./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor619650768 <...> Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. execve("./syz-executor619650768", ["./syz-executor619650768"], 0x7ffeca9ce790 /* 10 vars */) = 0 brk(NULL) = 0x555556c84000 brk(0x555556c84d00) = 0x555556c84d00 arch_prctl(ARCH_SET_FS, 0x555556c843c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor619650768", 4096) = 27 brk(0x555556ca5d00) = 0x555556ca5d00 brk(0x555556ca6000) = 0x555556ca6000 mprotect(0x7fb783033000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fb782f840a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb782f84ce0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fb782f840a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fb782f84ce0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3615 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached ./strace-static-x86_64: Process 3616 attached , child_tidptr=0x555556c84690) = 3616 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3614] <... clone resumed>, child_tidptr=0x555556c84690) = 3617 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3618 [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3616] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3618 attached ./strace-static-x86_64: Process 3617 attached [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] ioctl(3, LOOP_CLR_FD [pid 3615] <... openat resumed>) = 3 [pid 3616] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3614] <... clone resumed>, child_tidptr=0x555556c84690) = 3619 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] close(3 [pid 3615] ioctl(3, LOOP_CLR_FD [pid 3614] <... clone resumed>, child_tidptr=0x555556c84690) = 3620 [pid 3618] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3617] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3616] <... close resumed>) = 0 [pid 3615] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3616] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3615] close(3 [pid 3618] <... openat resumed>) = 3 [pid 3616] <... clone resumed>, child_tidptr=0x555556c84690) = 3621 [pid 3615] <... close resumed>) = 0 [pid 3618] ioctl(3, LOOP_CLR_FD [pid 3617] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3621 attached [pid 3618] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3617] ioctl(3, LOOP_CLR_FD [pid 3618] close(3) = 0 [pid 3617] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3617] close(3 [pid 3621] <... prctl resumed>) = 0 [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3617] <... close resumed>) = 0 [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3621] setpgid(0, 0./strace-static-x86_64: Process 3622 attached [pid 3618] <... clone resumed>, child_tidptr=0x555556c84690) = 3622 [pid 3621] <... setpgid resumed>) = 0 [pid 3617] <... clone resumed>, child_tidptr=0x555556c84690) = 3623 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3621] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3624 attached [pid 3622] <... prctl resumed>) = 0 [pid 3621] write(3, "1000", 4) = 4 [pid 3622] setpgid(0, 0 [pid 3621] close(3 [pid 3622] <... setpgid resumed>) = 0 [pid 3621] <... close resumed>) = 0 [pid 3621] memfd_create("syzkaller", 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3621] <... memfd_create resumed>) = 3 [pid 3621] ftruncate(3, 0) = 0 [pid 3621] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3624] <... prctl resumed>) = 0 [pid 3622] <... openat resumed>) = 3 [pid 3624] setpgid(0, 0 [pid 3622] write(3, "1000", 4 [pid 3621] <... openat resumed>) = 4 [pid 3615] <... clone resumed>, child_tidptr=0x555556c84690) = 3624 [pid 3624] <... setpgid resumed>) = 0 [pid 3622] <... write resumed>) = 4 [pid 3621] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3619 attached [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3622] close(3 [pid 3621] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 3620 attached [pid 3624] <... openat resumed>) = 3 [pid 3622] <... close resumed>) = 0 [pid 3621] mkdir("./file0", 0777 [pid 3624] write(3, "1000", 4 [pid 3622] memfd_create("syzkaller", 0./strace-static-x86_64: Process 3623 attached [pid 3624] <... write resumed>) = 4 [pid 3622] <... memfd_create resumed>) = 3 [pid 3621] <... mkdir resumed>) = 0 [pid 3620] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3619] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3624] close(3 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3622] ftruncate(3, 0 [pid 3621] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3620] <... openat resumed>) = 3 [pid 3619] <... openat resumed>) = 3 [pid 3624] <... close resumed>) = 0 [pid 3623] <... prctl resumed>) = 0 [pid 3622] <... ftruncate resumed>) = 0 [pid 3621] pipe2( [pid 3620] ioctl(3, LOOP_CLR_FD [pid 3619] ioctl(3, LOOP_CLR_FD [pid 3624] memfd_create("syzkaller", 0 [pid 3622] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3621] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3624] <... memfd_create resumed>) = 3 [pid 3622] <... openat resumed>) = 4 [pid 3624] ftruncate(3, 0 [pid 3622] ioctl(4, LOOP_SET_FD, 3 [pid 3621] dup(6 [pid 3624] <... ftruncate resumed>) = 0 [pid 3624] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3623] setpgid(0, 0 [pid 3622] <... ioctl resumed>) = 0 [pid 3621] <... dup resumed>) = 7 [pid 3620] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3619] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3624] <... openat resumed>) = 4 [pid 3623] <... setpgid resumed>) = 0 [pid 3622] mkdir("./file0", 0777 [pid 3621] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3620] close(3 [pid 3619] close(3 [pid 3624] ioctl(4, LOOP_SET_FD, 3 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3622] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3620] <... close resumed>) = 0 [pid 3619] <... close resumed>) = 0 [pid 3624] <... ioctl resumed>) = 0 [pid 3623] <... openat resumed>) = 3 [pid 3622] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3620] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3627 attached ./strace-static-x86_64: Process 3626 attached [pid 3624] mkdir("./file0", 0777 [pid 3623] write(3, "1000", 4 [pid 3622] pipe2( [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3626] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3624] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3623] <... write resumed>) = 4 [pid 3622] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3620] <... clone resumed>, child_tidptr=0x555556c84690) = 3626 [pid 3619] <... clone resumed>, child_tidptr=0x555556c84690) = 3627 [pid 3627] <... prctl resumed>) = 0 [pid 3626] <... prctl resumed>) = 0 [pid 3624] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3623] close(3 [pid 3622] dup(6 [pid 3627] setpgid(0, 0 [pid 3626] setpgid(0, 0 [pid 3624] pipe2( [pid 3623] <... close resumed>) = 0 [pid 3622] <... dup resumed>) = 7 [pid 3627] <... setpgid resumed>) = 0 [pid 3626] <... setpgid resumed>) = 0 [pid 3624] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3623] memfd_create("syzkaller", 0 [pid 3622] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3624] dup(6 [pid 3623] <... memfd_create resumed>) = 3 [pid 3623] ftruncate(3, 0) = 0 [pid 3624] <... dup resumed>) = 7 [pid 3623] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3623] ioctl(4, LOOP_SET_FD, 3 [pid 3624] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3623] <... ioctl resumed>) = 0 [pid 3623] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3623] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3623] pipe2([5, 6], 0) = 0 [pid 3623] dup(6) = 7 [pid 3623] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3626] <... openat resumed>) = 3 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3626] write(3, "1000", 4 [pid 3627] <... openat resumed>) = 3 [pid 3626] <... write resumed>) = 4 [pid 3627] write(3, "1000", 4 [pid 3626] close(3 [pid 3627] <... write resumed>) = 4 [pid 3626] <... close resumed>) = 0 [pid 3627] close(3 [pid 3626] memfd_create("syzkaller", 0 [pid 3627] <... close resumed>) = 0 [pid 3626] <... memfd_create resumed>) = 3 [pid 3627] memfd_create("syzkaller", 0 [pid 3626] ftruncate(3, 0 [pid 3627] <... memfd_create resumed>) = 3 [pid 3626] <... ftruncate resumed>) = 0 [pid 3627] ftruncate(3, 0 [pid 3626] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3627] <... ftruncate resumed>) = 0 [pid 3626] <... openat resumed>) = 4 [pid 3627] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3626] ioctl(4, LOOP_SET_FD, 3 [pid 3627] <... openat resumed>) = 4 [pid 3626] <... ioctl resumed>) = 0 [pid 3627] ioctl(4, LOOP_SET_FD, 3 [pid 3626] mkdir("./file0", 0777 [pid 3627] <... ioctl resumed>) = 0 [pid 3626] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3627] mkdir("./file0", 0777 [pid 3626] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3627] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3626] pipe2( [pid 3627] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3626] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3627] pipe2( [pid 3626] dup(6 [pid 3627] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3626] <... dup resumed>) = 7 [pid 3627] dup(6 [pid 3626] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3627] <... dup resumed>) = 7 [pid 3627] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3621] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3621] exit_group(0) = ? [pid 3621] +++ exited with 0 +++ [pid 3616] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3621, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3616] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 3616] ioctl(3, LOOP_CLR_FD [pid 3624] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3624] exit_group(0) = ? [pid 3624] +++ exited with 0 +++ [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3624, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3615] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3615] ioctl(3, LOOP_CLR_FD [pid 3616] <... ioctl resumed>) = 0 [pid 3616] close(3) = 0 [pid 3616] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3628 ./strace-static-x86_64: Process 3628 attached [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] memfd_create("syzkaller", 0) = 3 [pid 3628] ftruncate(3, 0) = 0 [pid 3628] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 3628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3628] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3628] pipe2([5, 6], 0) = 0 [pid 3628] dup(6) = 7 [pid 3628] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3615] <... ioctl resumed>) = 0 [pid 3615] close(3) = 0 [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] memfd_create("syzkaller", 0) = 3 [pid 3629] ftruncate(3, 0) = 0 [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3629] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3629] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3629] pipe2([5, 6], 0) = 0 [pid 3629] dup(6) = 7 [pid 3629] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3622] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3622] exit_group(0) = ? [pid 3622] +++ exited with 0 +++ [pid 3618] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3622, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3618] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 3618] ioctl(3, LOOP_CLR_FD [pid 3623] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3623] exit_group(0) = ? [pid 3623] +++ exited with 0 +++ [pid 3617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3617] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3617] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3617] ioctl(3, LOOP_CLR_FD [pid 3618] <... ioctl resumed>) = 0 [pid 3618] close(3) = 0 [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3630 ./strace-static-x86_64: Process 3630 attached [pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3630] setpgid(0, 0) = 0 [pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3630] write(3, "1000", 4) = 4 [pid 3630] close(3) = 0 [pid 3630] memfd_create("syzkaller", 0) = 3 [pid 3630] ftruncate(3, 0) = 0 [pid 3630] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3630] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3630] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3630] pipe2([5, 6], 0) = 0 [pid 3630] dup(6) = 7 [pid 3630] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3617] <... ioctl resumed>) = 0 [pid 3617] close(3) = 0 [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3632 attached [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3617] <... clone resumed>, child_tidptr=0x555556c84690) = 3632 [pid 3632] memfd_create("syzkaller", 0) = 3 [pid 3632] ftruncate(3, 0) = 0 [pid 3632] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3632] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3632] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3632] pipe2([5, 6], 0) = 0 [pid 3632] dup(6) = 7 [pid 3632] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3629] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3629] exit_group(0) = ? [pid 3629] +++ exited with 0 +++ [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3615] ioctl(3, LOOP_CLR_FD [pid 3626] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3615] <... ioctl resumed>) = 0 [pid 3626] exit_group(0 [pid 3615] close(3 [pid 3626] <... exit_group resumed>) = ? [pid 3615] <... close resumed>) = 0 [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3626] +++ exited with 0 +++ [pid 3615] <... clone resumed>, child_tidptr=0x555556c84690) = 3634 [pid 3620] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3626, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3620] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 3620] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 3634 attached [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] memfd_create("syzkaller", 0) = 3 [pid 3634] ftruncate(3, 0) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3634] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3634] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3634] pipe2([5, 6], 0) = 0 [pid 3634] dup(6) = 7 [pid 3634] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3620] <... ioctl resumed>) = 0 [pid 3620] close(3) = 0 [pid 3620] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3 [pid 3627] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3636] <... close resumed>) = 0 [pid 3627] exit_group(0 [pid 3636] memfd_create("syzkaller", 0 [pid 3627] <... exit_group resumed>) = ? [pid 3636] <... memfd_create resumed>) = 3 [pid 3627] +++ exited with 0 +++ [pid 3636] ftruncate(3, 0 [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3636] <... ftruncate resumed>) = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 3619] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3636] ioctl(4, LOOP_SET_FD, 3 [pid 3619] <... openat resumed>) = 3 [pid 3636] <... ioctl resumed>) = 0 [pid 3619] ioctl(3, LOOP_CLR_FD [pid 3636] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3636] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3636] pipe2([5, 6], 0) = 0 [pid 3636] dup(6) = 7 [pid 3636] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3628] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3628] exit_group(0) = ? [pid 3628] +++ exited with 0 +++ [pid 3616] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3628, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3616] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 3616] ioctl(3, LOOP_CLR_FD [pid 3619] <... ioctl resumed>) = 0 [pid 3619] close(3) = 0 [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3616] <... ioctl resumed>) = 0 [pid 3616] close(3) = 0 [pid 3637] close(3) = 0 [pid 3616] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3637] memfd_create("syzkaller", 0 [pid 3616] <... clone resumed>, child_tidptr=0x555556c84690) = 3638 [pid 3637] <... memfd_create resumed>) = 3 [pid 3637] ftruncate(3, 0) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3637] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3638 attached ) = 0 [pid 3637] mkdir("./file0", 0777 [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3637] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3638] <... prctl resumed>) = 0 [pid 3637] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3637] pipe2( [pid 3638] setpgid(0, 0 [pid 3637] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3638] <... setpgid resumed>) = 0 [pid 3637] dup(6) = 7 [pid 3637] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4) = 4 [pid 3638] close(3) = 0 [pid 3638] memfd_create("syzkaller", 0) = 3 [pid 3630] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3638] ftruncate(3, 0) = 0 [pid 3638] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3630] exit_group(0 [pid 3638] <... openat resumed>) = 4 [pid 3630] <... exit_group resumed>) = ? [pid 3638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3638] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3638] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3638] pipe2([5, 6], 0) = 0 [pid 3638] dup(6 [pid 3630] +++ exited with 0 +++ [pid 3638] <... dup resumed>) = 7 [pid 3618] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3630, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3638] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3618] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 3618] ioctl(3, LOOP_CLR_FD [pid 3632] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ [pid 3617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3617] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3617] ioctl(3, LOOP_CLR_FD [pid 3618] <... ioctl resumed>) = 0 [pid 3618] close(3) = 0 [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4 [pid 3617] <... ioctl resumed>) = 0 [pid 3639] <... write resumed>) = 4 [pid 3617] close(3 [pid 3639] close(3 [pid 3617] <... close resumed>) = 0 [pid 3639] <... close resumed>) = 0 [pid 3639] memfd_create("syzkaller", 0 [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3639] <... memfd_create resumed>) = 3 [pid 3639] ftruncate(3, 0) = 0 [pid 3617] <... clone resumed>, child_tidptr=0x555556c84690) = 3641 [pid 3639] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 3639] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 3641 attached ) = 0 [pid 3639] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3639] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3641] <... prctl resumed>) = 0 [pid 3639] pipe2( [pid 3641] setpgid(0, 0 [pid 3639] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3641] <... setpgid resumed>) = 0 [pid 3639] dup(6 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3639] <... dup resumed>) = 7 [pid 3636] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3641] <... openat resumed>) = 3 [pid 3639] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3636] exit_group(0 [pid 3641] write(3, "1000", 4 [pid 3636] <... exit_group resumed>) = ? [pid 3641] <... write resumed>) = 4 [pid 3636] +++ exited with 0 +++ [pid 3641] close(3) = 0 [pid 3620] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3641] memfd_create("syzkaller", 0 [pid 3620] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3641] <... memfd_create resumed>) = 3 [pid 3620] <... openat resumed>) = 3 [pid 3641] ftruncate(3, 0 [pid 3620] ioctl(3, LOOP_CLR_FD [pid 3641] <... ftruncate resumed>) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3641] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3641] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3641] pipe2([5, 6], 0) = 0 [pid 3641] dup(6) = 7 [pid 3641] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3634] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3634] exit_group(0) = ? [pid 3634] +++ exited with 0 +++ [pid 3620] <... ioctl resumed>) = 0 [pid 3620] close(3 [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3620] <... close resumed>) = 0 [pid 3615] restart_syscall(<... resuming interrupted clone ...> [pid 3620] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3615] <... restart_syscall resumed>) = 0 [pid 3620] <... clone resumed>, child_tidptr=0x555556c84690) = 3643 [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3615] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 3643 attached [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] ftruncate(3, 0) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 3643] ioctl(4, LOOP_SET_FD, 3 [pid 3615] <... ioctl resumed>) = 0 [pid 3643] <... ioctl resumed>) = 0 [pid 3615] close(3 [pid 3643] mkdir("./file0", 0777 [pid 3615] <... close resumed>) = 0 [pid 3643] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3643] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3643] pipe2( [pid 3615] <... clone resumed>, child_tidptr=0x555556c84690) = 3644 [pid 3643] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3643] dup(6) = 7 [pid 3643] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007,"./strace-static-x86_64: Process 3644 attached [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3637] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3644] memfd_create("syzkaller", 0 [pid 3637] exit_group(0 [pid 3644] <... memfd_create resumed>) = 3 [pid 3637] <... exit_group resumed>) = ? [pid 3644] ftruncate(3, 0) = 0 [pid 3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3637] +++ exited with 0 +++ [pid 3644] <... openat resumed>) = 4 [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3644] mkdir("./file0", 0777 [pid 3619] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3644] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3619] <... openat resumed>) = 3 [pid 3644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3619] ioctl(3, LOOP_CLR_FD [pid 3644] pipe2([5, 6], 0) = 0 [pid 3644] dup(6) = 7 [pid 3644] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3638] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3638] exit_group(0) = ? [pid 3619] <... ioctl resumed>) = 0 [pid 3619] close(3) = 0 [pid 3638] +++ exited with 0 +++ [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3619] <... clone resumed>, child_tidptr=0x555556c84690) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3645] setpgid(0, 0 [pid 3616] <... openat resumed>) = 3 [pid 3645] <... setpgid resumed>) = 0 [pid 3616] ioctl(3, LOOP_CLR_FD [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3 [pid 3639] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3645] <... close resumed>) = 0 [pid 3645] memfd_create("syzkaller", 0 [pid 3639] exit_group(0 [pid 3645] <... memfd_create resumed>) = 3 [pid 3639] <... exit_group resumed>) = ? [pid 3645] ftruncate(3, 0) = 0 [pid 3645] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 3645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] +++ exited with 0 +++ [pid 3645] mkdir("./file0", 0777 [pid 3618] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3645] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3645] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3645] pipe2([5, 6], 0) = 0 [pid 3618] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3645] dup(6 [pid 3616] <... ioctl resumed>) = 0 [pid 3645] <... dup resumed>) = 7 [pid 3618] <... openat resumed>) = 3 [pid 3645] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3618] ioctl(3, LOOP_CLR_FD [pid 3616] close(3) = 0 [pid 3641] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3616] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3641] exit_group(0) = ? [pid 3641] +++ exited with 0 +++ [pid 3617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3616] <... clone resumed>, child_tidptr=0x555556c84690) = 3646 [pid 3617] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3617] ioctl(3, LOOP_CLR_FD [pid 3618] <... ioctl resumed>) = 0 [pid 3618] close(3./strace-static-x86_64: Process 3646 attached ) = 0 [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] <... clone resumed>, child_tidptr=0x555556c84690) = 3647 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 3647 attached ) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3646] memfd_create("syzkaller", 0 [pid 3647] <... prctl resumed>) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3646] <... memfd_create resumed>) = 3 [pid 3617] <... ioctl resumed>) = 0 [pid 3617] close(3) = 0 [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c84690) = 3648 [pid 3647] close(3) = 0 [pid 3647] memfd_create("syzkaller", 0) = 3 [pid 3646] ftruncate(3, 0) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3643] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3646] <... openat resumed>) = 4 [pid 3647] ftruncate(3, 0 [pid 3646] ioctl(4, LOOP_SET_FD, 3 [pid 3643] exit_group(0 [pid 3647] <... ftruncate resumed>) = 0 [pid 3646] <... ioctl resumed>) = 0 [pid 3643] <... exit_group resumed>) = ? [pid 3647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3646] mkdir("./file0", 0777 [pid 3643] +++ exited with 0 +++ [pid 3647] <... openat resumed>) = 4 [pid 3646] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3620] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3647] ioctl(4, LOOP_SET_FD, 3 [pid 3646] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3646] pipe2( [pid 3647] <... ioctl resumed>) = 0 [pid 3646] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3647] mkdir("./file0", 0777 [pid 3646] dup(6 [pid 3647] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3646] <... dup resumed>) = 7 ./strace-static-x86_64: Process 3648 attached [pid 3647] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3646] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3647] pipe2( [pid 3620] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3647] <... pipe2 resumed>[5, 6], 0) = 0 [pid 3620] <... openat resumed>) = 3 [pid 3648] <... prctl resumed>) = 0 [pid 3647] dup(6 [pid 3644] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3647] <... dup resumed>) = 7 [pid 3647] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000007," [pid 3620] ioctl(3, LOOP_CLR_FD [pid 3648] setpgid(0, 0 [pid 3644] exit_group(0 [pid 3648] <... setpgid resumed>) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3644] <... exit_group resumed>) = ? [pid 3648] <... openat resumed>) = 3 [pid 3644] +++ exited with 0 +++ [pid 3648] write(3, "1000", 4) = 4 [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3648] close(3 [pid 3615] restart_syscall(<... resuming interrupted clone ...> [pid 3648] <... close resumed>) = 0 [pid 3615] <... restart_syscall resumed>) = 0 [pid 3648] memfd_create("syzkaller", 0) = 3 [pid 3648] ftruncate(3, 0) = 0 [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3648] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3645] <... mount resumed>) = -1 EFAULT (Bad address) [pid 3615] <... openat resumed>) = 3 [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ [pid 3648] ioctl(4, LOOP_SET_FD, 3 [pid 3619] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3619] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 3619] ioctl(3, LOOP_CLR_FD syzkaller login: [ 51.159845][ T3646] ================================================================== [ 51.167946][ T3646] BUG: KASAN: use-after-free in __kernfs_remove+0xf2d/0x1180 [ 51.175364][ T3646] Read of size 2 at addr ffff8881456ee098 by task syz-executor619/3646 [ 51.183614][ T3646] [ 51.185945][ T3646] CPU: 1 PID: 3646 Comm: syz-executor619 Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 51.196369][ T3646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 51.206431][ T3646] Call Trace: [ 51.209716][ T3646] [ 51.212651][ T3646] dump_stack_lvl+0x1e3/0x2cb [ 51.217341][ T3646] ? io_alloc_page_table+0x110/0x110 [ 51.222613][ T3646] ? _printk+0xcf/0x10f [ 51.226759][ T3646] ? __wake_up_klogd+0xd6/0x100 [ 51.231685][ T3646] ? __wake_up_klogd+0xcd/0x100 [ 51.236522][ T3646] ? panic+0x76b/0x76b [ 51.240578][ T3646] ? _printk+0xcf/0x10f [ 51.244720][ T3646] print_address_description+0x65/0x4b0 [ 51.250256][ T3646] print_report+0x108/0x220 [ 51.254749][ T3646] ? kernfs_put+0x340/0x490 [ 51.259240][ T3646] ? kmem_cache_free+0x95/0x1d0 [ 51.264078][ T3646] ? __kernfs_remove+0xf2d/0x1180 [ 51.269093][ T3646] kasan_report+0xfb/0x130 [ 51.273500][ T3646] ? __kernfs_remove+0xf2d/0x1180 [ 51.278519][ T3646] __kernfs_remove+0xf2d/0x1180 [ 51.283359][ T3646] ? kernfs_iop_rename+0x7d0/0x7d0 [ 51.288462][ T3646] ? kernfs_find_ns+0x4d6/0x550 [ 51.293300][ T3646] kernfs_remove_by_name_ns+0x96/0xe0 [ 51.298661][ T3646] sysfs_slab_add+0x54/0x2a0 [ 51.303239][ T3646] __kmem_cache_create+0x34/0x170 [ 51.308252][ T3646] kmem_cache_create_usercopy+0x1a6/0x340 [ 51.313962][ T3646] p9_client_create+0xbbe/0x1030 [ 51.318895][ T3646] ? do_trace_9p_fid_put+0x20/0x20 [ 51.323995][ T3646] ? lockdep_softirqs_off+0x420/0x420 [ 51.329355][ T3646] ? __raw_spin_lock_init+0x41/0x100 [ 51.334625][ T3646] v9fs_session_init+0x1e3/0x1990 [ 51.339643][ T3646] ? v9fs_show_options+0x600/0x600 [ 51.344743][ T3646] ? kmem_cache_alloc_trace+0x97/0x310 [ 51.350186][ T3646] ? v9fs_mount+0xae/0xcb0 [ 51.354593][ T3646] v9fs_mount+0xd2/0xcb0 [ 51.358823][ T3646] ? xfs_fs_commit_blocks+0x8d0/0x8d0 [ 51.364188][ T3646] ? legacy_init_fs_context+0x4d/0xb0 [ 51.369548][ T3646] ? smack_sb_eat_lsm_opts+0x3cd/0x990 [ 51.374994][ T3646] ? cap_capable+0x1b5/0x250 [ 51.379574][ T3646] legacy_get_tree+0xea/0x180 [ 51.384238][ T3646] ? xfs_fs_commit_blocks+0x8d0/0x8d0 [ 51.389601][ T3646] vfs_get_tree+0x88/0x270 [ 51.394005][ T3646] do_new_mount+0x289/0xad0 [ 51.398497][ T3646] ? do_move_mount_old+0x160/0x160 [ 51.403598][ T3646] ? user_path_at_empty+0x149/0x1a0 [ 51.408786][ T3646] __se_sys_mount+0x2e3/0x3d0 [ 51.413458][ T3646] ? __x64_sys_mount+0xc0/0xc0 [ 51.418212][ T3646] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 51.424183][ T3646] ? __x64_sys_mount+0x1c/0xc0 [ 51.428932][ T3646] do_syscall_64+0x2b/0x70 [ 51.433333][ T3646] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.439214][ T3646] RIP: 0033:0x7fb782fc70b9 [ 51.443617][ T3646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.463207][ T3646] RSP: 002b:00007ffede7f6e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.471609][ T3646] RAX: ffffffffffffffda RBX: 00007ffede7f6e50 RCX: 00007fb782fc70b9 [ 51.479569][ T3646] RDX: 00000000200001c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 51.487525][ T3646] RBP: 0000000000000000 R08: 0000000020000300 R09: 000000000000c567 [ 51.495520][ T3646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000f4240 [ 51.503476][ T3646] R13: 000000000000c567 R14: 00007ffede7f6e3c R15: 00007ffede7f6e40 [ 51.511612][ T3646] [ 51.514621][ T3646] [ 51.516928][ T3646] Allocated by task 3645: [ 51.521235][ T3646] __kasan_slab_alloc+0xb2/0xe0 [ 51.526071][ T3646] kmem_cache_alloc+0x1a6/0x310 [ 51.530910][ T3646] __kernfs_new_node+0xdb/0x730 [ 51.535748][ T3646] kernfs_create_dir_ns+0x90/0x220 [ 51.540861][ T3646] sysfs_create_dir_ns+0x181/0x390 [ 51.545959][ T3646] kobject_add_internal+0x6dd/0xd10 [ 51.551153][ T3646] kobject_init_and_add+0x123/0x190 [ 51.556333][ T3646] sysfs_slab_add+0x80/0x2a0 [ 51.560912][ T3646] __kmem_cache_create+0x34/0x170 [ 51.565925][ T3646] kmem_cache_create_usercopy+0x1a6/0x340 [ 51.571631][ T3646] p9_client_create+0xbbe/0x1030 [ 51.576553][ T3646] v9fs_session_init+0x1e3/0x1990 [ 51.581561][ T3646] v9fs_mount+0xd2/0xcb0 [ 51.585790][ T3646] legacy_get_tree+0xea/0x180 [ 51.590454][ T3646] vfs_get_tree+0x88/0x270 [ 51.594855][ T3646] do_new_mount+0x289/0xad0 [ 51.599343][ T3646] __se_sys_mount+0x2e3/0x3d0 [ 51.604001][ T3646] do_syscall_64+0x2b/0x70 [ 51.608405][ T3646] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.614284][ T3646] [ 51.616593][ T3646] Freed by task 3646: [ 51.620555][ T3646] kasan_set_track+0x4c/0x70 [ 51.625127][ T3646] kasan_set_free_info+0x1f/0x40 [ 51.630048][ T3646] ____kasan_slab_free+0xd8/0x120 [ 51.635066][ T3646] slab_free_freelist_hook+0x12e/0x1a0 [ 51.640516][ T3646] kmem_cache_free+0x95/0x1d0 [ 51.645180][ T3646] kernfs_put+0x340/0x490 [ 51.649502][ T3646] __kernfs_remove+0xec0/0x1180 [ 51.654337][ T3646] kernfs_remove_by_name_ns+0x96/0xe0 [ 51.659696][ T3646] sysfs_slab_add+0x54/0x2a0 [ 51.664270][ T3646] __kmem_cache_create+0x34/0x170 [ 51.669289][ T3646] kmem_cache_create_usercopy+0x1a6/0x340 [ 51.674996][ T3646] p9_client_create+0xbbe/0x1030 [ 51.679920][ T3646] v9fs_session_init+0x1e3/0x1990 [ 51.685015][ T3646] v9fs_mount+0xd2/0xcb0 [ 51.689243][ T3646] legacy_get_tree+0xea/0x180 [ 51.693906][ T3646] vfs_get_tree+0x88/0x270 [ 51.698306][ T3646] do_new_mount+0x289/0xad0 [ 51.702792][ T3646] __se_sys_mount+0x2e3/0x3d0 [ 51.707456][ T3646] do_syscall_64+0x2b/0x70 [ 51.711859][ T3646] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.717743][ T3646] [ 51.720050][ T3646] The buggy address belongs to the object at ffff8881456ee000 [ 51.720050][ T3646] which belongs to the cache kernfs_node_cache of size 168 [ 51.734607][ T3646] The buggy address is located 152 bytes inside of [ 51.734607][ T3646] 168-byte region [ffff8881456ee000, ffff8881456ee0a8) [ 51.747869][ T3646] [ 51.750178][ T3646] The buggy address belongs to the physical page: [ 51.756572][ T3646] page:ffffea000515bb80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1456ee [ 51.766789][ T3646] flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff) [ 51.774408][ T3646] raw: 057ff00000000200 ffffea000515bc00 dead000000000003 ffff8880121dbc80 [ 51.782976][ T3646] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 51.791538][ T3646] page dumped because: kasan: bad access detected [ 51.797931][ T3646] page_owner tracks the page as allocated [ 51.803626][ T3646] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 2137211527, free_ts 0 [ 51.820191][ T3646] get_page_from_freelist+0x72b/0x7a0 [ 51.825550][ T3646] __alloc_pages+0x259/0x560 [ 51.830122][ T3646] alloc_page_interleave+0x22/0x1c0 [ 51.835304][ T3646] alloc_slab_page+0x70/0xf0 [ 51.839878][ T3646] allocate_slab+0x5e/0x520 [ 51.844365][ T3646] ___slab_alloc+0x42e/0xce0 [ 51.848942][ T3646] kmem_cache_alloc+0x25d/0x310 [ 51.853776][ T3646] __kernfs_new_node+0xdb/0x730 [ 51.858611][ T3646] kernfs_new_node+0x95/0x160 [ 51.863273][ T3646] __kernfs_create_file+0x45/0x2e0 [ 51.868367][ T3646] sysfs_add_file_mode_ns+0x21d/0x330 [ 51.873725][ T3646] internal_create_group+0x55c/0xf50 [ 51.878993][ T3646] kernel_add_sysfs_param+0xe8/0x126 [ 51.884264][ T3646] param_sysfs_builtin+0x16a/0x1e2 [ 51.889361][ T3646] param_sysfs_init+0x68/0x6c [ 51.894022][ T3646] do_one_initcall+0xbd/0x2b0 [ 51.898684][ T3646] page_owner free stack trace missing [ 51.904028][ T3646] [ 51.906334][ T3646] Memory state around the buggy address: [ 51.911943][ T3646] ffff8881456edf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.919989][ T3646] ffff8881456ee000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.928041][ T3646] >ffff8881456ee080: fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 [ 51.936079][ T3646] ^ [ 51.940908][ T3646] ffff8881456ee100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.949039][ T3646] ffff8881456ee180: 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 51.957077][ T3646] ================================================================== [ 51.965927][ T3646] Kernel panic - not syncing: panic_on_warn set ... [ 51.972545][ T3646] CPU: 0 PID: 3646 Comm: syz-executor619 Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 51.982944][ T3646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 51.992983][ T3646] Call Trace: [ 51.996251][ T3646] [ 51.999168][ T3646] dump_stack_lvl+0x1e3/0x2cb [ 52.003837][ T3646] ? io_alloc_page_table+0x110/0x110 [ 52.009109][ T3646] ? panic+0x76b/0x76b [ 52.013168][ T3646] ? preempt_schedule_common+0xb7/0xe0 [ 52.018621][ T3646] ? preempt_schedule+0xd9/0xe0 [ 52.023542][ T3646] ? vscnprintf+0x59/0x80 [ 52.027861][ T3646] panic+0x316/0x76b [ 52.031743][ T3646] ? fb_is_primary_device+0xcc/0xcc [ 52.036928][ T3646] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 52.042899][ T3646] ? __kernfs_remove+0xf2d/0x1180 [ 52.047913][ T3646] end_report+0x91/0xa0 [ 52.052061][ T3646] kasan_report+0x108/0x130 [ 52.056551][ T3646] ? __kernfs_remove+0xf2d/0x1180 [ 52.061565][ T3646] __kernfs_remove+0xf2d/0x1180 [ 52.066406][ T3646] ? kernfs_iop_rename+0x7d0/0x7d0 [ 52.071508][ T3646] ? kernfs_find_ns+0x4d6/0x550 [ 52.076350][ T3646] kernfs_remove_by_name_ns+0x96/0xe0 [ 52.081708][ T3646] sysfs_slab_add+0x54/0x2a0 [ 52.086287][ T3646] __kmem_cache_create+0x34/0x170 [ 52.091299][ T3646] kmem_cache_create_usercopy+0x1a6/0x340 [ 52.097016][ T3646] p9_client_create+0xbbe/0x1030 [ 52.101944][ T3646] ? do_trace_9p_fid_put+0x20/0x20 [ 52.107039][ T3646] ? lockdep_softirqs_off+0x420/0x420 [ 52.112402][ T3646] ? __raw_spin_lock_init+0x41/0x100 [ 52.117676][ T3646] v9fs_session_init+0x1e3/0x1990 [ 52.122697][ T3646] ? v9fs_show_options+0x600/0x600 [ 52.127798][ T3646] ? kmem_cache_alloc_trace+0x97/0x310 [ 52.133300][ T3646] ? v9fs_mount+0xae/0xcb0 [ 52.137707][ T3646] v9fs_mount+0xd2/0xcb0 [ 52.141939][ T3646] ? xfs_fs_commit_blocks+0x8d0/0x8d0 [ 52.147297][ T3646] ? legacy_init_fs_context+0x4d/0xb0 [ 52.152746][ T3646] ? smack_sb_eat_lsm_opts+0x3cd/0x990 [ 52.158195][ T3646] ? cap_capable+0x1b5/0x250 [ 52.162778][ T3646] legacy_get_tree+0xea/0x180 [ 52.167441][ T3646] ? xfs_fs_commit_blocks+0x8d0/0x8d0 [ 52.172800][ T3646] vfs_get_tree+0x88/0x270 [ 52.177204][ T3646] do_new_mount+0x289/0xad0 [ 52.181696][ T3646] ? do_move_mount_old+0x160/0x160 [ 52.186794][ T3646] ? user_path_at_empty+0x149/0x1a0 [ 52.191981][ T3646] __se_sys_mount+0x2e3/0x3d0 [ 52.196646][ T3646] ? __x64_sys_mount+0xc0/0xc0 [ 52.201395][ T3646] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 52.207362][ T3646] ? __x64_sys_mount+0x1c/0xc0 [ 52.212113][ T3646] do_syscall_64+0x2b/0x70 [ 52.216517][ T3646] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.222396][ T3646] RIP: 0033:0x7fb782fc70b9 [ 52.226803][ T3646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.246408][ T3646] RSP: 002b:00007ffede7f6e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.254819][ T3646] RAX: ffffffffffffffda RBX: 00007ffede7f6e50 RCX: 00007fb782fc70b9 [ 52.262778][ T3646] RDX: 00000000200001c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 52.270737][ T3646] RBP: 0000000000000000 R08: 0000000020000300 R09: 000000000000c567 [ 52.278697][ T3646] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000f4240 [ 52.286655][ T3646] R13: 000000000000c567 R14: 00007ffede7f6e3c R15: 00007ffede7f6e40 [ 52.294625][ T3646] [ 52.297821][ T3646] Kernel Offset: disabled [ 52.302134][ T3646] Rebooting in 86400 seconds..