./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1672122523 <...> Warning: Permanently added '10.128.1.142' (ECDSA) to the list of known hosts. execve("./syz-executor1672122523", ["./syz-executor1672122523"], 0x7ffede118180 /* 10 vars */) = 0 brk(NULL) = 0x555556250000 brk(0x555556250c40) = 0x555556250c40 arch_prctl(ARCH_SET_FS, 0x555556250300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555562505d0) = 304 set_robust_list(0x5555562505e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fbdd1f1a520, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fbdd1f1abf0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fbdd1f1a5c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbdd1f1abf0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1672122523", 4096) = 28 brk(0x555556271c40) = 0x555556271c40 brk(0x555556272000) = 0x555556272000 mprotect(0x7fbdd1fe1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 305 ./strace-static-x86_64: Process 305 attached [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] set_robust_list(0x5555562505e0, 24) = 0 [pid 304] <... clone resumed>, child_tidptr=0x5555562505d0) = 306 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] getpid(./strace-static-x86_64: Process 306 attached ) = 305 [pid 305] mkdir("./syzkaller.movsHe", 0700./strace-static-x86_64: Process 307 attached [pid 306] set_robust_list(0x5555562505e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x5555562505d0) = 307 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 308 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... mkdir resumed>) = 0 [pid 304] <... clone resumed>, child_tidptr=0x5555562505d0) = 309 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] chmod("./syzkaller.movsHe", 0777 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] <... chmod resumed>) = 0 [pid 306] getpid( [pid 304] <... clone resumed>, child_tidptr=0x5555562505d0) = 310 [pid 305] chdir("./syzkaller.movsHe"./strace-static-x86_64: Process 308 attached ./strace-static-x86_64: Process 309 attached [pid 307] set_robust_list(0x5555562505e0, 24 [pid 306] <... getpid resumed>) = 306 [pid 305] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x5555562505e0, 24) = 0 [pid 310] getpid( [pid 308] set_robust_list(0x5555562505e0, 24 [pid 307] <... set_robust_list resumed>) = 0 [pid 306] mkdir("./syzkaller.xT0Iqj", 0700 [pid 305] mkdir("./0", 0777 [pid 310] <... getpid resumed>) = 310 [pid 310] mkdir("./syzkaller.m8xp3B", 0700 [pid 307] getpid( [pid 306] <... mkdir resumed>) = 0 [pid 305] <... mkdir resumed>) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 307] <... getpid resumed>) = 307 [pid 306] chmod("./syzkaller.xT0Iqj", 0777 [pid 310] <... mkdir resumed>) = 0 [pid 310] chmod("./syzkaller.m8xp3B", 0777) = 0 [pid 310] chdir("./syzkaller.m8xp3B") = 0 [ 21.508663][ T22] audit: type=1400 audit(1679155778.650:73): avc: denied { execmem } for pid=304 comm="syz-executor167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 310] mkdir("./0", 0777 [pid 308] getpid( [pid 307] mkdir("./syzkaller.Kx82lq", 0700 [pid 308] <... getpid resumed>) = 308 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 306] <... chmod resumed>) = 0 [pid 307] <... mkdir resumed>) = 0 [pid 308] mkdir("./syzkaller.hSfJZv", 0700 [pid 310] <... mkdir resumed>) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 305] <... openat resumed>) = 3 [pid 310] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 310] close(3) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x5555562505e0, 24) = 0 [pid 311] chdir("./0") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 311] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 312 [pid 311] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [pid 308] <... mkdir resumed>) = 0 [pid 307] chmod("./syzkaller.Kx82lq", 0777 [pid 306] chdir("./syzkaller.xT0Iqj" [pid 305] ioctl(3, LOOP_CLR_FD [pid 306] <... chdir resumed>) = 0 [pid 308] chmod("./syzkaller.hSfJZv", 0777 [pid 307] <... chmod resumed>) = 0 [pid 305] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 307] chdir("./syzkaller.Kx82lq" [pid 306] mkdir("./0", 0777 [pid 308] <... chmod resumed>) = 0 [pid 307] <... chdir resumed>) = 0 [pid 305] close(3 [pid 306] <... mkdir resumed>) = 0 [pid 307] mkdir("./0", 0777 [pid 308] chdir("./syzkaller.hSfJZv" [pid 305] <... close resumed>) = 0 [pid 307] <... mkdir resumed>) = 0 [pid 308] <... chdir resumed>) = 0 [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 306] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 308] mkdir("./0", 0777 [pid 306] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 308] <... mkdir resumed>) = 0 [pid 306] ioctl(3, LOOP_CLR_FD [pid 307] ioctl(3, LOOP_CLR_FD [pid 305] <... clone resumed>, child_tidptr=0x5555562505d0) = 313 [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 307] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 306] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 309] set_robust_list(0x5555562505e0, 24 [pid 308] <... openat resumed>) = 3 [pid 307] close(3 [pid 306] close(3) = 0 [pid 307] <... close resumed>) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] <... set_robust_list resumed>) = 0 [pid 308] ioctl(3, LOOP_CLR_FD [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 307] <... clone resumed>, child_tidptr=0x5555562505d0) = 315 [pid 306] <... clone resumed>, child_tidptr=0x5555562505d0) = 314 ./strace-static-x86_64: Process 313 attached [pid 309] getpid( [pid 308] close(3) = 0 [pid 309] <... getpid resumed>) = 309 [pid 313] set_robust_list(0x5555562505e0, 24 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 313] <... set_robust_list resumed>) = 0 [pid 313] chdir("./0" [pid 308] <... clone resumed>, child_tidptr=0x5555562505d0) = 316 [pid 309] mkdir("./syzkaller.LJeEEy", 0700) = 0 [pid 313] <... chdir resumed>) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 309] chmod("./syzkaller.LJeEEy", 0777) = 0 [pid 309] chdir("./syzkaller.LJeEEy") = 0 [pid 309] mkdir("./0", 0777 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... mkdir resumed>) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 309] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 313] <... openat resumed>) = 3 [pid 309] close(3 [pid 313] write(3, "1000", 4 [pid 309] <... close resumed>) = 0 [pid 309] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 313] <... write resumed>) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs" [pid 309] <... clone resumed>, child_tidptr=0x5555562505d0) = 317 [pid 313] <... symlink resumed>) = 0 [pid 313] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 316 attached ./strace-static-x86_64: Process 315 attached ./strace-static-x86_64: Process 314 attached [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 313] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x5555562505e0, 24 [pid 313] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 314] set_robust_list(0x5555562505e0, 24 [pid 317] <... set_robust_list resumed>) = 0 [pid 313] <... clone resumed>, parent_tid=[319], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 319 [pid 313] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 313] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 317] chdir("./0") = 0 [pid 314] chdir("./0" [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 314] <... chdir resumed>) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0 [pid 317] <... prctl resumed>) = 0 [pid 315] set_robust_list(0x5555562505e0, 24 [pid 314] <... setpgid resumed>) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 317] setpgid(0, 0) = 0 [pid 315] <... set_robust_list resumed>) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 315] chdir("./0" [pid 314] <... openat resumed>) = 3 [pid 317] <... openat resumed>) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 315] <... chdir resumed>) = 0 [pid 317] close(3) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 317] symlink("/dev/binderfs", "./binderfs" [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 315] <... prctl resumed>) = 0 [pid 317] <... symlink resumed>) = 0 [pid 317] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] setpgid(0, 0 [pid 314] symlink("/dev/binderfs", "./binderfs" [pid 317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 317] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE [pid 316] set_robust_list(0x5555562505e0, 24 [pid 315] <... setpgid resumed>) = 0 [pid 314] <... symlink resumed>) = 0 [pid 317] <... mprotect resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 314] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 316] chdir("./0" [pid 315] <... openat resumed>) = 3 [pid 314] <... futex resumed>) = 0 [pid 317] <... clone resumed>, parent_tid=[320], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 320 [pid 317] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 316] <... chdir resumed>) = 0 [pid 315] write(3, "1000", 4 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 315] <... write resumed>) = 4 [pid 314] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 316] <... prctl resumed>) = 0 [ 21.536919][ T22] audit: type=1400 audit(1679155778.680:74): avc: denied { read write } for pid=305 comm="syz-executor167" name="loop0" dev="devtmpfs" ino=9282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 315] close(3 [pid 316] setpgid(0, 0 [pid 315] <... close resumed>) = 0 [pid 314] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE [pid 316] <... setpgid resumed>) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs" [pid 314] <... mprotect resumed>) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 315] <... symlink resumed>) = 0 [pid 314] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 316] <... openat resumed>) = 3 [pid 315] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] write(3, "1000", 4 [pid 315] <... futex resumed>) = 0 [pid 314] <... clone resumed>, parent_tid=[321], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 321 [pid 316] <... write resumed>) = 4 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 314] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] close(3 [pid 315] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 314] <... futex resumed>) = 0 [pid 316] <... close resumed>) = 0 [pid 315] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE [pid 314] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 316] symlink("/dev/binderfs", "./binderfs" [pid 315] <... mprotect resumed>) = 0 [pid 316] <... symlink resumed>) = 0 [pid 315] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 316] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] <... clone resumed>, parent_tid=[322], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 322 [pid 316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 315] <... futex resumed>) = 0 [pid 316] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE [pid 315] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 316] <... mprotect resumed>) = 0 [pid 316] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[323], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 323 [pid 316] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 320 attached ) = 0x7fbdc9ae9000 [pid 320] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 ./strace-static-x86_64: Process 322 attached ./strace-static-x86_64: Process 321 attached ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 323] memfd_create("syzkaller", 0 [pid 322] set_robust_list(0x7fbdd1f099e0, 24 [pid 321] set_robust_list(0x7fbdd1f099e0, 24 [pid 323] <... memfd_create resumed>) = 3 [pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [pid 322] <... set_robust_list resumed>) = 0 [pid 321] <... set_robust_list resumed>) = 0 [pid 321] memfd_create("syzkaller", 0 [pid 322] memfd_create("syzkaller", 0 [pid 321] <... memfd_create resumed>) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 322] <... memfd_create resumed>) = 3 [pid 321] <... mmap resumed>) = 0x7fbdc9ae9000 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [ 21.622591][ T22] audit: type=1400 audit(1679155778.680:76): avc: denied { open } for pid=310 comm="syz-executor167" path="/dev/loop5" dev="devtmpfs" ino=9287 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.772037][ T22] audit: type=1400 audit(1679155778.680:75): avc: denied { open } for pid=305 comm="syz-executor167" path="/dev/loop0" dev="devtmpfs" ino=9282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.885528][ T22] audit: type=1400 audit(1679155778.680:77): avc: denied { ioctl } for pid=310 comm="syz-executor167" path="/dev/loop5" dev="devtmpfs" ino=9287 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 322] <... write resumed>) = 20699119 [pid 322] munmap(0x7fbdc9ae9000, 20699119 [pid 312] <... write resumed>) = 20699119 [pid 312] munmap(0x7fbdc9ae9000, 20699119 [pid 322] <... munmap resumed>) = 0 [pid 321] <... write resumed>) = 20699119 [pid 322] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 321] munmap(0x7fbdc9ae9000, 20699119 [pid 322] <... openat resumed>) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3 [pid 321] <... munmap resumed>) = 0 [pid 312] <... munmap resumed>) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 312] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 322] <... ioctl resumed>) = 0 [pid 321] <... openat resumed>) = 4 [pid 322] close(3 [pid 321] ioctl(4, LOOP_SET_FD, 3 [pid 312] <... openat resumed>) = 4 [pid 322] <... close resumed>) = 0 [pid 312] ioctl(4, LOOP_SET_FD, 3 [pid 322] mkdir("./file0", 0777 [pid 321] <... ioctl resumed>) = 0 [pid 321] close(3) = 0 [pid 321] mkdir("./file0", 0777) = 0 [pid 321] mount("/dev/loop1", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 322] <... mkdir resumed>) = 0 [pid 322] mount("/dev/loop2", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 312] <... ioctl resumed>) = 0 [pid 312] close(3) = 0 [pid 312] mkdir("./file0", 0777) = 0 [pid 312] mount("/dev/loop5", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 323] <... write resumed>) = 20699119 [pid 323] munmap(0x7fbdc9ae9000, 20699119) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 22.297333][ T22] audit: type=1400 audit(1679155779.440:78): avc: denied { mounton } for pid=314 comm="syz-executor167" path="/root/syzkaller.xT0Iqj/0/file0" dev="sda1" ino=1156 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.332676][ T321] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 323] close(3) = 0 [pid 323] mkdir("./file0", 0777) = 0 [pid 323] mount("/dev/loop3", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 319] <... write resumed>) = 20699119 [pid 319] munmap(0x7fbdc9ae9000, 20699119) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3 [pid 320] <... write resumed>) = 20699119 [pid 320] munmap(0x7fbdc9ae9000, 20699119 [pid 319] <... ioctl resumed>) = 0 [pid 319] close(3) = 0 [pid 319] mkdir("./file0", 0777) = 0 [ 22.368159][ T312] F2FS-fs (loop5): Found nat_bits in checkpoint [ 22.378000][ T322] F2FS-fs (loop2): Found nat_bits in checkpoint [ 22.392694][ T323] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 319] mount("/dev/loop0", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 320] <... munmap resumed>) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] mkdir("./file0", 0777) = 0 [ 22.479516][ T319] F2FS-fs (loop0): Found nat_bits in checkpoint [ 22.496360][ T320] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 320] mount("/dev/loop4", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 321] <... mount resumed>) = 0 [pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 321] chdir("./file0") = 0 [pid 321] ioctl(4, LOOP_CLR_FD) = 0 [pid 321] close(4) = 0 [pid 321] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 321] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] open("./bus", O_RDONLY) = 5 [pid 321] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] syncfs(5 [pid 323] <... mount resumed>) = 0 [pid 323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 323] chdir("./file0") = 0 [pid 323] ioctl(4, LOOP_CLR_FD) = 0 [pid 323] close(4) = 0 [pid 323] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 323] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDONLY) = 5 [pid 323] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.537116][ T321] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 22.547668][ T22] audit: type=1400 audit(1679155779.700:79): avc: denied { mount } for pid=314 comm="syz-executor167" name="/" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.577062][ T323] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [pid 316] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] syncfs(5 [pid 322] <... mount resumed>) = 0 [pid 312] <... mount resumed>) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 314] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] <... openat resumed>) = 3 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] <... openat resumed>) = 3 [pid 314] <... mmap resumed>) = 0x7fbdcae86000 [pid 314] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 312] chdir("./file0" [pid 322] chdir("./file0" [pid 314] <... clone resumed>, parent_tid=[357], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 357 [pid 322] <... chdir resumed>) = 0 [pid 312] <... chdir resumed>) = 0 [pid 314] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] ioctl(4, LOOP_CLR_FD [pid 312] ioctl(4, LOOP_CLR_FD [pid 322] <... ioctl resumed>) = 0 [pid 312] <... ioctl resumed>) = 0 [pid 322] close(4 [pid 312] close(4 [pid 322] <... close resumed>) = 0 [pid 312] <... close resumed>) = 0 [pid 322] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 1 [pid 315] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 1 [pid 322] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 315] <... futex resumed>) = 0 [pid 311] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 322] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 312] <... open resumed>) = 4 [pid 322] <... open resumed>) = 4 [pid 312] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 1 [pid 311] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = 1 [pid 315] <... futex resumed>) = 0 [pid 312] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] open("./bus", O_RDONLY [pid 316] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] <... futex resumed>) = 0 [pid 322] <... open resumed>) = 5 [pid 316] <... futex resumed>) = 0 [pid 315] <... futex resumed>) = 0 [pid 312] open("./bus", O_RDONLY [pid 311] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... open resumed>) = 5 [pid 322] <... futex resumed>) = 0 [pid 316] <... mmap resumed>) = 0x7fbdcae86000 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE [pid 315] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 1 [pid 311] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... mprotect resumed>) = 0 [pid 315] <... futex resumed>) = 0 [pid 312] syncfs(5 [pid 311] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] syncfs(5 [ 22.605835][ T312] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 22.613847][ T322] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 22.621483][ T22] audit: type=1400 audit(1679155779.720:80): avc: denied { write } for pid=314 comm="syz-executor167" name="/" dev="loop1" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 316] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 315] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 0 ./strace-static-x86_64: Process 359 attached [pid 319] <... mount resumed>) = 0 [pid 311] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... clone resumed>, parent_tid=[359], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 359 [pid 316] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] set_robust_list(0x7fbdcaea69e0, 24) = 0 [pid 320] <... mount resumed>) = 0 [pid 359] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file0") = 0 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x7fbdcaea69e0, 24) = 0 [pid 357] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 320] <... close resumed>) = 0 [pid 320] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 314] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 314] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 320] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 320] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 317] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... open resumed>) = 4 [pid 320] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] open("./bus", O_RDONLY) = 5 [pid 320] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 317] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] syncfs(5 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("./file0") = 0 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [ 22.672686][ T319] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 22.682165][ T320] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 22.712401][ T172] attempt to access beyond end of device [pid 319] close(4 [pid 316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 315] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 319] <... close resumed>) = 0 [pid 315] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] <... mmap resumed>) = 0x7fbdcae86000 [pid 311] <... mmap resumed>) = 0x7fbdcae86000 [pid 315] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE [pid 311] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE [pid 315] <... mprotect resumed>) = 0 [ 22.712401][ T172] loop1: rw=2049, want=45104, limit=40427 [ 22.715943][ T357] attempt to access beyond end of device [ 22.715943][ T357] loop1: rw=2049, want=78672, limit=40427 [pid 311] <... mprotect resumed>) = 0 [pid 319] <... futex resumed>) = 1 [pid 315] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 313] <... futex resumed>) = 0 [pid 311] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 313] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... clone resumed>, parent_tid=[363], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 363 [pid 313] <... futex resumed>) = 0 [pid 311] <... clone resumed>, parent_tid=[364], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 364 [pid 315] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 0 [pid 315] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7fbdcaea69e0, 24) = 0 [pid 364] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0./strace-static-x86_64: Process 363 attached [pid 319] <... open resumed>) = 4 [pid 317] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 363] set_robust_list(0x7fbdcaea69e0, 24 [pid 319] <... futex resumed>) = 1 [pid 317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 313] <... futex resumed>) = 0 [pid 319] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] <... mmap resumed>) = 0x7fbdcae86000 [pid 313] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... set_robust_list resumed>) = 0 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE [pid 313] <... futex resumed>) = 0 [pid 363] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 319] open("./bus", O_RDONLY [pid 317] <... mprotect resumed>) = 0 [pid 313] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... open resumed>) = 5 [pid 319] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 319] <... futex resumed>) = 1 [pid 313] <... futex resumed>) = 0 [pid 317] <... clone resumed>, parent_tid=[366], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 366 [pid 319] syncfs(5 [pid 317] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 359] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7fbdcaea69e0, 24) = 0 [pid 315] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 315] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 311] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 366] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 315] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 22.765268][ T359] attempt to access beyond end of device [ 22.765268][ T359] loop3: rw=2049, want=78672, limit=40427 [ 22.767664][ T92] attempt to access beyond end of device [ 22.767664][ T92] loop3: rw=2049, want=45104, limit=40427 [pid 317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 321] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 357] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 323] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] exit_group(0 [pid 314] exit_group(0 [pid 359] <... futex resumed>) = ? [pid 357] <... futex resumed>) = ? [pid 323] <... futex resumed>) = ? [pid 321] <... futex resumed>) = ? [pid 316] <... exit_group resumed>) = ? [pid 314] <... exit_group resumed>) = ? [pid 359] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ [pid 323] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ [pid 314] +++ exited with 0 +++ [pid 364] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 364] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.812700][ T22] audit: type=1400 audit(1679155779.720:81): avc: denied { add_name } for pid=314 comm="syz-executor167" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.826758][ T364] attempt to access beyond end of device [ 22.826758][ T364] loop5: rw=2049, want=78672, limit=40427 [ 22.849869][ T363] attempt to access beyond end of device [ 22.849869][ T363] loop2: rw=2049, want=78672, limit=40427 [pid 364] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... futex resumed>) = 0 [pid 308] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=9, si_stime=16} --- [pid 306] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=6, si_stime=15} --- [ 22.852530][ T22] audit: type=1400 audit(1679155779.720:82): avc: denied { create } for pid=314 comm="syz-executor167" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.876014][ T366] attempt to access beyond end of device [ 22.876014][ T366] loop4: rw=2049, want=78672, limit=40427 [ 22.882035][ T92] attempt to access beyond end of device [ 22.882035][ T92] loop5: rw=2049, want=40984, limit=40427 [ 22.893405][ T361] attempt to access beyond end of device [pid 319] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 319] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... mmap resumed>) = 0x7fbdcae86000 [pid 312] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 313] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE [pid 312] <... futex resumed>) = 0 [pid 319] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... mprotect resumed>) = 0 [pid 312] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[367], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 367 [pid 311] exit_group(0 [pid 313] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = ? [pid 311] <... exit_group resumed>) = ? [pid 308] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 306] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 313] <... futex resumed>) = 0 [pid 312] +++ exited with 0 +++ [pid 364] <... futex resumed>) = ? [pid 308] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 306] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 313] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 306] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 308] <... openat resumed>) = 3 [pid 306] <... openat resumed>) = 3 [pid 308] fstat(3, [pid 306] fstat(3, [pid 364] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ [pid 308] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=6, si_stime=16} --- [pid 363] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 310] restart_syscall(<... resuming interrupted clone ...> [pid 308] getdents64(3, [pid 306] getdents64(3, ./strace-static-x86_64: Process 367 attached [pid 366] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 363] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 320] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 310] <... restart_syscall resumed>) = 0 [pid 308] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 306] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 366] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 322] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] exit_group(0 [pid 308] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 306] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 366] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = ? [pid 320] <... futex resumed>) = 0 [pid 315] <... exit_group resumed>) = ? [pid 308] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 306] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 367] set_robust_list(0x7fbdcaea69e0, 24 [pid 366] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] +++ exited with 0 +++ [pid 322] +++ exited with 0 +++ [pid 320] futex(0x7fbdd1fe77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] +++ exited with 0 +++ [pid 310] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 367] <... set_robust_list resumed>) = 0 [pid 310] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 308] lstat("./0/binderfs", [pid 307] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=8, si_stime=15} --- [pid 306] lstat("./0/binderfs", [pid 367] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 317] exit_group(0 [pid 310] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 308] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 306] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 367] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 366] <... futex resumed>) = ? [pid 320] <... futex resumed>) = ? [pid 317] <... exit_group resumed>) = ? [pid 310] <... openat resumed>) = 3 [pid 308] unlink("./0/binderfs" [pid 306] unlink("./0/binderfs" [pid 367] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] +++ exited with 0 +++ [pid 310] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 320] +++ exited with 0 +++ [pid 317] +++ exited with 0 +++ [pid 310] getdents64(3, [pid 367] <... futex resumed>) = 1 [pid 313] <... futex resumed>) = 0 [pid 310] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 309] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=10, si_stime=22} --- [pid 308] <... unlink resumed>) = 0 [pid 306] <... unlink resumed>) = 0 [pid 367] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] exit_group(0 [pid 310] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 367] <... futex resumed>) = ? [pid 319] <... futex resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 310] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 308] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 319] +++ exited with 0 +++ [pid 310] lstat("./0/binderfs", [pid 309] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 310] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 307] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 310] unlink("./0/binderfs") = 0 [pid 310] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 307] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 367] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ [pid 309] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 307] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 309] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 305] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=6, si_stime=17} --- [pid 309] fstat(3, [pid 307] fstat(3, [pid 309] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 307] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 309] getdents64(3, [pid 307] getdents64(3, [pid 305] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 307] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 305] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 309] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 307] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 305] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 309] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 307] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 305] <... openat resumed>) = 3 [pid 309] lstat("./0/binderfs", [pid 307] lstat("./0/binderfs", [pid 305] fstat(3, [pid 309] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 307] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 305] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 309] unlink("./0/binderfs" [pid 307] unlink("./0/binderfs" [pid 305] getdents64(3, [pid 309] <... unlink resumed>) = 0 [pid 307] <... unlink resumed>) = 0 [pid 305] <... getdents64 resumed>0x555556251620 /* 4 entries */, 32768) = 112 [pid 309] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 307] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 305] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 305] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 305] unlink("./0/binderfs") = 0 [ 22.893405][ T361] loop4: rw=2049, want=40984, limit=40427 [ 22.904099][ T355] attempt to access beyond end of device [ 22.904099][ T355] loop2: rw=2049, want=45104, limit=40427 [pid 305] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 306] <... umount2 resumed>) = 0 [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 306] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 306] getdents64(4, 0x555556259660 /* 2 entries */, 32768) = 48 [pid 306] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 306] close(4) = 0 [pid 306] rmdir("./0/file0") = 0 [pid 306] getdents64(3, 0x555556251620 /* 0 entries */, 32768) = 0 [pid 306] close(3) = 0 [pid 306] rmdir("./0") = 0 [pid 306] mkdir("./1", 0777) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 306] ioctl(3, LOOP_CLR_FD [pid 310] <... umount2 resumed>) = 0 [pid 310] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 310] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 310] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 310] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 310] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 310] getdents64(4, 0x555556259660 /* 2 entries */, 32768) = 48 [pid 310] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 310] close(4) = 0 [pid 310] rmdir("./0/file0") = 0 [pid 310] getdents64(3, 0x555556251620 /* 0 entries */, 32768) = 0 [pid 310] close(3) = 0 [pid 310] rmdir("./0") = 0 [pid 310] mkdir("./1", 0777) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 306] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 306] close(3) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 368 [pid 310] <... openat resumed>) = 3 [pid 310] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 310] close(3) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 369 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x5555562505e0, 24) = 0 [pid 368] chdir("./1") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 368] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x5555562505e0, 24) = 0 [pid 369] chdir("./1" [pid 368] <... clone resumed>, parent_tid=[370], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 370 [pid 368] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 369] <... chdir resumed>) = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 369] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[371], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 371 [pid 369] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [pid 305] <... umount2 resumed>) = 0 [pid 308] <... umount2 resumed>) = 0 [pid 305] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 305] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 305] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 305] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 305] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 305] getdents64(4, 0x555556259660 /* 2 entries */, 32768) = 48 [pid 305] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 305] close(4) = 0 [pid 305] rmdir("./0/file0") = 0 [pid 305] getdents64(3, 0x555556251620 /* 0 entries */, 32768) = 0 [pid 305] close(3) = 0 [pid 305] rmdir("./0" [pid 309] <... umount2 resumed>) = 0 [pid 308] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 305] <... rmdir resumed>) = 0 [pid 305] mkdir("./1", 0777 [pid 308] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 305] <... mkdir resumed>) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 308] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 305] <... openat resumed>) = 3 [pid 309] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 305] ioctl(3, LOOP_CLR_FD [pid 308] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 309] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 309] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 309] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 308] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 305] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 309] fstat(4, [pid 308] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 305] close(3 [pid 309] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 309] getdents64(4, [pid 308] <... openat resumed>) = 4 [pid 305] <... close resumed>) = 0 [pid 308] fstat(4, [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 308] getdents64(4, 0x555556259660 /* 2 entries */, 32768) = 48 [pid 305] <... clone resumed>, child_tidptr=0x5555562505d0) = 372 [pid 308] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 309] <... getdents64 resumed>0x555556259660 /* 2 entries */, 32768) = 48 [pid 309] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 309] close(4) = 0 [pid 309] rmdir("./0/file0" [pid 308] close(4) = 0 [pid 308] rmdir("./0/file0") = 0 [pid 308] getdents64(3, 0x555556251620 /* 0 entries */, 32768) = 0 [pid 308] close(3) = 0 [pid 308] rmdir("./0") = 0 [pid 309] <... rmdir resumed>) = 0 [pid 308] mkdir("./1", 0777 [pid 309] getdents64(3, [pid 308] <... mkdir resumed>) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 309] <... getdents64 resumed>0x555556251620 /* 0 entries */, 32768) = 0 [pid 308] <... openat resumed>) = 3 [pid 309] close(3) = 0 [pid 309] rmdir("./0" [pid 308] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 308] close(3) = 0 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 373 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x5555562505e0, 24) = 0 [pid 372] chdir("./1" [pid 309] <... rmdir resumed>) = 0 [pid 372] <... chdir resumed>) = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] mkdir("./1", 0777 [pid 372] <... openat resumed>) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 309] <... mkdir resumed>) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 309] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 372] symlink("/dev/binderfs", "./binderfs" [pid 309] close(3) = 0 ./strace-static-x86_64: Process 373 attached [pid 372] <... symlink resumed>) = 0 [pid 372] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] set_robust_list(0x5555562505e0, 24 [pid 372] <... futex resumed>) = 0 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 373] <... set_robust_list resumed>) = 0 [pid 373] chdir("./1" [pid 372] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 372] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE [pid 373] <... chdir resumed>) = 0 [pid 309] <... clone resumed>, child_tidptr=0x5555562505d0) = 374 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 372] <... mprotect resumed>) = 0 [pid 373] <... prctl resumed>) = 0 [pid 372] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 373] setpgid(0, 0) = 0 [pid 372] <... clone resumed>, parent_tid=[375], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 375 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x5555562505e0, 24 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 372] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] <... openat resumed>) = 3 [pid 372] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] <... set_robust_list resumed>) = 0 [pid 374] chdir("./1" [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3 [pid 374] <... chdir resumed>) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 373] <... close resumed>) = 0 [pid 374] <... prctl resumed>) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs" [pid 374] setpgid(0, 0 [pid 373] <... symlink resumed>) = 0 [pid 374] <... setpgid resumed>) = 0 [pid 373] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 374] <... openat resumed>) = 3 [pid 373] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [pid 374] write(3, "1000", 4 [pid 373] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] <... write resumed>) = 4 [pid 374] close(3 [pid 373] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 374] <... close resumed>) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] <... clone resumed>, parent_tid=[376], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 376 [pid 374] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] <... futex resumed>) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 373] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] <... mmap resumed>) = 0x7fbdd1ee9000 [pid 374] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[377], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 377 [pid 307] <... umount2 resumed>) = 0 [pid 374] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 307] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 307] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 307] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 307] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 307] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 307] getdents64(4, 0x555556259660 /* 2 entries */, 32768) = 48 [pid 307] getdents64(4, 0x555556259660 /* 0 entries */, 32768) = 0 [pid 307] close(4) = 0 [pid 307] rmdir("./0/file0"./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x7fbdd1f099e0, 24./strace-static-x86_64: Process 376 attached ) = 0 [pid 307] <... rmdir resumed>) = 0 [pid 376] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 307] getdents64(3, [pid 377] memfd_create("syzkaller", 0 [pid 376] memfd_create("syzkaller", 0 [pid 307] <... getdents64 resumed>0x555556251620 /* 0 entries */, 32768) = 0 [pid 377] <... memfd_create resumed>) = 3 [pid 376] <... memfd_create resumed>) = 3 [pid 307] close(3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 307] <... close resumed>) = 0 [pid 376] <... mmap resumed>) = 0x7fbdc9ae9000 [pid 307] rmdir("./0" [pid 377] <... mmap resumed>) = 0x7fbdc9ae9000 [pid 307] <... rmdir resumed>) = 0 [pid 307] mkdir("./1", 0777) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 307] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 307] close(3) = 0 [pid 307] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562505d0) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x5555562505e0, 24) = 0 [pid 378] chdir("./1") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdd1ee9000 [pid 378] mprotect(0x7fbdd1eea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 378] clone(child_stack=0x7fbdd1f093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[379], tls=0x7fbdd1f09700, child_tidptr=0x7fbdd1f099d0) = 379 [pid 378] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7fbdd1f099e0, 24) = 0 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbdc9ae9000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 371] <... write resumed>) = 20699119 [pid 371] munmap(0x7fbdc9ae9000, 20699119) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] mkdir("./file0", 0777) = 0 [ 24.154836][ T371] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 371] mount("/dev/loop5", "./file0", "f2fs", 0, "noextent_cache,lazytime,") = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file0") = 0 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 371] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] open("./bus", O_RDONLY) = 5 [pid 371] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] syncfs(5 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [ 24.202662][ T371] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 369] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbdcae86000 [pid 369] mprotect(0x7fbdcae87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7fbdcaea63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[385], tls=0x7fbdcaea6700, child_tidptr=0x7fbdcaea69d0) = 385 [pid 369] futex(0x7fbdd1fe77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x7fbdcaea69e0, 24) = 0 [pid 385] pwritev2(4, [{iov_base="\x05\xa6\x37\xfa\x8f\xca\x71\x9e\xe2\x4e\x7b\xbd\xc8\xb0\xd3\xd8\x5f\xd7\x28\xe2\xcd\x4e\x5a\x9f\x6f\x6e\x0f\x27\x71\xa3\xd7\x68\x4e\x62\xa7\xbb\x51\xcc\x6f\x0e\xd2\x05\x87\xe3\xce\x7e\x9e\xe2\x03\x0f\x1b\x5b\xc5\xb8\xd5\x5e\x2f\x62\x77\x98\x17\xb1\xb3\x97\xea\xda\xdd\x4b\xff\xb7\xed\x0d\x47\x29\x4f\xab\xcc\xf7\x61\x91\x3e\x46\xa3\xfd\x98\xe6\xdb\xbb\xed\xb4\x9f\xcd\x47\x45\x6c\x0e\x46\xe5\x7c\xca"..., iov_len=434176}], 1, 100663296, 0 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 370] <... write resumed>) = 20699119 [pid 370] munmap(0x7fbdc9ae9000, 20699119) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 370] close(3 [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] futex(0x7fbdd1fe77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 370] <... close resumed>) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop1", "./file0", "f2fs", 0, "noextent_cache,lazytime," [pid 385] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 385] futex(0x7fbdd1fe77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fbdd1fe77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] <... syncfs resumed>) = -1 EIO (Input/output error) [pid 371] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] exit_group(0 [pid 385] <... futex resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 385] +++ exited with 0 +++ [pid 371] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ [pid 310] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=6, si_stime=20} --- [pid 310] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 310] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 310] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 310] getdents64(3, 0x555556251620 /* 4 entries */, 32768) = 112 [pid 310] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 310] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 310] unlink("./1/binderfs") = 0 [ 24.373680][ T370] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 310] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 370] <... mount resumed>) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... open resumed>) = 4 [pid 370] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] open("./bus", O_RDONLY) = 5 [pid 370] futex(0x7fbdd1fe77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7fbdd1fe77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7fbdd1fe77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 24.506111][ T370] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [pid 370] syncfs(5 [pid 375] <... write resumed>) = 20699119 [pid 375] munmap(0x7fbdc9ae9000, 20699119 [pid 377] <... write resumed>) = 20699119 [pid 377] munmap(0x7fbdc9ae9000, 20699119 [pid 375] <... munmap resumed>) = 0 [pid 377] <... munmap resumed>) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 377] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 375] <... openat resumed>) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3 [pid 377] ioctl(4, LOOP_SET_FD, 3