./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor833494178 <...> syzkaller syzkaller login: [ 12.156121][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 12.156127][ T23] audit: type=1400 audit(1652333713.689:71): avc: denied { transition } for pid=299 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.165837][ T23] audit: type=1400 audit(1652333713.699:72): avc: denied { write } for pid=299 comm="sh" path="pipe:[11285]" dev="pipefs" ino=11285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.170166][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 13.007995][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 13.100734][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 14.718006][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. execve("./syz-executor833494178", ["./syz-executor833494178"], 0x7fffc1998150 /* 10 vars */) = 0 brk(NULL) = 0x555555b1f000 brk(0x555555b1fc40) = 0x555555b1fc40 arch_prctl(ARCH_SET_FS, 0x555555b1f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor833494178", 4096) = 27 brk(0x555555b40c40) = 0x555555b40c40 brk(0x555555b41000) = 0x555555b41000 mprotect(0x7fd873d31000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 [ 20.209625][ T23] audit: type=1400 audit(1652333721.749:73): avc: denied { execmem } for pid=380 comm="syz-executor833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.216835][ T380] cgroup: Unknown subsys name 'net' [ 20.229061][ T23] audit: type=1400 audit(1652333721.749:74): avc: denied { mounton } for pid=380 comm="syz-executor833" path="/syzcgroup/unified" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) [ 20.257184][ T23] audit: type=1400 audit(1652333721.749:75): avc: denied { mount } for pid=380 comm="syz-executor833" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.257759][ T380] cgroup: Unknown subsys name 'devices' [ 20.279806][ T23] audit: type=1400 audit(1652333721.769:76): avc: denied { unmount } for pid=380 comm="syz-executor833" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) [ 20.391656][ T380] cgroup: Unknown subsys name 'hugetlb' [ 20.397520][ T380] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 380 mkdir("./syzkaller.9hsNnU", 0700) = 0 chmod("./syzkaller.9hsNnU", 0777) = 0 chdir("./syzkaller.9hsNnU") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 381 attached , child_tidptr=0x555555b1f5d0) = 381 [pid 381] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setsid() = 1 [pid 381] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 381] unshare(CLONE_NEWNS) = 0 [pid 381] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 381] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 381] unshare(CLONE_NEWCGROUP) = 0 [pid 381] unshare(CLONE_NEWUTS) = 0 [pid 381] unshare(CLONE_SYSVSEM) = 0 [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] getpid() = 1 [pid 381] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.964845][ T382] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 20.973229][ T382] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 20.981177][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 20.989123][ T382] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 20.997072][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 21.005019][ T382] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000000 [ 21.013363][ T382] ------------[ cut here ]------------ [ 21.018863][ T382] WARNING: CPU: 1 PID: 382 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 21.028750][ T382] Modules linked in: [ 21.032630][ T382] CPU: 1 PID: 382 Comm: syz-executor833 Not tainted 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 21.042871][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.052936][ T382] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 21.059177][ T382] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 21.078781][ T382] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 21.084820][ T382] RAX: ffffffff8187d597 RBX: ffff8881087c0850 RCX: ffff8881065893c0 [ 21.092787][ T382] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 21.100757][ T382] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 21.108767][ T382] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 21.116736][ T382] R13: 1ffff110210f810a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 21.124713][ T382] FS: 0000555555b1f300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.133734][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.140351][ T382] CR2: 00000000011263f8 CR3: 000000010879c000 CR4: 00000000003506a0 [ 21.148358][ T382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.156323][ T382] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.164295][ T382] Call Trace: [ 21.167573][ T382] bpf_link_put+0x1e9/0x270 [ 21.172076][ T382] bpf_link_release+0x3b/0x40 [ 21.176742][ T382] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 21.182374][ T382] __fput+0x348/0x7c0 [ 21.186350][ T382] ____fput+0x15/0x20 [ 21.190335][ T382] task_work_run+0x147/0x1b0 [ 21.194916][ T382] ptrace_notify+0x29a/0x340 [ 21.199520][ T382] ? _raw_spin_unlock_irq+0x4e/0x70 [ 21.204707][ T382] ? do_notify_parent+0xa60/0xa60 [ 21.209725][ T382] ? __close_fd+0x290/0x290 [ 21.214327][ T382] ? __ia32_sys_open+0x270/0x270 [ 21.219265][ T382] syscall_exit_work+0x7c/0x130 [ 21.224126][ T382] syscall_exit_to_user_mode+0x6a/0xa0 [ 21.229585][ T382] do_syscall_64+0x40/0x70 [ 21.233991][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.239876][ T382] RIP: 0033:0x7fd873cc3199 [ 21.244281][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 21.263905][ T382] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 21.272316][ T382] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 21.280289][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 21.288265][ T382] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 21.296222][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 21.304188][ T382] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000000 [ 21.312156][ T382] ---[ end trace 246292e9e8cb5733 ]--- [ 21.317628][ T382] ================================================================== [ 21.325670][ T382] BUG: KASAN: use-after-free in compute_effective_progs+0x1d3/0x6e0 [ 21.333615][ T382] Read of size 8 at addr ffff8881087c0818 by task syz-executor833/382 [ 21.341730][ T382] [ 21.344037][ T382] CPU: 1 PID: 382 Comm: syz-executor833 Tainted: G W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 21.355624][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.365652][ T382] Call Trace: [ 21.368921][ T382] dump_stack_lvl+0x1e2/0x24b [ 21.373569][ T382] ? printk+0xcf/0x10f [ 21.377610][ T382] ? bfq_pos_tree_add_move+0x43e/0x43e [ 21.383377][ T382] ? wake_up_klogd+0xb8/0xf0 [ 21.387949][ T382] ? panic+0x7d7/0x7d7 [ 21.392008][ T382] print_address_description+0x81/0x3c0 [ 21.397535][ T382] kasan_report+0x1a4/0x1f0 [ 21.402022][ T382] ? compute_effective_progs+0x1d3/0x6e0 [ 21.407625][ T382] ? compute_effective_progs+0x1d3/0x6e0 [ 21.413234][ T382] __asan_report_load8_noabort+0x14/0x20 [ 21.418839][ T382] compute_effective_progs+0x1d3/0x6e0 [ 21.424267][ T382] update_effective_progs+0x79/0x320 [ 21.429521][ T382] __cgroup_bpf_detach+0x312/0x570 [ 21.434607][ T382] bpf_cgroup_link_release+0x94/0x260 [ 21.439954][ T382] bpf_link_put+0x1e9/0x270 [ 21.444431][ T382] bpf_link_release+0x3b/0x40 [ 21.449078][ T382] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 21.454681][ T382] __fput+0x348/0x7c0 [ 21.458642][ T382] ____fput+0x15/0x20 [ 21.462594][ T382] task_work_run+0x147/0x1b0 [ 21.467155][ T382] ptrace_notify+0x29a/0x340 [ 21.471716][ T382] ? _raw_spin_unlock_irq+0x4e/0x70 [ 21.476894][ T382] ? do_notify_parent+0xa60/0xa60 [ 21.481897][ T382] ? __close_fd+0x290/0x290 [ 21.486373][ T382] ? __ia32_sys_open+0x270/0x270 [ 21.491282][ T382] syscall_exit_work+0x7c/0x130 [ 21.496106][ T382] syscall_exit_to_user_mode+0x6a/0xa0 [ 21.501537][ T382] do_syscall_64+0x40/0x70 [ 21.505932][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.511810][ T382] RIP: 0033:0x7fd873cc3199 [ 21.516213][ T382] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 21.535790][ T382] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 21.544175][ T382] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 21.552121][ T382] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 21.560064][ T382] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 21.568009][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 21.575952][ T382] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000000 [ 21.583901][ T382] [ 21.586216][ T382] Allocated by task 382: [ 21.590438][ T382] ____kasan_kmalloc+0xdc/0x110 [ 21.595258][ T382] __kasan_kmalloc+0x9/0x10 [ 21.599733][ T382] kmem_cache_alloc_trace+0x1dd/0x330 [ 21.605079][ T382] cgroup_bpf_link_attach+0x12e/0x4a0 [ 21.610420][ T382] link_create+0x540/0x6e0 [ 21.614805][ T382] __do_sys_bpf+0x528/0x6c0 [ 21.619277][ T382] __x64_sys_bpf+0x7a/0x90 [ 21.623666][ T382] do_syscall_64+0x34/0x70 [ 21.628063][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.633919][ T382] [ 21.636222][ T382] Freed by task 382: [ 21.640090][ T382] kasan_set_track+0x4c/0x80 [ 21.644650][ T382] kasan_set_free_info+0x23/0x40 [ 21.649557][ T382] ____kasan_slab_free+0x121/0x160 [ 21.654637][ T382] __kasan_slab_free+0x11/0x20 [ 21.659376][ T382] slab_free_freelist_hook+0xcc/0x1a0 [ 21.664721][ T382] kfree+0xc3/0x290 [ 21.668507][ T382] bpf_cgroup_link_dealloc+0x15/0x20 [ 21.673770][ T382] bpf_link_put+0x243/0x270 [ 21.678247][ T382] bpf_link_release+0x3b/0x40 [ 21.682898][ T382] __fput+0x348/0x7c0 [ 21.686857][ T382] ____fput+0x15/0x20 [ 21.690815][ T382] task_work_run+0x147/0x1b0 [ 21.695379][ T382] ptrace_notify+0x29a/0x340 [ 21.699946][ T382] syscall_exit_work+0x7c/0x130 [ 21.704775][ T382] syscall_exit_to_user_mode+0x6a/0xa0 [ 21.710212][ T382] do_syscall_64+0x40/0x70 [ 21.714603][ T382] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.720463][ T382] [ 21.722776][ T382] The buggy address belongs to the object at ffff8881087c0800 [ 21.722776][ T382] which belongs to the cache kmalloc-96 of size 96 [ 21.736628][ T382] The buggy address is located 24 bytes inside of [ 21.736628][ T382] 96-byte region [ffff8881087c0800, ffff8881087c0860) [ 21.749698][ T382] The buggy address belongs to the page: [ 21.755308][ T382] page:ffffea000421f000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1087c0 [ 21.765516][ T382] flags: 0x8000000000000200(slab) [ 21.770517][ T382] raw: 8000000000000200 ffffea000421f100 0000000700000007 ffff888100043680 [ 21.779075][ T382] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 21.787626][ T382] page dumped because: kasan: bad access detected [ 21.794010][ T382] page_owner tracks the page as allocated [ 21.799708][ T382] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1068999498, free_ts 0 [ 21.814627][ T382] get_page_from_freelist+0x745/0x760 [ 21.819975][ T382] __alloc_pages_nodemask+0x3b6/0x890 [ 21.825322][ T382] allocate_slab+0x78/0x540 [ 21.829804][ T382] ___slab_alloc+0x131/0x2e0 [ 21.834366][ T382] __slab_alloc+0x63/0xa0 [ 21.838670][ T382] kmem_cache_alloc_trace+0x20e/0x330 [ 21.844019][ T382] acpi_ut_evaluate_object+0x101/0x479 [ 21.849450][ T382] acpi_ut_execute_power_methods+0x108/0x254 [ 21.855406][ T382] acpi_get_object_info+0x63e/0x11eb [ 21.860666][ T382] acpi_init_device_object+0x71f/0x3070 [ 21.866188][ T382] acpi_add_single_object+0x123/0x18d0 [ 21.871623][ T382] acpi_bus_check_add+0x42b/0xef0 [ 21.876621][ T382] acpi_ns_walk_namespace+0x242/0x4ad [ 21.881966][ T382] acpi_walk_namespace+0xf2/0x121 [ 21.886966][ T382] acpi_bus_scan+0xd1/0x150 [ 21.891444][ T382] acpi_scan_init+0x261/0x7fe [ 21.896095][ T382] page_owner free stack trace missing [ 21.901437][ T382] [ 21.903743][ T382] Memory state around the buggy address: [ 21.909348][ T382] ffff8881087c0700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 21.917385][ T382] ffff8881087c0780: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 21.925421][ T382] >ffff8881087c0800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 21.933455][ T382] ^ [ 21.938305][ T382] ffff8881087c0880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [pid 382] close_range(3, 4294967295, 0) = 0 [pid 382] close(3) = -1 EBADF (Bad file descriptor) [pid 382] close(4) = -1 EBADF (Bad file descriptor) [pid 382] close(5) = -1 EBADF (Bad file descriptor) [pid 382] close(6) = -1 EBADF (Bad file descriptor) [pid 382] close(7) = -1 EBADF (Bad file descriptor) [pid 382] close(8) = -1 EBADF (Bad file descriptor) [pid 382] close(9) = -1 EBADF (Bad file descriptor) [pid 382] close(10) = -1 EBADF (Bad file descriptor) [pid 382] close(11) = -1 EBADF (Bad file descriptor) [pid 382] close(12) = -1 EBADF (Bad file descriptor) [pid 382] close(13) = -1 EBADF (Bad file descriptor) [pid 382] close(14) = -1 EBADF (Bad file descriptor) [pid 382] close(15) = -1 EBADF (Bad file descriptor) [pid 382] close(16) = -1 EBADF (Bad file descriptor) [pid 382] close(17) = -1 EBADF (Bad file descriptor) [pid 382] close(18) = -1 EBADF (Bad file descriptor) [pid 382] close(19) = -1 EBADF (Bad file descriptor) [pid 382] close(20) = -1 EBADF (Bad file descriptor) [pid 382] close(21) = -1 EBADF (Bad file descriptor) [pid 382] close(22) = -1 EBADF (Bad file descriptor) [pid 382] close(23) = -1 EBADF (Bad file descriptor) [pid 382] close(24) = -1 EBADF (Bad file descriptor) [pid 382] close(25) = -1 EBADF (Bad file descriptor) [pid 382] close(26) = -1 EBADF (Bad file descriptor) [pid 382] close(27) = -1 EBADF (Bad file descriptor) [pid 382] close(28) = -1 EBADF (Bad file descriptor) [pid 382] close(29) = -1 EBADF (Bad file descriptor) [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=39} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./0/binderfs") = 0 [pid 381] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./0/cgroup") = 0 [pid 381] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./0/cgroup.net") = 0 [pid 381] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./0/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./0") = 0 [pid 381] mkdir("./1", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 383 attached , child_tidptr=0x555555b1f5d0) = 3 [pid 383] chdir("./1") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 383] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 383] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 383] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 383] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 383] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 383] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 383] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 383] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 383] write(10, "1", 1) = 1 [ 21.946368][ T382] ffff8881087c0900: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 21.954407][ T382] ================================================================== [ 21.962467][ T382] Disabling lock debugging due to kernel taint [ 21.992505][ T383] FAULT_INJECTION: forcing a failure. [ 21.992505][ T383] name failslab, interval 1, probability 0, space 0, times 0 [ 22.005231][ T383] CPU: 1 PID: 383 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 22.016867][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.026909][ T383] Call Trace: [ 22.030174][ T383] dump_stack_lvl+0x1e2/0x24b [ 22.034824][ T383] ? panic+0x7d7/0x7d7 [ 22.038865][ T383] ? bfq_pos_tree_add_move+0x43e/0x43e [ 22.044299][ T383] dump_stack+0x15/0x17 [ 22.048427][ T383] should_fail+0x3c0/0x510 [ 22.052821][ T383] ? bpf_prog_array_alloc+0x40/0x60 [ 22.057995][ T383] __should_failslab+0x9f/0xe0 [ 22.062737][ T383] should_failslab+0x9/0x20 [ 22.067215][ T383] __kmalloc+0x60/0x360 [ 22.071348][ T383] bpf_prog_array_alloc+0x40/0x60 [ 22.076345][ T383] compute_effective_progs+0x2de/0x6e0 [ 22.081775][ T383] update_effective_progs+0x79/0x320 [ 22.087299][ T383] __cgroup_bpf_detach+0x312/0x570 [ 22.092385][ T383] bpf_cgroup_link_release+0x94/0x260 [ 22.097727][ T383] bpf_link_put+0x1e9/0x270 [ 22.102207][ T383] bpf_link_release+0x3b/0x40 [ 22.106861][ T383] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 22.112467][ T383] __fput+0x348/0x7c0 [ 22.116424][ T383] ____fput+0x15/0x20 [ 22.120377][ T383] task_work_run+0x147/0x1b0 [ 22.124941][ T383] ptrace_notify+0x29a/0x340 [ 22.129513][ T383] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.134686][ T383] ? do_notify_parent+0xa60/0xa60 [ 22.139684][ T383] ? __close_fd+0x290/0x290 [ 22.144164][ T383] ? __ia32_sys_open+0x270/0x270 [ 22.149088][ T383] syscall_exit_work+0x7c/0x130 [ 22.153919][ T383] syscall_exit_to_user_mode+0x6a/0xa0 [ 22.159357][ T383] do_syscall_64+0x40/0x70 [ 22.163747][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.169613][ T383] RIP: 0033:0x7fd873cc3199 [ 22.174001][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.193582][ T383] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 22.201973][ T383] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 22.209920][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 22.217876][ T383] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 22.225827][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 22.233771][ T383] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000001 [ 22.242786][ T383] ------------[ cut here ]------------ [ 22.248278][ T383] WARNING: CPU: 1 PID: 383 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 22.258183][ T383] Modules linked in: [ 22.262076][ T383] CPU: 1 PID: 383 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 22.273698][ T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.283799][ T383] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 22.290039][ T383] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 22.309647][ T383] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 22.315689][ T383] RAX: ffffffff8187d597 RBX: ffff8881087c08d0 RCX: ffff88810658a780 [ 22.323656][ T383] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 22.331621][ T383] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 22.339593][ T383] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 22.347560][ T383] R13: 1ffff110210f811a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 22.355542][ T383] FS: 0000555555b1f300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.364525][ T383] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.371120][ T383] CR2: 00007fd873d35140 CR3: 00000001087a7000 CR4: 00000000003506a0 [ 22.379099][ T383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.387464][ T383] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.395433][ T383] Call Trace: [ 22.398729][ T383] bpf_link_put+0x1e9/0x270 [ 22.403218][ T383] bpf_link_release+0x3b/0x40 [ 22.407873][ T383] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 22.413514][ T383] __fput+0x348/0x7c0 [ 22.417490][ T383] ____fput+0x15/0x20 [ 22.421474][ T383] task_work_run+0x147/0x1b0 [ 22.426059][ T383] ptrace_notify+0x29a/0x340 [ 22.430658][ T383] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.435854][ T383] ? do_notify_parent+0xa60/0xa60 [ 22.440913][ T383] ? __close_fd+0x290/0x290 [ 22.445408][ T383] ? __ia32_sys_open+0x270/0x270 [ 22.450347][ T383] syscall_exit_work+0x7c/0x130 [ 22.455194][ T383] syscall_exit_to_user_mode+0x6a/0xa0 [ 22.460650][ T383] do_syscall_64+0x40/0x70 [ 22.465066][ T383] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.470974][ T383] RIP: 0033:0x7fd873cc3199 [ 22.475379][ T383] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.495381][ T383] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [pid 383] close_range(3, 4294967295, 0) = 0 [pid 383] close(3) = -1 EBADF (Bad file descriptor) [pid 383] close(4) = -1 EBADF (Bad file descriptor) [pid 383] close(5) = -1 EBADF (Bad file descriptor) [pid 383] close(6) = -1 EBADF (Bad file descriptor) [pid 383] close(7) = -1 EBADF (Bad file descriptor) [pid 383] close(8) = -1 EBADF (Bad file descriptor) [pid 383] close(9) = -1 EBADF (Bad file descriptor) [pid 383] close(10) = -1 EBADF (Bad file descriptor) [pid 383] close(11) = -1 EBADF (Bad file descriptor) [pid 383] close(12) = -1 EBADF (Bad file descriptor) [pid 383] close(13) = -1 EBADF (Bad file descriptor) [pid 383] close(14) = -1 EBADF (Bad file descriptor) [pid 383] close(15) = -1 EBADF (Bad file descriptor) [pid 383] close(16) = -1 EBADF (Bad file descriptor) [pid 383] close(17) = -1 EBADF (Bad file descriptor) [pid 383] close(18) = -1 EBADF (Bad file descriptor) [pid 383] close(19) = -1 EBADF (Bad file descriptor) [pid 383] close(20) = -1 EBADF (Bad file descriptor) [pid 383] close(21) = -1 EBADF (Bad file descriptor) [pid 383] close(22) = -1 EBADF (Bad file descriptor) [pid 383] close(23) = -1 EBADF (Bad file descriptor) [pid 383] close(24) = -1 EBADF (Bad file descriptor) [pid 383] close(25) = -1 EBADF (Bad file descriptor) [pid 383] close(26) = -1 EBADF (Bad file descriptor) [pid 383] close(27) = -1 EBADF (Bad file descriptor) [pid 383] close(28) = -1 EBADF (Bad file descriptor) [pid 383] close(29) = -1 EBADF (Bad file descriptor) [pid 383] exit_group(0) = ? [pid 383] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./1/binderfs") = 0 [pid 381] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./1/cgroup") = 0 [pid 381] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./1/cgroup.net") = 0 [pid 381] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./1/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./1") = 0 [pid 381] mkdir("./2", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 4 ./strace-static-x86_64: Process 384 attached [pid 384] chdir("./2") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 384] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 384] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 384] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 384] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 384] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 384] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 384] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 384] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 384] write(10, "1", 1) = 1 [ 22.503840][ T383] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 22.511824][ T383] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 22.519807][ T383] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 22.527764][ T383] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 22.535737][ T383] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000001 [ 22.543713][ T383] ---[ end trace 246292e9e8cb5734 ]--- [ 22.567862][ T384] FAULT_INJECTION: forcing a failure. [ 22.567862][ T384] name failslab, interval 1, probability 0, space 0, times 0 [ 22.580486][ T384] CPU: 1 PID: 384 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 22.592419][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.602456][ T384] Call Trace: [ 22.605725][ T384] dump_stack_lvl+0x1e2/0x24b [ 22.610379][ T384] ? panic+0x7d7/0x7d7 [ 22.614437][ T384] ? bfq_pos_tree_add_move+0x43e/0x43e [ 22.619876][ T384] dump_stack+0x15/0x17 [ 22.624006][ T384] should_fail+0x3c0/0x510 [ 22.628410][ T384] ? bpf_prog_array_alloc+0x40/0x60 [ 22.633582][ T384] __should_failslab+0x9f/0xe0 [ 22.638320][ T384] should_failslab+0x9/0x20 [ 22.642795][ T384] __kmalloc+0x60/0x360 [ 22.646931][ T384] bpf_prog_array_alloc+0x40/0x60 [ 22.651940][ T384] compute_effective_progs+0x2de/0x6e0 [ 22.657382][ T384] update_effective_progs+0x79/0x320 [ 22.662651][ T384] __cgroup_bpf_detach+0x312/0x570 [ 22.667746][ T384] bpf_cgroup_link_release+0x94/0x260 [ 22.673093][ T384] bpf_link_put+0x1e9/0x270 [ 22.677570][ T384] bpf_link_release+0x3b/0x40 [ 22.682222][ T384] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 22.687828][ T384] __fput+0x348/0x7c0 [ 22.691783][ T384] ____fput+0x15/0x20 [ 22.695736][ T384] task_work_run+0x147/0x1b0 [ 22.700299][ T384] ptrace_notify+0x29a/0x340 [ 22.704866][ T384] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.710062][ T384] ? do_notify_parent+0xa60/0xa60 [ 22.715062][ T384] ? __close_fd+0x290/0x290 [ 22.719538][ T384] ? __ia32_sys_open+0x270/0x270 [ 22.724448][ T384] syscall_exit_work+0x7c/0x130 [ 22.729281][ T384] syscall_exit_to_user_mode+0x6a/0xa0 [ 22.734731][ T384] do_syscall_64+0x40/0x70 [ 22.739125][ T384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.744996][ T384] RIP: 0033:0x7fd873cc3199 [ 22.749388][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.768971][ T384] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 22.777359][ T384] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 22.785308][ T384] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 22.793261][ T384] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 22.801206][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 22.809153][ T384] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000002 [ 22.817232][ T384] ------------[ cut here ]------------ [ 22.822869][ T384] WARNING: CPU: 1 PID: 384 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 22.832786][ T384] Modules linked in: [ 22.836668][ T384] CPU: 1 PID: 384 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 22.848340][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.858404][ T384] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 22.864616][ T384] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 22.884222][ T384] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 22.890296][ T384] RAX: ffffffff8187d597 RBX: ffff8881087c0650 RCX: ffff88810658e2c0 [ 22.898275][ T384] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 22.906230][ T384] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 22.914203][ T384] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 22.922211][ T384] R13: 1ffff110210f80ca R14: 00000000fffffff4 R15: ffff888104ffa000 [ 22.930184][ T384] FS: 0000555555b1f300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.939114][ T384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.945671][ T384] CR2: 00007fd873d35140 CR3: 00000001087bb000 CR4: 00000000003506a0 [ 22.953644][ T384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.961636][ T384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.969613][ T384] Call Trace: [ 22.972896][ T384] bpf_link_put+0x1e9/0x270 [ 22.977375][ T384] bpf_link_release+0x3b/0x40 [ 22.982085][ T384] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 22.987711][ T384] __fput+0x348/0x7c0 [ 22.991719][ T384] ____fput+0x15/0x20 [ 22.995687][ T384] task_work_run+0x147/0x1b0 [ 23.000309][ T384] ptrace_notify+0x29a/0x340 [ 23.004899][ T384] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.010110][ T384] ? do_notify_parent+0xa60/0xa60 [ 23.015148][ T384] ? __close_fd+0x290/0x290 [ 23.019652][ T384] ? __ia32_sys_open+0x270/0x270 [ 23.024586][ T384] syscall_exit_work+0x7c/0x130 [ 23.029445][ T384] syscall_exit_to_user_mode+0x6a/0xa0 [ 23.034892][ T384] do_syscall_64+0x40/0x70 [ 23.039319][ T384] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.045201][ T384] RIP: 0033:0x7fd873cc3199 [ 23.049617][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.069231][ T384] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.077724][ T384] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 23.085698][ T384] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 23.093676][ T384] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 23.101650][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 23.109752][ T384] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000002 [pid 384] close_range(3, 4294967295, 0) = 0 [pid 384] close(3) = -1 EBADF (Bad file descriptor) [pid 384] close(4) = -1 EBADF (Bad file descriptor) [pid 384] close(5) = -1 EBADF (Bad file descriptor) [pid 384] close(6) = -1 EBADF (Bad file descriptor) [pid 384] close(7) = -1 EBADF (Bad file descriptor) [pid 384] close(8) = -1 EBADF (Bad file descriptor) [pid 384] close(9) = -1 EBADF (Bad file descriptor) [pid 384] close(10) = -1 EBADF (Bad file descriptor) [pid 384] close(11) = -1 EBADF (Bad file descriptor) [pid 384] close(12) = -1 EBADF (Bad file descriptor) [pid 384] close(13) = -1 EBADF (Bad file descriptor) [pid 384] close(14) = -1 EBADF (Bad file descriptor) [pid 384] close(15) = -1 EBADF (Bad file descriptor) [pid 384] close(16) = -1 EBADF (Bad file descriptor) [pid 384] close(17) = -1 EBADF (Bad file descriptor) [pid 384] close(18) = -1 EBADF (Bad file descriptor) [pid 384] close(19) = -1 EBADF (Bad file descriptor) [pid 384] close(20) = -1 EBADF (Bad file descriptor) [pid 384] close(21) = -1 EBADF (Bad file descriptor) [pid 384] close(22) = -1 EBADF (Bad file descriptor) [pid 384] close(23) = -1 EBADF (Bad file descriptor) [pid 384] close(24) = -1 EBADF (Bad file descriptor) [pid 384] close(25) = -1 EBADF (Bad file descriptor) [pid 384] close(26) = -1 EBADF (Bad file descriptor) [pid 384] close(27) = -1 EBADF (Bad file descriptor) [pid 384] close(28) = -1 EBADF (Bad file descriptor) [pid 384] close(29) = -1 EBADF (Bad file descriptor) [pid 384] exit_group(0) = ? [pid 384] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 381] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./2/binderfs") = 0 [pid 381] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./2/cgroup") = 0 [pid 381] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./2/cgroup.net") = 0 [pid 381] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./2/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./2") = 0 [pid 381] mkdir("./3", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 385 attached [pid 385] chdir("./3" [pid 381] <... clone resumed>, child_tidptr=0x555555b1f5d0) = 5 [pid 385] <... chdir resumed>) = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 385] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 385] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 385] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 385] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 385] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 385] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 385] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 385] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 385] write(10, "1", 1) = 1 [ 23.117718][ T384] ---[ end trace 246292e9e8cb5735 ]--- [ 23.147085][ T385] FAULT_INJECTION: forcing a failure. [ 23.147085][ T385] name failslab, interval 1, probability 0, space 0, times 0 [ 23.159852][ T385] CPU: 0 PID: 385 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 23.171463][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.181521][ T385] Call Trace: [ 23.185224][ T385] dump_stack_lvl+0x1e2/0x24b [ 23.189878][ T385] ? panic+0x7d7/0x7d7 [ 23.193928][ T385] ? bfq_pos_tree_add_move+0x43e/0x43e [ 23.199375][ T385] dump_stack+0x15/0x17 [ 23.203510][ T385] should_fail+0x3c0/0x510 [ 23.207909][ T385] ? bpf_prog_array_alloc+0x40/0x60 [ 23.213100][ T385] __should_failslab+0x9f/0xe0 [ 23.217845][ T385] should_failslab+0x9/0x20 [ 23.222331][ T385] __kmalloc+0x60/0x360 [ 23.226464][ T385] bpf_prog_array_alloc+0x40/0x60 [ 23.231474][ T385] compute_effective_progs+0x2de/0x6e0 [ 23.236924][ T385] update_effective_progs+0x79/0x320 [ 23.242191][ T385] __cgroup_bpf_detach+0x312/0x570 [ 23.247351][ T385] bpf_cgroup_link_release+0x94/0x260 [ 23.252720][ T385] bpf_link_put+0x1e9/0x270 [ 23.257224][ T385] bpf_link_release+0x3b/0x40 [ 23.261883][ T385] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 23.267491][ T385] __fput+0x348/0x7c0 [ 23.271459][ T385] ____fput+0x15/0x20 [ 23.275421][ T385] task_work_run+0x147/0x1b0 [ 23.279988][ T385] ptrace_notify+0x29a/0x340 [ 23.284565][ T385] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.289750][ T385] ? do_notify_parent+0xa60/0xa60 [ 23.294753][ T385] ? __close_fd+0x290/0x290 [ 23.299301][ T385] ? __ia32_sys_open+0x270/0x270 [ 23.304224][ T385] syscall_exit_work+0x7c/0x130 [ 23.309178][ T385] syscall_exit_to_user_mode+0x6a/0xa0 [ 23.314614][ T385] do_syscall_64+0x40/0x70 [ 23.319009][ T385] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.324878][ T385] RIP: 0033:0x7fd873cc3199 [ 23.329275][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.348869][ T385] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.357255][ T385] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 23.365200][ T385] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 23.373145][ T385] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 23.381091][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 23.389039][ T385] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000003 [ 23.397167][ T385] ------------[ cut here ]------------ [ 23.402826][ T385] WARNING: CPU: 1 PID: 385 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 23.412871][ T385] Modules linked in: [ 23.416772][ T385] CPU: 0 PID: 385 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 23.428533][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.438676][ T385] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 23.444990][ T385] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 23.464754][ T385] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 23.470947][ T385] RAX: ffffffff8187d597 RBX: ffff8881021dbfd0 RCX: ffff8881065e0000 [ 23.479148][ T385] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 23.487106][ T385] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 23.495214][ T385] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 23.503282][ T385] R13: 1ffff1102043b7fa R14: 00000000fffffff4 R15: ffff888104ffa000 [ 23.511328][ T385] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.520326][ T385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.526895][ T385] CR2: 00007fd873d35140 CR3: 000000011e2b0000 CR4: 00000000003506b0 [ 23.535020][ T385] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.543077][ T385] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.551227][ T385] Call Trace: [ 23.554506][ T385] bpf_link_put+0x1e9/0x270 [ 23.559225][ T385] bpf_link_release+0x3b/0x40 [ 23.563881][ T385] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 23.569609][ T385] __fput+0x348/0x7c0 [ 23.573571][ T385] ____fput+0x15/0x20 [ 23.577525][ T385] task_work_run+0x147/0x1b0 [ 23.582229][ T385] ptrace_notify+0x29a/0x340 [ 23.586795][ T385] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.592104][ T385] ? do_notify_parent+0xa60/0xa60 [ 23.597120][ T385] ? __close_fd+0x290/0x290 [ 23.601698][ T385] ? __ia32_sys_open+0x270/0x270 [ 23.606612][ T385] syscall_exit_work+0x7c/0x130 [ 23.611537][ T385] syscall_exit_to_user_mode+0x6a/0xa0 [ 23.616972][ T385] do_syscall_64+0x40/0x70 [ 23.621470][ T385] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.627334][ T385] RIP: 0033:0x7fd873cc3199 [ 23.631827][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.651474][ T385] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.659906][ T385] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 23.667867][ T385] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 23.675847][ T385] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 23.683816][ T385] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 23.691791][ T385] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000003 [pid 385] close_range(3, 4294967295, 0) = 0 [pid 385] close(3) = -1 EBADF (Bad file descriptor) [pid 385] close(4) = -1 EBADF (Bad file descriptor) [pid 385] close(5) = -1 EBADF (Bad file descriptor) [pid 385] close(6) = -1 EBADF (Bad file descriptor) [pid 385] close(7) = -1 EBADF (Bad file descriptor) [pid 385] close(8) = -1 EBADF (Bad file descriptor) [pid 385] close(9) = -1 EBADF (Bad file descriptor) [pid 385] close(10) = -1 EBADF (Bad file descriptor) [pid 385] close(11) = -1 EBADF (Bad file descriptor) [pid 385] close(12) = -1 EBADF (Bad file descriptor) [pid 385] close(13) = -1 EBADF (Bad file descriptor) [pid 385] close(14) = -1 EBADF (Bad file descriptor) [pid 385] close(15) = -1 EBADF (Bad file descriptor) [pid 385] close(16) = -1 EBADF (Bad file descriptor) [pid 385] close(17) = -1 EBADF (Bad file descriptor) [pid 385] close(18) = -1 EBADF (Bad file descriptor) [pid 385] close(19) = -1 EBADF (Bad file descriptor) [pid 385] close(20) = -1 EBADF (Bad file descriptor) [pid 385] close(21) = -1 EBADF (Bad file descriptor) [pid 385] close(22) = -1 EBADF (Bad file descriptor) [pid 385] close(23) = -1 EBADF (Bad file descriptor) [pid 385] close(24) = -1 EBADF (Bad file descriptor) [pid 385] close(25) = -1 EBADF (Bad file descriptor) [pid 385] close(26) = -1 EBADF (Bad file descriptor) [pid 385] close(27) = -1 EBADF (Bad file descriptor) [pid 385] close(28) = -1 EBADF (Bad file descriptor) [pid 385] close(29) = -1 EBADF (Bad file descriptor) [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./3/binderfs") = 0 [pid 381] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./3/cgroup") = 0 [pid 381] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./3/cgroup.net") = 0 [pid 381] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./3/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./3") = 0 [pid 381] mkdir("./4", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 6 ./strace-static-x86_64: Process 386 attached [pid 386] chdir("./4") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 386] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 386] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 386] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 386] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 386] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 386] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 386] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 386] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 386] write(10, "1", 1) = 1 [ 23.699763][ T385] ---[ end trace 246292e9e8cb5736 ]--- [ 23.724508][ T386] FAULT_INJECTION: forcing a failure. [ 23.724508][ T386] name failslab, interval 1, probability 0, space 0, times 0 [ 23.737269][ T386] CPU: 0 PID: 386 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 23.748905][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.758939][ T386] Call Trace: [ 23.762211][ T386] dump_stack_lvl+0x1e2/0x24b [ 23.766867][ T386] ? panic+0x7d7/0x7d7 [ 23.770916][ T386] ? bfq_pos_tree_add_move+0x43e/0x43e [ 23.776350][ T386] dump_stack+0x15/0x17 [ 23.780482][ T386] should_fail+0x3c0/0x510 [ 23.784876][ T386] ? bpf_prog_array_alloc+0x40/0x60 [ 23.790055][ T386] __should_failslab+0x9f/0xe0 [ 23.794794][ T386] should_failslab+0x9/0x20 [ 23.799274][ T386] __kmalloc+0x60/0x360 [ 23.803408][ T386] bpf_prog_array_alloc+0x40/0x60 [ 23.808409][ T386] compute_effective_progs+0x2de/0x6e0 [ 23.813842][ T386] update_effective_progs+0x79/0x320 [ 23.819103][ T386] __cgroup_bpf_detach+0x312/0x570 [ 23.824193][ T386] bpf_cgroup_link_release+0x94/0x260 [ 23.829540][ T386] bpf_link_put+0x1e9/0x270 [ 23.834030][ T386] bpf_link_release+0x3b/0x40 [ 23.838685][ T386] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 23.844293][ T386] __fput+0x348/0x7c0 [ 23.848252][ T386] ____fput+0x15/0x20 [ 23.852210][ T386] task_work_run+0x147/0x1b0 [ 23.857928][ T386] ptrace_notify+0x29a/0x340 [ 23.863816][ T386] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.868990][ T386] ? do_notify_parent+0xa60/0xa60 [ 23.873993][ T386] ? __close_fd+0x290/0x290 [ 23.878472][ T386] ? __ia32_sys_open+0x270/0x270 [ 23.883386][ T386] syscall_exit_work+0x7c/0x130 [ 23.888215][ T386] syscall_exit_to_user_mode+0x6a/0xa0 [ 23.893654][ T386] do_syscall_64+0x40/0x70 [ 23.898045][ T386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.903912][ T386] RIP: 0033:0x7fd873cc3199 [ 23.908305][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 23.927895][ T386] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 23.936293][ T386] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 23.944250][ T386] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 23.952204][ T386] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 23.960159][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 23.968114][ T386] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000004 [ 23.977138][ T386] ------------[ cut here ]------------ [ 23.982730][ T386] WARNING: CPU: 0 PID: 386 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 23.992794][ T386] Modules linked in: [ 23.996689][ T386] CPU: 1 PID: 386 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 24.008363][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.018486][ T386] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 24.024709][ T386] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 24.044317][ T386] RSP: 0018:ffffc9000093fc78 EFLAGS: 00010293 [ 24.050397][ T386] RAX: ffffffff8187d597 RBX: ffff888101f84550 RCX: ffff8881065e13c0 [ 24.058377][ T386] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 24.066338][ T386] RBP: ffffc9000093fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 24.074507][ T386] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 24.082492][ T386] R13: 1ffff110203f08aa R14: 00000000fffffff4 R15: ffff888104ffa000 [ 24.090471][ T386] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.099393][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.105961][ T386] CR2: 00007fd873cf3040 CR3: 000000011e2be000 CR4: 00000000003506b0 [ 24.113961][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.121946][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.129915][ T386] Call Trace: [ 24.133190][ T386] bpf_link_put+0x1e9/0x270 [ 24.137677][ T386] bpf_link_release+0x3b/0x40 [ 24.142390][ T386] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.148123][ T386] __fput+0x348/0x7c0 [ 24.152083][ T386] ____fput+0x15/0x20 [ 24.156040][ T386] task_work_run+0x147/0x1b0 [ 24.160635][ T386] ptrace_notify+0x29a/0x340 [ 24.165217][ T386] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.170425][ T386] ? do_notify_parent+0xa60/0xa60 [ 24.175446][ T386] ? __close_fd+0x290/0x290 [ 24.179951][ T386] ? __ia32_sys_open+0x270/0x270 [ 24.184883][ T386] syscall_exit_work+0x7c/0x130 [ 24.189740][ T386] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.195200][ T386] do_syscall_64+0x40/0x70 [ 24.199623][ T386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.205496][ T386] RIP: 0033:0x7fd873cc3199 [ 24.209912][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 24.229519][ T386] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 24.237913][ T386] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [pid 386] close_range(3, 4294967295, 0) = 0 [pid 386] close(3) = -1 EBADF (Bad file descriptor) [pid 386] close(4) = -1 EBADF (Bad file descriptor) [pid 386] close(5) = -1 EBADF (Bad file descriptor) [pid 386] close(6) = -1 EBADF (Bad file descriptor) [pid 386] close(7) = -1 EBADF (Bad file descriptor) [pid 386] close(8) = -1 EBADF (Bad file descriptor) [pid 386] close(9) = -1 EBADF (Bad file descriptor) [pid 386] close(10) = -1 EBADF (Bad file descriptor) [pid 386] close(11) = -1 EBADF (Bad file descriptor) [pid 386] close(12) = -1 EBADF (Bad file descriptor) [pid 386] close(13) = -1 EBADF (Bad file descriptor) [pid 386] close(14) = -1 EBADF (Bad file descriptor) [pid 386] close(15) = -1 EBADF (Bad file descriptor) [pid 386] close(16) = -1 EBADF (Bad file descriptor) [pid 386] close(17) = -1 EBADF (Bad file descriptor) [pid 386] close(18) = -1 EBADF (Bad file descriptor) [pid 386] close(19) = -1 EBADF (Bad file descriptor) [pid 386] close(20) = -1 EBADF (Bad file descriptor) [pid 386] close(21) = -1 EBADF (Bad file descriptor) [pid 386] close(22) = -1 EBADF (Bad file descriptor) [pid 386] close(23) = -1 EBADF (Bad file descriptor) [pid 386] close(24) = -1 EBADF (Bad file descriptor) [pid 386] close(25) = -1 EBADF (Bad file descriptor) [pid 386] close(26) = -1 EBADF (Bad file descriptor) [pid 386] close(27) = -1 EBADF (Bad file descriptor) [pid 386] close(28) = -1 EBADF (Bad file descriptor) [pid 386] close(29) = -1 EBADF (Bad file descriptor) [pid 386] exit_group(0) = ? [pid 386] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./4/binderfs") = 0 [pid 381] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./4/cgroup") = 0 [pid 381] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./4/cgroup.net") = 0 [pid 381] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./4/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./4") = 0 [pid 381] mkdir("./5", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 7 ./strace-static-x86_64: Process 387 attached [pid 387] chdir("./5") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 387] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 387] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 387] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 387] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 387] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 387] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 387] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 387] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 387] write(10, "1", 1) = 1 [ 24.245916][ T386] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 24.253989][ T386] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 24.261983][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 24.269969][ T386] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000004 [ 24.277918][ T386] ---[ end trace 246292e9e8cb5737 ]--- [ 24.304043][ T387] FAULT_INJECTION: forcing a failure. [ 24.304043][ T387] name failslab, interval 1, probability 0, space 0, times 0 [ 24.316677][ T387] CPU: 0 PID: 387 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 24.328278][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.338306][ T387] Call Trace: [ 24.341573][ T387] dump_stack_lvl+0x1e2/0x24b [ 24.346222][ T387] ? panic+0x7d7/0x7d7 [ 24.350264][ T387] ? bfq_pos_tree_add_move+0x43e/0x43e [ 24.355693][ T387] dump_stack+0x15/0x17 [ 24.359819][ T387] should_fail+0x3c0/0x510 [ 24.364206][ T387] ? bpf_prog_array_alloc+0x40/0x60 [ 24.369377][ T387] __should_failslab+0x9f/0xe0 [ 24.374110][ T387] should_failslab+0x9/0x20 [ 24.378586][ T387] __kmalloc+0x60/0x360 [ 24.382723][ T387] bpf_prog_array_alloc+0x40/0x60 [ 24.387728][ T387] compute_effective_progs+0x2de/0x6e0 [ 24.393160][ T387] update_effective_progs+0x79/0x320 [ 24.398419][ T387] __cgroup_bpf_detach+0x312/0x570 [ 24.403501][ T387] bpf_cgroup_link_release+0x94/0x260 [ 24.408844][ T387] bpf_link_put+0x1e9/0x270 [ 24.413320][ T387] bpf_link_release+0x3b/0x40 [ 24.417971][ T387] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.423681][ T387] __fput+0x348/0x7c0 [ 24.427638][ T387] ____fput+0x15/0x20 [ 24.431592][ T387] task_work_run+0x147/0x1b0 [ 24.436156][ T387] ptrace_notify+0x29a/0x340 [ 24.440719][ T387] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.445889][ T387] ? do_notify_parent+0xa60/0xa60 [ 24.450886][ T387] ? __close_fd+0x290/0x290 [ 24.455357][ T387] ? __ia32_sys_open+0x270/0x270 [ 24.460266][ T387] syscall_exit_work+0x7c/0x130 [ 24.465088][ T387] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.470520][ T387] do_syscall_64+0x40/0x70 [ 24.474906][ T387] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.480770][ T387] RIP: 0033:0x7fd873cc3199 [ 24.485165][ T387] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 24.504742][ T387] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 24.513129][ T387] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 24.521086][ T387] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 24.529045][ T387] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 24.536988][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 24.544936][ T387] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000005 [ 24.553304][ T387] ------------[ cut here ]------------ [ 24.558884][ T387] WARNING: CPU: 0 PID: 387 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 24.568795][ T387] Modules linked in: [ 24.572676][ T387] CPU: 0 PID: 387 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 24.584460][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.594544][ T387] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 24.600819][ T387] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 24.620447][ T387] RSP: 0018:ffffc9000093fc78 EFLAGS: 00010293 [ 24.626497][ T387] RAX: ffffffff8187d597 RBX: ffff8881021db550 RCX: ffff888106580000 [ 24.634486][ T387] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 24.642462][ T387] RBP: ffffc9000093fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 24.650432][ T387] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 24.658412][ T387] R13: 1ffff1102043b6aa R14: 00000000fffffff4 R15: ffff888104ffa000 [ 24.666369][ T387] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 24.675292][ T387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.681879][ T387] CR2: 00007fd873d35140 CR3: 0000000109f8a000 CR4: 00000000003506b0 [ 24.689867][ T387] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.697825][ T387] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.705804][ T387] Call Trace: [ 24.709093][ T387] bpf_link_put+0x1e9/0x270 [ 24.713572][ T387] bpf_link_release+0x3b/0x40 [ 24.718251][ T387] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.723888][ T387] __fput+0x348/0x7c0 [ 24.727845][ T387] ____fput+0x15/0x20 [ 24.731829][ T387] task_work_run+0x147/0x1b0 [ 24.736410][ T387] ptrace_notify+0x29a/0x340 [ 24.741008][ T387] ? _raw_spin_unlock_irq+0x4e/0x70 [ 24.746200][ T387] ? do_notify_parent+0xa60/0xa60 [ 24.751231][ T387] ? __close_fd+0x290/0x290 [ 24.755723][ T387] ? __ia32_sys_open+0x270/0x270 [ 24.760662][ T387] syscall_exit_work+0x7c/0x130 [ 24.765502][ T387] syscall_exit_to_user_mode+0x6a/0xa0 [ 24.770966][ T387] do_syscall_64+0x40/0x70 [ 24.775371][ T387] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.781262][ T387] RIP: 0033:0x7fd873cc3199 [ 24.785661][ T387] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 24.805323][ T387] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 24.813755][ T387] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 24.821735][ T387] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 24.829711][ T387] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 24.837654][ T387] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 24.845623][ T387] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000005 [pid 387] close_range(3, 4294967295, 0) = 0 [pid 387] close(3) = -1 EBADF (Bad file descriptor) [pid 387] close(4) = -1 EBADF (Bad file descriptor) [pid 387] close(5) = -1 EBADF (Bad file descriptor) [pid 387] close(6) = -1 EBADF (Bad file descriptor) [pid 387] close(7) = -1 EBADF (Bad file descriptor) [pid 387] close(8) = -1 EBADF (Bad file descriptor) [pid 387] close(9) = -1 EBADF (Bad file descriptor) [pid 387] close(10) = -1 EBADF (Bad file descriptor) [pid 387] close(11) = -1 EBADF (Bad file descriptor) [pid 387] close(12) = -1 EBADF (Bad file descriptor) [pid 387] close(13) = -1 EBADF (Bad file descriptor) [pid 387] close(14) = -1 EBADF (Bad file descriptor) [pid 387] close(15) = -1 EBADF (Bad file descriptor) [pid 387] close(16) = -1 EBADF (Bad file descriptor) [pid 387] close(17) = -1 EBADF (Bad file descriptor) [pid 387] close(18) = -1 EBADF (Bad file descriptor) [pid 387] close(19) = -1 EBADF (Bad file descriptor) [pid 387] close(20) = -1 EBADF (Bad file descriptor) [pid 387] close(21) = -1 EBADF (Bad file descriptor) [pid 387] close(22) = -1 EBADF (Bad file descriptor) [pid 387] close(23) = -1 EBADF (Bad file descriptor) [pid 387] close(24) = -1 EBADF (Bad file descriptor) [pid 387] close(25) = -1 EBADF (Bad file descriptor) [pid 387] close(26) = -1 EBADF (Bad file descriptor) [pid 387] close(27) = -1 EBADF (Bad file descriptor) [pid 387] close(28) = -1 EBADF (Bad file descriptor) [pid 387] close(29) = -1 EBADF (Bad file descriptor) [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./5/binderfs") = 0 [pid 381] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./5/cgroup") = 0 [pid 381] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./5/cgroup.net") = 0 [pid 381] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./5/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./5") = 0 [pid 381] mkdir("./6", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 388 attached , child_tidptr=0x555555b1f5d0) = 8 [pid 388] chdir("./6") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 388] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 388] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 388] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 388] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 388] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 388] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 388] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 388] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 388] write(10, "1", 1) = 1 [ 24.853596][ T387] ---[ end trace 246292e9e8cb5738 ]--- [ 24.879735][ T388] FAULT_INJECTION: forcing a failure. [ 24.879735][ T388] name failslab, interval 1, probability 0, space 0, times 0 [ 24.892372][ T388] CPU: 0 PID: 388 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 24.903978][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.914007][ T388] Call Trace: [ 24.917273][ T388] dump_stack_lvl+0x1e2/0x24b [ 24.921928][ T388] ? panic+0x7d7/0x7d7 [ 24.925968][ T388] ? bfq_pos_tree_add_move+0x43e/0x43e [ 24.931400][ T388] dump_stack+0x15/0x17 [ 24.935531][ T388] should_fail+0x3c0/0x510 [ 24.939929][ T388] ? bpf_prog_array_alloc+0x40/0x60 [ 24.945101][ T388] __should_failslab+0x9f/0xe0 [ 24.949847][ T388] should_failslab+0x9/0x20 [ 24.954332][ T388] __kmalloc+0x60/0x360 [ 24.958471][ T388] bpf_prog_array_alloc+0x40/0x60 [ 24.963469][ T388] compute_effective_progs+0x2de/0x6e0 [ 24.968932][ T388] update_effective_progs+0x79/0x320 [ 24.974201][ T388] __cgroup_bpf_detach+0x312/0x570 [ 24.979292][ T388] bpf_cgroup_link_release+0x94/0x260 [ 24.984644][ T388] bpf_link_put+0x1e9/0x270 [ 24.989133][ T388] bpf_link_release+0x3b/0x40 [ 24.993787][ T388] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 24.999393][ T388] __fput+0x348/0x7c0 [ 25.003360][ T388] ____fput+0x15/0x20 [ 25.007321][ T388] task_work_run+0x147/0x1b0 [ 25.011902][ T388] ptrace_notify+0x29a/0x340 [ 25.016468][ T388] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.021640][ T388] ? do_notify_parent+0xa60/0xa60 [ 25.026640][ T388] ? __close_fd+0x290/0x290 [ 25.031117][ T388] ? __ia32_sys_open+0x270/0x270 [ 25.036028][ T388] syscall_exit_work+0x7c/0x130 [ 25.040858][ T388] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.046293][ T388] do_syscall_64+0x40/0x70 [ 25.050681][ T388] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.056544][ T388] RIP: 0033:0x7fd873cc3199 [ 25.060934][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.080515][ T388] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.089249][ T388] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 25.097193][ T388] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 25.105135][ T388] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 25.113080][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 25.121025][ T388] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000006 [ 25.129898][ T388] ------------[ cut here ]------------ [ 25.135360][ T388] WARNING: CPU: 0 PID: 388 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 25.145513][ T388] Modules linked in: [ 25.149457][ T388] CPU: 0 PID: 388 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 25.161080][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.171158][ T388] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 25.177393][ T388] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 25.197035][ T388] RSP: 0018:ffffc9000093fc78 EFLAGS: 00010293 [ 25.203123][ T388] RAX: ffffffff8187d597 RBX: ffff88810a051650 RCX: ffff8881065813c0 [ 25.211099][ T388] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 25.219074][ T388] RBP: ffffc9000093fca0 R08: ffffffff8187d4b0 R09: 0000000000000000 [ 25.227029][ T388] R10: fffff52000127e75 R11: 1ffff92000127e74 R12: dffffc0000000000 [ 25.235013][ T388] R13: 1ffff1102140a2ca R14: 00000000fffffff4 R15: ffff888104ffa000 [ 25.242988][ T388] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.251925][ T388] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.258518][ T388] CR2: 00007fd873d35140 CR3: 000000011e3c4000 CR4: 00000000003506b0 [ 25.266467][ T388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.274449][ T388] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.282455][ T388] Call Trace: [ 25.285723][ T388] bpf_link_put+0x1e9/0x270 [ 25.290243][ T388] bpf_link_release+0x3b/0x40 [ 25.294912][ T388] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.300570][ T388] __fput+0x348/0x7c0 [ 25.304538][ T388] ____fput+0x15/0x20 [ 25.308524][ T388] task_work_run+0x147/0x1b0 [ 25.313108][ T388] ptrace_notify+0x29a/0x340 [ 25.317669][ T388] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.322882][ T388] ? do_notify_parent+0xa60/0xa60 [ 25.327896][ T388] ? __close_fd+0x290/0x290 [ 25.332408][ T388] ? __ia32_sys_open+0x270/0x270 [ 25.337336][ T388] syscall_exit_work+0x7c/0x130 [ 25.342188][ T388] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.347634][ T388] do_syscall_64+0x40/0x70 [ 25.352059][ T388] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.357970][ T388] RIP: 0033:0x7fd873cc3199 [ 25.362359][ T388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.381971][ T388] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.390409][ T388] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 25.398373][ T388] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 25.406319][ T388] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 25.414290][ T388] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 25.422268][ T388] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000006 [pid 388] close_range(3, 4294967295, 0) = 0 [pid 388] close(3) = -1 EBADF (Bad file descriptor) [pid 388] close(4) = -1 EBADF (Bad file descriptor) [pid 388] close(5) = -1 EBADF (Bad file descriptor) [pid 388] close(6) = -1 EBADF (Bad file descriptor) [pid 388] close(7) = -1 EBADF (Bad file descriptor) [pid 388] close(8) = -1 EBADF (Bad file descriptor) [pid 388] close(9) = -1 EBADF (Bad file descriptor) [pid 388] close(10) = -1 EBADF (Bad file descriptor) [pid 388] close(11) = -1 EBADF (Bad file descriptor) [pid 388] close(12) = -1 EBADF (Bad file descriptor) [pid 388] close(13) = -1 EBADF (Bad file descriptor) [pid 388] close(14) = -1 EBADF (Bad file descriptor) [pid 388] close(15) = -1 EBADF (Bad file descriptor) [pid 388] close(16) = -1 EBADF (Bad file descriptor) [pid 388] close(17) = -1 EBADF (Bad file descriptor) [pid 388] close(18) = -1 EBADF (Bad file descriptor) [pid 388] close(19) = -1 EBADF (Bad file descriptor) [pid 388] close(20) = -1 EBADF (Bad file descriptor) [pid 388] close(21) = -1 EBADF (Bad file descriptor) [pid 388] close(22) = -1 EBADF (Bad file descriptor) [pid 388] close(23) = -1 EBADF (Bad file descriptor) [pid 388] close(24) = -1 EBADF (Bad file descriptor) [pid 388] close(25) = -1 EBADF (Bad file descriptor) [pid 388] close(26) = -1 EBADF (Bad file descriptor) [pid 388] close(27) = -1 EBADF (Bad file descriptor) [pid 388] close(28) = -1 EBADF (Bad file descriptor) [pid 388] close(29) = -1 EBADF (Bad file descriptor) [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./6/binderfs") = 0 [pid 381] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./6/cgroup") = 0 [pid 381] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./6/cgroup.net") = 0 [pid 381] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./6/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./6") = 0 [pid 381] mkdir("./7", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 389 attached , child_tidptr=0x555555b1f5d0) = 9 [pid 389] chdir("./7") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 389] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 389] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 389] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 389] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 389] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 389] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 389] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 389] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 389] write(10, "1", 1) = 1 [ 25.430249][ T388] ---[ end trace 246292e9e8cb5739 ]--- [ 25.453693][ T389] FAULT_INJECTION: forcing a failure. [ 25.453693][ T389] name failslab, interval 1, probability 0, space 0, times 0 [ 25.466463][ T389] CPU: 0 PID: 389 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 25.478082][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.488114][ T389] Call Trace: [ 25.491380][ T389] dump_stack_lvl+0x1e2/0x24b [ 25.496032][ T389] ? panic+0x7d7/0x7d7 [ 25.500078][ T389] ? bfq_pos_tree_add_move+0x43e/0x43e [ 25.505506][ T389] dump_stack+0x15/0x17 [ 25.509634][ T389] should_fail+0x3c0/0x510 [ 25.514029][ T389] ? bpf_prog_array_alloc+0x40/0x60 [ 25.519205][ T389] __should_failslab+0x9f/0xe0 [ 25.523942][ T389] should_failslab+0x9/0x20 [ 25.528417][ T389] __kmalloc+0x60/0x360 [ 25.532544][ T389] bpf_prog_array_alloc+0x40/0x60 [ 25.537542][ T389] compute_effective_progs+0x2de/0x6e0 [ 25.542974][ T389] update_effective_progs+0x79/0x320 [ 25.548233][ T389] __cgroup_bpf_detach+0x312/0x570 [ 25.553321][ T389] bpf_cgroup_link_release+0x94/0x260 [ 25.558666][ T389] bpf_link_put+0x1e9/0x270 [ 25.563143][ T389] bpf_link_release+0x3b/0x40 [ 25.567793][ T389] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.573405][ T389] __fput+0x348/0x7c0 [ 25.577369][ T389] ____fput+0x15/0x20 [ 25.581325][ T389] task_work_run+0x147/0x1b0 [ 25.585894][ T389] ptrace_notify+0x29a/0x340 [ 25.590461][ T389] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.595642][ T389] ? do_notify_parent+0xa60/0xa60 [ 25.600639][ T389] ? __close_fd+0x290/0x290 [ 25.605113][ T389] ? __ia32_sys_open+0x270/0x270 [ 25.610022][ T389] syscall_exit_work+0x7c/0x130 [ 25.614846][ T389] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.620280][ T389] do_syscall_64+0x40/0x70 [ 25.624677][ T389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.630552][ T389] RIP: 0033:0x7fd873cc3199 [ 25.634943][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.654519][ T389] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.662901][ T389] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 25.670846][ T389] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 25.678790][ T389] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 25.686737][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 25.694705][ T389] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000007 [ 25.703054][ T389] ------------[ cut here ]------------ [ 25.708529][ T389] WARNING: CPU: 0 PID: 389 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 25.718407][ T389] Modules linked in: [ 25.722290][ T389] CPU: 0 PID: 389 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 25.733913][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.743984][ T389] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 25.750226][ T389] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 25.769836][ T389] RSP: 0018:ffffc9000093fc78 EFLAGS: 00010293 [ 25.775885][ T389] RAX: ffffffff8187d597 RBX: ffff88810a051850 RCX: ffff888106582780 [ 25.783858][ T389] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 25.791830][ T389] RBP: ffffc9000093fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 25.799807][ T389] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 25.807768][ T389] R13: 1ffff1102140a30a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 25.815746][ T389] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.824681][ T389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.831317][ T389] CR2: 00007fd873d35140 CR3: 0000000117816000 CR4: 00000000003506b0 [ 25.839335][ T389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.847282][ T389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.855273][ T389] Call Trace: [ 25.858571][ T389] bpf_link_put+0x1e9/0x270 [ 25.863051][ T389] bpf_link_release+0x3b/0x40 [ 25.867699][ T389] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 25.873356][ T389] __fput+0x348/0x7c0 [ 25.877331][ T389] ____fput+0x15/0x20 [ 25.881315][ T389] task_work_run+0x147/0x1b0 [ 25.885897][ T389] ptrace_notify+0x29a/0x340 [ 25.890500][ T389] ? _raw_spin_unlock_irq+0x4e/0x70 [ 25.895684][ T389] ? do_notify_parent+0xa60/0xa60 [ 25.900711][ T389] ? __close_fd+0x290/0x290 [ 25.905617][ T389] ? __ia32_sys_open+0x270/0x270 [ 25.910567][ T389] syscall_exit_work+0x7c/0x130 [ 25.915412][ T389] syscall_exit_to_user_mode+0x6a/0xa0 [ 25.920891][ T389] do_syscall_64+0x40/0x70 [ 25.925295][ T389] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.931186][ T389] RIP: 0033:0x7fd873cc3199 [ 25.935681][ T389] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 25.955297][ T389] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 25.963741][ T389] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 25.972664][ T389] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 25.980641][ T389] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 25.988630][ T389] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [pid 389] close_range(3, 4294967295, 0) = 0 [pid 389] close(3) = -1 EBADF (Bad file descriptor) [pid 389] close(4) = -1 EBADF (Bad file descriptor) [pid 389] close(5) = -1 EBADF (Bad file descriptor) [pid 389] close(6) = -1 EBADF (Bad file descriptor) [pid 389] close(7) = -1 EBADF (Bad file descriptor) [pid 389] close(8) = -1 EBADF (Bad file descriptor) [pid 389] close(9) = -1 EBADF (Bad file descriptor) [pid 389] close(10) = -1 EBADF (Bad file descriptor) [pid 389] close(11) = -1 EBADF (Bad file descriptor) [pid 389] close(12) = -1 EBADF (Bad file descriptor) [pid 389] close(13) = -1 EBADF (Bad file descriptor) [pid 389] close(14) = -1 EBADF (Bad file descriptor) [pid 389] close(15) = -1 EBADF (Bad file descriptor) [pid 389] close(16) = -1 EBADF (Bad file descriptor) [pid 389] close(17) = -1 EBADF (Bad file descriptor) [pid 389] close(18) = -1 EBADF (Bad file descriptor) [pid 389] close(19) = -1 EBADF (Bad file descriptor) [pid 389] close(20) = -1 EBADF (Bad file descriptor) [pid 389] close(21) = -1 EBADF (Bad file descriptor) [pid 389] close(22) = -1 EBADF (Bad file descriptor) [pid 389] close(23) = -1 EBADF (Bad file descriptor) [pid 389] close(24) = -1 EBADF (Bad file descriptor) [pid 389] close(25) = -1 EBADF (Bad file descriptor) [pid 389] close(26) = -1 EBADF (Bad file descriptor) [pid 389] close(27) = -1 EBADF (Bad file descriptor) [pid 389] close(28) = -1 EBADF (Bad file descriptor) [pid 389] close(29) = -1 EBADF (Bad file descriptor) [pid 389] exit_group(0) = ? [pid 389] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./7/binderfs") = 0 [pid 381] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./7/cgroup") = 0 [pid 381] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./7/cgroup.net") = 0 [pid 381] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./7/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./7") = 0 [pid 381] mkdir("./8", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 10 ./strace-static-x86_64: Process 390 attached [pid 390] chdir("./8") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 390] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 390] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 390] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 390] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 390] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 390] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 390] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 390] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 390] write(10, "1", 1) = 1 [ 26.001667][ T389] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000007 [ 26.009649][ T389] ---[ end trace 246292e9e8cb573a ]--- [ 26.030978][ T390] FAULT_INJECTION: forcing a failure. [ 26.030978][ T390] name failslab, interval 1, probability 0, space 0, times 0 [ 26.043605][ T390] CPU: 1 PID: 390 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 26.055199][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.065227][ T390] Call Trace: [ 26.068493][ T390] dump_stack_lvl+0x1e2/0x24b [ 26.073144][ T390] ? panic+0x7d7/0x7d7 [ 26.077189][ T390] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.082633][ T390] dump_stack+0x15/0x17 [ 26.086777][ T390] should_fail+0x3c0/0x510 [ 26.091166][ T390] ? bpf_prog_array_alloc+0x40/0x60 [ 26.096345][ T390] __should_failslab+0x9f/0xe0 [ 26.101089][ T390] should_failslab+0x9/0x20 [ 26.105577][ T390] __kmalloc+0x60/0x360 [ 26.109724][ T390] bpf_prog_array_alloc+0x40/0x60 [ 26.114741][ T390] compute_effective_progs+0x2de/0x6e0 [ 26.120177][ T390] update_effective_progs+0x79/0x320 [ 26.125437][ T390] __cgroup_bpf_detach+0x312/0x570 [ 26.130522][ T390] bpf_cgroup_link_release+0x94/0x260 [ 26.135864][ T390] bpf_link_put+0x1e9/0x270 [ 26.140341][ T390] bpf_link_release+0x3b/0x40 [ 26.144993][ T390] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.150608][ T390] __fput+0x348/0x7c0 [ 26.154574][ T390] ____fput+0x15/0x20 [ 26.158536][ T390] task_work_run+0x147/0x1b0 [ 26.163104][ T390] ptrace_notify+0x29a/0x340 [ 26.167696][ T390] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.172869][ T390] ? do_notify_parent+0xa60/0xa60 [ 26.177870][ T390] ? __close_fd+0x290/0x290 [ 26.182360][ T390] ? __ia32_sys_open+0x270/0x270 [ 26.187283][ T390] syscall_exit_work+0x7c/0x130 [ 26.192111][ T390] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.197556][ T390] do_syscall_64+0x40/0x70 [ 26.201965][ T390] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.207831][ T390] RIP: 0033:0x7fd873cc3199 [ 26.212222][ T390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.231812][ T390] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.240207][ T390] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 26.248165][ T390] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 26.256120][ T390] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 26.264073][ T390] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 26.272030][ T390] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000008 [ 26.280157][ T390] ------------[ cut here ]------------ [ 26.285701][ T390] WARNING: CPU: 0 PID: 390 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 26.295804][ T390] Modules linked in: [ 26.299851][ T390] CPU: 1 PID: 390 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 26.311521][ T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.321698][ T390] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 26.328060][ T390] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 26.347859][ T390] RSP: 0018:ffffc9000093fc78 EFLAGS: 00010293 [ 26.354101][ T390] RAX: ffffffff8187d597 RBX: ffff888101f843d0 RCX: ffff8881065862c0 [ 26.362229][ T390] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 26.370332][ T390] RBP: ffffc9000093fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 26.378431][ T390] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 26.386821][ T390] R13: 1ffff110203f087a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 26.394905][ T390] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.403898][ T390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.410570][ T390] CR2: 00007fd873d35140 CR3: 0000000117816000 CR4: 00000000003506b0 [ 26.418634][ T390] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.426582][ T390] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.434661][ T390] Call Trace: [ 26.437960][ T390] bpf_link_put+0x1e9/0x270 [ 26.442463][ T390] bpf_link_release+0x3b/0x40 [ 26.447128][ T390] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.452773][ T390] __fput+0x348/0x7c0 [ 26.456747][ T390] ____fput+0x15/0x20 [ 26.460729][ T390] task_work_run+0x147/0x1b0 [ 26.465310][ T390] ptrace_notify+0x29a/0x340 [ 26.469896][ T390] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.475085][ T390] ? do_notify_parent+0xa60/0xa60 [ 26.480115][ T390] ? __close_fd+0x290/0x290 [ 26.484613][ T390] ? __ia32_sys_open+0x270/0x270 [ 26.489553][ T390] syscall_exit_work+0x7c/0x130 [ 26.494402][ T390] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.499857][ T390] do_syscall_64+0x40/0x70 [ 26.504267][ T390] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.510187][ T390] RIP: 0033:0x7fd873cc3199 [ 26.514589][ T390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.534204][ T390] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.542644][ T390] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 26.550619][ T390] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [pid 390] close_range(3, 4294967295, 0) = 0 [pid 390] close(3) = -1 EBADF (Bad file descriptor) [pid 390] close(4) = -1 EBADF (Bad file descriptor) [pid 390] close(5) = -1 EBADF (Bad file descriptor) [pid 390] close(6) = -1 EBADF (Bad file descriptor) [pid 390] close(7) = -1 EBADF (Bad file descriptor) [pid 390] close(8) = -1 EBADF (Bad file descriptor) [pid 390] close(9) = -1 EBADF (Bad file descriptor) [pid 390] close(10) = -1 EBADF (Bad file descriptor) [pid 390] close(11) = -1 EBADF (Bad file descriptor) [pid 390] close(12) = -1 EBADF (Bad file descriptor) [pid 390] close(13) = -1 EBADF (Bad file descriptor) [pid 390] close(14) = -1 EBADF (Bad file descriptor) [pid 390] close(15) = -1 EBADF (Bad file descriptor) [pid 390] close(16) = -1 EBADF (Bad file descriptor) [pid 390] close(17) = -1 EBADF (Bad file descriptor) [pid 390] close(18) = -1 EBADF (Bad file descriptor) [pid 390] close(19) = -1 EBADF (Bad file descriptor) [pid 390] close(20) = -1 EBADF (Bad file descriptor) [pid 390] close(21) = -1 EBADF (Bad file descriptor) [pid 390] close(22) = -1 EBADF (Bad file descriptor) [pid 390] close(23) = -1 EBADF (Bad file descriptor) [pid 390] close(24) = -1 EBADF (Bad file descriptor) [pid 390] close(25) = -1 EBADF (Bad file descriptor) [pid 390] close(26) = -1 EBADF (Bad file descriptor) [pid 390] close(27) = -1 EBADF (Bad file descriptor) [pid 390] close(28) = -1 EBADF (Bad file descriptor) [pid 390] close(29) = -1 EBADF (Bad file descriptor) [pid 390] exit_group(0) = ? [pid 390] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./8/binderfs") = 0 [pid 381] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./8/cgroup") = 0 [pid 381] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./8/cgroup.net") = 0 [pid 381] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./8/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./8") = 0 [pid 381] mkdir("./9", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 11 ./strace-static-x86_64: Process 391 attached [pid 391] chdir("./9") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 391] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 391] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 391] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 391] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 391] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 391] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 391] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 391] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 391] write(10, "1", 1) = 1 [ 26.558594][ T390] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 26.566545][ T390] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 26.574522][ T390] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000008 [ 26.582491][ T390] ---[ end trace 246292e9e8cb573b ]--- [ 26.604545][ T391] FAULT_INJECTION: forcing a failure. [ 26.604545][ T391] name failslab, interval 1, probability 0, space 0, times 0 [ 26.617319][ T391] CPU: 1 PID: 391 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 26.628933][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.638970][ T391] Call Trace: [ 26.642258][ T391] dump_stack_lvl+0x1e2/0x24b [ 26.646906][ T391] ? panic+0x7d7/0x7d7 [ 26.650949][ T391] ? bfq_pos_tree_add_move+0x43e/0x43e [ 26.656380][ T391] dump_stack+0x15/0x17 [ 26.660508][ T391] should_fail+0x3c0/0x510 [ 26.664900][ T391] ? bpf_prog_array_alloc+0x40/0x60 [ 26.670076][ T391] __should_failslab+0x9f/0xe0 [ 26.674812][ T391] should_failslab+0x9/0x20 [ 26.679287][ T391] __kmalloc+0x60/0x360 [ 26.683417][ T391] bpf_prog_array_alloc+0x40/0x60 [ 26.688413][ T391] compute_effective_progs+0x2de/0x6e0 [ 26.693846][ T391] update_effective_progs+0x79/0x320 [ 26.699101][ T391] __cgroup_bpf_detach+0x312/0x570 [ 26.704186][ T391] bpf_cgroup_link_release+0x94/0x260 [ 26.709528][ T391] bpf_link_put+0x1e9/0x270 [ 26.714006][ T391] bpf_link_release+0x3b/0x40 [ 26.718703][ T391] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 26.724316][ T391] __fput+0x348/0x7c0 [ 26.728281][ T391] ____fput+0x15/0x20 [ 26.732236][ T391] task_work_run+0x147/0x1b0 [ 26.736801][ T391] ptrace_notify+0x29a/0x340 [ 26.741360][ T391] ? _raw_spin_unlock_irq+0x4e/0x70 [ 26.747400][ T391] ? do_notify_parent+0xa60/0xa60 [ 26.752396][ T391] ? __close_fd+0x290/0x290 [ 26.756871][ T391] ? __ia32_sys_open+0x270/0x270 [ 26.761785][ T391] syscall_exit_work+0x7c/0x130 [ 26.766609][ T391] syscall_exit_to_user_mode+0x6a/0xa0 [ 26.772052][ T391] do_syscall_64+0x40/0x70 [ 26.776449][ T391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.782312][ T391] RIP: 0033:0x7fd873cc3199 [ 26.786700][ T391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 26.806280][ T391] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 26.814671][ T391] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 26.822628][ T391] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 26.830575][ T391] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 26.838521][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 26.846469][ T391] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000009 [ 26.854731][ T391] ------------[ cut here ]------------ [ 26.860313][ T391] WARNING: CPU: 0 PID: 391 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 26.870360][ T391] Modules linked in: [ 26.874323][ T391] CPU: 0 PID: 391 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 26.886061][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.896271][ T391] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 26.902622][ T391] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 26.922313][ T391] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 26.928461][ T391] RAX: ffffffff8187d597 RBX: ffff88810a335b50 RCX: ffff888106583b40 [ 26.936415][ T391] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 26.944522][ T391] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 26.952576][ T391] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 26.960628][ T391] R13: 1ffff11021466b6a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 26.968712][ T391] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.977718][ T391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.984423][ T391] CR2: 00007fd873cf3040 CR3: 0000000119c02000 CR4: 00000000003506b0 [ 26.992528][ T391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.000639][ T391] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.008738][ T391] Call Trace: [ 27.012098][ T391] bpf_link_put+0x1e9/0x270 [ 27.016648][ T391] bpf_link_release+0x3b/0x40 [ 27.021436][ T391] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.027147][ T391] __fput+0x348/0x7c0 [ 27.031243][ T391] ____fput+0x15/0x20 [ 27.035284][ T391] task_work_run+0x147/0x1b0 [ 27.039981][ T391] ptrace_notify+0x29a/0x340 [ 27.044630][ T391] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.049939][ T391] ? do_notify_parent+0xa60/0xa60 [ 27.055026][ T391] ? __close_fd+0x290/0x290 [ 27.059645][ T391] ? __ia32_sys_open+0x270/0x270 [ 27.064661][ T391] syscall_exit_work+0x7c/0x130 [ 27.069628][ T391] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.075157][ T391] do_syscall_64+0x40/0x70 [ 27.079685][ T391] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.085640][ T391] RIP: 0033:0x7fd873cc3199 [ 27.090174][ T391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.109912][ T391] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.118525][ T391] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 27.126606][ T391] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 27.134716][ T391] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 27.142742][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 27.150732][ T391] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000009 [pid 391] close_range(3, 4294967295, 0) = 0 [pid 391] close(3) = -1 EBADF (Bad file descriptor) [pid 391] close(4) = -1 EBADF (Bad file descriptor) [pid 391] close(5) = -1 EBADF (Bad file descriptor) [pid 391] close(6) = -1 EBADF (Bad file descriptor) [pid 391] close(7) = -1 EBADF (Bad file descriptor) [pid 391] close(8) = -1 EBADF (Bad file descriptor) [pid 391] close(9) = -1 EBADF (Bad file descriptor) [pid 391] close(10) = -1 EBADF (Bad file descriptor) [pid 391] close(11) = -1 EBADF (Bad file descriptor) [pid 391] close(12) = -1 EBADF (Bad file descriptor) [pid 391] close(13) = -1 EBADF (Bad file descriptor) [pid 391] close(14) = -1 EBADF (Bad file descriptor) [pid 391] close(15) = -1 EBADF (Bad file descriptor) [pid 391] close(16) = -1 EBADF (Bad file descriptor) [pid 391] close(17) = -1 EBADF (Bad file descriptor) [pid 391] close(18) = -1 EBADF (Bad file descriptor) [pid 391] close(19) = -1 EBADF (Bad file descriptor) [pid 391] close(20) = -1 EBADF (Bad file descriptor) [pid 391] close(21) = -1 EBADF (Bad file descriptor) [pid 391] close(22) = -1 EBADF (Bad file descriptor) [pid 391] close(23) = -1 EBADF (Bad file descriptor) [pid 391] close(24) = -1 EBADF (Bad file descriptor) [pid 391] close(25) = -1 EBADF (Bad file descriptor) [pid 391] close(26) = -1 EBADF (Bad file descriptor) [pid 391] close(27) = -1 EBADF (Bad file descriptor) [pid 391] close(28) = -1 EBADF (Bad file descriptor) [pid 391] close(29) = -1 EBADF (Bad file descriptor) [pid 391] exit_group(0) = ? [pid 391] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./9/binderfs") = 0 [pid 381] umount2("./9/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./9/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./9/cgroup") = 0 [pid 381] umount2("./9/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./9/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./9/cgroup.net") = 0 [pid 381] umount2("./9/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./9/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./9/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./9") = 0 [pid 381] mkdir("./10", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 12 ./strace-static-x86_64: Process 392 attached [pid 392] chdir("./10") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 392] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 392] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 392] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 392] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 392] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 392] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 392] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 392] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 392] write(10, "1", 1) = 1 [ 27.158713][ T391] ---[ end trace 246292e9e8cb573c ]--- [ 27.182818][ T392] FAULT_INJECTION: forcing a failure. [ 27.182818][ T392] name failslab, interval 1, probability 0, space 0, times 0 [ 27.195442][ T392] CPU: 1 PID: 392 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 27.207037][ T392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.217071][ T392] Call Trace: [ 27.220345][ T392] dump_stack_lvl+0x1e2/0x24b [ 27.224998][ T392] ? panic+0x7d7/0x7d7 [ 27.229045][ T392] ? bfq_pos_tree_add_move+0x43e/0x43e [ 27.234479][ T392] dump_stack+0x15/0x17 [ 27.238612][ T392] should_fail+0x3c0/0x510 [ 27.243004][ T392] ? bpf_prog_array_alloc+0x40/0x60 [ 27.248182][ T392] __should_failslab+0x9f/0xe0 [ 27.252926][ T392] should_failslab+0x9/0x20 [ 27.257407][ T392] __kmalloc+0x60/0x360 [ 27.261539][ T392] bpf_prog_array_alloc+0x40/0x60 [ 27.266545][ T392] compute_effective_progs+0x2de/0x6e0 [ 27.271981][ T392] update_effective_progs+0x79/0x320 [ 27.277246][ T392] __cgroup_bpf_detach+0x312/0x570 [ 27.282338][ T392] bpf_cgroup_link_release+0x94/0x260 [ 27.287686][ T392] bpf_link_put+0x1e9/0x270 [ 27.292169][ T392] bpf_link_release+0x3b/0x40 [ 27.296822][ T392] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.302430][ T392] __fput+0x348/0x7c0 [ 27.306392][ T392] ____fput+0x15/0x20 [ 27.310353][ T392] task_work_run+0x147/0x1b0 [ 27.314922][ T392] ptrace_notify+0x29a/0x340 [ 27.319493][ T392] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.324669][ T392] ? do_notify_parent+0xa60/0xa60 [ 27.329670][ T392] ? __close_fd+0x290/0x290 [ 27.334149][ T392] ? __ia32_sys_open+0x270/0x270 [ 27.339068][ T392] syscall_exit_work+0x7c/0x130 [ 27.343900][ T392] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.349335][ T392] do_syscall_64+0x40/0x70 [ 27.353728][ T392] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.359598][ T392] RIP: 0033:0x7fd873cc3199 [ 27.363992][ T392] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.383610][ T392] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.391999][ T392] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 27.399947][ T392] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 27.407895][ T392] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 27.415845][ T392] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 27.423795][ T392] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000a [ 27.432055][ T392] ------------[ cut here ]------------ [ 27.433885][ T23] kauditd_printk_skb: 5 callbacks suppressed [ 27.433895][ T23] audit: type=1400 audit(1652333728.969:88): avc: denied { remove_name } for pid=142 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 27.437522][ T392] WARNING: CPU: 0 PID: 392 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 27.443723][ T23] audit: type=1400 audit(1652333728.969:89): avc: denied { rename } for pid=142 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 27.466189][ T392] Modules linked in: [ 27.501785][ T392] CPU: 0 PID: 392 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 27.513425][ T392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.523494][ T392] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 27.529738][ T392] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 27.549342][ T392] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 27.555392][ T392] RAX: ffffffff8187d597 RBX: ffff88810a3358d0 RCX: ffff88810658bb40 [ 27.563365][ T392] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 27.571334][ T392] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 27.579303][ T392] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 27.587263][ T392] R13: 1ffff11021466b1a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 27.595249][ T392] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 27.604190][ T392] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.610761][ T392] CR2: 00007ffe7f9af038 CR3: 000000010a1a4000 CR4: 00000000003506b0 [ 27.618742][ T392] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.626697][ T392] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.634666][ T392] Call Trace: [ 27.637962][ T392] bpf_link_put+0x1e9/0x270 [ 27.642441][ T392] bpf_link_release+0x3b/0x40 [ 27.647093][ T392] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.652745][ T392] __fput+0x348/0x7c0 [ 27.656713][ T392] ____fput+0x15/0x20 [ 27.660693][ T392] task_work_run+0x147/0x1b0 [ 27.665273][ T392] ptrace_notify+0x29a/0x340 [ 27.669860][ T392] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.675050][ T392] ? do_notify_parent+0xa60/0xa60 [ 27.680081][ T392] ? __close_fd+0x290/0x290 [ 27.684576][ T392] ? __ia32_sys_open+0x270/0x270 [ 27.689511][ T392] syscall_exit_work+0x7c/0x130 [ 27.694355][ T392] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.699810][ T392] do_syscall_64+0x40/0x70 [ 27.704216][ T392] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.710131][ T392] RIP: 0033:0x7fd873cc3199 [ 27.714528][ T392] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 27.734130][ T392] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 27.742566][ T392] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 27.750533][ T392] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 27.758498][ T392] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 27.766442][ T392] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 27.774416][ T392] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000a [pid 392] close_range(3, 4294967295, 0) = 0 [pid 392] close(3) = -1 EBADF (Bad file descriptor) [pid 392] close(4) = -1 EBADF (Bad file descriptor) [pid 392] close(5) = -1 EBADF (Bad file descriptor) [pid 392] close(6) = -1 EBADF (Bad file descriptor) [pid 392] close(7) = -1 EBADF (Bad file descriptor) [pid 392] close(8) = -1 EBADF (Bad file descriptor) [pid 392] close(9) = -1 EBADF (Bad file descriptor) [pid 392] close(10) = -1 EBADF (Bad file descriptor) [pid 392] close(11) = -1 EBADF (Bad file descriptor) [pid 392] close(12) = -1 EBADF (Bad file descriptor) [pid 392] close(13) = -1 EBADF (Bad file descriptor) [pid 392] close(14) = -1 EBADF (Bad file descriptor) [pid 392] close(15) = -1 EBADF (Bad file descriptor) [pid 392] close(16) = -1 EBADF (Bad file descriptor) [pid 392] close(17) = -1 EBADF (Bad file descriptor) [pid 392] close(18) = -1 EBADF (Bad file descriptor) [pid 392] close(19) = -1 EBADF (Bad file descriptor) [pid 392] close(20) = -1 EBADF (Bad file descriptor) [pid 392] close(21) = -1 EBADF (Bad file descriptor) [pid 392] close(22) = -1 EBADF (Bad file descriptor) [pid 392] close(23) = -1 EBADF (Bad file descriptor) [pid 392] close(24) = -1 EBADF (Bad file descriptor) [pid 392] close(25) = -1 EBADF (Bad file descriptor) [pid 392] close(26) = -1 EBADF (Bad file descriptor) [pid 392] close(27) = -1 EBADF (Bad file descriptor) [pid 392] close(28) = -1 EBADF (Bad file descriptor) [pid 392] close(29) = -1 EBADF (Bad file descriptor) [pid 392] exit_group(0) = ? [pid 392] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./10/binderfs") = 0 [pid 381] umount2("./10/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./10/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./10/cgroup") = 0 [pid 381] umount2("./10/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./10/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./10/cgroup.net") = 0 [pid 381] umount2("./10/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./10/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./10/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./10") = 0 [pid 381] mkdir("./11", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 393 attached [pid 393] chdir("./11" [pid 381] <... clone resumed>, child_tidptr=0x555555b1f5d0) = 13 [pid 393] <... chdir resumed>) = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 393] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 393] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 393] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 393] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 393] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 393] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 393] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 393] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 393] write(10, "1", 1) = 1 [ 27.782388][ T392] ---[ end trace 246292e9e8cb573d ]--- [ 27.808549][ T393] FAULT_INJECTION: forcing a failure. [ 27.808549][ T393] name failslab, interval 1, probability 0, space 0, times 0 [ 27.821245][ T393] CPU: 1 PID: 393 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 27.832835][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.842860][ T393] Call Trace: [ 27.846123][ T393] dump_stack_lvl+0x1e2/0x24b [ 27.850767][ T393] ? panic+0x7d7/0x7d7 [ 27.854806][ T393] ? bfq_pos_tree_add_move+0x43e/0x43e [ 27.860231][ T393] dump_stack+0x15/0x17 [ 27.864355][ T393] should_fail+0x3c0/0x510 [ 27.868742][ T393] ? bpf_prog_array_alloc+0x40/0x60 [ 27.873907][ T393] __should_failslab+0x9f/0xe0 [ 27.878637][ T393] should_failslab+0x9/0x20 [ 27.883110][ T393] __kmalloc+0x60/0x360 [ 27.887237][ T393] bpf_prog_array_alloc+0x40/0x60 [ 27.892230][ T393] compute_effective_progs+0x2de/0x6e0 [ 27.897655][ T393] update_effective_progs+0x79/0x320 [ 27.902909][ T393] __cgroup_bpf_detach+0x312/0x570 [ 27.907995][ T393] bpf_cgroup_link_release+0x94/0x260 [ 27.913337][ T393] bpf_link_put+0x1e9/0x270 [ 27.917807][ T393] bpf_link_release+0x3b/0x40 [ 27.922452][ T393] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 27.928057][ T393] __fput+0x348/0x7c0 [ 27.932007][ T393] ____fput+0x15/0x20 [ 27.935956][ T393] task_work_run+0x147/0x1b0 [ 27.940519][ T393] ptrace_notify+0x29a/0x340 [ 27.945088][ T393] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.950387][ T393] ? do_notify_parent+0xa60/0xa60 [ 27.955876][ T393] ? __close_fd+0x290/0x290 [ 27.960354][ T393] ? __ia32_sys_open+0x270/0x270 [ 27.965266][ T393] syscall_exit_work+0x7c/0x130 [ 27.970095][ T393] syscall_exit_to_user_mode+0x6a/0xa0 [ 27.975525][ T393] do_syscall_64+0x40/0x70 [ 27.979915][ T393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.985779][ T393] RIP: 0033:0x7fd873cc3199 [ 27.990171][ T393] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.009748][ T393] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.018139][ T393] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 28.026086][ T393] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 28.034038][ T393] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 28.041991][ T393] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 28.049936][ T393] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000b [ 28.058148][ T393] ------------[ cut here ]------------ [ 28.063729][ T393] WARNING: CPU: 0 PID: 393 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 28.073761][ T393] Modules linked in: [ 28.077646][ T393] CPU: 0 PID: 393 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 28.089430][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.099613][ T393] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 28.105840][ T393] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 28.125716][ T393] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 28.131873][ T393] RAX: ffffffff8187d597 RBX: ffff88810a335ed0 RCX: ffff888106584f00 [ 28.139918][ T393] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 28.147868][ T393] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 28.155852][ T393] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 28.163827][ T393] R13: 1ffff11021466bda R14: 00000000fffffff4 R15: ffff888104ffa000 [ 28.171798][ T393] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.180726][ T393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.187284][ T393] CR2: 00007fd873d35140 CR3: 000000010a329000 CR4: 00000000003506b0 [ 28.195259][ T393] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.203226][ T393] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.211285][ T393] Call Trace: [ 28.214558][ T393] bpf_link_put+0x1e9/0x270 [ 28.219061][ T393] bpf_link_release+0x3b/0x40 [ 28.223723][ T393] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.229356][ T393] __fput+0x348/0x7c0 [ 28.233326][ T393] ____fput+0x15/0x20 [ 28.237280][ T393] task_work_run+0x147/0x1b0 [ 28.241872][ T393] ptrace_notify+0x29a/0x340 [ 28.246453][ T393] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.251658][ T393] ? do_notify_parent+0xa60/0xa60 [ 28.256671][ T393] ? __close_fd+0x290/0x290 [ 28.261186][ T393] ? __ia32_sys_open+0x270/0x270 [ 28.266113][ T393] syscall_exit_work+0x7c/0x130 [ 28.270968][ T393] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.276424][ T393] do_syscall_64+0x40/0x70 [ 28.280842][ T393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.286721][ T393] RIP: 0033:0x7fd873cc3199 [ 28.291134][ T393] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.310738][ T393] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.319146][ T393] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 28.327100][ T393] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 28.335205][ T393] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 28.343185][ T393] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 28.351160][ T393] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000b [pid 393] close_range(3, 4294967295, 0) = 0 [pid 393] close(3) = -1 EBADF (Bad file descriptor) [pid 393] close(4) = -1 EBADF (Bad file descriptor) [pid 393] close(5) = -1 EBADF (Bad file descriptor) [pid 393] close(6) = -1 EBADF (Bad file descriptor) [pid 393] close(7) = -1 EBADF (Bad file descriptor) [pid 393] close(8) = -1 EBADF (Bad file descriptor) [pid 393] close(9) = -1 EBADF (Bad file descriptor) [pid 393] close(10) = -1 EBADF (Bad file descriptor) [pid 393] close(11) = -1 EBADF (Bad file descriptor) [pid 393] close(12) = -1 EBADF (Bad file descriptor) [pid 393] close(13) = -1 EBADF (Bad file descriptor) [pid 393] close(14) = -1 EBADF (Bad file descriptor) [pid 393] close(15) = -1 EBADF (Bad file descriptor) [pid 393] close(16) = -1 EBADF (Bad file descriptor) [pid 393] close(17) = -1 EBADF (Bad file descriptor) [pid 393] close(18) = -1 EBADF (Bad file descriptor) [pid 393] close(19) = -1 EBADF (Bad file descriptor) [pid 393] close(20) = -1 EBADF (Bad file descriptor) [pid 393] close(21) = -1 EBADF (Bad file descriptor) [pid 393] close(22) = -1 EBADF (Bad file descriptor) [pid 393] close(23) = -1 EBADF (Bad file descriptor) [pid 393] close(24) = -1 EBADF (Bad file descriptor) [pid 393] close(25) = -1 EBADF (Bad file descriptor) [pid 393] close(26) = -1 EBADF (Bad file descriptor) [pid 393] close(27) = -1 EBADF (Bad file descriptor) [pid 393] close(28) = -1 EBADF (Bad file descriptor) [pid 393] close(29) = -1 EBADF (Bad file descriptor) [pid 393] exit_group(0) = ? [pid 393] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./11/binderfs") = 0 [pid 381] umount2("./11/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./11/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./11/cgroup") = 0 [pid 381] umount2("./11/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./11/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./11/cgroup.net") = 0 [pid 381] umount2("./11/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./11/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./11/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./11") = 0 [pid 381] mkdir("./12", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 14 ./strace-static-x86_64: Process 394 attached [pid 394] chdir("./12") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 394] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 394] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 394] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 394] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 394] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 394] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 394] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 394] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 394] write(10, "1", 1) = 1 [ 28.359133][ T393] ---[ end trace 246292e9e8cb573e ]--- [ 28.380334][ T394] FAULT_INJECTION: forcing a failure. [ 28.380334][ T394] name failslab, interval 1, probability 0, space 0, times 0 [ 28.393097][ T394] CPU: 0 PID: 394 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 28.404692][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.414719][ T394] Call Trace: [ 28.417992][ T394] dump_stack_lvl+0x1e2/0x24b [ 28.422641][ T394] ? panic+0x7d7/0x7d7 [ 28.426681][ T394] ? bfq_pos_tree_add_move+0x43e/0x43e [ 28.432108][ T394] dump_stack+0x15/0x17 [ 28.436235][ T394] should_fail+0x3c0/0x510 [ 28.440620][ T394] ? bpf_prog_array_alloc+0x40/0x60 [ 28.445788][ T394] __should_failslab+0x9f/0xe0 [ 28.450525][ T394] should_failslab+0x9/0x20 [ 28.454998][ T394] __kmalloc+0x60/0x360 [ 28.459122][ T394] bpf_prog_array_alloc+0x40/0x60 [ 28.464119][ T394] compute_effective_progs+0x2de/0x6e0 [ 28.469556][ T394] update_effective_progs+0x79/0x320 [ 28.474818][ T394] __cgroup_bpf_detach+0x312/0x570 [ 28.479902][ T394] bpf_cgroup_link_release+0x94/0x260 [ 28.485246][ T394] bpf_link_put+0x1e9/0x270 [ 28.489717][ T394] bpf_link_release+0x3b/0x40 [ 28.494366][ T394] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.499968][ T394] __fput+0x348/0x7c0 [ 28.503920][ T394] ____fput+0x15/0x20 [ 28.507873][ T394] task_work_run+0x147/0x1b0 [ 28.512435][ T394] ptrace_notify+0x29a/0x340 [ 28.516993][ T394] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.522161][ T394] ? do_notify_parent+0xa60/0xa60 [ 28.527163][ T394] ? __close_fd+0x290/0x290 [ 28.531639][ T394] ? __ia32_sys_open+0x270/0x270 [ 28.536545][ T394] syscall_exit_work+0x7c/0x130 [ 28.541366][ T394] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.546796][ T394] do_syscall_64+0x40/0x70 [ 28.551184][ T394] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.557044][ T394] RIP: 0033:0x7fd873cc3199 [ 28.561432][ T394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.581016][ T394] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.589405][ T394] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 28.597355][ T394] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 28.605297][ T394] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 28.613369][ T394] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 28.621317][ T394] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000c [ 28.629727][ T394] ------------[ cut here ]------------ [ 28.635183][ T394] WARNING: CPU: 0 PID: 394 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 28.645099][ T394] Modules linked in: [ 28.648996][ T394] CPU: 0 PID: 394 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 28.660610][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.670666][ T394] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 28.676875][ T394] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 28.696482][ T394] RSP: 0018:ffffc9000096fc78 EFLAGS: 00010293 [ 28.702577][ T394] RAX: ffffffff8187d597 RBX: ffff88810a3097d0 RCX: ffff88810658cf00 [ 28.710568][ T394] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 28.718543][ T394] RBP: ffffc9000096fca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 28.726493][ T394] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 28.734461][ T394] R13: 1ffff110214612fa R14: 00000000fffffff4 R15: ffff888104ffa000 [ 28.742429][ T394] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.751376][ T394] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.757973][ T394] CR2: 00007ffe7f9af038 CR3: 000000010a321000 CR4: 00000000003506b0 [ 28.765923][ T394] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.773892][ T394] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.781873][ T394] Call Trace: [ 28.785144][ T394] bpf_link_put+0x1e9/0x270 [ 28.789706][ T394] bpf_link_release+0x3b/0x40 [ 28.794371][ T394] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 28.800021][ T394] __fput+0x348/0x7c0 [ 28.803999][ T394] ____fput+0x15/0x20 [ 28.808000][ T394] task_work_run+0x147/0x1b0 [ 28.812575][ T394] ptrace_notify+0x29a/0x340 [ 28.817143][ T394] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.822354][ T394] ? do_notify_parent+0xa60/0xa60 [ 28.827367][ T394] ? __close_fd+0x290/0x290 [ 28.831869][ T394] ? __ia32_sys_open+0x270/0x270 [ 28.836793][ T394] syscall_exit_work+0x7c/0x130 [ 28.841652][ T394] syscall_exit_to_user_mode+0x6a/0xa0 [ 28.847098][ T394] do_syscall_64+0x40/0x70 [ 28.851540][ T394] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.857414][ T394] RIP: 0033:0x7fd873cc3199 [ 28.861825][ T394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 28.881471][ T394] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 28.890241][ T394] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 28.898208][ T394] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [pid 394] close_range(3, 4294967295, 0) = 0 [pid 394] close(3) = -1 EBADF (Bad file descriptor) [pid 394] close(4) = -1 EBADF (Bad file descriptor) [pid 394] close(5) = -1 EBADF (Bad file descriptor) [pid 394] close(6) = -1 EBADF (Bad file descriptor) [pid 394] close(7) = -1 EBADF (Bad file descriptor) [pid 394] close(8) = -1 EBADF (Bad file descriptor) [pid 394] close(9) = -1 EBADF (Bad file descriptor) [pid 394] close(10) = -1 EBADF (Bad file descriptor) [pid 394] close(11) = -1 EBADF (Bad file descriptor) [pid 394] close(12) = -1 EBADF (Bad file descriptor) [pid 394] close(13) = -1 EBADF (Bad file descriptor) [pid 394] close(14) = -1 EBADF (Bad file descriptor) [pid 394] close(15) = -1 EBADF (Bad file descriptor) [pid 394] close(16) = -1 EBADF (Bad file descriptor) [pid 394] close(17) = -1 EBADF (Bad file descriptor) [pid 394] close(18) = -1 EBADF (Bad file descriptor) [pid 394] close(19) = -1 EBADF (Bad file descriptor) [pid 394] close(20) = -1 EBADF (Bad file descriptor) [pid 394] close(21) = -1 EBADF (Bad file descriptor) [pid 394] close(22) = -1 EBADF (Bad file descriptor) [pid 394] close(23) = -1 EBADF (Bad file descriptor) [pid 394] close(24) = -1 EBADF (Bad file descriptor) [pid 394] close(25) = -1 EBADF (Bad file descriptor) [pid 394] close(26) = -1 EBADF (Bad file descriptor) [pid 394] close(27) = -1 EBADF (Bad file descriptor) [pid 394] close(28) = -1 EBADF (Bad file descriptor) [pid 394] close(29) = -1 EBADF (Bad file descriptor) [pid 394] exit_group(0) = ? [pid 394] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./12/binderfs") = 0 [pid 381] umount2("./12/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./12/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./12/cgroup") = 0 [pid 381] umount2("./12/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./12/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./12/cgroup.net") = 0 [pid 381] umount2("./12/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./12/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./12/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./12") = 0 [pid 381] mkdir("./13", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 15 ./strace-static-x86_64: Process 395 attached [pid 395] chdir("./13") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 395] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 395] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 395] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 395] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 395] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 395] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 395] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 395] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 395] write(10, "1", 1) = 1 [ 28.906152][ T394] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 28.914234][ T394] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 28.922222][ T394] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000c [ 28.930203][ T394] ---[ end trace 246292e9e8cb573f ]--- [ 28.956355][ T395] FAULT_INJECTION: forcing a failure. [ 28.956355][ T395] name failslab, interval 1, probability 0, space 0, times 0 [ 28.969105][ T395] CPU: 0 PID: 395 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 28.980700][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.990726][ T395] Call Trace: [ 28.993993][ T395] dump_stack_lvl+0x1e2/0x24b [ 28.998641][ T395] ? panic+0x7d7/0x7d7 [ 29.002680][ T395] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.008107][ T395] dump_stack+0x15/0x17 [ 29.012235][ T395] should_fail+0x3c0/0x510 [ 29.016625][ T395] ? bpf_prog_array_alloc+0x40/0x60 [ 29.021796][ T395] __should_failslab+0x9f/0xe0 [ 29.026538][ T395] should_failslab+0x9/0x20 [ 29.031025][ T395] __kmalloc+0x60/0x360 [ 29.035161][ T395] bpf_prog_array_alloc+0x40/0x60 [ 29.040158][ T395] compute_effective_progs+0x2de/0x6e0 [ 29.045588][ T395] update_effective_progs+0x79/0x320 [ 29.050853][ T395] __cgroup_bpf_detach+0x312/0x570 [ 29.055948][ T395] bpf_cgroup_link_release+0x94/0x260 [ 29.061298][ T395] bpf_link_put+0x1e9/0x270 [ 29.065782][ T395] bpf_link_release+0x3b/0x40 [ 29.070428][ T395] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.076031][ T395] __fput+0x348/0x7c0 [ 29.079995][ T395] ____fput+0x15/0x20 [ 29.083958][ T395] task_work_run+0x147/0x1b0 [ 29.088522][ T395] ptrace_notify+0x29a/0x340 [ 29.093081][ T395] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.098249][ T395] ? do_notify_parent+0xa60/0xa60 [ 29.103251][ T395] ? __close_fd+0x290/0x290 [ 29.107734][ T395] ? __ia32_sys_open+0x270/0x270 [ 29.112648][ T395] syscall_exit_work+0x7c/0x130 [ 29.117480][ T395] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.122921][ T395] do_syscall_64+0x40/0x70 [ 29.127314][ T395] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 29.133176][ T395] RIP: 0033:0x7fd873cc3199 [ 29.137562][ T395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.157145][ T395] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 29.165545][ T395] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 29.173494][ T395] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 29.181448][ T395] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 29.189389][ T395] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 29.197332][ T395] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000d [ 29.205697][ T395] ------------[ cut here ]------------ [ 29.211261][ T395] WARNING: CPU: 0 PID: 395 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 29.221154][ T395] Modules linked in: [ 29.225038][ T395] CPU: 0 PID: 395 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 29.236656][ T395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.246717][ T395] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 29.252962][ T395] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 29.272574][ T395] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 29.278641][ T395] RAX: ffffffff8187d597 RBX: ffff88810a309c50 RCX: ffff8881067ea780 [ 29.286593][ T395] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 29.294567][ T395] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 29.302534][ T395] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 29.310500][ T395] R13: 1ffff1102146138a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 29.318481][ T395] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 29.327391][ T395] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.333989][ T395] CR2: 00007fd873d35140 CR3: 0000000119c04000 CR4: 00000000003506b0 [ 29.341992][ T395] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.349987][ T395] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.357959][ T395] Call Trace: [ 29.361225][ T395] bpf_link_put+0x1e9/0x270 [ 29.365698][ T395] bpf_link_release+0x3b/0x40 [ 29.370369][ T395] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.375990][ T395] __fput+0x348/0x7c0 [ 29.379967][ T395] ____fput+0x15/0x20 [ 29.383938][ T395] task_work_run+0x147/0x1b0 [ 29.388546][ T395] ptrace_notify+0x29a/0x340 [ 29.393118][ T395] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.398309][ T395] ? do_notify_parent+0xa60/0xa60 [ 29.403320][ T395] ? __close_fd+0x290/0x290 [ 29.407791][ T395] ? __ia32_sys_open+0x270/0x270 [ 29.412726][ T395] syscall_exit_work+0x7c/0x130 [ 29.417567][ T395] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.423026][ T395] do_syscall_64+0x40/0x70 [ 29.427429][ T395] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 29.433312][ T395] RIP: 0033:0x7fd873cc3199 [ 29.437713][ T395] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.457326][ T395] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 29.465735][ T395] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 29.473702][ T395] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 29.481667][ T395] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 29.489990][ T395] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 29.497963][ T395] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000d [pid 395] close_range(3, 4294967295, 0) = 0 [pid 395] close(3) = -1 EBADF (Bad file descriptor) [pid 395] close(4) = -1 EBADF (Bad file descriptor) [pid 395] close(5) = -1 EBADF (Bad file descriptor) [pid 395] close(6) = -1 EBADF (Bad file descriptor) [pid 395] close(7) = -1 EBADF (Bad file descriptor) [pid 395] close(8) = -1 EBADF (Bad file descriptor) [pid 395] close(9) = -1 EBADF (Bad file descriptor) [pid 395] close(10) = -1 EBADF (Bad file descriptor) [pid 395] close(11) = -1 EBADF (Bad file descriptor) [pid 395] close(12) = -1 EBADF (Bad file descriptor) [pid 395] close(13) = -1 EBADF (Bad file descriptor) [pid 395] close(14) = -1 EBADF (Bad file descriptor) [pid 395] close(15) = -1 EBADF (Bad file descriptor) [pid 395] close(16) = -1 EBADF (Bad file descriptor) [pid 395] close(17) = -1 EBADF (Bad file descriptor) [pid 395] close(18) = -1 EBADF (Bad file descriptor) [pid 395] close(19) = -1 EBADF (Bad file descriptor) [pid 395] close(20) = -1 EBADF (Bad file descriptor) [pid 395] close(21) = -1 EBADF (Bad file descriptor) [pid 395] close(22) = -1 EBADF (Bad file descriptor) [pid 395] close(23) = -1 EBADF (Bad file descriptor) [pid 395] close(24) = -1 EBADF (Bad file descriptor) [pid 395] close(25) = -1 EBADF (Bad file descriptor) [pid 395] close(26) = -1 EBADF (Bad file descriptor) [pid 395] close(27) = -1 EBADF (Bad file descriptor) [pid 395] close(28) = -1 EBADF (Bad file descriptor) [pid 395] close(29) = -1 EBADF (Bad file descriptor) [pid 395] exit_group(0) = ? [pid 395] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./13/binderfs") = 0 [pid 381] umount2("./13/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./13/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./13/cgroup") = 0 [pid 381] umount2("./13/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./13/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./13/cgroup.net") = 0 [pid 381] umount2("./13/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./13/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./13/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./13") = 0 [pid 381] mkdir("./14", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 396 attached , child_tidptr=0x555555b1f5d0) = 16 [pid 396] chdir("./14") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 396] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 396] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 396] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 396] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 396] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 396] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 396] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 396] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 396] write(10, "1", 1) = 1 [ 29.505920][ T395] ---[ end trace 246292e9e8cb5740 ]--- [ 29.525561][ T396] FAULT_INJECTION: forcing a failure. [ 29.525561][ T396] name failslab, interval 1, probability 0, space 0, times 0 [ 29.538316][ T396] CPU: 1 PID: 396 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 29.549909][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.559934][ T396] Call Trace: [ 29.563196][ T396] dump_stack_lvl+0x1e2/0x24b [ 29.567845][ T396] ? panic+0x7d7/0x7d7 [ 29.571885][ T396] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.577310][ T396] dump_stack+0x15/0x17 [ 29.581435][ T396] should_fail+0x3c0/0x510 [ 29.585822][ T396] ? bpf_prog_array_alloc+0x40/0x60 [ 29.590988][ T396] __should_failslab+0x9f/0xe0 [ 29.595731][ T396] should_failslab+0x9/0x20 [ 29.600298][ T396] __kmalloc+0x60/0x360 [ 29.604424][ T396] bpf_prog_array_alloc+0x40/0x60 [ 29.609423][ T396] compute_effective_progs+0x2de/0x6e0 [ 29.614854][ T396] update_effective_progs+0x79/0x320 [ 29.620108][ T396] __cgroup_bpf_detach+0x312/0x570 [ 29.625193][ T396] bpf_cgroup_link_release+0x94/0x260 [ 29.630537][ T396] bpf_link_put+0x1e9/0x270 [ 29.635008][ T396] bpf_link_release+0x3b/0x40 [ 29.639653][ T396] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.645256][ T396] __fput+0x348/0x7c0 [ 29.649206][ T396] ____fput+0x15/0x20 [ 29.653158][ T396] task_work_run+0x147/0x1b0 [ 29.657718][ T396] ptrace_notify+0x29a/0x340 [ 29.662278][ T396] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.667459][ T396] ? do_notify_parent+0xa60/0xa60 [ 29.672453][ T396] ? __close_fd+0x290/0x290 [ 29.676925][ T396] ? __ia32_sys_open+0x270/0x270 [ 29.681831][ T396] syscall_exit_work+0x7c/0x130 [ 29.686662][ T396] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.692090][ T396] do_syscall_64+0x40/0x70 [ 29.696476][ T396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 29.702338][ T396] RIP: 0033:0x7fd873cc3199 [ 29.706721][ T396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 29.726294][ T396] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 29.734676][ T396] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 29.742619][ T396] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 29.750562][ T396] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 29.758507][ T396] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 29.766451][ T396] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000e [ 29.774535][ T396] ------------[ cut here ]------------ [ 29.780184][ T396] WARNING: CPU: 0 PID: 396 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 29.790146][ T396] Modules linked in: [ 29.794032][ T396] CPU: 0 PID: 396 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 29.805661][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.815730][ T396] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 29.821971][ T396] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 29.841596][ T396] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 29.847636][ T396] RAX: ffffffff8187d597 RBX: ffff88810a646b50 RCX: ffff8881067ee2c0 [ 29.855604][ T396] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 29.863645][ T396] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 29.871633][ T396] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 29.879620][ T396] R13: 1ffff110214c8d6a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 29.887569][ T396] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 29.896499][ T396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.903083][ T396] CR2: 0000555555b1f5d0 CR3: 000000010a390000 CR4: 00000000003506b0 [ 29.911070][ T396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.919055][ T396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.927001][ T396] Call Trace: [ 29.930301][ T396] bpf_link_put+0x1e9/0x270 [ 29.934797][ T396] bpf_link_release+0x3b/0x40 [ 29.939482][ T396] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 29.945106][ T396] __fput+0x348/0x7c0 [ 29.949092][ T396] ____fput+0x15/0x20 [ 29.953064][ T396] task_work_run+0x147/0x1b0 [ 29.957634][ T396] ptrace_notify+0x29a/0x340 [ 29.962230][ T396] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.967418][ T396] ? do_notify_parent+0xa60/0xa60 [ 29.972443][ T396] ? __close_fd+0x290/0x290 [ 29.976930][ T396] ? __ia32_sys_open+0x270/0x270 [ 29.981872][ T396] syscall_exit_work+0x7c/0x130 [ 29.986717][ T396] syscall_exit_to_user_mode+0x6a/0xa0 [ 29.992174][ T396] do_syscall_64+0x40/0x70 [ 29.996580][ T396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 30.002472][ T396] RIP: 0033:0x7fd873cc3199 [ 30.006882][ T396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.026493][ T396] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.034926][ T396] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 30.042912][ T396] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 30.050886][ T396] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [pid 396] close_range(3, 4294967295, 0) = 0 [pid 396] close(3) = -1 EBADF (Bad file descriptor) [pid 396] close(4) = -1 EBADF (Bad file descriptor) [pid 396] close(5) = -1 EBADF (Bad file descriptor) [pid 396] close(6) = -1 EBADF (Bad file descriptor) [pid 396] close(7) = -1 EBADF (Bad file descriptor) [pid 396] close(8) = -1 EBADF (Bad file descriptor) [pid 396] close(9) = -1 EBADF (Bad file descriptor) [pid 396] close(10) = -1 EBADF (Bad file descriptor) [pid 396] close(11) = -1 EBADF (Bad file descriptor) [pid 396] close(12) = -1 EBADF (Bad file descriptor) [pid 396] close(13) = -1 EBADF (Bad file descriptor) [pid 396] close(14) = -1 EBADF (Bad file descriptor) [pid 396] close(15) = -1 EBADF (Bad file descriptor) [pid 396] close(16) = -1 EBADF (Bad file descriptor) [pid 396] close(17) = -1 EBADF (Bad file descriptor) [pid 396] close(18) = -1 EBADF (Bad file descriptor) [pid 396] close(19) = -1 EBADF (Bad file descriptor) [pid 396] close(20) = -1 EBADF (Bad file descriptor) [pid 396] close(21) = -1 EBADF (Bad file descriptor) [pid 396] close(22) = -1 EBADF (Bad file descriptor) [pid 396] close(23) = -1 EBADF (Bad file descriptor) [pid 396] close(24) = -1 EBADF (Bad file descriptor) [pid 396] close(25) = -1 EBADF (Bad file descriptor) [pid 396] close(26) = -1 EBADF (Bad file descriptor) [pid 396] close(27) = -1 EBADF (Bad file descriptor) [pid 396] close(28) = -1 EBADF (Bad file descriptor) [pid 396] close(29) = -1 EBADF (Bad file descriptor) [pid 396] exit_group(0) = ? [pid 396] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./14/binderfs") = 0 [pid 381] umount2("./14/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./14/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./14/cgroup") = 0 [pid 381] umount2("./14/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./14/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./14/cgroup.net") = 0 [pid 381] umount2("./14/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./14/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./14/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./14") = 0 [pid 381] mkdir("./15", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 17 ./strace-static-x86_64: Process 397 attached [pid 397] chdir("./15") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 397] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 397] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 397] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 397] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 397] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 397] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 397] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 397] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 397] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 397] write(10, "1", 1) = 1 [ 30.058852][ T396] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 30.066804][ T396] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000e [ 30.074776][ T396] ---[ end trace 246292e9e8cb5741 ]--- [ 30.097685][ T397] FAULT_INJECTION: forcing a failure. [ 30.097685][ T397] name failslab, interval 1, probability 0, space 0, times 0 [ 30.110299][ T397] CPU: 1 PID: 397 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 30.121893][ T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.131927][ T397] Call Trace: [ 30.135200][ T397] dump_stack_lvl+0x1e2/0x24b [ 30.139851][ T397] ? panic+0x7d7/0x7d7 [ 30.143907][ T397] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.149348][ T397] dump_stack+0x15/0x17 [ 30.153488][ T397] should_fail+0x3c0/0x510 [ 30.157885][ T397] ? bpf_prog_array_alloc+0x40/0x60 [ 30.163073][ T397] __should_failslab+0x9f/0xe0 [ 30.167816][ T397] should_failslab+0x9/0x20 [ 30.172310][ T397] __kmalloc+0x60/0x360 [ 30.176461][ T397] bpf_prog_array_alloc+0x40/0x60 [ 30.181463][ T397] compute_effective_progs+0x2de/0x6e0 [ 30.187333][ T397] update_effective_progs+0x79/0x320 [ 30.192594][ T397] __cgroup_bpf_detach+0x312/0x570 [ 30.197681][ T397] bpf_cgroup_link_release+0x94/0x260 [ 30.203031][ T397] bpf_link_put+0x1e9/0x270 [ 30.207509][ T397] bpf_link_release+0x3b/0x40 [ 30.212163][ T397] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.217785][ T397] __fput+0x348/0x7c0 [ 30.221752][ T397] ____fput+0x15/0x20 [ 30.225713][ T397] task_work_run+0x147/0x1b0 [ 30.230283][ T397] ptrace_notify+0x29a/0x340 [ 30.234852][ T397] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.240027][ T397] ? do_notify_parent+0xa60/0xa60 [ 30.245030][ T397] ? __close_fd+0x290/0x290 [ 30.249510][ T397] ? __ia32_sys_open+0x270/0x270 [ 30.254425][ T397] syscall_exit_work+0x7c/0x130 [ 30.259255][ T397] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.264691][ T397] do_syscall_64+0x40/0x70 [ 30.269081][ T397] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 30.274945][ T397] RIP: 0033:0x7fd873cc3199 [ 30.279339][ T397] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.298920][ T397] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.307330][ T397] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 30.315278][ T397] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 30.323237][ T397] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 30.331190][ T397] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 30.339143][ T397] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000f [ 30.347429][ T397] ------------[ cut here ]------------ [ 30.353099][ T397] WARNING: CPU: 0 PID: 397 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 30.363087][ T397] Modules linked in: [ 30.366972][ T397] CPU: 0 PID: 397 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 30.378609][ T397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.388692][ T397] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 30.394910][ T397] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 30.414544][ T397] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 30.421129][ T397] RAX: ffffffff8187d597 RBX: ffff88810a646050 RCX: ffff8881067ebb40 [ 30.429100][ T397] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 30.437141][ T397] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 30.445111][ T397] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 30.453078][ T397] R13: 1ffff110214c8c0a R14: 00000000fffffff4 R15: ffff888104ffa000 [ 30.461060][ T397] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.469994][ T397] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.476559][ T397] CR2: 0000555555b1f5d0 CR3: 000000010a390000 CR4: 00000000003506b0 [ 30.484539][ T397] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.492509][ T397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.500646][ T397] Call Trace: [ 30.503921][ T397] bpf_link_put+0x1e9/0x270 [ 30.508423][ T397] bpf_link_release+0x3b/0x40 [ 30.513088][ T397] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.518731][ T397] __fput+0x348/0x7c0 [ 30.522702][ T397] ____fput+0x15/0x20 [ 30.526654][ T397] task_work_run+0x147/0x1b0 [ 30.531257][ T397] ptrace_notify+0x29a/0x340 [ 30.535833][ T397] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.541030][ T397] ? do_notify_parent+0xa60/0xa60 [ 30.546047][ T397] ? __close_fd+0x290/0x290 [ 30.550559][ T397] ? __ia32_sys_open+0x270/0x270 [ 30.555489][ T397] syscall_exit_work+0x7c/0x130 [ 30.560343][ T397] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.565786][ T397] do_syscall_64+0x40/0x70 [ 30.570200][ T397] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 30.576077][ T397] RIP: 0033:0x7fd873cc3199 [ 30.580491][ T397] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.600101][ T397] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [pid 397] close_range(3, 4294967295, 0) = 0 [pid 397] close(3) = -1 EBADF (Bad file descriptor) [pid 397] close(4) = -1 EBADF (Bad file descriptor) [pid 397] close(5) = -1 EBADF (Bad file descriptor) [pid 397] close(6) = -1 EBADF (Bad file descriptor) [pid 397] close(7) = -1 EBADF (Bad file descriptor) [pid 397] close(8) = -1 EBADF (Bad file descriptor) [pid 397] close(9) = -1 EBADF (Bad file descriptor) [pid 397] close(10) = -1 EBADF (Bad file descriptor) [pid 397] close(11) = -1 EBADF (Bad file descriptor) [pid 397] close(12) = -1 EBADF (Bad file descriptor) [pid 397] close(13) = -1 EBADF (Bad file descriptor) [pid 397] close(14) = -1 EBADF (Bad file descriptor) [pid 397] close(15) = -1 EBADF (Bad file descriptor) [pid 397] close(16) = -1 EBADF (Bad file descriptor) [pid 397] close(17) = -1 EBADF (Bad file descriptor) [pid 397] close(18) = -1 EBADF (Bad file descriptor) [pid 397] close(19) = -1 EBADF (Bad file descriptor) [pid 397] close(20) = -1 EBADF (Bad file descriptor) [pid 397] close(21) = -1 EBADF (Bad file descriptor) [pid 397] close(22) = -1 EBADF (Bad file descriptor) [pid 397] close(23) = -1 EBADF (Bad file descriptor) [pid 397] close(24) = -1 EBADF (Bad file descriptor) [pid 397] close(25) = -1 EBADF (Bad file descriptor) [pid 397] close(26) = -1 EBADF (Bad file descriptor) [pid 397] close(27) = -1 EBADF (Bad file descriptor) [pid 397] close(28) = -1 EBADF (Bad file descriptor) [pid 397] close(29) = -1 EBADF (Bad file descriptor) [pid 397] exit_group(0) = ? [pid 397] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./15/binderfs") = 0 [pid 381] umount2("./15/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./15/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./15/cgroup") = 0 [pid 381] umount2("./15/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./15/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./15/cgroup.net") = 0 [pid 381] umount2("./15/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./15/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./15/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./15") = 0 [pid 381] mkdir("./16", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 398 attached , child_tidptr=0x555555b1f5d0) = 18 [pid 398] chdir("./16") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 398] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 398] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 398] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 398] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 398] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 398] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 398] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 398] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 398] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 398] write(10, "1", 1) = 1 [ 30.608521][ T397] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 30.616483][ T397] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 30.624457][ T397] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 30.632433][ T397] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 30.640408][ T397] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 000000000000000f [ 30.648374][ T397] ---[ end trace 246292e9e8cb5742 ]--- [ 30.673656][ T398] FAULT_INJECTION: forcing a failure. [ 30.673656][ T398] name failslab, interval 1, probability 0, space 0, times 0 [ 30.686491][ T398] CPU: 0 PID: 398 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 30.698098][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.708131][ T398] Call Trace: [ 30.711400][ T398] dump_stack_lvl+0x1e2/0x24b [ 30.716048][ T398] ? panic+0x7d7/0x7d7 [ 30.720089][ T398] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.725520][ T398] dump_stack+0x15/0x17 [ 30.729649][ T398] should_fail+0x3c0/0x510 [ 30.734036][ T398] ? bpf_prog_array_alloc+0x40/0x60 [ 30.739205][ T398] __should_failslab+0x9f/0xe0 [ 30.743954][ T398] should_failslab+0x9/0x20 [ 30.748440][ T398] __kmalloc+0x60/0x360 [ 30.752568][ T398] bpf_prog_array_alloc+0x40/0x60 [ 30.757563][ T398] compute_effective_progs+0x2de/0x6e0 [ 30.762994][ T398] update_effective_progs+0x79/0x320 [ 30.768247][ T398] __cgroup_bpf_detach+0x312/0x570 [ 30.773332][ T398] bpf_cgroup_link_release+0x94/0x260 [ 30.778675][ T398] bpf_link_put+0x1e9/0x270 [ 30.783150][ T398] bpf_link_release+0x3b/0x40 [ 30.787800][ T398] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 30.793403][ T398] __fput+0x348/0x7c0 [ 30.797356][ T398] ____fput+0x15/0x20 [ 30.801307][ T398] task_work_run+0x147/0x1b0 [ 30.805867][ T398] ptrace_notify+0x29a/0x340 [ 30.810426][ T398] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.815593][ T398] ? do_notify_parent+0xa60/0xa60 [ 30.820585][ T398] ? __close_fd+0x290/0x290 [ 30.825059][ T398] ? __ia32_sys_open+0x270/0x270 [ 30.829965][ T398] syscall_exit_work+0x7c/0x130 [ 30.834800][ T398] syscall_exit_to_user_mode+0x6a/0xa0 [ 30.840236][ T398] do_syscall_64+0x40/0x70 [ 30.844621][ T398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 30.850484][ T398] RIP: 0033:0x7fd873cc3199 [ 30.854878][ T398] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.874458][ T398] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 30.882844][ T398] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 30.890787][ T398] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 30.898739][ T398] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 30.906687][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 30.914636][ T398] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000010 [ 30.922954][ T398] ------------[ cut here ]------------ [ 30.928494][ T398] WARNING: CPU: 0 PID: 398 at kernel/bpf/cgroup.c:834 bpf_cgroup_link_release+0x187/0x260 [ 30.938385][ T398] Modules linked in: [ 30.942273][ T398] CPU: 0 PID: 398 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 30.953909][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.964082][ T398] RIP: 0010:bpf_cgroup_link_release+0x187/0x260 [ 30.970325][ T398] Code: eb 18 e8 4c db e4 ff 48 c7 c7 a0 bb 3a 86 e8 a0 51 0a 03 eb 05 e8 39 db e4 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 29 db e4 ff <0f> 0b 43 80 7c 25 00 00 0f 85 21 ff ff ff e9 24 ff ff ff 49 83 c6 [ 30.989933][ T398] RSP: 0018:ffffc90000ad7c78 EFLAGS: 00010293 [ 30.995977][ T398] RAX: ffffffff8187d597 RBX: ffff88810a309e50 RCX: ffff8881067ecf00 [ 31.003954][ T398] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 31.011924][ T398] RBP: ffffc90000ad7ca0 R08: ffffffff8187d4b0 R09: fffffbfff0c85737 [ 31.019895][ T398] R10: fffffbfff0c85737 R11: 1ffffffff0c85736 R12: dffffc0000000000 [ 31.027850][ T398] R13: 1ffff110214613ca R14: 00000000fffffff4 R15: ffff888104ffa000 [ 31.035831][ T398] FS: 0000555555b1f300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.044758][ T398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.051360][ T398] CR2: 00007fd873d35140 CR3: 000000010a0c9000 CR4: 00000000003506b0 [ 31.059399][ T398] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.067441][ T398] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.075604][ T398] Call Trace: [ 31.079034][ T398] bpf_link_put+0x1e9/0x270 [ 31.083586][ T398] bpf_link_release+0x3b/0x40 [ 31.088419][ T398] ? bpf_prog_uncharge_memlock+0xc0/0xc0 [ 31.094102][ T398] __fput+0x348/0x7c0 [ 31.098254][ T398] ____fput+0x15/0x20 [ 31.102295][ T398] task_work_run+0x147/0x1b0 [ 31.106931][ T398] ptrace_notify+0x29a/0x340 [ 31.111573][ T398] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.116768][ T398] ? do_notify_parent+0xa60/0xa60 [ 31.121811][ T398] ? __close_fd+0x290/0x290 [ 31.126303][ T398] ? __ia32_sys_open+0x270/0x270 [ 31.131245][ T398] syscall_exit_work+0x7c/0x130 [ 31.136086][ T398] syscall_exit_to_user_mode+0x6a/0xa0 [ 31.141547][ T398] do_syscall_64+0x40/0x70 [ 31.145952][ T398] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 31.151844][ T398] RIP: 0033:0x7fd873cc3199 [ 31.156253][ T398] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 31.175967][ T398] RSP: 002b:00007ffe7f9af058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 31.184402][ T398] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007fd873cc3199 [ 31.192397][ T398] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000003 [ 31.200513][ T398] RBP: 00007ffe7f9af080 R08: 0000000000000001 R09: 00007ffe7f9af090 [ 31.208488][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 31.216443][ T398] R13: 00007ffe7f9af0a0 R14: 00007ffe7f9af0e0 R15: 0000000000000010 [pid 398] close_range(3, 4294967295, 0) = 0 [pid 398] close(3) = -1 EBADF (Bad file descriptor) [pid 398] close(4) = -1 EBADF (Bad file descriptor) [pid 398] close(5) = -1 EBADF (Bad file descriptor) [pid 398] close(6) = -1 EBADF (Bad file descriptor) [pid 398] close(7) = -1 EBADF (Bad file descriptor) [pid 398] close(8) = -1 EBADF (Bad file descriptor) [pid 398] close(9) = -1 EBADF (Bad file descriptor) [pid 398] close(10) = -1 EBADF (Bad file descriptor) [pid 398] close(11) = -1 EBADF (Bad file descriptor) [pid 398] close(12) = -1 EBADF (Bad file descriptor) [pid 398] close(13) = -1 EBADF (Bad file descriptor) [pid 398] close(14) = -1 EBADF (Bad file descriptor) [pid 398] close(15) = -1 EBADF (Bad file descriptor) [pid 398] close(16) = -1 EBADF (Bad file descriptor) [pid 398] close(17) = -1 EBADF (Bad file descriptor) [pid 398] close(18) = -1 EBADF (Bad file descriptor) [pid 398] close(19) = -1 EBADF (Bad file descriptor) [pid 398] close(20) = -1 EBADF (Bad file descriptor) [pid 398] close(21) = -1 EBADF (Bad file descriptor) [pid 398] close(22) = -1 EBADF (Bad file descriptor) [pid 398] close(23) = -1 EBADF (Bad file descriptor) [pid 398] close(24) = -1 EBADF (Bad file descriptor) [pid 398] close(25) = -1 EBADF (Bad file descriptor) [pid 398] close(26) = -1 EBADF (Bad file descriptor) [pid 398] close(27) = -1 EBADF (Bad file descriptor) [pid 398] close(28) = -1 EBADF (Bad file descriptor) [pid 398] close(29) = -1 EBADF (Bad file descriptor) [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- [pid 381] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 381] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 381] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(3, 0x555555b20620 /* 6 entries */, 32768) = 176 [pid 381] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 381] unlink("./16/binderfs") = 0 [pid 381] umount2("./16/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./16/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 381] unlink("./16/cgroup") = 0 [pid 381] umount2("./16/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./16/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./16/cgroup.net") = 0 [pid 381] umount2("./16/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./16/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 381] unlink("./16/cgroup.cpu") = 0 [pid 381] getdents64(3, 0x555555b20620 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./16") = 0 [pid 381] mkdir("./17", 0777) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1f5d0) = 19 ./strace-static-x86_64: Process 399 attached [pid 399] chdir("./17") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 399] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 399] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] openat(AT_FDCWD, "/dev/uinput", O_RDONLY) = 3 [pid 399] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 4 [pid 399] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 5 [pid 399] bpf(BPF_LINK_CREATE, {link_create={prog_fd=4, target_fd=5, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 6 [pid 399] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_CGROUP_SYSCTL, insn_cnt=3, insns=0x20000240, license="syzkaller", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 7 [pid 399] openat(AT_FDCWD, "./cgroup", O_RDONLY) = 8 [pid 399] bpf(BPF_LINK_CREATE, {link_create={prog_fd=7, target_fd=8, attach_type=BPF_CGROUP_SYSCTL, flags=0}}, 16) = 9 [pid 399] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 10 [pid 399] write(10, "1", 1) = 1 [ 31.224430][ T398] ---[ end trace 246292e9e8cb5743 ]--- [ 31.246234][ T399] FAULT_INJECTION: forcing a failure. [ 31.246234][ T399] name failslab, interval 1, probability 0, space 0, times 0 [ 31.258883][ T399] CPU: 1 PID: 399 Comm: syz-executor833 Tainted: G B W 5.10.112-syzkaller-00287-gde64d941a71a #0 [ 31.270485][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.280510][ T399] Call Trace: [ 31.283775][ T399] dump_stack_lvl+0x1e2/0x24b [ 31.288509][ T399] ? panic+0x7d7/0x7d7 [ 31.292548][ T399] ? bfq_pos_tree_add_move+0x43e/0x43e [ 31.297983][ T399] dump_stack+0x15/0x17 [ 31.302115][ T399] should_fail+0x3c0/0x510 [ 31.306502][ T399] ? bpf_prog_array_alloc+0x40/0x60 [ 31.311669][ T399] __should_failslab+0x9f/0xe0 [ 31.316409][ T399] should_failslab+0x9/0x20 [ 31.320883][ T399] __kmalloc+0x60/0x360