./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2139716637 <...> Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. execve("./syz-executor2139716637", ["./syz-executor2139716637"], 0x7ffd0ef245c0 /* 10 vars */) = 0 brk(NULL) = 0x555555c43000 brk(0x555555c43d40) = 0x555555c43d40 arch_prctl(ARCH_SET_FS, 0x555555c43400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555c436d0) = 5061 set_robust_list(0x555555c436e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f68c438a8c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f68c4389e10}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f68c438a960, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f68c4389e10}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2139716637", 4096) = 28 brk(0x555555c64d40) = 0x555555c64d40 brk(0x555555c65000) = 0x555555c65000 mprotect(0x7f68c444d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f68c4384400, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f68c4389e10}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f68c4384400, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f68c4389e10}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x555555c436e0, 24) = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5062] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5064], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5064 [pid 5062] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5064] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5064] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5064] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5062] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5062] <... mprotect resumed>) = 0 [pid 5062] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5065], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5065 [pid 5062] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5065] memfd_create("syzkaller", 0) = 4 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5065] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5065] munmap(0x7f68bbf38000, 131072) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5065] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_RELATIME|MS_STRICTATIME, "") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(5, LOOP_CLR_FD) = 0 [pid 5065] close(5) = 0 [pid 5065] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5064] <... write resumed>) = 3108864 [pid 5064] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... mmap resumed>) = 0x20000000 [pid 5065] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 0 [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5064] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5064] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5064] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5064] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] exit_group(0) = ? [pid 5065] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] <... futex resumed>) = ? syzkaller login: [ 39.522166][ T5065] loop0: detected capacity change from 0 to 256 [pid 5064] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x555555c436e0, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5066] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5067 attached , parent_tid=[5067], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5067 [pid 5067] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5067] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... futex resumed>) = 0 [pid 5067] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5067] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... futex resumed>) = 0 [pid 5067] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5067] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5066] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE [pid 5067] <... futex resumed>) = 0 [pid 5066] <... mprotect resumed>) = 0 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5066] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7f68c43589e0, 24 [pid 5066] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5068] <... set_robust_list resumed>) = 0 [pid 5068] memfd_create("syzkaller", 0) = 4 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5068] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5068] munmap(0x7f68bbf38000, 131072) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5068] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5068] ioctl(5, LOOP_CLR_FD) = 0 [pid 5068] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5068] close(5) = 0 [pid 5068] close(4) = 0 [pid 5068] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5068] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5068] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5068] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5067] <... write resumed>) = 593920 [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5068] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48 [pid 5067] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... write resumed>) = 48 [pid 5067] <... futex resumed>) = 0 [pid 5067] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555555c436e0, 24) = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5069] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5070 [pid 5069] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5070] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5070] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5070] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5070] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5069] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5071 [pid 5069] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5071] memfd_create("syzkaller", 0) = 4 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5071] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5071] munmap(0x7f68bbf38000, 131072) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5071] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5071] ioctl(5, LOOP_CLR_FD) = 0 [pid 5071] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5071] close(5) = 0 [pid 5071] close(4) = 0 [pid 5071] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5070] <... write resumed>) = 2936832 [pid 5070] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... mmap resumed>) = 0x20000000 [pid 5071] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5070] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5070] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 1 [pid 5071] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5070] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5070] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] exit_group(0) = ? [pid 5071] <... futex resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555555c436e0, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5072] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5073 [pid 5072] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5073] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5073] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5073] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5072] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5072] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5074], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5074 [pid 5072] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5074] memfd_create("syzkaller", 0) = 4 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5074] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5074] munmap(0x7f68bbf38000, 131072) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5074] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5074] ioctl(5, LOOP_CLR_FD) = 0 [pid 5074] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5074] close(5) = 0 [pid 5074] close(4) = 0 [pid 5074] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5074] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... write resumed>) = 835584 [pid 5073] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5073] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5073] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5073] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5073] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] exit_group(0) = ? [pid 5074] <... futex resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x555555c436e0, 24) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5075] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] <... clone resumed>, child_tidptr=0x555555c436d0) = 5075 [pid 5075] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5076 [pid 5075] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5076] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5076] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5076] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5075] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5077], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5077 [pid 5075] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5077] memfd_create("syzkaller", 0) = 4 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5077] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5077] munmap(0x7f68bbf38000, 131072) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5077] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5077] ioctl(5, LOOP_CLR_FD) = 0 [pid 5077] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5077] close(5) = 0 [pid 5077] close(4) = 0 [pid 5077] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5076] <... write resumed>) = 1626112 [pid 5076] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... mmap resumed>) = 0x20000000 [pid 5077] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 0 [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5076] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5076] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5076] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5076] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] exit_group(0) = ? [pid 5077] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555555c436e0, 24) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5078] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5079] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... clone resumed>, parent_tid=[5079], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5079 [pid 5078] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5079] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5079] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... mmap resumed>) = 0x7f68c4338000 [pid 5078] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5078] <... mprotect resumed>) = 0 [pid 5078] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5080], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5080 [pid 5078] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5080] memfd_create("syzkaller", 0) = 4 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5080] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5080] munmap(0x7f68bbf38000, 131072) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5080] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5080] ioctl(5, LOOP_CLR_FD) = 0 [pid 5080] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5080] close(5) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5080] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5080] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5078] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... write resumed>) = 1560576 [pid 5079] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... mmap resumed>) = 0x20000000 [pid 5080] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5080] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5079] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5079] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5079] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0) = ? [pid 5080] <... futex resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached , child_tidptr=0x555555c436d0) = 5081 [pid 5081] set_robust_list(0x555555c436e0, 24) = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5081] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5082 [pid 5081] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5082] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5082] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5082] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5081] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5081] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5083 [pid 5081] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5083] memfd_create("syzkaller", 0) = 4 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5083] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5083] munmap(0x7f68bbf38000, 131072) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5083] ioctl(5, LOOP_CLR_FD) = 0 [pid 5083] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5083] close(5) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5082] <... write resumed>) = 221184 [pid 5082] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 0 [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5082] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5082] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5082] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48 [pid 5083] <... futex resumed>) = 1 [pid 5083] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... write resumed>) = 48 [pid 5082] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] exit_group(0) = ? [pid 5083] <... futex resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555555c436e0, 24) = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5084] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5085 [pid 5084] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5085] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5085] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5085] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5084] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... futex resumed>) = 1 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... mprotect resumed>) = 0 [pid 5084] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5086], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5086 [pid 5084] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5086] memfd_create("syzkaller", 0) = 4 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5086] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5086] munmap(0x7f68bbf38000, 131072) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5086] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5086] ioctl(5, LOOP_CLR_FD) = 0 [pid 5086] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5086] close(5) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5086] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5086] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5086] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... write resumed>) = 610304 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5086] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5086] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5086] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] exit_group(0) = ? [pid 5086] <... futex resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c436d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x555555c436e0, 24) = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4359000 [pid 5087] mprotect(0x7f68c435a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f68c43792f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f68c4379700, child_tidptr=0x7f68c43799d0) = 5088 [pid 5087] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f68c43799e0, 24) = 0 [pid 5088] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5088] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5088] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f68c4338000 [pid 5087] mprotect(0x7f68c4339000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f68c43582f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7f68c4358700, child_tidptr=0x7f68c43589d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] set_robust_list(0x7f68c43589e0, 24) = 0 [pid 5089] memfd_create("syzkaller", 0) = 4 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f68bbf38000 [pid 5088] write(3, "\x65\x78\x66\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5089] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5089] munmap(0x7f68bbf38000, 131072) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5089] ioctl(5, LOOP_CLR_FD) = 0 [pid 5089] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5089] close(5) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f68c44536f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5088] <... write resumed>) = 192512 [pid 5088] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f68c44536e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f68c44536fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 0 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [pid 5088] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5088] futex(0x7f68c44536ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f68c44536e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f68c44536ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5089] <... futex resumed>) = 1 [pid 5089] futex(0x7f68c44536f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] write(4, "\x65\x78\x66\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48 [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 40.128418][ T5088] sg_write: data in/out 80/6 bytes for SCSI command 0x0-- guessing data in; [ 40.128418][ T5088] program syz-executor213 not setting count and/or reply_len properly [ 40.145954][ T5088] ------------[ cut here ]------------ [ 40.151581][ T5088] WARNING: CPU: 1 PID: 5088 at lib/iov_iter.c:629 _copy_from_iter+0x2ae/0xf40 [ 40.160613][ T5088] Modules linked in: [ 40.164527][ T5088] CPU: 0 PID: 5088 Comm: syz-executor213 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 40.175175][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 40.185398][ T5088] RIP: 0010:_copy_from_iter+0x2ae/0xf40 [ 40.191208][ T5088] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ed 99 77 fd be 79 02 00 00 48 c7 c7 a0 62 a6 8a e8 7c c6 b0 fd e9 55 fe ff ff e8 d2 99 77 fd <0f> 0b 45 31 ff eb 8b e8 c6 99 77 fd 31 ff 89 ee e8 2d 96 77 fd 40 [ 40.211041][ T5088] RSP: 0018:ffffc90003f2f5f8 EFLAGS: 00010293 [ 40.217141][ T5088] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 40.225106][ T5088] RDX: ffff888026089d40 RSI: ffffffff8409c81e RDI: 0000000000000001 [ 40.233122][ T5088] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 40.241138][ T5088] R10: 0000000000000000 R11: 0000000000094001 R12: 0000000000000050 [ 40.249191][ T5088] R13: ffffc90003f2f7f8 R14: 0000000000000000 R15: 0000000000000050 [ 40.257190][ T5088] FS: 00007f68c4379700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 40.266111][ T5088] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5087] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5087] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ [ 40.272738][ T5088] CR2: 000000002000e000 CR3: 000000007af2c000 CR4: 0000000000350ef0 [ 40.280776][ T5088] Call Trace: [ 40.284054][ T5088] [ 40.287031][ T5088] ? __lock_acquire+0x166e/0x56d0 [ 40.292095][ T5088] ? bio_add_hw_page+0x4a4/0x720 [ 40.297087][ T5088] ? csum_and_copy_from_iter+0x12e0/0x12e0 [ 40.302902][ T5088] ? bio_add_pc_page+0xbc/0x100 [ 40.307796][ T5088] ? bio_add_hw_page+0x720/0x720 [ 40.312733][ T5088] ? page_copy_sane+0xd3/0x410 [ 40.317607][ T5088] copy_page_from_iter+0x9f/0x110 [ 40.322847][ T5088] blk_rq_map_user_iov+0xb28/0x1670 [ 40.328101][ T5088] ? bio_map_user_iov+0x8b0/0x8b0 [ 40.333136][ T5088] ? lock_downgrade+0x6e0/0x6e0 [ 40.338029][ T5088] ? rcu_read_lock_sched_held+0x3e/0x70 [ 40.343589][ T5088] ? trace_contention_end+0x153/0x1e0 [ 40.348997][ T5088] blk_rq_map_user_io+0x1ea/0x210 [ 40.354029][ T5088] ? blk_rq_map_user_io.part.0+0x270/0x270 [ 40.359855][ T5088] ? wait_for_completion_io_timeout+0x20/0x20 [ 40.365939][ T5088] sg_common_write.constprop.0+0xdc4/0x1df0 [ 40.371901][ T5088] ? sg_read+0x1520/0x1520 [ 40.376329][ T5088] ? _raw_spin_unlock_irqrestore+0x5b/0x70 [ 40.382182][ T5088] sg_write.part.0+0x75d/0xd60 [ 40.386999][ T5088] ? sg_new_write.isra.0+0xa90/0xa90 [ 40.392285][ T5088] ? __lock_acquire+0xbc3/0x56d0 [ 40.397248][ T5088] ? aa_path_link+0x2f0/0x2f0 [ 40.401927][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 40.407963][ T5088] ? __schedule+0xb92/0x5450 [ 40.412573][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 40.418608][ T5088] ? apparmor_file_permission+0x268/0x4e0 [ 40.424339][ T5088] sg_write+0x88/0xe0 [ 40.428361][ T5088] vfs_write+0x2db/0xdd0 [ 40.432606][ T5088] ? sg_write.part.0+0xd60/0xd60 [ 40.437568][ T5088] ? kernel_write+0x630/0x630 [ 40.442252][ T5088] ? __fget_files+0x26a/0x440 [ 40.446914][ T5088] ? __fget_light+0xe5/0x270 [ 40.451585][ T5088] ksys_write+0x12b/0x250 [ 40.455916][ T5088] ? __ia32_sys_read+0xb0/0xb0 [ 40.460716][ T5088] ? lockdep_hardirqs_on+0x7d/0x100 [ 40.465913][ T5088] ? _raw_spin_unlock_irq+0x2e/0x50 [ 40.471152][ T5088] ? ptrace_notify+0xfe/0x140 [ 40.475837][ T5088] do_syscall_64+0x39/0xb0 [ 40.480281][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.486173][ T5088] RIP: 0033:0x7f68c43cd379 [ 40.490627][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.510294][ T5088] RSP: 002b:00007f68c4379208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.518752][ T5088] RAX: ffffffffffffffda RBX: 00007f68c44536e8 RCX: 00007f68c43cd379 [ 40.526721][ T5088] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000004 [ 40.534760][ T5088] RBP: 00007f68c44536e0 R08: 00007f68c44536e0 R09: 0000000000000000 [ 40.542939][ T5088] R10: 00007f68c4379210 R11: 0000000000000246 R12: 00007f68c44536ec [ 40.550976][ T5088] R13: 00007ffcfddbca6f R14: 00007f68c4379300 R15: 0000000000022000 [ 40.558989][ T5088] [ 40.562010][ T5088] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 40.569268][ T5088] CPU: 0 PID: 5088 Comm: syz-executor213 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 40.579658][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 40.589695][ T5088] Call Trace: [ 40.592967][ T5088] [ 40.595896][ T5088] dump_stack_lvl+0xd1/0x138 [ 40.600474][ T5088] panic+0x2cc/0x626 [ 40.604361][ T5088] ? panic_print_sys_info.part.0+0x110/0x110 [ 40.610331][ T5088] ? _copy_from_iter+0x2ae/0xf40 [ 40.615260][ T5088] check_panic_on_warn.cold+0x19/0x35 [ 40.620645][ T5088] __warn+0xf2/0x1a0 [ 40.624537][ T5088] ? _copy_from_iter+0x2ae/0xf40 [ 40.629461][ T5088] report_bug+0x1c0/0x210 [ 40.633777][ T5088] handle_bug+0x3c/0x70 [ 40.637924][ T5088] exc_invalid_op+0x18/0x50 [ 40.642415][ T5088] asm_exc_invalid_op+0x1a/0x20 [ 40.647267][ T5088] RIP: 0010:_copy_from_iter+0x2ae/0xf40 [ 40.652809][ T5088] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ed 99 77 fd be 79 02 00 00 48 c7 c7 a0 62 a6 8a e8 7c c6 b0 fd e9 55 fe ff ff e8 d2 99 77 fd <0f> 0b 45 31 ff eb 8b e8 c6 99 77 fd 31 ff 89 ee e8 2d 96 77 fd 40 [ 40.672432][ T5088] RSP: 0018:ffffc90003f2f5f8 EFLAGS: 00010293 [ 40.678494][ T5088] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 40.686454][ T5088] RDX: ffff888026089d40 RSI: ffffffff8409c81e RDI: 0000000000000001 [ 40.694414][ T5088] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 40.702375][ T5088] R10: 0000000000000000 R11: 0000000000094001 R12: 0000000000000050 [ 40.710334][ T5088] R13: ffffc90003f2f7f8 R14: 0000000000000000 R15: 0000000000000050 [ 40.718298][ T5088] ? _copy_from_iter+0x2ae/0xf40 [ 40.723233][ T5088] ? _copy_from_iter+0x2ae/0xf40 [ 40.728162][ T5088] ? __lock_acquire+0x166e/0x56d0 [ 40.733175][ T5088] ? bio_add_hw_page+0x4a4/0x720 [ 40.738104][ T5088] ? csum_and_copy_from_iter+0x12e0/0x12e0 [ 40.743911][ T5088] ? bio_add_pc_page+0xbc/0x100 [ 40.748749][ T5088] ? bio_add_hw_page+0x720/0x720 [ 40.753672][ T5088] ? page_copy_sane+0xd3/0x410 [ 40.758425][ T5088] copy_page_from_iter+0x9f/0x110 [ 40.763441][ T5088] blk_rq_map_user_iov+0xb28/0x1670 [ 40.768637][ T5088] ? bio_map_user_iov+0x8b0/0x8b0 [ 40.773656][ T5088] ? lock_downgrade+0x6e0/0x6e0 [ 40.778494][ T5088] ? rcu_read_lock_sched_held+0x3e/0x70 [ 40.784037][ T5088] ? trace_contention_end+0x153/0x1e0 [ 40.789405][ T5088] blk_rq_map_user_io+0x1ea/0x210 [ 40.794420][ T5088] ? blk_rq_map_user_io.part.0+0x270/0x270 [ 40.800218][ T5088] ? wait_for_completion_io_timeout+0x20/0x20 [ 40.806291][ T5088] sg_common_write.constprop.0+0xdc4/0x1df0 [ 40.812188][ T5088] ? sg_read+0x1520/0x1520 [ 40.816599][ T5088] ? _raw_spin_unlock_irqrestore+0x5b/0x70 [ 40.822404][ T5088] sg_write.part.0+0x75d/0xd60 [ 40.827168][ T5088] ? sg_new_write.isra.0+0xa90/0xa90 [ 40.832452][ T5088] ? __lock_acquire+0xbc3/0x56d0 [ 40.837378][ T5088] ? aa_path_link+0x2f0/0x2f0 [ 40.842046][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 40.848015][ T5088] ? __schedule+0xb92/0x5450 [ 40.852696][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 40.858670][ T5088] ? apparmor_file_permission+0x268/0x4e0 [ 40.864473][ T5088] sg_write+0x88/0xe0 [ 40.868451][ T5088] vfs_write+0x2db/0xdd0 [ 40.872683][ T5088] ? sg_write.part.0+0xd60/0xd60 [ 40.877616][ T5088] ? kernel_write+0x630/0x630 [ 40.882283][ T5088] ? __fget_files+0x26a/0x440 [ 40.886954][ T5088] ? __fget_light+0xe5/0x270 [ 40.891535][ T5088] ksys_write+0x12b/0x250 [ 40.895851][ T5088] ? __ia32_sys_read+0xb0/0xb0 [ 40.900600][ T5088] ? lockdep_hardirqs_on+0x7d/0x100 [ 40.905786][ T5088] ? _raw_spin_unlock_irq+0x2e/0x50 [ 40.910979][ T5088] ? ptrace_notify+0xfe/0x140 [ 40.915645][ T5088] do_syscall_64+0x39/0xb0 [ 40.920057][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.925937][ T5088] RIP: 0033:0x7f68c43cd379 [ 40.930338][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.949940][ T5088] RSP: 002b:00007f68c4379208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.958345][ T5088] RAX: ffffffffffffffda RBX: 00007f68c44536e8 RCX: 00007f68c43cd379 [ 40.966305][ T5088] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000004 [ 40.974353][ T5088] RBP: 00007f68c44536e0 R08: 00007f68c44536e0 R09: 0000000000000000 [ 40.982310][ T5088] R10: 00007f68c4379210 R11: 0000000000000246 R12: 00007f68c44536ec [ 40.990269][ T5088] R13: 00007ffcfddbca6f R14: 00007f68c4379300 R15: 0000000000022000 [ 40.998239][ T5088] [ 41.002136][ T5088] Kernel Offset: disabled [ 41.006496][ T5088] Rebooting in 86400 seconds..