./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4026980493 <...> Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. execve("./syz-executor4026980493", ["./syz-executor4026980493"], 0x7ffcb804f200 /* 10 vars */) = 0 brk(NULL) = 0x55558495a000 brk(0x55558495ad00) = 0x55558495ad00 arch_prctl(ARCH_SET_FS, 0x55558495a380) = 0 set_tid_address(0x55558495a650) = 5067 set_robust_list(0x55558495a660, 24) = 0 rseq(0x55558495aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4026980493", 4096) = 28 getrandom("\x40\x46\x0d\x03\x2d\x01\x74\x63", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558495ad00 brk(0x55558497bd00) = 0x55558497bd00 brk(0x55558497c000) = 0x55558497c000 mprotect(0x7ffbc507d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 [ 73.794652][ T5067] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0 umount2("/syzcgroup/cpu", 0) = 0 [ 73.980485][ T5067] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb,memory") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5067}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558495a650) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] set_robust_list(0x55558495a660, 24) = 0 ./strace-static-x86_64: Process 5071 attached [pid 5067] <... clone resumed>, child_tidptr=0x55558495a650) = 5071 [pid 5071] set_robust_list(0x55558495a660, 24 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] getrandom( [pid 5071] mkdir("./syzkaller.opaEX7", 0700 [pid 5070] <... getrandom resumed>"\x22\xd6\x58\x9f\xa9\x26\xf5\xff", 8, GRND_NONBLOCK) = 8 [pid 5070] getrandom(./strace-static-x86_64: Process 5072 attached [pid 5067] <... clone resumed>, child_tidptr=0x55558495a650) = 5072 [pid 5071] <... mkdir resumed>) = 0 [pid 5070] <... getrandom resumed>"\x28\x7c\x86\x74\x4d\xe9\x78\x95", 8, GRND_NONBLOCK) = 8 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] set_robust_list(0x55558495a660, 24 [pid 5070] mkdir("./syzkaller.ABjaYG", 0700 [pid 5071] chmod("./syzkaller.opaEX7", 0777) = 0 [pid 5071] chdir("./syzkaller.opaEX7" [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... chdir resumed>) = 0 [pid 5071] unshare(CLONE_NEWPID./strace-static-x86_64: Process 5073 attached [pid 5072] mkdir("./syzkaller.e3dsCD", 0700 [pid 5071] <... unshare resumed>) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x55558495a650) = 5073 [pid 5073] set_robust_list(0x55558495a660, 24 [pid 5072] <... mkdir resumed>) = 0 [pid 5070] chmod("./syzkaller.ABjaYG", 0777 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] mkdir("./syzkaller.e0gh9G", 0700 [pid 5072] chmod("./syzkaller.e3dsCD", 0777 [pid 5070] <... chmod resumed>) = 0 [pid 5072] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5074 attached ./strace-static-x86_64: Process 5075 attached [pid 5073] <... mkdir resumed>) = 0 [pid 5070] chdir("./syzkaller.ABjaYG" [pid 5073] chmod("./syzkaller.e0gh9G", 0777 [pid 5067] <... clone resumed>, child_tidptr=0x55558495a650) = 5075 [pid 5072] chdir("./syzkaller.e3dsCD" [pid 5070] <... chdir resumed>) = 0 [pid 5074] set_robust_list(0x55558495a660, 24 [pid 5071] <... clone resumed>, child_tidptr=0x55558495a650) = 5074 [pid 5070] unshare(CLONE_NEWPID [pid 5075] set_robust_list(0x55558495a660, 24 [pid 5072] <... chdir resumed>) = 0 [pid 5073] <... chmod resumed>) = 0 [pid 5070] <... unshare resumed>) = 0 [pid 5073] chdir("./syzkaller.e0gh9G") = 0 [pid 5073] unshare(CLONE_NEWPID) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] unshare(CLONE_NEWPID [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5075] mkdir("./syzkaller.0rA7qh", 0700./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x55558495a660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55558495a650) = 5076 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5076] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5072] <... unshare resumed>) = 0 [pid 5076] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5074] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5075] <... mkdir resumed>) = 0 [pid 5077] set_robust_list(0x55558495a660, 24 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] chmod("./syzkaller.0rA7qh", 0777 [pid 5070] <... clone resumed>, child_tidptr=0x55558495a650) = 5077 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] <... prctl resumed>) = 0 [pid 5075] <... chmod resumed>) = 0 [pid 5077] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5076] setsid() = 1 [pid 5076] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5077] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] chdir("./syzkaller.0rA7qh" [pid 5074] <... prctl resumed>) = 0 [pid 5074] setsid(./strace-static-x86_64: Process 5078 attached [pid 5076] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5074] <... setsid resumed>) = 1 [pid 5075] <... chdir resumed>) = 0 [pid 5072] <... clone resumed>, child_tidptr=0x55558495a650) = 5078 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5075] unshare(CLONE_NEWPID [pid 5077] <... prctl resumed>) = 0 [pid 5076] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5075] <... unshare resumed>) = 0 [pid 5077] setsid( [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5077] <... setsid resumed>) = 1 [pid 5076] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5077] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5078] set_robust_list(0x55558495a660, 24 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5074] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, ./strace-static-x86_64: Process 5079 attached [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5076] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5079] set_robust_list(0x55558495a660, 24 [pid 5078] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x55558495a650) = 5079 [pid 5074] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5079] <... set_robust_list resumed>) = 0 [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5079] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 5077] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5076] <... prlimit64 resumed>NULL) = 0 [pid 5074] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5078] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5079] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 5077] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5076] unshare(CLONE_NEWNS [pid 5074] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5076] <... unshare resumed>) = 0 [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5078] <... prctl resumed>) = 0 [pid 5077] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5074] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5078] setsid( [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5077] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5079] <... prctl resumed>) = 0 [pid 5078] <... setsid resumed>) = 1 [pid 5076] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5074] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5079] setsid( [pid 5077] <... prlimit64 resumed>NULL) = 0 [pid 5074] <... prlimit64 resumed>NULL) = 0 [pid 5079] <... setsid resumed>) = 1 [pid 5078] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5076] <... mount resumed>) = 0 [pid 5074] unshare(CLONE_NEWNS [pid 5079] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5077] unshare(CLONE_NEWNS [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5076] unshare(CLONE_NEWIPC [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5078] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 5076] <... unshare resumed>) = 0 [pid 5074] <... unshare resumed>) = 0 [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5077] <... unshare resumed>) = 0 [pid 5079] <... prlimit64 resumed>NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5079] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5079] unshare(CLONE_NEWNS [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5077] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5076] unshare(CLONE_NEWCGROUP [pid 5074] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5079] <... unshare resumed>) = 0 [pid 5078] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 5077] <... mount resumed>) = 0 [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5079] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5078] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 5076] <... unshare resumed>) = 0 [pid 5079] unshare(CLONE_NEWIPC [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5077] unshare(CLONE_NEWIPC [pid 5076] unshare(CLONE_NEWUTS [pid 5074] <... mount resumed>) = 0 [pid 5078] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 5079] <... unshare resumed>) = 0 [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5079] unshare(CLONE_NEWCGROUP [pid 5078] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 5077] <... unshare resumed>) = 0 [pid 5076] <... unshare resumed>) = 0 [pid 5074] unshare(CLONE_NEWIPC [pid 5078] <... prlimit64 resumed>NULL) = 0 [pid 5079] <... unshare resumed>) = 0 [pid 5077] unshare(CLONE_NEWCGROUP [pid 5076] unshare(CLONE_SYSVSEM [pid 5074] <... unshare resumed>) = 0 [pid 5079] unshare(CLONE_NEWUTS [pid 5078] unshare(CLONE_NEWNS [pid 5077] <... unshare resumed>) = 0 [pid 5076] <... unshare resumed>) = 0 [pid 5079] <... unshare resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5074] unshare(CLONE_NEWCGROUP [pid 5079] unshare(CLONE_SYSVSEM) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5076] <... openat resumed>) = 3 [pid 5074] <... unshare resumed>) = 0 [pid 5077] unshare(CLONE_NEWUTS [pid 5074] unshare(CLONE_NEWUTS [pid 5077] <... unshare resumed>) = 0 [pid 5078] <... unshare resumed>) = 0 [pid 5077] unshare(CLONE_SYSVSEM [pid 5076] write(3, "16777216", 8 [pid 5074] <... unshare resumed>) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5078] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 5077] <... unshare resumed>) = 0 [pid 5079] write(3, "16777216", 8 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5076] <... write resumed>) = 8 [pid 5074] unshare(CLONE_SYSVSEM [pid 5078] <... mount resumed>) = 0 [pid 5076] close(3 [pid 5079] <... write resumed>) = 8 [pid 5079] close(3 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5074] <... unshare resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] unshare(CLONE_NEWIPC [pid 5079] write(3, "536870912", 9 [pid 5078] <... unshare resumed>) = 0 [pid 5077] write(3, "16777216", 8 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5078] unshare(CLONE_NEWCGROUP [pid 5079] <... write resumed>) = 9 [pid 5077] <... write resumed>) = 8 [pid 5076] <... openat resumed>) = 3 [pid 5079] close(3 [pid 5077] close(3 [pid 5079] <... close resumed>) = 0 [pid 5077] <... close resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] <... unshare resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5077] write(3, "536870912", 9 [pid 5079] write(3, "1024", 4 [pid 5078] unshare(CLONE_NEWUTS [pid 5077] <... write resumed>) = 9 [pid 5076] write(3, "536870912", 9 [pid 5074] <... openat resumed>) = 3 [pid 5079] <... write resumed>) = 4 [pid 5077] close(3 [pid 5076] <... write resumed>) = 9 [pid 5079] close(3 [pid 5077] <... close resumed>) = 0 [pid 5076] close(3 [pid 5079] <... close resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5076] <... close resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5077] <... openat resumed>) = 3 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] <... unshare resumed>) = 0 [pid 5074] write(3, "16777216", 8 [pid 5078] unshare(CLONE_SYSVSEM [pid 5074] <... write resumed>) = 8 [pid 5078] <... unshare resumed>) = 0 [pid 5079] write(3, "8192", 4 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 5077] write(3, "1024", 4 [pid 5076] <... openat resumed>) = 3 [pid 5074] close(3 [pid 5079] <... write resumed>) = 4 [pid 5077] <... write resumed>) = 4 [pid 5076] write(3, "1024", 4 [pid 5078] <... openat resumed>) = 3 [pid 5077] close(3 [pid 5074] <... close resumed>) = 0 [pid 5079] close(3 [pid 5077] <... close resumed>) = 0 [pid 5076] <... write resumed>) = 4 [pid 5079] <... close resumed>) = 0 [pid 5078] write(3, "16777216", 8 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5076] close(3 [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5078] <... write resumed>) = 8 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5078] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5078] <... close resumed>) = 0 [pid 5074] write(3, "536870912", 9 [pid 5077] write(3, "8192", 4 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5074] <... write resumed>) = 9 [pid 5079] write(3, "1024", 4 [pid 5077] <... write resumed>) = 4 [pid 5076] <... openat resumed>) = 3 [pid 5074] close(3 [pid 5079] <... write resumed>) = 4 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 5077] close(3 [pid 5076] write(3, "8192", 4 [pid 5079] close(3 [pid 5077] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5078] <... openat resumed>) = 3 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5076] <... write resumed>) = 4 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5078] write(3, "536870912", 9 [pid 5077] <... openat resumed>) = 3 [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5078] <... write resumed>) = 9 [pid 5079] <... openat resumed>) = 3 [pid 5078] close(3 [pid 5077] write(3, "1024", 4 [pid 5076] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5078] <... close resumed>) = 0 [pid 5076] <... close resumed>) = 0 [pid 5074] write(3, "1024", 4 [pid 5079] write(3, "1024", 4 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 5077] <... write resumed>) = 4 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5079] <... write resumed>) = 4 [pid 5078] <... openat resumed>) = 3 [pid 5076] <... openat resumed>) = 3 [pid 5074] <... write resumed>) = 4 [pid 5079] close(3 [pid 5077] close(3 [pid 5076] write(3, "1024", 4 [pid 5079] <... close resumed>) = 0 [pid 5077] <... close resumed>) = 0 [pid 5076] <... write resumed>) = 4 [pid 5079] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] write(3, "1024", 4 [pid 5076] close(3 [pid 5074] close(3 [pid 5079] write(3, "1024 1048576 500 1024", 21 [pid 5078] <... write resumed>) = 4 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5078] close(3 [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 5078] <... close resumed>) = 0 [pid 5074] <... openat resumed>) = 3 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] <... write resumed>) = 21 [pid 5077] write(3, "1024", 4 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5079] close(3 [pid 5077] <... write resumed>) = 4 [pid 5078] write(3, "8192", 4 [pid 5074] write(3, "8192", 4 [pid 5079] <... close resumed>) = 0 [pid 5078] <... write resumed>) = 4 [pid 5077] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5074] <... write resumed>) = 4 [pid 5079] getpid( [pid 5078] close(3 [pid 5077] <... close resumed>) = 0 [pid 5076] write(3, "1024", 4 [pid 5074] close(3 [pid 5079] <... getpid resumed>) = 1 [pid 5078] <... close resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5076] <... write resumed>) = 4 [pid 5074] <... close resumed>) = 0 [pid 5079] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5077] <... openat resumed>) = 3 [pid 5076] close(3 [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 5079] <... capget resumed>{effective=1< [pid 5076] <... close resumed>) = 0 [pid 5079] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5078] <... openat resumed>) = 3 [pid 5077] <... write resumed>) = 21 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5074] <... openat resumed>) = 3 [pid 5079] <... capset resumed>) = 0 [pid 5077] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5079] unshare(CLONE_NEWNET [pid 5077] <... close resumed>) = 0 [pid 5076] write(3, "1024 1048576 500 1024", 21 [pid 5078] write(3, "1024", 4 [pid 5077] getpid( [pid 5074] write(3, "1024", 4 [pid 5077] <... getpid resumed>) = 1 [pid 5076] <... write resumed>) = 21 [pid 5077] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5078] <... write resumed>) = 4 [pid 5076] close(3 [pid 5077] <... capget resumed>{effective=1<) = 4 [pid 5078] close(3 [pid 5077] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5076] <... close resumed>) = 0 [pid 5074] close(3 [pid 5078] <... close resumed>) = 0 [pid 5077] <... capset resumed>) = 0 [pid 5076] getpid( [pid 5074] <... close resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5077] unshare(CLONE_NEWNET [pid 5076] <... getpid resumed>) = 1 [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 5078] <... openat resumed>) = 3 [pid 5076] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5074] <... openat resumed>) = 3 [pid 5078] write(3, "1024", 4 [pid 5074] write(3, "1024", 4 [pid 5076] <... capget resumed>{effective=1<) = 4 [pid 5074] <... write resumed>) = 4 [pid 5078] close(3 [pid 5074] close(3 [pid 5078] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5074] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 5078] <... openat resumed>) = 3 [pid 5074] <... openat resumed>) = 3 [pid 5078] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5074] write(3, "1024 1048576 500 1024", 21 [pid 5078] close(3 [pid 5076] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5074] <... write resumed>) = 21 [pid 5076] <... capset resumed>) = 0 [pid 5078] <... close resumed>) = 0 [pid 5076] unshare(CLONE_NEWNET [pid 5074] close(3) = 0 [pid 5078] getpid() = 1 [pid 5074] getpid( [pid 5078] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5074] <... getpid resumed>) = 1 [pid 5074] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 5078] <... capget resumed>{effective=1<{effective=1< [pid 5074] unshare(CLONE_NEWNET [pid 5079] <... unshare resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "0 65535", 7) = 7 [pid 5079] close(3) = 0 [pid 5079] mkdir("/dev/binderfs", 0777) = 0 [pid 5079] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5077] <... unshare resumed>) = 0 [pid 5079] <... mount resumed>) = 0 [pid 5079] getpid( [pid 5077] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5079] <... getpid resumed>) = 1 [pid 5079] mkdir("/syzcgroup/unified/syz4", 0777 [pid 5077] <... openat resumed>) = 3 [pid 5077] write(3, "0 65535", 7 [pid 5078] <... unshare resumed>) = 0 [pid 5077] <... write resumed>) = 7 [pid 5077] close(3) = 0 [pid 5077] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 5077] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5077] getpid() = 1 [pid 5077] mkdir("/syzcgroup/unified/syz0", 0777 [pid 5078] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5077] <... mkdir resumed>) = 0 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] <... openat resumed>) = 3 [pid 5076] <... unshare resumed>) = 0 [pid 5078] write(3, "0 65535", 7 [pid 5079] openat(AT_FDCWD, "/syzcgroup/unified/syz4/pids.max", O_WRONLY|O_CLOEXEC [pid 5078] <... write resumed>) = 7 [pid 5077] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC [pid 5076] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5078] close(3 [pid 5079] <... openat resumed>) = 3 [pid 5078] <... close resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... openat resumed>) = 3 [pid 5078] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 5077] write(3, "32", 2) = 2 [pid 5077] close(3 [pid 5078] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5077] <... close resumed>) = 0 [pid 5076] write(3, "0 65535", 7 [pid 5077] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5079] write(3, "32", 2 [pid 5078] <... mount resumed>) = 0 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... write resumed>) = 7 [pid 5078] getpid( [pid 5076] close(3 [pid 5078] <... getpid resumed>) = 1 [pid 5076] <... close resumed>) = 0 [pid 5079] <... write resumed>) = 2 [pid 5078] mkdir("/syzcgroup/unified/syz2", 0777 [pid 5076] mkdir("/dev/binderfs", 0777 [pid 5079] close(3 [pid 5077] write(3, "1", 1 [pid 5079] <... close resumed>) = 0 [pid 5076] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5079] openat(AT_FDCWD, "/syzcgroup/unified/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5079] write(3, "1", 1 [pid 5076] <... mount resumed>) = 0 [pid 5076] getpid( [pid 5077] <... write resumed>) = 1 [pid 5079] <... write resumed>) = 1 [pid 5078] <... mkdir resumed>) = 0 [pid 5076] <... getpid resumed>) = 1 [pid 5074] <... unshare resumed>) = 0 [pid 5079] close(3 [pid 5078] openat(AT_FDCWD, "/syzcgroup/unified/syz2/pids.max", O_WRONLY|O_CLOEXEC [pid 5077] close(3 [pid 5074] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 5076] mkdir("/syzcgroup/unified/syz3", 0777 [pid 5079] <... close resumed>) = 0 [pid 5077] <... close resumed>) = 0 [pid 5074] <... openat resumed>) = 3 [pid 5077] mkdir("/syzcgroup/cpu/syz0", 0777 [pid 5078] <... openat resumed>) = 3 [pid 5076] <... mkdir resumed>) = 0 [pid 5078] write(3, "32", 2 [pid 5079] mkdir("/syzcgroup/cpu/syz4", 0777 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz3/pids.max", O_WRONLY|O_CLOEXEC [pid 5074] write(3, "0 65535", 7 [pid 5078] <... write resumed>) = 2 [pid 5078] close(3) = 0 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/syzcgroup/unified/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5077] <... mkdir resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5074] <... write resumed>) = 7 [pid 5076] write(3, "32", 2 [pid 5077] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5079] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5078] <... openat resumed>) = 3 [pid 5076] <... write resumed>) = 2 [pid 5074] close(3 [pid 5079] <... openat resumed>) = 3 [pid 5077] <... openat resumed>) = 3 [pid 5074] <... close resumed>) = 0 [pid 5074] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 5078] write(3, "1", 1 [pid 5074] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 5079] write(3, "1", 1 [pid 5077] write(3, "1", 1 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5074] <... mount resumed>) = 0 [pid 5078] <... write resumed>) = 1 [pid 5077] <... write resumed>) = 1 [pid 5079] <... write resumed>) = 1 [pid 5078] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5074] getpid( [pid 5078] <... close resumed>) = 0 [pid 5076] write(3, "1", 1 [pid 5079] close(3 [pid 5078] mkdir("/syzcgroup/cpu/syz2", 0777 [pid 5074] <... getpid resumed>) = 1 [pid 5079] <... close resumed>) = 0 [pid 5074] mkdir("/syzcgroup/unified/syz1", 0777 [pid 5077] close(3) = 0 [pid 5076] <... write resumed>) = 1 [pid 5077] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5076] close(3 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5074] <... mkdir resumed>) = 0 [pid 5076] mkdir("/syzcgroup/cpu/syz3", 0777 [pid 5079] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5078] <... mkdir resumed>) = 0 [pid 5077] write(3, "313524224", 9 [pid 5074] openat(AT_FDCWD, "/syzcgroup/unified/syz1/pids.max", O_WRONLY|O_CLOEXEC [pid 5077] <... write resumed>) = 9 [pid 5078] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5077] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5079] <... openat resumed>) = 3 [pid 5077] <... close resumed>) = 0 [pid 5074] write(3, "32", 2 [pid 5077] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5074] <... write resumed>) = 2 [pid 5079] write(3, "313524224", 9 [pid 5077] <... openat resumed>) = 3 [pid 5074] close(3 [pid 5079] <... write resumed>) = 9 [pid 5074] <... close resumed>) = 0 [pid 5079] close(3 [pid 5078] <... openat resumed>) = 3 [pid 5077] write(3, "314572800", 9 [pid 5076] <... mkdir resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/syzcgroup/unified/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5079] <... close resumed>) = 0 [pid 5074] <... openat resumed>) = 3 [pid 5078] write(3, "1", 1 [pid 5077] <... write resumed>) = 9 [pid 5079] openat(AT_FDCWD, "/syzcgroup/cpu/syz4/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5076] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] <... write resumed>) = 1 [pid 5077] close(3 [pid 5074] write(3, "1", 1 [pid 5078] close(3 [pid 5076] <... openat resumed>) = 3 [pid 5079] write(3, "314572800", 9 [pid 5078] <... close resumed>) = 0 [pid 5077] <... close resumed>) = 0 [pid 5076] write(3, "1", 1 [pid 5074] <... write resumed>) = 1 [pid 5079] <... write resumed>) = 9 [pid 5078] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5077] mkdir("/syzcgroup/net/syz0", 0777 [pid 5076] <... write resumed>) = 1 [pid 5074] close(3 [pid 5079] close(3 [pid 5078] <... openat resumed>) = 3 [pid 5074] <... close resumed>) = 0 [pid 5074] mkdir("/syzcgroup/cpu/syz1", 0777 [pid 5078] write(3, "313524224", 9 [pid 5077] <... mkdir resumed>) = 0 [pid 5078] <... write resumed>) = 9 [pid 5078] close(3) = 0 [pid 5078] openat(AT_FDCWD, "/syzcgroup/cpu/syz2/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "314572800", 9) = 9 [pid 5079] <... close resumed>) = 0 [pid 5078] close(3 [pid 5077] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5076] close(3 [pid 5078] <... close resumed>) = 0 [pid 5079] mkdir("/syzcgroup/net/syz4", 0777 [pid 5077] <... openat resumed>) = 3 [pid 5076] <... close resumed>) = 0 [pid 5078] mkdir("/syzcgroup/net/syz2", 0777 [pid 5076] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5077] write(3, "1", 1) = 1 [pid 5076] <... openat resumed>) = 3 [pid 5077] close(3 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] <... mkdir resumed>) = 0 [pid 5076] write(3, "313524224", 9 [pid 5074] <... mkdir resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/syzcgroup/net/syz4/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5078] openat(AT_FDCWD, "/syzcgroup/net/syz2/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5077] <... close resumed>) = 0 [pid 5077] mkdir("./0", 0777 [pid 5076] <... write resumed>) = 9 [pid 5074] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5079] <... openat resumed>) = 3 [pid 5078] <... openat resumed>) = 3 [pid 5077] <... mkdir resumed>) = 0 [pid 5076] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5079] write(3, "1", 1 [pid 5078] write(3, "1", 1 [pid 5076] <... close resumed>) = 0 [pid 5079] <... write resumed>) = 1 [pid 5076] openat(AT_FDCWD, "/syzcgroup/cpu/syz3/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5079] close(3 [pid 5078] <... write resumed>) = 1 [pid 5076] <... openat resumed>) = 3 [pid 5079] <... close resumed>) = 0 [pid 5078] close(3 [pid 5079] mkdir("./0", 0777 [pid 5078] <... close resumed>) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] write(3, "1", 1 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] mkdir("./0", 0777 [pid 5076] write(3, "314572800", 9 [pid 5074] <... write resumed>) = 1 ./strace-static-x86_64: Process 5085 attached [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] <... write resumed>) = 9 [pid 5074] close(3 [pid 5085] set_robust_list(0x55558495a660, 24 [pid 5078] <... mkdir resumed>) = 0 [pid 5077] <... clone resumed>, child_tidptr=0x55558495a650) = 2 [pid 5074] <... close resumed>) = 0 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5076] close(3 [pid 5074] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5085] <... set_robust_list resumed>) = 0 [pid 5076] <... close resumed>) = 0 ./strace-static-x86_64: Process 5086 attached [pid 5085] chdir("./0" [pid 5076] mkdir("/syzcgroup/net/syz3", 0777 [pid 5074] <... openat resumed>) = 3 [pid 5085] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5087 attached [pid 5086] set_robust_list(0x55558495a660, 24 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... clone resumed>, child_tidptr=0x55558495a650) = 2 [pid 5076] <... mkdir resumed>) = 0 [pid 5074] write(3, "313524224", 9 [pid 5087] set_robust_list(0x55558495a660, 24 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] <... prctl resumed>) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55558495a650) = 2 [pid 5085] setpgid(0, 0 [pid 5074] <... write resumed>) = 9 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5074] close(3 [pid 5086] chdir("./0" [pid 5085] <... setpgid resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/net/syz3/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5087] chdir("./0" [pid 5086] <... chdir resumed>) = 0 [pid 5085] symlink("/syzcgroup/unified/syz0", "./cgroup" [pid 5074] <... close resumed>) = 0 [pid 5087] <... chdir resumed>) = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5074] openat(AT_FDCWD, "/syzcgroup/cpu/syz1/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC [pid 5087] <... prctl resumed>) = 0 [pid 5086] <... prctl resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5087] setpgid(0, 0 [pid 5085] <... symlink resumed>) = 0 [pid 5087] <... setpgid resumed>) = 0 [pid 5086] setpgid(0, 0 [pid 5085] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu" [pid 5076] write(3, "1", 1 [pid 5074] <... openat resumed>) = 3 [pid 5085] <... symlink resumed>) = 0 [pid 5087] symlink("/syzcgroup/unified/syz2", "./cgroup" [pid 5086] <... setpgid resumed>) = 0 [pid 5085] symlink("/syzcgroup/net/syz0", "./cgroup.net" [pid 5074] write(3, "314572800", 9 [pid 5087] <... symlink resumed>) = 0 [pid 5086] symlink("/syzcgroup/unified/syz4", "./cgroup" [pid 5085] <... symlink resumed>) = 0 [pid 5076] <... write resumed>) = 1 [pid 5074] <... write resumed>) = 9 [pid 5087] symlink("/syzcgroup/cpu/syz2", "./cgroup.cpu" [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5076] close(3 [pid 5086] <... symlink resumed>) = 0 [pid 5074] close(3 [pid 5087] <... symlink resumed>) = 0 [pid 5087] symlink("/syzcgroup/net/syz2", "./cgroup.net" [pid 5085] <... openat resumed>) = 3 [pid 5087] <... symlink resumed>) = 0 [pid 5086] symlink("/syzcgroup/cpu/syz4", "./cgroup.cpu" [pid 5076] <... close resumed>) = 0 [pid 5074] <... close resumed>) = 0 [pid 5086] <... symlink resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] mkdir("/syzcgroup/net/syz1", 0777 [pid 5087] <... openat resumed>) = 3 [pid 5086] symlink("/syzcgroup/net/syz4", "./cgroup.net" [pid 5085] write(3, "1000", 4 [pid 5076] mkdir("./0", 0777 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] <... mkdir resumed>) = 0 [pid 5087] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=11, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5076] <... mkdir resumed>) = 0 [pid 5087] <... bpf resumed>) = 3 [pid 5086] <... symlink resumed>) = 0 [pid 5085] <... write resumed>) = 4 [pid 5087] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] close(3 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] openat(AT_FDCWD, "/syzcgroup/net/syz1/cgroup.procs", O_WRONLY|O_CLOEXEC [pid 5087] <... bpf resumed>) = 4 [pid 5086] <... openat resumed>) = 3 [pid 5085] <... close resumed>) = 0 [pid 5086] write(3, "1000", 4 [pid 5085] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5088 attached [pid 5087] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 5086] <... write resumed>) = 4 [pid 5085] <... symlink resumed>) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x55558495a650) = 2 [pid 5074] <... openat resumed>) = 3 [pid 5086] close(3 [pid 5085] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=11, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5074] write(3, "1", 1 [pid 5088] set_robust_list(0x55558495a660, 24 [pid 5086] <... close resumed>) = 0 [pid 5085] <... bpf resumed>) = 3 [pid 5074] <... write resumed>) = 1 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5087] <... bpf resumed>) = 5 [pid 5086] symlink("/dev/binderfs", "./binderfs" [pid 5085] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5088] chdir("./0" [pid 5087] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 5086] <... symlink resumed>) = 0 [pid 5074] close(3 [pid 5088] <... chdir resumed>) = 0 [pid 5085] <... bpf resumed>) = 4 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5087] <... socket resumed>) = 6 [pid 5086] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKHASH, key_size=4, value_size=8, max_entries=11, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5085] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 5074] <... close resumed>) = 0 [pid 5088] <... prctl resumed>) = 0 [pid 5087] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5086] <... bpf resumed>) = 3 [pid 5088] setpgid(0, 0 [pid 5086] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x20000280, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 5085] <... bpf resumed>) = 5 [pid 5074] mkdir("./0", 0777 [pid 5086] <... bpf resumed>) = 4 [ 74.940232][ T5087] ------------[ cut here ]------------ [ 74.943017][ T5085] [ 74.945981][ T5087] WARNING: CPU: 1 PID: 5087 at kernel/softirq.c:362 __local_bh_enable_ip+0x1be/0x200 [ 74.948311][ T5085] ================================ [ 74.948319][ T5085] WARNING: inconsistent lock state [ 74.957780][ T5087] Modules linked in: [ 74.962873][ T5085] 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Not tainted [ 74.967964][ T5087] CPU: 1 PID: 5087 Comm: syz-executor402 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 74.971841][ T5085] -------------------------------- [ 74.971848][ T5085] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 74.978496][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 74.988534][ T5085] syz-executor402/5085 [HC0[0]:SC0[0]:HE0:SE1] takes: [ 74.993715][ T5087] RIP: 0010:__local_bh_enable_ip+0x1be/0x200 [ 75.000543][ T5085] ffff8880776754f8 [ 75.010585][ T5087] Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 9c e1 86 8f 80 e1 07 80 c1 03 38 [ 75.017327][ T5085] (&xa->xa_lock [ 75.023285][ T5087] RSP: 0018:ffffc90003a8e4e0 EFLAGS: 00010046 [ 75.026988][ T5085] #9){+.?.}-{2:2} [ 75.046580][ T5087] [ 75.046587][ T5087] RAX: 0000000000000000 RBX: 1ffff92000751ca0 RCX: 0000000000000001 [ 75.050111][ T5085] , at: __filemap_add_folio+0x9a0/0x1ad0 [ 75.056162][ T5087] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff895fc7a6 [ 75.059791][ T5085] {IN-SOFTIRQ-W} state was registered at: [ 75.062116][ T5087] RBP: ffffc90003a8e5a0 R08: ffff88807444e24b R09: 1ffff1100e889c49 [ 75.070081][ T5085] lock_acquire+0x1e4/0x530 [ 75.075699][ T5087] R10: dffffc0000000000 R11: ffffed100e889c4a R12: dffffc0000000000 [ 75.083661][ T5085] _raw_spin_lock_irqsave+0xd5/0x120 [ 75.089362][ T5087] R13: 0000000000000004 R14: ffffc90003a8e520 R15: 0000000000000201 [ 75.097319][ T5085] __folio_end_writeback+0x203/0xdc0 [ 75.101902][ T5087] FS: 000055558495a380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 75.109858][ T5085] folio_end_writeback+0x1f7/0x6f0 [ 75.115659][ T5087] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.123614][ T5085] end_bio_bh_io_sync+0xbf/0x120 [ 75.128970][ T5087] CR2: ffffffffffec0000 CR3: 0000000074fea000 CR4: 00000000003506f0 [ 75.137915][ T5085] blk_update_request+0x55d/0x1050 [ 75.143135][ T5087] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.149718][ T5085] scsi_end_request+0x88/0x8c0 [ 75.154737][ T5087] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.162690][ T5085] scsi_io_completion+0x1bd/0x430 [ 75.167878][ T5087] Call Trace: [ 75.167890][ T5087] [ 75.175847][ T5085] blk_done_softirq+0x100/0x150 [ 75.180687][ T5087] ? __warn+0x163/0x4b0 [ 75.188639][ T5085] __do_softirq+0x2bc/0x943 [ 75.193735][ T5087] ? __local_bh_enable_ip+0x1be/0x200 [ 75.197005][ T5085] __irq_exit_rcu+0xf2/0x1c0 [ 75.199932][ T5087] ? report_bug+0x2b3/0x500 [ 75.204850][ T5085] irq_exit_rcu+0x9/0x30 [ 75.208992][ T5087] ? __local_bh_enable_ip+0x1be/0x200 [ 75.213563][ T5085] common_interrupt+0xaa/0xd0 [ 75.218919][ T5087] ? handle_bug+0x3e/0x70 [ 75.223574][ T5085] asm_common_interrupt+0x26/0x40 [ 75.228062][ T5087] ? exc_invalid_op+0x1a/0x50 [ 75.232372][ T5085] unwind_next_frame+0x1d89/0x2a00 [ 75.237724][ T5087] ? asm_exc_invalid_op+0x1a/0x20 [ 75.242464][ T5085] arch_stack_walk+0x151/0x1b0 [ 75.246785][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 75.251870][ T5085] stack_trace_save+0x118/0x1d0 [ 75.256531][ T5087] ? __local_bh_enable_ip+0x1be/0x200 [ 75.261708][ T5085] kasan_save_track+0x3f/0x80 [ 75.266721][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 75.271551][ T5085] kasan_save_free_info+0x40/0x50 [ 75.276990][ T5087] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 75.281904][ T5085] poison_slab_object+0xa6/0xe0 [ 75.287265][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 75.292010][ T5085] __kasan_slab_free+0x37/0x60 [ 75.297447][ T5087] ? do_raw_spin_unlock+0x13c/0x8b0 [ 75.302535][ T5085] kmem_cache_free+0x102/0x2a0 [ 75.308239][ T5087] ? sock_hash_delete_elem+0xb0/0x300 [ 75.308263][ T5087] sock_hash_delete_elem+0x1a6/0x300 [ 75.308287][ T5087] ? bpf_probe_read_compat+0x15d/0x180 [ 75.313194][ T5085] mas_destroy+0x1a25/0x20b0 [ 75.318636][ T5087] bpf_prog_9dc0996bccb7470f+0x68/0x6c [ 75.323467][ T5085] mas_store_prealloc+0x2db/0x5f0 [ 75.328652][ T5087] bpf_trace_run2+0x204/0x420 [ 75.333476][ T5085] vma_complete+0x21c/0xb90 [ 75.338838][ T5087] ? bpf_trace_run2+0x114/0x420 [ 75.344274][ T5085] __split_vma+0xb7b/0xd00 [ 75.349738][ T5087] ? __pfx_bpf_trace_run2+0x10/0x10 [ 75.354394][ T5085] vma_modify+0x331/0x410 [ 75.359835][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 75.364923][ T5085] mprotect_fixup+0x4a6/0xb80 [ 75.369582][ T5087] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.374163][ T5085] do_mprotect_pkey+0x903/0xe20 [ 75.378997][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 75.383476][ T5085] __x64_sys_mprotect+0x80/0x90 [ 75.388656][ T5087] __traceiter_kfree+0x2b/0x50 [ 75.393053][ T5085] do_syscall_64+0xfb/0x240 [ 75.398414][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 75.403159][ T5085] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.409032][ T5087] kfree+0x291/0x380 [ 75.413948][ T5085] irq event stamp: 2704 [ 75.413957][ T5085] hardirqs last enabled at (2701): [] mem_cgroup_commit_charge+0x21e/0x380 [ 75.419311][ T5087] memcg_list_lru_alloc+0xbf1/0xd20 [ 75.424226][ T5085] hardirqs last disabled at (2702): [] _raw_spin_lock_irq+0xad/0x120 [ 75.428982][ T5087] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 75.433542][ T5085] softirqs last enabled at (2704): [] sock_hash_delete_elem+0x1a6/0x300 [ 75.438911][ T5087] __memcg_slab_pre_alloc_hook+0x254/0x2b0 [ 75.444862][ T5085] softirqs last disabled at (2703): [] sock_hash_delete_elem+0xb0/0x300 [ 75.448747][ T5087] ? xas_create+0x71e/0x16b0 [ 75.452884][ T5085] [ 75.452884][ T5085] other info that might help us debug this: [ 75.452892][ T5085] Possible unsafe locking scenario: [ 75.452892][ T5085] [ 75.463094][ T5087] kmem_cache_alloc_lru+0x207/0x350 [ 75.468272][ T5085] CPU0 [ 75.468277][ T5085] ---- [ 75.477880][ T5087] xas_create+0x71e/0x16b0 [ 75.483571][ T5085] lock(&xa->xa_lock [ 75.493564][ T5087] xas_store+0xa3/0x1980 [ 75.499338][ T5085] #9); [ 75.509207][ T5087] ? xas_find_conflict+0x7c8/0x8a0 [ 75.513777][ T5085] [ 75.513783][ T5085] lock( [ 75.521818][ T5087] ? percpu_ref_put+0x19/0x180 [ 75.529252][ T5085] &xa->xa_lock [ 75.534434][ T5087] __filemap_add_folio+0xbe2/0x1ad0 [ 75.537695][ T5085] #9); [ 75.540978][ T5087] ? __pfx___filemap_add_folio+0x10/0x10 [ 75.545362][ T5085] [ 75.545362][ T5085] *** DEADLOCK *** [ 75.545362][ T5085] [ 75.545368][ T5085] 4 locks held by syz-executor402/5085: [ 75.549333][ T5087] ? __pfx_workingset_update_node+0x10/0x10 [ 75.553552][ T5085] #0: ffff88802d856420 [ 75.556213][ T5087] ? folio_alloc+0x1b5/0x330 [ 75.561307][ T5085] (sb_writers [ 75.564753][ T5087] ? filemap_alloc_folio+0xdf/0x500 [ 75.567850][ T5085] #4){.+.+}-{0:0} [ 75.572604][ T5087] filemap_add_folio+0x11e/0x570 [ 75.575958][ T5085] , at: do_coredump+0x1b79/0x2b50 [ 75.581143][ T5087] ? __pfx_filemap_add_folio+0x10/0x10 [ 75.583806][ T5085] #1: ffff888077675400 [ 75.589419][ T5087] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 75.597545][ T5085] (&sb->s_type->i_mutex_key [ 75.603071][ T5087] __filemap_get_folio+0x4cd/0xbc0 [ 75.608958][ T5085] #8){++++}-{3:3} [ 75.613103][ T5087] ext4_da_write_begin+0x5b9/0xa50 [ 75.617669][ T5085] , at: ext4_buffered_write_iter+0x97/0x350 [ 75.621036][ T5087] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 75.626230][ T5085] #2: ffff8880776754f8 [ 75.629851][ T5087] ? fault_in_iov_iter_readable+0x236/0x280 [ 75.634786][ T5085] (&xa->xa_lock [ 75.639796][ T5087] generic_perform_write+0x322/0x640 [ 75.645231][ T5085] #9){+.?.}-{2:2} [ 75.649368][ T5087] ? generic_write_checks_count+0x3f5/0x510 [ 75.655331][ T5085] , at: __filemap_add_folio+0x9a0/0x1ad0 [ 75.659911][ T5087] ? __pfx_generic_perform_write+0x10/0x10 [ 75.664994][ T5085] #3: ffffffff8e131920 [ 75.668616][ T5087] ? ext4_write_checks+0x256/0x2c0 [ 75.673702][ T5085] (rcu_read_lock [ 75.679577][ T5087] ext4_buffered_write_iter+0xc6/0x350 [ 75.685187][ T5085] ){....}-{1:2} [ 75.689344][ T5087] ext4_file_write_iter+0x1de/0x1a10 [ 75.695216][ T5085] , at: bpf_trace_run2+0x114/0x420 [ 75.698764][ T5087] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 75.704011][ T5085] [ 75.704011][ T5085] stack backtrace: [ 75.704020][ T5085] CPU: 0 PID: 5085 Comm: syz-executor402 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 75.707633][ T5087] ? __pfx_lock_acquire+0x10/0x10 [ 75.713500][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 75.719129][ T5087] __kernel_write_iter+0x435/0x8c0 [ 75.724909][ T5085] Call Trace: [ 75.724919][ T5085] [ 75.729051][ T5087] ? __pfx___kernel_write_iter+0x10/0x10 [ 75.734142][ T5085] dump_stack_lvl+0x1e7/0x2e0 [ 75.737767][ T5087] ? generic_file_llseek_size+0x34c/0x3b0 [ 75.743207][ T5085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.746650][ T5087] ? __dump_skip+0x1a4/0x260 [ 75.751915][ T5085] ? print_usage_bug+0x61a/0x8a0 [ 75.756998][ T5087] ? iov_iter_bvec+0x4e/0x180 [ 75.762700][ T5085] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.768575][ T5087] dump_user_range+0x4e0/0x950 [ 75.778614][ T5085] valid_state+0x13a/0x1c0 [ 75.783628][ T5087] ? __pfx_dump_user_range+0x10/0x10 [ 75.793662][ T5085] mark_lock_irq+0xbb/0xc20 [ 75.798752][ T5087] ? writenote+0x250/0x3b0 [ 75.802023][ T5085] ? __pfx_mark_lock_irq+0x10/0x10 [ 75.804943][ T5087] ? kmalloc_trace+0x1d9/0x360 [ 75.810552][ T5085] ? stack_trace_save+0x118/0x1d0 [ 75.815214][ T5087] ? elf_core_dump+0x2e02/0x4630 [ 75.820913][ T5085] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.826095][ T5087] ? dump_emit+0x99/0xd0 [ 75.830672][ T5085] ? __pfx_stack_trace_save+0x10/0x10 [ 75.835619][ T5087] elf_core_dump+0x3d5e/0x4630 [ 75.840281][ T5085] ? lockdep_lock+0x123/0x2b0 [ 75.846440][ T5087] ? __pfx_elf_core_dump+0x10/0x10 [ 75.851170][ T5085] ? save_trace+0x749/0xb40 [ 75.855572][ T5087] ? mark_lock+0x9a/0x350 [ 75.860833][ T5085] ? __pfx_lockdep_unlock+0x10/0x10 [ 75.865317][ T5087] ? mas_next_slot+0xeb2/0xf90 [ 75.869711][ T5085] ? find_bug+0xa3/0x390 [ 75.874816][ T5087] ? __lock_acquire+0x1346/0x1fd0 [ 75.879566][ T5085] mark_lock+0x223/0x350 [ 75.884608][ T5087] ? rcu_read_lock_any_held+0xb7/0x160 [ 75.889501][ T5085] lockdep_hardirqs_on_prepare+0x3a5/0x780 [ 75.895638][ T5087] ? 0xffffffffff600000 [ 75.899960][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 75.905311][ T5087] ? getname_kernel+0x140/0x2f0 [ 75.910059][ T5085] ? rcu_is_watching+0x15/0xb0 [ 75.914722][ T5087] do_coredump+0x1bab/0x2b50 [ 75.919812][ T5085] trace_hardirqs_on+0x28/0x40 [ 75.924325][ T5087] ? __pfx_do_coredump+0x10/0x10 [ 75.928614][ T5085] __local_bh_enable_ip+0x168/0x200 [ 75.933819][ T5087] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.938545][ T5085] ? sock_hash_delete_elem+0x1a6/0x300 [ 75.942766][ T5087] ? lockdep_hardirqs_on+0x99/0x150 [ 75.947775][ T5085] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 75.952005][ T5087] get_signal+0x146b/0x1850 [ 75.957444][ T5085] ? sock_hash_delete_elem+0x1a6/0x300 [ 75.963244][ T5087] ? __pfx_get_signal+0x10/0x10 [ 75.967368][ T5085] ? do_raw_spin_unlock+0x13c/0x8b0 [ 75.973679][ T5087] ? __pfx_force_sig_fault+0x10/0x10 [ 75.978513][ T5085] ? sock_hash_delete_elem+0xb0/0x300 [ 75.983260][ T5087] arch_do_signal_or_restart+0x96/0x860 [ 75.987828][ T5085] sock_hash_delete_elem+0x1a6/0x300 [ 75.992596][ T5087] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 75.997515][ T5085] ? bpf_probe_read_compat+0x15d/0x180 [ 76.002701][ T5087] ? irqentry_exit_to_user_mode+0x53/0x270 [ 76.007874][ T5085] bpf_prog_9dc0996bccb7470f+0x68/0x6c [ 76.013311][ T5087] irqentry_exit_to_user_mode+0x79/0x270 [ 76.018494][ T5085] bpf_trace_run2+0x204/0x420 [ 76.024208][ T5087] exc_page_fault+0x585/0x890 [ 76.028694][ T5085] ? bpf_trace_run2+0x114/0x420 [ 76.034142][ T5087] asm_exc_page_fault+0x26/0x30 [ 76.039005][ T5085] ? __pfx_bpf_trace_run2+0x10/0x10 [ 76.044194][ T5087] RIP: 0033:0x7ffbc5000861 [ 76.049463][ T5085] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 76.054817][ T5087] Code: 00 0f 1f 84 00 00 00 00 00 48 85 f6 74 37 49 89 f0 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 5f 02 00 00 fd 74 0f c5 fd d7 c1 48 83 fe 20 76 11 85 c0 74 6d f3 0f bc c0 [ 76.060342][ T5085] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.065606][ T5087] RSP: 002b:00007fff75ed81b8 EFLAGS: 00010283 [ 76.071739][ T5085] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 76.077177][ T5087] [ 76.077184][ T5087] RAX: 0000000000000000 RBX: 00007fff75ed8264 RCX: 0000000000000000 [ 76.082984][ T5085] __traceiter_kfree+0x2b/0x50 [ 76.088434][ T5087] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000 [ 76.094054][ T5085] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 76.098711][ T5087] RBP: 00007fff75ed8200 R08: 000000000000000f R09: 0000000000000000 [ 76.103372][ T5085] kfree+0x291/0x380 [ 76.108206][ T5087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 76.108222][ T5087] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.113086][ T5085] memcg_list_lru_alloc+0xbf1/0xd20 [ 76.118297][ T5087] [ 76.122717][ T5085] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 76.128068][ T5087] Kernel panic - not syncing: kernel: panic_on_warn set ... [pid 5085] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 5088] <... setpgid resumed>) = 0 [pid 5085] <... socket resumed>) = 6 [pid 5074] <... mkdir resumed>) = 0 [pid 5085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5086] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=4}}, 16 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... bpf resumed>) = 5 [pid 5086] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC [pid 5074] <... clone resumed>, child_tidptr=0x55558495a650) = 2 [pid 5086] <... socket resumed>) = 6 [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5086] +++ killed by SIGSEGV (core dumped) +++ [pid 5079] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=2, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5079] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5079] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5079] getdents64(3, 0x55558495b6f0 /* 7 entries */, 32768) = 200 [pid 5079] umount2("./0/core", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] newfstatat(AT_FDCWD, "./0/core", {st_mode=S_IFREG|0600, st_size=17883136, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] unlink("./0/core"./strace-static-x86_64: Process 5089 attached [pid 5088] symlink("/syzcgroup/unified/syz3", "./cgroup" [pid 5089] set_robust_list(0x55558495a660, 24 [pid 5088] <... symlink resumed>) = 0 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5089] chdir("./0") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL [ 76.147670][ T5085] __memcg_slab_pre_alloc_hook+0x254/0x2b0 [ 76.147701][ T5085] ? xas_create+0x71e/0x16b0 [ 76.147721][ T5085] kmem_cache_alloc_lru+0x207/0x350 [ 76.147752][ T5085] xas_create+0x71e/0x16b0 [ 76.147782][ T5085] xas_store+0xa3/0x1980 [ 76.147803][ T5085] ? xas_find_conflict+0x7c8/0x8a0 [ 76.147823][ T5085] ? percpu_ref_put+0x19/0x180 [ 76.147853][ T5085] __filemap_add_folio+0xbe2/0x1ad0 [ 76.147890][ T5085] ? __pfx___filemap_add_folio+0x10/0x10 [ 76.147918][ T5085] ? __pfx_workingset_update_node+0x10/0x10 [pid 5088] symlink("/syzcgroup/cpu/syz3", "./cgroup.cpu" [pid 5089] <... prctl resumed>) = 0 [pid 5088] <... symlink resumed>) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5088] symlink("/syzcgroup/net/syz3", "./cgroup.net" [pid 5089] symlink("/syzcgroup/unified/syz1", "./cgroup") = 0 [pid 5088] <... symlink resumed>) = 0 [pid 5089] symlink("/syzcgroup/cpu/syz1", "./cgroup.cpu" [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5089] <... symlink resumed>) = 0 [pid 5089] symlink("/syzcgroup/net/syz1", "./cgroup.net" [pid 5088] <... openat resumed>) = 3 [pid 5089] <... symlink resumed>) = 0 [ 76.147944][ T5085] ? folio_alloc+0x1b5/0x330 [ 76.147970][ T5085] ? filemap_alloc_folio+0xdf/0x500 [ 76.147999][ T5085] filemap_add_folio+0x11e/0x570 [ 76.148027][ T5085] ? __pfx_filemap_add_folio+0x10/0x10 [ 76.148056][ T5085] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.148076][ T5085] __filemap_get_folio+0x4cd/0xbc0 [ 76.148099][ T5085] ext4_da_write_begin+0x5b9/0xa50 [ 76.148125][ T5085] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 76.148146][ T5085] ? fault_in_iov_iter_readable+0x236/0x280 [ 76.148167][ T5085] generic_perform_write+0x322/0x640 [ 76.148188][ T5085] ? generic_write_checks_count+0x3f5/0x510 [ 76.148228][ T5085] ? __pfx_generic_perform_write+0x10/0x10 [ 76.148253][ T5085] ? ext4_write_checks+0x256/0x2c0 [ 76.148279][ T5085] ext4_buffered_write_iter+0xc6/0x350 [ 76.148305][ T5085] ext4_file_write_iter+0x1de/0x1a10 [ 76.148340][ T5085] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 76.148365][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 76.148386][ T5085] __kernel_write_iter+0x435/0x8c0 [ 76.148411][ T5085] ? __pfx___kernel_write_iter+0x10/0x10 [ 76.148432][ T5085] ? generic_file_llseek_size+0x34c/0x3b0 [ 76.148453][ T5085] ? __dump_skip+0x1a4/0x260 [ 76.148477][ T5085] ? iov_iter_bvec+0x4e/0x180 [ 76.148498][ T5085] dump_user_range+0x4e0/0x950 [ 76.148530][ T5085] ? __pfx_dump_user_range+0x10/0x10 [ 76.148556][ T5085] ? writenote+0x250/0x3b0 [ 76.148576][ T5085] ? kmalloc_trace+0x1d9/0x360 [ 76.148602][ T5085] ? elf_core_dump+0x2e02/0x4630 [ 76.148628][ T5085] ? dump_emit+0x99/0xd0 [ 76.148653][ T5085] elf_core_dump+0x3d5e/0x4630 [ 76.148693][ T5085] ? __pfx_elf_core_dump+0x10/0x10 [ 76.148723][ T5085] ? mark_lock+0x9a/0x350 [ 76.148740][ T5085] ? mas_next_slot+0xeb2/0xf90 [ 76.148759][ T5085] ? __lock_acquire+0x1346/0x1fd0 [ 76.148800][ T5085] ? rcu_read_lock_any_held+0xb7/0x160 [ 76.148820][ T5085] ? 0xffffffffff600000 [ 76.148833][ T5085] ? getname_kernel+0x140/0x2f0 [ 76.148863][ T5085] do_coredump+0x1bab/0x2b50 [ 76.148904][ T5085] ? __pfx_do_coredump+0x10/0x10 [ 76.148945][ T5085] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.148966][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 76.148987][ T5085] get_signal+0x146b/0x1850 [ 76.149022][ T5085] ? __pfx_get_signal+0x10/0x10 [ 76.149048][ T5085] ? __pfx_force_sig_fault+0x10/0x10 [ 76.149077][ T5085] arch_do_signal_or_restart+0x96/0x860 [ 76.149103][ T5085] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 76.149136][ T5085] ? irqentry_exit_to_user_mode+0x53/0x270 [ 76.149158][ T5085] irqentry_exit_to_user_mode+0x79/0x270 [ 76.149181][ T5085] exc_page_fault+0x585/0x890 [ 76.149208][ T5085] asm_exc_page_fault+0x26/0x30 [ 76.149235][ T5085] RIP: 0033:0x7ffbc5000861 [ 76.149250][ T5085] Code: 00 0f 1f 84 00 00 00 00 00 48 85 f6 74 37 49 89 f0 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 5f 02 00 00 fd 74 0f c5 fd d7 c1 48 83 fe 20 76 11 85 c0 74 6d f3 0f bc c0 [ 76.149264][ T5085] RSP: 002b:00007fff75ed81b8 EFLAGS: 00010283 [ 76.149280][ T5085] RAX: 0000000000000000 RBX: 00007fff75ed8264 RCX: 0000000000000000 [ 76.149292][ T5085] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000 [ 76.149301][ T5085] RBP: 00007fff75ed8200 R08: 000000000000000f R09: 0000000000000000 [ 76.149312][ T5085] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 76.149321][ T5085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.149339][ T5085] [ 76.149347][ T5087] CPU: 1 PID: 5087 Comm: syz-executor402 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 76.149745][ T5085] ------------[ cut here ]------------ [ 76.149753][ T5085] WARNING: CPU: 0 PID: 5085 at mm/memcontrol.c:864 __mod_memcg_lruvec_state+0x2ab/0x310 [ 76.149796][ T5085] Modules linked in: [ 76.149805][ T5085] CPU: 0 PID: 5085 Comm: syz-executor402 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 [ 76.149826][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 76.149837][ T5085] RIP: 0010:__mod_memcg_lruvec_state+0x2ab/0x310 [ 76.149871][ T5085] Code: 40 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 42 80 3c 3b 00 74 05 e8 c4 95 f8 ff f6 44 24 41 02 4c 89 f3 0f 84 64 fe ff ff 90 <0f> 0b 90 e9 5b fe ff ff 48 c7 c1 9c e1 86 8f 80 e1 07 80 c1 03 38 [ 76.149887][ T5085] RSP: 0018:ffffc90003a6ea00 EFLAGS: 00010202 [ 76.149903][ T5085] RAX: 000000001a060000 RBX: ffff888074488000 RCX: 1ffff9200074dd44 [ 76.149918][ T5085] RDX: 1ffff9200074dd44 RSI: 0000000000000013 RDI: ffffc90003a6ea40 [ 76.149932][ T5085] RBP: ffffc90003a6eac0 R08: ffffea0001d949c7 R09: 1ffffd40003b2938 [ 76.149947][ T5085] R10: dffffc0000000000 R11: fffff940003b2939 R12: 0000000000000001 [ 76.149960][ T5085] R13: ffff88807448a000 R14: ffff888074488000 R15: dffffc0000000000 [ 76.149976][ T5085] FS: 000055558495a380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 76.149995][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.150008][ T5085] CR2: ffffffffffec0000 CR3: 0000000074516000 CR4: 00000000003506f0 [ 76.150025][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.150037][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.150049][ T5085] Call Trace: [ 76.150056][ T5085] [ 76.150062][ T5085] ? __warn+0x163/0x4b0 [ 76.150091][ T5085] ? __mod_memcg_lruvec_state+0x2ab/0x310 [ 76.150126][ T5085] ? report_bug+0x2b3/0x500 [ 76.150155][ T5085] ? __mod_memcg_lruvec_state+0x2ab/0x310 [ 76.150198][ T5085] ? handle_bug+0x3e/0x70 [ 76.150224][ T5085] ? exc_invalid_op+0x1a/0x50 [ 76.150252][ T5085] ? asm_exc_invalid_op+0x1a/0x20 [ 76.150287][ T5085] ? __mod_memcg_lruvec_state+0x2ab/0x310 [ 76.150324][ T5085] ? __pfx___mod_memcg_lruvec_state+0x10/0x10 [ 76.150356][ T5085] ? workingset_update_node+0x160/0x200 [ 76.150390][ T5085] ? __mod_node_page_state+0xf2/0x170 [ 76.150418][ T5085] __lruvec_stat_mod_folio+0x1a4/0x300 [ 76.150452][ T5085] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 76.150487][ T5085] __filemap_add_folio+0xcab/0x1ad0 [ 76.150537][ T5085] ? __pfx___filemap_add_folio+0x10/0x10 [ 76.150571][ T5085] ? __pfx_workingset_update_node+0x10/0x10 [ 76.150601][ T5085] ? folio_alloc+0x1b5/0x330 [ 76.150632][ T5085] ? filemap_alloc_folio+0xdf/0x500 [ 76.150665][ T5085] filemap_add_folio+0x11e/0x570 [ 76.150699][ T5085] ? __pfx_filemap_add_folio+0x10/0x10 [ 76.150733][ T5085] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.150756][ T5085] __filemap_get_folio+0x4cd/0xbc0 [ 76.150783][ T5085] ext4_da_write_begin+0x5b9/0xa50 [ 76.150813][ T5085] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 76.150840][ T5085] ? fault_in_iov_iter_readable+0x236/0x280 [ 76.150866][ T5085] generic_perform_write+0x322/0x640 [ 76.150890][ T5085] ? generic_write_checks_count+0x3f5/0x510 [ 76.150932][ T5085] ? __pfx_generic_perform_write+0x10/0x10 [ 76.150962][ T5085] ? ext4_write_checks+0x256/0x2c0 [ 76.150992][ T5085] ext4_buffered_write_iter+0xc6/0x350 [ 76.151023][ T5085] ext4_file_write_iter+0x1de/0x1a10 [ 76.151063][ T5085] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 76.151093][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 76.151118][ T5085] __kernel_write_iter+0x435/0x8c0 [ 76.151148][ T5085] ? __pfx___kernel_write_iter+0x10/0x10 [ 76.151173][ T5085] ? generic_file_llseek_size+0x34c/0x3b0 [ 76.151205][ T5085] ? __dump_skip+0x1a4/0x260 [ 76.151233][ T5085] ? iov_iter_bvec+0x4e/0x180 [ 76.151257][ T5085] dump_user_range+0x4e0/0x950 [ 76.151295][ T5085] ? __pfx_dump_user_range+0x10/0x10 [ 76.151326][ T5085] ? writenote+0x250/0x3b0 [ 76.151349][ T5085] ? kmalloc_trace+0x1d9/0x360 [ 76.151380][ T5085] ? elf_core_dump+0x2e02/0x4630 [ 76.151411][ T5085] ? dump_emit+0x99/0xd0 [ 76.151441][ T5085] elf_core_dump+0x3d5e/0x4630 [ 76.151488][ T5085] ? __pfx_elf_core_dump+0x10/0x10 [ 76.151521][ T5085] ? mark_lock+0x9a/0x350 [ 76.151542][ T5085] ? mas_next_slot+0xeb2/0xf90 [ 76.151596][ T5085] ? __lock_acquire+0x1346/0x1fd0 [ 76.151644][ T5085] ? rcu_read_lock_any_held+0xb7/0x160 [ 76.151667][ T5085] ? 0xffffffffff600000 [ 76.151683][ T5085] ? getname_kernel+0x140/0x2f0 [ 76.151719][ T5085] do_coredump+0x1bab/0x2b50 [ 76.151767][ T5085] ? __pfx_do_coredump+0x10/0x10 [ 76.151817][ T5085] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.151841][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 76.151866][ T5085] get_signal+0x146b/0x1850 [ 76.151907][ T5085] ? __pfx_get_signal+0x10/0x10 [ 76.151939][ T5085] ? __pfx_force_sig_fault+0x10/0x10 [ 76.151973][ T5085] arch_do_signal_or_restart+0x96/0x860 [ 76.152004][ T5085] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 76.152043][ T5085] ? irqentry_exit_to_user_mode+0x53/0x270 [ 76.152070][ T5085] irqentry_exit_to_user_mode+0x79/0x270 [ 76.152096][ T5085] exc_page_fault+0x585/0x890 [ 76.152123][ T5085] asm_exc_page_fault+0x26/0x30 [ 76.152153][ T5085] RIP: 0033:0x7ffbc5000861 [ 76.152168][ T5085] Code: 00 0f 1f 84 00 00 00 00 00 48 85 f6 74 37 49 89 f0 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 5f 02 00 00 fd 74 0f c5 fd d7 c1 48 83 fe 20 76 11 85 c0 74 6d f3 0f bc c0 [ 76.152183][ T5085] RSP: 002b:00007fff75ed81b8 EFLAGS: 00010283 [ 76.152206][ T5085] RAX: 0000000000000000 RBX: 00007fff75ed8264 RCX: 0000000000000000 [ 76.152218][ T5085] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000 [ 76.152230][ T5085] RBP: 00007fff75ed8200 R08: 000000000000000f R09: 0000000000000000 [ 76.152243][ T5085] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 76.152255][ T5085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.152277][ T5085] [ 76.152283][ T5085] irq event stamp: 2704 [ 76.152290][ T5085] hardirqs last enabled at (2701): [] mem_cgroup_commit_charge+0x21e/0x380 [ 76.152319][ T5085] hardirqs last disabled at (2702): [] _raw_spin_lock_irq+0xad/0x120 [ 76.152348][ T5085] softirqs last enabled at (2704): [] sock_hash_delete_elem+0x1a6/0x300 [ 76.152376][ T5085] softirqs last disabled at (2703): [] sock_hash_delete_elem+0xb0/0x300 [ 76.152402][ T5085] ---[ end trace 0000000000000000 ]--- [ 77.246990][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 77.257074][ T5087] Call Trace: [ 77.260356][ T5087] [ 77.263295][ T5087] dump_stack_lvl+0x1e7/0x2e0 [ 77.267988][ T5087] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.273203][ T5087] ? __pfx__printk+0x10/0x10 [ 77.277836][ T5087] ? vscnprintf+0x5d/0x90 [ 77.282200][ T5087] panic+0x349/0x860 [ 77.286101][ T5087] ? __warn+0x172/0x4b0 [ 77.290356][ T5087] ? __pfx_panic+0x10/0x10 [ 77.294785][ T5087] __warn+0x31e/0x4b0 [ 77.298774][ T5087] ? __local_bh_enable_ip+0x1be/0x200 [ 77.304151][ T5087] report_bug+0x2b3/0x500 [ 77.308496][ T5087] ? __local_bh_enable_ip+0x1be/0x200 [ 77.313962][ T5087] handle_bug+0x3e/0x70 [ 77.318131][ T5087] exc_invalid_op+0x1a/0x50 [ 77.322641][ T5087] asm_exc_invalid_op+0x1a/0x20 [ 77.327502][ T5087] RIP: 0010:__local_bh_enable_ip+0x1be/0x200 [ 77.333486][ T5087] Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 9c e1 86 8f 80 e1 07 80 c1 03 38 [ 77.353094][ T5087] RSP: 0018:ffffc90003a8e4e0 EFLAGS: 00010046 [ 77.359164][ T5087] RAX: 0000000000000000 RBX: 1ffff92000751ca0 RCX: 0000000000000001 [ 77.367140][ T5087] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff895fc7a6 [ 77.375115][ T5087] RBP: ffffc90003a8e5a0 R08: ffff88807444e24b R09: 1ffff1100e889c49 [ 77.383093][ T5087] R10: dffffc0000000000 R11: ffffed100e889c4a R12: dffffc0000000000 [ 77.391068][ T5087] R13: 0000000000000004 R14: ffffc90003a8e520 R15: 0000000000000201 [ 77.400631][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 77.406115][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 77.411601][ T5087] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 77.417343][ T5087] ? sock_hash_delete_elem+0x1a6/0x300 [ 77.422835][ T5087] ? do_raw_spin_unlock+0x13c/0x8b0 [ 77.428058][ T5087] ? sock_hash_delete_elem+0xb0/0x300 [ 77.433446][ T5087] sock_hash_delete_elem+0x1a6/0x300 [ 77.438761][ T5087] ? bpf_probe_read_compat+0x15d/0x180 [ 77.444247][ T5087] bpf_prog_9dc0996bccb7470f+0x68/0x6c [ 77.449717][ T5087] bpf_trace_run2+0x204/0x420 [ 77.454410][ T5087] ? bpf_trace_run2+0x114/0x420 [ 77.459294][ T5087] ? __pfx_bpf_trace_run2+0x10/0x10 [ 77.464508][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 77.469899][ T5087] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.475804][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 77.481188][ T5087] __traceiter_kfree+0x2b/0x50 [ 77.485967][ T5087] ? memcg_list_lru_alloc+0xbf1/0xd20 [ 77.491353][ T5087] kfree+0x291/0x380 [ 77.495263][ T5087] memcg_list_lru_alloc+0xbf1/0xd20 [ 77.500481][ T5087] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 77.506218][ T5087] __memcg_slab_pre_alloc_hook+0x254/0x2b0 [ 77.512048][ T5087] ? xas_create+0x71e/0x16b0 [ 77.516641][ T5087] kmem_cache_alloc_lru+0x207/0x350 [ 77.521854][ T5087] xas_create+0x71e/0x16b0 [ 77.526288][ T5087] xas_store+0xa3/0x1980 [ 77.530535][ T5087] ? xas_find_conflict+0x7c8/0x8a0 [ 77.535653][ T5087] ? percpu_ref_put+0x19/0x180 [ 77.540430][ T5087] __filemap_add_folio+0xbe2/0x1ad0 [ 77.545661][ T5087] ? __pfx___filemap_add_folio+0x10/0x10 [ 77.551326][ T5087] ? __pfx_workingset_update_node+0x10/0x10 [ 77.557250][ T5087] ? folio_alloc+0x1b5/0x330 [ 77.561887][ T5087] ? filemap_alloc_folio+0xdf/0x500 [ 77.567127][ T5087] filemap_add_folio+0x11e/0x570 [ 77.572098][ T5087] ? __pfx_filemap_add_folio+0x10/0x10 [ 77.577582][ T5087] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.583585][ T5087] __filemap_get_folio+0x4cd/0xbc0 [ 77.588720][ T5087] ext4_da_write_begin+0x5b9/0xa50 [ 77.593866][ T5087] ? __pfx_ext4_da_write_begin+0x10/0x10 [ 77.599509][ T5087] ? fault_in_iov_iter_readable+0x236/0x280 [ 77.605412][ T5087] generic_perform_write+0x322/0x640 [ 77.610704][ T5087] ? generic_write_checks_count+0x3f5/0x510 [ 77.616617][ T5087] ? __pfx_generic_perform_write+0x10/0x10 [ 77.622438][ T5087] ? ext4_write_checks+0x256/0x2c0 [ 77.627565][ T5087] ext4_buffered_write_iter+0xc6/0x350 [ 77.633041][ T5087] ext4_file_write_iter+0x1de/0x1a10 [ 77.638349][ T5087] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 77.644078][ T5087] ? __pfx_lock_acquire+0x10/0x10 [ 77.649109][ T5087] __kernel_write_iter+0x435/0x8c0 [ 77.654229][ T5087] ? __pfx___kernel_write_iter+0x10/0x10 [ 77.659867][ T5087] ? generic_file_llseek_size+0x34c/0x3b0 [ 77.665589][ T5087] ? __dump_skip+0x1a4/0x260 [ 77.670187][ T5087] ? iov_iter_bvec+0x4e/0x180 [ 77.674873][ T5087] dump_user_range+0x4e0/0x950 [ 77.679660][ T5087] ? __pfx_dump_user_range+0x10/0x10 [ 77.684956][ T5087] ? writenote+0x250/0x3b0 [ 77.689379][ T5087] ? kmalloc_trace+0x1d9/0x360 [ 77.694159][ T5087] ? elf_core_dump+0x2e02/0x4630 [ 77.699122][ T5087] ? dump_emit+0x99/0xd0 [ 77.703375][ T5087] elf_core_dump+0x3d5e/0x4630 [ 77.708164][ T5087] ? __pfx_elf_core_dump+0x10/0x10 [ 77.713315][ T5087] ? mark_lock+0x9a/0x350 [ 77.717678][ T5087] ? mas_next_slot+0xeb2/0xf90 [ 77.722467][ T5087] ? __lock_acquire+0x1346/0x1fd0 [ 77.727536][ T5087] ? rcu_read_lock_any_held+0xb7/0x160 [ 77.733030][ T5087] ? 0xffffffffff600000 [ 77.737194][ T5087] ? getname_kernel+0x140/0x2f0 [ 77.742065][ T5087] do_coredump+0x1bab/0x2b50 [ 77.746690][ T5087] ? __pfx_do_coredump+0x10/0x10 [ 77.751661][ T5087] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.756873][ T5087] ? lockdep_hardirqs_on+0x99/0x150 [ 77.762083][ T5087] get_signal+0x146b/0x1850 [ 77.766611][ T5087] ? __pfx_get_signal+0x10/0x10 [ 77.771474][ T5087] ? __pfx_force_sig_fault+0x10/0x10 [ 77.776771][ T5087] arch_do_signal_or_restart+0x96/0x860 [ 77.782331][ T5087] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 77.788503][ T5087] ? irqentry_exit_to_user_mode+0x53/0x270 [ 77.794317][ T5087] irqentry_exit_to_user_mode+0x79/0x270 [ 77.799957][ T5087] exc_page_fault+0x585/0x890 [ 77.804643][ T5087] asm_exc_page_fault+0x26/0x30 [ 77.809503][ T5087] RIP: 0033:0x7ffbc5000861 [ 77.813923][ T5087] Code: 00 0f 1f 84 00 00 00 00 00 48 85 f6 74 37 49 89 f0 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 5f 02 00 00 fd 74 0f c5 fd d7 c1 48 83 fe 20 76 11 85 c0 74 6d f3 0f bc c0 [ 77.833531][ T5087] RSP: 002b:00007fff75ed81b8 EFLAGS: 00010283 [ 77.839621][ T5087] RAX: 0000000000000000 RBX: 00007fff75ed8264 RCX: 0000000000000000 [ 77.847596][ T5087] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000 [ 77.855587][ T5087] RBP: 00007fff75ed8200 R08: 000000000000000f R09: 0000000000000000 [ 77.863560][ T5087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 77.871537][ T5087] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.879627][ T5087] [ 77.882749][ T5087] Kernel Offset: disabled [ 77.887072][ T5087] Rebooting in 86400 seconds..