391223][ T762] ? idr_replace+0x1c4/0x230 [ 209.395802][ T762] ? idr_get_next+0x4b0/0x4b0 [ 209.400474][ T762] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 209.405484][ T762] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 209.410659][ T762] css_populate_dir+0x137/0x370 [ 209.415504][ T762] cgroup_apply_control_enable+0x8b9/0x12f0 [ 209.421384][ T762] cgroup_apply_control+0x93/0x710 [ 209.426475][ T762] ? css_next_child+0x160/0x160 [ 209.431309][ T762] ? io_schedule+0x120/0x120 [ 209.435884][ T762] ? kernfs_fop_write_iter+0x15e/0x410 [ 209.441337][ T762] ? __kasan_check_write+0x14/0x20 [ 209.446443][ T762] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 209.451709][ T762] cgroup_subtree_control_write+0xd19/0x1310 [ 209.457682][ T762] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.463646][ T762] ? __kasan_check_write+0x14/0x20 [ 209.468737][ T762] ? _copy_from_iter+0x3fb/0xd60 [ 209.473654][ T762] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.479611][ T762] cgroup_file_write+0x28e/0x590 [ 209.484532][ T762] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.489621][ T762] ? mutex_lock+0xa6/0x110 [ 209.494020][ T762] ? mutex_trylock+0xb0/0xb0 [ 209.498600][ T762] ? __kasan_check_write+0x14/0x20 [ 209.503692][ T762] kernfs_fop_write_iter+0x2d0/0x410 [ 209.508967][ T762] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.514086][ T762] vfs_write+0xc1c/0xf40 [ 209.518308][ T762] ? __kasan_check_write+0x14/0x20 [ 209.523397][ T762] ? kernel_write+0x3c0/0x3c0 [ 209.528098][ T762] ? _raw_spin_unlock_irq+0x4e/0x70 [ 209.533277][ T762] ? ptrace_stop+0x6ff/0x9f0 [ 209.537847][ T762] ? __kasan_check_read+0x11/0x20 [ 209.542851][ T762] ? __fdget_pos+0x27e/0x310 [ 209.547434][ T762] ksys_write+0x198/0x2c0 [ 209.551753][ T762] ? do_notify_parent+0xa60/0xa60 [ 209.556758][ T762] ? __ia32_sys_read+0x90/0x90 [ 209.561500][ T762] ? __ia32_sys_open+0x270/0x270 [ 209.566419][ T762] __x64_sys_write+0x7b/0x90 [ 209.570988][ T762] do_syscall_64+0x34/0x70 [ 209.575381][ T762] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 209.581249][ T762] RIP: 0033:0x7fc8ece62c09 [ 209.585645][ T762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 209.605234][ T762] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.613630][ T762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 765] write(4, "-pids ", 6 [pid 762] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 762] close(3) = 0 [pid 762] close(4) = 0 [pid 762] close(5) = 0 [pid 762] close(6) = -1 EBADF (Bad file descriptor) [pid 762] close(7) = -1 EBADF (Bad file descriptor) [pid 762] close(8) = -1 EBADF (Bad file descriptor) [pid 762] close(9) = -1 EBADF (Bad file descriptor) [pid 762] close(10) = -1 EBADF (Bad file descriptor) [pid 762] close(11) = -1 EBADF (Bad file descriptor) [pid 762] close(12) = -1 EBADF (Bad file descriptor) [pid 762] close(13) = -1 EBADF (Bad file descriptor) [pid 762] close(14) = -1 EBADF (Bad file descriptor) [pid 762] close(15) = -1 EBADF (Bad file descriptor) [pid 762] close(16) = -1 EBADF (Bad file descriptor) [pid 762] close(17) = -1 EBADF (Bad file descriptor) [pid 762] close(18) = -1 EBADF (Bad file descriptor) [pid 762] close(19) = -1 EBADF (Bad file descriptor) [pid 762] close(20) = -1 EBADF (Bad file descriptor) [pid 762] close(21) = -1 EBADF (Bad file descriptor) [pid 762] close(22) = -1 EBADF (Bad file descriptor) [pid 762] close(23) = -1 EBADF (Bad file descriptor) [pid 762] close(24) = -1 EBADF (Bad file descriptor) [pid 762] close(25) = -1 EBADF (Bad file descriptor) [pid 762] close(26) = -1 EBADF (Bad file descriptor) [pid 762] close(27) = -1 EBADF (Bad file descriptor) [pid 762] close(28) = -1 EBADF (Bad file descriptor) [pid 762] close(29) = -1 EBADF (Bad file descriptor) [pid 762] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 762] exit_group(0) = ? [pid 762] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./60/binderfs") = 0 [pid 380] umount2("./60/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./60/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./60/cgroup") = 0 [pid 380] umount2("./60/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./60/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./60/cgroup.net") = 0 [pid 380] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./60/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./60/file0") = 0 [pid 380] umount2("./60/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./60/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./60/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./60") = 0 [pid 380] mkdir("./61", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 766 attached , child_tidptr=0x555556fab5d0) = 63 [pid 766] chdir("./61") = 0 [pid 766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 766] setpgid(0, 0) = 0 [pid 766] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 766] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 766] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 766] write(3, "1000", 4) = 4 [pid 766] close(3) = 0 [pid 766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 766] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 766] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 766] open("./file0", O_RDONLY) = 3 [pid 766] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 209.621582][ T762] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 209.629537][ T762] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 209.637486][ T762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 209.645438][ T762] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003c [ 209.654185][ T762] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 209.700356][ T760] FAULT_INJECTION: forcing a failure. [ 209.700356][ T760] name failslab, interval 1, probability 0, space 0, times 0 [ 209.713030][ T760] CPU: 1 PID: 760 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 209.724626][ T760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.734654][ T760] Call Trace: [ 209.737921][ T760] dump_stack_lvl+0x1e2/0x24b [ 209.742577][ T760] ? bfq_pos_tree_add_move+0x43e/0x43e [ 209.748012][ T760] ? selinux_kernfs_init_security+0x1a8/0x760 [ 209.754054][ T760] dump_stack+0x15/0x17 [ 209.758187][ T760] should_fail+0x3c0/0x510 [ 209.762580][ T760] ? __kernfs_new_node+0x99/0x6e0 [ 209.767580][ T760] __should_failslab+0x9f/0xe0 [ 209.772329][ T760] should_failslab+0x9/0x20 [ 209.776822][ T760] __kmalloc_track_caller+0x5f/0x350 [ 209.782094][ T760] kstrdup_const+0x55/0x90 [ 209.786486][ T760] __kernfs_new_node+0x99/0x6e0 [ 209.791310][ T760] ? is_module_text_address+0xe1/0x140 [ 209.796746][ T760] ? kernfs_new_node+0x170/0x170 [ 209.801668][ T760] ? ptr_to_hashval+0x60/0x60 [ 209.806354][ T760] ? arch_stack_walk+0xf8/0x140 [ 209.811179][ T760] ? snprintf+0xd6/0x120 [ 209.815397][ T760] kernfs_new_node+0x97/0x170 [ 209.820047][ T760] __kernfs_create_file+0x4a/0x270 [ 209.825140][ T760] cgroup_addrm_files+0xab8/0xfe0 [ 209.830152][ T760] ? ____kasan_kmalloc+0xdc/0x110 [ 209.835155][ T760] ? __kasan_kmalloc+0x9/0x10 [ 209.839814][ T760] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 209.845354][ T760] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 209.851489][ T760] ? delete_node+0x759/0x7b0 [ 209.856069][ T760] ? __kasan_check_read+0x11/0x20 [ 209.861081][ T760] ? delete_node+0x759/0x7b0 [ 209.865644][ T760] ? __kasan_check_write+0x14/0x20 [ 209.870739][ T760] ? idr_replace+0x1c4/0x230 [ 209.875323][ T760] ? idr_get_next+0x4b0/0x4b0 [ 209.879988][ T760] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 209.884999][ T760] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 209.890176][ T760] css_populate_dir+0x137/0x370 [ 209.895014][ T760] cgroup_apply_control_enable+0x8b9/0x12f0 [ 209.900883][ T760] cgroup_apply_control+0x93/0x710 [ 209.905968][ T760] ? css_next_child+0x160/0x160 [ 209.910803][ T760] ? io_schedule+0x120/0x120 [ 209.915383][ T760] ? kernfs_fop_write_iter+0x15e/0x410 [ 209.920826][ T760] ? __kasan_check_write+0x14/0x20 [ 209.925911][ T760] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 209.931172][ T760] cgroup_subtree_control_write+0xd19/0x1310 [ 209.937126][ T760] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.943078][ T760] ? __kasan_check_write+0x14/0x20 [ 209.948169][ T760] ? _copy_from_iter+0x3fb/0xd60 [ 209.953086][ T760] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 209.959039][ T760] cgroup_file_write+0x28e/0x590 [ 209.963959][ T760] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.969055][ T760] ? mutex_lock+0xa6/0x110 [ 209.973531][ T760] ? mutex_trylock+0xb0/0xb0 [ 209.978096][ T760] ? __kasan_check_write+0x14/0x20 [ 209.983192][ T760] kernfs_fop_write_iter+0x2d0/0x410 [ 209.988462][ T760] ? cgroup_seqfile_stop+0xc0/0xc0 [ 209.993560][ T760] vfs_write+0xc1c/0xf40 [ 209.997788][ T760] ? __kasan_check_write+0x14/0x20 [ 210.002875][ T760] ? kernel_write+0x3c0/0x3c0 [ 210.007531][ T760] ? _raw_spin_unlock_irq+0x4e/0x70 [ 210.012712][ T760] ? ptrace_stop+0x6ff/0x9f0 [ 210.017292][ T760] ? __kasan_check_read+0x11/0x20 [ 210.022303][ T760] ? __fdget_pos+0x27e/0x310 [ 210.026868][ T760] ksys_write+0x198/0x2c0 [ 210.031171][ T760] ? do_notify_parent+0xa60/0xa60 [ 210.036167][ T760] ? __ia32_sys_read+0x90/0x90 [ 210.040912][ T760] ? __ia32_sys_open+0x270/0x270 [ 210.045838][ T760] __x64_sys_write+0x7b/0x90 [ 210.050404][ T760] do_syscall_64+0x34/0x70 [ 210.054798][ T760] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 210.060664][ T760] RIP: 0033:0x7fc8ece62c09 [ 210.065054][ T760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.084632][ T760] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 210.093018][ T760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 766] write(4, "-pids ", 6 [pid 760] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 760] close(3) = 0 [pid 760] close(4) = 0 [pid 760] close(5) = 0 [pid 760] close(6) = -1 EBADF (Bad file descriptor) [pid 760] close(7) = -1 EBADF (Bad file descriptor) [pid 760] close(8) = -1 EBADF (Bad file descriptor) [pid 760] close(9) = -1 EBADF (Bad file descriptor) [pid 760] close(10) = -1 EBADF (Bad file descriptor) [pid 760] close(11) = -1 EBADF (Bad file descriptor) [pid 760] close(12) = -1 EBADF (Bad file descriptor) [pid 760] close(13) = -1 EBADF (Bad file descriptor) [pid 760] close(14) = -1 EBADF (Bad file descriptor) [pid 760] close(15) = -1 EBADF (Bad file descriptor) [pid 760] close(16) = -1 EBADF (Bad file descriptor) [pid 760] close(17) = -1 EBADF (Bad file descriptor) [pid 760] close(18) = -1 EBADF (Bad file descriptor) [pid 760] close(19) = -1 EBADF (Bad file descriptor) [pid 760] close(20) = -1 EBADF (Bad file descriptor) [pid 760] close(21) = -1 EBADF (Bad file descriptor) [pid 760] close(22) = -1 EBADF (Bad file descriptor) [pid 760] close(23) = -1 EBADF (Bad file descriptor) [pid 760] close(24) = -1 EBADF (Bad file descriptor) [pid 760] close(25) = -1 EBADF (Bad file descriptor) [pid 760] close(26) = -1 EBADF (Bad file descriptor) [pid 760] close(27) = -1 EBADF (Bad file descriptor) [pid 760] close(28) = -1 EBADF (Bad file descriptor) [pid 760] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 760] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 760] exit_group(0) = ? [pid 760] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./63/binderfs") = 0 [pid 381] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./63/cgroup") = 0 [pid 381] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./63/cgroup.net") = 0 [pid 381] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./63/file0") = 0 [pid 381] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./63/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./63") = 0 [ 210.100966][ T760] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 210.108931][ T760] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 210.116893][ T760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 210.124849][ T760] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003f [ 210.132915][ T760] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] mkdir("./64", 0777 [pid 764] <... write resumed>) = 6 [pid 381] <... mkdir resumed>) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 767 attached [pid 767] chdir("./64" [pid 381] <... clone resumed>, child_tidptr=0x555556fab5d0) = 66 [pid 767] <... chdir resumed>) = 0 [pid 767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 767] setpgid(0, 0) = 0 [pid 767] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 767] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 767] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 767] write(3, "1000", 4) = 4 [pid 767] close(3) = 0 [pid 767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 767] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 767] mount(NULL, "./file0", "cgroup2", 0, NULL [pid 764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 764] write(5, "22", 2) = 2 [ 210.150494][ T761] FAULT_INJECTION: forcing a failure. [ 210.150494][ T761] name failslab, interval 1, probability 0, space 0, times 0 [ 210.163143][ T761] CPU: 1 PID: 761 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 210.174756][ T761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.184810][ T761] Call Trace: [ 210.188086][ T761] dump_stack_lvl+0x1e2/0x24b [ 210.192758][ T761] ? bfq_pos_tree_add_move+0x43e/0x43e [ 210.198194][ T761] ? selinux_kernfs_init_security+0x1a8/0x760 [ 210.204246][ T761] dump_stack+0x15/0x17 [ 210.208376][ T761] should_fail+0x3c0/0x510 [ 210.212771][ T761] ? __kernfs_new_node+0x99/0x6e0 [ 210.217770][ T761] __should_failslab+0x9f/0xe0 [ 210.222513][ T761] should_failslab+0x9/0x20 [ 210.226995][ T761] __kmalloc_track_caller+0x5f/0x350 [ 210.232261][ T761] kstrdup_const+0x55/0x90 [ 210.236698][ T761] __kernfs_new_node+0x99/0x6e0 [ 210.241533][ T761] ? is_module_text_address+0xe1/0x140 [ 210.246973][ T761] ? kernfs_new_node+0x170/0x170 [ 210.251893][ T761] ? ptr_to_hashval+0x60/0x60 [ 210.256548][ T761] ? arch_stack_walk+0xf8/0x140 [ 210.261383][ T761] ? snprintf+0xd6/0x120 [ 210.265616][ T761] kernfs_new_node+0x97/0x170 [ 210.270274][ T761] __kernfs_create_file+0x4a/0x270 [ 210.275361][ T761] cgroup_addrm_files+0xab8/0xfe0 [ 210.280449][ T761] ? ____kasan_kmalloc+0xdc/0x110 [ 210.285457][ T761] ? __kasan_kmalloc+0x9/0x10 [ 210.290117][ T761] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 210.295649][ T761] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 210.301793][ T761] ? delete_node+0x759/0x7b0 [ 210.306378][ T761] ? __kasan_check_read+0x11/0x20 [ 210.311389][ T761] ? delete_node+0x759/0x7b0 [ 210.315955][ T761] ? __kasan_check_write+0x14/0x20 [ 210.321052][ T761] ? idr_replace+0x1c4/0x230 [ 210.325638][ T761] ? idr_get_next+0x4b0/0x4b0 [ 210.330300][ T761] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 210.335298][ T761] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 210.340489][ T761] css_populate_dir+0x137/0x370 [ 210.345324][ T761] cgroup_apply_control_enable+0x8b9/0x12f0 [ 210.351198][ T761] cgroup_apply_control+0x93/0x710 [ 210.356288][ T761] ? css_next_child+0x160/0x160 [ 210.361126][ T761] ? stack_trace_save+0x12d/0x1f0 [ 210.366133][ T761] ? io_schedule+0x120/0x120 [ 210.370696][ T761] ? kernfs_fop_write_iter+0x15e/0x410 [ 210.376127][ T761] ? __kasan_check_write+0x14/0x20 [ 210.381211][ T761] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 210.386478][ T761] cgroup_subtree_control_write+0xd19/0x1310 [ 210.392780][ T761] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 210.398733][ T761] ? __kasan_check_write+0x14/0x20 [ 210.403826][ T761] ? _copy_from_iter+0x3fb/0xd60 [ 210.408736][ T761] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 210.414696][ T761] cgroup_file_write+0x28e/0x590 [ 210.419615][ T761] ? cgroup_seqfile_stop+0xc0/0xc0 [ 210.424723][ T761] ? mutex_lock+0xa6/0x110 [ 210.429131][ T761] ? mutex_trylock+0xb0/0xb0 [ 210.433715][ T761] ? __kasan_check_write+0x14/0x20 [ 210.438817][ T761] kernfs_fop_write_iter+0x2d0/0x410 [ 210.444077][ T761] ? cgroup_seqfile_stop+0xc0/0xc0 [ 210.449163][ T761] vfs_write+0xc1c/0xf40 [ 210.453381][ T761] ? __kasan_check_write+0x14/0x20 [ 210.458481][ T761] ? kernel_write+0x3c0/0x3c0 [ 210.463149][ T761] ? _raw_spin_unlock_irq+0x4e/0x70 [ 210.468329][ T761] ? ptrace_stop+0x6ff/0x9f0 [ 210.472906][ T761] ? __kasan_check_read+0x11/0x20 [ 210.477919][ T761] ? __fdget_pos+0x27e/0x310 [ 210.482484][ T761] ksys_write+0x198/0x2c0 [ 210.486789][ T761] ? do_notify_parent+0xa60/0xa60 [ 210.491789][ T761] ? __ia32_sys_read+0x90/0x90 [ 210.496531][ T761] ? __ia32_sys_open+0x270/0x270 [ 210.501457][ T761] __x64_sys_write+0x7b/0x90 [ 210.506032][ T761] do_syscall_64+0x34/0x70 [ 210.510425][ T761] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 210.516295][ T761] RIP: 0033:0x7fc8ece62c09 [ 210.520695][ T761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 210.540285][ T761] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 764] write(4, "+pids ", 6 [pid 767] <... mount resumed>) = 0 [pid 761] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 767] open("./file0", O_RDONLY [pid 761] close(3) = 0 [pid 761] close(4) = 0 [pid 761] close(5) = 0 [pid 761] close(6) = -1 EBADF (Bad file descriptor) [pid 761] close(7 [pid 767] <... open resumed>) = 3 [pid 761] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 767] openat(3, "cgroup.subtree_control", O_RDWR [pid 761] close(8) = -1 EBADF (Bad file descriptor) [pid 761] close(9) = -1 EBADF (Bad file descriptor) [pid 761] close(10) = -1 EBADF (Bad file descriptor) [pid 761] close(11) = -1 EBADF (Bad file descriptor) [pid 761] close(12) = -1 EBADF (Bad file descriptor) [pid 761] close(13) = -1 EBADF (Bad file descriptor) [pid 761] close(14) = -1 EBADF (Bad file descriptor) [pid 761] close(15) = -1 EBADF (Bad file descriptor) [pid 761] close(16) = -1 EBADF (Bad file descriptor) [pid 761] close(17) = -1 EBADF (Bad file descriptor) [pid 761] close(18) = -1 EBADF (Bad file descriptor) [pid 761] close(19) = -1 EBADF (Bad file descriptor) [pid 761] close(20) = -1 EBADF (Bad file descriptor) [pid 761] close(21) = -1 EBADF (Bad file descriptor) [pid 761] close(22) = -1 EBADF (Bad file descriptor) [pid 761] close(23) = -1 EBADF (Bad file descriptor) [pid 761] close(24) = -1 EBADF (Bad file descriptor) [pid 761] close(25) = -1 EBADF (Bad file descriptor) [pid 761] close(26) = -1 EBADF (Bad file descriptor) [pid 761] close(27) = -1 EBADF (Bad file descriptor) [pid 761] close(28) = -1 EBADF (Bad file descriptor) [pid 761] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 761] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 761] exit_group(0) = ? [pid 767] <... openat resumed>) = 4 [pid 761] +++ exited with 0 +++ [pid 767] write(4, "-pids ", 6 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=57, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 383] umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./55/binderfs") = 0 [pid 383] umount2("./55/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./55/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./55/cgroup") = 0 [pid 383] umount2("./55/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./55/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./55/cgroup.net") = 0 [pid 383] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./55/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./55/file0") = 0 [pid 383] umount2("./55/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./55/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./55/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./55") = 0 [pid 383] mkdir("./56", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 768 attached , child_tidptr=0x555556fab5d0) = 58 [pid 768] chdir("./56") = 0 [pid 768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 768] setpgid(0, 0) = 0 [pid 768] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 768] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 768] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 768] write(3, "1000", 4) = 4 [pid 768] close(3) = 0 [pid 768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 768] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 768] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 768] open("./file0", O_RDONLY) = 3 [pid 768] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 768] write(4, "-pids ", 6) = 6 [pid 768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 210.548693][ T761] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 210.556649][ T761] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 210.564599][ T761] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 210.572556][ T761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 210.580512][ T761] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000037 [ 210.588919][ T761] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 768] write(5, "22", 2) = 2 [ 210.630532][ T764] FAULT_INJECTION: forcing a failure. [ 210.630532][ T764] name failslab, interval 1, probability 0, space 0, times 0 [ 210.643198][ T764] CPU: 0 PID: 764 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 210.654813][ T764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.664866][ T764] Call Trace: [ 210.668232][ T764] dump_stack_lvl+0x1e2/0x24b [ 210.672895][ T764] ? bfq_pos_tree_add_move+0x43e/0x43e [ 210.678339][ T764] ? selinux_kernfs_init_security+0x1a8/0x760 [ 210.684395][ T764] dump_stack+0x15/0x17 [ 210.688544][ T764] should_fail+0x3c0/0x510 [ 210.692955][ T764] ? __kernfs_new_node+0x99/0x6e0 [ 210.697965][ T764] __should_failslab+0x9f/0xe0 [ 210.702702][ T764] should_failslab+0x9/0x20 [ 210.707192][ T764] __kmalloc_track_caller+0x5f/0x350 [ 210.712472][ T764] kstrdup_const+0x55/0x90 [ 210.716882][ T764] __kernfs_new_node+0x99/0x6e0 [ 210.721718][ T764] ? is_module_text_address+0xe1/0x140 [ 210.727158][ T764] ? kernfs_new_node+0x170/0x170 [ 210.732087][ T764] ? ptr_to_hashval+0x60/0x60 [ 210.736736][ T764] ? arch_stack_walk+0xf8/0x140 [ 210.741569][ T764] ? snprintf+0xd6/0x120 [ 210.745786][ T764] kernfs_new_node+0x97/0x170 [ 210.750435][ T764] __kernfs_create_file+0x4a/0x270 [ 210.755529][ T764] cgroup_addrm_files+0xab8/0xfe0 [ 210.760536][ T764] ? ____kasan_kmalloc+0xdc/0x110 [ 210.765540][ T764] ? __kasan_kmalloc+0x9/0x10 [ 210.770210][ T764] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 210.775751][ T764] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 210.781887][ T764] ? delete_node+0x759/0x7b0 [ 210.786451][ T764] ? __kasan_check_read+0x11/0x20 [ 210.791453][ T764] ? delete_node+0x759/0x7b0 [ 210.796017][ T764] ? __kasan_check_write+0x14/0x20 [ 210.801104][ T764] ? idr_replace+0x1c4/0x230 [ 210.805682][ T764] ? idr_get_next+0x4b0/0x4b0 [ 210.810339][ T764] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 210.815336][ T764] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 210.820520][ T764] css_populate_dir+0x137/0x370 [ 210.825362][ T764] cgroup_apply_control_enable+0x8b9/0x12f0 [ 210.831233][ T764] cgroup_apply_control+0x93/0x710 [ 210.836321][ T764] ? css_next_child+0x160/0x160 [ 210.841154][ T764] ? stack_trace_save+0x12d/0x1f0 [ 210.846163][ T764] ? io_schedule+0x120/0x120 [ 210.850735][ T764] ? kernfs_fop_write_iter+0x15e/0x410 [ 210.856177][ T764] ? __kasan_check_write+0x14/0x20 [ 210.861279][ T764] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 210.866548][ T764] cgroup_subtree_control_write+0xd19/0x1310 [ 210.872522][ T764] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 210.878495][ T764] ? __kasan_check_write+0x14/0x20 [ 210.883589][ T764] ? _copy_from_iter+0x3fb/0xd60 [ 210.888511][ T764] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 210.894487][ T764] cgroup_file_write+0x28e/0x590 [ 210.899414][ T764] ? cgroup_seqfile_stop+0xc0/0xc0 [ 210.904503][ T764] ? mutex_lock+0xa6/0x110 [ 210.908896][ T764] ? mutex_trylock+0xb0/0xb0 [ 210.913482][ T764] ? __kasan_check_write+0x14/0x20 [ 210.918581][ T764] kernfs_fop_write_iter+0x2d0/0x410 [ 210.923865][ T764] ? cgroup_seqfile_stop+0xc0/0xc0 [ 210.928957][ T764] vfs_write+0xc1c/0xf40 [ 210.933175][ T764] ? __kasan_check_write+0x14/0x20 [ 210.938269][ T764] ? kernel_write+0x3c0/0x3c0 [ 210.942929][ T764] ? _raw_spin_unlock_irq+0x4e/0x70 [ 210.948111][ T764] ? ptrace_stop+0x6ff/0x9f0 [ 210.952698][ T764] ? __kasan_check_read+0x11/0x20 [ 210.957709][ T764] ? __fdget_pos+0x27e/0x310 [ 210.962279][ T764] ksys_write+0x198/0x2c0 [ 210.966586][ T764] ? do_notify_parent+0xa60/0xa60 [ 210.971594][ T764] ? __ia32_sys_read+0x90/0x90 [ 210.976341][ T764] ? __ia32_sys_open+0x270/0x270 [ 210.981253][ T764] __x64_sys_write+0x7b/0x90 [ 210.985838][ T764] do_syscall_64+0x34/0x70 [ 210.990254][ T764] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 210.996135][ T764] RIP: 0033:0x7fc8ece62c09 [ 211.000542][ T764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 211.020138][ T764] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 768] write(4, "+pids ", 6 [pid 764] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 764] close(3) = 0 [pid 764] close(4) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = -1 EBADF (Bad file descriptor) [pid 764] close(7) = -1 EBADF (Bad file descriptor) [pid 764] close(8) = -1 EBADF (Bad file descriptor) [pid 764] close(9) = -1 EBADF (Bad file descriptor) [pid 764] close(10) = -1 EBADF (Bad file descriptor) [pid 764] close(11) = -1 EBADF (Bad file descriptor) [pid 764] close(12) = -1 EBADF (Bad file descriptor) [pid 764] close(13) = -1 EBADF (Bad file descriptor) [pid 764] close(14) = -1 EBADF (Bad file descriptor) [pid 764] close(15) = -1 EBADF (Bad file descriptor) [pid 764] close(16) = -1 EBADF (Bad file descriptor) [pid 764] close(17) = -1 EBADF (Bad file descriptor) [pid 764] close(18) = -1 EBADF (Bad file descriptor) [pid 764] close(19) = -1 EBADF (Bad file descriptor) [pid 764] close(20) = -1 EBADF (Bad file descriptor) [pid 764] close(21) = -1 EBADF (Bad file descriptor) [pid 764] close(22) = -1 EBADF (Bad file descriptor) [pid 764] close(23) = -1 EBADF (Bad file descriptor) [pid 764] close(24) = -1 EBADF (Bad file descriptor) [pid 764] close(25) = -1 EBADF (Bad file descriptor) [pid 764] close(26) = -1 EBADF (Bad file descriptor) [pid 764] close(27) = -1 EBADF (Bad file descriptor) [pid 764] close(28) = -1 EBADF (Bad file descriptor) [pid 764] close(29) = -1 EBADF (Bad file descriptor) [pid 764] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 764] exit_group(0) = ? [pid 764] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./63/binderfs") = 0 [pid 376] umount2("./63/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./63/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./63/cgroup") = 0 [pid 376] umount2("./63/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./63/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./63/cgroup.net") = 0 [pid 376] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./63/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./63/file0") = 0 [pid 376] umount2("./63/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./63/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./63/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./63") = 0 [pid 376] mkdir("./64", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 769 attached , child_tidptr=0x555556fab5d0) = 66 [pid 769] chdir("./64") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 769] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 769] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 769] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 769] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 769] open("./file0", O_RDONLY) = 3 [pid 769] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 211.028543][ T764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 211.036503][ T764] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 211.044459][ T764] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 211.052413][ T764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 211.060375][ T764] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003f [ 211.068450][ T764] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 211.110403][ T768] FAULT_INJECTION: forcing a failure. [ 211.110403][ T768] name failslab, interval 1, probability 0, space 0, times 0 [ 211.123420][ T768] CPU: 1 PID: 768 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 211.135030][ T768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.145076][ T768] Call Trace: [ 211.148363][ T768] dump_stack_lvl+0x1e2/0x24b [ 211.153034][ T768] ? bfq_pos_tree_add_move+0x43e/0x43e [ 211.158495][ T768] ? selinux_kernfs_init_security+0x1a8/0x760 [ 211.164551][ T768] dump_stack+0x15/0x17 [ 211.168680][ T768] should_fail+0x3c0/0x510 [ 211.173077][ T768] ? __kernfs_new_node+0x99/0x6e0 [ 211.178090][ T768] __should_failslab+0x9f/0xe0 [ 211.182831][ T768] should_failslab+0x9/0x20 [ 211.187311][ T768] __kmalloc_track_caller+0x5f/0x350 [ 211.192580][ T768] kstrdup_const+0x55/0x90 [ 211.196994][ T768] __kernfs_new_node+0x99/0x6e0 [ 211.201828][ T768] ? is_module_text_address+0xe1/0x140 [ 211.207284][ T768] ? kernfs_new_node+0x170/0x170 [ 211.212219][ T768] ? ptr_to_hashval+0x60/0x60 [ 211.216958][ T768] ? arch_stack_walk+0xf8/0x140 [ 211.221793][ T768] ? snprintf+0xd6/0x120 [ 211.226031][ T768] kernfs_new_node+0x97/0x170 [ 211.230724][ T768] __kernfs_create_file+0x4a/0x270 [ 211.235822][ T768] cgroup_addrm_files+0xab8/0xfe0 [ 211.240830][ T768] ? ____kasan_kmalloc+0xdc/0x110 [ 211.245838][ T768] ? __kasan_kmalloc+0x9/0x10 [ 211.250501][ T768] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 211.256032][ T768] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 211.262166][ T768] ? delete_node+0x759/0x7b0 [ 211.266731][ T768] ? __kasan_check_read+0x11/0x20 [ 211.271732][ T768] ? delete_node+0x759/0x7b0 [ 211.276299][ T768] ? __kasan_check_write+0x14/0x20 [ 211.281404][ T768] ? idr_replace+0x1c4/0x230 [ 211.285983][ T768] ? idr_get_next+0x4b0/0x4b0 [ 211.290640][ T768] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 211.295651][ T768] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 211.300831][ T768] css_populate_dir+0x137/0x370 [ 211.305659][ T768] cgroup_apply_control_enable+0x8b9/0x12f0 [ 211.311530][ T768] cgroup_apply_control+0x93/0x710 [ 211.316623][ T768] ? css_next_child+0x160/0x160 [ 211.321455][ T768] ? stack_trace_save+0x12d/0x1f0 [ 211.326465][ T768] ? io_schedule+0x120/0x120 [ 211.331040][ T768] ? kernfs_fop_write_iter+0x15e/0x410 [ 211.336485][ T768] ? __kasan_check_write+0x14/0x20 [ 211.341579][ T768] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 211.346838][ T768] cgroup_subtree_control_write+0xd19/0x1310 [ 211.352793][ T768] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 211.358766][ T768] ? __kasan_check_write+0x14/0x20 [ 211.363861][ T768] ? _copy_from_iter+0x3fb/0xd60 [ 211.368782][ T768] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 211.374747][ T768] cgroup_file_write+0x28e/0x590 [ 211.379659][ T768] ? cgroup_seqfile_stop+0xc0/0xc0 [ 211.384746][ T768] ? mutex_lock+0xa6/0x110 [ 211.389159][ T768] ? mutex_trylock+0xb0/0xb0 [ 211.393725][ T768] ? __kasan_check_write+0x14/0x20 [ 211.398811][ T768] kernfs_fop_write_iter+0x2d0/0x410 [ 211.404077][ T768] ? cgroup_seqfile_stop+0xc0/0xc0 [ 211.409171][ T768] vfs_write+0xc1c/0xf40 [ 211.413388][ T768] ? __kasan_check_write+0x14/0x20 [ 211.418485][ T768] ? kernel_write+0x3c0/0x3c0 [ 211.423142][ T768] ? _raw_spin_unlock_irq+0x4e/0x70 [ 211.428328][ T768] ? ptrace_stop+0x6ff/0x9f0 [ 211.432896][ T768] ? __kasan_check_read+0x11/0x20 [ 211.437903][ T768] ? __fdget_pos+0x27e/0x310 [ 211.442497][ T768] ksys_write+0x198/0x2c0 [ 211.446833][ T768] ? do_notify_parent+0xa60/0xa60 [ 211.451848][ T768] ? __ia32_sys_read+0x90/0x90 [ 211.456599][ T768] ? __ia32_sys_open+0x270/0x270 [ 211.461535][ T768] __x64_sys_write+0x7b/0x90 [ 211.466102][ T768] do_syscall_64+0x34/0x70 [ 211.470500][ T768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 211.476389][ T768] RIP: 0033:0x7fc8ece62c09 [ 211.480807][ T768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 211.500413][ T768] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 769] write(4, "-pids ", 6 [pid 768] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 768] close(3) = 0 [pid 768] close(4) = 0 [pid 768] close(5) = 0 [pid 768] close(6) = -1 EBADF (Bad file descriptor) [pid 768] close(7) = -1 EBADF (Bad file descriptor) [pid 768] close(8) = -1 EBADF (Bad file descriptor) [pid 768] close(9) = -1 EBADF (Bad file descriptor) [pid 768] close(10) = -1 EBADF (Bad file descriptor) [pid 768] close(11) = -1 EBADF (Bad file descriptor) [pid 768] close(12) = -1 EBADF (Bad file descriptor) [pid 768] close(13) = -1 EBADF (Bad file descriptor) [pid 768] close(14) = -1 EBADF (Bad file descriptor) [pid 768] close(15) = -1 EBADF (Bad file descriptor) [pid 768] close(16) = -1 EBADF (Bad file descriptor) [pid 768] close(17) = -1 EBADF (Bad file descriptor) [pid 768] close(18) = -1 EBADF (Bad file descriptor) [pid 768] close(19) = -1 EBADF (Bad file descriptor) [pid 768] close(20) = -1 EBADF (Bad file descriptor) [pid 768] close(21) = -1 EBADF (Bad file descriptor) [pid 768] close(22) = -1 EBADF (Bad file descriptor) [pid 768] close(23) = -1 EBADF (Bad file descriptor) [pid 768] close(24) = -1 EBADF (Bad file descriptor) [pid 768] close(25) = -1 EBADF (Bad file descriptor) [pid 768] close(26) = -1 EBADF (Bad file descriptor) [pid 768] close(27) = -1 EBADF (Bad file descriptor) [pid 768] close(28) = -1 EBADF (Bad file descriptor) [pid 768] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 768] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 768] exit_group(0) = ? [pid 768] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=58, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./56/binderfs") = 0 [pid 383] umount2("./56/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./56/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./56/cgroup") = 0 [pid 383] umount2("./56/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./56/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./56/cgroup.net") = 0 [pid 383] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./56/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./56/file0") = 0 [pid 383] umount2("./56/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./56/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./56/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./56") = 0 [pid 383] mkdir("./57", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 770 attached , child_tidptr=0x555556fab5d0) = 59 [pid 770] chdir("./57") = 0 [pid 770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 770] setpgid(0, 0) = 0 [pid 770] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 770] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 770] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 770] write(3, "1000", 4) = 4 [pid 770] close(3) = 0 [pid 770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 770] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 770] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 770] open("./file0", O_RDONLY) = 3 [pid 770] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 770] write(4, "-pids ", 6) = 6 [pid 769] <... write resumed>) = 6 [pid 767] <... write resumed>) = 6 [pid 766] <... write resumed>) = 6 [pid 765] <... write resumed>) = 6 [pid 763] <... write resumed>) = 6 [pid 770] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 769] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 767] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 766] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 765] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 763] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 770] <... openat resumed>) = 5 [pid 769] <... openat resumed>) = 5 [pid 767] <... openat resumed>) = 5 [pid 766] <... openat resumed>) = 5 [pid 765] <... openat resumed>) = 5 [pid 763] <... openat resumed>) = 5 [pid 770] write(5, "22", 2 [pid 769] write(5, "22", 2 [pid 767] write(5, "22", 2 [pid 766] write(5, "22", 2 [pid 765] write(5, "22", 2 [pid 763] write(5, "22", 2 [pid 770] <... write resumed>) = 2 [pid 769] <... write resumed>) = 2 [pid 767] <... write resumed>) = 2 [pid 766] <... write resumed>) = 2 [pid 765] <... write resumed>) = 2 [pid 763] <... write resumed>) = 2 [ 211.508817][ T768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 211.516770][ T768] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 211.524723][ T768] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 211.532687][ T768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 211.540633][ T768] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000038 [ 211.548960][ T768] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 770] write(4, "+pids ", 6 [pid 769] write(4, "+pids ", 6 [pid 767] write(4, "+pids ", 6 [pid 766] write(4, "+pids ", 6 [pid 765] write(4, "+pids ", 6 [ 211.592496][ T770] FAULT_INJECTION: forcing a failure. [ 211.592496][ T770] name failslab, interval 1, probability 0, space 0, times 0 [ 211.605199][ T770] CPU: 0 PID: 770 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 211.616810][ T770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.626844][ T770] Call Trace: [ 211.630122][ T770] dump_stack_lvl+0x1e2/0x24b [ 211.634788][ T770] ? bfq_pos_tree_add_move+0x43e/0x43e [ 211.640236][ T770] ? selinux_kernfs_init_security+0x1a8/0x760 [ 211.646284][ T770] dump_stack+0x15/0x17 [ 211.650414][ T770] should_fail+0x3c0/0x510 [ 211.654811][ T770] ? __kernfs_new_node+0x99/0x6e0 [ 211.659820][ T770] __should_failslab+0x9f/0xe0 [ 211.664569][ T770] should_failslab+0x9/0x20 [ 211.669054][ T770] __kmalloc_track_caller+0x5f/0x350 [ 211.674324][ T770] kstrdup_const+0x55/0x90 [ 211.678724][ T770] __kernfs_new_node+0x99/0x6e0 [ 211.683563][ T770] ? is_module_text_address+0xe1/0x140 [ 211.688999][ T770] ? kernfs_new_node+0x170/0x170 [ 211.693919][ T770] ? ptr_to_hashval+0x60/0x60 [ 211.698580][ T770] ? arch_stack_walk+0xf8/0x140 [ 211.703404][ T770] ? snprintf+0xd6/0x120 [ 211.707635][ T770] kernfs_new_node+0x97/0x170 [ 211.712285][ T770] __kernfs_create_file+0x4a/0x270 [ 211.717379][ T770] cgroup_addrm_files+0xab8/0xfe0 [ 211.722388][ T770] ? ____kasan_kmalloc+0xdc/0x110 [ 211.727383][ T770] ? __kasan_kmalloc+0x9/0x10 [ 211.732065][ T770] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 211.737593][ T770] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 211.743719][ T770] ? delete_node+0x759/0x7b0 [ 211.748291][ T770] ? __kasan_check_read+0x11/0x20 [ 211.753295][ T770] ? delete_node+0x759/0x7b0 [ 211.757885][ T770] ? __kasan_check_write+0x14/0x20 [ 211.762978][ T770] ? idr_replace+0x1c4/0x230 [ 211.767548][ T770] ? idr_get_next+0x4b0/0x4b0 [ 211.772214][ T770] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 211.777220][ T770] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 211.782405][ T770] css_populate_dir+0x137/0x370 [ 211.787240][ T770] cgroup_apply_control_enable+0x8b9/0x12f0 [ 211.793109][ T770] cgroup_apply_control+0x93/0x710 [ 211.798196][ T770] ? css_next_child+0x160/0x160 [ 211.803033][ T770] ? stack_trace_save+0x12d/0x1f0 [ 211.808062][ T770] ? io_schedule+0x120/0x120 [ 211.812972][ T770] ? kernfs_fop_write_iter+0x15e/0x410 [ 211.818403][ T770] ? __kasan_check_write+0x14/0x20 [ 211.823487][ T770] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 211.828746][ T770] cgroup_subtree_control_write+0xd19/0x1310 [ 211.834704][ T770] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 211.840655][ T770] ? __kasan_check_write+0x14/0x20 [ 211.845758][ T770] ? _copy_from_iter+0x3fb/0xd60 [ 211.850681][ T770] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 211.856659][ T770] cgroup_file_write+0x28e/0x590 [ 211.861569][ T770] ? cgroup_seqfile_stop+0xc0/0xc0 [ 211.866657][ T770] ? mutex_lock+0xa6/0x110 [ 211.871059][ T770] ? mutex_trylock+0xb0/0xb0 [ 211.875637][ T770] ? __kasan_check_write+0x14/0x20 [ 211.880730][ T770] kernfs_fop_write_iter+0x2d0/0x410 [ 211.885997][ T770] ? cgroup_seqfile_stop+0xc0/0xc0 [ 211.891092][ T770] vfs_write+0xc1c/0xf40 [ 211.895306][ T770] ? __kasan_check_write+0x14/0x20 [ 211.900389][ T770] ? kernel_write+0x3c0/0x3c0 [ 211.905048][ T770] ? _raw_spin_unlock_irq+0x4e/0x70 [ 211.910227][ T770] ? ptrace_stop+0x6ff/0x9f0 [ 211.914790][ T770] ? __kasan_check_read+0x11/0x20 [ 211.919792][ T770] ? __fdget_pos+0x27e/0x310 [ 211.924371][ T770] ksys_write+0x198/0x2c0 [ 211.928686][ T770] ? do_notify_parent+0xa60/0xa60 [ 211.933693][ T770] ? __ia32_sys_read+0x90/0x90 [ 211.938429][ T770] ? __ia32_sys_open+0x270/0x270 [ 211.943349][ T770] __x64_sys_write+0x7b/0x90 [ 211.947928][ T770] do_syscall_64+0x34/0x70 [ 211.952333][ T770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 211.958210][ T770] RIP: 0033:0x7fc8ece62c09 [ 211.962613][ T770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 211.982201][ T770] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 763] write(4, "+pids ", 6 [pid 770] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 770] close(3) = 0 [pid 770] close(4) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = -1 EBADF (Bad file descriptor) [pid 770] close(7) = -1 EBADF (Bad file descriptor) [pid 770] close(8) = -1 EBADF (Bad file descriptor) [pid 770] close(9) = -1 EBADF (Bad file descriptor) [pid 770] close(10) = -1 EBADF (Bad file descriptor) [pid 770] close(11) = -1 EBADF (Bad file descriptor) [pid 770] close(12) = -1 EBADF (Bad file descriptor) [pid 770] close(13) = -1 EBADF (Bad file descriptor) [pid 770] close(14) = -1 EBADF (Bad file descriptor) [pid 770] close(15) = -1 EBADF (Bad file descriptor) [pid 770] close(16) = -1 EBADF (Bad file descriptor) [pid 770] close(17) = -1 EBADF (Bad file descriptor) [pid 770] close(18) = -1 EBADF (Bad file descriptor) [pid 770] close(19) = -1 EBADF (Bad file descriptor) [pid 770] close(20) = -1 EBADF (Bad file descriptor) [pid 770] close(21) = -1 EBADF (Bad file descriptor) [pid 770] close(22) = -1 EBADF (Bad file descriptor) [pid 770] close(23) = -1 EBADF (Bad file descriptor) [pid 770] close(24) = -1 EBADF (Bad file descriptor) [pid 770] close(25) = -1 EBADF (Bad file descriptor) [pid 770] close(26) = -1 EBADF (Bad file descriptor) [pid 770] close(27) = -1 EBADF (Bad file descriptor) [pid 770] close(28) = -1 EBADF (Bad file descriptor) [pid 770] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 770] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 770] exit_group(0) = ? [pid 770] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./57/binderfs") = 0 [pid 383] umount2("./57/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./57/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./57/cgroup") = 0 [pid 383] umount2("./57/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./57/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./57/cgroup.net") = 0 [pid 383] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./57/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./57/file0") = 0 [pid 383] umount2("./57/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./57/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./57/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./57") = 0 [pid 383] mkdir("./58", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 771 attached , child_tidptr=0x555556fab5d0) = 60 [pid 771] chdir("./58") = 0 [pid 771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 771] setpgid(0, 0) = 0 [pid 771] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 771] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 771] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 771] write(3, "1000", 4) = 4 [pid 771] close(3) = 0 [pid 771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 771] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 771] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 771] open("./file0", O_RDONLY) = 3 [pid 771] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 211.990590][ T770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 211.998543][ T770] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 212.006491][ T770] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 212.014441][ T770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 212.022400][ T770] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000039 [ 212.030453][ T770] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 212.060486][ T766] FAULT_INJECTION: forcing a failure. [ 212.060486][ T766] name failslab, interval 1, probability 0, space 0, times 0 [ 212.073161][ T766] CPU: 1 PID: 766 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 212.084774][ T766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.094815][ T766] Call Trace: [ 212.098083][ T766] dump_stack_lvl+0x1e2/0x24b [ 212.102747][ T766] ? bfq_pos_tree_add_move+0x43e/0x43e [ 212.108189][ T766] ? selinux_kernfs_init_security+0x1a8/0x760 [ 212.114242][ T766] dump_stack+0x15/0x17 [ 212.118377][ T766] should_fail+0x3c0/0x510 [ 212.122777][ T766] ? __kernfs_new_node+0x99/0x6e0 [ 212.127797][ T766] __should_failslab+0x9f/0xe0 [ 212.132551][ T766] should_failslab+0x9/0x20 [ 212.137040][ T766] __kmalloc_track_caller+0x5f/0x350 [ 212.142310][ T766] kstrdup_const+0x55/0x90 [ 212.146702][ T766] __kernfs_new_node+0x99/0x6e0 [ 212.151534][ T766] ? is_module_text_address+0xe1/0x140 [ 212.156974][ T766] ? kernfs_new_node+0x170/0x170 [ 212.161891][ T766] ? ptr_to_hashval+0x60/0x60 [ 212.166555][ T766] ? arch_stack_walk+0xf8/0x140 [ 212.171387][ T766] ? snprintf+0xd6/0x120 [ 212.175612][ T766] kernfs_new_node+0x97/0x170 [ 212.180274][ T766] __kernfs_create_file+0x4a/0x270 [ 212.185359][ T766] cgroup_addrm_files+0xab8/0xfe0 [ 212.190359][ T766] ? ____kasan_kmalloc+0xdc/0x110 [ 212.195364][ T766] ? __kasan_kmalloc+0x9/0x10 [ 212.200027][ T766] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 212.205568][ T766] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 212.211711][ T766] ? delete_node+0x759/0x7b0 [ 212.216288][ T766] ? __kasan_check_read+0x11/0x20 [ 212.221286][ T766] ? delete_node+0x759/0x7b0 [ 212.225855][ T766] ? __kasan_check_write+0x14/0x20 [ 212.230958][ T766] ? idr_replace+0x1c4/0x230 [ 212.235529][ T766] ? idr_get_next+0x4b0/0x4b0 [ 212.240458][ T766] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 212.245468][ T766] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 212.250659][ T766] css_populate_dir+0x137/0x370 [ 212.255496][ T766] cgroup_apply_control_enable+0x8b9/0x12f0 [ 212.261366][ T766] cgroup_apply_control+0x93/0x710 [ 212.266457][ T766] ? css_next_child+0x160/0x160 [ 212.271287][ T766] ? stack_trace_save+0x12d/0x1f0 [ 212.276295][ T766] ? io_schedule+0x120/0x120 [ 212.280859][ T766] ? kernfs_fop_write_iter+0x15e/0x410 [ 212.286302][ T766] ? __kasan_check_write+0x14/0x20 [ 212.291394][ T766] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 212.296652][ T766] cgroup_subtree_control_write+0xd19/0x1310 [ 212.302609][ T766] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 212.308560][ T766] ? __kasan_check_write+0x14/0x20 [ 212.313665][ T766] ? _copy_from_iter+0x3fb/0xd60 [ 212.318593][ T766] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 212.324548][ T766] cgroup_file_write+0x28e/0x590 [ 212.329458][ T766] ? cgroup_seqfile_stop+0xc0/0xc0 [ 212.334549][ T766] ? mutex_lock+0xa6/0x110 [ 212.338955][ T766] ? mutex_trylock+0xb0/0xb0 [ 212.343525][ T766] ? __kasan_check_write+0x14/0x20 [ 212.348608][ T766] kernfs_fop_write_iter+0x2d0/0x410 [ 212.353869][ T766] ? cgroup_seqfile_stop+0xc0/0xc0 [ 212.358954][ T766] vfs_write+0xc1c/0xf40 [ 212.363170][ T766] ? __kasan_check_write+0x14/0x20 [ 212.368268][ T766] ? kernel_write+0x3c0/0x3c0 [ 212.372935][ T766] ? _raw_spin_unlock_irq+0x4e/0x70 [ 212.378120][ T766] ? ptrace_stop+0x6ff/0x9f0 [ 212.382682][ T766] ? __kasan_check_read+0x11/0x20 [ 212.387693][ T766] ? __fdget_pos+0x27e/0x310 [ 212.392276][ T766] ksys_write+0x198/0x2c0 [ 212.396593][ T766] ? do_notify_parent+0xa60/0xa60 [ 212.401599][ T766] ? __ia32_sys_read+0x90/0x90 [ 212.406337][ T766] ? __ia32_sys_open+0x270/0x270 [ 212.411257][ T766] __x64_sys_write+0x7b/0x90 [ 212.415838][ T766] do_syscall_64+0x34/0x70 [ 212.420244][ T766] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 212.426125][ T766] RIP: 0033:0x7fc8ece62c09 [ 212.430533][ T766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.450131][ T766] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 771] write(4, "-pids ", 6 [pid 766] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 766] close(3) = 0 [pid 766] close(4) = 0 [pid 766] close(5) = 0 [pid 766] close(6) = -1 EBADF (Bad file descriptor) [pid 766] close(7) = -1 EBADF (Bad file descriptor) [pid 766] close(8) = -1 EBADF (Bad file descriptor) [pid 766] close(9) = -1 EBADF (Bad file descriptor) [pid 766] close(10) = -1 EBADF (Bad file descriptor) [pid 766] close(11) = -1 EBADF (Bad file descriptor) [pid 766] close(12) = -1 EBADF (Bad file descriptor) [pid 766] close(13) = -1 EBADF (Bad file descriptor) [pid 766] close(14) = -1 EBADF (Bad file descriptor) [pid 766] close(15) = -1 EBADF (Bad file descriptor) [pid 766] close(16) = -1 EBADF (Bad file descriptor) [pid 766] close(17) = -1 EBADF (Bad file descriptor) [pid 766] close(18) = -1 EBADF (Bad file descriptor) [pid 766] close(19) = -1 EBADF (Bad file descriptor) [pid 766] close(20) = -1 EBADF (Bad file descriptor) [pid 766] close(21) = -1 EBADF (Bad file descriptor) [pid 766] close(22) = -1 EBADF (Bad file descriptor) [pid 766] close(23) = -1 EBADF (Bad file descriptor) [pid 766] close(24) = -1 EBADF (Bad file descriptor) [pid 766] close(25) = -1 EBADF (Bad file descriptor) [pid 766] close(26) = -1 EBADF (Bad file descriptor) [pid 766] close(27) = -1 EBADF (Bad file descriptor) [pid 766] close(28) = -1 EBADF (Bad file descriptor) [pid 766] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 766] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 766] exit_group(0) = ? [pid 766] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=63, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./61/binderfs") = 0 [pid 380] umount2("./61/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./61/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./61/cgroup") = 0 [pid 380] umount2("./61/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./61/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./61/cgroup.net") = 0 [pid 380] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./61/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./61/file0") = 0 [pid 380] umount2("./61/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./61/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./61/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./61") = 0 [pid 380] mkdir("./62", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 772 attached , child_tidptr=0x555556fab5d0) = 64 [pid 772] chdir("./62") = 0 [pid 772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 772] setpgid(0, 0) = 0 [pid 772] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 772] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 772] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 772] write(3, "1000", 4) = 4 [pid 772] close(3) = 0 [pid 772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 772] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 772] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 772] open("./file0", O_RDONLY) = 3 [pid 772] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 212.458538][ T766] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 212.466492][ T766] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 212.474438][ T766] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 212.482390][ T766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 212.490519][ T766] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003d [ 212.498649][ T766] cgroup: cgroup_addrm_files: failed to add max, err=-12 [ 212.540407][ T765] FAULT_INJECTION: forcing a failure. [ 212.540407][ T765] name failslab, interval 1, probability 0, space 0, times 0 [ 212.553048][ T765] CPU: 1 PID: 765 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 212.564660][ T765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.574706][ T765] Call Trace: [ 212.577981][ T765] dump_stack_lvl+0x1e2/0x24b [ 212.582634][ T765] ? bfq_pos_tree_add_move+0x43e/0x43e [ 212.588066][ T765] ? selinux_kernfs_init_security+0x1a8/0x760 [ 212.594105][ T765] dump_stack+0x15/0x17 [ 212.598234][ T765] should_fail+0x3c0/0x510 [ 212.602628][ T765] ? __kernfs_new_node+0x99/0x6e0 [ 212.607638][ T765] __should_failslab+0x9f/0xe0 [ 212.612391][ T765] should_failslab+0x9/0x20 [ 212.616869][ T765] __kmalloc_track_caller+0x5f/0x350 [ 212.622134][ T765] kstrdup_const+0x55/0x90 [ 212.626538][ T765] __kernfs_new_node+0x99/0x6e0 [ 212.631369][ T765] ? is_module_text_address+0xe1/0x140 [ 212.636805][ T765] ? kernfs_new_node+0x170/0x170 [ 212.641727][ T765] ? ptr_to_hashval+0x60/0x60 [ 212.646375][ T765] ? arch_stack_walk+0xf8/0x140 [ 212.651202][ T765] ? snprintf+0xd6/0x120 [ 212.655423][ T765] kernfs_new_node+0x97/0x170 [ 212.660072][ T765] __kernfs_create_file+0x4a/0x270 [ 212.665169][ T765] cgroup_addrm_files+0xab8/0xfe0 [ 212.670180][ T765] ? ____kasan_kmalloc+0xdc/0x110 [ 212.675183][ T765] ? __kasan_kmalloc+0x9/0x10 [ 212.679845][ T765] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 212.685361][ T765] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 212.691484][ T765] ? delete_node+0x759/0x7b0 [ 212.696046][ T765] ? __kasan_check_read+0x11/0x20 [ 212.701047][ T765] ? delete_node+0x759/0x7b0 [ 212.705610][ T765] ? __kasan_check_write+0x14/0x20 [ 212.710704][ T765] ? idr_replace+0x1c4/0x230 [ 212.715282][ T765] ? idr_get_next+0x4b0/0x4b0 [ 212.719942][ T765] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 212.724945][ T765] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 212.730123][ T765] css_populate_dir+0x137/0x370 [ 212.734962][ T765] cgroup_apply_control_enable+0x8b9/0x12f0 [ 212.740845][ T765] cgroup_apply_control+0x93/0x710 [ 212.745940][ T765] ? css_next_child+0x160/0x160 [ 212.750768][ T765] ? stack_trace_save+0x12d/0x1f0 [ 212.755777][ T765] ? io_schedule+0x120/0x120 [ 212.760343][ T765] ? kernfs_fop_write_iter+0x15e/0x410 [ 212.765773][ T765] ? __kasan_check_write+0x14/0x20 [ 212.770865][ T765] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 212.776129][ T765] cgroup_subtree_control_write+0xd19/0x1310 [ 212.782080][ T765] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 212.788041][ T765] ? __kasan_check_write+0x14/0x20 [ 212.793136][ T765] ? _copy_from_iter+0x3fb/0xd60 [ 212.798056][ T765] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 212.804017][ T765] cgroup_file_write+0x28e/0x590 [ 212.808926][ T765] ? cgroup_seqfile_stop+0xc0/0xc0 [ 212.814096][ T765] ? mutex_lock+0xa6/0x110 [ 212.818484][ T765] ? mutex_trylock+0xb0/0xb0 [ 212.823057][ T765] ? __kasan_check_write+0x14/0x20 [ 212.828157][ T765] kernfs_fop_write_iter+0x2d0/0x410 [ 212.833412][ T765] ? cgroup_seqfile_stop+0xc0/0xc0 [ 212.838494][ T765] vfs_write+0xc1c/0xf40 [ 212.842707][ T765] ? __kasan_check_write+0x14/0x20 [ 212.847800][ T765] ? kernel_write+0x3c0/0x3c0 [ 212.852460][ T765] ? _raw_spin_unlock_irq+0x4e/0x70 [ 212.857637][ T765] ? ptrace_stop+0x6ff/0x9f0 [ 212.862252][ T765] ? __kasan_check_read+0x11/0x20 [ 212.867255][ T765] ? __fdget_pos+0x27e/0x310 [ 212.871912][ T765] ksys_write+0x198/0x2c0 [ 212.876215][ T765] ? do_notify_parent+0xa60/0xa60 [ 212.881211][ T765] ? __ia32_sys_read+0x90/0x90 [ 212.885945][ T765] ? __ia32_sys_open+0x270/0x270 [ 212.890854][ T765] __x64_sys_write+0x7b/0x90 [ 212.895426][ T765] do_syscall_64+0x34/0x70 [ 212.899823][ T765] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 212.905698][ T765] RIP: 0033:0x7fc8ece62c09 [ 212.910094][ T765] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 212.929672][ T765] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 772] write(4, "-pids ", 6 [pid 765] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 765] close(3) = 0 [pid 765] close(4) = 0 [pid 765] close(5) = 0 [pid 765] close(6) = -1 EBADF (Bad file descriptor) [pid 765] close(7) = -1 EBADF (Bad file descriptor) [pid 765] close(8) = -1 EBADF (Bad file descriptor) [pid 765] close(9) = -1 EBADF (Bad file descriptor) [pid 765] close(10) = -1 EBADF (Bad file descriptor) [pid 765] close(11) = -1 EBADF (Bad file descriptor) [pid 765] close(12) = -1 EBADF (Bad file descriptor) [pid 765] close(13) = -1 EBADF (Bad file descriptor) [pid 765] close(14) = -1 EBADF (Bad file descriptor) [pid 765] close(15) = -1 EBADF (Bad file descriptor) [pid 765] close(16) = -1 EBADF (Bad file descriptor) [pid 765] close(17) = -1 EBADF (Bad file descriptor) [pid 765] close(18) = -1 EBADF (Bad file descriptor) [pid 765] close(19) = -1 EBADF (Bad file descriptor) [pid 765] close(20) = -1 EBADF (Bad file descriptor) [pid 765] close(21) = -1 EBADF (Bad file descriptor) [pid 765] close(22) = -1 EBADF (Bad file descriptor) [pid 765] close(23) = -1 EBADF (Bad file descriptor) [pid 765] close(24) = -1 EBADF (Bad file descriptor) [pid 765] close(25) = -1 EBADF (Bad file descriptor) [pid 765] close(26) = -1 EBADF (Bad file descriptor) [pid 765] close(27) = -1 EBADF (Bad file descriptor) [pid 765] close(28) = -1 EBADF (Bad file descriptor) [pid 765] close(29) = -1 EBADF (Bad file descriptor) [pid 765] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 765] exit_group(0) = ? [pid 765] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=69, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 212.938056][ T765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 212.946013][ T765] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 212.953969][ T765] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 212.961925][ T765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 212.969880][ T765] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000043 [ 212.979785][ T765] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 772] <... write resumed>) = 6 [pid 772] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 772] write(5, "22", 2) = 2 [pid 772] write(4, "+pids ", 6 [pid 375] umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./67/binderfs") = 0 [pid 375] umount2("./67/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./67/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./67/cgroup") = 0 [pid 375] umount2("./67/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./67/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./67/cgroup.net") = 0 [pid 375] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./67/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./67/file0") = 0 [pid 375] umount2("./67/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./67/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./67/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./67") = 0 [pid 375] mkdir("./68", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 70 ./strace-static-x86_64: Process 773 attached [pid 773] chdir("./68") = 0 [pid 773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 773] setpgid(0, 0) = 0 [pid 773] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 773] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [ 213.000674][ T769] FAULT_INJECTION: forcing a failure. [ 213.000674][ T769] name failslab, interval 1, probability 0, space 0, times 0 [ 213.013338][ T769] CPU: 1 PID: 769 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 213.024950][ T769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.034984][ T769] Call Trace: [ 213.038257][ T769] dump_stack_lvl+0x1e2/0x24b [ 213.042922][ T769] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.048374][ T769] ? selinux_kernfs_init_security+0x1a8/0x760 [ 213.054434][ T769] dump_stack+0x15/0x17 [ 213.058576][ T769] should_fail+0x3c0/0x510 [ 213.062975][ T769] ? __kernfs_new_node+0x99/0x6e0 [ 213.067979][ T769] __should_failslab+0x9f/0xe0 [ 213.072716][ T769] should_failslab+0x9/0x20 [ 213.077191][ T769] __kmalloc_track_caller+0x5f/0x350 [ 213.082449][ T769] kstrdup_const+0x55/0x90 [ 213.086837][ T769] __kernfs_new_node+0x99/0x6e0 [ 213.091662][ T769] ? is_module_text_address+0xe1/0x140 [ 213.097091][ T769] ? kernfs_new_node+0x170/0x170 [ 213.102002][ T769] ? ptr_to_hashval+0x60/0x60 [ 213.106659][ T769] ? arch_stack_walk+0xf8/0x140 [ 213.111497][ T769] ? snprintf+0xd6/0x120 [ 213.115718][ T769] kernfs_new_node+0x97/0x170 [ 213.120376][ T769] __kernfs_create_file+0x4a/0x270 [ 213.125464][ T769] cgroup_addrm_files+0xab8/0xfe0 [ 213.130469][ T769] ? ____kasan_kmalloc+0xdc/0x110 [ 213.135461][ T769] ? __kasan_kmalloc+0x9/0x10 [ 213.140128][ T769] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 213.145665][ T769] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 213.151795][ T769] ? delete_node+0x759/0x7b0 [ 213.156359][ T769] ? __kasan_check_read+0x11/0x20 [ 213.161362][ T769] ? delete_node+0x759/0x7b0 [ 213.165941][ T769] ? __kasan_check_write+0x14/0x20 [ 213.171033][ T769] ? idr_replace+0x1c4/0x230 [ 213.175597][ T769] ? idr_get_next+0x4b0/0x4b0 [ 213.180266][ T769] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 213.185288][ T769] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 213.190461][ T769] css_populate_dir+0x137/0x370 [ 213.195284][ T769] cgroup_apply_control_enable+0x8b9/0x12f0 [ 213.201153][ T769] cgroup_apply_control+0x93/0x710 [ 213.206237][ T769] ? css_next_child+0x160/0x160 [ 213.211059][ T769] ? stack_trace_save+0x12d/0x1f0 [ 213.216061][ T769] ? io_schedule+0x120/0x120 [ 213.220640][ T769] ? kernfs_fop_write_iter+0x15e/0x410 [ 213.226082][ T769] ? __kasan_check_write+0x14/0x20 [ 213.231174][ T769] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 213.236435][ T769] cgroup_subtree_control_write+0xd19/0x1310 [ 213.242394][ T769] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 213.248346][ T769] ? __kasan_check_write+0x14/0x20 [ 213.253431][ T769] ? _copy_from_iter+0x3fb/0xd60 [ 213.258349][ T769] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 213.264306][ T769] cgroup_file_write+0x28e/0x590 [ 213.269217][ T769] ? cgroup_seqfile_stop+0xc0/0xc0 [ 213.274307][ T769] ? mutex_lock+0xa6/0x110 [ 213.278711][ T769] ? mutex_trylock+0xb0/0xb0 [ 213.283291][ T769] ? __kasan_check_write+0x14/0x20 [ 213.288382][ T769] kernfs_fop_write_iter+0x2d0/0x410 [ 213.293645][ T769] ? cgroup_seqfile_stop+0xc0/0xc0 [ 213.298736][ T769] vfs_write+0xc1c/0xf40 [ 213.302953][ T769] ? __kasan_check_write+0x14/0x20 [ 213.308035][ T769] ? kernel_write+0x3c0/0x3c0 [ 213.312689][ T769] ? _raw_spin_unlock_irq+0x4e/0x70 [ 213.317866][ T769] ? ptrace_stop+0x6ff/0x9f0 [ 213.322431][ T769] ? __kasan_check_read+0x11/0x20 [ 213.327435][ T769] ? __fdget_pos+0x27e/0x310 [ 213.332017][ T769] ksys_write+0x198/0x2c0 [ 213.336337][ T769] ? do_notify_parent+0xa60/0xa60 [ 213.341344][ T769] ? __ia32_sys_read+0x90/0x90 [ 213.346078][ T769] ? __ia32_sys_open+0x270/0x270 [ 213.350989][ T769] __x64_sys_write+0x7b/0x90 [ 213.355560][ T769] do_syscall_64+0x34/0x70 [ 213.359967][ T769] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 213.365849][ T769] RIP: 0033:0x7fc8ece62c09 [ 213.370251][ T769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.389843][ T769] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 773] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 773] write(3, "1000", 4) = 4 [pid 773] close(3) = 0 [pid 773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 773] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 773] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 769] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 773] open("./file0", O_RDONLY [pid 769] close(3 [pid 773] <... open resumed>) = 3 [pid 773] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 773] write(4, "-pids ", 6 [pid 769] <... close resumed>) = 0 [pid 769] close(4) = 0 [pid 769] close(5) = 0 [pid 769] close(6) = -1 EBADF (Bad file descriptor) [pid 769] close(7) = -1 EBADF (Bad file descriptor) [pid 769] close(8) = -1 EBADF (Bad file descriptor) [pid 769] close(9) = -1 EBADF (Bad file descriptor) [pid 769] close(10) = -1 EBADF (Bad file descriptor) [pid 769] close(11) = -1 EBADF (Bad file descriptor) [pid 769] close(12) = -1 EBADF (Bad file descriptor) [pid 769] close(13) = -1 EBADF (Bad file descriptor) [pid 769] close(14) = -1 EBADF (Bad file descriptor) [pid 769] close(15) = -1 EBADF (Bad file descriptor) [pid 769] close(16) = -1 EBADF (Bad file descriptor) [pid 769] close(17) = -1 EBADF (Bad file descriptor) [pid 769] close(18) = -1 EBADF (Bad file descriptor) [pid 769] close(19) = -1 EBADF (Bad file descriptor) [pid 769] close(20) = -1 EBADF (Bad file descriptor) [pid 769] close(21) = -1 EBADF (Bad file descriptor) [pid 769] close(22) = -1 EBADF (Bad file descriptor) [pid 769] close(23) = -1 EBADF (Bad file descriptor) [pid 769] close(24) = -1 EBADF (Bad file descriptor) [pid 769] close(25) = -1 EBADF (Bad file descriptor) [pid 769] close(26) = -1 EBADF (Bad file descriptor) [pid 769] close(27) = -1 EBADF (Bad file descriptor) [pid 769] close(28) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 769] close(29) = -1 EBADF (Bad file descriptor) [pid 769] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 769] exit_group(0) = ? [pid 769] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 376] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 376] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 376] unlink("./64/binderfs") = 0 [pid 376] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 376] unlink("./64/cgroup") = 0 [pid 376] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./64/cgroup.net") = 0 [pid 376] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 376] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 376] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 376] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 376] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 376] close(4) = 0 [pid 376] rmdir("./64/file0") = 0 [pid 376] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 376] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 376] unlink("./64/cgroup.cpu") = 0 [pid 376] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 376] close(3) = 0 [pid 376] rmdir("./64") = 0 [pid 376] mkdir("./65", 0777) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 774 attached , child_tidptr=0x555556fab5d0) = 67 [pid 774] chdir("./65") = 0 [pid 774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 774] setpgid(0, 0) = 0 [pid 774] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 774] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu") = 0 [pid 774] symlink("/syzcgroup/net/syz1", "./cgroup.net") = 0 [pid 774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 774] write(3, "1000", 4) = 4 [pid 774] close(3) = 0 [pid 774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 774] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 774] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 774] open("./file0", O_RDONLY) = 3 [pid 774] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 213.398239][ T769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 213.406193][ T769] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 213.414322][ T769] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 213.422271][ T769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 213.430226][ T769] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000040 [ 213.438997][ T769] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 774] write(4, "-pids ", 6) = 6 [pid 771] <... write resumed>) = 6 [pid 774] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 774] write(5, "22", 2) = 2 [pid 774] write(4, "+pids ", 6 [pid 771] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 771] write(5, "22", 2) = 2 [ 213.460931][ T767] FAULT_INJECTION: forcing a failure. [ 213.460931][ T767] name failslab, interval 1, probability 0, space 0, times 0 [ 213.473589][ T767] CPU: 1 PID: 767 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 213.485203][ T767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.495245][ T767] Call Trace: [ 213.498523][ T767] dump_stack_lvl+0x1e2/0x24b [ 213.503184][ T767] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.508625][ T767] ? selinux_kernfs_init_security+0x1a8/0x760 [ 213.514684][ T767] dump_stack+0x15/0x17 [ 213.518821][ T767] should_fail+0x3c0/0x510 [ 213.523232][ T767] ? __kernfs_new_node+0x99/0x6e0 [ 213.528237][ T767] __should_failslab+0x9f/0xe0 [ 213.532972][ T767] should_failslab+0x9/0x20 [ 213.537453][ T767] __kmalloc_track_caller+0x5f/0x350 [ 213.542722][ T767] kstrdup_const+0x55/0x90 [ 213.547108][ T767] __kernfs_new_node+0x99/0x6e0 [ 213.551932][ T767] ? is_module_text_address+0xe1/0x140 [ 213.557363][ T767] ? kernfs_new_node+0x170/0x170 [ 213.562270][ T767] ? ptr_to_hashval+0x60/0x60 [ 213.566937][ T767] ? arch_stack_walk+0xf8/0x140 [ 213.571766][ T767] ? snprintf+0xd6/0x120 [ 213.575995][ T767] kernfs_new_node+0x97/0x170 [ 213.580664][ T767] __kernfs_create_file+0x4a/0x270 [ 213.585757][ T767] cgroup_addrm_files+0xab8/0xfe0 [ 213.590759][ T767] ? ____kasan_kmalloc+0xdc/0x110 [ 213.595764][ T767] ? __kasan_kmalloc+0x9/0x10 [ 213.600416][ T767] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 213.605933][ T767] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 213.612055][ T767] ? delete_node+0x759/0x7b0 [ 213.616617][ T767] ? __kasan_check_read+0x11/0x20 [ 213.621614][ T767] ? delete_node+0x759/0x7b0 [ 213.626192][ T767] ? __kasan_check_write+0x14/0x20 [ 213.631291][ T767] ? idr_replace+0x1c4/0x230 [ 213.635852][ T767] ? idr_get_next+0x4b0/0x4b0 [ 213.640500][ T767] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 213.645504][ T767] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 213.650684][ T767] css_populate_dir+0x137/0x370 [ 213.655510][ T767] cgroup_apply_control_enable+0x8b9/0x12f0 [ 213.661384][ T767] cgroup_apply_control+0x93/0x710 [ 213.666470][ T767] ? css_next_child+0x160/0x160 [ 213.671294][ T767] ? stack_trace_save+0x12d/0x1f0 [ 213.676309][ T767] ? io_schedule+0x120/0x120 [ 213.680889][ T767] ? kernfs_fop_write_iter+0x15e/0x410 [ 213.686330][ T767] ? __kasan_check_write+0x14/0x20 [ 213.691526][ T767] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 213.696788][ T767] cgroup_subtree_control_write+0xd19/0x1310 [ 213.702742][ T767] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 213.708705][ T767] ? __kasan_check_write+0x14/0x20 [ 213.713801][ T767] ? _copy_from_iter+0x3fb/0xd60 [ 213.718712][ T767] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 213.724660][ T767] cgroup_file_write+0x28e/0x590 [ 213.729579][ T767] ? cgroup_seqfile_stop+0xc0/0xc0 [ 213.734672][ T767] ? mutex_lock+0xa6/0x110 [ 213.739061][ T767] ? mutex_trylock+0xb0/0xb0 [ 213.743624][ T767] ? __kasan_check_write+0x14/0x20 [ 213.748713][ T767] kernfs_fop_write_iter+0x2d0/0x410 [ 213.753992][ T767] ? cgroup_seqfile_stop+0xc0/0xc0 [ 213.759088][ T767] vfs_write+0xc1c/0xf40 [ 213.763317][ T767] ? __kasan_check_write+0x14/0x20 [ 213.768410][ T767] ? kernel_write+0x3c0/0x3c0 [ 213.773085][ T767] ? _raw_spin_unlock_irq+0x4e/0x70 [ 213.778263][ T767] ? ptrace_stop+0x6ff/0x9f0 [ 213.782847][ T767] ? __kasan_check_read+0x11/0x20 [ 213.787854][ T767] ? __fdget_pos+0x27e/0x310 [ 213.792419][ T767] ksys_write+0x198/0x2c0 [ 213.796812][ T767] ? do_notify_parent+0xa60/0xa60 [ 213.801819][ T767] ? __ia32_sys_read+0x90/0x90 [ 213.806574][ T767] ? __ia32_sys_open+0x270/0x270 [pid 771] write(4, "+pids ", 6 [pid 382] kill(-68, SIGKILL) = 0 [pid 382] kill(68, SIGKILL) = 0 [ 213.811493][ T767] __x64_sys_write+0x7b/0x90 [ 213.816058][ T767] do_syscall_64+0x34/0x70 [ 213.820451][ T767] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 213.826349][ T767] RIP: 0033:0x7fc8ece62c09 [ 213.830761][ T767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 213.850457][ T767] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 767] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 767] close(3) = 0 [pid 767] close(4) = 0 [pid 767] close(5) = 0 [pid 767] close(6) = -1 EBADF (Bad file descriptor) [pid 767] close(7) = -1 EBADF (Bad file descriptor) [pid 767] close(8) = -1 EBADF (Bad file descriptor) [pid 767] close(9) = -1 EBADF (Bad file descriptor) [pid 767] close(10) = -1 EBADF (Bad file descriptor) [pid 767] close(11) = -1 EBADF (Bad file descriptor) [pid 767] close(12) = -1 EBADF (Bad file descriptor) [pid 767] close(13) = -1 EBADF (Bad file descriptor) [pid 767] close(14) = -1 EBADF (Bad file descriptor) [pid 767] close(15) = -1 EBADF (Bad file descriptor) [pid 767] close(16) = -1 EBADF (Bad file descriptor) [pid 767] close(17) = -1 EBADF (Bad file descriptor) [pid 767] close(18) = -1 EBADF (Bad file descriptor) [pid 767] close(19) = -1 EBADF (Bad file descriptor) [pid 767] close(20) = -1 EBADF (Bad file descriptor) [pid 767] close(21) = -1 EBADF (Bad file descriptor) [pid 767] close(22) = -1 EBADF (Bad file descriptor) [pid 767] close(23) = -1 EBADF (Bad file descriptor) [pid 767] close(24) = -1 EBADF (Bad file descriptor) [pid 767] close(25) = -1 EBADF (Bad file descriptor) [pid 767] close(26) = -1 EBADF (Bad file descriptor) [pid 767] close(27) = -1 EBADF (Bad file descriptor) [pid 767] close(28) = -1 EBADF (Bad file descriptor) [pid 767] close(29) = -1 EBADF (Bad file descriptor) [pid 767] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 767] exit_group(0write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = ? [pid 767] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=66, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./64/binderfs") = 0 [pid 381] umount2("./64/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./64/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./64/cgroup") = 0 [pid 381] umount2("./64/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./64/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./64/cgroup.net") = 0 [ 213.858869][ T767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 213.866837][ T767] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 213.874787][ T767] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 213.882742][ T767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 213.890701][ T767] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000040 [ 213.899024][ T767] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 381] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./64/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./64/file0") = 0 [pid 381] umount2("./64/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./64/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./64/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./64") = 0 [pid 381] mkdir("./65", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 67 ./strace-static-x86_64: Process 775 attached [pid 775] chdir("./65") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] symlink("/syzcgroup/unified/syz3", "./cgroup") = 0 [pid 775] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 775] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 775] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 213.920369][ T771] FAULT_INJECTION: forcing a failure. [ 213.920369][ T771] name failslab, interval 1, probability 0, space 0, times 0 [ 213.933032][ T771] CPU: 1 PID: 771 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 213.944648][ T771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.954708][ T771] Call Trace: [ 213.957986][ T771] dump_stack_lvl+0x1e2/0x24b [ 213.962662][ T771] ? panic+0x7d7/0x7d7 [pid 775] mount(NULL, "./file0", "cgroup2", 0, NULL [ 213.966728][ T771] ? bfq_pos_tree_add_move+0x43e/0x43e [ 213.972176][ T771] ? find_next_bit+0xd6/0x120 [ 213.976835][ T771] ? cpumask_next+0x11/0x30 [ 213.981325][ T771] dump_stack+0x15/0x17 [ 213.985465][ T771] should_fail+0x3c0/0x510 [ 213.989871][ T771] ? percpu_ref_init+0xd0/0x330 [ 213.994699][ T771] __should_failslab+0x9f/0xe0 [ 213.999445][ T771] should_failslab+0x9/0x20 [ 214.003943][ T771] kmem_cache_alloc_trace+0x3a/0x330 [ 214.009218][ T771] percpu_ref_init+0xd0/0x330 [ 214.013886][ T771] ? cgroup_setup_root+0xea0/0xea0 [ 214.018992][ T771] cgroup_apply_control_enable+0x3a2/0x12f0 [ 214.024872][ T771] cgroup_apply_control+0x93/0x710 [ 214.029964][ T771] ? css_next_child+0x160/0x160 [ 214.034794][ T771] ? stack_trace_save+0x12d/0x1f0 [ 214.039801][ T771] ? io_schedule+0x120/0x120 [ 214.044378][ T771] ? kernfs_fop_write_iter+0x15e/0x410 [ 214.049812][ T771] ? __kasan_check_write+0x14/0x20 [ 214.054907][ T771] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 214.060186][ T771] cgroup_subtree_control_write+0xd19/0x1310 [ 214.066236][ T771] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 214.072194][ T771] ? __kasan_check_write+0x14/0x20 [ 214.077281][ T771] ? _copy_from_iter+0x3fb/0xd60 [ 214.082192][ T771] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 214.088157][ T771] cgroup_file_write+0x28e/0x590 [ 214.093086][ T771] ? cgroup_seqfile_stop+0xc0/0xc0 [ 214.098178][ T771] ? mutex_lock+0xa6/0x110 [ 214.102568][ T771] ? mutex_trylock+0xb0/0xb0 [ 214.107133][ T771] ? __kasan_check_write+0x14/0x20 [ 214.112217][ T771] kernfs_fop_write_iter+0x2d0/0x410 [ 214.117477][ T771] ? cgroup_seqfile_stop+0xc0/0xc0 [ 214.122570][ T771] vfs_write+0xc1c/0xf40 [ 214.126805][ T771] ? __kasan_check_write+0x14/0x20 [ 214.131912][ T771] ? kernel_write+0x3c0/0x3c0 [ 214.136573][ T771] ? _raw_spin_unlock_irq+0x4e/0x70 [ 214.141750][ T771] ? ptrace_stop+0x6ff/0x9f0 [ 214.146321][ T771] ? __kasan_check_read+0x11/0x20 [ 214.151340][ T771] ? __fdget_pos+0x27e/0x310 [ 214.155912][ T771] ksys_write+0x198/0x2c0 [ 214.160235][ T771] ? do_notify_parent+0xa60/0xa60 [ 214.165240][ T771] ? __ia32_sys_read+0x90/0x90 [ 214.169990][ T771] ? __ia32_sys_open+0x270/0x270 [ 214.174908][ T771] __x64_sys_write+0x7b/0x90 [ 214.179473][ T771] do_syscall_64+0x34/0x70 [ 214.183865][ T771] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 214.189736][ T771] RIP: 0033:0x7fc8ece62c09 [ 214.194143][ T771] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 382] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 2 entries */, 32768) = 48 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 775] <... mount resumed>) = 0 [pid 771] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 775] open("./file0", O_RDONLY [pid 771] close(3 [pid 775] <... open resumed>) = 3 [pid 775] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 775] write(4, "-pids ", 6 [pid 771] <... close resumed>) = 0 [pid 771] close(4) = 0 [pid 771] close(5) = 0 [pid 771] close(6) = -1 EBADF (Bad file descriptor) [pid 771] close(7) = -1 EBADF (Bad file descriptor) [pid 771] close(8) = -1 EBADF (Bad file descriptor) [pid 771] close(9) = -1 EBADF (Bad file descriptor) [pid 771] close(10) = -1 EBADF (Bad file descriptor) [pid 771] close(11) = -1 EBADF (Bad file descriptor) [pid 771] close(12) = -1 EBADF (Bad file descriptor) [pid 771] close(13) = -1 EBADF (Bad file descriptor) [pid 771] close(14) = -1 EBADF (Bad file descriptor) [pid 771] close(15) = -1 EBADF (Bad file descriptor) [pid 771] close(16) = -1 EBADF (Bad file descriptor) [pid 771] close(17) = -1 EBADF (Bad file descriptor) [pid 771] close(18) = -1 EBADF (Bad file descriptor) [pid 771] close(19) = -1 EBADF (Bad file descriptor) [pid 771] close(20) = -1 EBADF (Bad file descriptor) [pid 771] close(21) = -1 EBADF (Bad file descriptor) [pid 771] close(22) = -1 EBADF (Bad file descriptor) [pid 771] close(23) = -1 EBADF (Bad file descriptor) [pid 771] close(24) = -1 EBADF (Bad file descriptor) [pid 771] close(25) = -1 EBADF (Bad file descriptor) [pid 771] close(26) = -1 EBADF (Bad file descriptor) [pid 771] close(27) = -1 EBADF (Bad file descriptor) [pid 771] close(28) = -1 EBADF (Bad file descriptor) [pid 771] close(29) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 771] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 771] exit_group(0) = ? [pid 771] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=60, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 383] umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./58/binderfs") = 0 [pid 383] umount2("./58/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 214.213738][ T771] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.222144][ T771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 214.230104][ T771] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 214.238059][ T771] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 214.246015][ T771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 214.253971][ T771] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003a [pid 383] lstat("./58/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./58/cgroup") = 0 [pid 383] umount2("./58/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./58/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./58/cgroup.net") = 0 [pid 383] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./58/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./58/file0") = 0 [pid 383] umount2("./58/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./58/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./58/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./58") = 0 [pid 383] mkdir("./59", 0777) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 61 ./strace-static-x86_64: Process 776 attached [pid 776] chdir("./59") = 0 [pid 776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 776] setpgid(0, 0) = 0 [pid 776] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 776] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 776] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 776] write(3, "1000", 4) = 4 [pid 776] close(3) = 0 [pid 776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 776] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 214.270684][ T763] FAULT_INJECTION: forcing a failure. [ 214.270684][ T763] name failslab, interval 1, probability 0, space 0, times 0 [ 214.283496][ T763] CPU: 0 PID: 763 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 214.295129][ T763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.305193][ T763] Call Trace: [ 214.308479][ T763] dump_stack_lvl+0x1e2/0x24b [ 214.313210][ T763] ? bfq_pos_tree_add_move+0x43e/0x43e [ 214.318658][ T763] ? selinux_kernfs_init_security+0x1a8/0x760 [ 214.324703][ T763] dump_stack+0x15/0x17 [ 214.328837][ T763] should_fail+0x3c0/0x510 [ 214.333230][ T763] ? __kernfs_new_node+0x99/0x6e0 [ 214.338230][ T763] __should_failslab+0x9f/0xe0 [ 214.342970][ T763] should_failslab+0x9/0x20 [ 214.347448][ T763] __kmalloc_track_caller+0x5f/0x350 [ 214.352705][ T763] kstrdup_const+0x55/0x90 [ 214.357103][ T763] __kernfs_new_node+0x99/0x6e0 [ 214.361941][ T763] ? is_module_text_address+0xe1/0x140 [ 214.367394][ T763] ? kernfs_new_node+0x170/0x170 [ 214.372320][ T763] ? ptr_to_hashval+0x60/0x60 [ 214.376969][ T763] ? arch_stack_walk+0xf8/0x140 [ 214.381881][ T763] ? snprintf+0xd6/0x120 [ 214.386099][ T763] kernfs_new_node+0x97/0x170 [ 214.390750][ T763] __kernfs_create_file+0x4a/0x270 [ 214.395844][ T763] cgroup_addrm_files+0xab8/0xfe0 [ 214.400852][ T763] ? ____kasan_kmalloc+0xdc/0x110 [ 214.405847][ T763] ? __kasan_kmalloc+0x9/0x10 [ 214.410504][ T763] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 214.416028][ T763] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 214.422160][ T763] ? delete_node+0x759/0x7b0 [ 214.426745][ T763] ? __kasan_check_read+0x11/0x20 [ 214.431839][ T763] ? delete_node+0x759/0x7b0 [ 214.436412][ T763] ? __kasan_check_write+0x14/0x20 [ 214.441505][ T763] ? idr_replace+0x1c4/0x230 [ 214.446080][ T763] ? idr_get_next+0x4b0/0x4b0 [ 214.450737][ T763] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 214.455755][ T763] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 214.460939][ T763] css_populate_dir+0x137/0x370 [ 214.465784][ T763] cgroup_apply_control_enable+0x8b9/0x12f0 [ 214.471662][ T763] cgroup_apply_control+0x93/0x710 [ 214.476752][ T763] ? css_next_child+0x160/0x160 [ 214.481585][ T763] ? stack_trace_save+0x12d/0x1f0 [ 214.486587][ T763] ? io_schedule+0x120/0x120 [ 214.491168][ T763] ? kernfs_fop_write_iter+0x15e/0x410 [ 214.496609][ T763] ? __kasan_check_write+0x14/0x20 [ 214.501701][ T763] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 214.506969][ T763] cgroup_subtree_control_write+0xd19/0x1310 [ 214.512936][ T763] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 214.518904][ T763] ? __kasan_check_write+0x14/0x20 [ 214.523996][ T763] ? _copy_from_iter+0x3fb/0xd60 [ 214.528918][ T763] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 214.534880][ T763] cgroup_file_write+0x28e/0x590 [ 214.539802][ T763] ? cgroup_seqfile_stop+0xc0/0xc0 [ 214.544891][ T763] ? mutex_lock+0xa6/0x110 [ 214.549284][ T763] ? mutex_trylock+0xb0/0xb0 [ 214.553851][ T763] ? __kasan_check_write+0x14/0x20 [ 214.558941][ T763] kernfs_fop_write_iter+0x2d0/0x410 [ 214.564205][ T763] ? cgroup_seqfile_stop+0xc0/0xc0 [ 214.569295][ T763] vfs_write+0xc1c/0xf40 [ 214.573515][ T763] ? __kasan_check_write+0x14/0x20 [ 214.578608][ T763] ? kernel_write+0x3c0/0x3c0 [ 214.583268][ T763] ? _raw_spin_unlock_irq+0x4e/0x70 [ 214.588443][ T763] ? ptrace_stop+0x6ff/0x9f0 [ 214.593013][ T763] ? __kasan_check_read+0x11/0x20 [ 214.598024][ T763] ? __fdget_pos+0x27e/0x310 [ 214.602592][ T763] ksys_write+0x198/0x2c0 [ 214.606902][ T763] ? do_notify_parent+0xa60/0xa60 [ 214.611904][ T763] ? __ia32_sys_read+0x90/0x90 [ 214.616645][ T763] ? __ia32_sys_open+0x270/0x270 [ 214.621560][ T763] __x64_sys_write+0x7b/0x90 [ 214.626130][ T763] do_syscall_64+0x34/0x70 [ 214.630523][ T763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 214.636408][ T763] RIP: 0033:0x7fc8ece62c09 [ 214.640808][ T763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 214.660387][ T763] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 776] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 763] <... write resumed>) = ? [pid 776] open("./file0", O_RDONLY [pid 763] +++ killed by SIGKILL +++ [pid 776] <... open resumed>) = 3 [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=68, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- [pid 382] umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 382] umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./66/binderfs") = 0 [pid 776] openat(3, "cgroup.subtree_control", O_RDWR [pid 382] umount2("./66/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./66/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 776] <... openat resumed>) = 4 [pid 382] unlink("./66/cgroup" [pid 776] write(4, "-pids ", 6 [pid 382] <... unlink resumed>) = 0 [pid 382] umount2("./66/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./66/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./66/cgroup.net") = 0 [pid 382] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./66/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./66/file0") = 0 [pid 382] umount2("./66/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./66/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 382] unlink("./66/cgroup.cpu") = 0 [pid 382] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./66") = 0 [pid 382] mkdir("./67", 0777) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 777 attached , child_tidptr=0x555556fab5d0) = 69 [pid 777] chdir("./67") = 0 [pid 777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 777] setpgid(0, 0) = 0 [pid 777] symlink("/syzcgroup/unified/syz5", "./cgroup") = 0 [pid 777] symlink("/syzcgroup/cpu/syz5", "./cgroup.cpu") = 0 [pid 777] symlink("/syzcgroup/net/syz5", "./cgroup.net") = 0 [pid 777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 777] write(3, "1000", 4) = 4 [pid 777] close(3) = 0 [pid 777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 777] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 777] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 777] open("./file0", O_RDONLY) = 3 [pid 777] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 214.668776][ T763] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 214.676726][ T763] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 214.684676][ T763] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 214.692625][ T763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 214.700573][ T763] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000042 [ 214.708724][ T763] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 777] write(4, "-pids ", 6 [pid 776] <... write resumed>) = 6 [pid 775] <... write resumed>) = 6 [pid 773] <... write resumed>) = 6 [pid 776] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 775] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 776] <... openat resumed>) = 5 [pid 775] <... openat resumed>) = 5 [pid 776] write(5, "22", 2 [pid 775] write(5, "22", 2 [pid 776] <... write resumed>) = 2 [pid 775] <... write resumed>) = 2 [pid 776] write(4, "+pids ", 6 [pid 775] write(4, "+pids ", 6 [pid 773] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 773] write(5, "22", 2) = 2 [ 214.740441][ T772] FAULT_INJECTION: forcing a failure. [ 214.740441][ T772] name failslab, interval 1, probability 0, space 0, times 0 [ 214.753139][ T772] CPU: 0 PID: 772 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 214.764745][ T772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.774780][ T772] Call Trace: [ 214.778059][ T772] dump_stack_lvl+0x1e2/0x24b [ 214.782712][ T772] ? bfq_pos_tree_add_move+0x43e/0x43e [ 214.788152][ T772] ? selinux_kernfs_init_security+0x1a8/0x760 [ 214.794192][ T772] dump_stack+0x15/0x17 [ 214.798321][ T772] should_fail+0x3c0/0x510 [ 214.802711][ T772] ? __kernfs_new_node+0x99/0x6e0 [ 214.807719][ T772] __should_failslab+0x9f/0xe0 [ 214.812466][ T772] should_failslab+0x9/0x20 [ 214.816944][ T772] __kmalloc_track_caller+0x5f/0x350 [ 214.822213][ T772] kstrdup_const+0x55/0x90 [ 214.826619][ T772] __kernfs_new_node+0x99/0x6e0 [ 214.831447][ T772] ? is_module_text_address+0xe1/0x140 [ 214.836879][ T772] ? kernfs_new_node+0x170/0x170 [ 214.841790][ T772] ? ptr_to_hashval+0x60/0x60 [ 214.846448][ T772] ? arch_stack_walk+0xf8/0x140 [ 214.851281][ T772] ? snprintf+0xd6/0x120 [ 214.855497][ T772] kernfs_new_node+0x97/0x170 [ 214.860153][ T772] __kernfs_create_file+0x4a/0x270 [ 214.865250][ T772] cgroup_addrm_files+0xab8/0xfe0 [ 214.870254][ T772] ? ____kasan_kmalloc+0xdc/0x110 [ 214.875258][ T772] ? __kasan_kmalloc+0x9/0x10 [ 214.879911][ T772] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 214.885430][ T772] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 214.891562][ T772] ? delete_node+0x759/0x7b0 [ 214.896126][ T772] ? __kasan_check_read+0x11/0x20 [ 214.901123][ T772] ? delete_node+0x759/0x7b0 [ 214.905688][ T772] ? __kasan_check_write+0x14/0x20 [ 214.910789][ T772] ? idr_replace+0x1c4/0x230 [ 214.915366][ T772] ? idr_get_next+0x4b0/0x4b0 [ 214.920013][ T772] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 214.925018][ T772] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 214.930198][ T772] css_populate_dir+0x137/0x370 [ 214.935034][ T772] cgroup_apply_control_enable+0x8b9/0x12f0 [ 214.940921][ T772] cgroup_apply_control+0x93/0x710 [ 214.946013][ T772] ? css_next_child+0x160/0x160 [ 214.950845][ T772] ? stack_trace_save+0x12d/0x1f0 [ 214.955850][ T772] ? io_schedule+0x120/0x120 [ 214.960415][ T772] ? kernfs_fop_write_iter+0x15e/0x410 [ 214.965846][ T772] ? __kasan_check_write+0x14/0x20 [ 214.970940][ T772] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 214.976217][ T772] cgroup_subtree_control_write+0xd19/0x1310 [ 214.982196][ T772] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 214.988162][ T772] ? __kasan_check_write+0x14/0x20 [ 214.993256][ T772] ? _copy_from_iter+0x3fb/0xd60 [ 214.998164][ T772] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 215.004113][ T772] cgroup_file_write+0x28e/0x590 [ 215.009023][ T772] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.014110][ T772] ? mutex_lock+0xa6/0x110 [ 215.018499][ T772] ? mutex_trylock+0xb0/0xb0 [ 215.023065][ T772] ? __kasan_check_write+0x14/0x20 [ 215.028159][ T772] kernfs_fop_write_iter+0x2d0/0x410 [ 215.033433][ T772] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.038525][ T772] vfs_write+0xc1c/0xf40 [ 215.042741][ T772] ? __kasan_check_write+0x14/0x20 [ 215.047834][ T772] ? kernel_write+0x3c0/0x3c0 [ 215.052500][ T772] ? _raw_spin_unlock_irq+0x4e/0x70 [ 215.057674][ T772] ? ptrace_stop+0x6ff/0x9f0 [ 215.062246][ T772] ? __kasan_check_read+0x11/0x20 [ 215.067253][ T772] ? __fdget_pos+0x27e/0x310 [ 215.071814][ T772] ksys_write+0x198/0x2c0 [ 215.076116][ T772] ? do_notify_parent+0xa60/0xa60 [ 215.081115][ T772] ? __ia32_sys_read+0x90/0x90 [ 215.085859][ T772] ? __ia32_sys_open+0x270/0x270 [ 215.090773][ T772] __x64_sys_write+0x7b/0x90 [ 215.095341][ T772] do_syscall_64+0x34/0x70 [ 215.099741][ T772] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 215.105608][ T772] RIP: 0033:0x7fc8ece62c09 [ 215.109999][ T772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.129587][ T772] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 773] write(4, "+pids ", 6 [pid 772] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 772] close(3) = 0 [pid 772] close(4) = 0 [pid 772] close(5) = 0 [pid 772] close(6) = -1 EBADF (Bad file descriptor) [pid 772] close(7) = -1 EBADF (Bad file descriptor) [pid 772] close(8) = -1 EBADF (Bad file descriptor) [pid 772] close(9) = -1 EBADF (Bad file descriptor) [pid 772] close(10) = -1 EBADF (Bad file descriptor) [pid 772] close(11) = -1 EBADF (Bad file descriptor) [pid 772] close(12) = -1 EBADF (Bad file descriptor) [pid 772] close(13) = -1 EBADF (Bad file descriptor) [pid 772] close(14) = -1 EBADF (Bad file descriptor) [pid 772] close(15) = -1 EBADF (Bad file descriptor) [pid 772] close(16) = -1 EBADF (Bad file descriptor) [pid 772] close(17) = -1 EBADF (Bad file descriptor) [pid 772] close(18) = -1 EBADF (Bad file descriptor) [pid 772] close(19) = -1 EBADF (Bad file descriptor) [pid 772] close(20) = -1 EBADF (Bad file descriptor) [pid 772] close(21) = -1 EBADF (Bad file descriptor) [pid 772] close(22) = -1 EBADF (Bad file descriptor) [pid 772] close(23) = -1 EBADF (Bad file descriptor) [pid 772] close(24) = -1 EBADF (Bad file descriptor) [pid 772] close(25) = -1 EBADF (Bad file descriptor) [pid 772] close(26) = -1 EBADF (Bad file descriptor) [pid 772] close(27) = -1 EBADF (Bad file descriptor) [pid 772] close(28) = -1 EBADF (Bad file descriptor) [pid 772] close(29) = -1 EBADF (Bad file descriptor) [pid 772] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 772] exit_group(0) = ? [pid 772] +++ exited with 0 +++ [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=64, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 380] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 380] umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 380] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 380] umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 380] unlink("./62/binderfs") = 0 [pid 380] umount2("./62/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./62/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 380] unlink("./62/cgroup") = 0 [pid 380] umount2("./62/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./62/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 380] unlink("./62/cgroup.net") = 0 [pid 380] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 380] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./62/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 380] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 380] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 380] close(4) = 0 [pid 380] rmdir("./62/file0") = 0 [pid 380] umount2("./62/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./62/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [ 215.138005][ T772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 215.145975][ T772] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 215.153939][ T772] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 215.161907][ T772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 215.169865][ T772] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003e [ 215.177978][ T772] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 380] unlink("./62/cgroup.cpu") = 0 [pid 380] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./62") = 0 [pid 380] mkdir("./63", 0777) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 778 attached [pid 778] chdir("./63" [pid 380] <... clone resumed>, child_tidptr=0x555556fab5d0) = 65 [pid 778] <... chdir resumed>) = 0 [pid 778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 778] setpgid(0, 0) = 0 [pid 778] symlink("/syzcgroup/unified/syz2", "./cgroup") = 0 [pid 778] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu") = 0 [pid 778] symlink("/syzcgroup/net/syz2", "./cgroup.net") = 0 [pid 778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 778] write(3, "1000", 4) = 4 [pid 778] close(3) = 0 [pid 778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 778] mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 215.210579][ T773] FAULT_INJECTION: forcing a failure. [ 215.210579][ T773] name failslab, interval 1, probability 0, space 0, times 0 [ 215.223661][ T773] CPU: 0 PID: 773 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 215.235271][ T773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.245305][ T773] Call Trace: [ 215.248580][ T773] dump_stack_lvl+0x1e2/0x24b [ 215.253231][ T773] ? bfq_pos_tree_add_move+0x43e/0x43e [ 215.258675][ T773] ? selinux_kernfs_init_security+0x1a8/0x760 [ 215.264729][ T773] dump_stack+0x15/0x17 [ 215.268873][ T773] should_fail+0x3c0/0x510 [ 215.273274][ T773] ? __kernfs_new_node+0x99/0x6e0 [ 215.278280][ T773] __should_failslab+0x9f/0xe0 [ 215.283019][ T773] should_failslab+0x9/0x20 [ 215.287500][ T773] __kmalloc_track_caller+0x5f/0x350 [ 215.292764][ T773] kstrdup_const+0x55/0x90 [ 215.297156][ T773] __kernfs_new_node+0x99/0x6e0 [ 215.301993][ T773] ? is_module_text_address+0xe1/0x140 [ 215.307436][ T773] ? kernfs_new_node+0x170/0x170 [ 215.312347][ T773] ? ptr_to_hashval+0x60/0x60 [ 215.317000][ T773] ? arch_stack_walk+0xf8/0x140 [ 215.321841][ T773] ? snprintf+0xd6/0x120 [ 215.326067][ T773] kernfs_new_node+0x97/0x170 [ 215.330721][ T773] __kernfs_create_file+0x4a/0x270 [ 215.335810][ T773] cgroup_addrm_files+0xab8/0xfe0 [ 215.340817][ T773] ? ____kasan_kmalloc+0xdc/0x110 [ 215.345832][ T773] ? __kasan_kmalloc+0x9/0x10 [ 215.350483][ T773] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 215.356002][ T773] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 215.362128][ T773] ? delete_node+0x759/0x7b0 [ 215.366691][ T773] ? __kasan_check_read+0x11/0x20 [ 215.371687][ T773] ? delete_node+0x759/0x7b0 [ 215.376254][ T773] ? __kasan_check_write+0x14/0x20 [ 215.381338][ T773] ? idr_replace+0x1c4/0x230 [ 215.385908][ T773] ? idr_get_next+0x4b0/0x4b0 [ 215.390564][ T773] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 215.395570][ T773] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 215.400751][ T773] css_populate_dir+0x137/0x370 [ 215.405586][ T773] cgroup_apply_control_enable+0x8b9/0x12f0 [ 215.411459][ T773] cgroup_apply_control+0x93/0x710 [ 215.416562][ T773] ? css_next_child+0x160/0x160 [ 215.421397][ T773] ? io_schedule+0x120/0x120 [ 215.425976][ T773] ? kernfs_fop_write_iter+0x15e/0x410 [ 215.431412][ T773] ? __kasan_check_write+0x14/0x20 [ 215.436500][ T773] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 215.441759][ T773] cgroup_subtree_control_write+0xd19/0x1310 [ 215.447722][ T773] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 215.453683][ T773] ? __kasan_check_write+0x14/0x20 [ 215.458775][ T773] ? _copy_from_iter+0x3fb/0xd60 [ 215.463688][ T773] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 215.469653][ T773] cgroup_file_write+0x28e/0x590 [ 215.474590][ T773] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.479688][ T773] ? mutex_lock+0xa6/0x110 [ 215.484082][ T773] ? mutex_trylock+0xb0/0xb0 [ 215.488650][ T773] ? __kasan_check_write+0x14/0x20 [ 215.493739][ T773] kernfs_fop_write_iter+0x2d0/0x410 [ 215.498995][ T773] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.504090][ T773] vfs_write+0xc1c/0xf40 [ 215.508325][ T773] ? __kasan_check_write+0x14/0x20 [ 215.513419][ T773] ? kernel_write+0x3c0/0x3c0 [ 215.518115][ T773] ? _raw_spin_unlock_irq+0x4e/0x70 [ 215.523289][ T773] ? ptrace_stop+0x6ff/0x9f0 [ 215.527854][ T773] ? __kasan_check_read+0x11/0x20 [ 215.532874][ T773] ? __fdget_pos+0x27e/0x310 [ 215.537447][ T773] ksys_write+0x198/0x2c0 [ 215.541759][ T773] ? do_notify_parent+0xa60/0xa60 [ 215.546764][ T773] ? __ia32_sys_read+0x90/0x90 [ 215.551504][ T773] ? __ia32_sys_open+0x270/0x270 [ 215.556419][ T773] __x64_sys_write+0x7b/0x90 [ 215.560985][ T773] do_syscall_64+0x34/0x70 [ 215.565374][ T773] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 215.571241][ T773] RIP: 0033:0x7fc8ece62c09 [ 215.575632][ T773] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 215.595216][ T773] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 215.603606][ T773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [pid 778] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 773] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 778] open("./file0", O_RDONLY) = 3 [pid 773] close(3 [pid 778] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 773] <... close resumed>) = 0 [pid 778] write(4, "-pids ", 6 [pid 773] close(4) = 0 [pid 773] close(5) = 0 [pid 773] close(6) = -1 EBADF (Bad file descriptor) [pid 773] close(7) = -1 EBADF (Bad file descriptor) [pid 773] close(8) = -1 EBADF (Bad file descriptor) [pid 773] close(9) = -1 EBADF (Bad file descriptor) [pid 773] close(10) = -1 EBADF (Bad file descriptor) [pid 773] close(11) = -1 EBADF (Bad file descriptor) [pid 773] close(12) = -1 EBADF (Bad file descriptor) [pid 773] close(13) = -1 EBADF (Bad file descriptor) [pid 773] close(14) = -1 EBADF (Bad file descriptor) [pid 773] close(15) = -1 EBADF (Bad file descriptor) [pid 773] close(16) = -1 EBADF (Bad file descriptor) [pid 773] close(17) = -1 EBADF (Bad file descriptor) [pid 773] close(18) = -1 EBADF (Bad file descriptor) [pid 773] close(19) = -1 EBADF (Bad file descriptor) [pid 773] close(20) = -1 EBADF (Bad file descriptor) [pid 773] close(21) = -1 EBADF (Bad file descriptor) [pid 773] close(22) = -1 EBADF (Bad file descriptor) [pid 773] close(23) = -1 EBADF (Bad file descriptor) [pid 773] close(24) = -1 EBADF (Bad file descriptor) [pid 773] close(25) = -1 EBADF (Bad file descriptor) [pid 773] close(26) = -1 EBADF (Bad file descriptor) [pid 773] close(27) = -1 EBADF (Bad file descriptor) [pid 773] close(28) = -1 EBADF (Bad file descriptor) [pid 773] close(29) = -1 EBADF (Bad file descriptor) [pid 773] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 773] exit_group(0) = ? [pid 773] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=70, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 375] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 375] umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 375] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 375] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 375] umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 375] unlink("./68/binderfs") = 0 [pid 375] umount2("./68/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./68/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 375] unlink("./68/cgroup") = 0 [ 215.611565][ T773] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 215.619514][ T773] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 215.627462][ T773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 215.635499][ T773] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000044 [ 215.643642][ T773] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 375] umount2("./68/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./68/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./68/cgroup.net") = 0 [pid 375] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 375] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./68/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 215.670359][ T775] FAULT_INJECTION: forcing a failure. [ 215.670359][ T775] name failslab, interval 1, probability 0, space 0, times 0 [ 215.682987][ T775] CPU: 1 PID: 775 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 215.694621][ T775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.704654][ T775] Call Trace: [ 215.707925][ T775] dump_stack_lvl+0x1e2/0x24b [ 215.712589][ T775] ? bfq_pos_tree_add_move+0x43e/0x43e [ 215.718035][ T775] ? selinux_kernfs_init_security+0x1a8/0x760 [ 215.724075][ T775] dump_stack+0x15/0x17 [ 215.728207][ T775] should_fail+0x3c0/0x510 [ 215.732600][ T775] ? __kernfs_new_node+0x99/0x6e0 [ 215.737607][ T775] __should_failslab+0x9f/0xe0 [ 215.742361][ T775] should_failslab+0x9/0x20 [ 215.746856][ T775] __kmalloc_track_caller+0x5f/0x350 [ 215.752116][ T775] kstrdup_const+0x55/0x90 [ 215.756507][ T775] __kernfs_new_node+0x99/0x6e0 [ 215.761341][ T775] ? is_module_text_address+0xe1/0x140 [ 215.766782][ T775] ? kernfs_new_node+0x170/0x170 [ 215.771700][ T775] ? ptr_to_hashval+0x60/0x60 [ 215.776366][ T775] ? arch_stack_walk+0xf8/0x140 [ 215.781203][ T775] ? snprintf+0xd6/0x120 [ 215.785417][ T775] kernfs_new_node+0x97/0x170 [ 215.790073][ T775] __kernfs_create_file+0x4a/0x270 [ 215.795164][ T775] cgroup_addrm_files+0xab8/0xfe0 [ 215.800173][ T775] ? ____kasan_kmalloc+0xdc/0x110 [ 215.805169][ T775] ? __kasan_kmalloc+0x9/0x10 [ 215.809817][ T775] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 215.815339][ T775] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 215.821465][ T775] ? delete_node+0x759/0x7b0 [ 215.826028][ T775] ? __kasan_check_read+0x11/0x20 [ 215.831029][ T775] ? delete_node+0x759/0x7b0 [ 215.835601][ T775] ? __kasan_check_write+0x14/0x20 [ 215.840685][ T775] ? idr_replace+0x1c4/0x230 [ 215.845250][ T775] ? idr_get_next+0x4b0/0x4b0 [ 215.849912][ T775] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 215.854919][ T775] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 215.860101][ T775] css_populate_dir+0x137/0x370 [ 215.864945][ T775] cgroup_apply_control_enable+0x8b9/0x12f0 [ 215.870835][ T775] cgroup_apply_control+0x93/0x710 [ 215.875929][ T775] ? css_next_child+0x160/0x160 [ 215.880756][ T775] ? stack_trace_save+0x12d/0x1f0 [ 215.885759][ T775] ? io_schedule+0x120/0x120 [ 215.890321][ T775] ? kernfs_fop_write_iter+0x15e/0x410 [ 215.895762][ T775] ? __kasan_check_write+0x14/0x20 [ 215.900856][ T775] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 215.906124][ T775] cgroup_subtree_control_write+0xd19/0x1310 [ 215.912097][ T775] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 215.918067][ T775] ? __kasan_check_write+0x14/0x20 [ 215.923162][ T775] ? _copy_from_iter+0x3fb/0xd60 [ 215.928080][ T775] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 215.934056][ T775] cgroup_file_write+0x28e/0x590 [ 215.938976][ T775] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.944060][ T775] ? mutex_lock+0xa6/0x110 [ 215.948448][ T775] ? mutex_trylock+0xb0/0xb0 [ 215.953037][ T775] ? __kasan_check_write+0x14/0x20 [ 215.958121][ T775] kernfs_fop_write_iter+0x2d0/0x410 [ 215.963377][ T775] ? cgroup_seqfile_stop+0xc0/0xc0 [ 215.968464][ T775] vfs_write+0xc1c/0xf40 [ 215.972685][ T775] ? __kasan_check_write+0x14/0x20 [ 215.977780][ T775] ? kernel_write+0x3c0/0x3c0 [ 215.982428][ T775] ? _raw_spin_unlock_irq+0x4e/0x70 [ 215.987597][ T775] ? ptrace_stop+0x6ff/0x9f0 [ 215.992163][ T775] ? __kasan_check_read+0x11/0x20 [ 215.997161][ T775] ? __fdget_pos+0x27e/0x310 [ 216.001725][ T775] ksys_write+0x198/0x2c0 [ 216.006091][ T775] ? do_notify_parent+0xa60/0xa60 [ 216.011097][ T775] ? __ia32_sys_read+0x90/0x90 [ 216.015834][ T775] ? __ia32_sys_open+0x270/0x270 [ 216.020747][ T775] __x64_sys_write+0x7b/0x90 [ 216.025310][ T775] do_syscall_64+0x34/0x70 [ 216.029704][ T775] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 216.035567][ T775] RIP: 0033:0x7fc8ece62c09 [ 216.039954][ T775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.059543][ T775] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 375] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 375] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 375] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 375] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 375] close(4) = 0 [pid 375] rmdir("./68/file0") = 0 [pid 375] umount2("./68/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 375] lstat("./68/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 375] unlink("./68/cgroup.cpu") = 0 [pid 375] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 375] close(3) = 0 [pid 375] rmdir("./68") = 0 [pid 375] mkdir("./69", 0777) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fab5d0) = 71 ./strace-static-x86_64: Process 779 attached [pid 779] chdir("./69") = 0 [pid 779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 779] setpgid(0, 0) = 0 [pid 779] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 779] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 779] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 779] write(3, "1000", 4) = 4 [pid 779] close(3) = 0 [pid 779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 779] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 779] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 775] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 779] open("./file0", O_RDONLY [pid 775] close(3 [pid 779] <... open resumed>) = 3 [pid 779] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 779] write(4, "-pids ", 6 [pid 775] <... close resumed>) = 0 [pid 775] close(4) = 0 [pid 775] close(5) = 0 [pid 775] close(6) = -1 EBADF (Bad file descriptor) [pid 775] close(7) = -1 EBADF (Bad file descriptor) [pid 775] close(8) = -1 EBADF (Bad file descriptor) [pid 775] close(9) = -1 EBADF (Bad file descriptor) [pid 775] close(10) = -1 EBADF (Bad file descriptor) [pid 775] close(11) = -1 EBADF (Bad file descriptor) [pid 775] close(12) = -1 EBADF (Bad file descriptor) [pid 775] close(13) = -1 EBADF (Bad file descriptor) [pid 775] close(14) = -1 EBADF (Bad file descriptor) [pid 775] close(15) = -1 EBADF (Bad file descriptor) [pid 775] close(16) = -1 EBADF (Bad file descriptor) [pid 775] close(17) = -1 EBADF (Bad file descriptor) [pid 775] close(18) = -1 EBADF (Bad file descriptor) [pid 775] close(19) = -1 EBADF (Bad file descriptor) [pid 775] close(20) = -1 EBADF (Bad file descriptor) [pid 775] close(21) = -1 EBADF (Bad file descriptor) [pid 775] close(22) = -1 EBADF (Bad file descriptor) [pid 775] close(23) = -1 EBADF (Bad file descriptor) [pid 775] close(24) = -1 EBADF (Bad file descriptor) [pid 775] close(25) = -1 EBADF (Bad file descriptor) [pid 775] close(26) = -1 EBADF (Bad file descriptor) [pid 775] close(27) = -1 EBADF (Bad file descriptor) [pid 775] close(28) = -1 EBADF (Bad file descriptor) [pid 775] close(29) = -1 EBADF (Bad file descriptor) [pid 775] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = 89 [pid 775] exit_group(0) = ? [pid 775] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=67, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 381] umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 381] umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./65/binderfs") = 0 [pid 381] umount2("./65/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./65/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./65/cgroup") = 0 [pid 381] umount2("./65/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./65/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./65/cgroup.net") = 0 [ 216.067942][ T775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 216.075897][ T775] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 216.083853][ T775] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 216.091809][ T775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 216.099764][ T775] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 0000000000000041 [ 216.108563][ T775] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 381] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 779] <... write resumed>) = 6 [ 216.126846][ T381] ------------[ cut here ]------------ [ 216.132367][ T381] WARNING: CPU: 0 PID: 381 at fs/namespace.c:1168 mntput_no_expire+0x48a/0x6c0 [ 216.141295][ T381] Modules linked in: [ 216.145179][ T381] CPU: 0 PID: 381 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 216.156788][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.166854][ T381] RIP: 0010:mntput_no_expire+0x48a/0x6c0 [ 216.170477][ T776] FAULT_INJECTION: forcing a failure. [ 216.170477][ T776] name failslab, interval 1, probability 0, space 0, times 0 [ 216.172484][ T381] Code: 48 c7 c2 80 02 44 86 e8 64 f0 8e ff e9 8b fc ff ff e8 ba 21 b6 ff e9 81 fc ff ff e8 b0 21 b6 ff e9 77 fc ff ff e8 a6 21 b6 ff <0f> 0b e9 f4 fc ff ff e8 9a 21 b6 ff e8 65 ad a2 ff e9 ea fc ff ff [ 216.172497][ T381] RSP: 0018:ffffc90000b37ba0 EFLAGS: 00010293 [ 216.198628][ T776] CPU: 1 PID: 776 Comm: syz-executor971 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 216.204680][ T381] [ 216.210685][ T776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.210689][ T776] Call Trace: [ 216.210707][ T776] dump_stack_lvl+0x1e2/0x24b [ 216.210724][ T776] ? bfq_pos_tree_add_move+0x43e/0x43e [ 216.222323][ T381] RAX: ffffffff81b68f1a RBX: 00000000ffffffff RCX: ffff8881065813c0 [ 216.224621][ T776] ? selinux_kernfs_init_security+0x1a8/0x760 [ 216.234652][ T381] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 216.237909][ T776] dump_stack+0x15/0x17 [ 216.242558][ T381] RBP: ffffc90000b37c70 R08: ffffffff81b68c08 R09: 0000000000000003 [ 216.247993][ T776] should_fail+0x3c0/0x510 [ 216.255940][ T381] R10: fffff52000166f65 R11: 1ffff92000166f64 R12: dffffc0000000000 [ 216.261968][ T776] ? __kernfs_new_node+0x99/0x6e0 [ 216.261985][ T776] __should_failslab+0x9f/0xe0 [ 216.269926][ T381] R13: ffff888110913a40 R14: ffffc90000b37c00 R15: 1ffff92000166f7c [ 216.274048][ T776] should_failslab+0x9/0x20 [ 216.274066][ T776] __kmalloc_track_caller+0x5f/0x350 [ 216.282035][ T381] FS: 0000555556fab300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 216.286413][ T776] kstrdup_const+0x55/0x90 [ 216.294371][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 216.299366][ T776] __kernfs_new_node+0x99/0x6e0 [ 216.304110][ T381] CR2: 00007ffd7d0e1c18 CR3: 000000011dddb000 CR4: 00000000003506b0 [ 216.312050][ T776] ? is_module_text_address+0xe1/0x140 [ 216.312067][ T776] ? kernfs_new_node+0x170/0x170 [ 216.316545][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 216.321828][ T776] ? ptr_to_hashval+0x60/0x60 [ 216.321837][ T776] ? arch_stack_walk+0xf8/0x140 [ 216.321855][ T776] ? snprintf+0xd6/0x120 [ 216.330763][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 216.335149][ T776] kernfs_new_node+0x97/0x170 [ 216.341798][ T381] Call Trace: [ 216.346612][ T776] __kernfs_create_file+0x4a/0x270 [ 216.354570][ T381] ? io_schedule+0x120/0x120 [ 216.359989][ T776] cgroup_addrm_files+0xab8/0xfe0 [ 216.364910][ T381] ? vfs_submount+0xb0/0xb0 [ 216.372843][ T776] ? ____kasan_kmalloc+0xdc/0x110 [ 216.372852][ T776] ? __kasan_kmalloc+0x9/0x10 [ 216.372870][ T776] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 216.377515][ T381] ? shrink_dentry_list+0x4ec/0x500 [ 216.382335][ T776] ? trace_raw_output_cgroup_event+0x1f0/0x1f0 [ 216.382351][ T776] ? delete_node+0x759/0x7b0 [ 216.386565][ T381] ? __kasan_check_write+0x14/0x20 [ 216.394506][ T776] ? __kasan_check_read+0x11/0x20 [ 216.394521][ T776] ? delete_node+0x759/0x7b0 [ 216.399170][ T381] namespace_unlock+0x448/0x4f0 [ 216.402419][ T776] ? __kasan_check_write+0x14/0x20 [ 216.402436][ T776] ? idr_replace+0x1c4/0x230 [ 216.407517][ T381] ? umount_tree+0xf50/0xf50 [ 216.412071][ T776] ? idr_get_next+0x4b0/0x4b0 [ 216.412086][ T776] ? _raw_spin_lock_bh+0xa3/0x1b0 [ 216.417079][ T381] ? __detach_mounts+0x670/0x670 [ 216.421545][ T776] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 216.421555][ T776] css_populate_dir+0x137/0x370 [ 216.421572][ T776] cgroup_apply_control_enable+0x8b9/0x12f0 [ 216.426562][ T381] ? selinux_umount+0xf0/0x130 [ 216.431206][ T776] cgroup_apply_control+0x93/0x710 [ 216.431222][ T776] ? css_next_child+0x160/0x160 [ 216.436744][ T381] ? security_sb_umount+0x9d/0xb0 [ 216.441903][ T776] ? stack_trace_save+0x12d/0x1f0 [ 216.441912][ T776] ? io_schedule+0x120/0x120 [ 216.441928][ T776] ? kernfs_fop_write_iter+0x15e/0x410 [ 216.448050][ T381] path_umount+0xf03/0xfb0 [ 216.452602][ T776] ? __kasan_check_write+0x14/0x20 [ 216.452618][ T776] ? cgroup_kn_lock_live+0x1b0/0x2f0 [ 216.457699][ T381] ? namespace_unlock+0x4f0/0x4f0 [ 216.462687][ T776] cgroup_subtree_control_write+0xd19/0x1310 [ 216.462703][ T776] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 216.467264][ T381] ? user_path_at_empty+0x40/0x50 [ 216.472092][ T776] ? __kasan_check_write+0x14/0x20 [ 216.472105][ T776] ? _copy_from_iter+0x3fb/0xd60 [ 216.472125][ T776] ? cgroup_subtree_control_show+0x1d0/0x1d0 [ 216.477225][ T381] __x64_sys_umount+0x122/0x170 [ 216.481777][ T776] cgroup_file_write+0x28e/0x590 [ 216.481787][ T776] ? cgroup_seqfile_stop+0xc0/0xc0 [ 216.481796][ T776] ? mutex_lock+0xa6/0x110 [ 216.481818][ T776] ? mutex_trylock+0xb0/0xb0 [ 216.486377][ T381] ? path_umount+0xfb0/0xfb0 [ 216.491022][ T776] ? __kasan_check_write+0x14/0x20 [ 216.491039][ T776] kernfs_fop_write_iter+0x2d0/0x410 [ 216.496048][ T381] ? syscall_enter_from_user_mode+0x58/0x1b0 [ 216.500958][ T776] ? cgroup_seqfile_stop+0xc0/0xc0 [ 216.500970][ T776] vfs_write+0xc1c/0xf40 [ 216.500988][ T776] ? __kasan_check_write+0x14/0x20 [ 216.506157][ T381] do_syscall_64+0x34/0x70 [ 216.510978][ T776] ? kernel_write+0x3c0/0x3c0 [ 216.510987][ T776] ? _raw_spin_unlock_irq+0x4e/0x70 [ 216.511002][ T776] ? ptrace_stop+0x6ff/0x9f0 [ 216.516879][ T381] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 216.521610][ T776] ? __kasan_check_read+0x11/0x20 [ 216.521619][ T776] ? __fdget_pos+0x27e/0x310 [ 216.521637][ T776] ksys_write+0x198/0x2c0 [ 216.526716][ T381] RIP: 0033:0x7fc8ece63fb7 [ 216.531548][ T776] ? do_notify_parent+0xa60/0xa60 [ 216.531559][ T776] ? __ia32_sys_read+0x90/0x90 [ 216.531577][ T776] ? __ia32_sys_open+0x270/0x270 [ 216.536574][ T381] Code: 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.541567][ T776] __x64_sys_write+0x7b/0x90 [ 216.541579][ T776] do_syscall_64+0x34/0x70 [ 216.541597][ T776] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 216.546245][ T381] RSP: 002b:00007ffd7d0e2358 EFLAGS: 00000202 [ 216.551668][ T776] RIP: 0033:0x7fc8ece62c09 [ 216.551679][ T776] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 216.551692][ T776] RSP: 002b:00007ffd7d0e3448 EFLAGS: 00000246 [ 216.556078][ T381] ORIG_RAX: 00000000000000a6 [ 216.561153][ T776] ORIG_RAX: 0000000000000001 [ 216.561162][ T776] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc8ece62c09 [ 216.561176][ T776] RDX: 0000000000000006 RSI: 00000000200000c0 RDI: 0000000000000004 [ 216.566440][ T381] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8ece63fb7 [ 216.571429][ T776] RBP: 00007ffd7d0e3470 R08: 0000000000000002 R09: 00007ffd7d0e3480 [ 216.571436][ T776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 216.571443][ T776] R13: 00007ffd7d0e3490 R14: 00007ffd7d0e34d0 R15: 000000000000003b [ 216.848685][ T381] RDX: 00007ffd7d0e241a RSI: 000000000000000a RDI: 00007ffd7d0e2410 [ 216.856649][ T381] RBP: 00007ffd7d0e2410 R08: 00000000ffffffff R09: 00007ffd7d0e21f0 [ 216.864621][ T381] R10: 0000555556fad6a3 R11: 0000000000000202 R12: 00007ffd7d0e3490 [pid 779] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 776] <... write resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 381] <... umount2 resumed>) = 0 [pid 776] close(3 [pid 779] <... openat resumed>) = 5 [pid 776] <... close resumed>) = 0 [pid 381] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 779] write(5, "22", 2 [pid 776] close(4 [pid 779] <... write resumed>) = 2 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 779] write(4, "+pids ", 6 [pid 776] <... close resumed>) = 0 [pid 776] close(5 [pid 381] lstat("./65/file0", [pid 776] <... close resumed>) = 0 [pid 381] <... lstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 776] close(6 [pid 381] umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 776] close(7 [pid 381] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(8 [pid 381] <... openat resumed>) = 4 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] fstat(4, [pid 776] close(9 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(10 [pid 381] getdents64(4, [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... getdents64 resumed>0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 776] close(11 [pid 381] getdents64(4, [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] <... getdents64 resumed>0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 776] close(12 [pid 381] close(4 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(13 [pid 381] <... close resumed>) = 0 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] rmdir("./65/file0" [pid 776] close(14) = -1 EBADF (Bad file descriptor) [pid 776] close(15 [pid 381] <... rmdir resumed>) = 0 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(16 [pid 381] umount2("./65/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(17 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] lstat("./65/cgroup.cpu", [pid 776] close(18) = -1 EBADF (Bad file descriptor) [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 776] close(19 [pid 381] unlink("./65/cgroup.cpu" [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(20 [pid 381] <... unlink resumed>) = 0 [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(21) = -1 EBADF (Bad file descriptor) [pid 776] close(22 [pid 381] getdents64(3, [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(23) = -1 EBADF (Bad file descriptor) [pid 776] close(24) = -1 EBADF (Bad file descriptor) [pid 776] close(25) = -1 EBADF (Bad file descriptor) [pid 381] <... getdents64 resumed>0x555556fad630 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./65") = 0 [pid 381] mkdir("./66", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 780 attached , child_tidptr=0x555556fab5d0) = 68 [pid 780] chdir("./66") = 0 [pid 776] close(26) = -1 EBADF (Bad file descriptor) [pid 776] close(27) = -1 EBADF (Bad file descriptor) [pid 776] close(28 [pid 780] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 776] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 776] close(29) = -1 EBADF (Bad file descriptor) [pid 780] <... prctl resumed>) = 0 [pid 780] setpgid(0, 0) = 0 [pid 780] symlink("/syzcgroup/unified/syz3", "./cgroup"write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 776] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 776] exit_group(0) = ? [pid 780] <... symlink resumed>) = 0 [pid 780] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu") = 0 [pid 780] symlink("/syzcgroup/net/syz3", "./cgroup.net") = 0 [pid 780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 776] +++ exited with 0 +++ [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=61, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 383] restart_syscall(<... resuming interrupted clone ...> [pid 780] write(3, "1000", 4) = 4 [pid 780] close(3) = 0 [pid 780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 780] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 780] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 780] open("./file0", O_RDONLY) = 3 [pid 780] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [pid 780] write(4, "-pids ", 6 [pid 383] <... restart_syscall resumed>) = 0 [pid 383] umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556fad630 /* 7 entries */, 32768) = 208 [pid 383] umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./59/binderfs") = 0 [pid 383] umount2("./59/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./59/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 383] unlink("./59/cgroup") = 0 [pid 383] umount2("./59/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./59/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./59/cgroup.net") = 0 [pid 383] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 383] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./59/file0", {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 383] fstat(4, {st_mode=S_IFDIR|000, st_size=4096, ...}) = 0 [pid 383] getdents64(4, 0x555556fb5670 /* 2 entries */, 32768) = 48 [pid 383] getdents64(4, 0x555556fb5670 /* 0 entries */, 32768) = 0 [pid 383] close(4) = 0 [pid 383] rmdir("./59/file0") = 0 [pid 383] umount2("./59/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./59/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 383] unlink("./59/cgroup.cpu") = 0 [pid 383] getdents64(3, 0x555556fad630 /* 0 entries */, 32768) = 0 [pid 383] close(3) = 0 [pid 383] rmdir("./59") = 0 [pid 383] mkdir("./60", 0777) = 0 [ 216.872599][ T381] R13: 0000555556fad600 R14: 00007ffd7d0e2380 R15: 0000000000000042 [ 216.880563][ T381] ---[ end trace d4de1ca9cdcd19ae ]--- [ 216.886063][ T776] cgroup: cgroup_addrm_files: failed to add max, err=-12 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 781 attached [pid 781] chdir("./60" [pid 383] <... clone resumed>, child_tidptr=0x555556fab5d0) = 62 [pid 781] <... chdir resumed>) = 0 [pid 781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 781] setpgid(0, 0) = 0 [pid 781] symlink("/syzcgroup/unified/syz4", "./cgroup") = 0 [pid 781] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu") = 0 [pid 781] symlink("/syzcgroup/net/syz4", "./cgroup.net") = 0 [pid 781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 781] write(3, "1000", 4) = 4 [pid 781] close(3) = 0 [pid 781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 781] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 781] mount(NULL, "./file0", "cgroup2", 0, NULL) = 0 [pid 781] open("./file0", O_RDONLY) = 3 [pid 781] openat(3, "cgroup.subtree_control", O_RDWR) = 4 [ 216.920427][ C0] list_add corruption. prev->next should be next (ffff8881f705c060), but was ffff888113123870. (prev=ffff888113123870). [ 216.933012][ C0] ------------[ cut here ]------------ [ 216.938468][ C0] kernel BUG at lib/list_debug.c:28! [ 216.943731][ C0] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 216.949772][ C0] CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 216.960935][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.970973][ C0] RIP: 0010:__list_add_valid+0xc6/0xd0 [ 216.976403][ C0] Code: 48 c7 c7 80 d3 43 85 4c 89 e6 4c 89 f1 31 c0 e8 9d 08 40 02 0f 0b 48 c7 c7 40 d4 43 85 4c 89 f6 4c 89 e1 31 c0 e8 87 08 40 02 <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 54 53 49 [ 216.995983][ C0] RSP: 0018:ffffc900000c77e0 EFLAGS: 00010046 [ 217.002025][ C0] RAX: 0000000000000075 RBX: ffff8881f705c068 RCX: 1dcf49864b76af00 [ 217.009972][ C0] RDX: 0000000080000101 RSI: 0000000080000101 RDI: 0000000000000000 [ 217.017916][ C0] RBP: ffffc900000c7808 R08: ffffffff8153aa88 R09: ffffed103ee0a5d8 [ 217.025876][ C0] R10: ffffed103ee0a5d8 R11: 1ffff1103ee0a5d7 R12: ffff888113123870 [ 217.033838][ C0] R13: dffffc0000000000 R14: ffff8881f705c060 R15: ffff888113123870 [ 217.041786][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 217.050692][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 217.057255][ C0] CR2: 00007fc8eceb3a43 CR3: 000000011d88f000 CR4: 00000000003506b0 [ 217.065217][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 217.073168][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 217.081117][ C0] Call Trace: [ 217.084385][ C0] insert_work+0x107/0x330 [ 217.088779][ C0] __queue_work+0x971/0xd30 [ 217.093263][ C0] queue_work_on+0xf2/0x150 [ 217.097739][ C0] ? wq_worker_last_func+0x50/0x50 [ 217.102827][ C0] ? __alloc_reserved_percpu+0x30/0x30 [ 217.108263][ C0] css_release+0xae/0xc0 [ 217.112480][ C0] percpu_ref_switch_to_atomic_rcu+0x5a2/0x5b0 [ 217.118616][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 217.124659][ C0] rcu_do_batch+0x4f8/0xbc0 [ 217.129140][ C0] ? local_bh_enable+0x20/0x20 [ 217.133879][ C0] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 217.139310][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 217.145090][ C0] ? rcu_report_qs_rnp+0x2e0/0x3b0 [ 217.150182][ C0] rcu_core+0x59b/0xe30 [ 217.154325][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 217.159524][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 217.164696][ C0] ? sched_clock+0x3a/0x40 [ 217.169088][ C0] ? sched_clock_cpu+0x1b/0x3b0 [ 217.173941][ C0] ? irqtime_account_irq+0x76/0x270 [ 217.179114][ C0] rcu_core_si+0x9/0x10 [ 217.183244][ C0] __do_softirq+0x27e/0x596 [ 217.187724][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 217.192894][ C0] run_ksoftirqd+0x23/0x30 [ 217.197286][ C0] smpboot_thread_fn+0x551/0x930 [ 217.202199][ C0] ? release_firmware_map_entry+0x195/0x195 [ 217.208068][ C0] ? cpu_report_death+0x1a0/0x1a0 [ 217.213066][ C0] ? schedule+0x162/0x1e0 [ 217.217368][ C0] ? __kasan_check_read+0x11/0x20 [ 217.222366][ C0] ? __kthread_parkme+0x194/0x1d0 [ 217.227363][ C0] kthread+0x349/0x3d0 [ 217.231409][ C0] ? cpu_report_death+0x1a0/0x1a0 [ 217.236407][ C0] ? kthread_blkcg+0xd0/0xd0 [ 217.240973][ C0] ret_from_fork+0x1f/0x30 [ 217.245359][ C0] Modules linked in: [ 217.249230][ C0] ---[ end trace d4de1ca9cdcd19af ]--- [ 217.254664][ C0] RIP: 0010:__list_add_valid+0xc6/0xd0 [ 217.260099][ C0] Code: 48 c7 c7 80 d3 43 85 4c 89 e6 4c 89 f1 31 c0 e8 9d 08 40 02 0f 0b 48 c7 c7 40 d4 43 85 4c 89 f6 4c 89 e1 31 c0 e8 87 08 40 02 <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 54 53 49 [ 217.279677][ C0] RSP: 0018:ffffc900000c77e0 EFLAGS: 00010046 [ 217.285718][ C0] RAX: 0000000000000075 RBX: ffff8881f705c068 RCX: 1dcf49864b76af00 [ 217.293667][ C0] RDX: 0000000080000101 RSI: 0000000080000101 RDI: 0000000000000000 [ 217.301616][ C0] RBP: ffffc900000c7808 R08: ffffffff8153aa88 R09: ffffed103ee0a5d8 [ 217.309569][ C0] R10: ffffed103ee0a5d8 R11: 1ffff1103ee0a5d7 R12: ffff888113123870 [ 217.317530][ C0] R13: dffffc0000000000 R14: ffff8881f705c060 R15: ffff888113123870 [ 217.325493][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 217.334484][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 217.341043][ C0] CR2: 00007fc8eceb3a43 CR3: 000000011d88f000 CR4: 00000000003506b0 [ 217.349000][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 217.356963][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 217.364935][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 217.372308][ C0] Kernel Offset: disabled [ 217.376616][ C0] Rebooting in 86400 seconds..