./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3949330807 <...> Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts. execve("./syz-executor3949330807", ["./syz-executor3949330807"], 0x7ffe54560780 /* 10 vars */) = 0 brk(NULL) = 0x55555631e000 brk(0x55555631ed40) = 0x55555631ed40 arch_prctl(ARCH_SET_FS, 0x55555631e3c0) = 0 set_tid_address(0x55555631e690) = 295 set_robust_list(0x55555631e6a0, 24) = 0 rseq(0x55555631ece0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3949330807", 4096) = 28 getrandom("\x73\x74\x08\x54\xaf\xac\xab\xb3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555631ed40 brk(0x55555633fd40) = 0x55555633fd40 brk(0x555556340000) = 0x555556340000 mprotect(0x7fde4333f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLYexecuting program ) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 300 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x55555631e6a0, 24) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 301 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55555631e6a0, 24) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631e690) = 302 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55555631e6a0, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7fde432ebc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde432ddaa0}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4325b000 [pid 301] mprotect(0x7fde4325c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4327b990, parent_tid=0x7fde4327b990, exit_signal=0, stack=0x7fde4325b000, stack_size=0x20300, tls=0x7fde4327b6c0} => {parent_tid=[303]}, 88) = 303 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fde433456a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fde433456ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7fde4327b9a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 303] write(3, "6", 1) = 1 [ 22.162215][ T28] audit: type=1400 audit(1725288746.844:66): avc: denied { execmem } for pid=295 comm="syz-executor394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.173639][ T303] FAULT_INJECTION: forcing a failure. [ 22.173639][ T303] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 22.178631][ T28] audit: type=1400 audit(1725288746.844:67): avc: denied { read write } for pid=297 comm="syz-executor394" name="loop1" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.182443][ T303] CPU: 0 PID: 303 Comm: syz-executor394 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 22.199292][ T28] audit: type=1400 audit(1725288746.844:68): avc: denied { open } for pid=297 comm="syz-executor394" path="/dev/loop1" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.205804][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [pid 303] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE|1< [pid 302] set_robust_list(0x55555631e6a0, 24 [pid 300] set_robust_list(0x55555631e6a0, 24 [pid 299] set_robust_list(0x55555631e6a0, 24 [pid 298] set_robust_list(0x55555631e6a0, 24 [pid 302] <... set_robust_list resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 302] <... prctl resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 302] setpgid(0, 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 302] <... setpgid resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] close(3 [pid 299] close(3 [pid 298] close(3 [pid 302] <... openat resumed>) = 3 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 302] write(3, "1000", 4 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... write resumed>) = 4 [pid 302] close(3 [pid 300] <... clone resumed>, child_tidptr=0x55555631e690) = 308 [pid 299] <... clone resumed>, child_tidptr=0x55555631e690) = 307 [pid 298] <... clone resumed>, child_tidptr=0x55555631e690) = 306 [pid 302] <... close resumed>) = 0 executing program [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fde432ebc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde432ddaa0}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4325b000 [pid 302] mprotect(0x7fde4325c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4327b990, parent_tid=0x7fde4327b990, exit_signal=0, stack=0x7fde4325b000, stack_size=0x20300, tls=0x7fde4327b6c0} => {parent_tid=[309]}, 88) = 309 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fde433456a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fde433456ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x7fde4327b9a0, 24) = 0 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 309] write(3, "6", 1) = 1 [ 22.229981][ T28] audit: type=1400 audit(1725288746.844:69): avc: denied { ioctl } for pid=297 comm="syz-executor394" path="/dev/loop1" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.239663][ T303] Call Trace: [ 22.239671][ T303] [ 22.239678][ T303] dump_stack_lvl+0x151/0x1b7 [ 22.275418][ T303] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.280713][ T303] dump_stack+0x15/0x1c [ 22.284702][ T303] should_fail_ex+0x3d0/0x520 [ 22.289216][ T303] should_fail_alloc_page+0x68/0x90 [ 22.294249][ T303] __alloc_pages+0x1f4/0x780 [ 22.296496][ T309] FAULT_INJECTION: forcing a failure. [ 22.296496][ T309] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [pid 309] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE|1< [pid 302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] futex(0x7fde433456bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.298674][ T303] ? prep_new_page+0x110/0x110 [ 22.298698][ T303] ? prep_new_page+0x110/0x110 [ 22.320894][ T303] ? __kasan_check_write+0x14/0x20 [ 22.325839][ T303] ? _raw_spin_lock+0xa4/0x1b0 [ 22.330443][ T303] __pmd_alloc+0xb1/0x550 [ 22.334606][ T303] ? mas_wr_store_entry+0x445/0x690 [ 22.339643][ T303] ? __pud_alloc+0x260/0x260 [ 22.344064][ T303] ? __pud_alloc+0x214/0x260 [ 22.348493][ T303] ? __kasan_check_read+0x11/0x20 [ 22.353351][ T303] ? hugepage_vma_check+0x182/0x4f0 [ 22.358387][ T303] handle_mm_fault+0xca4/0x30e0 [ 22.363077][ T303] ? numa_migrate_prep+0xe0/0xe0 [ 22.367848][ T303] ? follow_page_mask+0x236/0x1070 [ 22.372796][ T303] ? follow_page+0x250/0x250 [ 22.377223][ T303] __get_user_pages+0x377/0xf20 [ 22.381910][ T303] ? populate_vma_page_range+0x120/0x120 [ 22.387374][ T303] ? userfaultfd_unmap_complete+0x308/0x360 [ 22.393104][ T303] __mm_populate+0x375/0x570 [ 22.397532][ T303] ? userfaultfd_unmap_prep+0x3e0/0x3e0 [ 22.402913][ T303] ? check_vma_flags+0x2d0/0x2d0 [ 22.407688][ T303] vm_mmap_pgoff+0x290/0x430 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555631e6a0, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [pid 306] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7fde432ebc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde432ddaa0}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4325b000 [pid 306] mprotect(0x7fde4325c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4327b990, parent_tid=0x7fde4327b990, exit_signal=0, stack=0x7fde4325b000, stack_size=0x20300, tls=0x7fde4327b6c0} => {parent_tid=[310]}, 88) = 310 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7fde433456a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fde433456ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7fde4327b9a0, 24) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 310] write(3, "6", 1) = 1 [ 22.412114][ T303] ? account_locked_vm+0x250/0x250 [ 22.417065][ T303] ? ptrace_notify+0x249/0x350 [ 22.421663][ T303] ? do_notify_parent+0xa20/0xa20 [ 22.426538][ T303] ksys_mmap_pgoff+0xed/0x1e0 [ 22.429722][ T310] FAULT_INJECTION: forcing a failure. [ 22.429722][ T310] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 22.431032][ T303] ? __kasan_check_write+0x14/0x20 [ 22.449157][ T303] ? fpregs_restore_userregs+0x130/0x290 [ 22.454622][ T303] __x64_sys_mmap+0x103/0x120 [ 22.459137][ T303] x64_sys_call+0x67/0x9a0 [pid 310] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE|1< [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] futex(0x7fde433456bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55555631e6a0, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] write(1, "executing program\n", 18executing program ) = 18 [pid 307] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fde432ebc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde432ddaa0}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4325b000 [ 22.463392][ T303] do_syscall_64+0x3b/0xb0 [ 22.467643][ T303] ? clear_bhb_loop+0x55/0xb0 [ 22.472161][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.477896][ T303] RIP: 0033:0x7fde432c6229 [ 22.482153][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 22.501582][ T303] RSP: 002b:00007fde4327b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [pid 307] mprotect(0x7fde4325c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4327b990, parent_tid=0x7fde4327b990, exit_signal=0, stack=0x7fde4325b000, stack_size=0x20300, tls=0x7fde4327b6c0} => {parent_tid=[311]}, 88) = 311 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fde433456a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.509827][ T303] RAX: ffffffffffffffda RBX: 00007fde433456a8 RCX: 00007fde432c6229 [ 22.517635][ T303] RDX: 000000000200000f RSI: 0000000000b36000 RDI: 0000000020000000 [ 22.525463][ T303] RBP: 00007fde433456a0 R08: 00000000ffffffff R09: 0000000000000000 [ 22.533255][ T303] R10: 0000000004008032 R11: 0000000000000246 R12: 00007fde4327b210 [ 22.541069][ T303] R13: 0000000000000001 R14: 5f646165726f6964 R15: 0030656c69662f2e [ 22.548886][ T303] [ 22.551746][ T309] CPU: 1 PID: 309 Comm: syz-executor394 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 22.561827][ T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 22.571718][ T309] Call Trace: [ 22.574841][ T309] [ 22.577624][ T309] dump_stack_lvl+0x151/0x1b7 [ 22.582278][ T309] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.587517][ T309] dump_stack+0x15/0x1c [ 22.591507][ T309] should_fail_ex+0x3d0/0x520 [ 22.596022][ T309] should_fail_alloc_page+0x68/0x90 [ 22.601058][ T309] __alloc_pages+0x1f4/0x780 [ 22.605481][ T309] ? prep_new_page+0x110/0x110 [ 22.610086][ T309] ? prep_new_page+0x110/0x110 [ 22.614680][ T309] ? __kasan_check_write+0x14/0x20 [ 22.619646][ T309] ? _raw_spin_lock+0xa4/0x1b0 [ 22.624240][ T309] __pmd_alloc+0xb1/0x550 [ 22.628430][ T309] ? mas_wr_store_entry+0x445/0x690 [ 22.633511][ T309] ? __pud_alloc+0x260/0x260 [ 22.637940][ T309] ? __pud_alloc+0x214/0x260 [ 22.642367][ T309] ? __kasan_check_read+0x11/0x20 [ 22.647226][ T309] ? hugepage_vma_check+0x182/0x4f0 [ 22.652261][ T309] handle_mm_fault+0xca4/0x30e0 [ 22.656952][ T309] ? numa_migrate_prep+0xe0/0xe0 [ 22.661722][ T309] ? follow_page_mask+0x236/0x1070 [ 22.666680][ T309] ? follow_page+0x250/0x250 [ 22.671096][ T309] __get_user_pages+0x377/0xf20 [ 22.675796][ T309] ? populate_vma_page_range+0x120/0x120 [ 22.681248][ T309] ? userfaultfd_unmap_complete+0x308/0x360 [ 22.686978][ T309] __mm_populate+0x375/0x570 [ 22.691403][ T309] ? userfaultfd_unmap_prep+0x3e0/0x3e0 [ 22.696785][ T309] ? check_vma_flags+0x2d0/0x2d0 [ 22.701559][ T309] vm_mmap_pgoff+0x290/0x430 [ 22.705985][ T309] ? account_locked_vm+0x250/0x250 [ 22.710930][ T309] ? ptrace_notify+0x249/0x350 [ 22.715536][ T309] ? do_notify_parent+0xa20/0xa20 [ 22.720396][ T309] ksys_mmap_pgoff+0xed/0x1e0 [ 22.724905][ T309] ? __kasan_check_write+0x14/0x20 [ 22.729850][ T309] ? fpregs_restore_userregs+0x130/0x290 [ 22.735319][ T309] __x64_sys_mmap+0x103/0x120 [ 22.739836][ T309] x64_sys_call+0x67/0x9a0 [ 22.744083][ T309] do_syscall_64+0x3b/0xb0 [ 22.748337][ T309] ? clear_bhb_loop+0x55/0xb0 [ 22.752850][ T309] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 22.758578][ T309] RIP: 0033:0x7fde432c6229 [ 22.762837][ T309] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 22.782276][ T309] RSP: 002b:00007fde4327b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 22.790518][ T309] RAX: ffffffffffffffda RBX: 00007fde433456a8 RCX: 00007fde432c6229 [ 22.798332][ T309] RDX: 000000000200000f RSI: 0000000000b36000 RDI: 0000000020000000 [ 22.806141][ T309] RBP: 00007fde433456a0 R08: 00000000ffffffff R09: 0000000000000000 [pid 307] futex(0x7fde433456ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 311 attached ./strace-static-x86_64: Process 308 attached [pid 303] <... mmap resumed>) = 0x20000000 [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] futex(0x7fde433456bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4323a000 [pid 307] mprotect(0x7fde4323b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4325a990, parent_tid=0x7fde4325a990, exit_signal=0, stack=0x7fde4323a000, stack_size=0x20300, tls=0x7fde4325a6c0} => {parent_tid=[314]}, 88) = 314 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fde433456b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fde433456bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 302] <... mmap resumed>) = 0x7fde4323a000 [pid 302] mprotect(0x7fde4323b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4325a990, parent_tid=0x7fde4325a990, exit_signal=0, stack=0x7fde4323a000, stack_size=0x20300, tls=0x7fde4325a6c0} => {parent_tid=[315]}, 88) = 315 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fde433456b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fde433456bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 309] <... mmap resumed>) = 0x20000000 [pid 309] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7fde433456a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x7fde4325a9a0, 24) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] memfd_create("syzkaller", 0) = 4 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fde3ae3a000 [pid 315] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 315] munmap(0x7fde3ae3a000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 315] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 315] close(4) = 0 [ 22.813956][ T309] R10: 0000000004008032 R11: 0000000000000246 R12: 00007fde4327b210 [ 22.821763][ T309] R13: 0000000000000001 R14: 5f646165726f6964 R15: 0030656c69662f2e [ 22.829581][ T309] [ 22.832476][ T310] CPU: 0 PID: 310 Comm: syz-executor394 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 22.842340][ T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 22.851849][ T315] loop0: detected capacity change from 0 to 512 [ 22.852316][ T310] Call Trace: [ 22.852323][ T310] [pid 315] close(5) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOATIME|MS_LAZYTIME|MS_BORN, "dioread_lock,noblock_validity,data_err=abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=rem"... [pid 311] set_robust_list(0x7fde4327b9a0, 24 [pid 308] set_robust_list(0x55555631e6a0, 24 [pid 303] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fde433456bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... set_robust_list resumed>) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] futex(0x7fde433456a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] <... prctl resumed>) = 0 [pid 301] <... mmap resumed>) = 0x7fde4323a000 [pid 311] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 308] setpgid(0, 0 [pid 301] mprotect(0x7fde4323b000, 131072, PROT_READ|PROT_WRITE [pid 311] <... openat resumed>) = 3 [pid 308] <... setpgid resumed>) = 0 [pid 301] <... mprotect resumed>) = 0 [pid 311] write(3, "6", 1 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 311] <... write resumed>) = 1 [pid 308] <... openat resumed>) = 3 [pid 301] <... rt_sigprocmask resumed>[], 8) = 0 [ 22.864299][ T310] dump_stack_lvl+0x151/0x1b7 [ 22.868820][ T310] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 22.873904][ T28] audit: type=1400 audit(1725288747.554:70): avc: denied { mounton } for pid=302 comm="syz-executor394" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.874108][ T310] dump_stack+0x15/0x1c [ 22.900575][ T310] should_fail_ex+0x3d0/0x520 [ 22.901462][ T311] FAULT_INJECTION: forcing a failure. [pid 311] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE|1< [pid 308] write(3, "1000", 4 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4325a990, parent_tid=0x7fde4325a990, exit_signal=0, stack=0x7fde4323a000, stack_size=0x20300, tls=0x7fde4325a6c0} [pid 308] <... write resumed>) = 4 [pid 308] close(3 [pid 301] <... clone3 resumed> => {parent_tid=[316]}, 88) = 316 [pid 308] <... close resumed>) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 308] write(1, "executing program\n", 18 [pid 301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] <... write resumed>) = 18 [pid 301] futex(0x7fde433456b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 301] futex(0x7fde433456bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7fde432ebc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fde432ddaa0}, NULL, 8) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4325b000 [pid 308] mprotect(0x7fde4325c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4327b990, parent_tid=0x7fde4327b990, exit_signal=0, stack=0x7fde4325b000, stack_size=0x20300, tls=0x7fde4327b6c0} => {parent_tid=[317]}, 88) = 317 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fde433456a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.901462][ T311] name failslab, interval 1, probability 0, space 0, times 1 [ 22.905086][ T310] should_fail_alloc_page+0x68/0x90 [ 22.922539][ T310] __alloc_pages+0x1f4/0x780 [ 22.926962][ T310] ? prep_new_page+0x110/0x110 [ 22.931562][ T310] ? prep_new_page+0x110/0x110 [ 22.936158][ T310] ? __kasan_check_write+0x14/0x20 [ 22.941107][ T310] ? _raw_spin_lock+0xa4/0x1b0 [ 22.945703][ T310] __pmd_alloc+0xb1/0x550 [ 22.949871][ T310] ? mas_wr_store_entry+0x445/0x690 [ 22.954903][ T310] ? __pud_alloc+0x260/0x260 [ 22.959328][ T310] ? __pud_alloc+0x214/0x260 [ 22.963759][ T310] ? __kasan_check_read+0x11/0x20 [ 22.968615][ T310] ? hugepage_vma_check+0x182/0x4f0 [ 22.973650][ T310] handle_mm_fault+0xca4/0x30e0 [ 22.978431][ T310] ? numa_migrate_prep+0xe0/0xe0 [ 22.983199][ T310] ? follow_page_mask+0x236/0x1070 [ 22.988146][ T310] ? follow_page+0x250/0x250 [ 22.992572][ T310] __get_user_pages+0x377/0xf20 [ 22.997264][ T310] ? populate_vma_page_range+0x120/0x120 [ 23.002728][ T310] ? userfaultfd_unmap_complete+0x308/0x360 [ 23.008456][ T310] __mm_populate+0x375/0x570 [ 23.012878][ T310] ? userfaultfd_unmap_prep+0x3e0/0x3e0 [ 23.018263][ T310] ? check_vma_flags+0x2d0/0x2d0 [ 23.023036][ T310] vm_mmap_pgoff+0x290/0x430 [ 23.027464][ T310] ? account_locked_vm+0x250/0x250 [ 23.032408][ T310] ? ptrace_notify+0x249/0x350 [ 23.037013][ T310] ? do_notify_parent+0xa20/0xa20 [ 23.041869][ T310] ksys_mmap_pgoff+0xed/0x1e0 [ 23.046381][ T310] ? __kasan_check_write+0x14/0x20 [ 23.051416][ T310] ? fpregs_restore_userregs+0x130/0x290 [ 23.056887][ T310] __x64_sys_mmap+0x103/0x120 [ 23.061398][ T310] x64_sys_call+0x67/0x9a0 [ 23.065648][ T310] do_syscall_64+0x3b/0xb0 [ 23.069903][ T310] ? clear_bhb_loop+0x55/0xb0 [ 23.074415][ T310] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.080147][ T310] RIP: 0033:0x7fde432c6229 [ 23.084398][ T310] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.103840][ T310] RSP: 002b:00007fde4327b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [pid 308] futex(0x7fde433456ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 316 attached ./strace-static-x86_64: Process 314 attached [pid 310] <... mmap resumed>) = 0x20000000 [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] <... mmap resumed>) = 0x7fde4323a000 [ 23.112083][ T310] RAX: ffffffffffffffda RBX: 00007fde433456a8 RCX: 00007fde432c6229 [ 23.119893][ T310] RDX: 000000000200000f RSI: 0000000000b36000 RDI: 0000000020000000 [ 23.127706][ T310] RBP: 00007fde433456a0 R08: 00000000ffffffff R09: 0000000000000000 [ 23.135519][ T310] R10: 0000000004008032 R11: 0000000000000246 R12: 00007fde4327b210 [ 23.143327][ T310] R13: 0000000000000001 R14: 5f646165726f6964 R15: 0030656c69662f2e [ 23.151154][ T310] [ 23.157398][ T311] CPU: 1 PID: 311 Comm: syz-executor394 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 23.165464][ T318] loop4: detected capacity change from 0 to 512 [ 23.167433][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 23.183405][ T311] Call Trace: [ 23.186533][ T311] [ 23.189308][ T311] dump_stack_lvl+0x151/0x1b7 [ 23.193817][ T311] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 23.199114][ T311] dump_stack+0x15/0x1c [ 23.203103][ T311] should_fail_ex+0x3d0/0x520 [ 23.207619][ T311] __should_failslab+0xaf/0xf0 [ 23.212305][ T311] should_failslab+0x9/0x20 [ 23.216641][ T311] kmem_cache_alloc_bulk+0x2e/0x3d0 [ 23.221679][ T311] mas_alloc_nodes+0x3ce/0x7d0 [ 23.226281][ T311] mas_preallocate+0xef2/0x1bd0 [ 23.230968][ T311] ? mas_destroy+0x3280/0x3280 [ 23.235566][ T311] ? rwsem_write_trylock+0x153/0x340 [ 23.240685][ T311] vma_expand+0x2f2/0xa10 [ 23.244852][ T311] ? can_vma_merge_after+0x9b/0x330 [ 23.249885][ T311] mmap_region+0xde5/0x23a0 [ 23.254229][ T311] ? file_mmap_ok+0x150/0x150 [ 23.258737][ T311] ? cap_mmap_addr+0x169/0x2e0 [ 23.263342][ T311] ? get_unmapped_area+0x31d/0x380 [ 23.268285][ T311] do_mmap+0x853/0xe30 [ 23.272191][ T311] ? mlock_future_check+0x110/0x110 [ 23.277222][ T311] ? cgroup_update_frozen+0x15f/0x980 [ 23.282433][ T311] vm_mmap_pgoff+0x208/0x430 [ 23.286862][ T311] ? account_locked_vm+0x250/0x250 [ 23.291803][ T311] ? ptrace_notify+0x249/0x350 [ 23.296407][ T311] ? do_notify_parent+0xa20/0xa20 [ 23.301266][ T311] ksys_mmap_pgoff+0xed/0x1e0 [ 23.305780][ T311] ? __kasan_check_write+0x14/0x20 [ 23.310725][ T311] ? fpregs_restore_userregs+0x130/0x290 [ 23.316194][ T311] __x64_sys_mmap+0x103/0x120 [ 23.320707][ T311] x64_sys_call+0x67/0x9a0 [ 23.324961][ T311] do_syscall_64+0x3b/0xb0 [ 23.329211][ T311] ? clear_bhb_loop+0x55/0xb0 [ 23.333725][ T311] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.339454][ T311] RIP: 0033:0x7fde432c6229 [ 23.343708][ T311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 317] set_robust_list(0x7fde4327b9a0, 24 [pid 316] set_robust_list(0x7fde4325a9a0, 24 [pid 314] set_robust_list(0x7fde4325a9a0, 24 [pid 310] futex(0x7fde433456ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fde433456bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] mprotect(0x7fde4323b000, 131072, PROT_READ|PROT_WRITE [pid 308] <... futex resumed>) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fde4323a000 [pid 308] mprotect(0x7fde4323b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4325a990, parent_tid=0x7fde4325a990, exit_signal=0, stack=0x7fde4323a000, stack_size=0x20300, tls=0x7fde4325a6c0} => {parent_tid=[318]}, 88) = 318 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fde433456b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fde433456bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7fde4325a9a0, 24) = 0 [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] memfd_create("syzkaller", 0) = 3 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fde3ae3a000 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 318] munmap(0x7fde3ae3a000, 138412032) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 318] close(3) = 0 [pid 318] close(4 [pid 317] <... set_robust_list resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 310] <... futex resumed>) = 0 [pid 306] <... mprotect resumed>) = 0 [pid 310] futex(0x7fde433456a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fde4325a990, parent_tid=0x7fde4325a990, exit_signal=0, stack=0x7fde4323a000, stack_size=0x20300, tls=0x7fde4325a6c0} => {parent_tid=[319]}, 88) = 319 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7fde433456b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fde433456bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x7fde4325a9a0, 24) = 0 [ 23.363147][ T311] RSP: 002b:00007fde4327b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 23.371393][ T311] RAX: ffffffffffffffda RBX: 00007fde433456a8 RCX: 00007fde432c6229 [ 23.379204][ T311] RDX: 000000000200000f RSI: 0000000000b36000 RDI: 0000000020000000 [ 23.387015][ T311] RBP: 00007fde433456a0 R08: 00000000ffffffff R09: 0000000000000000 [ 23.394827][ T311] R10: 0000000004008032 R11: 0000000000000246 R12: 00007fde4327b210 [ 23.402636][ T311] R13: 0000000000000001 R14: 5f646165726f6964 R15: 0030656c69662f2e [ 23.410454][ T311] [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] memfd_create("syzkaller", 0) = 4 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fde3ae3a000 [pid 319] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 319] munmap(0x7fde3ae3a000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 317] rt_sigprocmask(SIG_SETMASK, [], [pid 316] rt_sigprocmask(SIG_SETMASK, [], [ 23.413835][ T311] ------------[ cut here ]------------ [ 23.419138][ T311] kernel BUG at mm/mmap.c:2831! [ 23.425087][ T311] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.430974][ T311] CPU: 0 PID: 311 Comm: syz-executor394 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 23.440867][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 23.450763][ T311] RIP: 0010:mmap_region+0x2278/0x23a0 [ 23.455979][ T311] Code: 03 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 37 fb ff ff 48 89 df e8 89 72 09 00 e9 2a fb ff ff e8 6f 4c c2 ff 0f 0b e8 68 4c c2 ff <0f> 0b 65 8b 05 6f b8 4e 7e 41 89 c6 4c 89 f0 48 c1 e8 06 48 8d 3c [ 23.475503][ T311] RSP: 0018:ffffc90000f67a40 EFLAGS: 00010293 [ 23.481399][ T311] RAX: ffffffff81b358e8 RBX: 0000000020b35fff RCX: ffff888109f1bcc0 [ 23.489217][ T311] RDX: 0000000000000000 RSI: 0000000020b35fff RDI: 0000000020b36000 [ 23.497023][ T311] RBP: ffffc90000f67c50 R08: ffffffff81b34511 R09: ffffffff850fbd43 [ 23.504846][ T311] R10: 0000000000000003 R11: ffff888109f1bcc0 R12: ffffc90000f67ba8 [ 23.512646][ T311] R13: dffffc0000000000 R14: 0000000020000000 R15: 0000000020b36000 [ 23.520459][ T311] FS: 00007fde4327b6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.529494][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.535918][ T311] CR2: 00007ffc3d1bcbc8 CR3: 0000000121424000 CR4: 00000000003506b0 [ 23.543817][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.551624][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.559437][ T311] Call Trace: [ 23.562565][ T311] [ 23.565343][ T311] ? __die_body+0x62/0xb0 [ 23.569507][ T311] ? die+0x88/0xb0 [ 23.573063][ T311] ? do_trap+0x103/0x330 [ 23.577331][ T311] ? mmap_region+0x2278/0x23a0 [ 23.581935][ T311] ? handle_invalid_op+0x95/0xc0 [ 23.586703][ T311] ? mmap_region+0x2278/0x23a0 [ 23.591306][ T311] ? exc_invalid_op+0x32/0x50 [ 23.595817][ T311] ? asm_exc_invalid_op+0x1b/0x20 [ 23.600679][ T311] ? mas_next_slot+0x413/0xb00 [ 23.605386][ T311] ? mmap_region+0xea1/0x23a0 [ 23.609882][ T311] ? mmap_region+0x2278/0x23a0 [ 23.614484][ T311] ? mmap_region+0x2278/0x23a0 [ 23.619089][ T311] ? file_mmap_ok+0x150/0x150 [ 23.623597][ T311] ? cap_mmap_addr+0x169/0x2e0 [ 23.628200][ T311] ? get_unmapped_area+0x31d/0x380 [ 23.633144][ T311] do_mmap+0x853/0xe30 [ 23.637055][ T311] ? mlock_future_check+0x110/0x110 [ 23.642086][ T311] ? cgroup_update_frozen+0x15f/0x980 [ 23.647429][ T311] vm_mmap_pgoff+0x208/0x430 [ 23.651853][ T311] ? account_locked_vm+0x250/0x250 [ 23.656923][ T311] ? ptrace_notify+0x249/0x350 [ 23.661513][ T311] ? do_notify_parent+0xa20/0xa20 [ 23.666374][ T311] ksys_mmap_pgoff+0xed/0x1e0 [ 23.670885][ T311] ? __kasan_check_write+0x14/0x20 [ 23.675833][ T311] ? fpregs_restore_userregs+0x130/0x290 [ 23.681322][ T311] __x64_sys_mmap+0x103/0x120 [ 23.685814][ T311] x64_sys_call+0x67/0x9a0 [ 23.690068][ T311] do_syscall_64+0x3b/0xb0 [ 23.694319][ T311] ? clear_bhb_loop+0x55/0xb0 [ 23.698832][ T311] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 23.704563][ T311] RIP: 0033:0x7fde432c6229 [ 23.708814][ T311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.728507][ T311] RSP: 002b:00007fde4327b1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 23.736750][ T311] RAX: ffffffffffffffda RBX: 00007fde433456a8 RCX: 00007fde432c6229 [ 23.744554][ T311] RDX: 000000000200000f RSI: 0000000000b36000 RDI: 0000000020000000 [ 23.752367][ T311] RBP: 00007fde433456a0 R08: 00000000ffffffff R09: 0000000000000000 [ 23.760176][ T311] R10: 0000000004008032 R11: 0000000000000246 R12: 00007fde4327b210 [ 23.767994][ T311] R13: 0000000000000001 R14: 5f646165726f6964 R15: 0030656c69662f2e [ 23.775810][ T311] [ 23.778675][ T311] Modules linked in: [ 23.782577][ T311] ---[ end trace 0000000000000000 ]--- [ 23.783731][ T315] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 23.788191][ T311] RIP: 0010:mmap_region+0x2278/0x23a0 [ 23.799692][ T315] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 23.804933][ T311] Code: 03 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 37 fb ff ff 48 89 df e8 89 72 09 00 e9 2a fb ff ff e8 6f 4c c2 ff 0f 0b e8 68 4c c2 ff <0f> 0b 65 8b 05 6f b8 4e 7e 41 89 c6 4c 89 f0 48 c1 e8 06 48 8d 3c [ 23.814782][ T315] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor394: Corrupt directory, running e2fsck is recommended [ 23.834268][ T311] RSP: 0018:ffffc90000f67a40 EFLAGS: 00010293 [ 23.853626][ T311] RAX: ffffffff81b358e8 RBX: 0000000020b35fff RCX: ffff888109f1bcc0 [ 23.853947][ T315] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 23.861467][ T311] RDX: 0000000000000000 RSI: 0000000020b35fff RDI: 0000000020b36000 [ 23.869821][ T315] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor394: corrupted in-inode xattr [ 23.877332][ T311] RBP: ffffc90000f67c50 R08: ffffffff81b34511 R09: ffffffff850fbd43 [ 23.889699][ T315] EXT4-fs (loop0): Remounting filesystem read-only [ 23.897262][ T311] R10: 0000000000000003 R11: ffff888109f1bcc0 R12: ffffc90000f67ba8 [ 23.903731][ T315] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor394: couldn't read orphan inode 15 (err -117) [ 23.911426][ T311] R13: dffffc0000000000 R14: 0000000020000000 R15: 0000000020b36000 [ 23.923750][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.931307][ T311] FS: 00007fde4327b6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.940520][ T28] audit: type=1400 audit(1725288748.624:71): avc: denied { mount } for pid=302 comm="syz-executor394" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.948657][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.948690][ T311] CR2: 00007ffc3d1bcbc8 CR3: 0000000121424000 CR4: 00000000003506b0 [ 23.984513][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.992321][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.000139][ T311] Kernel panic - not syncing: Fatal exception [ 24.006502][ T311] Kernel Offset: disabled [ 24.010630][ T311] Rebooting in 86400 seconds..