./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1496425677 <...> [ 6.290824][ T30] audit: type=1400 audit(1738219591.506:57): avc: denied { open } for pid=152 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=415 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.506620][ T30] audit: type=1400 audit(1738219591.726:58): avc: denied { use } for pid=181 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.569561][ T30] audit: type=1400 audit(1738219591.786:59): avc: denied { search } for pid=181 comm="ssh-keygen" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.618988][ T30] audit: type=1400 audit(1738219591.836:60): avc: denied { use } for pid=186 comm="sshd" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 12.839720][ T30] audit: type=1400 audit(1738219598.056:61): avc: denied { transition } for pid=225 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.847202][ T30] audit: type=1400 audit(1738219598.056:62): avc: denied { noatsecure } for pid=225 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.854139][ T30] audit: type=1400 audit(1738219598.066:63): avc: denied { write } for pid=225 comm="sh" path="pipe:[14755]" dev="pipefs" ino=14755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.859898][ T30] audit: type=1400 audit(1738219598.066:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.867086][ T30] audit: type=1400 audit(1738219598.066:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.559616][ T228] sftp-server (228) used greatest stack depth: 20480 bytes left Warning: Permanently added '10.128.0.35' (ED25519) to the list of known hosts. execve("./syz-executor1496425677", ["./syz-executor1496425677"], 0x7ffd0287ba00 /* 10 vars */) = 0 brk(NULL) = 0x55555688f000 brk(0x55555688fe00) = 0x55555688fe00 arch_prctl(ARCH_SET_FS, 0x55555688f480) = 0 set_tid_address(0x55555688f750) = 294 set_robust_list(0x55555688f760, 24) = 0 rseq(0x55555688fda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1496425677", 4096) = 28 getrandom("\xfe\x4d\x07\x85\x4a\x49\xd3\xac", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555688fe00 brk(0x5555568b0e00) = 0x5555568b0e00 brk(0x5555568b1000) = 0x5555568b1000 mprotect(0x7ff1fcdd1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 295 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55555688f760, 24 [pid 294] write(3, "1", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "100", 3) = 3 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "0", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "0", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "7 4 1 3", 7) = 7 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "0", 1) = 1 [pid 294] close(3) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "295", 3) = 3 [pid 294] close(3) = 0 [pid 294] kill(295, SIGKILL) = 0 [pid 295] <... set_robust_list resumed>) = ? [pid 295] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=295, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7ff1fcd15150, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7ff1fcd15150, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55555688f760, 24) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] <... clone resumed>, child_tidptr=0x55555688f750) = 296 [pid 296] <... openat resumed>) = 3 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 297 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 298 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 299 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 300 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 22.572698][ T30] audit: type=1400 audit(1738219607.796:66): avc: denied { execmem } for pid=294 comm="syz-executor149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.592064][ T30] audit: type=1400 audit(1738219607.796:67): avc: denied { integrity } for pid=294 comm="syz-executor149" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55555688f760, 24 [pid 298] set_robust_list(0x55555688f760, 24 [pid 297] set_robust_list(0x55555688f760, 24./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55555688f760, 24) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x55555688f760, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccea000 [pid 303] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} => {parent_tid=[304]}, 88) = 304 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 298] close(3 [pid 297] close(3 [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x55555688f750) = 306 [pid 299] <... clone resumed>, child_tidptr=0x55555688f750) = 305 [pid 297] <... clone resumed>, child_tidptr=0x55555688f750) = 307 ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached [pid 306] set_robust_list(0x55555688f760, 24 [ 22.617814][ T30] audit: type=1400 audit(1738219607.836:68): avc: denied { read write } for pid=296 comm="syz-executor149" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.642142][ T30] audit: type=1400 audit(1738219607.836:69): avc: denied { open } for pid=296 comm="syz-executor149" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 305] set_robust_list(0x55555688f760, 24 [pid 303] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55555688f760, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] write(1, "executing program\n", 18executing program ) = 18 [pid 307] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccea000 [pid 307] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} => {parent_tid=[308]}, 88) = 308 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x7ff1fcd0a9a0, 24) = 0 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] memfd_create("syzkaller", 0) = 3 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1f48ea000 [pid 296] <... clone resumed>, child_tidptr=0x55555688f750) = 309 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 308 attached [pid 306] <... prctl resumed>) = 0 [pid 305] <... prctl resumed>) = 0 [pid 306] setpgid(0, 0 [pid 305] setpgid(0, 0 [pid 308] set_robust_list(0x7ff1fcd0a9a0, 24 [pid 305] <... setpgid resumed>) = 0 [pid 306] <... setpgid resumed>) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] <... openat resumed>) = 3 [pid 306] <... openat resumed>) = 3 [pid 308] memfd_create("syzkaller", 0 [pid 306] write(3, "1000", 4 [pid 305] write(3, "1000", 4 [pid 308] <... memfd_create resumed>) = 3 [pid 306] <... write resumed>) = 4 [pid 305] <... write resumed>) = 4 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 306] close(3 [pid 305] close(3 [pid 308] <... mmap resumed>) = 0x7ff1f48ea000 [pid 306] <... close resumed>) = 0 [pid 305] <... close resumed>) = 0 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x55555688f760, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0executing program executing program [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 306] write(1, "executing program\n", 18 [pid 305] write(1, "executing program\n", 18 [pid 306] <... write resumed>) = 18 [pid 305] <... write resumed>) = 18 [pid 306] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, [pid 305] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, [pid 306] <... rt_sigaction resumed>NULL, 8) = 0 [pid 305] <... rt_sigaction resumed>NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] <... mmap resumed>) = 0x7ff1fccea000 [pid 305] <... mmap resumed>) = 0x7ff1fccea000 [pid 306] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE [pid 305] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE [pid 306] <... mprotect resumed>) = 0 [pid 305] <... mprotect resumed>) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} [pid 309] <... setpgid resumed>) = 0 [pid 306] <... clone3 resumed> => {parent_tid=[310]}, 88) = 310 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 305] <... clone3 resumed> => {parent_tid=[311]}, 88) = 311 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], [pid 306] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 311 attached ./strace-static-x86_64: Process 310 attached [pid 308] <... write resumed>) = 1048576 [pid 311] set_robust_list(0x7ff1fcd0a9a0, 24 [pid 310] set_robust_list(0x7ff1fcd0a9a0, 24 [pid 308] munmap(0x7ff1f48ea000, 138412032 [pid 309] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 [pid 309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccea000 [pid 308] <... munmap resumed>) = 0 [pid 309] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 311] <... set_robust_list resumed>) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 308] <... openat resumed>) = 4 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 311] rt_sigprocmask(SIG_SETMASK, [], [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 304] <... write resumed>) = 1048576 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} => {parent_tid=[312]}, 88) = 312 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 304] munmap(0x7ff1f48ea000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 22.672257][ T30] audit: type=1400 audit(1738219607.836:70): avc: denied { ioctl } for pid=296 comm="syz-executor149" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.712921][ T308] loop1: detected capacity change from 0 to 2048 [pid 304] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 312 attached [pid 311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], [pid 308] <... ioctl resumed>) = 0 [pid 304] <... ioctl resumed>) = 0 [pid 312] set_robust_list(0x7ff1fcd0a9a0, 24 [pid 311] memfd_create("syzkaller", 0 [pid 310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] close(3 [pid 312] <... set_robust_list resumed>) = 0 [pid 311] <... memfd_create resumed>) = 3 [pid 310] memfd_create("syzkaller", 0 [pid 308] <... close resumed>) = 0 [pid 312] rt_sigprocmask(SIG_SETMASK, [], [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 310] <... memfd_create resumed>) = 3 [pid 308] close(4 [pid 312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 311] <... mmap resumed>) = 0x7ff1f48ea000 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 312] memfd_create("syzkaller", 0 [pid 310] <... mmap resumed>) = 0x7ff1f48ea000 [pid 304] close(3) = 0 [pid 304] close(4 [pid 312] <... memfd_create resumed>) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1f48ea000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 312] <... write resumed>) = 1048576 [pid 312] munmap(0x7ff1f48ea000, 138412032) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3 [pid 311] <... write resumed>) = 1048576 [pid 310] <... write resumed>) = 1048576 [pid 310] munmap(0x7ff1f48ea000, 138412032) = 0 [pid 311] munmap(0x7ff1f48ea000, 138412032 [pid 310] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 311] <... munmap resumed>) = 0 [pid 310] <... openat resumed>) = 4 [pid 312] <... ioctl resumed>) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 310] ioctl(4, LOOP_SET_FD, 3 [pid 312] close(3) = 0 [pid 312] close(4 [pid 311] <... openat resumed>) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 311] close(3) = 0 [pid 311] close(4 [pid 308] <... close resumed>) = 0 [pid 308] mkdir("./file0", 0777) = 0 [ 22.717602][ T304] loop4: detected capacity change from 0 to 2048 [ 22.739244][ T312] loop0: detected capacity change from 0 to 2048 [ 22.746279][ T311] loop3: detected capacity change from 0 to 2048 [ 22.746538][ T310] loop2: detected capacity change from 0 to 2048 [pid 308] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 304] <... close resumed>) = 0 [pid 304] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 304] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 310] <... ioctl resumed>) = 0 [pid 310] close(3) = 0 [pid 310] close(4 [pid 312] <... close resumed>) = 0 [pid 312] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 312] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 311] <... close resumed>) = 0 [pid 311] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 22.756217][ T30] audit: type=1400 audit(1738219607.976:71): avc: denied { mounton } for pid=307 comm="syz-executor149" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.794434][ T312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.794512][ T308] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 311] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 312] <... mount resumed>) = 0 [pid 304] <... mount resumed>) = 0 [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file0") = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 312] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 309] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 310] <... close resumed>) = 0 [pid 310] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 22.808909][ T304] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.815382][ T30] audit: type=1400 audit(1738219608.026:72): avc: denied { mount } for pid=309 comm="syz-executor149" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.848957][ T30] audit: type=1400 audit(1738219608.046:73): avc: denied { write } for pid=309 comm="syz-executor149" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 310] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 312] <... openat resumed>) = 4 [pid 308] <... mount resumed>) = 0 [pid 304] <... openat resumed>) = 4 [pid 312] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... mount resumed>) = 0 [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 304] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] <... futex resumed>) = 0 [pid 309] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... openat resumed>) = 3 [pid 304] <... futex resumed>) = 0 [pid 303] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] write(4, "#! ./file0\n", 11 [pid 309] <... futex resumed>) = 0 [pid 308] chdir("./file0" [pid 304] write(4, "#! ./file0\n", 11 [pid 303] <... futex resumed>) = 0 [pid 312] <... write resumed>) = 11 [pid 309] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... chdir resumed>) = 0 [pid 304] <... write resumed>) = 11 [pid 303] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 304] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] <... openat resumed>) = 4 [pid 304] <... futex resumed>) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... mmap resumed>) = 0x7ff1fccc9000 [pid 308] ioctl(4, LOOP_CLR_FD [pid 304] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] <... mmap resumed>) = 0x7ff1fccc9000 [pid 309] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE [pid 308] <... ioctl resumed>) = 0 [pid 303] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE [pid 309] <... mprotect resumed>) = 0 [pid 308] close(4 [pid 303] <... mprotect resumed>) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 308] <... close resumed>) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 308] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} [pid 308] <... futex resumed>) = 1 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} [pid 308] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... clone3 resumed> => {parent_tid=[324]}, 88) = 324 [pid 303] <... clone3 resumed> => {parent_tid=[323]}, 88) = 323 [pid 309] rt_sigprocmask(SIG_SETMASK, [], [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 309] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 309] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./file0") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_CLR_FD) = 0 [pid 311] close(4) = 0 [pid 311] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 311] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccc9000 [pid 305] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} => {parent_tid=[325]}, 88) = 325 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] write(4, "#! ./file0\n", 11) = 11 [pid 311] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 308] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 307] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... openat resumed>) = 4 [pid 308] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 308] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 308] write(4, "#! ./file0\n", 11 [pid 307] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... write resumed>) = 11 [pid 307] <... futex resumed>) = 0 [pid 308] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] <... futex resumed>) = 0 [pid 307] <... mmap resumed>) = 0x7ff1fccc9000 [pid 308] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} => {parent_tid=[326]}, 88) = 326 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7ff1fcce99a0, 24) = 0 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] write(4, "#! ./file0\n", 11) = 11 [pid 323] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 1 [pid 304] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 303] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... mmap resumed>) = 0x20000000 [pid 304] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 304] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 303] <... futex resumed>) = 0 ./strace-static-x86_64: Process 326 attached ./strace-static-x86_64: Process 325 attached ./strace-static-x86_64: Process 324 attached [pid 303] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000608} --- [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000610} --- [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000}) = -1 EBADF (Bad file descriptor) [ 22.850315][ T311] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.871360][ T30] audit: type=1400 audit(1738219608.046:74): avc: denied { add_name } for pid=309 comm="syz-executor149" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.900861][ T304] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 304] ioctl(-1, KVM_GET_SREGS, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 304] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] exit_group(0 [pid 323] <... futex resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 304] <... futex resumed>) = ? [pid 304] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = 0 [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 327 [pid 326] set_robust_list(0x7ff1fcce99a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] write(4, "#! ./file0\n", 11) = 11 [pid 326] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 326] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 308] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 307] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 327 attached [pid 325] set_robust_list(0x7ff1fcce99a0, 24 [pid 324] set_robust_list(0x7ff1fcce99a0, 24 [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] <... mmap resumed>) = 0x20000000 [pid 327] set_robust_list(0x55555688f760, 24 [pid 309] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... set_robust_list resumed>) = 0 [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 1 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 312] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 309] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... prctl resumed>) = 0 [pid 312] <... mmap resumed>) = 0x20000000 [pid 327] setpgid(0, 0 [pid 312] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... setpgid resumed>) = 0 [pid 312] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... openat resumed>) = 3 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 327] write(3, "1000", 4 [pid 325] <... set_robust_list resumed>) = 0 [pid 324] <... set_robust_list resumed>) = 0 [pid 312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 309] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... write resumed>) = 4 [pid 325] rt_sigprocmask(SIG_SETMASK, [], [pid 324] rt_sigprocmask(SIG_SETMASK, [], [pid 312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000608} --- [pid 311] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 1 [pid 327] close(3 [pid 325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000610} --- [pid 311] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 305] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... close resumed>) = 0 [pid 325] write(4, 0x20000000, 11 [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000002} --- [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000} [pid 311] <... mmap resumed>) = 0x20000000 executing program [pid 327] write(1, "executing program\n", 18 [pid 325] <... write resumed>) = 11 [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000003} --- [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... write resumed>) = 18 [pid 325] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000a} --- [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000} [pid 311] <... futex resumed>) = 1 [pid 308] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 327] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 324] write(4, 0x20000000, 11 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 325] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] <... write resumed>) = 11 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000} [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 327] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 307] <... futex resumed>) = 0 [pid 305] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... rt_sigaction resumed>NULL, 8) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000} [pid 307] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000} [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... mmap resumed>) = 0x7ff1fccea000 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000} [pid 327] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... mprotect resumed>) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000} [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [pid 324] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... rt_sigprocmask resumed>[], 8) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000} [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000} [pid 327] <... clone3 resumed> => {parent_tid=[331]}, 88) = 331 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] rt_sigprocmask(SIG_SETMASK, [], [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000} [pid 327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000} [pid 327] <... futex resumed>) = 0 [pid 324] <... futex resumed>) = 0 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 22.903186][ T30] audit: type=1400 audit(1738219608.046:75): avc: denied { create } for pid=309 comm="syz-executor149" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.950111][ T308] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 324] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 331 attached [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000} [pid 308] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 331] set_robust_list(0x7ff1fcd0a9a0, 24 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 308] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000608} --- [pid 331] <... set_robust_list resumed>) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000} [pid 308] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000610} --- [pid 331] rt_sigprocmask(SIG_SETMASK, [], [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000} [pid 331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000} [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] memfd_create("syzkaller", 0 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] <... memfd_create resumed>) = 3 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000} [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000} [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] <... mmap resumed>) = 0x7ff1f48ea000 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000} [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... mount resumed>) = 0 [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000} [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000} [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000} [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 312] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000} [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000} [pid 310] <... openat resumed>) = 3 [pid 312] ioctl(-1, KVM_GET_SREGS [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] <... ioctl resumed>, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000} [pid 312] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 312] <... futex resumed>) = 0 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000} [pid 312] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000} [pid 310] chdir("./file0" [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... chdir resumed>) = 0 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000} [pid 310] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... openat resumed>) = 4 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000} [pid 310] ioctl(4, LOOP_CLR_FD [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... ioctl resumed>) = 0 [pid 310] close(4 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000} [pid 310] <... close resumed>) = 0 [pid 309] exit_group(0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000} [pid 324] <... futex resumed>) = ? [pid 312] <... futex resumed>) = ? [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... exit_group resumed>) = ? [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 324] +++ exited with 0 +++ [pid 310] <... futex resumed>) = 1 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000} [pid 306] <... futex resumed>) = 0 [pid 312] +++ exited with 0 +++ [pid 310] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] <... write resumed>) = 1048576 [pid 331] munmap(0x7ff1f48ea000, 138412032) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 331] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] +++ exited with 0 +++ [pid 306] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... futex resumed>) = 0 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000} [pid 306] <... futex resumed>) = 1 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000} [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 306] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000} [pid 310] <... openat resumed>) = 4 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000} [pid 310] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000} [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 311] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000} [pid 310] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 311] ioctl(-1, KVM_GET_SREGS [pid 310] write(4, "#! ./file0\n", 11 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000} [pid 306] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... ioctl resumed>, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 306] <... futex resumed>) = 0 [pid 310] <... write resumed>) = 11 [pid 311] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 311] <... futex resumed>) = 1 [pid 310] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000} [pid 306] <... mmap resumed>) = 0x7ff1fccc9000 [pid 305] <... futex resumed>) = 0 [pid 311] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] <... futex resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 306] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE [pid 310] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] exit_group(0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000} [pid 306] <... mprotect resumed>) = 0 [pid 325] <... futex resumed>) = ? [pid 311] <... futex resumed>) = ? [pid 305] <... exit_group resumed>) = ? [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 325] +++ exited with 0 +++ [pid 331] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 331] close(4) = 0 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 331] close(3 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} [pid 331] <... close resumed>) = 0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000} [pid 331] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] <... clone3 resumed> => {parent_tid=[334]}, 88) = 334 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.979548][ T310] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.013474][ T311] ------------[ cut here ]------------ [ 23.020525][ T311] kernel BUG at fs/ext4/inode.c:2746! [ 23.025933][ T311] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.031830][ T311] CPU: 0 PID: 311 Comm: syz-executor149 Not tainted 5.15.176-syzkaller-00066-gd1a25a6a4b3b #0 [ 23.041901][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 23.042184][ T310] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, [ 23.051792][ T311] RIP: 0010:ext4_writepages+0x3fe6/0x4000 executing program [pid 327] <... futex resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = 0 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x55555688f760, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccea000 [pid 335] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} => {parent_tid=[336]}, 88) = 336 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7ff1fcce99a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] write(4, "#! ./file0\n", 11) = 11 [pid 334] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x7ff1fcd0a9a0, 24) = 0 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] memfd_create("syzkaller", 0) = 3 [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1f48ea000 [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 336] munmap(0x7ff1f48ea000, 138412032) = 0 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 336] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 310] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 306] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... mmap resumed>) = 0x20000000 [pid 310] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 327] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000} [pid 306] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 306] <... futex resumed>) = 0 [pid 331] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 327] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000} [pid 306] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 331] <... openat resumed>) = 3 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000} [pid 331] <... futex resumed>) = 1 [pid 327] <... futex resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] write(3, "#! ./file0\n", 11 [pid 327] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000} [pid 331] <... write resumed>) = 11 [pid 327] <... futex resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000} [pid 331] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 331] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000} [pid 327] <... mmap resumed>) = 0x7ff1fccc9000 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000} [pid 327] <... mprotect resumed>) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000} [pid 327] <... rt_sigprocmask resumed>[], 8) = 0 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 327] <... clone3 resumed> => {parent_tid=[337]}, 88) = 337 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000} [pid 327] rt_sigprocmask(SIG_SETMASK, [], [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000} [pid 327] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 327] <... futex resumed>) = 0 [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000} [pid 327] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 308] ioctl(-1, KVM_GET_SREGS, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 308] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 336] close(4) = 0 [pid 336] close(3) = 0 [pid 336] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 336] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 336] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccc9000 [pid 335] mprotect(0x7ff1fccca000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcce9990, parent_tid=0x7ff1fcce9990, exit_signal=0, stack=0x7ff1fccc9000, stack_size=0x20240, tls=0x7ff1fcce96c0} => {parent_tid=[338]}, 88) = 338 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7ff1fcdd7618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7ff1fcdd761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 336] write(3, "#! ./file0\n", 11) = 11 [pid 336] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7ff1fcce99a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 23.051841][ T311] Code: 89 de e8 cd 48 87 ff 45 84 f6 75 2c e8 33 46 87 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e4 c5 ff ff e8 1a 46 87 ff <0f> 0b e8 13 46 87 ff e8 ea 61 17 ff eb 9b e8 07 46 87 ff e8 de 61 [ 23.051857][ T311] RSP: 0018:ffffc90000ae7160 EFLAGS: 00010293 [ 23.059860][ T310] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.065496][ T311] RAX: ffffffff81e925e6 RBX: 0000008000000000 RCX: ffff88810cdc62c0 [ 23.065513][ T311] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 23.065525][ T311] RBP: ffffc90000ae7570 R08: ffffffff81e91d56 R09: ffffed10222ae2f7 [pid 338] write(3, "#! ./file0\n", 11) = 11 [pid 338] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 336] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 336] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [ 23.065540][ T311] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000ae77a0 [ 23.130772][ T311] R13: 0000000000000000 R14: 000000d410000000 R15: 0000000000000001 [ 23.138582][ T311] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.147344][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.153774][ T311] CR2: 00007f509438f8bc CR3: 0000000120dc6000 CR4: 00000000003506b0 [ 23.161591][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.169389][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.177197][ T311] Call Trace: [ 23.180427][ T311] [ 23.183189][ T311] ? __die_body+0x62/0xb0 [ 23.187370][ T311] ? die+0x88/0xb0 [ 23.190912][ T311] ? do_trap+0x103/0x330 [ 23.194999][ T311] ? ext4_writepages+0x3fe6/0x4000 [ 23.199941][ T311] ? handle_invalid_op+0x95/0xc0 [ 23.204717][ T311] ? ext4_writepages+0x3fe6/0x4000 [ 23.209661][ T311] ? exc_invalid_op+0x32/0x50 [ 23.214171][ T311] ? asm_exc_invalid_op+0x1b/0x20 [ 23.219033][ T311] ? ext4_writepages+0x3756/0x4000 [ 23.223980][ T311] ? ext4_writepages+0x3fe6/0x4000 [ 23.228928][ T311] ? ext4_writepages+0x3fe6/0x4000 [ 23.233878][ T311] ? is_bpf_text_address+0x172/0x190 [ 23.238994][ T311] ? unwind_get_return_address+0x4d/0x90 [ 23.244462][ T311] ? arch_stack_walk+0xf3/0x140 [ 23.249154][ T311] ? ext4_readpage+0x230/0x230 [ 23.253755][ T311] ? __kasan_check_write+0x14/0x20 [ 23.258697][ T311] ? ext4_readpage+0x230/0x230 [ 23.263298][ T311] do_writepages+0x40e/0x670 [ 23.267730][ T311] ? __writepage+0x130/0x130 [ 23.272149][ T311] ? __stack_depot_save+0x34/0x470 [ 23.277096][ T311] ? kasan_set_free_info+0x23/0x40 [ 23.282045][ T311] ? kmem_cache_free+0x115/0x330 [ 23.286827][ T311] ? _raw_spin_unlock+0x4d/0x70 [ 23.291503][ T311] filemap_fdatawrite_wbc+0x248/0x2a0 [ 23.296711][ T311] filemap_flush+0x10c/0x150 [ 23.301145][ T311] ? filemap_fdatawrite_range+0x1b0/0x1b0 [ 23.306696][ T311] ext4_alloc_da_blocks+0x77/0x1a0 [ 23.311642][ T311] ext4_release_file+0x84/0x310 [ 23.316498][ T311] ? ext4_file_open+0x700/0x700 [ 23.321187][ T311] __fput+0x228/0x8c0 [ 23.325009][ T311] ____fput+0x15/0x20 [ 23.328831][ T311] task_work_run+0x129/0x190 [ 23.333251][ T311] do_exit+0xc48/0x2ca0 [ 23.337248][ T311] ? put_task_struct+0x80/0x80 [ 23.341842][ T311] ? update_curr+0x31a/0x5d0 [ 23.346271][ T311] ? __kasan_check_write+0x14/0x20 [ 23.351216][ T311] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.356238][ T311] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.361548][ T311] do_group_exit+0x141/0x310 [ 23.365973][ T311] get_signal+0x7a3/0x1630 [ 23.370226][ T311] arch_do_signal_or_restart+0xbd/0x1680 [ 23.375691][ T311] ? __kasan_check_write+0x14/0x20 [ 23.380637][ T311] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.385583][ T311] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.391150][ T311] ? _raw_spin_unlock_irq+0x4e/0x70 [ 23.396175][ T311] ? __kasan_check_write+0x14/0x20 [ 23.401210][ T311] ? ptrace_stop+0x6ff/0xa90 [ 23.405635][ T311] ? get_sigframe_size+0x10/0x10 [ 23.410413][ T311] exit_to_user_mode_loop+0xa0/0xe0 [ 23.415444][ T311] exit_to_user_mode_prepare+0x5a/0xa0 [ 23.420736][ T311] syscall_exit_to_user_mode+0x26/0x160 [ 23.426118][ T311] do_syscall_64+0x47/0xb0 [ 23.430368][ T311] ? clear_bhb_loop+0x35/0x90 [ 23.434883][ T311] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 23.440611][ T311] RIP: 0033:0x7ff1fcd4fa79 [ 23.444865][ T311] Code: Unable to access opcode bytes at RIP 0x7ff1fcd4fa4f. [ 23.452069][ T311] RSP: 002b:00007ff1fcd0a178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 23.460324][ T311] RAX: fffffffffffffe00 RBX: 00007ff1fcdd7608 RCX: 00007ff1fcd4fa79 [ 23.468219][ T311] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff1fcdd7608 [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 336] ioctl(-1, KVM_GET_SREGS, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 336] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 336] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] exit_group(0 [pid 336] <... futex resumed>) = ? [pid 335] <... exit_group resumed>) = ? [pid 336] +++ exited with 0 +++ [pid 338] <... futex resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 335] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000608} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000610} --- [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000}) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 337 attached [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000}) = -1 EBADF (Bad file descriptor) [pid 337] set_robust_list(0x7ff1fcce99a0, 24 [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000} [pid 337] <... set_robust_list resumed>) = 0 [pid 310] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 337] rt_sigprocmask(SIG_SETMASK, [], [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000} [pid 337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 310] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 337] write(3, "#! ./file0\n", 11 [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000} [pid 337] <... write resumed>) = 11 [pid 310] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000} [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 337] futex(0x7ff1fcdd761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] <... restart_syscall resumed>) = 0 [pid 327] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 331] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 327] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 331] <... mmap resumed>) = 0x20000000 [pid 331] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] exit_group(0 [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 326] <... futex resumed>) = ? [pid 308] <... futex resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 296] <... openat resumed>) = 3 [pid 326] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 310] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 337] futex(0x7ff1fcdd7618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 310] ioctl(-1, KVM_GET_SREGS, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 310] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 1 [pid 296] ioctl(3, LOOP_CLR_FD [pid 331] <... futex resumed>) = 0 [pid 306] exit_group(0 [pid 334] <... futex resumed>) = ? [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=4096, userspace_addr=0x20000000} [pid 310] <... futex resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 331] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 310] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=1, flags=0, guest_phys_addr=0x1000, memory_size=4096, userspace_addr=0x20001000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=2, flags=0, guest_phys_addr=0x2000, memory_size=4096, userspace_addr=0x20002000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=3, flags=0, guest_phys_addr=0x3000, memory_size=4096, userspace_addr=0x20003000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=4, flags=0, guest_phys_addr=0x4000, memory_size=4096, userspace_addr=0x20004000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=5, flags=0, guest_phys_addr=0x5000, memory_size=4096, userspace_addr=0x20005000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=6, flags=0, guest_phys_addr=0x6000, memory_size=4096, userspace_addr=0x20006000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=7, flags=0, guest_phys_addr=0x7000, memory_size=4096, userspace_addr=0x20007000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=8, flags=0, guest_phys_addr=0x8000, memory_size=4096, userspace_addr=0x20008000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=9, flags=0, guest_phys_addr=0x9000, memory_size=4096, userspace_addr=0x20009000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=10, flags=0, guest_phys_addr=0xfec00000, memory_size=4096, userspace_addr=0x2000a000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=11, flags=0, guest_phys_addr=0xb000, memory_size=4096, userspace_addr=0x2000b000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=12, flags=0, guest_phys_addr=0xc000, memory_size=4096, userspace_addr=0x2000c000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=13, flags=0, guest_phys_addr=0xd000, memory_size=4096, userspace_addr=0x2000d000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=14, flags=0, guest_phys_addr=0xe000, memory_size=4096, userspace_addr=0x2000e000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=15, flags=0, guest_phys_addr=0xf000, memory_size=4096, userspace_addr=0x2000f000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=16, flags=0, guest_phys_addr=0x10000, memory_size=4096, userspace_addr=0x20010000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=17, flags=0, guest_phys_addr=0x11000, memory_size=4096, userspace_addr=0x20011000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=18, flags=0, guest_phys_addr=0x12000, memory_size=4096, userspace_addr=0x20012000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=19, flags=0, guest_phys_addr=0x13000, memory_size=4096, userspace_addr=0x20013000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=20, flags=0, guest_phys_addr=0x14000, memory_size=4096, userspace_addr=0x20014000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=21, flags=0, guest_phys_addr=0x15000, memory_size=4096, userspace_addr=0x20015000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=22, flags=0, guest_phys_addr=0x16000, memory_size=4096, userspace_addr=0x20016000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=23, flags=0, guest_phys_addr=0x17000, memory_size=4096, userspace_addr=0x20017000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_SET_USER_MEMORY_REGION, {slot=65537, flags=0, guest_phys_addr=0x30000, memory_size=65536, userspace_addr=0x20000000}) = -1 EBADF (Bad file descriptor) [pid 331] ioctl(-1, KVM_GET_SREGS, 0x7ff1fcd08be0) = -1 EBADF (Bad file descriptor) [pid 331] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.476023][ T311] RBP: 00007ff1fcdd7600 R08: 00007ff1fcd0a6c0 R09: 00007ff1fcd0a6c0 [ 23.483830][ T311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1fcdd760c [ 23.491666][ T311] R13: 0000000000000006 R14: 00007fff06421f30 R15: 00007fff06422018 [ 23.499470][ T311] [ 23.502329][ T311] Modules linked in: [ 23.510081][ T311] ---[ end trace 1533667e7f375dac ]--- [ 23.511204][ T307] ------------[ cut here ]------------ [ 23.517590][ T311] RIP: 0010:ext4_writepages+0x3fe6/0x4000 [ 23.522127][ T307] kernel BUG at fs/ext4/inode.c:2746! [ 23.531641][ T311] Code: 89 de e8 cd 48 87 ff 45 84 f6 75 2c e8 33 46 87 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e4 c5 ff ff e8 1a 46 87 ff <0f> 0b e8 13 46 87 ff e8 ea 61 17 ff eb 9b e8 07 46 87 ff e8 de 61 [ 23.532382][ T307] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 23.551656][ T311] RSP: 0018:ffffc90000ae7160 EFLAGS: 00010293 [ 23.556983][ T307] CPU: 0 PID: 307 Comm: syz-executor149 Tainted: G D 5.15.176-syzkaller-00066-gd1a25a6a4b3b #0 [ 23.563186][ T311] RAX: ffffffff81e925e6 RBX: 0000008000000000 RCX: ffff88810cdc62c0 [pid 331] futex(0x7ff1fcdd7608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] futex(0x7ff1fcdd760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] <... ioctl resumed>) = 0 [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] exit_group(0 [pid 337] <... futex resumed>) = ? [pid 331] <... futex resumed>) = ? [pid 327] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 331] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=36} --- [ 23.574426][ T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 23.574440][ T307] RIP: 0010:ext4_writepages+0x3fe6/0x4000 [ 23.574470][ T307] Code: 89 de e8 cd 48 87 ff 45 84 f6 75 2c e8 33 46 87 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e4 c5 ff ff e8 1a 46 87 ff <0f> 0b e8 13 46 87 ff e8 ea 61 17 ff eb 9b e8 07 46 87 ff e8 de 61 [ 23.582585][ T311] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 23.592131][ T307] RSP: 0018:ffffc90000ab74a0 EFLAGS: 00010293 [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = 0 [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 339 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = 0 [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555688f750) = 340 [ 23.592152][ T307] RAX: ffffffff81e925e6 RBX: 0000008000000000 RCX: ffff88810b4893c0 [ 23.592167][ T307] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 23.598048][ T311] RBP: ffffc90000ae7570 R08: ffffffff81e91d56 R09: ffffed10222ae2f7 [ 23.617133][ T307] RBP: ffffc90000ab78b0 R08: ffffffff81e91d56 R09: ffffed10222ae2f7 [ 23.617152][ T307] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000ab7ae0 [ 23.617166][ T307] R13: 0000000000000000 R14: 000000d410000000 R15: 0000000000000001 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x55555688f760, 24) = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] write(1, "executing program\n", 18executing program ) = 18 [pid 340] futex(0x7ff1fcdd760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7ff1fcd75740, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff1fcd1ee00}, NULL, 8) = 0 [pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff1fccea000 [pid 340] mprotect(0x7ff1fcceb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff1fcd0a990, parent_tid=0x7ff1fcd0a990, exit_signal=0, stack=0x7ff1fccea000, stack_size=0x20240, tls=0x7ff1fcd0a6c0} => {parent_tid=[341]}, 88) = 341 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7ff1fcdd7608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.617177][ T307] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.617194][ T307] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.617208][ T307] CR2: 00007ff1fcda2818 CR3: 00000001206f8000 CR4: 00000000003506b0 [ 23.627678][ T311] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000ae77a0 [ 23.630842][ T307] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.630857][ T307] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.630869][ T307] Call Trace: [ 23.630875][ T307] [ 23.630882][ T307] ? __die_body+0x62/0xb0 [ 23.649279][ T311] R13: 0000000000000000 R14: 000000d410000000 R15: 0000000000000001 [ 23.654623][ T307] ? die+0x88/0xb0 [ 23.654650][ T307] ? do_trap+0x103/0x330 [ 23.654669][ T307] ? ext4_writepages+0x3fe6/0x4000 [ 23.654693][ T307] ? handle_invalid_op+0x95/0xc0 [ 23.663313][ T311] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.670247][ T307] ? ext4_writepages+0x3fe6/0x4000 [ 23.688641][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.693245][ T307] ? exc_invalid_op+0x32/0x50 [ 23.693273][ T307] ? asm_exc_invalid_op+0x1b/0x20 [ 23.693293][ T307] ? ext4_writepages+0x3756/0x4000 [ 23.707737][ T311] CR2: 00007fff06422114 CR3: 0000000120cab000 CR4: 00000000003506a0 [ 23.708865][ T307] ? ext4_writepages+0x3fe6/0x4000 [ 23.708897][ T307] ? ext4_writepages+0x3fe6/0x4000 [ 23.708921][ T307] ? is_bpf_text_address+0x172/0x190 [ 23.717442][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.724491][ T307] ? unwind_get_return_address+0x4d/0x90 [ 23.724521][ T307] ? arch_stack_walk+0xf3/0x140 [ 23.724548][ T307] ? ext4_readpage+0x230/0x230 [ 23.728300][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.730394][ T307] ? unwind_get_return_address+0x4d/0x90 [ 23.734790][ T311] Kernel panic - not syncing: Fatal exception [ 23.742370][ T307] ? ext4_readpage+0x230/0x230 [ 23.863359][ T307] do_writepages+0x40e/0x670 [ 23.867779][ T307] ? __writepage+0x130/0x130 [ 23.872215][ T307] ? __stack_depot_save+0x34/0x470 [ 23.877172][ T307] ? kasan_set_free_info+0x23/0x40 [ 23.882194][ T307] ? kmem_cache_free+0x115/0x330 [ 23.886970][ T307] ? _raw_spin_unlock+0x4d/0x70 [ 23.891652][ T307] filemap_fdatawrite_wbc+0x248/0x2a0 [ 23.896951][ T307] filemap_flush+0x10c/0x150 [ 23.901378][ T307] ? filemap_fdatawrite_range+0x1b0/0x1b0 [ 23.906936][ T307] ext4_alloc_da_blocks+0x77/0x1a0 [ 23.911878][ T307] ext4_release_file+0x84/0x310 [ 23.916558][ T307] ? ext4_file_open+0x700/0x700 [ 23.921243][ T307] __fput+0x228/0x8c0 [ 23.925064][ T307] ____fput+0x15/0x20 [ 23.928882][ T307] task_work_run+0x129/0x190 [ 23.933308][ T307] do_exit+0xc48/0x2ca0 [ 23.937302][ T307] ? put_task_struct+0x80/0x80 [ 23.941900][ T307] ? asm_sysvec_call_function_single+0x1b/0x20 [ 23.947887][ T307] ? zap_other_threads+0x17e/0x270 [ 23.952841][ T307] ? _raw_spin_unlock_irq+0x49/0x70 [ 23.957870][ T307] do_group_exit+0x141/0x310 [ 23.962298][ T307] __x64_sys_exit_group+0x3f/0x40 [ 23.967156][ T307] x64_sys_call+0x610/0x9a0 [ 23.971495][ T307] do_syscall_64+0x3b/0xb0 [ 23.975778][ T307] ? clear_bhb_loop+0x35/0x90 [ 23.980285][ T307] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 23.986004][ T307] RIP: 0033:0x7ff1fcd4d9f9 [ 23.990242][ T307] Code: Unable to access opcode bytes at RIP 0x7ff1fcd4d9cf. [ 23.997447][ T307] RSP: 002b:00007fff06422098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 24.005690][ T307] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1fcd4d9f9 [ 24.013502][ T307] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 24.021688][ T307] RBP: 00007ff1fcdd72d0 R08: ffffffffffffffb0 R09: 00007fff064810b0 [ 24.029503][ T307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1fcdd72d0 [ 24.037291][ T307] R13: 0000000000000000 R14: 00007ff1fcdd8140 R15: 00007ff1fcd17f00 [ 24.045109][ T307] [ 24.047968][ T307] Modules linked in: [ 24.051967][ T311] Kernel Offset: disabled [ 24.056100][ T311] Rebooting in 86400 seconds..