./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1114525210 <...> syzkaller syzkaller login: [ 7.078328][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.008317][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.048299][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 15.588344][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 15.739704][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 15.739718][ T23] audit: type=1400 audit(1680170916.650:71): avc: denied { transition } for pid=310 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.768287][ T23] audit: type=1400 audit(1680170916.650:72): avc: denied { write } for pid=310 comm="sh" path="pipe:[10647]" dev="pipefs" ino=10647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. execve("./syz-executor1114525210", ["./syz-executor1114525210"], 0x7ffd8b6d8fa0 /* 10 vars */) = 0 brk(NULL) = 0x555556bd4000 brk(0x555556bd4d40) = 0x555556bd4d40 arch_prctl(ARCH_SET_FS, 0x555556bd4400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556bd46d0) = 371 set_robust_list(0x555556bd46e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f5ed4ad8140, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5ed4ad7690}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5ed4ad81e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5ed4ad7690}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1114525210", 4096) = 28 brk(0x555556bf5d40) = 0x555556bf5d40 brk(0x555556bf6000) = 0x555556bf6000 mprotect(0x7f5ed4b9b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 371 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "371", 3) = 3 close(3) = 0 chmod("/dev/raw-gadget", 0666) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f5ed4ad0610, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5ed4ad7690}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f5ed4ad0610, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5ed4ad7690}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 372 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 373 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 374 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 375 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 376 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555556bd46e0, 24) = 0 [pid 377] getpid() = 377 [pid 377] mkdir("./syzkaller.qjTaIG", 0700) = 0 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555556bd46e0, 24) = 0 [pid 376] getpid() = 376 [pid 376] mkdir("./syzkaller.hznCDB", 0700) = 0 ./strace-static-x86_64: Process 372 attached [pid 377] chmod("./syzkaller.qjTaIG", 0777 [pid 372] set_robust_list(0x555556bd46e0, 24 [pid 377] <... chmod resumed>) = 0 [pid 377] chdir("./syzkaller.qjTaIG" [pid 372] <... set_robust_list resumed>) = 0 [pid 377] <... chdir resumed>) = 0 [pid 372] getpid( [pid 377] unshare(CLONE_NEWPID) = 0 [pid 372] <... getpid resumed>) = 372 [pid 376] chmod("./syzkaller.hznCDB", 0777 [pid 372] mkdir("./syzkaller.cqlryk", 0700 [pid 376] <... chmod resumed>) = 0 [pid 372] <... mkdir resumed>) = 0 [pid 376] chdir("./syzkaller.hznCDB") = 0 [pid 376] unshare(CLONE_NEWPID) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 372] chmod("./syzkaller.cqlryk", 0777) = 0 [pid 372] chdir("./syzkaller.cqlryk") = 0 [pid 372] unshare(CLONE_NEWPID) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 376] <... clone resumed>, child_tidptr=0x555556bd46d0) = 378 [pid 377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 372] <... clone resumed>, child_tidptr=0x555556bd46d0) = 379 [pid 377] <... clone resumed>, child_tidptr=0x555556bd46d0) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555556bd46e0, 24) = 0 [pid 380] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555556bd46e0, 24) = 0 [pid 379] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setsid() = 1 [pid 380] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 379] <... prctl resumed>) = 0 [pid 380] <... prlimit64 resumed>NULL) = 0 [pid 379] setsid( [pid 380] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 379] <... setsid resumed>) = 1 [pid 380] <... prlimit64 resumed>NULL) = 0 [pid 380] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 379] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 380] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 379] <... prlimit64 resumed>NULL) = 0 [pid 380] <... prlimit64 resumed>NULL) = 0 [pid 379] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 380] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 379] <... prlimit64 resumed>NULL) = 0 [pid 380] <... prlimit64 resumed>NULL) = 0 [pid 379] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 380] unshare(CLONE_NEWNS [pid 379] <... prlimit64 resumed>NULL) = 0 [pid 380] <... unshare resumed>) = 0 [pid 379] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 379] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 379] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 379] unshare(CLONE_NEWNS) = 0 [pid 380] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 379] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 379] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 379] unshare(CLONE_NEWCGROUP) = 0 [pid 379] unshare(CLONE_NEWUTS) = 0 [pid 380] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 379] unshare(CLONE_SYSVSEM) = 0 [pid 380] unshare(CLONE_NEWCGROUP [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 380] <... unshare resumed>) = 0 [pid 380] unshare(CLONE_NEWUTS) = 0 [pid 379] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 380] unshare(CLONE_SYSVSEM) = 0 [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 380] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 379] getpid() = 1 [pid 379] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 380] getpid( [pid 379] <... capget resumed>{effective=1<) = 1 [pid 380] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 379] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 380] <... capget resumed>{effective=1<) = 0 [pid 380] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 25.298080][ T23] audit: type=1400 audit(1680170926.200:73): avc: denied { execmem } for pid=371 comm="syz-executor111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 380] unshare(CLONE_NEWNET./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555556bd46e0, 24./strace-static-x86_64: Process 374 attached ) = 0 [pid 378] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 373 attached ) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 375 attached [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setsid() = 1 [pid 374] set_robust_list(0x555556bd46e0, 24 [pid 373] set_robust_list(0x555556bd46e0, 24 [pid 378] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 374] <... set_robust_list resumed>) = 0 [pid 378] <... prlimit64 resumed>NULL) = 0 [pid 375] set_robust_list(0x555556bd46e0, 24 [pid 373] <... set_robust_list resumed>) = 0 [pid 378] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 375] <... set_robust_list resumed>) = 0 [pid 378] <... prlimit64 resumed>NULL) = 0 [pid 378] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 375] getpid( [pid 378] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 374] getpid( [pid 378] <... prlimit64 resumed>NULL) = 0 [pid 373] getpid( [pid 378] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 374] <... getpid resumed>) = 374 [pid 375] <... getpid resumed>) = 375 [pid 373] <... getpid resumed>) = 373 [pid 378] <... prlimit64 resumed>NULL) = 0 [pid 374] mkdir("./syzkaller.VYfpRv", 0700 [pid 375] mkdir("./syzkaller.hYG8kz", 0700 [pid 378] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 373] mkdir("./syzkaller.B3npUp", 0700 [pid 374] <... mkdir resumed>) = 0 [pid 378] <... prlimit64 resumed>NULL) = 0 [pid 373] <... mkdir resumed>) = 0 [pid 375] <... mkdir resumed>) = 0 [pid 378] unshare(CLONE_NEWNS) = 0 [pid 375] chmod("./syzkaller.hYG8kz", 0777 [pid 374] chmod("./syzkaller.VYfpRv", 0777 [pid 373] chmod("./syzkaller.B3npUp", 0777 [pid 375] <... chmod resumed>) = 0 [pid 378] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 373] <... chmod resumed>) = 0 [pid 375] chdir("./syzkaller.hYG8kz" [pid 374] <... chmod resumed>) = 0 [pid 378] <... mount resumed>) = 0 [pid 375] <... chdir resumed>) = 0 [pid 373] chdir("./syzkaller.B3npUp" [pid 378] unshare(CLONE_NEWIPC [pid 374] chdir("./syzkaller.VYfpRv" [pid 373] <... chdir resumed>) = 0 [pid 378] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 375] unshare(CLONE_NEWPID [pid 374] <... chdir resumed>) = 0 [pid 373] unshare(CLONE_NEWPID [pid 378] unshare(CLONE_NEWCGROUP [pid 373] <... unshare resumed>) = 0 [pid 378] <... unshare resumed>) = 0 [pid 375] <... unshare resumed>) = 0 [pid 374] unshare(CLONE_NEWPID [pid 373] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 378] unshare(CLONE_NEWUTS [pid 374] <... unshare resumed>) = 0 [pid 378] <... unshare resumed>) = 0 [pid 374] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 378] unshare(CLONE_SYSVSEM) = 0 [pid 375] <... clone resumed>, child_tidptr=0x555556bd46d0) = 381 [pid 374] <... clone resumed>, child_tidptr=0x555556bd46d0) = 383 [pid 373] <... clone resumed>, child_tidptr=0x555556bd46d0) = 382 [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x555556bd46e0, 24) = 0 [pid 383] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x555556bd46e0, 24 [pid 383] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 381] <... set_robust_list resumed>) = 0 [pid 381] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setsid() = 1 [pid 381] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 383] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 383] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 383] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 383] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 383] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 381] <... prctl resumed>) = 0 [pid 383] <... prlimit64 resumed>NULL) = 0 [pid 381] setsid( [pid 383] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 381] <... setsid resumed>) = 1 [pid 383] <... prlimit64 resumed>NULL) = 0 [pid 381] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 383] unshare(CLONE_NEWNS [pid 381] <... prlimit64 resumed>NULL) = 0 [pid 383] <... unshare resumed>) = 0 [pid 381] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 381] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 381] unshare(CLONE_NEWNS) = 0 [pid 383] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 383] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 383] unshare(CLONE_NEWCGROUP) = 0 [pid 383] unshare(CLONE_NEWUTS) = 0 [pid 383] unshare(CLONE_SYSVSEM) = 0 [pid 381] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 381] <... mount resumed>) = 0 [pid 381] unshare(CLONE_NEWIPC [pid 383] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 381] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 381] unshare(CLONE_NEWCGROUP) = 0 [pid 381] unshare(CLONE_NEWUTS) = 0 [pid 381] unshare(CLONE_SYSVSEM [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 381] <... unshare resumed>) = 0 [pid 383] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 383] getpid() = 1 [pid 381] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 383] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 381] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 383] <... capget resumed>{effective=1< [pid 381] getpid() = 1 [pid 381] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 382 attached ) = -1 ENOENT (No such file or directory) [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 382] set_robust_list(0x555556bd46e0, 24 [pid 378] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 382] <... set_robust_list resumed>) = 0 [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 382] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 378] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 382] <... mount resumed>) = -1 EBUSY (Device or resource busy) [ 25.325360][ T23] audit: type=1400 audit(1680170926.230:74): avc: denied { setattr } for pid=371 comm="syz-executor111" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.362915][ T23] audit: type=1400 audit(1680170926.240:75): avc: denied { mounton } for pid=380 comm="syz-executor111" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 378] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] <... unshare resumed>) = 0 [pid 380] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "0 65535", 7) = 7 [pid 380] close(3) = 0 [pid 380] mkdir("/dev/binderfs", 0777) = 0 [pid 380] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 380] mkdir("./0", 0777) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 380] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 380] close(3) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 2 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555556bd46e0, 24) = 0 [pid 385] chdir("./0") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 382] <... prctl resumed>) = 0 [pid 378] getpid( [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ed4aa5000 [pid 385] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 379] <... unshare resumed>) = 0 [pid 379] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "0 65535", 7) = 7 [pid 379] close(3) = 0 [pid 379] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 379] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 379] mkdir("./0", 0777) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 379] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 379] close(3) = 0 [pid 379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 2 [pid 385] <... clone resumed>, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 385] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 382] setsid( [pid 378] <... getpid resumed>) = 1 [pid 378] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 382] <... setsid resumed>) = 1 [pid 378] <... capget resumed>{effective=1< [pid 378] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<NULL) = 0 [pid 378] unshare(CLONE_NEWNET [pid 382] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555556bd46e0, 24) = 0 [pid 387] chdir("./0") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 382] <... prlimit64 resumed>NULL) = 0 [pid 382] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 387] <... openat resumed>) = 3 [pid 382] <... prlimit64 resumed>NULL) = 0 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs" [pid 382] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 387] <... symlink resumed>) = 0 [pid 382] <... prlimit64 resumed>NULL) = 0 [pid 382] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 382] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 382] unshare(CLONE_NEWNS [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ed4aa5000 [pid 387] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 382] <... unshare resumed>) = 0 [pid 382] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 387] <... clone resumed>, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 387] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 382] <... mount resumed>) = 0 [pid 382] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 382] unshare(CLONE_NEWCGROUP) = 0 [pid 382] unshare(CLONE_NEWUTS) = 0 [pid 382] unshare(CLONE_SYSVSEM) = 0 [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x7f5ed4ac59e0, 24 [pid 382] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 389] <... set_robust_list resumed>) = 0 [pid 389] memfd_create("syzkaller", 0) = 3 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ecc6a5000 [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 382] getpid() = 1 [pid 382] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 383] <... unshare resumed>) = 0 ./strace-static-x86_64: Process 386 attached [pid 383] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 386] set_robust_list(0x7f5ed4ac59e0, 24 [pid 383] write(3, "0 65535", 7) = 7 [pid 383] close(3) = 0 [pid 383] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 383] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 386] <... set_robust_list resumed>) = 0 [pid 383] <... mount resumed>) = 0 [pid 383] mkdir("./0", 0777 [pid 386] memfd_create("syzkaller", 0 [pid 383] <... mkdir resumed>) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 383] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 383] close(3 [pid 386] <... memfd_create resumed>) = 3 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 383] <... close resumed>) = 0 [pid 383] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 386] <... mmap resumed>) = 0x7f5ecc6a5000 [pid 383] <... clone resumed>, child_tidptr=0x555556bd46d0) = 2 [pid 389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555556bd46e0, 24) = 0 [pid 390] chdir("./0") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 381] <... unshare resumed>) = 0 [pid 381] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "0 65535", 7) = 7 [pid 381] close(3) = 0 [pid 381] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 381] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 381] mkdir("./0", 0777) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 381] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 381] close(3) = 0 [ 25.389831][ T23] audit: type=1400 audit(1680170926.240:76): avc: denied { mount } for pid=380 comm="syz-executor111" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 25.413794][ T23] audit: type=1400 audit(1680170926.250:77): avc: denied { mounton } for pid=380 comm="syz-executor111" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bd46d0) = 2 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ed4aa5000 [pid 390] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 389] <... write resumed>) = 1048576 [pid 390] <... clone resumed>, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] munmap(0x7f5ecc6a5000, 1048576 [pid 390] <... futex resumed>) = 0 [pid 389] <... munmap resumed>) = 0 [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 389] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555556bd46e0, 24) = 0 [pid 391] chdir("./0") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ed4aa5000 [pid 391] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] <... ioctl resumed>) = 0 [pid 389] close(3) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 391] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7f5ed4ac59e0, 24) = 0 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ecc6a5000 ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x7f5ed4ac59e0, 24) = 0 [pid 394] memfd_create("syzkaller", 0) = 3 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ecc6a5000 [pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 386] munmap(0x7f5ecc6a5000, 1048576) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 386] ioctl(4, LOOP_SET_FD, 3 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 386] <... ioctl resumed>) = 0 [pid 386] close(3) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 382] <... unshare resumed>) = 0 [pid 378] <... unshare resumed>) = 0 [pid 382] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 378] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 382] <... openat resumed>) = 3 [pid 378] <... openat resumed>) = 3 [pid 389] <... mount resumed>) = 0 [pid 378] write(3, "0 65535", 7 [pid 382] write(3, "0 65535", 7) = 7 [pid 378] <... write resumed>) = 7 [pid 382] close(3 [pid 378] close(3 [pid 382] <... close resumed>) = 0 [pid 378] <... close resumed>) = 0 [pid 382] mkdir("/dev/binderfs", 0777 [pid 378] mkdir("/dev/binderfs", 0777 [pid 382] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 378] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 382] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 378] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 382] <... mount resumed>) = 0 [pid 378] <... mount resumed>) = 0 [pid 382] mkdir("./0", 0777 [pid 378] mkdir("./0", 0777 [pid 389] <... openat resumed>) = 3 [pid 378] <... mkdir resumed>) = 0 [pid 389] chdir("./file0" [pid 382] <... mkdir resumed>) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 392] <... write resumed>) = 1048576 [pid 382] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 378] <... openat resumed>) = 3 [pid 382] <... openat resumed>) = 3 [pid 378] ioctl(3, LOOP_CLR_FD [pid 392] munmap(0x7f5ecc6a5000, 1048576 [pid 382] ioctl(3, LOOP_CLR_FD [pid 378] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 382] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 378] close(3 [pid 382] close(3 [pid 389] <... chdir resumed>) = 0 [pid 389] ioctl(4, LOOP_CLR_FD) = 0 [pid 389] close(4) = 0 [pid 389] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 387] <... futex resumed>) = 1 [pid 389] creat("./bus", 000 [ 25.500520][ T23] audit: type=1400 audit(1680170926.310:78): avc: denied { mounton } for pid=380 comm="syz-executor111" path="/dev/binderfs" dev="devtmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 25.530258][ T389] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... write resumed>) = 1048576 [pid 392] <... munmap resumed>) = 0 [pid 389] <... creat resumed>) = 4 [pid 382] <... close resumed>) = 0 [pid 378] <... close resumed>) = 0 [pid 389] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 389] <... futex resumed>) = 1 [pid 387] <... futex resumed>) = 0 [pid 382] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 389] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 387] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... clone resumed>, child_tidptr=0x555556bd46d0) = 2 [pid 389] <... mount resumed>) = 0 [pid 387] <... futex resumed>) = 0 [pid 382] <... clone resumed>, child_tidptr=0x555556bd46d0) = 2 [pid 389] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] <... futex resumed>) = 0 [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 387] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... open resumed>) = 5 [pid 387] <... futex resumed>) = 0 [pid 389] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] <... futex resumed>) = 0 [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 387] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3 [pid 394] munmap(0x7f5ecc6a5000, 1048576) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555556bd46e0, 24) = 0 [pid 400] chdir("./0" [pid 394] <... openat resumed>) = 4 [pid 392] <... ioctl resumed>) = 0 [pid 394] ioctl(4, LOOP_SET_FD, 3 [pid 392] close(3) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 400] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 399 attached [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] set_robust_list(0x555556bd46e0, 24 [pid 400] setpgid(0, 0) = 0 [pid 399] <... set_robust_list resumed>) = 0 [ 25.558297][ T23] audit: type=1400 audit(1680170926.310:79): avc: denied { mount } for pid=380 comm="syz-executor111" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 25.582117][ T23] audit: type=1400 audit(1680170926.310:80): avc: denied { read write } for pid=380 comm="syz-executor111" name="loop5" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 394] <... ioctl resumed>) = 0 [ 25.608070][ T23] audit: type=1400 audit(1680170926.310:81): avc: denied { open } for pid=380 comm="syz-executor111" path="/dev/loop5" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.632651][ T23] audit: type=1400 audit(1680170926.310:82): avc: denied { ioctl } for pid=380 comm="syz-executor111" path="/dev/loop5" dev="devtmpfs" ino=120 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 399] chdir("./0" [pid 394] close(3 [pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 387] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... close resumed>) = 0 [pid 387] <... futex resumed>) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 394] mkdir("./file0", 0777 [pid 387] <... mmap resumed>) = 0x7f5ecc784000 [pid 394] <... mkdir resumed>) = 0 [pid 387] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 399] <... chdir resumed>) = 0 [pid 387] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 4 [pid 387] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... openat resumed>) = 3 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 400] write(3, "1000", 4 [pid 399] <... prctl resumed>) = 0 [pid 400] <... write resumed>) = 4 [pid 399] setpgid(0, 0 [pid 400] close(3) = 0 [pid 399] <... setpgid resumed>) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs" [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 400] <... symlink resumed>) = 0 [pid 399] <... openat resumed>) = 3 [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] write(3, "1000", 4) = 4 [pid 400] <... futex resumed>) = 0 [pid 399] close(3 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 399] <... close resumed>) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs" [pid 400] <... mmap resumed>) = 0x7f5ed4aa5000 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7f5ecc7a49e0, 24) = 0 [pid 399] <... symlink resumed>) = 0 [pid 400] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] sendmmsg(5, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 400] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 0 [pid 400] <... clone resumed>, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 387] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 400] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... mmap resumed>) = 0x7f5ed4aa5000 [pid 387] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 400] <... futex resumed>) = 0 [pid 399] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 399] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 3 [pid 399] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 389] <... clone resumed>, child_tidptr=NULL) = 5 [pid 389] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f5ed4ac59e0, 24) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ecc6a5000 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x7f5ed4ac59e0, 24) = 0 [pid 407] memfd_create("syzkaller", 0 [pid 386] <... mount resumed>) = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 407] <... memfd_create resumed>) = 3 [pid 386] <... openat resumed>) = 3 [pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 407] <... mmap resumed>) = 0x7f5ecc6a5000 [pid 386] chdir("./file0") = 0 [pid 386] ioctl(4, LOOP_CLR_FD) = 0 [pid 386] close(4 [pid 408] <... write resumed>) = 1048576 [pid 408] munmap(0x7f5ecc6a5000, 1048576) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 25.638235][ T386] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 25.697847][ T394] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 386] <... close resumed>) = 0 [pid 394] <... mount resumed>) = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 394] chdir("./file0") = 0 [pid 394] ioctl(4, LOOP_CLR_FD) = 0 [pid 394] close(4) = 0 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] creat("./bus", 000) = 4 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 386] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] creat("./bus", 000) = 4 [pid 386] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 385] <... futex resumed>) = 0 [pid 386] <... mount resumed>) = 0 [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 385] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 385] <... futex resumed>) = 0 [pid 386] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 385] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... mount resumed>) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 392] chdir("./file0") = 0 [pid 392] ioctl(4, LOOP_CLR_FD) = 0 [pid 392] close(4) = 0 [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... write resumed>) = 1048576 [pid 407] munmap(0x7f5ecc6a5000, 1048576) = 0 [pid 407] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_SET_FD, 3 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- [ 25.711165][ T409] EXT4-fs error (device loop0): ext4_map_blocks:594: inode #2: block 16: comm syz-executor111: lblock 0 mapped to illegal pblock 16 (length 1) [ 25.722622][ T392] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 25.735843][ T409] EXT4-fs error (device loop0): ext4_map_blocks:594: inode #2: block 16: comm syz-executor111: lblock 0 mapped to illegal pblock 16 (length 1) [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... clone resumed>, child_tidptr=NULL) = 4 [pid 392] <... futex resumed>) = 0 [pid 392] creat("./bus", 000 [pid 408] <... mount resumed>) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] ioctl(4, LOOP_CLR_FD [pid 407] <... ioctl resumed>) = 0 [pid 392] <... creat resumed>) = 4 [pid 407] close(3) = 0 [pid 407] mkdir("./file0", 0777) = 0 [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS, ",errors=continue" [pid 391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 408] <... ioctl resumed>) = 0 [pid 391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ecc784000 [pid 391] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE [pid 390] <... futex resumed>) = 0 [pid 392] <... futex resumed>) = 1 [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... mprotect resumed>) = 0 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 394] <... futex resumed>) = 0 [pid 392] <... mount resumed>) = 0 [pid 391] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] <... futex resumed>) = 1 [pid 390] <... futex resumed>) = 0 [pid 391] <... clone resumed>, parent_tid=[5], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 5 [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 391] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... open resumed>) = 5 [pid 391] <... futex resumed>) = 0 [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 390] <... futex resumed>) = 0 [pid 392] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 390] <... futex resumed>) = 0 [pid 392] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] close(4) = 0 [pid 408] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] creat("./bus", 000) = 4 [pid 408] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 408] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 399] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... mount resumed>) = 0 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... open resumed>) = 5 [pid 408] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 408] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 399] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 385] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ecc784000 [pid 385] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 4 [pid 385] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7f5ecc7a49e0, 24) = 0 [pid 419] sendmmsg(5, ./strace-static-x86_64: Process 420 attached [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 420] set_robust_list(0x7f5ecc7a49e0, 24 [pid 419] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... set_robust_list resumed>) = 0 [pid 419] <... futex resumed>) = 1 [pid 405] <... write resumed>) = 1048576 [ 25.766858][ T408] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 391] <... futex resumed>) = 0 [pid 420] sendmmsg(5, [pid 419] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] close(3 [pid 420] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 405] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 387] <... close resumed>) = 0 [pid 420] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 391] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] close(4 [pid 420] <... futex resumed>) = 1 [pid 407] <... mount resumed>) = 0 [pid 399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 390] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 387] <... close resumed>) = 0 [pid 385] <... futex resumed>) = 0 [pid 420] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 399] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... write resumed>) = 1048576 [pid 392] <... clone resumed>, child_tidptr=NULL) = 4 [ 25.823430][ T407] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 390] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] close(5 [pid 386] <... clone resumed>, child_tidptr=NULL) = 5 [pid 385] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... openat resumed>) = 3 [pid 399] <... futex resumed>) = 0 [pid 394] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 387] <... close resumed>) = 0 [pid 386] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 387] close(6 [pid 386] <... futex resumed>) = 0 [pid 385] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... mmap resumed>) = 0x7f5ecc784000 [pid 390] <... mmap resumed>) = 0x7f5ecc784000 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 386] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE [pid 390] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE [pid 387] close(7 [pid 399] <... mprotect resumed>) = 0 [pid 390] <... mprotect resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 399] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 390] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 387] close(8) = -1 EBADF (Bad file descriptor) [pid 399] <... clone resumed>, parent_tid=[4], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 4 [pid 390] <... clone resumed>, parent_tid=[5], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 5 [pid 387] close(9 [pid 399] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 399] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = 0 [pid 387] close(10 [pid 399] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 390] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(3 [pid 387] close(11 [pid 391] <... close resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(4 [pid 387] close(12 [pid 391] <... close resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 25.871581][ T418] ------------[ cut here ]------------ [ 25.877077][ T418] kernel BUG at fs/ext4/ext4.h:3248! [ 25.882861][ T418] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.888954][ T418] CPU: 1 PID: 418 Comm: syz-executor111 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 25.899209][ T418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [pid 391] close(5 [pid 387] close(13./strace-static-x86_64: Process 426 attached ./strace-static-x86_64: Process 425 attached [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 392] <... futex resumed>) = 0 [pid 391] close(6 [pid 387] close(14 [pid 426] set_robust_list(0x7f5ecc7a49e0, 24 [pid 425] set_robust_list(0x7f5ecc7a49e0, 24 [pid 392] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 426] <... set_robust_list resumed>) = 0 [pid 425] <... set_robust_list resumed>) = 0 [pid 391] close(7 [pid 387] close(15 [pid 426] sendmmsg(5, [pid 425] sendmmsg(5, [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(8 [pid 387] close(16 [pid 426] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 425] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 426] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] close(9 [pid 387] close(17 [pid 426] <... futex resumed>) = 1 [pid 425] <... futex resumed>) = 1 [pid 399] <... futex resumed>) = 0 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... futex resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 426] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] close(10 [pid 390] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] close(18 [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 25.908603][ T423] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:437: comm syz-executor111: Invalid block bitmap block 0 in block_group 0 [ 25.909296][ T418] RIP: 0010:ext4_mb_load_buddy_gfp+0xe54/0xec0 [ 25.929401][ T418] Code: ff e8 40 13 c8 ff e9 c8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 14 f4 ff ff e8 46 13 c8 ff e9 0a f4 ff ff e8 ec 10 8e ff <0f> 0b e8 e5 10 8e ff 4c 89 ef e8 5d 64 cd ff e9 34 fc ff ff e8 d3 [ 25.949026][ T418] RSP: 0018:ffffc90000e377d8 EFLAGS: 00010293 [ 25.955143][ T418] RAX: ffffffff81df10c4 RBX: 0000000000000001 RCX: ffff888103f8a780 [ 25.963123][ T418] RDX: 0000000000000000 RSI: 00000000ffffd331 RDI: 0000000000000001 [ 25.969065][ T424] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #19: block 114: comm syz-executor111: lblock 2 mapped to illegal pblock 114 (length 1) [ 25.971098][ T418] RBP: ffffc90000e37870 R08: ffffffff81df034c R09: ffffed10235e1a29 [ 25.971108][ T418] R10: ffffed10235e1a29 R11: 1ffff110235e1a28 R12: 1ffff11021497679 [ 25.971127][ T418] R13: ffff88810a4bd000 R14: 00000000ffffd331 R15: dffffc0000000000 [ 26.010765][ T418] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.019727][ T418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.026342][ T418] CR2: 000000001ffffc40 CR3: 000000010b797000 CR4: 00000000003506a0 [ 26.034333][ T418] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.042322][ T418] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.050308][ T418] Call Trace: [ 26.053624][ T418] ext4_discard_preallocations+0x803/0xf10 [ 26.059454][ T418] ? mb_test_and_clear_bits+0x250/0x250 [ 26.065058][ T418] ? __down_write+0x119/0x320 [ 26.069763][ T418] ? kmem_cache_free+0xa9/0x1f0 [ 26.074637][ T418] ext4_release_file+0x17a/0x320 [ 26.079623][ T418] ? ext4_file_open+0x680/0x680 [ 26.082972][ T423] EXT4-fs error (device loop5): ext4_mb_discard_group_preallocations:4291: comm syz-executor111: Error -117 reading block bitmap for 0 [ 26.084481][ T418] __fput+0x348/0x7c0 [ 26.084500][ T418] ____fput+0x15/0x20 [ 26.106364][ T418] task_work_run+0x147/0x1b0 [ 26.110983][ T418] do_exit+0x63c/0x2340 [ 26.115160][ T418] ? get_task_struct+0x80/0x80 [ 26.118884][ T424] EXT4-fs error (device loop2): ext4_ext_remove_space:2942: inode #19: comm syz-executor111: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 26.119935][ T418] do_group_exit+0x13a/0x300 [ 26.119956][ T418] get_signal+0xe17/0x1440 [ 26.147359][ T418] arch_do_signal+0x8e/0x650 [ 26.151522][ T423] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:437: comm syz-executor111: Invalid block bitmap block 0 in block_group 0 [ 26.151964][ T418] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 26.171213][ T418] ? do_user_addr_fault+0xca3/0xce0 [ 26.176539][ T418] ? do_kern_addr_fault+0x80/0x80 [ 26.181574][ T418] exit_to_user_mode_loop+0xa3/0xe0 [ 26.184037][ T423] EXT4-fs error (device loop5): ext4_mb_discard_group_preallocations:4291: comm syz-executor111: Error -117 reading block bitmap for 0 [ 26.186775][ T418] irqentry_exit_to_user_mode+0x56/0x80 [ 26.186785][ T418] irqentry_exit+0x12/0x60 [ 26.186805][ T418] exc_page_fault+0x7e/0x1b0 [ 26.201572][ T423] EXT4-fs error (device loop5): ext4_ext_remove_space:2942: inode #19: comm syz-executor111: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 26.206123][ T418] ? asm_exc_page_fault+0x8/0x30 [ 26.206135][ T418] asm_exc_page_fault+0x1e/0x30 [ 26.206152][ T418] RIP: 0033:0x0 [ 26.246864][ T418] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 26.254767][ T418] RSP: 002b:0000000020000008 EFLAGS: 00010217 [ 26.260849][ T418] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5ed4b22b79 [pid 407] chdir("./file0" [pid 399] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... futex resumed>) = 1 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 407] <... chdir resumed>) = 0 [pid 399] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 391] close(11 [pid 390] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] close(19 [pid 407] ioctl(4, LOOP_CLR_FD [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 407] <... ioctl resumed>) = 0 [pid 391] close(12 [pid 387] close(20 [pid 407] close(4 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 407] <... close resumed>) = 0 [pid 391] close(13 [pid 387] close(21 [pid 407] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 407] <... futex resumed>) = 1 [pid 400] <... futex resumed>) = 0 [pid 391] close(14 [pid 387] close(22 [pid 407] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 400] <... futex resumed>) = 0 [pid 391] close(15 [pid 387] close(23 [pid 407] creat("./bus", 000 [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(16 [pid 387] close(24 [pid 399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(17write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 387] close(25 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(18 [pid 387] close(26 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(19 [pid 390] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 387] close(27 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(20 [pid 387] close(28 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(21 [pid 387] close(29 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 391] close(22 [pid 387] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... write resumed>) = 89 [pid 391] close(23 [pid 387] exit_group(0 [pid 405] <... futex resumed>) = ? [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... exit_group resumed>) = ? [pid 405] +++ exited with 0 +++ [pid 391] close(24) = -1 EBADF (Bad file descriptor) [pid 391] close(25) = -1 EBADF (Bad file descriptor) [pid 391] close(26 [pid 407] <... creat resumed>) = 4 [pid 389] <... futex resumed>) = ? [pid 407] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 389] +++ exited with 0 +++ [pid 387] +++ exited with 0 +++ [pid 407] <... futex resumed>) = 1 [pid 400] <... futex resumed>) = 0 [pid 391] close(27 [pid 407] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 379] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 400] <... futex resumed>) = 0 [pid 391] close(28 [pid 379] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 407] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 379] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 420] <... write resumed>) = 1048576 [pid 407] <... mount resumed>) = 0 [pid 391] close(29 [pid 379] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 420] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 379] <... openat resumed>) = 3 [pid 420] <... futex resumed>) = 0 [pid 407] <... futex resumed>) = 1 [pid 400] <... futex resumed>) = 0 [pid 391] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 385] close(3 [pid 379] fstat(3, [pid 420] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... write resumed>) = 89 [pid 385] <... close resumed>) = 0 [pid 379] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 400] <... futex resumed>) = 0 [pid 391] exit_group(0 [pid 385] close(4 [pid 379] getdents64(3, [pid 419] <... futex resumed>) = ? [pid 407] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = ? [pid 391] <... exit_group resumed>) = ? [pid 385] <... close resumed>) = 0 [pid 379] <... getdents64 resumed>0x555556bd6730 /* 4 entries */, 32768) = 112 [pid 419] +++ exited with 0 +++ [pid 407] <... open resumed>) = 5 [pid 394] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ [pid 385] close(5 [pid 379] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 407] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... close resumed>) = 0 [pid 379] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 407] <... futex resumed>) = 1 [pid 400] <... futex resumed>) = 0 [pid 385] close(6 [pid 381] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 379] lstat("./0/binderfs", [pid 407] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] restart_syscall(<... resuming interrupted clone ...> [pid 379] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 400] <... futex resumed>) = 0 [pid 385] close(7 [pid 381] <... restart_syscall resumed>) = 0 [pid 379] unlink("./0/binderfs" [pid 425] <... write resumed>) = 1048576 [pid 407] clone(child_stack=0x20000000, flags=CLONE_PARENT|CLONE_UNTRACED|CLONE_CHILD_SETTID|CLONE_NEWNET [pid 400] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... write resumed>) = 1048576 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 379] <... unlink resumed>) = 0 [pid 425] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] close(8 [pid 379] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 425] <... futex resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 390] close(3 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 425] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] futex(0x7f5ed4ba1788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... close resumed>) = 0 [pid 385] close(9 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 390] close(4 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 390] <... close resumed>) = 0 [pid 385] close(10 [pid 381] <... openat resumed>) = 3 [pid 390] close(5 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] fstat(3, [pid 390] <... close resumed>) = 0 [pid 385] close(11 [pid 381] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 390] close(6 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] getdents64(3, [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(12 [pid 381] <... getdents64 resumed>0x555556bd6730 /* 4 entries */, 32768) = 112 [pid 390] close(7 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(13 [pid 381] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 390] close(8 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] lstat("./0/binderfs", [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(14 [pid 381] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 390] close(9 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] unlink("./0/binderfs" [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(15 [pid 381] <... unlink resumed>) = 0 [pid 390] close(10 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 381] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(16 [pid 390] close(11 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(17 [pid 390] close(12 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(18 [pid 390] close(13 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(19 [pid 390] close(14 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(20 [pid 390] close(15 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(21 [pid 390] close(16 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(22 [pid 390] close(17 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(23 [pid 390] close(18 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(24 [pid 390] close(19 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(25 [pid 390] close(20 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(26 [pid 390] close(21 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(27 [pid 390] close(22 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(28 [pid 390] close(23 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(29 [pid 390] close(24 write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 390] close(25 [pid 385] <... write resumed>) = 89 [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] exit_group(0 [pid 420] <... futex resumed>) = ? [pid 390] close(26 [pid 386] <... futex resumed>) = ? [pid 385] <... exit_group resumed>) = ? [pid 420] +++ exited with 0 +++ [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 386] +++ exited with 0 +++ [pid 385] +++ exited with 0 +++ [pid 390] close(27 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 390] close(28) = -1 EBADF (Bad file descriptor) [pid 380] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 390] close(29 [pid 380] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 390] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 380] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYwrite to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 390] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89 [pid 380] <... openat resumed>) = 3 [pid 390] <... write resumed>) = 89 [pid 380] fstat(3, [pid 390] exit_group(0 [pid 380] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 426] <... futex resumed>) = ? [pid 392] <... futex resumed>) = ? [pid 390] <... exit_group resumed>) = ? [pid 380] getdents64(3, [pid 426] +++ exited with 0 +++ [pid 392] +++ exited with 0 +++ [pid 390] +++ exited with 0 +++ [pid 380] <... getdents64 resumed>0x555556bd6730 /* 4 entries */, 32768) = 112 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 380] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./0/binderfs", [pid 383] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] unlink("./0/binderfs" [pid 383] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] <... unlink resumed>) = 0 [pid 383] <... openat resumed>) = 3 [pid 380] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] getdents64(3, 0x555556bd6730 /* 4 entries */, 32768) = 112 [pid 383] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 383] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 383] unlink("./0/binderfs") = 0 [pid 383] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 400] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 400] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ecc784000 [pid 400] mprotect(0x7f5ecc785000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] clone(child_stack=0x7f5ecc7a42f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f5ecc7a4700, child_tidptr=0x7f5ecc7a49d0) = 4 [pid 400] futex(0x7f5ed4ba1798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f5ed4ba179c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 400] futex(0x7f5ed4ba17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ecc763000 [pid 400] mprotect(0x7f5ecc764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] clone(child_stack=0x7f5ecc7832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5], tls=0x7f5ecc783700, child_tidptr=0x7f5ecc7839d0) = 5 [pid 400] futex(0x7f5ed4ba17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f5ed4ba17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7f5ecc7a49e0, 24) = 0 [pid 427] sendmmsg(5, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base="\x43\x7b\xfb\xb7\x81\xac\xf5\x77\x98\x4f\xb3\x2c\xfc\x5a\x9f\x9a\x1b\x12\xb9\xb9\x99\x91\x38\xb3\x3d\xcf\xa8\xf8\x6d\x4e\x8a\x2a\xdc\xf1\xd4\x6b\x18\xb5\x61\xe5\x26\xd2\xda\x36\x1d\xa8\x52\x8a\xf2\x74\xe3\xd1\x1f\x80\x02\x8a\x93\x7f\xd1\x98\x14\x41\x69\xeb\x90\x85\xce\x93\x31\xac\xc3\x0c\x16\x6f\xff\xc1\xe3\x62\xe7\xc9\x6e\x5b\x91\x0d\x35\x18\x28\xdd\xae\xc8\x5e\x09\x08\xf2\xaf\x16\x3b\x65\x49\x5a"..., iov_len=168}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], msg_iovlen=9, msg_controllen=0, msg_flags=MSG_EOR}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_PROBE|MSG_NOSIGNAL}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_ZEROCOPY}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=NULL, msg_controllen=88, msg_flags=MSG_PEEK|MSG_DONTROUTE|MSG_PROBE|MSG_EOR|MSG_FIN|MSG_RST|MSG_WAITFORONE|MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT|0x1af00000}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_FASTOPEN}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_ERRQUEUE|MSG_ZEROCOPY|MSG_CMSG_CLOEXEC}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=MSG_MORE|MSG_FASTOPEN}}], 7, MSG_DONTROUTE) = -1 ENOTSOCK (Socket operation on non-socket) [pid 427] futex(0x7f5ed4ba179c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f5ed4ba1798, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7f5ecc7839e0, 24) = 0 [pid 428] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 428] futex(0x7f5ed4ba17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = 1 [pid 428] futex(0x7f5ed4ba17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] close(3) = 0 [pid 399] close(4) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = -1 EBADF (Bad file descriptor) [pid 399] close(7) = -1 EBADF (Bad file descriptor) [pid 399] close(8) = -1 EBADF (Bad file descriptor) [pid 399] close(9) = -1 EBADF (Bad file descriptor) [pid 399] close(10) = -1 EBADF (Bad file descriptor) [pid 399] close(11) = -1 EBADF (Bad file descriptor) [pid 399] close(12) = -1 EBADF (Bad file descriptor) [pid 399] close(13) = -1 EBADF (Bad file descriptor) [pid 399] close(14) = -1 EBADF (Bad file descriptor) [pid 399] close(15) = -1 EBADF (Bad file descriptor) [pid 399] close(16) = -1 EBADF (Bad file descriptor) [pid 399] close(17) = -1 EBADF (Bad file descriptor) [pid 399] close(18) = -1 EBADF (Bad file descriptor) [pid 399] close(19) = -1 EBADF (Bad file descriptor) [pid 399] close(20) = -1 EBADF (Bad file descriptor) [pid 399] close(21) = -1 EBADF (Bad file descriptor) [pid 399] close(22) = -1 EBADF (Bad file descriptor) [pid 399] close(23) = -1 EBADF (Bad file descriptor) [pid 399] close(24) = -1 EBADF (Bad file descriptor) [pid 399] close(25) = -1 EBADF (Bad file descriptor) [pid 399] close(26) = -1 EBADF (Bad file descriptor) [pid 399] close(27) = -1 EBADF (Bad file descriptor) write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [pid 399] close(28) = -1 EBADF (Bad file descriptor) [pid 399] close(29) = -1 EBADF (Bad file descriptor) [pid 399] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 399] exit_group(0 [pid 425] <... futex resumed>) = ? [pid 399] <... exit_group resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 381] <... umount2 resumed>) = 0 [pid 381] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 381] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 381] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 381] getdents64(4, 0x555556bde770 /* 2 entries */, 32768) = 48 [pid 381] getdents64(4, 0x555556bde770 /* 0 entries */, 32768) = 0 [pid 381] close(4) = 0 [pid 381] rmdir("./0/file0") = 0 [pid 381] getdents64(3, 0x555556bd6730 /* 0 entries */, 32768) = 0 [pid 381] close(3) = 0 [pid 381] rmdir("./0") = 0 [pid 381] mkdir("./1", 0777) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 381] ioctl(3, LOOP_CLR_FD) = 0 [ 26.268838][ T418] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000041808000 [ 26.276823][ T418] RBP: 00007f5ed4ba1780 R08: 0000000000000000 R09: 00007f5ed4ba1788 [ 26.284803][ T418] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5ed4ba178c [ 26.292763][ T418] R13: 00007ffc82e5fccf R14: 00007f5ed4ac5300 R15: 0000000000022000 [ 26.300737][ T418] Modules linked in: [ 26.304983][ T418] ---[ end trace 763050db398b4684 ]--- [ 26.313631][ T418] RIP: 0010:ext4_mb_load_buddy_gfp+0xe54/0xec0 [pid 381] close(3) = 0 [pid 381] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x555556bd46e0, 24) = 0 [pid 429] chdir("./1") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 429] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5ed4aa5000 [pid 381] <... clone resumed>, child_tidptr=0x555556bd46d0) = 6 [pid 429] mprotect(0x7f5ed4aa6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7f5ed4ac52f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 430 attached , parent_tid=[7], tls=0x7f5ed4ac5700, child_tidptr=0x7f5ed4ac59d0) = 7 [pid 429] futex(0x7f5ed4ba1788, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] set_robust_list(0x7f5ed4ac59e0, 24) = 0 [pid 430] memfd_create("syzkaller", 0 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7f5ed4ba178c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 430] <... memfd_create resumed>) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ecc6a5000 [pid 380] <... umount2 resumed>) = 0 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 380] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=5, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6} --- [ 26.320380][ T418] Code: ff e8 40 13 c8 ff e9 c8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 14 f4 ff ff e8 46 13 c8 ff e9 0a f4 ff ff e8 ec 10 8e ff <0f> 0b e8 e5 10 8e ff 4c 89 ef e8 5d 64 cd ff e9 34 fc ff ff e8 d3 [ 26.347411][ T418] RSP: 0018:ffffc90000e377d8 EFLAGS: 00010293 [ 26.354056][ T418] RAX: ffffffff81df10c4 RBX: 0000000000000001 RCX: ffff888103f8a780 [pid 430] <... write resumed>) = 1048576 [pid 430] munmap(0x7f5ecc6a5000, 1048576) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 380] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 380] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 407] <... clone resumed>, child_tidptr=NULL) = 6 [pid 380] getdents64(4, [pid 407] futex(0x7f5ed4ba178c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] <... getdents64 resumed>0x555556bde770 /* 2 entries */, 32768) = 48 [pid 400] close(3) = 0 [pid 400] close(4) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = -1 EBADF (Bad file descriptor) [pid 400] close(7) = -1 EBADF (Bad file descriptor) [pid 400] close(8) = -1 EBADF (Bad file descriptor) [pid 400] close(9) = -1 EBADF (Bad file descriptor) [pid 400] close(10) = -1 EBADF (Bad file descriptor) [pid 400] close(11) = -1 EBADF (Bad file descriptor) [pid 400] close(12) = -1 EBADF (Bad file descriptor) [pid 400] close(13) = -1 EBADF (Bad file descriptor) [pid 400] close(14) = -1 EBADF (Bad file descriptor) [pid 400] close(15) = -1 EBADF (Bad file descriptor) [pid 400] close(16) = -1 EBADF (Bad file descriptor) [pid 400] close(17) = -1 EBADF (Bad file descriptor) [pid 400] close(18) = -1 EBADF (Bad file descriptor) [pid 400] close(19) = -1 EBADF (Bad file descriptor) [pid 400] close(20) = -1 EBADF (Bad file descriptor) [pid 400] close(21) = -1 EBADF (Bad file descriptor) [pid 400] close(22) = -1 EBADF (Bad file descriptor) [pid 400] close(23) = -1 EBADF (Bad file descriptor) [pid 400] close(24) = -1 EBADF (Bad file descriptor) [pid 400] close(25) = -1 EBADF (Bad file descriptor) [pid 400] close(26) = -1 EBADF (Bad file descriptor) [pid 400] close(27write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory ) = -1 EBADF (Bad file descriptor) [pid 400] close(28) = -1 EBADF (Bad file descriptor) [pid 400] close(29) = -1 EBADF (Bad file descriptor) [pid 400] write(1, "write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory\n", 89) = 89 [pid 400] exit_group(0 [pid 428] <... futex resumed>) = ? [pid 427] <... futex resumed>) = ? [pid 400] <... exit_group resumed>) = ? [pid 428] +++ exited with 0 +++ [pid 427] +++ exited with 0 +++ [pid 380] getdents64(4, 0x555556bde770 /* 0 entries */, 32768) = 0 [pid 380] close(4 [pid 407] +++ exited with 0 +++ [pid 400] +++ exited with 0 +++ [pid 380] <... close resumed>) = 0 [pid 380] rmdir("./0/file0" [pid 382] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 380] <... rmdir resumed>) = 0 [pid 382] restart_syscall(<... resuming interrupted clone ...> [pid 380] getdents64(3, 0x555556bd6730 /* 0 entries */, 32768) = 0 [pid 380] close(3) = 0 [pid 380] rmdir("./0" [pid 382] <... restart_syscall resumed>) = 0 [pid 380] <... rmdir resumed>) = 0 [pid 382] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 380] mkdir("./1", 0777 [pid 382] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] <... mkdir resumed>) = 0 [pid 382] <... openat resumed>) = 3 [pid 382] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(3, 0x555556bd6730 /* 4 entries */, 32768) = 112 [pid 380] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 382] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 382] unlink("./0/binderfs") = 0 [ 26.383556][ T418] RDX: 0000000000000000 RSI: 00000000ffffd331 RDI: 0000000000000001 [ 26.394363][ T431] EXT4-fs error (device loop1): ext4_map_blocks:594: inode #2: block 16: comm syz-executor111: lblock 0 mapped to illegal pblock 16 (length 1) [ 26.406771][ T418] RBP: ffffc90000e37870 R08: ffffffff81df034c R09: ffffed10235e1a29 [ 26.418019][ T418] R10: ffffed10235e1a29 R11: 1ffff110235e1a28 R12: 1ffff11021497679 [pid 382] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 382] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 382] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 382] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 382] getdents64(4, 0x555556bde770 /* 2 entries */, 32768) = 48 [pid 382] getdents64(4, 0x555556bde770 /* 0 entries */, 32768) = 0 [pid 382] close(4) = 0 [pid 382] rmdir("./0/file0") = 0 [pid 382] getdents64(3, 0x555556bd6730 /* 0 entries */, 32768) = 0 [pid 382] close(3) = 0 [pid 382] rmdir("./0") = 0 [pid 382] mkdir("./1", 0777) = 0 [ 26.424087][ T431] EXT4-fs error (device loop1): ext4_map_blocks:594: inode #2: block 16: comm syz-executor111: lblock 0 mapped to illegal pblock 16 (length 1) [ 26.426409][ T418] R13: ffff88810a4bd000 R14: 00000000ffffd331 R15: dffffc0000000000 [ 26.448715][ T418] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.457662][ T418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.464334][ T418] CR2: 00007f5ed4b6c348 CR3: 0000000119e88000 CR4: 00000000003506b0 [ 26.472450][ T418] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 382] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 430] <... openat resumed>) = 4 [pid 383] <... umount2 resumed>) = 0 [pid 380] <... openat resumed>) = 3 [pid 379] <... umount2 resumed>) = 0 [pid 430] ioctl(4, LOOP_SET_FD, 3 [pid 383] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=4, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- [pid 380] ioctl(3, LOOP_CLR_FD [pid 379] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 430] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 383] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 379] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 430] ioctl(4, LOOP_CLR_FD [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] close(3 [pid 379] lstat("./0/file0", [pid 430] <... ioctl resumed>) = 0 [pid 383] lstat("./0/file0", [pid 380] <... close resumed>) = 0 [pid 379] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 383] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 379] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 379] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 430] ioctl(4, LOOP_SET_FD, 3 [pid 383] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... clone resumed>, child_tidptr=0x555556bd46d0) = 6 [ 26.483541][ T418] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.491863][ T418] Kernel panic - not syncing: Fatal exception [ 26.498231][ T418] Kernel Offset: disabled [ 26.502557][ T418] Rebooting in 86400 seconds..