./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3207890685 <...> no interfaces have a carrier Starting sshd: OK syzkaller syzkaller login: [ 4.141038][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 15.374583][ T24] kauditd_printk_skb: 60 callbacks suppressed [ 15.374590][ T24] audit: type=1400 audit(1659957408.820:71): avc: denied { transition } for pid=332 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.380250][ T24] audit: type=1400 audit(1659957408.820:72): avc: denied { write } for pid=332 comm="sh" path="pipe:[1378]" dev="pipefs" ino=1378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. execve("./syz-executor3207890685", ["./syz-executor3207890685"], 0x7ffc1e4c97f0 /* 10 vars */) = 0 brk(NULL) = 0x5555561b0000 brk(0x5555561b0c40) = 0x5555561b0c40 arch_prctl(ARCH_SET_FS, 0x5555561b0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3207890685", 4096) = 28 brk(0x5555561d1c40) = 0x5555561d1c40 brk(0x5555561d2000) = 0x5555561d2000 mprotect(0x7f8878558000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 [ 22.892648][ T24] audit: type=1400 audit(1659957416.340:73): avc: denied { execmem } for pid=371 comm="syz-executor320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.898965][ T371] cgroup: Unknown subsys name 'net' [ 22.912056][ T24] audit: type=1400 audit(1659957416.340:74): avc: denied { mounton } for pid=371 comm="syz-executor320" path="/syzcgroup/unified" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 [ 22.940128][ T24] audit: type=1400 audit(1659957416.340:75): avc: denied { mount } for pid=371 comm="syz-executor320" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.940628][ T371] cgroup: Unknown subsys name 'devices' [ 22.963101][ T24] audit: type=1400 audit(1659957416.360:76): avc: denied { unmount } for pid=371 comm="syz-executor320" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) [ 22.990938][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) [ 23.073154][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 23.082205][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 23.091597][ T371] cgroup: Unknown subsys name 'hugetlb' [ 23.097332][ T371] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 371 mkdir("./syzkaller.Qduq5d", 0700) = 0 chmod("./syzkaller.Qduq5d", 0777) = 0 chdir("./syzkaller.Qduq5d") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setsid() = 1 [pid 372] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 372] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 372] unshare(CLONE_NEWNS) = 0 [pid 372] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 372] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 372] unshare(CLONE_NEWCGROUP) = 0 [pid 372] unshare(CLONE_NEWUTS) = 0 [pid 372] unshare(CLONE_SYSVSEM) = 0 [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 372] getpid() = 1 [pid 372] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.549319][ T373] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.557703][ T373] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 23.565647][ T373] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 23.573594][ T373] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 23.581549][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 23.589505][ T373] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000000 [ 23.598714][ T373] ------------[ cut here ]------------ [ 23.604244][ T373] WARNING: CPU: 1 PID: 373 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 23.614183][ T373] Modules linked in: [ 23.618058][ T373] CPU: 0 PID: 373 Comm: syz-executor320 Not tainted 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 23.628290][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 23.638372][ T373] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 23.644612][ T373] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 23.664234][ T373] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 23.670280][ T373] RAX: ffffffff8187afe7 RBX: ffff88811820e150 RCX: ffff888106dd3b40 [ 23.678250][ T373] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 23.686216][ T373] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 23.694192][ T373] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 23.702157][ T373] R13: 1ffff11023041c2a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 23.710103][ T373] FS: 00005555561b0300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.719027][ T373] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.725605][ T373] CR2: 000000000064a110 CR3: 000000011c2fd000 CR4: 00000000003506b0 [ 23.733579][ T373] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.741556][ T373] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.749498][ T373] Call Trace: [ 23.752807][ T373] bpf_link_put+0x1e9/0x270 [ 23.757319][ T373] bpf_link_release+0x3b/0x40 [ 23.762008][ T373] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 23.767630][ T373] __fput+0x348/0x7c0 [ 23.771611][ T373] ____fput+0x15/0x20 [ 23.775578][ T373] task_work_run+0x147/0x1b0 [ 23.780147][ T373] ptrace_notify+0x29a/0x340 [ 23.784741][ T373] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.789919][ T373] ? do_notify_parent+0xa40/0xa40 [ 23.794943][ T373] ? __close_fd+0x290/0x290 [ 23.799433][ T373] ? __ia32_sys_open+0x270/0x270 [ 23.804377][ T373] syscall_exit_work+0x7c/0x130 [ 23.809219][ T373] syscall_exit_to_user_mode+0x6a/0xa0 [ 23.814698][ T373] do_syscall_64+0x40/0x70 [ 23.819105][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.825021][ T373] RIP: 0033:0x7f88784ea1e9 [ 23.829426][ T373] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.849045][ T373] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.857458][ T373] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 23.865454][ T373] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 23.873495][ T373] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 23.881503][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 23.889492][ T373] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000000 [pid 373] close_range(3, 7, 0) = 0 [pid 373] close(3) = -1 EBADF (Bad file descriptor) [pid 373] close(4) = -1 EBADF (Bad file descriptor) [pid 373] close(5) = -1 EBADF (Bad file descriptor) [pid 373] close(6) = -1 EBADF (Bad file descriptor) [pid 373] close(7) = -1 EBADF (Bad file descriptor) [ 23.897500][ T373] ---[ end trace 71a8e909f523c1a2 ]--- [ 23.913673][ T373] ================================================================== [ 23.921742][ T373] BUG: KASAN: use-after-free in compute_effective_progs+0x1d3/0x6e0 [ 23.929686][ T373] Read of size 8 at addr ffff88811820e118 by task syz-executor320/373 [ 23.937801][ T373] [ 23.940114][ T373] CPU: 1 PID: 373 Comm: syz-executor320 Tainted: G W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 23.951714][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 23.961741][ T373] Call Trace: [ 23.965006][ T373] dump_stack_lvl+0x1e2/0x24b [ 23.969663][ T373] ? printk+0xcf/0x10f [ 23.973724][ T373] ? bfq_pos_tree_add_move+0x43e/0x43e [ 23.979152][ T373] ? wake_up_klogd+0xb8/0xf0 [ 23.983714][ T373] ? panic+0x7d7/0x7d7 [ 23.987761][ T373] print_address_description+0x81/0x3c0 [ 23.993284][ T373] kasan_report+0x1a4/0x1f0 [ 23.997763][ T373] ? compute_effective_progs+0x1d3/0x6e0 [ 24.003368][ T373] ? compute_effective_progs+0x1d3/0x6e0 [ 24.008983][ T373] __asan_report_load8_noabort+0x14/0x20 [ 24.014857][ T373] compute_effective_progs+0x1d3/0x6e0 [ 24.020300][ T373] update_effective_progs+0x79/0x320 [ 24.025562][ T373] __cgroup_bpf_detach+0x312/0x570 [ 24.030644][ T373] bpf_cgroup_link_release+0x94/0x260 [ 24.035987][ T373] bpf_link_put+0x1e9/0x270 [ 24.040462][ T373] bpf_link_release+0x3b/0x40 [ 24.045110][ T373] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.050718][ T373] __fput+0x348/0x7c0 [ 24.054677][ T373] ____fput+0x15/0x20 [ 24.058631][ T373] task_work_run+0x147/0x1b0 [ 24.063211][ T373] ptrace_notify+0x29a/0x340 [ 24.067771][ T373] ? do_notify_parent+0xa40/0xa40 [ 24.072768][ T373] ? fput_many+0x15a/0x1a0 [ 24.077157][ T373] ? fput+0x1a/0x20 [ 24.080936][ T373] ? filp_close+0x105/0x150 [ 24.085412][ T373] ? __close_fd+0x224/0x290 [ 24.089893][ T373] syscall_exit_work+0x7c/0x130 [ 24.094723][ T373] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.100154][ T373] do_syscall_64+0x40/0x70 [ 24.104542][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.110404][ T373] RIP: 0033:0x7f88784ac2f3 [ 24.114811][ T373] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 [ 24.134388][ T373] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 24.142772][ T373] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 00007f88784ac2f3 [ 24.150714][ T373] RDX: ffffffffffffffc0 RSI: 0000000000000007 RDI: 0000000000000008 [ 24.158659][ T373] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 24.166600][ T373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 24.174543][ T373] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000000 [ 24.182489][ T373] [ 24.184804][ T373] Allocated by task 373: [ 24.189035][ T373] ____kasan_kmalloc+0xdc/0x110 [ 24.193856][ T373] __kasan_kmalloc+0x9/0x10 [ 24.198330][ T373] kmem_cache_alloc_trace+0x1dd/0x330 [ 24.203685][ T373] cgroup_bpf_link_attach+0x12e/0x4a0 [ 24.209026][ T373] link_create+0x540/0x6e0 [ 24.213430][ T373] __do_sys_bpf+0x528/0x6c0 [ 24.217903][ T373] __x64_sys_bpf+0x7a/0x90 [ 24.222308][ T373] do_syscall_64+0x34/0x70 [ 24.226692][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.232545][ T373] [ 24.234844][ T373] Freed by task 373: [ 24.238797][ T373] kasan_set_track+0x4c/0x80 [ 24.243357][ T373] kasan_set_free_info+0x23/0x40 [ 24.248264][ T373] ____kasan_slab_free+0x121/0x160 [ 24.253359][ T373] __kasan_slab_free+0x11/0x20 [ 24.258091][ T373] slab_free_freelist_hook+0xcc/0x1a0 [ 24.263433][ T373] kfree+0xc3/0x290 [ 24.267211][ T373] bpf_cgroup_link_dealloc+0x15/0x20 [ 24.272464][ T373] bpf_link_put+0x243/0x270 [ 24.276951][ T373] bpf_link_release+0x3b/0x40 [ 24.281603][ T373] __fput+0x348/0x7c0 [ 24.285561][ T373] ____fput+0x15/0x20 [ 24.289514][ T373] task_work_run+0x147/0x1b0 [ 24.294077][ T373] ptrace_notify+0x29a/0x340 [ 24.298636][ T373] syscall_exit_work+0x7c/0x130 [ 24.303456][ T373] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.308898][ T373] do_syscall_64+0x40/0x70 [ 24.313295][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.319150][ T373] [ 24.321449][ T373] The buggy address belongs to the object at ffff88811820e100 [ 24.321449][ T373] which belongs to the cache kmalloc-96 of size 96 [ 24.335308][ T373] The buggy address is located 24 bytes inside of [ 24.335308][ T373] 96-byte region [ffff88811820e100, ffff88811820e160) [ 24.348374][ T373] The buggy address belongs to the page: [ 24.353981][ T373] page:ffffea0004608380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11820e [ 24.364187][ T373] flags: 0x8000000000000200(slab) [ 24.369184][ T373] raw: 8000000000000200 dead000000000100 dead000000000122 ffff888100043680 [ 24.377739][ T373] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 24.386310][ T373] page dumped because: kasan: bad access detected [ 24.392693][ T373] page_owner tracks the page as allocated [ 24.398403][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 361, ts 16642756972, free_ts 16614003897 [ 24.414368][ T373] get_page_from_freelist+0x745/0x760 [ 24.419717][ T373] __alloc_pages_nodemask+0x3b6/0x890 [ 24.425075][ T373] allocate_slab+0x78/0x540 [ 24.429549][ T373] ___slab_alloc+0x131/0x2e0 [ 24.434114][ T373] __slab_alloc+0x63/0xa0 [ 24.438419][ T373] kmem_cache_alloc_trace+0x20e/0x330 [ 24.443760][ T373] __get_vm_area_node+0x134/0x200 [ 24.448754][ T373] __vmalloc_node_range+0xd5/0x6d0 [ 24.453852][ T373] __vmalloc+0x7a/0x90 [ 24.457894][ T373] bpf_prog_alloc_no_stats+0x36/0x2d0 [ 24.463338][ T373] bpf_prog_alloc+0x21/0x1f0 [ 24.467900][ T373] bpf_prog_create_from_user+0xa0/0x400 [ 24.473415][ T373] do_seccomp+0x8bd/0x13a0 [ 24.477804][ T373] prctl_set_seccomp+0x4d/0x60 [ 24.482552][ T373] __do_sys_prctl+0x8fb/0x12e0 [ 24.487299][ T373] __x64_sys_prctl+0xbf/0xd0 [ 24.491864][ T373] page last free stack trace: [ 24.496526][ T373] free_pcp_prepare+0x18c/0x1c0 [ 24.501347][ T373] free_unref_page+0x6a/0x220 [ 24.505993][ T373] __put_page+0xb1/0xd0 [ 24.510130][ T373] anon_pipe_buf_release+0x18d/0x210 [ 24.515399][ T373] pipe_read+0x5c1/0x1070 [ 24.519707][ T373] vfs_read+0x9e2/0xbf0 [ 24.523831][ T373] ksys_read+0x198/0x2c0 [ 24.528055][ T373] __x64_sys_read+0x7b/0x90 [ 24.532530][ T373] do_syscall_64+0x34/0x70 [ 24.536931][ T373] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.542788][ T373] [ 24.545086][ T373] Memory state around the buggy address: [ 24.550687][ T373] ffff88811820e000: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.558730][ T373] ffff88811820e080: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.566784][ T373] >ffff88811820e100: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.574815][ T373] ^ [ 24.579637][ T373] ffff88811820e180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.587672][ T373] ffff88811820e200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.595700][ T373] ================================================================== [pid 373] close(8) = 0 [pid 373] close(9) = 0 [pid 373] close(10) = -1 EBADF (Bad file descriptor) [pid 373] close(11) = -1 EBADF (Bad file descriptor) [pid 373] close(12) = -1 EBADF (Bad file descriptor) [pid 373] close(13) = -1 EBADF (Bad file descriptor) [pid 373] close(14) = -1 EBADF (Bad file descriptor) [pid 373] close(15) = -1 EBADF (Bad file descriptor) [pid 373] close(16) = -1 EBADF (Bad file descriptor) [pid 373] close(17) = -1 EBADF (Bad file descriptor) [pid 373] close(18) = -1 EBADF (Bad file descriptor) [pid 373] close(19) = -1 EBADF (Bad file descriptor) [pid 373] close(20) = -1 EBADF (Bad file descriptor) [pid 373] close(21) = -1 EBADF (Bad file descriptor) [pid 373] close(22) = -1 EBADF (Bad file descriptor) [pid 373] close(23) = -1 EBADF (Bad file descriptor) [pid 373] close(24) = -1 EBADF (Bad file descriptor) [pid 373] close(25) = -1 EBADF (Bad file descriptor) [pid 373] close(26) = -1 EBADF (Bad file descriptor) [pid 373] close(27) = -1 EBADF (Bad file descriptor) [pid 373] close(28) = -1 EBADF (Bad file descriptor) [pid 373] close(29) = -1 EBADF (Bad file descriptor) [pid 373] exit_group(0) = ? [pid 373] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=40} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./0/binderfs") = 0 [pid 372] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./0/cgroup") = 0 [pid 372] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./0/cgroup.net") = 0 [pid 372] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./0/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./0") = 0 [pid 372] mkdir("./1", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 3 ./strace-static-x86_64: Process 374 attached [pid 374] chdir("./1") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 374] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 374] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 374] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 374] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 374] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 374] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 374] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 374] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 374] write(9, "1", 1) = 1 [ 24.603729][ T373] Disabling lock debugging due to kernel taint [ 24.634756][ T374] FAULT_INJECTION: forcing a failure. [ 24.634756][ T374] name failslab, interval 1, probability 0, space 0, times 0 [ 24.647415][ T374] CPU: 1 PID: 374 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 24.659012][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 24.669040][ T374] Call Trace: [ 24.672306][ T374] dump_stack_lvl+0x1e2/0x24b [ 24.676957][ T374] ? panic+0x7d7/0x7d7 [ 24.680998][ T374] ? bfq_pos_tree_add_move+0x43e/0x43e [ 24.686451][ T374] dump_stack+0x15/0x17 [ 24.690585][ T374] should_fail+0x3c0/0x510 [ 24.694976][ T374] ? bpf_prog_array_alloc+0x40/0x60 [ 24.700155][ T374] __should_failslab+0x9f/0xe0 [ 24.704892][ T374] should_failslab+0x9/0x20 [ 24.709366][ T374] __kmalloc+0x60/0x360 [ 24.713495][ T374] bpf_prog_array_alloc+0x40/0x60 [ 24.718518][ T374] compute_effective_progs+0x2de/0x6e0 [ 24.723961][ T374] update_effective_progs+0x79/0x320 [ 24.729227][ T374] __cgroup_bpf_detach+0x312/0x570 [ 24.734335][ T374] bpf_cgroup_link_release+0x94/0x260 [ 24.739695][ T374] bpf_link_put+0x1e9/0x270 [ 24.744170][ T374] bpf_link_release+0x3b/0x40 [ 24.748815][ T374] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.754417][ T374] __fput+0x348/0x7c0 [ 24.758390][ T374] ____fput+0x15/0x20 [ 24.762350][ T374] task_work_run+0x147/0x1b0 [ 24.766919][ T374] ptrace_notify+0x29a/0x340 [ 24.771485][ T374] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.776659][ T374] ? do_notify_parent+0xa40/0xa40 [ 24.781654][ T374] ? __close_fd+0x290/0x290 [ 24.786132][ T374] ? __ia32_sys_open+0x270/0x270 [ 24.791041][ T374] syscall_exit_work+0x7c/0x130 [ 24.795864][ T374] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.801300][ T374] do_syscall_64+0x40/0x70 [ 24.805686][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.811571][ T374] RIP: 0033:0x7f88784ea1e9 [ 24.815957][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 24.835536][ T374] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 24.843918][ T374] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 24.851864][ T374] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 24.859807][ T374] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 24.867756][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 24.875707][ T374] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000001 [ 24.883850][ T374] ------------[ cut here ]------------ [ 24.889309][ T374] WARNING: CPU: 1 PID: 374 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 24.899265][ T374] Modules linked in: [ 24.903190][ T374] CPU: 1 PID: 374 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 24.914807][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 24.924870][ T374] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 24.931130][ T374] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 24.950750][ T374] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 24.956818][ T374] RAX: ffffffff8187afe7 RBX: ffff888101febfd0 RCX: ffff88810659cf00 [ 24.964792][ T374] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 24.972754][ T374] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 24.980704][ T374] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 24.988680][ T374] R13: 1ffff110203fd7fa R14: 00000000fffffff4 R15: ffff88811dd36000 [ 24.996644][ T374] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.005620][ T374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.012211][ T374] CR2: 00007f887855c140 CR3: 0000000101ff7000 CR4: 00000000003506a0 [ 25.020165][ T374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.028153][ T374] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.036119][ T374] Call Trace: [ 25.039382][ T374] bpf_link_put+0x1e9/0x270 [ 25.043891][ T374] bpf_link_release+0x3b/0x40 [ 25.048559][ T374] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.054196][ T374] __fput+0x348/0x7c0 [ 25.058170][ T374] ____fput+0x15/0x20 [ 25.062152][ T374] task_work_run+0x147/0x1b0 [ 25.066730][ T374] ptrace_notify+0x29a/0x340 [ 25.071331][ T374] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.076516][ T374] ? do_notify_parent+0xa40/0xa40 [ 25.081537][ T374] ? __close_fd+0x290/0x290 [ 25.086046][ T374] ? __ia32_sys_open+0x270/0x270 [ 25.090980][ T374] syscall_exit_work+0x7c/0x130 [ 25.095818][ T374] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.101270][ T374] do_syscall_64+0x40/0x70 [ 25.105672][ T374] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.111657][ T374] RIP: 0033:0x7f88784ea1e9 [ 25.116062][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.135745][ T374] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.144179][ T374] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 25.152147][ T374] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 25.160100][ T374] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 25.168066][ T374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 25.176030][ T374] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000001 [pid 374] close_range(3, 7, 0) = 0 [pid 374] close(3) = -1 EBADF (Bad file descriptor) [pid 374] close(4) = -1 EBADF (Bad file descriptor) [pid 374] close(5) = -1 EBADF (Bad file descriptor) [pid 374] close(6) = -1 EBADF (Bad file descriptor) [pid 374] close(7) = -1 EBADF (Bad file descriptor) [pid 374] close(8) = 0 [pid 374] close(9) = 0 [pid 374] close(10) = -1 EBADF (Bad file descriptor) [pid 374] close(11) = -1 EBADF (Bad file descriptor) [pid 374] close(12) = -1 EBADF (Bad file descriptor) [pid 374] close(13) = -1 EBADF (Bad file descriptor) [pid 374] close(14) = -1 EBADF (Bad file descriptor) [pid 374] close(15) = -1 EBADF (Bad file descriptor) [pid 374] close(16) = -1 EBADF (Bad file descriptor) [pid 374] close(17) = -1 EBADF (Bad file descriptor) [pid 374] close(18) = -1 EBADF (Bad file descriptor) [pid 374] close(19) = -1 EBADF (Bad file descriptor) [pid 374] close(20) = -1 EBADF (Bad file descriptor) [pid 374] close(21) = -1 EBADF (Bad file descriptor) [pid 374] close(22) = -1 EBADF (Bad file descriptor) [pid 374] close(23) = -1 EBADF (Bad file descriptor) [pid 374] close(24) = -1 EBADF (Bad file descriptor) [pid 374] close(25) = -1 EBADF (Bad file descriptor) [pid 374] close(26) = -1 EBADF (Bad file descriptor) [pid 374] close(27) = -1 EBADF (Bad file descriptor) [pid 374] close(28) = -1 EBADF (Bad file descriptor) [pid 374] close(29) = -1 EBADF (Bad file descriptor) [pid 374] exit_group(0) = ? [pid 374] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./1/binderfs") = 0 [pid 372] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./1/cgroup") = 0 [pid 372] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./1/cgroup.net") = 0 [pid 372] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./1/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./1") = 0 [pid 372] mkdir("./2", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 375 attached , child_tidptr=0x5555561b05d0) = 4 [pid 375] chdir("./2") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 375] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 375] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 375] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 375] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 375] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 375] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 375] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 375] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 375] write(9, "1", 1) = 1 [ 25.183994][ T374] ---[ end trace 71a8e909f523c1a3 ]--- [ 25.208243][ T375] FAULT_INJECTION: forcing a failure. [ 25.208243][ T375] name failslab, interval 1, probability 0, space 0, times 0 [ 25.220849][ T375] CPU: 1 PID: 375 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 25.232467][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 25.242498][ T375] Call Trace: [ 25.245767][ T375] dump_stack_lvl+0x1e2/0x24b [ 25.250415][ T375] ? panic+0x7d7/0x7d7 [ 25.254477][ T375] ? bfq_pos_tree_add_move+0x43e/0x43e [ 25.259909][ T375] dump_stack+0x15/0x17 [ 25.264038][ T375] should_fail+0x3c0/0x510 [ 25.268448][ T375] ? bpf_prog_array_alloc+0x40/0x60 [ 25.273633][ T375] __should_failslab+0x9f/0xe0 [ 25.278370][ T375] should_failslab+0x9/0x20 [ 25.282845][ T375] __kmalloc+0x60/0x360 [ 25.286975][ T375] bpf_prog_array_alloc+0x40/0x60 [ 25.291972][ T375] compute_effective_progs+0x2de/0x6e0 [ 25.297402][ T375] update_effective_progs+0x79/0x320 [ 25.302673][ T375] __cgroup_bpf_detach+0x312/0x570 [ 25.307756][ T375] bpf_cgroup_link_release+0x94/0x260 [ 25.313104][ T375] bpf_link_put+0x1e9/0x270 [ 25.317592][ T375] bpf_link_release+0x3b/0x40 [ 25.322241][ T375] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.327843][ T375] __fput+0x348/0x7c0 [ 25.331813][ T375] ____fput+0x15/0x20 [ 25.335769][ T375] task_work_run+0x147/0x1b0 [ 25.340333][ T375] ptrace_notify+0x29a/0x340 [ 25.344909][ T375] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.350094][ T375] ? do_notify_parent+0xa40/0xa40 [ 25.355101][ T375] ? __close_fd+0x290/0x290 [ 25.359575][ T375] ? __ia32_sys_open+0x270/0x270 [ 25.364503][ T375] syscall_exit_work+0x7c/0x130 [ 25.369342][ T375] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.374772][ T375] do_syscall_64+0x40/0x70 [ 25.379163][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.385027][ T375] RIP: 0033:0x7f88784ea1e9 [ 25.389415][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.409003][ T375] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.417394][ T375] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 25.425343][ T375] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 25.433296][ T375] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 25.441243][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 25.449193][ T375] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000002 [ 25.457445][ T375] ------------[ cut here ]------------ [ 25.463138][ T375] WARNING: CPU: 0 PID: 375 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 25.473115][ T375] Modules linked in: [ 25.477003][ T375] CPU: 0 PID: 375 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 25.488703][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 25.498771][ T375] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 25.505099][ T375] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 25.524706][ T375] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 25.530763][ T375] RAX: ffffffff8187afe7 RBX: ffff888101feb8d0 RCX: ffff8881041813c0 [ 25.538734][ T375] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 25.546701][ T375] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 25.554687][ T375] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 25.562826][ T375] R13: 1ffff110203fd71a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 25.570790][ T375] FS: 00005555561b0300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.579714][ T375] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.586302][ T375] CR2: 00007ffd84b071e8 CR3: 0000000101ff2000 CR4: 00000000003506b0 [ 25.594302][ T375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.602277][ T375] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.610219][ T375] Call Trace: [ 25.613515][ T375] bpf_link_put+0x1e9/0x270 [ 25.618009][ T375] bpf_link_release+0x3b/0x40 [ 25.622690][ T375] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.628310][ T375] __fput+0x348/0x7c0 [ 25.632333][ T375] ____fput+0x15/0x20 [ 25.636310][ T375] task_work_run+0x147/0x1b0 [ 25.640922][ T375] ptrace_notify+0x29a/0x340 [ 25.645510][ T375] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.650687][ T375] ? do_notify_parent+0xa40/0xa40 [ 25.655723][ T375] ? __close_fd+0x290/0x290 [ 25.660213][ T375] ? __ia32_sys_open+0x270/0x270 [ 25.665159][ T375] syscall_exit_work+0x7c/0x130 [ 25.670001][ T375] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.675467][ T375] do_syscall_64+0x40/0x70 [ 25.679864][ T375] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.685751][ T375] RIP: 0033:0x7f88784ea1e9 [ 25.690173][ T375] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.709789][ T375] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.718201][ T375] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 25.726166][ T375] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 25.734137][ T375] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 25.742107][ T375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 25.750080][ T375] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000002 [pid 375] close_range(3, 7, 0) = 0 [pid 375] close(3) = -1 EBADF (Bad file descriptor) [pid 375] close(4) = -1 EBADF (Bad file descriptor) [pid 375] close(5) = -1 EBADF (Bad file descriptor) [pid 375] close(6) = -1 EBADF (Bad file descriptor) [pid 375] close(7) = -1 EBADF (Bad file descriptor) [pid 375] close(8) = 0 [pid 375] close(9) = 0 [pid 375] close(10) = -1 EBADF (Bad file descriptor) [pid 375] close(11) = -1 EBADF (Bad file descriptor) [pid 375] close(12) = -1 EBADF (Bad file descriptor) [pid 375] close(13) = -1 EBADF (Bad file descriptor) [pid 375] close(14) = -1 EBADF (Bad file descriptor) [pid 375] close(15) = -1 EBADF (Bad file descriptor) [pid 375] close(16) = -1 EBADF (Bad file descriptor) [pid 375] close(17) = -1 EBADF (Bad file descriptor) [pid 375] close(18) = -1 EBADF (Bad file descriptor) [pid 375] close(19) = -1 EBADF (Bad file descriptor) [pid 375] close(20) = -1 EBADF (Bad file descriptor) [pid 375] close(21) = -1 EBADF (Bad file descriptor) [pid 375] close(22) = -1 EBADF (Bad file descriptor) [pid 375] close(23) = -1 EBADF (Bad file descriptor) [pid 375] close(24) = -1 EBADF (Bad file descriptor) [pid 375] close(25) = -1 EBADF (Bad file descriptor) [pid 375] close(26) = -1 EBADF (Bad file descriptor) [pid 375] close(27) = -1 EBADF (Bad file descriptor) [pid 375] close(28) = -1 EBADF (Bad file descriptor) [pid 375] close(29) = -1 EBADF (Bad file descriptor) [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./2/binderfs") = 0 [pid 372] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./2/cgroup") = 0 [pid 372] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./2/cgroup.net") = 0 [pid 372] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./2/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./2") = 0 [pid 372] mkdir("./3", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 5 ./strace-static-x86_64: Process 376 attached [pid 376] chdir("./3") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 376] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 376] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 376] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 376] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 376] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 376] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 376] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 376] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 376] write(9, "1", 1) = 1 [ 25.758050][ T375] ---[ end trace 71a8e909f523c1a4 ]--- [ 25.780603][ T376] FAULT_INJECTION: forcing a failure. [ 25.780603][ T376] name failslab, interval 1, probability 0, space 0, times 0 [ 25.793267][ T376] CPU: 1 PID: 376 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 25.804873][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 25.814926][ T376] Call Trace: [ 25.818193][ T376] dump_stack_lvl+0x1e2/0x24b [ 25.822845][ T376] ? panic+0x7d7/0x7d7 [ 25.826886][ T376] ? bfq_pos_tree_add_move+0x43e/0x43e [ 25.832316][ T376] dump_stack+0x15/0x17 [ 25.836445][ T376] should_fail+0x3c0/0x510 [ 25.840838][ T376] ? bpf_prog_array_alloc+0x40/0x60 [ 25.846011][ T376] __should_failslab+0x9f/0xe0 [ 25.850749][ T376] should_failslab+0x9/0x20 [ 25.855224][ T376] __kmalloc+0x60/0x360 [ 25.859353][ T376] bpf_prog_array_alloc+0x40/0x60 [ 25.864352][ T376] compute_effective_progs+0x2de/0x6e0 [ 25.869784][ T376] update_effective_progs+0x79/0x320 [ 25.875139][ T376] __cgroup_bpf_detach+0x312/0x570 [ 25.880229][ T376] bpf_cgroup_link_release+0x94/0x260 [ 25.885590][ T376] bpf_link_put+0x1e9/0x270 [ 25.890078][ T376] bpf_link_release+0x3b/0x40 [ 25.894728][ T376] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.900336][ T376] __fput+0x348/0x7c0 [ 25.904292][ T376] ____fput+0x15/0x20 [ 25.908249][ T376] task_work_run+0x147/0x1b0 [ 25.912812][ T376] ptrace_notify+0x29a/0x340 [ 25.917381][ T376] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.922553][ T376] ? do_notify_parent+0xa40/0xa40 [ 25.927550][ T376] ? __close_fd+0x290/0x290 [ 25.932025][ T376] ? __ia32_sys_open+0x270/0x270 [ 25.936938][ T376] syscall_exit_work+0x7c/0x130 [ 25.941766][ T376] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.947195][ T376] do_syscall_64+0x40/0x70 [ 25.951585][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 25.957448][ T376] RIP: 0033:0x7f88784ea1e9 [ 25.961843][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.981421][ T376] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.989804][ T376] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 25.997765][ T376] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 26.005708][ T376] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 26.013669][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 26.021615][ T376] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000003 [ 26.029851][ T376] ------------[ cut here ]------------ [ 26.035545][ T376] WARNING: CPU: 0 PID: 376 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 26.045479][ T376] Modules linked in: [ 26.049369][ T376] CPU: 1 PID: 376 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 26.061123][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 26.071269][ T376] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 26.077488][ T376] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 26.097196][ T376] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 26.103336][ T376] RAX: ffffffff8187afe7 RBX: ffff8881021b31d0 RCX: ffff88810659e2c0 [ 26.111383][ T376] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 26.119329][ T376] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 26.127313][ T376] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 26.135288][ T376] R13: 1ffff1102043663a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 26.143267][ T376] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.152192][ T376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.158776][ T376] CR2: 00007f887855c140 CR3: 0000000106bc8000 CR4: 00000000003506a0 [ 26.166742][ T376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.174785][ T376] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.182778][ T376] Call Trace: [ 26.186061][ T376] bpf_link_put+0x1e9/0x270 [ 26.190543][ T376] bpf_link_release+0x3b/0x40 [ 26.195225][ T376] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.200846][ T376] __fput+0x348/0x7c0 [ 26.204840][ T376] ____fput+0x15/0x20 [ 26.208819][ T376] task_work_run+0x147/0x1b0 [ 26.213414][ T376] ptrace_notify+0x29a/0x340 [ 26.217986][ T376] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.223187][ T376] ? do_notify_parent+0xa40/0xa40 [ 26.228200][ T376] ? __close_fd+0x290/0x290 [ 26.232699][ T376] ? __ia32_sys_open+0x270/0x270 [ 26.237622][ T376] syscall_exit_work+0x7c/0x130 [ 26.242472][ T376] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.247936][ T376] do_syscall_64+0x40/0x70 [ 26.252347][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 26.258223][ T376] RIP: 0033:0x7f88784ea1e9 [ 26.262630][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.282230][ T376] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.290611][ T376] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 26.298575][ T376] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [pid 376] close_range(3, 7, 0) = 0 [pid 376] close(3) = -1 EBADF (Bad file descriptor) [pid 376] close(4) = -1 EBADF (Bad file descriptor) [pid 376] close(5) = -1 EBADF (Bad file descriptor) [pid 376] close(6) = -1 EBADF (Bad file descriptor) [pid 376] close(7) = -1 EBADF (Bad file descriptor) [pid 376] close(8) = 0 [pid 376] close(9) = 0 [pid 376] close(10) = -1 EBADF (Bad file descriptor) [pid 376] close(11) = -1 EBADF (Bad file descriptor) [pid 376] close(12) = -1 EBADF (Bad file descriptor) [pid 376] close(13) = -1 EBADF (Bad file descriptor) [pid 376] close(14) = -1 EBADF (Bad file descriptor) [pid 376] close(15) = -1 EBADF (Bad file descriptor) [pid 376] close(16) = -1 EBADF (Bad file descriptor) [pid 376] close(17) = -1 EBADF (Bad file descriptor) [pid 376] close(18) = -1 EBADF (Bad file descriptor) [pid 376] close(19) = -1 EBADF (Bad file descriptor) [pid 376] close(20) = -1 EBADF (Bad file descriptor) [pid 376] close(21) = -1 EBADF (Bad file descriptor) [pid 376] close(22) = -1 EBADF (Bad file descriptor) [pid 376] close(23) = -1 EBADF (Bad file descriptor) [pid 376] close(24) = -1 EBADF (Bad file descriptor) [pid 376] close(25) = -1 EBADF (Bad file descriptor) [pid 376] close(26) = -1 EBADF (Bad file descriptor) [pid 376] close(27) = -1 EBADF (Bad file descriptor) [pid 376] close(28) = -1 EBADF (Bad file descriptor) [pid 376] close(29) = -1 EBADF (Bad file descriptor) [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./3/binderfs") = 0 [pid 372] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./3/cgroup") = 0 [pid 372] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./3/cgroup.net") = 0 [pid 372] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./3/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./3") = 0 [pid 372] mkdir("./4", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 377 attached , child_tidptr=0x5555561b05d0) = 6 [pid 377] chdir("./4") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 377] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 377] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 377] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 377] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 377] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 377] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 377] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 377] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 377] write(9, "1", 1) = 1 [ 26.306541][ T376] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 26.314506][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 26.322477][ T376] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000003 [ 26.330444][ T376] ---[ end trace 71a8e909f523c1a5 ]--- [ 26.351445][ T377] FAULT_INJECTION: forcing a failure. [ 26.351445][ T377] name failslab, interval 1, probability 0, space 0, times 0 [ 26.364057][ T377] CPU: 1 PID: 377 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 26.375674][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 26.385713][ T377] Call Trace: [ 26.388995][ T377] dump_stack_lvl+0x1e2/0x24b [ 26.393646][ T377] ? panic+0x7d7/0x7d7 [ 26.397693][ T377] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.403126][ T377] dump_stack+0x15/0x17 [ 26.407254][ T377] should_fail+0x3c0/0x510 [ 26.411641][ T377] ? bpf_prog_array_alloc+0x40/0x60 [ 26.416827][ T377] __should_failslab+0x9f/0xe0 [ 26.421573][ T377] should_failslab+0x9/0x20 [ 26.426062][ T377] __kmalloc+0x60/0x360 [ 26.430197][ T377] bpf_prog_array_alloc+0x40/0x60 [ 26.435199][ T377] compute_effective_progs+0x2de/0x6e0 [ 26.440631][ T377] update_effective_progs+0x79/0x320 [ 26.445906][ T377] __cgroup_bpf_detach+0x312/0x570 [ 26.450993][ T377] bpf_cgroup_link_release+0x94/0x260 [ 26.456351][ T377] bpf_link_put+0x1e9/0x270 [ 26.460833][ T377] bpf_link_release+0x3b/0x40 [ 26.465484][ T377] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.471091][ T377] __fput+0x348/0x7c0 [ 26.475049][ T377] ____fput+0x15/0x20 [ 26.479003][ T377] task_work_run+0x147/0x1b0 [ 26.483571][ T377] ptrace_notify+0x29a/0x340 [ 26.488138][ T377] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.493310][ T377] ? do_notify_parent+0xa40/0xa40 [ 26.498310][ T377] ? __close_fd+0x290/0x290 [ 26.502788][ T377] ? __ia32_sys_open+0x270/0x270 [ 26.507715][ T377] syscall_exit_work+0x7c/0x130 [ 26.512549][ T377] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.517985][ T377] do_syscall_64+0x40/0x70 [ 26.522391][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 26.528256][ T377] RIP: 0033:0x7f88784ea1e9 [ 26.532663][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.552334][ T377] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.560722][ T377] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 26.568682][ T377] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 26.576631][ T377] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 26.584578][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 26.592524][ T377] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000004 [ 26.600714][ T377] ------------[ cut here ]------------ [ 26.606294][ T377] WARNING: CPU: 1 PID: 377 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 26.616317][ T377] Modules linked in: [ 26.620198][ T377] CPU: 1 PID: 377 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 26.631855][ T377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 26.642053][ T377] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 26.648354][ T377] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 26.668144][ T377] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 26.674314][ T377] RAX: ffffffff8187afe7 RBX: ffff8881021b3f50 RCX: ffff888104184f00 [ 26.682395][ T377] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 26.690350][ T377] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 26.698531][ T377] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 26.706642][ T377] R13: 1ffff110204367ea R14: 00000000fffffff4 R15: ffff88811dd36000 [ 26.714690][ T377] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.723671][ T377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.730231][ T377] CR2: 00007f887855c140 CR3: 0000000106baa000 CR4: 00000000003506a0 [ 26.738292][ T377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.746318][ T377] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.754342][ T377] Call Trace: [ 26.757612][ T377] bpf_link_put+0x1e9/0x270 [ 26.762211][ T377] bpf_link_release+0x3b/0x40 [ 26.766870][ T377] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.772586][ T377] __fput+0x348/0x7c0 [ 26.776551][ T377] ____fput+0x15/0x20 [ 26.780510][ T377] task_work_run+0x147/0x1b0 [ 26.785230][ T377] ptrace_notify+0x29a/0x340 [ 26.789794][ T377] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.795079][ T377] ? do_notify_parent+0xa40/0xa40 [ 26.800077][ T377] ? __close_fd+0x290/0x290 [ 26.804650][ T377] ? __ia32_sys_open+0x270/0x270 [ 26.809563][ T377] syscall_exit_work+0x7c/0x130 [ 26.814527][ T377] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.820071][ T377] do_syscall_64+0x40/0x70 [ 26.824619][ T377] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 26.830588][ T377] RIP: 0033:0x7f88784ea1e9 [ 26.835165][ T377] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.854881][ T377] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [pid 377] close_range(3, 7, 0) = 0 [pid 377] close(3) = -1 EBADF (Bad file descriptor) [pid 377] close(4) = -1 EBADF (Bad file descriptor) [pid 377] close(5) = -1 EBADF (Bad file descriptor) [pid 377] close(6) = -1 EBADF (Bad file descriptor) [pid 377] close(7) = -1 EBADF (Bad file descriptor) [pid 377] close(8) = 0 [pid 377] close(9) = 0 [pid 377] close(10) = -1 EBADF (Bad file descriptor) [pid 377] close(11) = -1 EBADF (Bad file descriptor) [pid 377] close(12) = -1 EBADF (Bad file descriptor) [pid 377] close(13) = -1 EBADF (Bad file descriptor) [pid 377] close(14) = -1 EBADF (Bad file descriptor) [pid 377] close(15) = -1 EBADF (Bad file descriptor) [pid 377] close(16) = -1 EBADF (Bad file descriptor) [pid 377] close(17) = -1 EBADF (Bad file descriptor) [pid 377] close(18) = -1 EBADF (Bad file descriptor) [pid 377] close(19) = -1 EBADF (Bad file descriptor) [pid 377] close(20) = -1 EBADF (Bad file descriptor) [pid 377] close(21) = -1 EBADF (Bad file descriptor) [pid 377] close(22) = -1 EBADF (Bad file descriptor) [pid 377] close(23) = -1 EBADF (Bad file descriptor) [pid 377] close(24) = -1 EBADF (Bad file descriptor) [pid 377] close(25) = -1 EBADF (Bad file descriptor) [pid 377] close(26) = -1 EBADF (Bad file descriptor) [pid 377] close(27) = -1 EBADF (Bad file descriptor) [pid 377] close(28) = -1 EBADF (Bad file descriptor) [pid 377] close(29) = -1 EBADF (Bad file descriptor) [pid 377] exit_group(0) = ? [pid 377] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./4/binderfs") = 0 [pid 372] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./4/cgroup") = 0 [pid 372] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./4/cgroup.net") = 0 [pid 372] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./4/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./4") = 0 [pid 372] mkdir("./5", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 378 attached , child_tidptr=0x5555561b05d0) = 7 [pid 378] chdir("./5") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 378] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 378] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 378] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 378] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 378] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 378] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 378] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 378] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 378] write(9, "1", 1) = 1 [ 26.863370][ T377] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 26.871402][ T377] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 26.879353][ T377] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 26.887410][ T377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 26.895450][ T377] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000004 [ 26.903486][ T377] ---[ end trace 71a8e909f523c1a6 ]--- [ 26.922744][ T378] FAULT_INJECTION: forcing a failure. [ 26.922744][ T378] name failslab, interval 1, probability 0, space 0, times 0 [ 26.935381][ T378] CPU: 1 PID: 378 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 26.946996][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 26.957026][ T378] Call Trace: [ 26.960376][ T378] dump_stack_lvl+0x1e2/0x24b [ 26.965044][ T378] ? panic+0x7d7/0x7d7 [ 26.969100][ T378] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.974530][ T378] dump_stack+0x15/0x17 [ 26.978655][ T378] should_fail+0x3c0/0x510 [ 26.983045][ T378] ? bpf_prog_array_alloc+0x40/0x60 [ 26.988215][ T378] __should_failslab+0x9f/0xe0 [ 26.992970][ T378] should_failslab+0x9/0x20 [ 26.997440][ T378] __kmalloc+0x60/0x360 [ 27.001575][ T378] bpf_prog_array_alloc+0x40/0x60 [ 27.006576][ T378] compute_effective_progs+0x2de/0x6e0 [ 27.012006][ T378] update_effective_progs+0x79/0x320 [ 27.017260][ T378] __cgroup_bpf_detach+0x312/0x570 [ 27.022346][ T378] bpf_cgroup_link_release+0x94/0x260 [ 27.027695][ T378] bpf_link_put+0x1e9/0x270 [ 27.032177][ T378] bpf_link_release+0x3b/0x40 [ 27.036824][ T378] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.042436][ T378] __fput+0x348/0x7c0 [ 27.046387][ T378] ____fput+0x15/0x20 [ 27.050345][ T378] task_work_run+0x147/0x1b0 [ 27.054915][ T378] ptrace_notify+0x29a/0x340 [ 27.059498][ T378] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.064666][ T378] ? do_notify_parent+0xa40/0xa40 [ 27.069659][ T378] ? __close_fd+0x290/0x290 [ 27.074133][ T378] ? __ia32_sys_open+0x270/0x270 [ 27.079043][ T378] syscall_exit_work+0x7c/0x130 [ 27.083864][ T378] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.089291][ T378] do_syscall_64+0x40/0x70 [ 27.093678][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.099542][ T378] RIP: 0033:0x7f88784ea1e9 [ 27.103931][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.123511][ T378] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.131904][ T378] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 27.139846][ T378] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 27.147786][ T378] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 27.155728][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 27.163677][ T378] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000005 [ 27.172123][ T378] ------------[ cut here ]------------ [ 27.177686][ T378] WARNING: CPU: 0 PID: 378 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 27.187716][ T378] Modules linked in: [ 27.191668][ T378] CPU: 1 PID: 378 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 27.203497][ T378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 27.213648][ T378] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 27.219861][ T378] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 27.239583][ T378] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 27.245710][ T378] RAX: ffffffff8187afe7 RBX: ffff8881021b3150 RCX: ffff88810659a780 [ 27.253737][ T378] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 27.261775][ T378] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 27.269727][ T378] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 27.277792][ T378] R13: 1ffff1102043662a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 27.285825][ T378] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 27.294816][ T378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.302414][ T378] CR2: 00007f887855c140 CR3: 00000001179f7000 CR4: 00000000003506a0 [ 27.310365][ T378] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.318346][ T378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.326313][ T378] Call Trace: [ 27.329575][ T378] bpf_link_put+0x1e9/0x270 [ 27.334079][ T378] bpf_link_release+0x3b/0x40 [ 27.338741][ T378] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.344377][ T378] __fput+0x348/0x7c0 [ 27.348362][ T378] ____fput+0x15/0x20 [ 27.352345][ T378] task_work_run+0x147/0x1b0 [ 27.356931][ T378] ptrace_notify+0x29a/0x340 [ 27.361517][ T378] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.366702][ T378] ? do_notify_parent+0xa40/0xa40 [ 27.371740][ T378] ? __close_fd+0x290/0x290 [ 27.376236][ T378] ? __ia32_sys_open+0x270/0x270 [ 27.381200][ T378] syscall_exit_work+0x7c/0x130 [ 27.386045][ T378] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.391512][ T378] do_syscall_64+0x40/0x70 [ 27.395927][ T378] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.401818][ T378] RIP: 0033:0x7f88784ea1e9 [ 27.406236][ T378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.425841][ T378] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.434261][ T378] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 27.442266][ T378] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 27.450224][ T378] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 27.458206][ T378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 27.466198][ T378] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000005 [pid 378] close_range(3, 7, 0) = 0 [pid 378] close(3) = -1 EBADF (Bad file descriptor) [pid 378] close(4) = -1 EBADF (Bad file descriptor) [pid 378] close(5) = -1 EBADF (Bad file descriptor) [pid 378] close(6) = -1 EBADF (Bad file descriptor) [pid 378] close(7) = -1 EBADF (Bad file descriptor) [pid 378] close(8) = 0 [pid 378] close(9) = 0 [pid 378] close(10) = -1 EBADF (Bad file descriptor) [pid 378] close(11) = -1 EBADF (Bad file descriptor) [pid 378] close(12) = -1 EBADF (Bad file descriptor) [pid 378] close(13) = -1 EBADF (Bad file descriptor) [pid 378] close(14) = -1 EBADF (Bad file descriptor) [pid 378] close(15) = -1 EBADF (Bad file descriptor) [pid 378] close(16) = -1 EBADF (Bad file descriptor) [pid 378] close(17) = -1 EBADF (Bad file descriptor) [pid 378] close(18) = -1 EBADF (Bad file descriptor) [pid 378] close(19) = -1 EBADF (Bad file descriptor) [pid 378] close(20) = -1 EBADF (Bad file descriptor) [pid 378] close(21) = -1 EBADF (Bad file descriptor) [pid 378] close(22) = -1 EBADF (Bad file descriptor) [pid 378] close(23) = -1 EBADF (Bad file descriptor) [pid 378] close(24) = -1 EBADF (Bad file descriptor) [pid 378] close(25) = -1 EBADF (Bad file descriptor) [pid 378] close(26) = -1 EBADF (Bad file descriptor) [pid 378] close(27) = -1 EBADF (Bad file descriptor) [pid 378] close(28) = -1 EBADF (Bad file descriptor) [pid 378] close(29) = -1 EBADF (Bad file descriptor) [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./5/binderfs") = 0 [pid 372] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./5/cgroup") = 0 [pid 372] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./5/cgroup.net") = 0 [pid 372] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./5/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./5") = 0 [pid 372] mkdir("./6", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 379 attached , child_tidptr=0x5555561b05d0) = 8 [pid 379] chdir("./6") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 379] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 379] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 379] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 379] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 379] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 379] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 379] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 379] write(9, "1", 1) = 1 [ 27.474168][ T378] ---[ end trace 71a8e909f523c1a7 ]--- [ 27.497768][ T379] FAULT_INJECTION: forcing a failure. [ 27.497768][ T379] name failslab, interval 1, probability 0, space 0, times 0 [ 27.510439][ T379] CPU: 1 PID: 379 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 27.522045][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 27.532075][ T379] Call Trace: [ 27.535343][ T379] dump_stack_lvl+0x1e2/0x24b [ 27.539994][ T379] ? panic+0x7d7/0x7d7 [ 27.544037][ T379] ? bfq_pos_tree_add_move+0x43e/0x43e [ 27.549469][ T379] dump_stack+0x15/0x17 [ 27.553598][ T379] should_fail+0x3c0/0x510 [ 27.557986][ T379] ? bpf_prog_array_alloc+0x40/0x60 [ 27.563158][ T379] __should_failslab+0x9f/0xe0 [ 27.567908][ T379] should_failslab+0x9/0x20 [ 27.572391][ T379] __kmalloc+0x60/0x360 [ 27.576525][ T379] bpf_prog_array_alloc+0x40/0x60 [ 27.581525][ T379] compute_effective_progs+0x2de/0x6e0 [ 27.586958][ T379] update_effective_progs+0x79/0x320 [ 27.592216][ T379] __cgroup_bpf_detach+0x312/0x570 [ 27.597301][ T379] bpf_cgroup_link_release+0x94/0x260 [ 27.602645][ T379] bpf_link_put+0x1e9/0x270 [ 27.607121][ T379] bpf_link_release+0x3b/0x40 [ 27.611775][ T379] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.617467][ T379] __fput+0x348/0x7c0 [ 27.621423][ T379] ____fput+0x15/0x20 [ 27.625378][ T379] task_work_run+0x147/0x1b0 [ 27.629957][ T379] ptrace_notify+0x29a/0x340 [ 27.634535][ T379] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.639729][ T379] ? do_notify_parent+0xa40/0xa40 [ 27.644728][ T379] ? __close_fd+0x290/0x290 [ 27.649224][ T379] ? __ia32_sys_open+0x270/0x270 [ 27.654152][ T379] syscall_exit_work+0x7c/0x130 [ 27.658976][ T379] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.664406][ T379] do_syscall_64+0x40/0x70 [ 27.668796][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.674663][ T379] RIP: 0033:0x7f88784ea1e9 [ 27.679051][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.698634][ T379] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.707029][ T379] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 27.714974][ T379] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 27.722919][ T379] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 27.730865][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 27.738813][ T379] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000006 [ 27.747105][ T379] ------------[ cut here ]------------ [ 27.752657][ T379] WARNING: CPU: 0 PID: 379 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 27.762571][ T379] Modules linked in: [ 27.766452][ T379] CPU: 0 PID: 379 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 27.778070][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 27.788147][ T379] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 27.794401][ T379] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 27.814012][ T379] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 27.820057][ T379] RAX: ffffffff8187afe7 RBX: ffff888109f95ed0 RCX: ffff8881043e8000 [ 27.828029][ T379] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 27.835997][ T379] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 27.843970][ T379] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 27.851937][ T379] R13: 1ffff110213f2bda R14: 00000000fffffff4 R15: ffff88811dd36000 [ 27.859882][ T379] FS: 00005555561b0300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 27.868807][ T379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.875414][ T379] CR2: 00007ffd84b071e8 CR3: 000000010a142000 CR4: 00000000003506b0 [ 27.883406][ T379] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.891385][ T379] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.899329][ T379] Call Trace: [ 27.902619][ T379] bpf_link_put+0x1e9/0x270 [ 27.907115][ T379] bpf_link_release+0x3b/0x40 [ 27.911792][ T379] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.917410][ T379] __fput+0x348/0x7c0 [ 27.921389][ T379] ____fput+0x15/0x20 [ 27.925359][ T379] task_work_run+0x147/0x1b0 [ 27.929923][ T379] ptrace_notify+0x29a/0x340 [ 27.934515][ T379] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.939701][ T379] ? do_notify_parent+0xa40/0xa40 [ 27.944723][ T379] ? __close_fd+0x290/0x290 [ 27.949214][ T379] ? __ia32_sys_open+0x270/0x270 [ 27.954177][ T379] syscall_exit_work+0x7c/0x130 [ 27.959014][ T379] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.964470][ T379] do_syscall_64+0x40/0x70 [ 27.968879][ T379] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.974765][ T379] RIP: 0033:0x7f88784ea1e9 [ 27.979162][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.998778][ T379] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.007211][ T379] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 28.015189][ T379] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 28.023244][ T379] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 28.031213][ T379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 28.039165][ T379] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000006 [pid 379] close_range(3, 7, 0) = 0 [pid 379] close(3) = -1 EBADF (Bad file descriptor) [pid 379] close(4) = -1 EBADF (Bad file descriptor) [pid 379] close(5) = -1 EBADF (Bad file descriptor) [pid 379] close(6) = -1 EBADF (Bad file descriptor) [pid 379] close(7) = -1 EBADF (Bad file descriptor) [pid 379] close(8) = 0 [pid 379] close(9) = 0 [pid 379] close(10) = -1 EBADF (Bad file descriptor) [pid 379] close(11) = -1 EBADF (Bad file descriptor) [pid 379] close(12) = -1 EBADF (Bad file descriptor) [pid 379] close(13) = -1 EBADF (Bad file descriptor) [pid 379] close(14) = -1 EBADF (Bad file descriptor) [pid 379] close(15) = -1 EBADF (Bad file descriptor) [pid 379] close(16) = -1 EBADF (Bad file descriptor) [pid 379] close(17) = -1 EBADF (Bad file descriptor) [pid 379] close(18) = -1 EBADF (Bad file descriptor) [pid 379] close(19) = -1 EBADF (Bad file descriptor) [pid 379] close(20) = -1 EBADF (Bad file descriptor) [pid 379] close(21) = -1 EBADF (Bad file descriptor) [pid 379] close(22) = -1 EBADF (Bad file descriptor) [pid 379] close(23) = -1 EBADF (Bad file descriptor) [pid 379] close(24) = -1 EBADF (Bad file descriptor) [pid 379] close(25) = -1 EBADF (Bad file descriptor) [pid 379] close(26) = -1 EBADF (Bad file descriptor) [pid 379] close(27) = -1 EBADF (Bad file descriptor) [pid 379] close(28) = -1 EBADF (Bad file descriptor) [pid 379] close(29) = -1 EBADF (Bad file descriptor) [pid 379] exit_group(0) = ? [pid 379] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./6/binderfs") = 0 [pid 372] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./6/cgroup") = 0 [pid 372] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./6/cgroup.net") = 0 [pid 372] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./6/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./6") = 0 [pid 372] mkdir("./7", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 380 attached [pid 380] chdir("./7" [pid 372] <... clone resumed>, child_tidptr=0x5555561b05d0) = 9 [pid 380] <... chdir resumed>) = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 380] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 380] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 380] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 380] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 380] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 380] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 380] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 380] write(9, "1", 1) = 1 [ 28.047139][ T379] ---[ end trace 71a8e909f523c1a8 ]--- [ 28.075129][ T380] FAULT_INJECTION: forcing a failure. [ 28.075129][ T380] name failslab, interval 1, probability 0, space 0, times 0 [ 28.087752][ T380] CPU: 1 PID: 380 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 28.099369][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 28.109397][ T380] Call Trace: [ 28.112664][ T380] dump_stack_lvl+0x1e2/0x24b [ 28.117313][ T380] ? panic+0x7d7/0x7d7 [ 28.121353][ T380] ? bfq_pos_tree_add_move+0x43e/0x43e [ 28.126802][ T380] dump_stack+0x15/0x17 [ 28.130931][ T380] should_fail+0x3c0/0x510 [ 28.135322][ T380] ? bpf_prog_array_alloc+0x40/0x60 [ 28.140495][ T380] __should_failslab+0x9f/0xe0 [ 28.145233][ T380] should_failslab+0x9/0x20 [ 28.149708][ T380] __kmalloc+0x60/0x360 [ 28.153838][ T380] bpf_prog_array_alloc+0x40/0x60 [ 28.158836][ T380] compute_effective_progs+0x2de/0x6e0 [ 28.164267][ T380] update_effective_progs+0x79/0x320 [ 28.169525][ T380] __cgroup_bpf_detach+0x312/0x570 [ 28.174611][ T380] bpf_cgroup_link_release+0x94/0x260 [ 28.179956][ T380] bpf_link_put+0x1e9/0x270 [ 28.184432][ T380] bpf_link_release+0x3b/0x40 [ 28.189082][ T380] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.194693][ T380] __fput+0x348/0x7c0 [ 28.198648][ T380] ____fput+0x15/0x20 [ 28.202606][ T380] task_work_run+0x147/0x1b0 [ 28.207170][ T380] ptrace_notify+0x29a/0x340 [ 28.211730][ T380] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.216899][ T380] ? do_notify_parent+0xa40/0xa40 [ 28.221898][ T380] ? __close_fd+0x290/0x290 [ 28.226372][ T380] ? __ia32_sys_open+0x270/0x270 [ 28.231287][ T380] syscall_exit_work+0x7c/0x130 [ 28.236112][ T380] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.241541][ T380] do_syscall_64+0x40/0x70 [ 28.245930][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.251793][ T380] RIP: 0033:0x7f88784ea1e9 [ 28.256183][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.275757][ T380] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.284140][ T380] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 28.292087][ T380] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 28.300032][ T380] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 28.307977][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 28.315936][ T380] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000007 [ 28.324125][ T380] ------------[ cut here ]------------ [ 28.329585][ T380] WARNING: CPU: 0 PID: 380 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 28.340174][ T380] Modules linked in: [ 28.344223][ T380] CPU: 0 PID: 380 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 28.355899][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 28.366010][ T380] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 28.372334][ T380] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 28.392023][ T380] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 28.398091][ T380] RAX: ffffffff8187afe7 RBX: ffff888109f95cd0 RCX: ffff8881043ebb40 [ 28.406199][ T380] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 28.414244][ T380] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 28.422309][ T380] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 28.430265][ T380] R13: 1ffff110213f2b9a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 28.438352][ T380] FS: 00005555561b0300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.447354][ T380] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.454004][ T380] CR2: 00007ffd84b071e8 CR3: 000000010a143000 CR4: 00000000003506b0 [ 28.462044][ T380] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.469997][ T380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.478079][ T380] Call Trace: [ 28.481420][ T380] bpf_link_put+0x1e9/0x270 [ 28.485900][ T380] bpf_link_release+0x3b/0x40 [ 28.490549][ T380] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.496221][ T380] __fput+0x348/0x7c0 [ 28.500306][ T380] ____fput+0x15/0x20 [ 28.504423][ T380] task_work_run+0x147/0x1b0 [ 28.509096][ T380] ptrace_notify+0x29a/0x340 [ 28.513824][ T380] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.519109][ T380] ? do_notify_parent+0xa40/0xa40 [ 28.524261][ T380] ? __close_fd+0x290/0x290 [ 28.528839][ T380] ? __ia32_sys_open+0x270/0x270 [ 28.533907][ T380] syscall_exit_work+0x7c/0x130 [ 28.538840][ T380] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.544422][ T380] do_syscall_64+0x40/0x70 [ 28.548913][ T380] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.554926][ T380] RIP: 0033:0x7f88784ea1e9 [ 28.559422][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.579167][ T380] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.587709][ T380] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 28.595793][ T380] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 28.603930][ T380] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 28.611970][ T380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [pid 380] close_range(3, 7, 0) = 0 [pid 380] close(3) = -1 EBADF (Bad file descriptor) [pid 380] close(4) = -1 EBADF (Bad file descriptor) [pid 380] close(5) = -1 EBADF (Bad file descriptor) [pid 380] close(6) = -1 EBADF (Bad file descriptor) [pid 380] close(7) = -1 EBADF (Bad file descriptor) [pid 380] close(8) = 0 [pid 380] close(9) = 0 [pid 380] close(10) = -1 EBADF (Bad file descriptor) [pid 380] close(11) = -1 EBADF (Bad file descriptor) [pid 380] close(12) = -1 EBADF (Bad file descriptor) [pid 380] close(13) = -1 EBADF (Bad file descriptor) [pid 380] close(14) = -1 EBADF (Bad file descriptor) [pid 380] close(15) = -1 EBADF (Bad file descriptor) [pid 380] close(16) = -1 EBADF (Bad file descriptor) [pid 380] close(17) = -1 EBADF (Bad file descriptor) [pid 380] close(18) = -1 EBADF (Bad file descriptor) [pid 380] close(19) = -1 EBADF (Bad file descriptor) [pid 380] close(20) = -1 EBADF (Bad file descriptor) [pid 380] close(21) = -1 EBADF (Bad file descriptor) [pid 380] close(22) = -1 EBADF (Bad file descriptor) [pid 380] close(23) = -1 EBADF (Bad file descriptor) [pid 380] close(24) = -1 EBADF (Bad file descriptor) [pid 380] close(25) = -1 EBADF (Bad file descriptor) [pid 380] close(26) = -1 EBADF (Bad file descriptor) [pid 380] close(27) = -1 EBADF (Bad file descriptor) [pid 380] close(28) = -1 EBADF (Bad file descriptor) [pid 380] close(29) = -1 EBADF (Bad file descriptor) [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./7/binderfs") = 0 [pid 372] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./7/cgroup") = 0 [pid 372] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./7/cgroup.net") = 0 [pid 372] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./7/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./7") = 0 [pid 372] mkdir("./8", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 10 ./strace-static-x86_64: Process 381 attached [pid 381] chdir("./8") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 381] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 381] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 381] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 381] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 381] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 381] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 381] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 381] write(9, "1", 1) = 1 [ 28.619919][ T380] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000007 [ 28.628011][ T380] ---[ end trace 71a8e909f523c1a9 ]--- [ 28.653708][ T381] FAULT_INJECTION: forcing a failure. [ 28.653708][ T381] name failslab, interval 1, probability 0, space 0, times 0 [ 28.666423][ T381] CPU: 1 PID: 381 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 28.678017][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 28.688054][ T381] Call Trace: [ 28.691320][ T381] dump_stack_lvl+0x1e2/0x24b [ 28.695968][ T381] ? panic+0x7d7/0x7d7 [ 28.700012][ T381] ? bfq_pos_tree_add_move+0x43e/0x43e [ 28.705442][ T381] dump_stack+0x15/0x17 [ 28.709568][ T381] should_fail+0x3c0/0x510 [ 28.713964][ T381] ? bpf_prog_array_alloc+0x40/0x60 [ 28.719143][ T381] __should_failslab+0x9f/0xe0 [ 28.723964][ T381] should_failslab+0x9/0x20 [ 28.728436][ T381] __kmalloc+0x60/0x360 [ 28.732560][ T381] bpf_prog_array_alloc+0x40/0x60 [ 28.737555][ T381] compute_effective_progs+0x2de/0x6e0 [ 28.742985][ T381] update_effective_progs+0x79/0x320 [ 28.748260][ T381] __cgroup_bpf_detach+0x312/0x570 [ 28.753368][ T381] bpf_cgroup_link_release+0x94/0x260 [ 28.758710][ T381] bpf_link_put+0x1e9/0x270 [ 28.763186][ T381] bpf_link_release+0x3b/0x40 [ 28.767831][ T381] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.773449][ T381] __fput+0x348/0x7c0 [ 28.777402][ T381] ____fput+0x15/0x20 [ 28.781354][ T381] task_work_run+0x147/0x1b0 [ 28.785915][ T381] ptrace_notify+0x29a/0x340 [ 28.790489][ T381] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.795664][ T381] ? do_notify_parent+0xa40/0xa40 [ 28.800665][ T381] ? __close_fd+0x290/0x290 [ 28.805145][ T381] ? __ia32_sys_open+0x270/0x270 [ 28.810076][ T381] syscall_exit_work+0x7c/0x130 [ 28.814899][ T381] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.820326][ T381] do_syscall_64+0x40/0x70 [ 28.824716][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.830576][ T381] RIP: 0033:0x7f88784ea1e9 [ 28.834964][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.854538][ T381] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.862920][ T381] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 28.870874][ T381] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 28.878822][ T381] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 28.886769][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 28.894719][ T381] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000008 [ 28.903675][ T381] ------------[ cut here ]------------ [ 28.909133][ T381] WARNING: CPU: 1 PID: 381 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 28.919089][ T381] Modules linked in: [ 28.923229][ T381] CPU: 1 PID: 381 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 28.934905][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 28.944973][ T381] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 28.951217][ T381] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 28.970830][ T381] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 28.976912][ T381] RAX: ffffffff8187afe7 RBX: ffff88810a203dd0 RCX: ffff8881065993c0 [ 28.984881][ T381] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 28.992855][ T381] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 29.000813][ T381] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 29.008793][ T381] R13: 1ffff110214407ba R14: 00000000fffffff4 R15: ffff88811dd36000 [ 29.016761][ T381] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 29.025702][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.032282][ T381] CR2: 00007f887855c140 CR3: 000000010a221000 CR4: 00000000003506a0 [ 29.040227][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.048202][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.056190][ T381] Call Trace: [ 29.059468][ T381] bpf_link_put+0x1e9/0x270 [ 29.063990][ T381] bpf_link_release+0x3b/0x40 [ 29.068655][ T381] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.074286][ T381] __fput+0x348/0x7c0 [ 29.078261][ T381] ____fput+0x15/0x20 [ 29.082251][ T381] task_work_run+0x147/0x1b0 [ 29.086829][ T381] ptrace_notify+0x29a/0x340 [ 29.091422][ T381] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.096615][ T381] ? do_notify_parent+0xa40/0xa40 [ 29.101635][ T381] ? __close_fd+0x290/0x290 [ 29.106132][ T381] ? __ia32_sys_open+0x270/0x270 [ 29.111076][ T381] syscall_exit_work+0x7c/0x130 [ 29.115915][ T381] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.121369][ T381] do_syscall_64+0x40/0x70 [ 29.125786][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.131671][ T381] RIP: 0033:0x7f88784ea1e9 [ 29.136073][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.155679][ T381] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 29.164119][ T381] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 29.172093][ T381] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [pid 381] close_range(3, 7, 0) = 0 [pid 381] close(3) = -1 EBADF (Bad file descriptor) [pid 381] close(4) = -1 EBADF (Bad file descriptor) [pid 381] close(5) = -1 EBADF (Bad file descriptor) [pid 381] close(6) = -1 EBADF (Bad file descriptor) [pid 381] close(7) = -1 EBADF (Bad file descriptor) [pid 381] close(8) = 0 [pid 381] close(9) = 0 [pid 381] close(10) = -1 EBADF (Bad file descriptor) [pid 381] close(11) = -1 EBADF (Bad file descriptor) [pid 381] close(12) = -1 EBADF (Bad file descriptor) [pid 381] close(13) = -1 EBADF (Bad file descriptor) [pid 381] close(14) = -1 EBADF (Bad file descriptor) [pid 381] close(15) = -1 EBADF (Bad file descriptor) [pid 381] close(16) = -1 EBADF (Bad file descriptor) [pid 381] close(17) = -1 EBADF (Bad file descriptor) [pid 381] close(18) = -1 EBADF (Bad file descriptor) [pid 381] close(19) = -1 EBADF (Bad file descriptor) [pid 381] close(20) = -1 EBADF (Bad file descriptor) [pid 381] close(21) = -1 EBADF (Bad file descriptor) [pid 381] close(22) = -1 EBADF (Bad file descriptor) [pid 381] close(23) = -1 EBADF (Bad file descriptor) [pid 381] close(24) = -1 EBADF (Bad file descriptor) [pid 381] close(25) = -1 EBADF (Bad file descriptor) [pid 381] close(26) = -1 EBADF (Bad file descriptor) [pid 381] close(27) = -1 EBADF (Bad file descriptor) [pid 381] close(28) = -1 EBADF (Bad file descriptor) [pid 381] close(29) = -1 EBADF (Bad file descriptor) [pid 381] exit_group(0) = ? [pid 381] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./8/binderfs") = 0 [pid 372] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./8/cgroup") = 0 [pid 372] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./8/cgroup.net") = 0 [pid 372] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./8/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./8") = 0 [pid 372] mkdir("./9", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 382 attached , child_tidptr=0x5555561b05d0) = 11 [pid 382] chdir("./9") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 382] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 382] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 382] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 382] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 382] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 382] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 382] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 382] write(9, "1", 1) = 1 [ 29.180044][ T381] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 29.188015][ T381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 29.195980][ T381] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000008 [ 29.203954][ T381] ---[ end trace 71a8e909f523c1aa ]--- [ 29.228718][ T382] FAULT_INJECTION: forcing a failure. [ 29.228718][ T382] name failslab, interval 1, probability 0, space 0, times 0 [ 29.241378][ T382] CPU: 1 PID: 382 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 29.252970][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 29.263017][ T382] Call Trace: [ 29.266287][ T382] dump_stack_lvl+0x1e2/0x24b [ 29.270938][ T382] ? panic+0x7d7/0x7d7 [ 29.274978][ T382] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.280414][ T382] dump_stack+0x15/0x17 [ 29.284541][ T382] should_fail+0x3c0/0x510 [ 29.288931][ T382] ? bpf_prog_array_alloc+0x40/0x60 [ 29.294106][ T382] __should_failslab+0x9f/0xe0 [ 29.298848][ T382] should_failslab+0x9/0x20 [ 29.303339][ T382] __kmalloc+0x60/0x360 [ 29.307468][ T382] bpf_prog_array_alloc+0x40/0x60 [ 29.312468][ T382] compute_effective_progs+0x2de/0x6e0 [ 29.317904][ T382] update_effective_progs+0x79/0x320 [ 29.323164][ T382] __cgroup_bpf_detach+0x312/0x570 [ 29.328248][ T382] bpf_cgroup_link_release+0x94/0x260 [ 29.333595][ T382] bpf_link_put+0x1e9/0x270 [ 29.338070][ T382] bpf_link_release+0x3b/0x40 [ 29.342717][ T382] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.348336][ T382] __fput+0x348/0x7c0 [ 29.352292][ T382] ____fput+0x15/0x20 [ 29.356250][ T382] task_work_run+0x147/0x1b0 [ 29.360815][ T382] ptrace_notify+0x29a/0x340 [ 29.365378][ T382] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.370551][ T382] ? do_notify_parent+0xa40/0xa40 [ 29.375547][ T382] ? __close_fd+0x290/0x290 [ 29.380042][ T382] syscall_exit_work+0x7c/0x130 [ 29.384867][ T382] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.390298][ T382] do_syscall_64+0x40/0x70 [ 29.394693][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.400556][ T382] RIP: 0033:0x7f88784ea1e9 [ 29.404955][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.424539][ T382] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 29.432930][ T382] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 29.440877][ T382] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 29.448831][ T382] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 29.456781][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 29.464742][ T382] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000009 [ 29.472926][ T382] ------------[ cut here ]------------ [ 29.478446][ T382] WARNING: CPU: 1 PID: 382 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 29.488355][ T382] Modules linked in: [ 29.492291][ T382] CPU: 1 PID: 382 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 29.503943][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 29.514037][ T382] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 29.520263][ T382] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 29.539882][ T382] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 29.545973][ T382] RAX: ffffffff8187afe7 RBX: ffff88810a2035d0 RCX: ffff8881043ecf00 [ 29.553938][ T382] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 29.561929][ T382] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 29.569914][ T382] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 29.577906][ T382] R13: 1ffff110214406ba R14: 00000000fffffff4 R15: ffff88811dd36000 [ 29.585897][ T382] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 29.594834][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.601418][ T382] CR2: 00007f887855c140 CR3: 0000000109f77000 CR4: 00000000003506a0 [ 29.609368][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.617735][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.625743][ T382] Call Trace: [ 29.629017][ T382] bpf_link_put+0x1e9/0x270 [ 29.633554][ T382] bpf_link_release+0x3b/0x40 [ 29.638232][ T382] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.643971][ T382] __fput+0x348/0x7c0 [ 29.647949][ T382] ____fput+0x15/0x20 [ 29.651957][ T382] task_work_run+0x147/0x1b0 [ 29.656537][ T382] ptrace_notify+0x29a/0x340 [ 29.661139][ T382] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.666326][ T382] ? do_notify_parent+0xa40/0xa40 [ 29.671371][ T382] ? __close_fd+0x290/0x290 [ 29.675867][ T382] syscall_exit_work+0x7c/0x130 [ 29.680701][ T382] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.686167][ T382] do_syscall_64+0x40/0x70 [ 29.690567][ T382] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.696458][ T382] RIP: 0033:0x7f88784ea1e9 [ 29.700884][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.720508][ T382] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [pid 382] close_range(3, 7, 0) = 0 [pid 382] close(3) = -1 EBADF (Bad file descriptor) [pid 382] close(4) = -1 EBADF (Bad file descriptor) [pid 382] close(5) = -1 EBADF (Bad file descriptor) [pid 382] close(6) = -1 EBADF (Bad file descriptor) [pid 382] close(7) = -1 EBADF (Bad file descriptor) [pid 382] close(8) = 0 [pid 382] close(9) = 0 [pid 382] close(10) = -1 EBADF (Bad file descriptor) [pid 382] close(11) = -1 EBADF (Bad file descriptor) [pid 382] close(12) = -1 EBADF (Bad file descriptor) [pid 382] close(13) = -1 EBADF (Bad file descriptor) [pid 382] close(14) = -1 EBADF (Bad file descriptor) [pid 382] close(15) = -1 EBADF (Bad file descriptor) [pid 382] close(16) = -1 EBADF (Bad file descriptor) [pid 382] close(17) = -1 EBADF (Bad file descriptor) [pid 382] close(18) = -1 EBADF (Bad file descriptor) [pid 382] close(19) = -1 EBADF (Bad file descriptor) [pid 382] close(20) = -1 EBADF (Bad file descriptor) [pid 382] close(21) = -1 EBADF (Bad file descriptor) [pid 382] close(22) = -1 EBADF (Bad file descriptor) [pid 382] close(23) = -1 EBADF (Bad file descriptor) [pid 382] close(24) = -1 EBADF (Bad file descriptor) [pid 382] close(25) = -1 EBADF (Bad file descriptor) [pid 382] close(26) = -1 EBADF (Bad file descriptor) [pid 382] close(27) = -1 EBADF (Bad file descriptor) [pid 382] close(28) = -1 EBADF (Bad file descriptor) [pid 382] close(29) = -1 EBADF (Bad file descriptor) [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./9/binderfs") = 0 [pid 372] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./9/cgroup") = 0 [pid 372] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./9/cgroup.net") = 0 [pid 372] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./9/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./9") = 0 [pid 372] mkdir("./10", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 383 attached , child_tidptr=0x5555561b05d0) = 12 [pid 383] chdir("./10") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 383] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 383] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 383] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 383] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 383] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 383] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 383] write(9, "1", 1) = 1 [ 29.728944][ T382] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 29.736921][ T382] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 29.744901][ T382] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 29.752871][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 29.760822][ T382] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000009 [ 29.768802][ T382] ---[ end trace 71a8e909f523c1ab ]--- [ 29.799034][ T383] FAULT_INJECTION: forcing a failure. [ 29.799034][ T383] name failslab, interval 1, probability 0, space 0, times 0 [ 29.811674][ T383] CPU: 1 PID: 383 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 29.823272][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 29.833317][ T383] Call Trace: [ 29.836592][ T383] dump_stack_lvl+0x1e2/0x24b [ 29.841245][ T383] ? panic+0x7d7/0x7d7 [ 29.845287][ T383] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.850728][ T383] dump_stack+0x15/0x17 [ 29.854861][ T383] should_fail+0x3c0/0x510 [ 29.859254][ T383] ? bpf_prog_array_alloc+0x40/0x60 [ 29.864430][ T383] __should_failslab+0x9f/0xe0 [ 29.869176][ T383] should_failslab+0x9/0x20 [ 29.873654][ T383] __kmalloc+0x60/0x360 [ 29.877786][ T383] bpf_prog_array_alloc+0x40/0x60 [ 29.882786][ T383] compute_effective_progs+0x2de/0x6e0 [ 29.888218][ T383] update_effective_progs+0x79/0x320 [ 29.893475][ T383] __cgroup_bpf_detach+0x312/0x570 [ 29.898559][ T383] bpf_cgroup_link_release+0x94/0x260 [ 29.903905][ T383] bpf_link_put+0x1e9/0x270 [ 29.908379][ T383] bpf_link_release+0x3b/0x40 [ 29.913030][ T383] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.918632][ T383] __fput+0x348/0x7c0 [ 29.922603][ T383] ____fput+0x15/0x20 [ 29.926574][ T383] task_work_run+0x147/0x1b0 [ 29.931139][ T383] ptrace_notify+0x29a/0x340 [ 29.935701][ T383] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.940871][ T383] ? do_notify_parent+0xa40/0xa40 [ 29.945871][ T383] ? __close_fd+0x290/0x290 [ 29.950345][ T383] ? __ia32_sys_open+0x270/0x270 [ 29.955267][ T383] syscall_exit_work+0x7c/0x130 [ 29.960099][ T383] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.965529][ T383] do_syscall_64+0x40/0x70 [ 29.969916][ T383] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.975778][ T383] RIP: 0033:0x7f88784ea1e9 [ 29.980166][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.999742][ T383] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.008131][ T383] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 30.016078][ T383] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 30.024027][ T383] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 30.031988][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 30.039944][ T383] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000a [ 30.048086][ T383] ------------[ cut here ]------------ [ 30.053683][ T383] WARNING: CPU: 0 PID: 383 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 30.060930][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 30.060939][ T24] audit: type=1400 audit(1659957423.500:86): avc: denied { remove_name } for pid=142 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 30.063664][ T383] Modules linked in: [ 30.069519][ T24] audit: type=1400 audit(1659957423.500:87): avc: denied { rename } for pid=142 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.091898][ T383] [ 30.120087][ T383] CPU: 1 PID: 383 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 30.131736][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 30.141838][ T383] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 30.148061][ T383] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 30.167664][ T383] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 30.173744][ T383] RAX: ffffffff8187afe7 RBX: ffff88810a203ad0 RCX: ffff8881043ee2c0 [ 30.181722][ T383] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 30.189682][ T383] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 30.197656][ T383] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 30.205636][ T383] R13: 1ffff1102144075a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 30.213613][ T383] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 30.222531][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.229088][ T383] CR2: 00007f887855c140 CR3: 000000010a503000 CR4: 00000000003506a0 [ 30.237061][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.245026][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.253017][ T383] Call Trace: [ 30.256298][ T383] bpf_link_put+0x1e9/0x270 [ 30.260774][ T383] bpf_link_release+0x3b/0x40 [ 30.265445][ T383] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.271077][ T383] __fput+0x348/0x7c0 [ 30.275035][ T383] ____fput+0x15/0x20 [ 30.278994][ T383] task_work_run+0x147/0x1b0 [ 30.283588][ T383] ptrace_notify+0x29a/0x340 [ 30.288164][ T383] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.293361][ T383] ? do_notify_parent+0xa40/0xa40 [ 30.298382][ T383] ? __close_fd+0x290/0x290 [ 30.302908][ T383] ? __ia32_sys_open+0x270/0x270 [ 30.307835][ T383] syscall_exit_work+0x7c/0x130 [ 30.312695][ T383] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.318139][ T383] do_syscall_64+0x40/0x70 [ 30.322551][ T383] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.328428][ T383] RIP: 0033:0x7f88784ea1e9 [ 30.332839][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.352439][ T383] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.360821][ T383] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 30.368807][ T383] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 30.376789][ T383] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 30.384783][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 30.392761][ T383] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000a [pid 383] close_range(3, 7, 0) = 0 [pid 383] close(3) = -1 EBADF (Bad file descriptor) [pid 383] close(4) = -1 EBADF (Bad file descriptor) [pid 383] close(5) = -1 EBADF (Bad file descriptor) [pid 383] close(6) = -1 EBADF (Bad file descriptor) [pid 383] close(7) = -1 EBADF (Bad file descriptor) [pid 383] close(8) = 0 [pid 383] close(9) = 0 [pid 383] close(10) = -1 EBADF (Bad file descriptor) [pid 383] close(11) = -1 EBADF (Bad file descriptor) [pid 383] close(12) = -1 EBADF (Bad file descriptor) [pid 383] close(13) = -1 EBADF (Bad file descriptor) [pid 383] close(14) = -1 EBADF (Bad file descriptor) [pid 383] close(15) = -1 EBADF (Bad file descriptor) [pid 383] close(16) = -1 EBADF (Bad file descriptor) [pid 383] close(17) = -1 EBADF (Bad file descriptor) [pid 383] close(18) = -1 EBADF (Bad file descriptor) [pid 383] close(19) = -1 EBADF (Bad file descriptor) [pid 383] close(20) = -1 EBADF (Bad file descriptor) [pid 383] close(21) = -1 EBADF (Bad file descriptor) [pid 383] close(22) = -1 EBADF (Bad file descriptor) [pid 383] close(23) = -1 EBADF (Bad file descriptor) [pid 383] close(24) = -1 EBADF (Bad file descriptor) [pid 383] close(25) = -1 EBADF (Bad file descriptor) [pid 383] close(26) = -1 EBADF (Bad file descriptor) [pid 383] close(27) = -1 EBADF (Bad file descriptor) [pid 383] close(28) = -1 EBADF (Bad file descriptor) [pid 383] close(29) = -1 EBADF (Bad file descriptor) [pid 383] exit_group(0) = ? [pid 383] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./10/binderfs") = 0 [pid 372] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./10/cgroup") = 0 [pid 372] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./10/cgroup.net") = 0 [pid 372] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./10/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./10") = 0 [pid 372] mkdir("./11", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 13 ./strace-static-x86_64: Process 384 attached [pid 384] chdir("./11") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 384] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 384] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 384] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 384] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 384] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 384] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 384] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 384] write(9, "1", 1) = 1 [ 30.400710][ T383] ---[ end trace 71a8e909f523c1ac ]--- [ 30.421585][ T384] FAULT_INJECTION: forcing a failure. [ 30.421585][ T384] name failslab, interval 1, probability 0, space 0, times 0 [ 30.434274][ T384] CPU: 1 PID: 384 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 30.445884][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 30.455918][ T384] Call Trace: [ 30.459185][ T384] dump_stack_lvl+0x1e2/0x24b [ 30.463833][ T384] ? panic+0x7d7/0x7d7 [ 30.467874][ T384] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.473306][ T384] dump_stack+0x15/0x17 [ 30.477438][ T384] should_fail+0x3c0/0x510 [ 30.481834][ T384] ? bpf_prog_array_alloc+0x40/0x60 [ 30.487006][ T384] __should_failslab+0x9f/0xe0 [ 30.491743][ T384] should_failslab+0x9/0x20 [ 30.496217][ T384] __kmalloc+0x60/0x360 [ 30.500354][ T384] bpf_prog_array_alloc+0x40/0x60 [ 30.505351][ T384] compute_effective_progs+0x2de/0x6e0 [ 30.510783][ T384] update_effective_progs+0x79/0x320 [ 30.516050][ T384] __cgroup_bpf_detach+0x312/0x570 [ 30.521133][ T384] bpf_cgroup_link_release+0x94/0x260 [ 30.526476][ T384] bpf_link_put+0x1e9/0x270 [ 30.530950][ T384] bpf_link_release+0x3b/0x40 [ 30.535600][ T384] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.541219][ T384] __fput+0x348/0x7c0 [ 30.545171][ T384] ____fput+0x15/0x20 [ 30.549123][ T384] task_work_run+0x147/0x1b0 [ 30.553687][ T384] ptrace_notify+0x29a/0x340 [ 30.558249][ T384] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.563417][ T384] ? do_notify_parent+0xa40/0xa40 [ 30.568412][ T384] ? __close_fd+0x290/0x290 [ 30.572887][ T384] ? __ia32_sys_open+0x270/0x270 [ 30.577815][ T384] syscall_exit_work+0x7c/0x130 [ 30.582642][ T384] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.588078][ T384] do_syscall_64+0x40/0x70 [ 30.592471][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.598337][ T384] RIP: 0033:0x7f88784ea1e9 [ 30.602724][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.622304][ T384] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.630696][ T384] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 30.638640][ T384] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 30.646583][ T384] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 30.654529][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 30.662475][ T384] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000b [ 30.670699][ T384] ------------[ cut here ]------------ [ 30.676246][ T384] WARNING: CPU: 1 PID: 384 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 30.686145][ T384] Modules linked in: [ 30.690031][ T384] CPU: 1 PID: 384 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 30.701711][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 30.711774][ T384] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 30.718159][ T384] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 30.737767][ T384] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 30.743851][ T384] RAX: ffffffff8187afe7 RBX: ffff88810a203ed0 RCX: ffff8881043ea780 [ 30.751820][ T384] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 30.759776][ T384] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 30.767750][ T384] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 30.775714][ T384] R13: 1ffff110214407da R14: 00000000fffffff4 R15: ffff88811dd36000 [ 30.783693][ T384] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 30.792618][ T384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.799175][ T384] CR2: 00007f887855c140 CR3: 000000010a096000 CR4: 00000000003506a0 [ 30.807144][ T384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.815143][ T384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.823141][ T384] Call Trace: [ 30.826414][ T384] bpf_link_put+0x1e9/0x270 [ 30.830985][ T384] bpf_link_release+0x3b/0x40 [ 30.835648][ T384] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.841277][ T384] __fput+0x348/0x7c0 [ 30.845249][ T384] ____fput+0x15/0x20 [ 30.849203][ T384] task_work_run+0x147/0x1b0 [ 30.853795][ T384] ptrace_notify+0x29a/0x340 [ 30.858371][ T384] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.863567][ T384] ? do_notify_parent+0xa40/0xa40 [ 30.868584][ T384] ? __close_fd+0x290/0x290 [ 30.873085][ T384] ? __ia32_sys_open+0x270/0x270 [ 30.878019][ T384] syscall_exit_work+0x7c/0x130 [ 30.882879][ T384] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.888323][ T384] do_syscall_64+0x40/0x70 [ 30.892746][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.898622][ T384] RIP: 0033:0x7f88784ea1e9 [ 30.903032][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.922639][ T384] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.931046][ T384] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 30.938999][ T384] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [pid 384] close_range(3, 7, 0) = 0 [pid 384] close(3) = -1 EBADF (Bad file descriptor) [pid 384] close(4) = -1 EBADF (Bad file descriptor) [pid 384] close(5) = -1 EBADF (Bad file descriptor) [pid 384] close(6) = -1 EBADF (Bad file descriptor) [pid 384] close(7) = -1 EBADF (Bad file descriptor) [pid 384] close(8) = 0 [pid 384] close(9) = 0 [pid 384] close(10) = -1 EBADF (Bad file descriptor) [pid 384] close(11) = -1 EBADF (Bad file descriptor) [pid 384] close(12) = -1 EBADF (Bad file descriptor) [pid 384] close(13) = -1 EBADF (Bad file descriptor) [pid 384] close(14) = -1 EBADF (Bad file descriptor) [pid 384] close(15) = -1 EBADF (Bad file descriptor) [pid 384] close(16) = -1 EBADF (Bad file descriptor) [pid 384] close(17) = -1 EBADF (Bad file descriptor) [pid 384] close(18) = -1 EBADF (Bad file descriptor) [pid 384] close(19) = -1 EBADF (Bad file descriptor) [pid 384] close(20) = -1 EBADF (Bad file descriptor) [pid 384] close(21) = -1 EBADF (Bad file descriptor) [pid 384] close(22) = -1 EBADF (Bad file descriptor) [pid 384] close(23) = -1 EBADF (Bad file descriptor) [pid 384] close(24) = -1 EBADF (Bad file descriptor) [pid 384] close(25) = -1 EBADF (Bad file descriptor) [pid 384] close(26) = -1 EBADF (Bad file descriptor) [pid 384] close(27) = -1 EBADF (Bad file descriptor) [pid 384] close(28) = -1 EBADF (Bad file descriptor) [pid 384] close(29) = -1 EBADF (Bad file descriptor) [pid 384] exit_group(0) = ? [pid 384] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./11/binderfs") = 0 [pid 372] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./11/cgroup") = 0 [pid 372] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./11/cgroup.net") = 0 [pid 372] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./11/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./11") = 0 [pid 372] mkdir("./12", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 385 attached , child_tidptr=0x5555561b05d0) = 14 [pid 385] chdir("./12") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 385] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 385] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 385] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 385] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 385] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 385] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 385] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 385] write(9, "1", 1) = 1 [ 30.946969][ T384] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 30.954937][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 30.962935][ T384] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000b [ 30.970905][ T384] ---[ end trace 71a8e909f523c1ad ]--- [ 30.996570][ T385] FAULT_INJECTION: forcing a failure. [ 30.996570][ T385] name failslab, interval 1, probability 0, space 0, times 0 [ 31.009227][ T385] CPU: 0 PID: 385 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 31.020830][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 31.030858][ T385] Call Trace: [ 31.034146][ T385] dump_stack_lvl+0x1e2/0x24b [ 31.038807][ T385] ? panic+0x7d7/0x7d7 [ 31.042849][ T385] ? bfq_pos_tree_add_move+0x43e/0x43e [ 31.048279][ T385] dump_stack+0x15/0x17 [ 31.052406][ T385] should_fail+0x3c0/0x510 [ 31.056802][ T385] ? bpf_prog_array_alloc+0x40/0x60 [ 31.061974][ T385] __should_failslab+0x9f/0xe0 [ 31.066712][ T385] should_failslab+0x9/0x20 [ 31.071186][ T385] __kmalloc+0x60/0x360 [ 31.075313][ T385] bpf_prog_array_alloc+0x40/0x60 [ 31.080309][ T385] compute_effective_progs+0x2de/0x6e0 [ 31.085747][ T385] update_effective_progs+0x79/0x320 [ 31.091024][ T385] __cgroup_bpf_detach+0x312/0x570 [ 31.096107][ T385] bpf_cgroup_link_release+0x94/0x260 [ 31.101453][ T385] bpf_link_put+0x1e9/0x270 [ 31.105928][ T385] bpf_link_release+0x3b/0x40 [ 31.110574][ T385] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 31.116192][ T385] __fput+0x348/0x7c0 [ 31.120145][ T385] ____fput+0x15/0x20 [ 31.124097][ T385] task_work_run+0x147/0x1b0 [ 31.128667][ T385] ptrace_notify+0x29a/0x340 [ 31.133231][ T385] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.138407][ T385] ? do_notify_parent+0xa40/0xa40 [ 31.143405][ T385] ? __close_fd+0x290/0x290 [ 31.147886][ T385] ? __ia32_sys_open+0x270/0x270 [ 31.152808][ T385] syscall_exit_work+0x7c/0x130 [ 31.157632][ T385] syscall_exit_to_user_mode+0x6a/0xa0 [ 31.163075][ T385] do_syscall_64+0x40/0x70 [ 31.167463][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 31.173328][ T385] RIP: 0033:0x7f88784ea1e9 [ 31.177717][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 31.197315][ T385] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 31.205712][ T385] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 31.213656][ T385] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 31.221602][ T385] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 31.229551][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 31.237499][ T385] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000c [ 31.245769][ T385] ------------[ cut here ]------------ [ 31.251384][ T385] WARNING: CPU: 1 PID: 385 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 31.261574][ T385] Modules linked in: [ 31.265468][ T385] CPU: 1 PID: 385 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 31.277218][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 31.287461][ T385] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 31.293740][ T385] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 31.313362][ T385] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 31.319404][ T385] RAX: ffffffff8187afe7 RBX: ffff8881087d0350 RCX: ffff8881043f93c0 [ 31.327379][ T385] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 31.335368][ T385] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 31.343348][ T385] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 31.351311][ T385] R13: 1ffff110210fa06a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 31.359257][ T385] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.368183][ T385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.374759][ T385] CR2: 00007ffd84b071e8 CR3: 000000010a08b000 CR4: 00000000003506a0 [ 31.382737][ T385] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.390699][ T385] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.398674][ T385] Call Trace: [ 31.401963][ T385] bpf_link_put+0x1e9/0x270 [ 31.406447][ T385] bpf_link_release+0x3b/0x40 [ 31.411131][ T385] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 31.416753][ T385] __fput+0x348/0x7c0 [ 31.420709][ T385] ____fput+0x15/0x20 [ 31.424691][ T385] task_work_run+0x147/0x1b0 [ 31.429272][ T385] ptrace_notify+0x29a/0x340 [ 31.433876][ T385] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.439064][ T385] ? do_notify_parent+0xa40/0xa40 [ 31.444102][ T385] ? __close_fd+0x290/0x290 [ 31.448607][ T385] ? __ia32_sys_open+0x270/0x270 [ 31.453560][ T385] syscall_exit_work+0x7c/0x130 [ 31.458405][ T385] syscall_exit_to_user_mode+0x6a/0xa0 [ 31.463873][ T385] do_syscall_64+0x40/0x70 [ 31.468279][ T385] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 31.474168][ T385] RIP: 0033:0x7f88784ea1e9 [ 31.478593][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 31.498203][ T385] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 31.506625][ T385] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 31.514600][ T385] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 31.522568][ T385] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 31.530516][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 31.538497][ T385] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000c [pid 385] close_range(3, 7, 0) = 0 [pid 385] close(3) = -1 EBADF (Bad file descriptor) [pid 385] close(4) = -1 EBADF (Bad file descriptor) [pid 385] close(5) = -1 EBADF (Bad file descriptor) [pid 385] close(6) = -1 EBADF (Bad file descriptor) [pid 385] close(7) = -1 EBADF (Bad file descriptor) [pid 385] close(8) = 0 [pid 385] close(9) = 0 [pid 385] close(10) = -1 EBADF (Bad file descriptor) [pid 385] close(11) = -1 EBADF (Bad file descriptor) [pid 385] close(12) = -1 EBADF (Bad file descriptor) [pid 385] close(13) = -1 EBADF (Bad file descriptor) [pid 385] close(14) = -1 EBADF (Bad file descriptor) [pid 385] close(15) = -1 EBADF (Bad file descriptor) [pid 385] close(16) = -1 EBADF (Bad file descriptor) [pid 385] close(17) = -1 EBADF (Bad file descriptor) [pid 385] close(18) = -1 EBADF (Bad file descriptor) [pid 385] close(19) = -1 EBADF (Bad file descriptor) [pid 385] close(20) = -1 EBADF (Bad file descriptor) [pid 385] close(21) = -1 EBADF (Bad file descriptor) [pid 385] close(22) = -1 EBADF (Bad file descriptor) [pid 385] close(23) = -1 EBADF (Bad file descriptor) [pid 385] close(24) = -1 EBADF (Bad file descriptor) [pid 385] close(25) = -1 EBADF (Bad file descriptor) [pid 385] close(26) = -1 EBADF (Bad file descriptor) [pid 385] close(27) = -1 EBADF (Bad file descriptor) [pid 385] close(28) = -1 EBADF (Bad file descriptor) [pid 385] close(29) = -1 EBADF (Bad file descriptor) [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./12/binderfs") = 0 [pid 372] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./12/cgroup") = 0 [pid 372] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./12/cgroup.net") = 0 [pid 372] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./12/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./12") = 0 [pid 372] mkdir("./13", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 15 ./strace-static-x86_64: Process 386 attached [pid 386] chdir("./13") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 386] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 386] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 386] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 386] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 386] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 386] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 386] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 386] write(9, "1", 1) = 1 [ 31.546466][ T385] ---[ end trace 71a8e909f523c1ae ]--- [ 31.577693][ T386] FAULT_INJECTION: forcing a failure. [ 31.577693][ T386] name failslab, interval 1, probability 0, space 0, times 0 [ 31.590447][ T386] CPU: 1 PID: 386 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 31.602063][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 31.612090][ T386] Call Trace: [ 31.615357][ T386] dump_stack_lvl+0x1e2/0x24b [ 31.620014][ T386] ? panic+0x7d7/0x7d7 [ 31.624055][ T386] ? bfq_pos_tree_add_move+0x43e/0x43e [ 31.629492][ T386] dump_stack+0x15/0x17 [ 31.633619][ T386] should_fail+0x3c0/0x510 [ 31.638015][ T386] ? bpf_prog_array_alloc+0x40/0x60 [ 31.643205][ T386] __should_failslab+0x9f/0xe0 [ 31.647953][ T386] should_failslab+0x9/0x20 [ 31.652444][ T386] __kmalloc+0x60/0x360 [ 31.656571][ T386] bpf_prog_array_alloc+0x40/0x60 [ 31.661577][ T386] compute_effective_progs+0x2de/0x6e0 [ 31.667007][ T386] update_effective_progs+0x79/0x320 [ 31.672264][ T386] __cgroup_bpf_detach+0x312/0x570 [ 31.677345][ T386] bpf_cgroup_link_release+0x94/0x260 [ 31.682687][ T386] bpf_link_put+0x1e9/0x270 [ 31.687159][ T386] bpf_link_release+0x3b/0x40 [ 31.691821][ T386] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 31.697424][ T386] __fput+0x348/0x7c0 [ 31.701394][ T386] ____fput+0x15/0x20 [ 31.705367][ T386] task_work_run+0x147/0x1b0 [ 31.709947][ T386] ptrace_notify+0x29a/0x340 [ 31.714506][ T386] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.719682][ T386] ? do_notify_parent+0xa40/0xa40 [ 31.724684][ T386] ? __close_fd+0x290/0x290 [ 31.729165][ T386] ? __ia32_sys_open+0x270/0x270 [ 31.734084][ T386] syscall_exit_work+0x7c/0x130 [ 31.738910][ T386] syscall_exit_to_user_mode+0x6a/0xa0 [ 31.744356][ T386] do_syscall_64+0x40/0x70 [ 31.748745][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 31.754606][ T386] RIP: 0033:0x7f88784ea1e9 [ 31.758990][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 31.778666][ T386] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 31.787047][ T386] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 31.794989][ T386] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 31.802932][ T386] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 31.810966][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 31.818965][ T386] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000d [ 31.827324][ T386] ------------[ cut here ]------------ [ 31.832830][ T386] WARNING: CPU: 1 PID: 386 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 31.842737][ T386] Modules linked in: [ 31.846621][ T386] CPU: 1 PID: 386 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 31.858245][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 31.868321][ T386] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 31.874559][ T386] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 31.894160][ T386] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 31.900200][ T386] RAX: ffffffff8187afe7 RBX: ffff88810a1eef50 RCX: ffff8881043e93c0 [ 31.908186][ T386] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 31.916152][ T386] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 31.924133][ T386] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 31.932113][ T386] R13: 1ffff1102143ddea R14: 00000000fffffff4 R15: ffff88811dd36000 [ 31.940067][ T386] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.948987][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.955585][ T386] CR2: 00007f887855c140 CR3: 000000011dff3000 CR4: 00000000003506a0 [ 31.963557][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.971551][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.979498][ T386] Call Trace: [ 31.982799][ T386] bpf_link_put+0x1e9/0x270 [ 31.987297][ T386] bpf_link_release+0x3b/0x40 [ 31.991972][ T386] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 31.997585][ T386] __fput+0x348/0x7c0 [ 32.001569][ T386] ____fput+0x15/0x20 [ 32.005538][ T386] task_work_run+0x147/0x1b0 [ 32.010100][ T386] ptrace_notify+0x29a/0x340 [ 32.014732][ T386] ? _raw_spin_unlock_irq+0x4e/0x70 [ 32.019923][ T386] ? do_notify_parent+0xa40/0xa40 [ 32.024960][ T386] ? __close_fd+0x290/0x290 [ 32.029466][ T386] ? __ia32_sys_open+0x270/0x270 [ 32.034411][ T386] syscall_exit_work+0x7c/0x130 [ 32.039253][ T386] syscall_exit_to_user_mode+0x6a/0xa0 [ 32.044726][ T386] do_syscall_64+0x40/0x70 [ 32.049124][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 32.055013][ T386] RIP: 0033:0x7f88784ea1e9 [ 32.059414][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.079020][ T386] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 32.087450][ T386] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 32.095420][ T386] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 32.103384][ T386] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 32.111359][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 32.119315][ T386] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000d [pid 386] close_range(3, 7, 0) = 0 [pid 386] close(3) = -1 EBADF (Bad file descriptor) [pid 386] close(4) = -1 EBADF (Bad file descriptor) [pid 386] close(5) = -1 EBADF (Bad file descriptor) [pid 386] close(6) = -1 EBADF (Bad file descriptor) [pid 386] close(7) = -1 EBADF (Bad file descriptor) [pid 386] close(8) = 0 [pid 386] close(9) = 0 [pid 386] close(10) = -1 EBADF (Bad file descriptor) [pid 386] close(11) = -1 EBADF (Bad file descriptor) [pid 386] close(12) = -1 EBADF (Bad file descriptor) [pid 386] close(13) = -1 EBADF (Bad file descriptor) [pid 386] close(14) = -1 EBADF (Bad file descriptor) [pid 386] close(15) = -1 EBADF (Bad file descriptor) [pid 386] close(16) = -1 EBADF (Bad file descriptor) [pid 386] close(17) = -1 EBADF (Bad file descriptor) [pid 386] close(18) = -1 EBADF (Bad file descriptor) [pid 386] close(19) = -1 EBADF (Bad file descriptor) [pid 386] close(20) = -1 EBADF (Bad file descriptor) [pid 386] close(21) = -1 EBADF (Bad file descriptor) [pid 386] close(22) = -1 EBADF (Bad file descriptor) [pid 386] close(23) = -1 EBADF (Bad file descriptor) [pid 386] close(24) = -1 EBADF (Bad file descriptor) [pid 386] close(25) = -1 EBADF (Bad file descriptor) [pid 386] close(26) = -1 EBADF (Bad file descriptor) [pid 386] close(27) = -1 EBADF (Bad file descriptor) [pid 386] close(28) = -1 EBADF (Bad file descriptor) [pid 386] close(29) = -1 EBADF (Bad file descriptor) [pid 386] exit_group(0) = ? [pid 386] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./13/binderfs") = 0 [pid 372] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./13/cgroup") = 0 [pid 372] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./13/cgroup.net") = 0 [pid 372] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./13/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./13") = 0 [pid 372] mkdir("./14", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 387 attached , child_tidptr=0x5555561b05d0) = 16 [pid 387] chdir("./14") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 387] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 387] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 387] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 387] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 387] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 387] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 387] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 387] write(9, "1", 1) = 1 [ 32.127284][ T386] ---[ end trace 71a8e909f523c1af ]--- [ 32.145614][ T387] FAULT_INJECTION: forcing a failure. [ 32.145614][ T387] name failslab, interval 1, probability 0, space 0, times 0 [ 32.158220][ T387] CPU: 1 PID: 387 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 32.169813][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 32.179843][ T387] Call Trace: [ 32.183106][ T387] dump_stack_lvl+0x1e2/0x24b [ 32.187751][ T387] ? panic+0x7d7/0x7d7 [ 32.191792][ T387] ? bfq_pos_tree_add_move+0x43e/0x43e [ 32.197221][ T387] dump_stack+0x15/0x17 [ 32.201347][ T387] should_fail+0x3c0/0x510 [ 32.205737][ T387] ? bpf_prog_array_alloc+0x40/0x60 [ 32.210914][ T387] __should_failslab+0x9f/0xe0 [ 32.215648][ T387] should_failslab+0x9/0x20 [ 32.220121][ T387] __kmalloc+0x60/0x360 [ 32.224249][ T387] bpf_prog_array_alloc+0x40/0x60 [ 32.229269][ T387] compute_effective_progs+0x2de/0x6e0 [ 32.234728][ T387] update_effective_progs+0x79/0x320 [ 32.239994][ T387] __cgroup_bpf_detach+0x312/0x570 [ 32.245078][ T387] bpf_cgroup_link_release+0x94/0x260 [ 32.250423][ T387] bpf_link_put+0x1e9/0x270 [ 32.254898][ T387] bpf_link_release+0x3b/0x40 [ 32.259546][ T387] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 32.265149][ T387] __fput+0x348/0x7c0 [ 32.269103][ T387] ____fput+0x15/0x20 [ 32.273059][ T387] task_work_run+0x147/0x1b0 [ 32.277629][ T387] ptrace_notify+0x29a/0x340 [ 32.282190][ T387] ? _raw_spin_unlock_irq+0x4e/0x70 [ 32.287366][ T387] ? do_notify_parent+0xa40/0xa40 [ 32.292380][ T387] ? __close_fd+0x290/0x290 [ 32.296861][ T387] ? __ia32_sys_open+0x270/0x270 [ 32.301805][ T387] syscall_exit_work+0x7c/0x130 [ 32.306627][ T387] syscall_exit_to_user_mode+0x6a/0xa0 [ 32.312056][ T387] do_syscall_64+0x40/0x70 [ 32.316445][ T387] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 32.322321][ T387] RIP: 0033:0x7f88784ea1e9 [ 32.326704][ T387] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.346278][ T387] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 32.354680][ T387] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 32.362622][ T387] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 32.370565][ T387] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 32.378515][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 32.386466][ T387] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000e [ 32.394617][ T387] ------------[ cut here ]------------ [ 32.400077][ T387] WARNING: CPU: 1 PID: 387 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 32.410088][ T387] Modules linked in: [ 32.414073][ T387] CPU: 1 PID: 387 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 32.425810][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 32.436000][ T387] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 32.442283][ T387] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 32.461903][ T387] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 32.467941][ T387] RAX: ffffffff8187afe7 RBX: ffff88810a1ee850 RCX: ffff8881043f8000 [ 32.475921][ T387] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 32.483896][ T387] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 32.491866][ T387] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 32.499829][ T387] R13: 1ffff1102143dd0a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 32.507809][ T387] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.516744][ T387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.523343][ T387] CR2: 00007f887855c140 CR3: 000000011dff3000 CR4: 00000000003506a0 [ 32.531317][ T387] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.539261][ T387] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.547226][ T387] Call Trace: [ 32.550502][ T387] bpf_link_put+0x1e9/0x270 [ 32.555005][ T387] bpf_link_release+0x3b/0x40 [ 32.559674][ T387] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 32.565327][ T387] __fput+0x348/0x7c0 [ 32.569298][ T387] ____fput+0x15/0x20 [ 32.573283][ T387] task_work_run+0x147/0x1b0 [ 32.577864][ T387] ptrace_notify+0x29a/0x340 [ 32.582475][ T387] ? _raw_spin_unlock_irq+0x4e/0x70 [ 32.587661][ T387] ? do_notify_parent+0xa40/0xa40 [ 32.592696][ T387] ? __close_fd+0x290/0x290 [ 32.597209][ T387] ? __ia32_sys_open+0x270/0x270 [ 32.602147][ T387] syscall_exit_work+0x7c/0x130 [ 32.606992][ T387] syscall_exit_to_user_mode+0x6a/0xa0 [ 32.612561][ T387] do_syscall_64+0x40/0x70 [ 32.616966][ T387] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 32.622854][ T387] RIP: 0033:0x7f88784ea1e9 [ 32.627257][ T387] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.646974][ T387] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 32.655392][ T387] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 32.663358][ T387] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 32.671330][ T387] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [pid 387] close_range(3, 7, 0) = 0 [pid 387] close(3) = -1 EBADF (Bad file descriptor) [pid 387] close(4) = -1 EBADF (Bad file descriptor) [pid 387] close(5) = -1 EBADF (Bad file descriptor) [pid 387] close(6) = -1 EBADF (Bad file descriptor) [pid 387] close(7) = -1 EBADF (Bad file descriptor) [pid 387] close(8) = 0 [pid 387] close(9) = 0 [pid 387] close(10) = -1 EBADF (Bad file descriptor) [pid 387] close(11) = -1 EBADF (Bad file descriptor) [pid 387] close(12) = -1 EBADF (Bad file descriptor) [pid 387] close(13) = -1 EBADF (Bad file descriptor) [pid 387] close(14) = -1 EBADF (Bad file descriptor) [pid 387] close(15) = -1 EBADF (Bad file descriptor) [pid 387] close(16) = -1 EBADF (Bad file descriptor) [pid 387] close(17) = -1 EBADF (Bad file descriptor) [pid 387] close(18) = -1 EBADF (Bad file descriptor) [pid 387] close(19) = -1 EBADF (Bad file descriptor) [pid 387] close(20) = -1 EBADF (Bad file descriptor) [pid 387] close(21) = -1 EBADF (Bad file descriptor) [pid 387] close(22) = -1 EBADF (Bad file descriptor) [pid 387] close(23) = -1 EBADF (Bad file descriptor) [pid 387] close(24) = -1 EBADF (Bad file descriptor) [pid 387] close(25) = -1 EBADF (Bad file descriptor) [pid 387] close(26) = -1 EBADF (Bad file descriptor) [pid 387] close(27) = -1 EBADF (Bad file descriptor) [pid 387] close(28) = -1 EBADF (Bad file descriptor) [pid 387] close(29) = -1 EBADF (Bad file descriptor) [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./14/binderfs") = 0 [pid 372] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./14/cgroup") = 0 [pid 372] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./14/cgroup.net") = 0 [pid 372] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./14/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./14") = 0 [pid 372] mkdir("./15", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 388 attached [pid 388] chdir("./15" [pid 372] <... clone resumed>, child_tidptr=0x5555561b05d0) = 17 [pid 388] <... chdir resumed>) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 388] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 388] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 388] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 388] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 388] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 388] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 388] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 388] write(9, "1", 1) = 1 [ 32.679274][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 32.687265][ T387] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000e [ 32.695244][ T387] ---[ end trace 71a8e909f523c1b0 ]--- [ 32.722476][ T388] FAULT_INJECTION: forcing a failure. [ 32.722476][ T388] name failslab, interval 1, probability 0, space 0, times 0 [ 32.735140][ T388] CPU: 0 PID: 388 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 32.746744][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 32.757123][ T388] Call Trace: [ 32.760421][ T388] dump_stack_lvl+0x1e2/0x24b [ 32.765076][ T388] ? panic+0x7d7/0x7d7 [ 32.769125][ T388] ? bfq_pos_tree_add_move+0x43e/0x43e [ 32.774564][ T388] dump_stack+0x15/0x17 [ 32.778693][ T388] should_fail+0x3c0/0x510 [ 32.783087][ T388] ? bpf_prog_array_alloc+0x40/0x60 [ 32.788266][ T388] __should_failslab+0x9f/0xe0 [ 32.793003][ T388] should_failslab+0x9/0x20 [ 32.797484][ T388] __kmalloc+0x60/0x360 [ 32.801625][ T388] bpf_prog_array_alloc+0x40/0x60 [ 32.806631][ T388] compute_effective_progs+0x2de/0x6e0 [ 32.812076][ T388] update_effective_progs+0x79/0x320 [ 32.817344][ T388] __cgroup_bpf_detach+0x312/0x570 [ 32.822428][ T388] bpf_cgroup_link_release+0x94/0x260 [ 32.827774][ T388] bpf_link_put+0x1e9/0x270 [ 32.832261][ T388] bpf_link_release+0x3b/0x40 [ 32.837040][ T388] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 32.842655][ T388] __fput+0x348/0x7c0 [ 32.846613][ T388] ____fput+0x15/0x20 [ 32.850568][ T388] task_work_run+0x147/0x1b0 [ 32.855138][ T388] ptrace_notify+0x29a/0x340 [ 32.859816][ T388] ? _raw_spin_unlock_irq+0x4e/0x70 [ 32.864990][ T388] ? do_notify_parent+0xa40/0xa40 [ 32.869987][ T388] ? __close_fd+0x290/0x290 [ 32.874466][ T388] ? __ia32_sys_open+0x270/0x270 [ 32.879380][ T388] syscall_exit_work+0x7c/0x130 [ 32.884205][ T388] syscall_exit_to_user_mode+0x6a/0xa0 [ 32.889642][ T388] do_syscall_64+0x40/0x70 [ 32.894030][ T388] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 32.899895][ T388] RIP: 0033:0x7f88784ea1e9 [ 32.904281][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.923858][ T388] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 32.932247][ T388] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 32.940194][ T388] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 32.948146][ T388] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 32.956093][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 32.964041][ T388] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000f [ 32.972665][ T388] ------------[ cut here ]------------ [ 32.978289][ T388] WARNING: CPU: 1 PID: 388 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 32.988297][ T388] Modules linked in: [ 32.992820][ T388] CPU: 1 PID: 388 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 33.004590][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 33.014805][ T388] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 33.021222][ T388] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 33.040948][ T388] RSP: 0018:ffffc900009efc78 EFLAGS: 00010293 [ 33.047115][ T388] RAX: ffffffff8187afe7 RBX: ffff88810abff4d0 RCX: ffff8881043fbb40 [ 33.055219][ T388] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 33.063379][ T388] RBP: ffffc900009efca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 33.071541][ T388] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 33.079623][ T388] R13: 1ffff1102157fe9a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 33.087763][ T388] FS: 00005555561b0300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 33.096845][ T388] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.103515][ T388] CR2: 00007ffd84b071e8 CR3: 0000000109f9a000 CR4: 00000000003506a0 [ 33.111561][ T388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.119513][ T388] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.127708][ T388] Call Trace: [ 33.131064][ T388] bpf_link_put+0x1e9/0x270 [ 33.135545][ T388] bpf_link_release+0x3b/0x40 [ 33.140201][ T388] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 33.146023][ T388] __fput+0x348/0x7c0 [ 33.149990][ T388] ____fput+0x15/0x20 [ 33.154087][ T388] task_work_run+0x147/0x1b0 [ 33.158659][ T388] ptrace_notify+0x29a/0x340 [ 33.163342][ T388] ? _raw_spin_unlock_irq+0x4e/0x70 [ 33.168516][ T388] ? do_notify_parent+0xa40/0xa40 [ 33.173634][ T388] ? __close_fd+0x290/0x290 [ 33.178119][ T388] ? __ia32_sys_open+0x270/0x270 [ 33.183145][ T388] syscall_exit_work+0x7c/0x130 [ 33.187989][ T388] syscall_exit_to_user_mode+0x6a/0xa0 [ 33.193557][ T388] do_syscall_64+0x40/0x70 [ 33.198064][ T388] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 33.204092][ T388] RIP: 0033:0x7f88784ea1e9 [ 33.208593][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 388] close_range(3, 7, 0) = 0 [pid 388] close(3) = -1 EBADF (Bad file descriptor) [pid 388] close(4) = -1 EBADF (Bad file descriptor) [pid 388] close(5) = -1 EBADF (Bad file descriptor) [pid 388] close(6) = -1 EBADF (Bad file descriptor) [pid 388] close(7) = -1 EBADF (Bad file descriptor) [pid 388] close(8) = 0 [pid 388] close(9) = 0 [pid 388] close(10) = -1 EBADF (Bad file descriptor) [pid 388] close(11) = -1 EBADF (Bad file descriptor) [pid 388] close(12) = -1 EBADF (Bad file descriptor) [pid 388] close(13) = -1 EBADF (Bad file descriptor) [pid 388] close(14) = -1 EBADF (Bad file descriptor) [pid 388] close(15) = -1 EBADF (Bad file descriptor) [pid 388] close(16) = -1 EBADF (Bad file descriptor) [pid 388] close(17) = -1 EBADF (Bad file descriptor) [pid 388] close(18) = -1 EBADF (Bad file descriptor) [pid 388] close(19) = -1 EBADF (Bad file descriptor) [pid 388] close(20) = -1 EBADF (Bad file descriptor) [pid 388] close(21) = -1 EBADF (Bad file descriptor) [pid 388] close(22) = -1 EBADF (Bad file descriptor) [pid 388] close(23) = -1 EBADF (Bad file descriptor) [pid 388] close(24) = -1 EBADF (Bad file descriptor) [pid 388] close(25) = -1 EBADF (Bad file descriptor) [pid 388] close(26) = -1 EBADF (Bad file descriptor) [pid 388] close(27) = -1 EBADF (Bad file descriptor) [pid 388] close(28) = -1 EBADF (Bad file descriptor) [pid 388] close(29) = -1 EBADF (Bad file descriptor) [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./15/binderfs") = 0 [pid 372] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./15/cgroup") = 0 [pid 372] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./15/cgroup.net") = 0 [pid 372] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./15/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./15") = 0 [pid 372] mkdir("./16", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 18 ./strace-static-x86_64: Process 389 attached [pid 389] chdir("./16") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 389] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 389] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [ 33.228359][ T388] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.236936][ T388] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 33.244985][ T388] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 33.253024][ T388] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 33.261055][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 33.269002][ T388] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 000000000000000f [ 33.277108][ T388] ---[ end trace 71a8e909f523c1b1 ]--- [pid 389] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 389] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 389] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 389] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 389] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 389] write(9, "1", 1) = 1 [ 33.306246][ T389] FAULT_INJECTION: forcing a failure. [ 33.306246][ T389] name failslab, interval 1, probability 0, space 0, times 0 [ 33.318863][ T389] CPU: 1 PID: 389 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 33.330456][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 33.340483][ T389] Call Trace: [ 33.343750][ T389] dump_stack_lvl+0x1e2/0x24b [ 33.348416][ T389] ? panic+0x7d7/0x7d7 [ 33.352457][ T389] ? bfq_pos_tree_add_move+0x43e/0x43e [ 33.357890][ T389] dump_stack+0x15/0x17 [ 33.362020][ T389] should_fail+0x3c0/0x510 [ 33.366418][ T389] ? bpf_prog_array_alloc+0x40/0x60 [ 33.371602][ T389] __should_failslab+0x9f/0xe0 [ 33.376340][ T389] should_failslab+0x9/0x20 [ 33.380827][ T389] __kmalloc+0x60/0x360 [ 33.384955][ T389] bpf_prog_array_alloc+0x40/0x60 [ 33.389968][ T389] compute_effective_progs+0x2de/0x6e0 [ 33.395422][ T389] update_effective_progs+0x79/0x320 [ 33.400684][ T389] __cgroup_bpf_detach+0x312/0x570 [ 33.405773][ T389] bpf_cgroup_link_release+0x94/0x260 [ 33.411213][ T389] bpf_link_put+0x1e9/0x270 [ 33.415694][ T389] bpf_link_release+0x3b/0x40 [ 33.420362][ T389] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 33.425971][ T389] __fput+0x348/0x7c0 [ 33.429931][ T389] ____fput+0x15/0x20 [ 33.433902][ T389] task_work_run+0x147/0x1b0 [ 33.438480][ T389] ptrace_notify+0x29a/0x340 [ 33.443047][ T389] ? _raw_spin_unlock_irq+0x4e/0x70 [ 33.448218][ T389] ? do_notify_parent+0xa40/0xa40 [ 33.453216][ T389] ? __close_fd+0x290/0x290 [ 33.457695][ T389] ? __ia32_sys_open+0x270/0x270 [ 33.462608][ T389] syscall_exit_work+0x7c/0x130 [ 33.467436][ T389] syscall_exit_to_user_mode+0x6a/0xa0 [ 33.472868][ T389] do_syscall_64+0x40/0x70 [ 33.477278][ T389] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 33.483143][ T389] RIP: 0033:0x7f88784ea1e9 [ 33.487535][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.507115][ T389] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.515519][ T389] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 33.523468][ T389] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 33.531413][ T389] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 33.539366][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 33.547491][ T389] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000010 [ 33.555785][ T389] ------------[ cut here ]------------ [ 33.561549][ T389] WARNING: CPU: 0 PID: 389 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 33.571671][ T389] Modules linked in: [ 33.575561][ T389] CPU: 1 PID: 389 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0 [ 33.587333][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 33.597476][ T389] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 33.603775][ T389] Code: eb 18 e8 0c 10 e5 ff 48 c7 c7 60 c5 3a 86 e8 70 55 0a 03 eb 05 e8 f9 0f e5 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e9 0f e5 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 33.623442][ T389] RSP: 0018:ffffc900009cfc78 EFLAGS: 00010293 [ 33.629501][ T389] RAX: ffffffff8187afe7 RBX: ffff88810a795350 RCX: ffff8881059c3b40 [ 33.637477][ T389] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 33.645444][ T389] RBP: ffffc900009cfca0 R08: ffffffff8187af00 R09: fffffbfff0c85873 [ 33.653410][ T389] R10: fffffbfff0c85873 R11: 1ffffffff0c85872 R12: dffffc0000000000 [ 33.661479][ T389] R13: 1ffff110214f2a6a R14: 00000000fffffff4 R15: ffff88811dd36000 [ 33.669425][ T389] FS: 00005555561b0300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 33.678367][ T389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.684948][ T389] CR2: 00007ffd84b071e8 CR3: 000000010a76c000 CR4: 00000000003506b0 [ 33.692920][ T389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.700898][ T389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.708843][ T389] Call Trace: [ 33.712284][ T389] bpf_link_put+0x1e9/0x270 [ 33.716798][ T389] bpf_link_release+0x3b/0x40 [ 33.721476][ T389] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 33.727108][ T389] __fput+0x348/0x7c0 [ 33.731097][ T389] ____fput+0x15/0x20 [ 33.735071][ T389] task_work_run+0x147/0x1b0 [ 33.739649][ T389] ptrace_notify+0x29a/0x340 [ 33.744244][ T389] ? _raw_spin_unlock_irq+0x4e/0x70 [ 33.749439][ T389] ? do_notify_parent+0xa40/0xa40 [ 33.754482][ T389] ? __close_fd+0x290/0x290 [ 33.758979][ T389] ? __ia32_sys_open+0x270/0x270 [ 33.763915][ T389] syscall_exit_work+0x7c/0x130 [ 33.768771][ T389] syscall_exit_to_user_mode+0x6a/0xa0 [ 33.774229][ T389] do_syscall_64+0x40/0x70 [ 33.778627][ T389] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 33.784514][ T389] RIP: 0033:0x7f88784ea1e9 [ 33.788913][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.808562][ T389] RSP: 002b:00007ffd84b07208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 33.816978][ T389] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f88784ea1e9 [ 33.824960][ T389] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000003 [ 33.832924][ T389] RBP: 00007ffd84b07230 R08: 0000000000000001 R09: 00007ffd84b07240 [ 33.840919][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 33.848873][ T389] R13: 00007ffd84b07250 R14: 00007ffd84b07290 R15: 0000000000000010 [pid 389] close_range(3, 7, 0) = 0 [pid 389] close(3) = -1 EBADF (Bad file descriptor) [pid 389] close(4) = -1 EBADF (Bad file descriptor) [pid 389] close(5) = -1 EBADF (Bad file descriptor) [pid 389] close(6) = -1 EBADF (Bad file descriptor) [pid 389] close(7) = -1 EBADF (Bad file descriptor) [pid 389] close(8) = 0 [pid 389] close(9) = 0 [pid 389] close(10) = -1 EBADF (Bad file descriptor) [pid 389] close(11) = -1 EBADF (Bad file descriptor) [pid 389] close(12) = -1 EBADF (Bad file descriptor) [pid 389] close(13) = -1 EBADF (Bad file descriptor) [pid 389] close(14) = -1 EBADF (Bad file descriptor) [pid 389] close(15) = -1 EBADF (Bad file descriptor) [pid 389] close(16) = -1 EBADF (Bad file descriptor) [pid 389] close(17) = -1 EBADF (Bad file descriptor) [pid 389] close(18) = -1 EBADF (Bad file descriptor) [pid 389] close(19) = -1 EBADF (Bad file descriptor) [pid 389] close(20) = -1 EBADF (Bad file descriptor) [pid 389] close(21) = -1 EBADF (Bad file descriptor) [pid 389] close(22) = -1 EBADF (Bad file descriptor) [pid 389] close(23) = -1 EBADF (Bad file descriptor) [pid 389] close(24) = -1 EBADF (Bad file descriptor) [pid 389] close(25) = -1 EBADF (Bad file descriptor) [pid 389] close(26) = -1 EBADF (Bad file descriptor) [pid 389] close(27) = -1 EBADF (Bad file descriptor) [pid 389] close(28) = -1 EBADF (Bad file descriptor) [pid 389] close(29) = -1 EBADF (Bad file descriptor) [pid 389] exit_group(0) = ? [pid 389] +++ exited with 0 +++ [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 372] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 372] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 372] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 6 entries */, 32768) = 176 [pid 372] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 372] unlink("./16/binderfs") = 0 [pid 372] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 372] unlink("./16/cgroup") = 0 [pid 372] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./16/cgroup.net") = 0 [pid 372] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 372] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 372] unlink("./16/cgroup.cpu") = 0 [pid 372] getdents64(3, 0x5555561b1620 /* 0 entries */, 32768) = 0 [pid 372] close(3) = 0 [pid 372] rmdir("./16") = 0 [pid 372] mkdir("./17", 0777) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561b05d0) = 19 ./strace-static-x86_64: Process 390 attached [pid 390] chdir("./17") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 390] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 390] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] bpf(BPF_TASK_FD_QUERY, {task_fd_query={pid=0, fd=-1, flags=0, buf_len=7, buf="cgroup", prog_id=0, fd_type=BPF_FD_TYPE_RAW_TRACEPOINT, probe_offset=0, probe_addr=0}}, 48) = -1 ENOENT (No such file or directory) [pid 390] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 3 [pid 390] openat(AT_FDCWD, "cgroup", O_RDWR|O_PATH) = 4 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200003c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 5 [pid 390] bpf(BPF_LINK_CREATE, {link_create={prog_fd=5, target_fd=4, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 6 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SOCK, insn_cnt=4, insns=0x200001c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0}, 112) = 7 [pid 390] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=3, attach_type=BPF_CGROUP_INET_SOCK_CREATE, flags=0}}, 16) = 8 [pid 390] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 9 [pid 390] write(9, "1", 1) = 1 [ 33.856846][ T389] ---[ end trace 71a8e909f523c1b2 ]--- [ 33.878534][ T390] FAULT_INJECTION: forcing a failure. [ 33.878534][ T390] name failslab, interval 1, probability 0, space 0, times 0 [ 33.891155][ T390] CPU: 1 PID: 390 Comm: syz-executor320 Tainted: G B W 5.10.134-syzkaller-01772-gf6ce9a9115d5 #0