./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1396972668 <...> [ 4.020530][ T24] audit: type=1400 audit(1684337094.160:9): avc: denied { append open } for pid=74 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 4.023647][ T24] audit: type=1400 audit(1684337094.160:10): avc: denied { getattr } for pid=74 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 4.331137][ T91] udevd[91]: starting version 3.2.11 [ 4.484941][ T92] udevd[92]: starting eudev-3.2.11 [ 12.889987][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 12.889996][ T24] audit: type=1400 audit(1684337103.060:61): avc: denied { transition } for pid=216 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.894141][ T24] audit: type=1400 audit(1684337103.060:62): avc: denied { noatsecure } for pid=216 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.899326][ T24] audit: type=1400 audit(1684337103.060:63): avc: denied { write } for pid=216 comm="sh" path="pipe:[993]" dev="pipefs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.905892][ T24] audit: type=1400 audit(1684337103.060:64): avc: denied { rlimitinh } for pid=216 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.909351][ T24] audit: type=1400 audit(1684337103.060:65): avc: denied { siginh } for pid=216 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. execve("./syz-executor1396972668", ["./syz-executor1396972668"], 0x7ffd90e20090 /* 10 vars */) = 0 brk(NULL) = 0x5555572c8000 brk(0x5555572c8c40) = 0x5555572c8c40 arch_prctl(ARCH_SET_FS, 0x5555572c8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555572c85d0) = 286 set_robust_list(0x5555572c85e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa1e8b46a40, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa1e8b47110}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa1e8b46ae0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1e8b47110}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1396972668", 4096) = 28 brk(0x5555572e9c40) = 0x5555572e9c40 brk(0x5555572ea000) = 0x5555572ea000 mprotect(0x7fa1e8c09000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 287 ./strace-static-x86_64: Process 287 attached [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] set_robust_list(0x5555572c85e0, 24./strace-static-x86_64: Process 288 attached [pid 286] <... clone resumed>, child_tidptr=0x5555572c85d0) = 288 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 289 ./strace-static-x86_64: Process 289 attached [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] set_robust_list(0x5555572c85e0, 24 [pid 287] <... set_robust_list resumed>) = 0 [pid 287] getpid() = 287 [pid 287] mkdir("./syzkaller.QtzetV", 0700./strace-static-x86_64: Process 290 attached [pid 289] set_robust_list(0x5555572c85e0, 24 [pid 288] <... set_robust_list resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x5555572c85d0) = 290 [pid 287] chmod("./syzkaller.QtzetV", 0777) = 0 [pid 287] chdir("./syzkaller.QtzetV") = 0 [pid 287] mkdir("./0", 0777 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... set_robust_list resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 291 ./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x5555572c85e0, 24) = 0 [pid 291] chdir("./0") = 0 [pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 291] setpgid(0, 0) = 0 [pid 291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 291] write(3, "1000", 4) = 4 [pid 291] close(3) = 0 [pid 291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1e8b15000 [pid 291] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[292], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 292 [pid 291] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x7fa1e8b359e0, 24) = 0 [pid 292] memfd_create("syzkaller", 0) = 3 [pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1e0715000 [pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 292] munmap(0x7fa1e0715000, 524288) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 292] close(3) = 0 [pid 292] mkdir("./file0", 0777) = 0 [pid 292] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 290] set_robust_list(0x5555572c85e0, 24) = 0 [pid 290] getpid() = 290 [pid 290] mkdir("./syzkaller.HNdAh7", 0700) = 0 [pid 290] chmod("./syzkaller.HNdAh7", 0777) = 0 [pid 290] chdir("./syzkaller.HNdAh7") = 0 [pid 290] mkdir("./0", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x5555572c85e0, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1e8b15000 [pid 295] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[296], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 296 [pid 295] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x7fa1e8b359e0, 24) = 0 [pid 296] memfd_create("syzkaller", 0) = 3 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1e0715000 [pid 296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 296] munmap(0x7fa1e0715000, 524288) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 296] ioctl(4, LOOP_SET_FD, 3 [pid 288] getpid() = 288 [pid 288] mkdir("./syzkaller.90saSW", 0700) = 0 [pid 288] chmod("./syzkaller.90saSW", 0777) = 0 [pid 288] chdir("./syzkaller.90saSW") = 0 [pid 288] mkdir("./0", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 286] <... clone resumed>, child_tidptr=0x5555572c85d0) = 299 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 300 [ 22.530284][ T24] audit: type=1400 audit(1684337112.700:66): avc: denied { execmem } for pid=286 comm="syz-executor139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.554182][ T24] audit: type=1400 audit(1684337112.720:67): avc: denied { read write } for pid=287 comm="syz-executor139" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 299 attached [ 22.585352][ T24] audit: type=1400 audit(1684337112.720:68): avc: denied { open } for pid=287 comm="syz-executor139" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.586756][ T292] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,,errors=continue [pid 300] set_robust_list(0x5555572c85e0, 24 [pid 299] set_robust_list(0x5555572c85e0, 24 [pid 296] <... ioctl resumed>) = 0 [pid 296] close(3) = 0 [pid 296] mkdir("./file0", 0777) = 0 [pid 296] mount("/dev/loop3", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] getpid() = 289 [pid 289] mkdir("./syzkaller.XCDqa4", 0700) = 0 [pid 288] <... clone resumed>, child_tidptr=0x5555572c85d0) = 301 [pid 289] chmod("./syzkaller.XCDqa4", 0777) = 0 [pid 289] chdir("./syzkaller.XCDqa4") = 0 [pid 289] mkdir("./0", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c85d0) = 302 [pid 292] <... mount resumed>) = 0 [pid 292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 292] chdir("./file0") = 0 [pid 292] ioctl(4, LOOP_CLR_FD) = 0 [pid 292] close(4) = 0 [pid 292] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... futex resumed>) = 1 [pid 292] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 292] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... futex resumed>) = 1 [pid 292] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 292] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... futex resumed>) = 1 [pid 292] ftruncate(5, 33587199) = 0 [pid 292] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... futex resumed>) = 1 [pid 292] sendfile(4, 5, NULL, 281474978811909 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 299] getpid( [pid 300] getpid( [pid 299] <... getpid resumed>) = 299 [pid 300] <... getpid resumed>) = 300 [pid 299] mkdir("./syzkaller.aZSEwN", 0700 [pid 300] mkdir("./syzkaller.lxbawR", 0700) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 300] chmod("./syzkaller.lxbawR", 0777 [pid 299] chmod("./syzkaller.aZSEwN", 0777) = 0 [pid 300] <... chmod resumed>) = 0 [pid 300] chdir("./syzkaller.lxbawR" [pid 299] chdir("./syzkaller.aZSEwN" [pid 300] <... chdir resumed>) = 0 [pid 299] <... chdir resumed>) = 0 [pid 300] mkdir("./0", 0777 [pid 299] mkdir("./0", 0777 [pid 300] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] close(3 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... close resumed>) = 0 [pid 300] close(3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... close resumed>) = 0 [ 22.610081][ T24] audit: type=1400 audit(1684337112.720:69): avc: denied { ioctl } for pid=287 comm="syz-executor139" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ./strace-static-x86_64: Process 304 attached ./strace-static-x86_64: Process 302 attached ./strace-static-x86_64: Process 301 attached [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] set_robust_list(0x5555572c85e0, 24 [pid 302] set_robust_list(0x5555572c85e0, 24 [pid 301] set_robust_list(0x5555572c85e0, 24 [pid 299] <... clone resumed>, child_tidptr=0x5555572c85d0) = 304 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x5555572c85e0, 24) = 0 [pid 308] chdir("./0") = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 302] <... set_robust_list resumed>) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] chdir("./0" [pid 304] <... set_robust_list resumed>) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 304] chdir("./0" [pid 301] chdir("./0" [pid 302] <... chdir resumed>) = 0 [pid 304] <... chdir resumed>) = 0 [pid 301] <... chdir resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] <... prctl resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] <... openat resumed>) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1e8b15000 [pid 308] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[309], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 309 [pid 308] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 302] setpgid(0, 0 [pid 301] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0 [pid 304] <... prctl resumed>) = 0 [pid 301] <... setpgid resumed>) = 0 [pid 302] <... setpgid resumed>) = 0 [pid 304] setpgid(0, 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] <... setpgid resumed>) = 0 [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] <... openat resumed>) = 3 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 302] <... openat resumed>) = 3 [pid 300] <... clone resumed>, child_tidptr=0x5555572c85d0) = 308 [pid 304] <... openat resumed>) = 3 [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 291] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 304] write(3, "1000", 4 [pid 302] write(3, "1000", 4 [pid 301] write(3, "1000", 4 [pid 291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] <... write resumed>) = 4 [pid 304] <... write resumed>) = 4 [pid 301] <... write resumed>) = 4 [pid 291] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1e0774000 [pid 291] mprotect(0x7fa1e0775000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 291] clone(child_stack=0x7fa1e07943f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[310], tls=0x7fa1e0794700, child_tidptr=0x7fa1e07949d0) = 310 [pid 291] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] close(3 [pid 304] close(3 [pid 301] close(3./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x7fa1e8b359e0, 24) = 0 [pid 309] memfd_create("syzkaller", 0) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa1e0715000 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7fa1e07949e0, 24) = 0 [pid 310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 310] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 1 [pid 310] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6 [pid 310] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 291] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 1 [pid 310] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5) = 1099 [pid 310] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = 1 [pid 310] futex(0x7fa1e8c0f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 309] munmap(0x7fa1e0715000, 524288) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] close(3) = 0 [pid 309] mkdir("./file0", 0777) = 0 [ 22.669358][ T24] audit: type=1400 audit(1684337112.730:70): avc: denied { mounton } for pid=291 comm="syz-executor139" path="/root/syzkaller.QtzetV/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.704667][ T296] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,,errors=continue [pid 309] mount("/dev/loop5", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 304] <... close resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs" [pid 302] symlink("/dev/binderfs", "./binderfs" [pid 301] symlink("/dev/binderfs", "./binderfs" [pid 296] <... mount resumed>) = 0 [pid 304] <... symlink resumed>) = 0 [pid 302] <... symlink resumed>) = 0 [pid 301] <... symlink resumed>) = 0 [pid 296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 304] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 304] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 296] chdir("./file0" [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... chdir resumed>) = 0 [pid 304] <... mmap resumed>) = 0x7fa1e8b15000 [pid 302] <... mmap resumed>) = 0x7fa1e8b15000 [pid 301] <... mmap resumed>) = 0x7fa1e8b15000 [pid 296] ioctl(4, LOOP_CLR_FD [pid 304] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE [pid 302] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE [pid 301] mprotect(0x7fa1e8b16000, 131072, PROT_READ|PROT_WRITE [pid 296] <... ioctl resumed>) = 0 [pid 304] <... mprotect resumed>) = 0 [pid 302] <... mprotect resumed>) = 0 [pid 301] <... mprotect resumed>) = 0 [pid 296] close(4 [pid 304] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 302] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 301] clone(child_stack=0x7fa1e8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 296] <... close resumed>) = 0 [pid 296] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... clone resumed>, parent_tid=[315], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 315 [pid 302] <... clone resumed>, parent_tid=[313], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 313 [pid 301] <... clone resumed>, parent_tid=[314], tls=0x7fa1e8b35700, child_tidptr=0x7fa1e8b359d0) = 314 [pid 296] <... futex resumed>) = 1 [pid 304] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7fa1e8c0f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 304] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 22.716390][ T24] audit: type=1400 audit(1684337112.810:71): avc: denied { mount } for pid=291 comm="syz-executor139" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.728502][ T292] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm syz-executor139: Invalid inode table block 5 in block_group 0 [ 22.750212][ T24] audit: type=1400 audit(1684337112.810:72): avc: denied { write } for pid=291 comm="syz-executor139" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 302] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 301] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... futex resumed>) = 0 ./strace-static-x86_64: Process 315 attached ./strace-static-x86_64: Process 314 attached ./strace-static-x86_64: Process 313 attached [pid 292] <... sendfile resumed>) = 262144 [pid 292] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] exit_group(0 [pid 310] <... futex resumed>) = ? [pid 292] <... futex resumed>) = ? [pid 291] <... exit_group resumed>) = ? [pid 315] set_robust_list(0x7fa1e8b359e0, 24 [pid 314] set_robust_list(0x7fa1e8b359e0, 24 [pid 313] set_robust_list(0x7fa1e8b359e0, 24 [pid 310] +++ exited with 0 +++ [pid 309] <... mount resumed>) = 0 [pid 295] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] +++ exited with 0 +++ [ 22.785641][ T309] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,,errors=continue [ 22.801676][ T291] ------------[ cut here ]------------ [ 22.809355][ T24] audit: type=1400 audit(1684337112.810:73): avc: denied { add_name } for pid=291 comm="syz-executor139" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 315] <... set_robust_list resumed>) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 313] <... set_robust_list resumed>) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 1 [ 22.827828][ T291] kernel BUG at fs/ext4/ext4.h:3247! [ 22.834793][ T24] audit: type=1400 audit(1684337112.810:74): avc: denied { create } for pid=291 comm="syz-executor139" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.841518][ T291] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.860555][ T24] audit: type=1400 audit(1684337112.820:75): avc: denied { read write open } for pid=291 comm="syz-executor139" path="/root/syzkaller.QtzetV/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.865744][ T291] CPU: 0 PID: 291 Comm: syz-executor139 Not tainted 5.10.178-syzkaller-00127-g43c801dc3325 #0 [ 22.900976][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 22.910900][ T291] RIP: 0010:ext4_mb_load_buddy_gfp+0xf5d/0x1020 [ 22.916954][ T291] Code: ff e8 77 3b c8 ff e9 f0 f2 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 7d 3b c8 ff e9 48 f3 ff ff e8 73 2d 8b ff <0f> 0b e9 62 00 00 00 e8 67 2d 8b ff e9 ef fb ff ff e9 65 00 00 00 [ 22.936392][ T291] RSP: 0018:ffffc90000b77a30 EFLAGS: 00010293 [ 22.942286][ T291] RAX: ffffffff81df45ad RBX: 00000000ffff821c RCX: ffff88811e584f00 [ 22.950093][ T291] RDX: 0000000000000000 RSI: 00000000ffff821c RDI: 0000000000000001 [ 22.957909][ T291] RBP: ffffc90000b77ab0 R08: ffffffff81df373c R09: ffffed1021ff8384 [ 22.965725][ T291] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 22.973533][ T291] R13: ffff88811e8bd000 R14: 1ffff11023d17879 R15: ffff88811e8bc3c8 [ 22.981341][ T291] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.990108][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.996540][ T291] CR2: 0000000000618348 CR3: 000000011e7e4000 CR4: 00000000003506b0 [ 23.004341][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.012150][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.019964][ T291] Call Trace: [ 23.023096][ T291] ? _raw_spin_trylock_bh+0x190/0x190 [ 23.028303][ T291] ext4_discard_preallocations+0x79c/0xef0 [ 23.033946][ T291] ? mb_test_and_clear_bits+0x240/0x240 [ 23.039324][ T291] ext4_release_file+0x16e/0x310 [ 23.044095][ T291] ? ext4_file_open+0x660/0x660 [ 23.048780][ T291] __fput+0x309/0x760 [ 23.052599][ T291] ____fput+0x15/0x20 [ 23.056418][ T291] task_work_run+0x129/0x190 [ 23.060845][ T291] do_exit+0xc83/0x2a50 [ 23.064848][ T291] ? put_task_struct+0x80/0x80 [ 23.069441][ T291] ? __kasan_check_write+0x14/0x20 [ 23.074383][ T291] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.079334][ T291] ? _raw_spin_lock_irqsave+0x210/0x210 [ 23.084714][ T291] ? wake_up_state+0xb/0x10 [ 23.089056][ T291] ? zap_other_threads+0x237/0x270 [ 23.094000][ T291] do_group_exit+0x141/0x310 [ 23.098426][ T291] __x64_sys_exit_group+0x3f/0x40 [ 23.103298][ T291] do_syscall_64+0x34/0x70 [ 23.107545][ T291] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.113269][ T291] RIP: 0033:0x7fa1e8b88569 [ 23.117515][ T291] Code: Unable to access opcode bytes at RIP 0x7fa1e8b8853f. [ 23.124720][ T291] RSP: 002b:00007ffd89c3cc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 315] memfd_create("syzkaller", 0 [pid 314] memfd_create("syzkaller", 0 [pid 313] memfd_create("syzkaller", 0 [pid 309] <... openat resumed>) = 3 [pid 296] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... memfd_create resumed>) = 3 [pid 314] <... memfd_create resumed>) = 3 [pid 313] <... memfd_create resumed>) = 3 [pid 309] chdir("./file0" [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 309] <... chdir resumed>) = 0 [pid 315] <... mmap resumed>) = 0x7fa1e0715000 [pid 314] <... mmap resumed>) = 0x7fa1e0715000 [pid 313] <... mmap resumed>) = 0x7fa1e0715000 [pid 309] ioctl(4, LOOP_CLR_FD [pid 296] <... open resumed>) = 4 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 309] <... ioctl resumed>) = 0 [pid 296] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] close(4 [pid 296] <... futex resumed>) = 1 [pid 295] <... futex resumed>) = 0 [pid 309] <... close resumed>) = 0 [pid 296] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 295] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... open resumed>) = 5 [pid 295] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 0 [pid 296] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 308] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... open resumed>) = 4 [pid 308] <... futex resumed>) = 0 [pid 296] ftruncate(5, 33587199 [pid 295] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... ftruncate resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 0 [pid 308] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 308] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 295] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... open resumed>) = 5 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] sendfile(4, 5, NULL, 281474978811909 [pid 295] <... futex resumed>) = 0 [pid 309] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 0 [pid 315] <... write resumed>) = 524288 [pid 314] <... write resumed>) = 524288 [pid 313] <... write resumed>) = 524288 [pid 309] ftruncate(5, 33587199 [pid 308] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... ftruncate resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 309] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fa1e8c0f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] futex(0x7fa1e8c0f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] <... futex resumed>) = 0 [pid 309] sendfile(4, 5, NULL, 281474978811909 [pid 308] futex(0x7fa1e8c0f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] <... mmap resumed>) = 0x7fa1e0774000 [pid 295] <... mmap resumed>) = 0x7fa1e0774000 [pid 308] mprotect(0x7fa1e0775000, 131072, PROT_READ|PROT_WRITE [pid 295] mprotect(0x7fa1e0775000, 131072, PROT_READ|PROT_WRITE [pid 308] <... mprotect resumed>) = 0 [pid 295] <... mprotect resumed>) = 0 [pid 308] clone(child_stack=0x7fa1e07943f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 295] clone(child_stack=0x7fa1e07943f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 308] <... clone resumed>, parent_tid=[316], tls=0x7fa1e0794700, child_tidptr=0x7fa1e07949d0) = 316 [pid 295] <... clone resumed>, parent_tid=[317], tls=0x7fa1e0794700, child_tidptr=0x7fa1e07949d0) = 317 [pid 308] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 308] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 23.133093][ T291] RAX: ffffffffffffffda RBX: 00007fa1e8c0f470 RCX: 00007fa1e8b88569 [ 23.140894][ T291] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 23.148705][ T291] RBP: 0000000000000000 R08: ffffffffffffffb8 R09: 0000000000000000 [ 23.156516][ T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa1e8c0f470 [ 23.164326][ T291] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 23.172138][ T291] Modules linked in: [ 23.178070][ T291] ---[ end trace a00a21c7b37d8d2e ]--- [pid 295] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 316 attached [pid 315] munmap(0x7fa1e0715000, 524288 [pid 314] munmap(0x7fa1e0715000, 524288 [pid 313] munmap(0x7fa1e0715000, 524288 [pid 317] set_robust_list(0x7fa1e07949e0, 24 [pid 316] set_robust_list(0x7fa1e07949e0, 24 [pid 315] <... munmap resumed>) = 0 [pid 314] <... munmap resumed>) = 0 [pid 313] <... munmap resumed>) = 0 [pid 309] <... sendfile resumed>) = 376832 [pid 296] <... sendfile resumed>) = 376832 [pid 317] <... set_robust_list resumed>) = 0 [pid 317] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 317] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 295] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... open resumed>) = 6 [pid 295] <... futex resumed>) = 0 [pid 317] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 295] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... set_robust_list resumed>) = 0 [pid 316] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 316] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 316] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 308] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... open resumed>) = 6 [pid 308] <... futex resumed>) = 0 [pid 316] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 308] futex(0x7fa1e8c0f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fa1e8c0f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3 [pid 314] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 313] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 317] <... writev resumed>) = 1099 [pid 309] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7fa1e8c0f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 309] futex(0x7fa1e8c0f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7fa1e8c0f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... futex resumed>) = 0 [pid 317] futex(0x7fa1e8c0f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] exit_group(0 [pid 317] <... futex resumed>) = ? [pid 296] <... futex resumed>) = ? [pid 295] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 315] <... ioctl resumed>) = 0 [pid 315] close(3) = 0 [ 23.184002][ T291] RIP: 0010:ext4_mb_load_buddy_gfp+0xf5d/0x1020 [ 23.190733][ T291] Code: ff e8 77 3b c8 ff e9 f0 f2 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 52 f3 ff ff e8 7d 3b c8 ff e9 48 f3 ff ff e8 73 2d 8b ff <0f> 0b e9 62 00 00 00 e8 67 2d 8b ff e9 ef fb ff ff e9 65 00 00 00 [ 23.210787][ T291] RSP: 0018:ffffc90000b77a30 EFLAGS: 00010293 [ 23.216785][ T291] RAX: ffffffff81df45ad RBX: 00000000ffff821c RCX: ffff88811e584f00 [ 23.224587][ T291] RDX: 0000000000000000 RSI: 00000000ffff821c RDI: 0000000000000001 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop4", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 314] <... openat resumed>) = 4 [pid 313] <... openat resumed>) = 4 [pid 316] <... writev resumed>) = 1099 [pid 314] ioctl(4, LOOP_SET_FD, 3 [pid 313] ioctl(4, LOOP_SET_FD, 3 [pid 295] +++ exited with 0 +++ [pid 316] futex(0x7fa1e8c0f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 316] futex(0x7fa1e8c0f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] exit_group(0) = ? [pid 309] <... futex resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 290] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 290] getdents64(3, 0x5555572c9620 /* 4 entries */, 32768) = 112 [pid 290] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 290] unlink("./0/binderfs") = 0 [pid 290] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 316] <... futex resumed>) = ? [pid 314] <... ioctl resumed>) = 0 [pid 313] <... ioctl resumed>) = 0 [pid 314] close(3 [ 23.232718][ T291] RBP: ffffc90000b77ab0 R08: ffffffff81df373c R09: ffffed1021ff8384 [ 23.240849][ T291] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 23.248990][ T291] R13: ffff88811e8bd000 R14: 1ffff11023d17879 R15: ffff88811e8bc3c8 [ 23.257001][ T291] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.266608][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 313] close(3 [pid 314] <... close resumed>) = 0 [pid 313] <... close resumed>) = 0 [pid 315] <... mount resumed>) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("./file0") = 0 [pid 315] ioctl(4, LOOP_CLR_FD [pid 314] mkdir("./file0", 0777 [pid 313] mkdir("./file0", 0777 [pid 314] <... mkdir resumed>) = 0 [pid 314] mount("/dev/loop1", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 313] <... mkdir resumed>) = 0 [pid 313] mount("/dev/loop2", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 290] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 23.267917][ T315] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,,errors=continue [ 23.273171][ T291] CR2: 00007fa1e8bdad08 CR3: 000000011e9ba000 CR4: 00000000003506a0 [ 23.304228][ T291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.312059][ T291] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.320035][ T291] Kernel panic - not syncing: Fatal exception [ 23.326174][ T291] Kernel Offset: disabled [ 23.330305][ T291] Rebooting in 86400 seconds..