./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor286941811 <...> Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts. execve("./syz-executor286941811", ["./syz-executor286941811"], 0x7ffc82962600 /* 10 vars */) = 0 brk(NULL) = 0x555555b07000 brk(0x555555b07d00) = 0x555555b07d00 arch_prctl(ARCH_SET_FS, 0x555555b07380) = 0 set_tid_address(0x555555b07650) = 286 set_robust_list(0x555555b07660, 24) = 0 rseq(0x555555b07ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor286941811", 4096) = 27 getrandom("\xe5\x37\x8a\xd3\x79\x4a\xb5\xa6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555b07d00 brk(0x555555b28d00) = 0x555555b28d00 brk(0x555555b29000) = 0x555555b29000 mprotect(0x7f7f61631000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 287 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 288 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 289 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 290 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 291 ./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x555555b07660, 24) = 0 [pid 291] unshare(CLONE_NEWPID./strace-static-x86_64: Process 287 attached ) = 0 [pid 287] set_robust_list(0x555555b07660, 24) = 0 [pid 287] unshare(CLONE_NEWPID) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... clone resumed>, child_tidptr=0x555555b07650) = 292 [pid 291] <... clone resumed>, child_tidptr=0x555555b07650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555555b07660, 24) = 0 [pid 293] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 288 attached ./strace-static-x86_64: Process 290 attached ./strace-static-x86_64: Process 292 attached ./strace-static-x86_64: Process 289 attached [pid 288] set_robust_list(0x555555b07660, 24 [pid 290] set_robust_list(0x555555b07660, 24 [pid 288] <... set_robust_list resumed>) = 0 [pid 290] <... set_robust_list resumed>) = 0 [pid 289] set_robust_list(0x555555b07660, 24) = 0 [pid 288] unshare(CLONE_NEWPID [pid 290] unshare(CLONE_NEWPID [pid 289] unshare(CLONE_NEWPID [pid 288] <... unshare resumed>) = 0 [pid 292] set_robust_list(0x555555b07660, 24 [pid 290] <... unshare resumed>) = 0 [pid 289] <... unshare resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555555b07650) = 294 [pid 293] setsid() = 1 [pid 293] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 290] <... clone resumed>, child_tidptr=0x555555b07650) = 295 [pid 289] <... clone resumed>, child_tidptr=0x555555b07650) = 296 [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 293] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 293] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 293] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 293] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 293] unshare(CLONE_NEWNS) = 0 [pid 293] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 293] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 293] unshare(CLONE_NEWCGROUP) = 0 [pid 293] unshare(CLONE_NEWUTS) = 0 [pid 293] unshare(CLONE_SYSVSEM) = 0 [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 293] getpid() = 1 [pid 293] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 294] set_robust_list(0x555555b07660, 24) = 0 [pid 294] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setsid() = 1 [pid 294] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 294] unshare(CLONE_NEWNS) = 0 [pid 294] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 294] unshare(CLONE_NEWCGROUP) = 0 [pid 294] unshare(CLONE_NEWUTS) = 0 [pid 294] unshare(CLONE_SYSVSEM) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 294] getpid() = 1 [pid 294] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 292] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 296 attached [pid 292] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL./strace-static-x86_64: Process 295 attached [pid 296] set_robust_list(0x555555b07660, 24) = 0 [pid 292] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 295] set_robust_list(0x555555b07660, 24 [pid 296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 295] <... set_robust_list resumed>) = 0 [ 21.101757][ T24] audit: type=1400 audit(1713088380.170:66): avc: denied { execmem } for pid=286 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.105952][ T24] audit: type=1400 audit(1713088380.170:67): avc: denied { mounton } for pid=286 comm="syz-executor286" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.111697][ T24] audit: type=1400 audit(1713088380.180:68): avc: denied { mount } for pid=286 comm="syz-executor286" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.122389][ T24] audit: type=1400 audit(1713088380.190:69): avc: denied { mounton } for pid=293 comm="syz-executor286" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] <... unshare resumed>) = 0 [pid 296] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setsid() = 1 [pid 296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 295] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 296] unshare(CLONE_NEWNS) = 0 [pid 296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 295] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 292] <... prctl resumed>) = 0 [pid 296] <... mount resumed>) = 0 [pid 296] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 296] unshare(CLONE_NEWCGROUP) = 0 [pid 296] unshare(CLONE_NEWUTS) = 0 [pid 296] unshare(CLONE_SYSVSEM) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] getpid() = 1 [pid 296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 293] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "0 65535", 7) = 7 [pid 293] close(3) = 0 [pid 293] mkdir("/dev/binderfs", 0777) = 0 [pid 293] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 2 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] <... unshare resumed>) = 0 [ 21.147476][ T24] audit: type=1400 audit(1713088380.190:70): avc: denied { mount } for pid=293 comm="syz-executor286" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 21.170727][ T24] audit: type=1400 audit(1713088380.190:71): avc: denied { mounton } for pid=293 comm="syz-executor286" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 292] setsid( [pid 294] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 297 attached [pid 296] <... unshare resumed>) = 0 [pid 295] <... prctl resumed>) = 0 [pid 292] <... setsid resumed>) = 1 [pid 295] setsid( [pid 292] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 295] <... setsid resumed>) = 1 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 292] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 292] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 292] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 292] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 292] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 292] unshare(CLONE_NEWNS [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 292] <... unshare resumed>) = 0 [pid 295] unshare(CLONE_NEWNS [pid 292] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 295] <... unshare resumed>) = 0 [pid 292] <... mount resumed>) = 0 [pid 295] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 294] <... openat resumed>) = 3 [pid 292] unshare(CLONE_NEWIPC [pid 295] <... mount resumed>) = 0 [pid 292] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 295] unshare(CLONE_NEWIPC [pid 294] write(3, "0 65535", 7 [pid 292] unshare(CLONE_NEWCGROUP [pid 295] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... write resumed>) = 7 [pid 292] <... unshare resumed>) = 0 [pid 295] unshare(CLONE_NEWCGROUP [pid 294] close(3 [pid 292] unshare(CLONE_NEWUTS [pid 295] <... unshare resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 292] <... unshare resumed>) = 0 [pid 295] unshare(CLONE_NEWUTS [pid 294] mkdir("/dev/binderfs", 0777 [pid 292] unshare(CLONE_SYSVSEM [pid 295] <... unshare resumed>) = 0 [pid 294] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 292] <... unshare resumed>) = 0 [pid 295] unshare(CLONE_SYSVSEM [pid 294] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 295] <... unshare resumed>) = 0 [pid 294] <... mount resumed>) = 0 [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 294] symlink("/dev/binderfs", "./binderfs" [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 294] <... symlink resumed>) = -1 EEXIST (File exists) [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 294] <... clone resumed>, child_tidptr=0x555555b07650) = 2 [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) ./strace-static-x86_64: Process 298 attached [pid 297] set_robust_list(0x555555b07660, 24 [pid 298] set_robust_list(0x555555b07660, 24 [pid 297] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] <... prctl resumed>) = 0 [pid 298] setpgid(0, 0 [pid 297] setpgid(0, 0 [pid 298] <... setpgid resumed>) = 0 [pid 297] <... setpgid resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument) [pid 297] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address) [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 297] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument) [pid 298] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address) [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 298] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 297] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 298] bpf(BPF_MAP_CREATE, NULL, 0 [pid 297] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 298] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 292] getpid( [pid 296] write(3, "0 65535", 7 [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... getpid resumed>) = 1 [pid 296] <... write resumed>) = 7 [pid 295] getpid( [pid 292] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 296] close(3 [pid 295] <... getpid resumed>) = 1 [pid 292] <... capget resumed>{effective=1<) = 0 [pid 295] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 292] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] mkdir("/dev/binderfs", 0777 [pid 295] <... capget resumed>{effective=1<) = 0 [pid 298] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16 [pid 296] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 295] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 292] unshare(CLONE_NEWNET [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16 [pid 296] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 295] <... capset resumed>) = 0 [pid 298] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 296] <... mount resumed>) = 0 [pid 295] unshare(CLONE_NEWNET [pid 298] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP [ 21.192947][ T24] audit: type=1400 audit(1713088380.250:72): avc: denied { mounton } for pid=293 comm="syz-executor286" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 21.215807][ T24] audit: type=1400 audit(1713088380.250:73): avc: denied { mount } for pid=293 comm="syz-executor286" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 298] <... socket resumed>) = 4 [pid 296] <... symlink resumed>) = -1 EEXIST (File exists) [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... bpf resumed>) = 5 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 296] <... clone resumed>, child_tidptr=0x555555b07650) = 2 ./strace-static-x86_64: Process 299 attached [pid 297] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 299] set_robust_list(0x555555b07660, 24 [pid 297] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP [pid 299] <... set_robust_list resumed>) = 0 [pid 297] <... socket resumed>) = 4 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 299] <... prctl resumed>) = 0 [pid 297] <... bpf resumed>) = 5 [pid 299] setpgid(0, 0 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 299] <... setpgid resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument) [pid 299] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address) [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 299] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 299] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 299] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 295] <... unshare resumed>) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "0 65535", 7) = 7 [pid 295] close(3) = 0 [pid 295] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 295] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = -1 EEXIST (File exists) [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b07650) = 2 [pid 292] <... unshare resumed>) = 0 [pid 292] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "0 65535", 7) = 7 [pid 292] close(3) = 0 [pid 292] mkdir("/dev/binderfs", 0777./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555555b07660, 24) = 0 [pid 292] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 292] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3 [pid 292] <... mount resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument) [pid 292] symlink("/dev/binderfs", "./binderfs" [pid 300] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address) [pid 292] <... symlink resumed>) = -1 EEXIST (File exists) [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 292] <... clone resumed>, child_tidptr=0x555555b07650) = 2 [ 21.238658][ T24] audit: type=1400 audit(1713088380.280:74): avc: denied { map_create } for pid=297 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 21.258092][ T24] audit: type=1400 audit(1713088380.280:75): avc: denied { prog_load } for pid=297 comm="syz-executor286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 300] <... openat resumed>) = 3 [pid 300] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 300] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555555b07660, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_DEVMAP, key_size=1, value_size=6, max_entries=4096, map_flags=BPF_F_ZERO_SEED, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=4, btf_value_type_id=0, btf_vmlinux_value_type_id=4, map_extra=0}, 72) = -1 EINVAL (Invalid argument) [pid 301] bpf(BPF_PROG_LOAD, NULL, 0) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_da_reserve_space", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 301] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 301] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=11, insns=NULL, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 301] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_HASH, key_size=1, value_size=8, max_entries=8, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 5 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000180, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] <... bpf resumed>) = 6 [pid 301] <... bpf resumed>) = 6 [pid 300] <... bpf resumed>) = 6 [pid 299] <... bpf resumed>) = 6 [pid 298] <... bpf resumed>) = 6 [pid 297] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 [pid 300] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 [pid 299] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 [pid 298] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 [pid 297] <... bpf resumed>) = 0 [pid 300] <... bpf resumed>) = 0 [pid 299] <... bpf resumed>) = 0 [pid 298] <... bpf resumed>) = 0 [pid 297] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 [pid 300] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 [pid 299] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 [pid 298] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 [pid 297] <... bpf resumed>) = -1 ENOENT (No such file or directory) [pid 300] <... bpf resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... bpf resumed>) = -1 ENOENT (No such file or directory) [pid 298] <... bpf resumed>) = -1 ENOENT (No such file or directory) [pid 297] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 [pid 301] bpf(BPF_MAP_UPDATE_ELEM, {map_fd=5, key=0x20000500, value=0x20000540, flags=BPF_ANY}, 32 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 [pid 297] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 300] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 299] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 298] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 297] clock_gettime(CLOCK_REALTIME, [pid 300] clock_gettime(CLOCK_REALTIME, [pid 299] clock_gettime(CLOCK_REALTIME, [pid 298] clock_gettime(CLOCK_REALTIME, [pid 297] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address) [pid 300] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address) [pid 299] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address) [pid 298] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address) [pid 297] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 300] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 299] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 298] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 297] <... socket resumed>) = 7 [pid 300] <... socket resumed>) = 7 [pid 299] <... socket resumed>) = 7 [pid 298] <... socket resumed>) = 7 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 301] <... bpf resumed>) = 0 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 297] <... bpf resumed>) = 8 [pid 301] bpf(BPF_BTF_GET_FD_BY_ID, {btf_id=0}, 4 [pid 300] <... bpf resumed>) = 8 [pid 299] <... bpf resumed>) = 8 [pid 298] <... bpf resumed>) = 8 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 [pid 301] <... bpf resumed>) = -1 ENOENT (No such file or directory) [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 [pid 297] <... bpf resumed>) = 9 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=0x20 /* BPF_PROG_TYPE_??? */, insn_cnt=15, insns=NULL, license="syzkaller", log_level=256, log_size=4096, log_buf="", kern_version=KERNEL_VERSION(4, 15, 0), prog_flags=0x40 /* BPF_F_??? */, prog_name="", prog_ifindex=0, expected_attach_type=BPF_SK_SKB_STREAM_VERDICT, prog_btf_fd=-1, func_info_rec_size=8, func_info=0x20000300, func_info_cnt=8, line_info_rec_size=16, line_info=0x20000340, line_info_cnt=16, attach_btf_id=0, attach_prog_fd=-1, fd_array=NULL, ...}, 144 [pid 300] <... bpf resumed>) = 9 [pid 301] <... bpf resumed>) = -1 E2BIG (Argument list too long) [pid 300] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 [pid 299] <... bpf resumed>) = 9 [pid 297] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 [pid 301] clock_gettime(CLOCK_REALTIME, [pid 300] <... sendto resumed>) = -1 EADDRNOTAVAIL (Cannot assign requested address) [pid 299] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 [pid 298] <... bpf resumed>) = 9 [pid 301] <... clock_gettime resumed>NULL) = -1 EFAULT (Bad address) [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 297] <... sendto resumed>) = -1 EADDRNOTAVAIL (Cannot assign requested address) [pid 299] <... sendto resumed>) = -1 EADDRNOTAVAIL (Cannot assign requested address) [pid 298] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 [pid 300] <... bpf resumed>) = 10 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 301] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 300] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] <... sendto resumed>) = -1 EADDRNOTAVAIL (Cannot assign requested address) [pid 301] <... socket resumed>) = 7 [pid 299] <... bpf resumed>) = 10 [pid 297] <... bpf resumed>) = 10 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=5, insns=0x20000000, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 300] <... bpf resumed>) = 11 [pid 301] <... bpf resumed>) = 8 [pid 299] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 297] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="fib6_table_lookup", prog_fd=8}}, 16 [pid 299] <... bpf resumed>) = 11 [pid 297] <... bpf resumed>) = 11 [pid 300] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 301] <... bpf resumed>) = 9 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 [pid 299] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 297] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] sendto(7, NULL, 1476, 0, {sa_family=AF_INET6, sin6_port=htons(20004), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "fe80::aa", &sin6_addr), sin6_scope_id=0}, 28 [pid 300] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 299] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 298] <... bpf resumed>) = 10 [pid 297] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 301] <... sendto resumed>) = -1 EADDRNOTAVAIL (Cannot assign requested address) [pid 300] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 [pid 298] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128 [pid 300] <... openat resumed>) = 12 [pid 299] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 298] <... bpf resumed>) = 11 [pid 297] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 301] <... bpf resumed>) = 10 [pid 300] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 [pid 299] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 297] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_PERCPU_ARRAY, key_size=4, value_size=7, max_entries=4, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 300] <... ioctl resumed>) = 0 [pid 299] <... openat resumed>) = 12 [pid 297] <... openat resumed>) = 12 [pid 298] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 301] <... bpf resumed>) = 11 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 [pid 299] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 [pid 298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 [pid 297] ioctl(12, _IOC(_IOC_WRITE, 0x58, 0x2b, 0x30), 0x20000280 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=20, insns=0x200002c0, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 300] <... bpf resumed>) = 13 [pid 299] <... ioctl resumed>) = 0 [pid 298] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 297] <... ioctl resumed>) = 0 [pid 301] <... bpf resumed>) = -1 EFAULT (Bad address) [pid 300] close(3 [pid 299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 [pid 298] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=10}}, 16 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="ext4_ext_remove_space_done", prog_fd=-1}}, 16 [pid 300] <... close resumed>) = 0 [pid 299] <... bpf resumed>) = 13 [pid 297] <... bpf resumed>) = 13 [pid 301] <... bpf resumed>) = -1 EBADF (Bad file descriptor) [pid 300] close(4 [pid 299] close(3 [pid 298] <... openat resumed>) = 12 [pid 297] close(3 [pid 301] openat(AT_FDCWD, "blkio.bfq.sectors_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] <... close resumed>) = 0 [ 23.483888][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000008 [ 23.492218][ T1] CPU: 1 PID: 1 Comm: init Not tainted 5.10.209-syzkaller-00002-g4e1bc8d8e8ae #0 [ 23.501152][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 23.511036][ T1] Call Trace: [ 23.514186][ T1] dump_stack_lvl+0x1e2/0x24b [ 23.518701][ T1] ? panic+0x22b/0x80b [ 23.522591][ T1] ? bfq_pos_tree_add_move+0x43b/0x43b [ 23.527889][ T1] dump_stack+0x15/0x17 [ 23.531870][ T1] panic+0x2cf/0x80b [ 23.535603][ T1] ? do_exit+0x239a/0x2a50 [ 23.539860][ T1] ? fb_is_primary_device+0xd4/0xd4 [ 23.544894][ T1] ? __kasan_check_write+0x14/0x20 [ 23.549842][ T1] ? sync_mm_rss+0x28a/0x2e0 [ 23.554264][ T1] do_exit+0x23b4/0x2a50 [ 23.558347][ T1] ? sched_group_set_shares+0x490/0x490 [ 23.563725][ T1] ? put_task_struct+0x80/0x80 [ 23.568325][ T1] ? schedule+0x154/0x1d0 [ 23.572490][ T1] ? schedule_timeout+0xa9/0x360 [ 23.577265][ T1] ? __kasan_check_write+0x14/0x20 [ 23.582210][ T1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.587160][ T1] do_group_exit+0x141/0x310 [ 23.591592][ T1] get_signal+0x10a0/0x1410 [ 23.595928][ T1] arch_do_signal_or_restart+0xbd/0x17c0 [ 23.601394][ T1] ? put_pid+0xd7/0x110 [ 23.605381][ T1] ? kernel_clone+0x6ca/0x9e0 [ 23.609897][ T1] ? create_io_thread+0x1e0/0x1e0 [ 23.614756][ T1] ? get_timespec64+0x197/0x270 [ 23.619452][ T1] ? timespec64_add_safe+0x220/0x220 [ 23.624570][ T1] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 23.629859][ T1] ? __do_sys_vfork+0xcd/0x130 [ 23.634494][ T1] exit_to_user_mode_loop+0x9b/0xd0 [ 23.639499][ T1] syscall_exit_to_user_mode+0xc5/0x1d0 [ 23.644880][ T1] do_syscall_64+0x40/0x70 [ 23.649130][ T1] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 23.654854][ T1] RIP: 0033:0x7fad78798a68 [ 23.659109][ T1] Code: 00 48 8d b8 e0 02 00 00 48 89 b8 d8 02 00 00 48 89 b8 e0 02 00 00 b8 11 01 00 00 0f 05 44 89 c0 c3 90 5f b8 3a 00 00 00 0f 05 <57> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 90 43 0f 00 f7 d8 64 89 01 48 [ 23.678551][ T1] RSP: 002b:00007ffd3e2bad60 EFLAGS: 00000246 ORIG_RAX: 000000000000003a [ 23.686792][ T1] RAX: 00000000000001d2 RBX: 00005600744e6a50 RCX: 00007fad78798a68 [ 23.694607][ T1] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00007fad78923bed [ 23.702414][ T1] RBP: 00007fad7895e528 R08: 0000000000000007 R09: f0cf2b833acb486c [ 23.710224][ T1] R10: 00007ffd3e2bada0 R11: 0000000000000246 R12: 0000000000000000 [ 23.718038][ T1] R13: 0000000000000018 R14: 0000560073205169 R15: 00007fad7898fa80 [ 23.726057][ T1] Kernel Offset: disabled [ 23.730185][ T1] Rebooting in 86400 seconds..