./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2711187620 <...> forked to background, child pid 4645 [ 34.296066][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.305878][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices [ 34.659749][ T4738] ssh-keygen (4738) used greatest stack depth: 22592 bytes left Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. execve("./syz-executor2711187620", ["./syz-executor2711187620"], 0x7ffcbd4ef550 /* 10 vars */) = 0 brk(NULL) = 0x555555c00000 brk(0x555555c00c40) = 0x555555c00c40 arch_prctl(ARCH_SET_FS, 0x555555c00300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555c005d0) = 5073 set_robust_list(0x555555c005e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f82c65419d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f82c65420a0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f82c6541a70, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f82c65420a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2711187620", 4096) = 28 brk(0x555555c21c40) = 0x555555c21c40 brk(0x555555c22000) = 0x555555c22000 mprotect(0x7f82c6603000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 syzkaller login: [ 56.423406][ T5073] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) [ 56.560834][ T5073] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5073}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5073}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 getpid() = 5073 mkdir("./syzkaller.kkQ2xM", 0700) = 0 chmod("./syzkaller.kkQ2xM", 0777) = 0 chdir("./syzkaller.kkQ2xM") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x555555c005d0) = 5076 [pid 5076] set_robust_list(0x555555c005e0, 24) = 0 [pid 5076] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5076] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5076] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5076] dup2(4, 202) = 202 [pid 5076] close(4) = 0 [pid 5076] write(202, "\xff\x00", 2) = 2 [pid 5076] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5076] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82c5d30000 [pid 5076] mprotect(0x7f82c5d31000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5076] clone(child_stack=0x7f82c65303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f82c6530700, child_tidptr=0x7f82c65309d0) = 2 [pid 5076] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f82c65309e0, 24) = 0 [pid 5078] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5078] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5078] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x38\x0c\x00", 1024) = 4 [ 56.726765][ T5077] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.735168][ T5077] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.744127][ T5077] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.754791][ T5077] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.764168][ T5077] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5078] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 5076] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5076] ioctl(3, HCISETSCAN [pid 5078] <... writev resumed>) = 255 [pid 5078] read(202, "\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5078] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 [pid 5076] <... ioctl resumed>, 0x7fff1d8518f0) = 0 [pid 5076] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5076] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5076] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5076] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5076] futex(0x7f82c65309d0, FUTEX_WAIT, 2, NULL [pid 5078] <... writev resumed>) = 7 [pid 5078] madvise(0x7f82c5d30000, 8372224, MADV_DONTNEED) = 0 [pid 5078] exit(0) = ? [pid 5076] <... futex resumed>) = 0 [pid 5076] close(3) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setsid() = 1 [pid 5076] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5076] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5076] unshare(CLONE_NEWNS) = 0 [pid 5076] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5076] unshare(CLONE_NEWIPC) = 0 [pid 5076] unshare(CLONE_NEWCGROUP) = 0 [pid 5076] unshare(CLONE_NEWUTS) = 0 [pid 5076] unshare(CLONE_SYSVSEM) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "16777216", 8 [pid 5078] +++ exited with 0 +++ [pid 5076] <... write resumed>) = 8 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "536870912", 9) = 9 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1024", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "8192", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1024", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1024", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5076] close(3) = 0 [pid 5076] getpid() = 1 [pid 5076] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 2 [pid 5076] unshare(CLONE_NEWNET) = 0 [pid 5076] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "0 65535", 7) = 7 [pid 5076] close(3) = 0 [pid 5076] mkdir("/dev/binderfs", 0777) = 0 [pid 5076] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5076] getpid() = 1 [pid 5076] mkdir("/syzcgroup/unified/syz0", 0777) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "32", 2) = 2 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.low", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "312475648", 9) = 9 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.high", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "313524224", 9) = 9 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.max", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "314572800", 9) = 9 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1", 1) = 1 [pid 5076] close(3) = 0 [pid 5076] mkdir("/syzcgroup/cpu/syz0", 0777) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1", 1) = 1 [pid 5076] close(3) = 0 [pid 5076] mkdir("/syzcgroup/net/syz0", 0777) = 0 [pid 5076] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1", 1) = 1 [pid 5076] close(3) = 0 [pid 5076] mkdir("./0", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x555555c005d0) = 3 [pid 5080] set_robust_list(0x555555c005e0, 24) = 0 [pid 5080] chdir("./0") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5080] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5080] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5080] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5080] close(3) = 0 [pid 5080] close(4) = -1 EBADF (Bad file descriptor) [pid 5080] close(5) = -1 EBADF (Bad file descriptor) [pid 5080] close(6) = -1 EBADF (Bad file descriptor) [pid 5080] close(7) = -1 EBADF (Bad file descriptor) [pid 5080] close(8) = -1 EBADF (Bad file descriptor) [pid 5080] close(9) = -1 EBADF (Bad file descriptor) [pid 5080] close(10) = -1 EBADF (Bad file descriptor) [pid 5080] close(11) = -1 EBADF (Bad file descriptor) [pid 5080] close(12) = -1 EBADF (Bad file descriptor) [pid 5080] close(13) = -1 EBADF (Bad file descriptor) [pid 5080] close(14) = -1 EBADF (Bad file descriptor) [pid 5080] close(15) = -1 EBADF (Bad file descriptor) [pid 5080] close(16) = -1 EBADF (Bad file descriptor) [pid 5080] close(17) = -1 EBADF (Bad file descriptor) [pid 5080] close(18) = -1 EBADF (Bad file descriptor) [pid 5080] close(19) = -1 EBADF (Bad file descriptor) [pid 5080] close(20) = -1 EBADF (Bad file descriptor) [pid 5080] close(21) = -1 EBADF (Bad file descriptor) [pid 5080] close(22) = -1 EBADF (Bad file descriptor) [pid 5080] close(23) = -1 EBADF (Bad file descriptor) [pid 5080] close(24) = -1 EBADF (Bad file descriptor) [pid 5080] close(25) = -1 EBADF (Bad file descriptor) [pid 5080] close(26) = -1 EBADF (Bad file descriptor) [pid 5080] close(27) = -1 EBADF (Bad file descriptor) [pid 5080] close(28) = -1 EBADF (Bad file descriptor) [pid 5080] close(29) = -1 EBADF (Bad file descriptor) [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./0/binderfs") = 0 [pid 5076] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./0/cgroup") = 0 [pid 5076] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./0/cgroup.net") = 0 [pid 5076] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./0/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./0") = 0 [pid 5076] mkdir("./1", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x555555c005e0, 24) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x555555c005d0) = 4 [pid 5082] chdir("./1") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5082] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5082] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5082] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5082] close(3) = 0 [pid 5082] close(4) = -1 EBADF (Bad file descriptor) [pid 5082] close(5) = -1 EBADF (Bad file descriptor) [pid 5082] close(6) = -1 EBADF (Bad file descriptor) [pid 5082] close(7) = -1 EBADF (Bad file descriptor) [pid 5082] close(8) = -1 EBADF (Bad file descriptor) [pid 5082] close(9) = -1 EBADF (Bad file descriptor) [pid 5082] close(10) = -1 EBADF (Bad file descriptor) [pid 5082] close(11) = -1 EBADF (Bad file descriptor) [pid 5082] close(12) = -1 EBADF (Bad file descriptor) [pid 5082] close(13) = -1 EBADF (Bad file descriptor) [pid 5082] close(14) = -1 EBADF (Bad file descriptor) [pid 5082] close(15) = -1 EBADF (Bad file descriptor) [pid 5082] close(16) = -1 EBADF (Bad file descriptor) [pid 5082] close(17) = -1 EBADF (Bad file descriptor) [pid 5082] close(18) = -1 EBADF (Bad file descriptor) [pid 5082] close(19) = -1 EBADF (Bad file descriptor) [pid 5082] close(20) = -1 EBADF (Bad file descriptor) [pid 5082] close(21) = -1 EBADF (Bad file descriptor) [pid 5082] close(22) = -1 EBADF (Bad file descriptor) [pid 5082] close(23) = -1 EBADF (Bad file descriptor) [pid 5082] close(24) = -1 EBADF (Bad file descriptor) [pid 5082] close(25) = -1 EBADF (Bad file descriptor) [pid 5082] close(26) = -1 EBADF (Bad file descriptor) [pid 5082] close(27) = -1 EBADF (Bad file descriptor) [pid 5082] close(28) = -1 EBADF (Bad file descriptor) [pid 5082] close(29) = -1 EBADF (Bad file descriptor) [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5076] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./1/binderfs") = 0 [pid 5076] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./1/cgroup") = 0 [pid 5076] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./1/cgroup.net") = 0 [pid 5076] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./1/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./1") = 0 [pid 5076] mkdir("./2", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555555c005e0, 24 [pid 5076] <... clone resumed>, child_tidptr=0x555555c005d0) = 5 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5084] chdir("./2") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5084] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5084] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5084] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5084] close(3) = 0 [pid 5084] close(4) = -1 EBADF (Bad file descriptor) [pid 5084] close(5) = -1 EBADF (Bad file descriptor) [pid 5084] close(6) = -1 EBADF (Bad file descriptor) [pid 5084] close(7) = -1 EBADF (Bad file descriptor) [pid 5084] close(8) = -1 EBADF (Bad file descriptor) [pid 5084] close(9) = -1 EBADF (Bad file descriptor) [pid 5084] close(10) = -1 EBADF (Bad file descriptor) [pid 5084] close(11) = -1 EBADF (Bad file descriptor) [pid 5084] close(12) = -1 EBADF (Bad file descriptor) [pid 5084] close(13) = -1 EBADF (Bad file descriptor) [pid 5084] close(14) = -1 EBADF (Bad file descriptor) [pid 5084] close(15) = -1 EBADF (Bad file descriptor) [pid 5084] close(16) = -1 EBADF (Bad file descriptor) [pid 5084] close(17) = -1 EBADF (Bad file descriptor) [pid 5084] close(18) = -1 EBADF (Bad file descriptor) [pid 5084] close(19) = -1 EBADF (Bad file descriptor) [pid 5084] close(20) = -1 EBADF (Bad file descriptor) [pid 5084] close(21) = -1 EBADF (Bad file descriptor) [pid 5084] close(22) = -1 EBADF (Bad file descriptor) [pid 5084] close(23) = -1 EBADF (Bad file descriptor) [pid 5084] close(24) = -1 EBADF (Bad file descriptor) [pid 5084] close(25) = -1 EBADF (Bad file descriptor) [pid 5084] close(26) = -1 EBADF (Bad file descriptor) [pid 5084] close(27) = -1 EBADF (Bad file descriptor) [pid 5084] close(28) = -1 EBADF (Bad file descriptor) [pid 5084] close(29) = -1 EBADF (Bad file descriptor) [pid 5084] exit_group(0) = ? [pid 5084] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./2/binderfs") = 0 [pid 5076] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./2/cgroup") = 0 [pid 5076] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./2/cgroup.net") = 0 [pid 5076] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./2/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./2") = 0 [pid 5076] mkdir("./3", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x555555c005d0) = 6 [pid 5086] set_robust_list(0x555555c005e0, 24) = 0 [pid 5086] chdir("./3") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5086] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5086] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5086] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5086] close(3) = 0 [pid 5086] close(4) = -1 EBADF (Bad file descriptor) [pid 5086] close(5) = -1 EBADF (Bad file descriptor) [pid 5086] close(6) = -1 EBADF (Bad file descriptor) [pid 5086] close(7) = -1 EBADF (Bad file descriptor) [pid 5086] close(8) = -1 EBADF (Bad file descriptor) [pid 5086] close(9) = -1 EBADF (Bad file descriptor) [pid 5086] close(10) = -1 EBADF (Bad file descriptor) [pid 5086] close(11) = -1 EBADF (Bad file descriptor) [pid 5086] close(12) = -1 EBADF (Bad file descriptor) [pid 5086] close(13) = -1 EBADF (Bad file descriptor) [pid 5086] close(14) = -1 EBADF (Bad file descriptor) [pid 5086] close(15) = -1 EBADF (Bad file descriptor) [pid 5086] close(16) = -1 EBADF (Bad file descriptor) [pid 5086] close(17) = -1 EBADF (Bad file descriptor) [pid 5086] close(18) = -1 EBADF (Bad file descriptor) [pid 5086] close(19) = -1 EBADF (Bad file descriptor) [pid 5086] close(20) = -1 EBADF (Bad file descriptor) [pid 5086] close(21) = -1 EBADF (Bad file descriptor) [pid 5086] close(22) = -1 EBADF (Bad file descriptor) [pid 5086] close(23) = -1 EBADF (Bad file descriptor) [pid 5086] close(24) = -1 EBADF (Bad file descriptor) [pid 5086] close(25) = -1 EBADF (Bad file descriptor) [pid 5086] close(26) = -1 EBADF (Bad file descriptor) [pid 5086] close(27) = -1 EBADF (Bad file descriptor) [pid 5086] close(28) = -1 EBADF (Bad file descriptor) [pid 5086] close(29) = -1 EBADF (Bad file descriptor) [pid 5086] exit_group(0) = ? [pid 5086] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./3/binderfs") = 0 [pid 5076] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./3/cgroup") = 0 [pid 5076] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./3/cgroup.net") = 0 [pid 5076] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./3/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./3") = 0 [pid 5076] mkdir("./4", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x555555c005d0) = 7 [pid 5088] set_robust_list(0x555555c005e0, 24) = 0 [pid 5088] chdir("./4") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5088] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5088] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5088] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5088] close(3) = 0 [pid 5088] close(4) = -1 EBADF (Bad file descriptor) [pid 5088] close(5) = -1 EBADF (Bad file descriptor) [pid 5088] close(6) = -1 EBADF (Bad file descriptor) [pid 5088] close(7) = -1 EBADF (Bad file descriptor) [pid 5088] close(8) = -1 EBADF (Bad file descriptor) [pid 5088] close(9) = -1 EBADF (Bad file descriptor) [pid 5088] close(10) = -1 EBADF (Bad file descriptor) [pid 5088] close(11) = -1 EBADF (Bad file descriptor) [pid 5088] close(12) = -1 EBADF (Bad file descriptor) [pid 5088] close(13) = -1 EBADF (Bad file descriptor) [pid 5088] close(14) = -1 EBADF (Bad file descriptor) [pid 5088] close(15) = -1 EBADF (Bad file descriptor) [pid 5088] close(16) = -1 EBADF (Bad file descriptor) [pid 5088] close(17) = -1 EBADF (Bad file descriptor) [pid 5088] close(18) = -1 EBADF (Bad file descriptor) [pid 5088] close(19) = -1 EBADF (Bad file descriptor) [pid 5088] close(20) = -1 EBADF (Bad file descriptor) [pid 5088] close(21) = -1 EBADF (Bad file descriptor) [pid 5088] close(22) = -1 EBADF (Bad file descriptor) [pid 5088] close(23) = -1 EBADF (Bad file descriptor) [pid 5088] close(24) = -1 EBADF (Bad file descriptor) [pid 5088] close(25) = -1 EBADF (Bad file descriptor) [pid 5088] close(26) = -1 EBADF (Bad file descriptor) [pid 5088] close(27) = -1 EBADF (Bad file descriptor) [pid 5088] close(28) = -1 EBADF (Bad file descriptor) [pid 5088] close(29) = -1 EBADF (Bad file descriptor) [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./4/binderfs") = 0 [pid 5076] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./4/cgroup") = 0 [pid 5076] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./4/cgroup.net") = 0 [pid 5076] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./4/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./4") = 0 [pid 5076] mkdir("./5", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x555555c005e0, 24 [pid 5076] <... clone resumed>, child_tidptr=0x555555c005d0) = 8 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5090] chdir("./5") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5090] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5090] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5090] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5090] close(3) = 0 [pid 5090] close(4) = -1 EBADF (Bad file descriptor) [pid 5090] close(5) = -1 EBADF (Bad file descriptor) [pid 5090] close(6) = -1 EBADF (Bad file descriptor) [pid 5090] close(7) = -1 EBADF (Bad file descriptor) [pid 5090] close(8) = -1 EBADF (Bad file descriptor) [pid 5090] close(9) = -1 EBADF (Bad file descriptor) [pid 5090] close(10) = -1 EBADF (Bad file descriptor) [pid 5090] close(11) = -1 EBADF (Bad file descriptor) [pid 5090] close(12) = -1 EBADF (Bad file descriptor) [pid 5090] close(13) = -1 EBADF (Bad file descriptor) [pid 5090] close(14) = -1 EBADF (Bad file descriptor) [pid 5090] close(15) = -1 EBADF (Bad file descriptor) [pid 5090] close(16) = -1 EBADF (Bad file descriptor) [pid 5090] close(17) = -1 EBADF (Bad file descriptor) [pid 5090] close(18) = -1 EBADF (Bad file descriptor) [pid 5090] close(19) = -1 EBADF (Bad file descriptor) [pid 5090] close(20) = -1 EBADF (Bad file descriptor) [pid 5090] close(21) = -1 EBADF (Bad file descriptor) [pid 5090] close(22) = -1 EBADF (Bad file descriptor) [pid 5090] close(23) = -1 EBADF (Bad file descriptor) [pid 5090] close(24) = -1 EBADF (Bad file descriptor) [pid 5090] close(25) = -1 EBADF (Bad file descriptor) [pid 5090] close(26) = -1 EBADF (Bad file descriptor) [pid 5090] close(27) = -1 EBADF (Bad file descriptor) [pid 5090] close(28) = -1 EBADF (Bad file descriptor) [pid 5090] close(29) = -1 EBADF (Bad file descriptor) [pid 5090] exit_group(0) = ? [pid 5090] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./5/binderfs") = 0 [pid 5076] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./5/cgroup") = 0 [pid 5076] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./5/cgroup.net") = 0 [pid 5076] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./5/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./5") = 0 [pid 5076] mkdir("./6", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x555555c005d0) = 9 [pid 5092] set_robust_list(0x555555c005e0, 24) = 0 [pid 5092] chdir("./6") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5092] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5092] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5092] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5092] close(3) = 0 [pid 5092] close(4) = -1 EBADF (Bad file descriptor) [pid 5092] close(5) = -1 EBADF (Bad file descriptor) [pid 5092] close(6) = -1 EBADF (Bad file descriptor) [pid 5092] close(7) = -1 EBADF (Bad file descriptor) [pid 5092] close(8) = -1 EBADF (Bad file descriptor) [pid 5092] close(9) = -1 EBADF (Bad file descriptor) [pid 5092] close(10) = -1 EBADF (Bad file descriptor) [pid 5092] close(11) = -1 EBADF (Bad file descriptor) [pid 5092] close(12) = -1 EBADF (Bad file descriptor) [pid 5092] close(13) = -1 EBADF (Bad file descriptor) [pid 5092] close(14) = -1 EBADF (Bad file descriptor) [pid 5092] close(15) = -1 EBADF (Bad file descriptor) [pid 5092] close(16) = -1 EBADF (Bad file descriptor) [pid 5092] close(17) = -1 EBADF (Bad file descriptor) [pid 5092] close(18) = -1 EBADF (Bad file descriptor) [pid 5092] close(19) = -1 EBADF (Bad file descriptor) [pid 5092] close(20) = -1 EBADF (Bad file descriptor) [pid 5092] close(21) = -1 EBADF (Bad file descriptor) [pid 5092] close(22) = -1 EBADF (Bad file descriptor) [pid 5092] close(23) = -1 EBADF (Bad file descriptor) [pid 5092] close(24) = -1 EBADF (Bad file descriptor) [pid 5092] close(25) = -1 EBADF (Bad file descriptor) [pid 5092] close(26) = -1 EBADF (Bad file descriptor) [pid 5092] close(27) = -1 EBADF (Bad file descriptor) [pid 5092] close(28) = -1 EBADF (Bad file descriptor) [pid 5092] close(29) = -1 EBADF (Bad file descriptor) [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5076] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./6/binderfs") = 0 [pid 5076] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./6/cgroup") = 0 [pid 5076] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./6/cgroup.net") = 0 [pid 5076] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./6/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./6") = 0 [pid 5076] mkdir("./7", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x555555c005d0) = 10 [pid 5094] set_robust_list(0x555555c005e0, 24) = 0 [pid 5094] chdir("./7") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5094] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5094] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5094] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5094] close(3) = 0 [pid 5094] close(4) = -1 EBADF (Bad file descriptor) [pid 5094] close(5) = -1 EBADF (Bad file descriptor) [pid 5094] close(6) = -1 EBADF (Bad file descriptor) [pid 5094] close(7) = -1 EBADF (Bad file descriptor) [pid 5094] close(8) = -1 EBADF (Bad file descriptor) [pid 5094] close(9) = -1 EBADF (Bad file descriptor) [pid 5094] close(10) = -1 EBADF (Bad file descriptor) [pid 5094] close(11) = -1 EBADF (Bad file descriptor) [pid 5094] close(12) = -1 EBADF (Bad file descriptor) [pid 5094] close(13) = -1 EBADF (Bad file descriptor) [pid 5094] close(14) = -1 EBADF (Bad file descriptor) [pid 5094] close(15) = -1 EBADF (Bad file descriptor) [pid 5094] close(16) = -1 EBADF (Bad file descriptor) [pid 5094] close(17) = -1 EBADF (Bad file descriptor) [pid 5094] close(18) = -1 EBADF (Bad file descriptor) [pid 5094] close(19) = -1 EBADF (Bad file descriptor) [pid 5094] close(20) = -1 EBADF (Bad file descriptor) [pid 5094] close(21) = -1 EBADF (Bad file descriptor) [pid 5094] close(22) = -1 EBADF (Bad file descriptor) [pid 5094] close(23) = -1 EBADF (Bad file descriptor) [pid 5094] close(24) = -1 EBADF (Bad file descriptor) [pid 5094] close(25) = -1 EBADF (Bad file descriptor) [pid 5094] close(26) = -1 EBADF (Bad file descriptor) [pid 5094] close(27) = -1 EBADF (Bad file descriptor) [pid 5094] close(28) = -1 EBADF (Bad file descriptor) [pid 5094] close(29) = -1 EBADF (Bad file descriptor) [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5076] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5076] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./7/binderfs") = 0 [pid 5076] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./7/cgroup") = 0 [pid 5076] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./7/cgroup.net") = 0 [pid 5076] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./7/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./7") = 0 [pid 5076] mkdir("./8", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x555555c005e0, 24 [pid 5076] <... clone resumed>, child_tidptr=0x555555c005d0) = 11 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5096] chdir("./8") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5096] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5096] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [pid 5096] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_SYN|MSG_CONFIRM|MSG_NOSIGNAL}, 0) = -1 EINVAL (Invalid argument) [pid 5096] close(3) = 0 [pid 5096] close(4) = -1 EBADF (Bad file descriptor) [pid 5096] close(5) = -1 EBADF (Bad file descriptor) [pid 5096] close(6) = -1 EBADF (Bad file descriptor) [pid 5096] close(7) = -1 EBADF (Bad file descriptor) [pid 5096] close(8) = -1 EBADF (Bad file descriptor) [pid 5096] close(9) = -1 EBADF (Bad file descriptor) [pid 5096] close(10) = -1 EBADF (Bad file descriptor) [pid 5096] close(11) = -1 EBADF (Bad file descriptor) [pid 5096] close(12) = -1 EBADF (Bad file descriptor) [pid 5096] close(13) = -1 EBADF (Bad file descriptor) [pid 5096] close(14) = -1 EBADF (Bad file descriptor) [pid 5096] close(15) = -1 EBADF (Bad file descriptor) [pid 5096] close(16) = -1 EBADF (Bad file descriptor) [pid 5096] close(17) = -1 EBADF (Bad file descriptor) [pid 5096] close(18) = -1 EBADF (Bad file descriptor) [pid 5096] close(19) = -1 EBADF (Bad file descriptor) [pid 5096] close(20) = -1 EBADF (Bad file descriptor) [pid 5096] close(21) = -1 EBADF (Bad file descriptor) [pid 5096] close(22) = -1 EBADF (Bad file descriptor) [pid 5096] close(23) = -1 EBADF (Bad file descriptor) [pid 5096] close(24) = -1 EBADF (Bad file descriptor) [pid 5096] close(25) = -1 EBADF (Bad file descriptor) [pid 5096] close(26) = -1 EBADF (Bad file descriptor) [pid 5096] close(27) = -1 EBADF (Bad file descriptor) [pid 5096] close(28) = -1 EBADF (Bad file descriptor) [pid 5096] close(29) = -1 EBADF (Bad file descriptor) [pid 5096] exit_group(0) = ? [pid 5096] +++ exited with 0 +++ [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5076] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 6 entries */, 32768) = 176 [pid 5076] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] unlink("./8/binderfs") = 0 [pid 5076] umount2("./8/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./8/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0 [pid 5076] unlink("./8/cgroup") = 0 [pid 5076] umount2("./8/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./8/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./8/cgroup.net") = 0 [pid 5076] umount2("./8/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./8/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0 [pid 5076] unlink("./8/cgroup.cpu") = 0 [pid 5076] getdents64(3, 0x555555c01740 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./8") = 0 [pid 5076] mkdir("./9", 0777) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x555555c005d0) = 12 [pid 5098] set_robust_list(0x555555c005e0, 24) = 0 [pid 5098] chdir("./9") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0 [pid 5098] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0 [pid 5098] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] socket(AF_RXRPC, SOCK_DGRAM, AF_INET6) = 3 [ 57.253112][ T5098] ================================================================== [ 57.261217][ T5098] BUG: KASAN: use-after-free in rxrpc_lookup_local+0xdcf/0xfb0 [ 57.268778][ T5098] Read of size 2 at addr ffff88807770c21c by task syz-executor271/5098 [ 57.277013][ T5098] [ 57.279335][ T5098] CPU: 1 PID: 5098 Comm: syz-executor271 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0 [ 57.289388][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.299431][ T5098] Call Trace: [ 57.302698][ T5098] [ 57.305616][ T5098] dump_stack_lvl+0xd1/0x138 [ 57.310203][ T5098] print_report+0x15e/0x45d [ 57.314708][ T5098] ? __phys_addr+0xc8/0x140 [ 57.319241][ T5098] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 57.324461][ T5098] kasan_report+0xbf/0x1f0 [ 57.328869][ T5098] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 57.334070][ T5098] rxrpc_lookup_local+0xdcf/0xfb0 [ 57.339096][ T5098] rxrpc_sendmsg+0x4bc/0x650 [ 57.343676][ T5098] ? rxrpc_sock_set_min_security_level+0xe0/0xe0 [ 57.349998][ T5098] sock_sendmsg+0xd3/0x120 [ 57.354404][ T5098] ____sys_sendmsg+0x712/0x8c0 [ 57.359159][ T5098] ? copy_msghdr_from_user+0xfc/0x150 [ 57.364522][ T5098] ? kernel_sendmsg+0x50/0x50 [ 57.369190][ T5098] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 57.375162][ T5098] ___sys_sendmsg+0x110/0x1b0 [ 57.379836][ T5098] ? do_recvmmsg+0x6e0/0x6e0 [ 57.384433][ T5098] ? lock_release+0x810/0x810 [ 57.389122][ T5098] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 57.394311][ T5098] ? do_raw_spin_lock+0x124/0x2b0 [ 57.399325][ T5098] ? rwlock_bug.part.0+0x90/0x90 [ 57.404252][ T5098] ? _raw_spin_lock_irq+0x45/0x50 [ 57.409283][ T5098] ? __fget_light+0x20a/0x270 [ 57.413959][ T5098] __sys_sendmsg+0xf7/0x1c0 [ 57.418454][ T5098] ? __sys_sendmsg_sock+0x40/0x40 [ 57.423479][ T5098] ? lock_downgrade+0x6e0/0x6e0 [ 57.428345][ T5098] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.433534][ T5098] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.438723][ T5098] ? ptrace_notify+0xfe/0x140 [ 57.443840][ T5098] do_syscall_64+0x39/0xb0 [ 57.449402][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.455328][ T5098] RIP: 0033:0x7f82c6580559 [ 57.459757][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.479381][ T5098] RSP: 002b:00007fff1d8516c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.487785][ T5098] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f82c6580559 [ 57.495758][ T5098] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 57.503739][ T5098] RBP: 0000000000000000 R08: 00007fff1d8516f0 R09: 00007fff1d8516f0 [ 57.511713][ T5098] R10: 00007fff1d851140 R11: 0000000000000246 R12: 00007fff1d8516ec [ 57.519691][ T5098] R13: 00007fff1d851700 R14: 00007fff1d851740 R15: 0000000000000009 [ 57.527670][ T5098] [ 57.530698][ T5098] [ 57.533036][ T5098] Allocated by task 5096: [ 57.537342][ T5098] kasan_save_stack+0x22/0x40 [ 57.542015][ T5098] kasan_set_track+0x25/0x30 [ 57.546622][ T5098] __kasan_kmalloc+0xa5/0xb0 [ 57.551218][ T5098] rxrpc_lookup_local+0x4d9/0xfb0 [ 57.556239][ T5098] rxrpc_sendmsg+0x4bc/0x650 [ 57.560822][ T5098] sock_sendmsg+0xd3/0x120 [ 57.565237][ T5098] ____sys_sendmsg+0x712/0x8c0 [ 57.570007][ T5098] ___sys_sendmsg+0x110/0x1b0 [ 57.574673][ T5098] __sys_sendmsg+0xf7/0x1c0 [ 57.579165][ T5098] do_syscall_64+0x39/0xb0 [ 57.583574][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.589457][ T5098] [ 57.591762][ T5098] Freed by task 5076: [ 57.595729][ T5098] kasan_save_stack+0x22/0x40 [ 57.600417][ T5098] kasan_set_track+0x25/0x30 [ 57.604996][ T5098] kasan_save_free_info+0x2e/0x40 [ 57.610009][ T5098] ____kasan_slab_free+0x160/0x1c0 [ 57.615114][ T5098] slab_free_freelist_hook+0x8b/0x1c0 [ 57.620489][ T5098] __kmem_cache_free+0xaf/0x3b0 [ 57.625351][ T5098] rcu_core+0x81f/0x1980 [ 57.629585][ T5098] __do_softirq+0x1fb/0xadc [ 57.634081][ T5098] [ 57.636395][ T5098] Last potentially related work creation: [ 57.642118][ T5098] kasan_save_stack+0x22/0x40 [ 57.646812][ T5098] __kasan_record_aux_stack+0xbc/0xd0 [ 57.652181][ T5098] __call_rcu_common.constprop.0+0x99/0x820 [ 57.658103][ T5098] rxrpc_put_local.part.0+0x128/0x170 [ 57.663495][ T5098] rxrpc_put_local+0x25/0x30 [ 57.668076][ T5098] rxrpc_release+0x237/0x550 [ 57.672677][ T5098] __sock_release+0xcd/0x280 [ 57.677286][ T5098] sock_close+0x1c/0x20 [ 57.681443][ T5098] __fput+0x27c/0xa90 [ 57.685439][ T5098] task_work_run+0x16f/0x270 [ 57.690033][ T5098] ptrace_notify+0x118/0x140 [ 57.694637][ T5098] syscall_exit_to_user_mode_prepare+0x129/0x280 [ 57.700955][ T5098] syscall_exit_to_user_mode+0xd/0x50 [ 57.706319][ T5098] do_syscall_64+0x46/0xb0 [ 57.710731][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.716613][ T5098] [ 57.718930][ T5098] The buggy address belongs to the object at ffff88807770c000 [ 57.718930][ T5098] which belongs to the cache kmalloc-1k of size 1024 [ 57.732988][ T5098] The buggy address is located 540 bytes inside of [ 57.732988][ T5098] 1024-byte region [ffff88807770c000, ffff88807770c400) [ 57.746354][ T5098] [ 57.748664][ T5098] The buggy address belongs to the physical page: [ 57.755056][ T5098] page:ffffea0001ddc200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77708 [ 57.765193][ T5098] head:ffffea0001ddc200 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 [ 57.775241][ T5098] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 57.783216][ T5098] raw: 00fff00000010200 ffff888012041dc0 dead000000000122 0000000000000000 [ 57.791795][ T5098] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 57.800368][ T5098] page dumped because: kasan: bad access detected [ 57.806776][ T5098] page_owner tracks the page as allocated [ 57.812476][ T5098] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5068, tgid 5068 (sshd), ts 57184265921, free_ts 57180945277 [ 57.834524][ T5098] get_page_from_freelist+0x119c/0x2ce0 [ 57.840071][ T5098] __alloc_pages+0x1cb/0x5b0 [ 57.844661][ T5098] alloc_pages+0x1aa/0x270 [ 57.849072][ T5098] allocate_slab+0x25f/0x350 [ 57.853662][ T5098] ___slab_alloc+0xa91/0x1400 [ 57.858327][ T5098] __slab_alloc.constprop.0+0x56/0xa0 [ 57.863705][ T5098] __kmem_cache_alloc_node+0x1a4/0x430 [ 57.869154][ T5098] __kmalloc_node_track_caller+0x4b/0xc0 [ 57.874778][ T5098] __alloc_skb+0xe9/0x310 [ 57.879102][ T5098] tcp_stream_alloc_skb+0x3c/0x580 [ 57.884207][ T5098] tcp_sendmsg_locked+0xc4c/0x2960 [ 57.889310][ T5098] tcp_sendmsg+0x2f/0x50 [ 57.893548][ T5098] inet_sendmsg+0x9d/0xe0 [ 57.897881][ T5098] sock_sendmsg+0xd3/0x120 [ 57.902304][ T5098] sock_write_iter+0x295/0x3d0 [ 57.907053][ T5098] vfs_write+0x9ed/0xdd0 [ 57.911288][ T5098] page last free stack trace: [ 57.915942][ T5098] free_pcp_prepare+0x65c/0xc00 [ 57.920793][ T5098] free_unref_page+0x1d/0x490 [ 57.925493][ T5098] __folio_put+0x109/0x140 [ 57.929916][ T5098] put_page+0x21b/0x280 [ 57.934073][ T5098] page_to_skb+0x96d/0xc60 [ 57.938510][ T5098] receive_buf+0x11c5/0x5630 [ 57.943114][ T5098] virtnet_poll+0x704/0x1300 [ 57.947690][ T5098] __napi_poll+0xb8/0x770 [ 57.952007][ T5098] net_rx_action+0xa00/0xde0 [ 57.956582][ T5098] __do_softirq+0x1fb/0xadc [ 57.961084][ T5098] [ 57.963479][ T5098] Memory state around the buggy address: [ 57.969115][ T5098] ffff88807770c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.977194][ T5098] ffff88807770c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.985243][ T5098] >ffff88807770c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.993304][ T5098] ^ [ 57.998153][ T5098] ffff88807770c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.006207][ T5098] ffff88807770c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.014259][ T5098] ================================================================== [ 58.023048][ T5098] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.030272][ T5098] CPU: 0 PID: 5098 Comm: syz-executor271 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0 [ 58.040351][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 58.050409][ T5098] Call Trace: [ 58.053687][ T5098] [ 58.056619][ T5098] dump_stack_lvl+0xd1/0x138 [ 58.061228][ T5098] panic+0x2cc/0x626 [ 58.065130][ T5098] ? panic_print_sys_info.part.0+0x110/0x110 [ 58.071125][ T5098] ? preempt_schedule_thunk+0x1a/0x20 [ 58.076514][ T5098] ? preempt_schedule_common+0x59/0xc0 [ 58.081986][ T5098] check_panic_on_warn.cold+0x19/0x35 [ 58.087370][ T5098] end_report.part.0+0x36/0x73 [ 58.092143][ T5098] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 58.097359][ T5098] kasan_report.cold+0xa/0xf [ 58.101960][ T5098] ? rxrpc_lookup_local+0xdcf/0xfb0 [ 58.107179][ T5098] rxrpc_lookup_local+0xdcf/0xfb0 [ 58.112226][ T5098] rxrpc_sendmsg+0x4bc/0x650 [ 58.116827][ T5098] ? rxrpc_sock_set_min_security_level+0xe0/0xe0 [ 58.123167][ T5098] sock_sendmsg+0xd3/0x120 [ 58.127589][ T5098] ____sys_sendmsg+0x712/0x8c0 [ 58.132366][ T5098] ? copy_msghdr_from_user+0xfc/0x150 [ 58.137749][ T5098] ? kernel_sendmsg+0x50/0x50 [ 58.142433][ T5098] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.148423][ T5098] ___sys_sendmsg+0x110/0x1b0 [ 58.153112][ T5098] ? do_recvmmsg+0x6e0/0x6e0 [ 58.157716][ T5098] ? lock_release+0x810/0x810 [ 58.162399][ T5098] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 58.167604][ T5098] ? do_raw_spin_lock+0x124/0x2b0 [ 58.172636][ T5098] ? rwlock_bug.part.0+0x90/0x90 [ 58.177580][ T5098] ? _raw_spin_lock_irq+0x45/0x50 [ 58.182620][ T5098] ? __fget_light+0x20a/0x270 [ 58.187305][ T5098] __sys_sendmsg+0xf7/0x1c0 [ 58.191824][ T5098] ? __sys_sendmsg_sock+0x40/0x40 [ 58.196860][ T5098] ? lock_downgrade+0x6e0/0x6e0 [ 58.201719][ T5098] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.206927][ T5098] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.212144][ T5098] ? ptrace_notify+0xfe/0x140 [ 58.216828][ T5098] do_syscall_64+0x39/0xb0 [ 58.221263][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.227167][ T5098] RIP: 0033:0x7f82c6580559 [ 58.231585][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.251198][ T5098] RSP: 002b:00007fff1d8516c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.259616][ T5098] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f82c6580559 [ 58.267588][ T5098] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 58.275561][ T5098] RBP: 0000000000000000 R08: 00007fff1d8516f0 R09: 00007fff1d8516f0 [ 58.283537][ T5098] R10: 00007fff1d851140 R11: 0000000000000246 R12: 00007fff1d8516ec [ 58.291508][ T5098] R13: 00007fff1d851700 R14: 00007fff1d851740 R15: 0000000000000009 [ 58.299487][ T5098] [ 58.302652][ T5098] Kernel Offset: disabled [ 58.306976][ T5098] Rebooting in 86400 seconds..