./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2434692287 <...> [ 5.037855][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! syzkaller syzkaller login: [ 6.627923][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 7.288189][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 12.532456][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 12.532465][ T23] audit: type=1400 audit(1677063820.530:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.539887][ T23] audit: type=1400 audit(1677063820.540:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[11306]" dev="pipefs" ino=11306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. execve("./syz-executor2434692287", ["./syz-executor2434692287"], 0x7ffd4ea1f050 /* 10 vars */) = 0 brk(NULL) = 0x555556601000 brk(0x555556601c40) = 0x555556601c40 arch_prctl(ARCH_SET_FS, 0x555556601300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2434692287", 4096) = 28 brk(0x555556622c40) = 0x555556622c40 brk(0x555556623000) = 0x555556623000 mprotect(0x7fb3bafe9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 372] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 372] close(3) = 0 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 374 [pid 371] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 375 [pid 371] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 376 [pid 371] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 377 [pid 371] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 378 [pid 371] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 379] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 379] close(3) = 0 [pid 379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 378 attached [pid 378] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 379] <... clone resumed>, child_tidptr=0x5555566015d0) = 380 [pid 378] <... openat resumed>) = 3 [pid 378] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 378] close(3) = 0 [pid 378] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 381 ./strace-static-x86_64: Process 377 attached [pid 377] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 377] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 377] close(3) = 0 [pid 377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 381 attached [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] <... openat resumed>) = 3 [pid 381] <... prctl resumed>) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4 [pid 382] write(3, "1000", 4 [pid 381] <... write resumed>) = 4 [pid 382] <... write resumed>) = 4 [pid 381] close(3 [pid 382] close(3 [pid 381] <... close resumed>) = 0 [pid 382] <... close resumed>) = 0 [pid 382] memfd_create("syzkaller", 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 382] <... memfd_create resumed>) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 381] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 382] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 382] <... write resumed>) = 262144 [pid 381] <... write resumed>) = 262144 [pid 381] munmap(0x7fb3b2b2e000, 262144./strace-static-x86_64: Process 380 attached ) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 382] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 381] ioctl(4, LOOP_SET_FD, 3 [pid 382] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 376 attached ) = 0 [pid 380] setpgid(0, 0 [pid 381] <... ioctl resumed>) = 0 [pid 382] <... openat resumed>) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3 [pid 380] <... setpgid resumed>) = 0 [pid 381] close(3) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop4", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [ 21.522169][ T23] audit: type=1400 audit(1677063829.520:73): avc: denied { execmem } for pid=371 comm="syz-executor243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.528080][ T23] audit: type=1400 audit(1677063829.530:74): avc: denied { read write } for pid=372 comm="syz-executor243" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.534620][ T23] audit: type=1400 audit(1677063829.530:75): avc: denied { open } for pid=372 comm="syz-executor243" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 375 attached ./strace-static-x86_64: Process 374 attached [pid 382] <... ioctl resumed>) = 0 [pid 380] <... openat resumed>) = 3 [pid 376] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 382] close(3 [pid 380] write(3, "1000", 4 [pid 376] <... openat resumed>) = 3 [pid 382] <... close resumed>) = 0 [pid 380] <... write resumed>) = 4 [pid 376] ioctl(3, LOOP_CLR_FD [pid 382] mkdir("./file0", 0777 [pid 380] close(3 [pid 376] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 382] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 380] <... close resumed>) = 0 [pid 376] close(3 [pid 382] mount("/dev/loop3", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [pid 380] memfd_create("syzkaller", 0 [pid 376] <... close resumed>) = 0 [pid 380] <... memfd_create resumed>) = 3 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb3b2b2e000 [pid 376] <... clone resumed>, child_tidptr=0x5555566015d0) = 387 [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 375] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 374] <... prctl resumed>) = 0 [pid 375] <... openat resumed>) = 3 [pid 374] setpgid(0, 0 [pid 375] ioctl(3, LOOP_CLR_FD [pid 374] <... setpgid resumed>) = 0 [pid 375] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 375] close(3 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 375] <... close resumed>) = 0 [pid 375] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 374] <... openat resumed>) = 3 [pid 380] munmap(0x7fb3b2b2e000, 262144 [pid 374] write(3, "1000", 4 [pid 375] <... clone resumed>, child_tidptr=0x5555566015d0) = 388 [pid 374] <... write resumed>) = 4 [pid 374] close(3) = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 380] <... munmap resumed>) = 0 [pid 374] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 380] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_SET_FD, 3 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 374] munmap(0x7fb3b2b2e000, 262144) = 0 [ 21.564568][ T23] audit: type=1400 audit(1677063829.530:76): avc: denied { ioctl } for pid=372 comm="syz-executor243" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.573359][ T382] EXT4-fs (loop3): Ignoring removed nobh option [ 21.590912][ T381] EXT4-fs (loop4): Ignoring removed nobh option [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 388 attached ./strace-static-x86_64: Process 387 attached [pid 380] <... ioctl resumed>) = 0 [pid 380] close(3) = 0 [pid 380] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 380] mount("/dev/loop5", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 374] <... openat resumed>) = 4 [pid 388] <... prctl resumed>) = 0 [pid 387] <... prctl resumed>) = 0 [pid 374] ioctl(4, LOOP_SET_FD, 3 [pid 388] setpgid(0, 0 [pid 387] setpgid(0, 0 [pid 388] <... setpgid resumed>) = 0 [pid 387] <... setpgid resumed>) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 388] <... openat resumed>) = 3 [pid 387] <... openat resumed>) = 3 [pid 388] write(3, "1000", 4 [pid 387] write(3, "1000", 4 [pid 388] <... write resumed>) = 4 [pid 387] <... write resumed>) = 4 [pid 388] close(3 [pid 387] close(3 [pid 388] <... close resumed>) = 0 [pid 387] <... close resumed>) = 0 [pid 388] memfd_create("syzkaller", 0 [pid 387] memfd_create("syzkaller", 0 [pid 388] <... memfd_create resumed>) = 3 [pid 387] <... memfd_create resumed>) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 388] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 387] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 388] <... write resumed>) = 262144 [pid 387] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 388] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 21.613035][ T382] EXT4-fs (loop3): Ignoring removed nobh option [ 21.613234][ T381] EXT4-fs (loop4): Ignoring removed nobh option [ 21.623660][ T23] audit: type=1400 audit(1677063829.560:77): avc: denied { mounton } for pid=381 comm="syz-executor243" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.642478][ T380] EXT4-fs (loop5): Ignoring removed nobh option [ 21.650905][ T382] EXT4-fs (loop3): 1 truncate cleaned up [pid 387] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 388] <... openat resumed>) = 4 [pid 387] <... openat resumed>) = 4 [pid 374] <... ioctl resumed>) = 0 [pid 388] ioctl(4, LOOP_SET_FD, 3 [pid 387] ioctl(4, LOOP_SET_FD, 3 [pid 374] close(3) = 0 [pid 374] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 21.654764][ T380] EXT4-fs (loop5): Ignoring removed nobh option [ 21.662610][ T382] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [ 21.671081][ T381] EXT4-fs (loop4): 1 truncate cleaned up [ 21.685724][ T23] audit: type=1400 audit(1677063829.690:78): avc: denied { mount } for pid=382 comm="syz-executor243" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 374] mount("/dev/loop0", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [pid 387] <... ioctl resumed>) = 0 [pid 387] close(3) = 0 [pid 387] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 387] mount("/dev/loop2", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [pid 388] <... ioctl resumed>) = 0 [pid 388] close(3) = 0 [pid 388] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 388] mount("/dev/loop1", "./file0", "ext4", 0, "inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache"... [pid 382] <... mount resumed>) = 0 [pid 382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 382] chdir("./file0") = 0 [pid 382] ioctl(4, LOOP_CLR_FD) = 0 [pid 382] close(4) = 0 [pid 382] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 382] ioctl(4, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ [pid 377] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 21.699003][ T380] EXT4-fs (loop5): 1 truncate cleaned up [ 21.716804][ T381] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [ 21.726520][ T380] EXT4-fs (loop5): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [pid 380] <... mount resumed>) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 380] chdir("./file0") = 0 [pid 380] ioctl(4, LOOP_CLR_FD) = 0 [pid 380] close(4) = 0 [pid 380] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 377] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 377] ioctl(3, LOOP_CLR_FD [pid 381] <... mount resumed>) = 0 [pid 380] <... openat resumed>) = 4 [pid 377] <... ioctl resumed>) = 0 [pid 377] close(3) = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 380] ioctl(4, FS_IOC_GETFSMAP, 0x20000380 [pid 377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 381] <... openat resumed>) = 3 [pid 380] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 381] chdir("./file0" [pid 380] exit_group(0 [pid 377] <... clone resumed>, child_tidptr=0x5555566015d0) = 400 [pid 381] <... chdir resumed>) = 0 [pid 380] <... exit_group resumed>) = ? [pid 381] ioctl(4, LOOP_CLR_FD [pid 380] +++ exited with 0 +++ [pid 381] <... ioctl resumed>) = 0 [pid 379] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 381] close(4) = 0 [ 21.741986][ T23] audit: type=1400 audit(1677063829.720:79): avc: denied { write } for pid=382 comm="syz-executor243" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.762431][ T374] EXT4-fs (loop0): Ignoring removed nobh option [ 21.783298][ T374] EXT4-fs (loop0): Ignoring removed nobh option [ 21.792674][ T387] EXT4-fs (loop2): Ignoring removed nobh option [pid 381] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 379] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 379] ioctl(3, LOOP_CLR_FD) = 0 [pid 379] close(3) = 0 [pid 379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 401 ./strace-static-x86_64: Process 400 attached [pid 381] <... openat resumed>) = 4 [pid 381] ioctl(4, FS_IOC_GETFSMAP, 0x20000380 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3./strace-static-x86_64: Process 401 attached ) = 0 [pid 400] memfd_create("syzkaller", 0) = 3 [ 21.795952][ T23] audit: type=1400 audit(1677063829.720:80): avc: denied { add_name } for pid=382 comm="syz-executor243" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.819386][ T388] EXT4-fs (loop1): Ignoring removed nobh option [ 21.821165][ T23] audit: type=1400 audit(1677063829.720:81): avc: denied { create } for pid=382 comm="syz-executor243" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.828631][ T381] ------------[ cut here ]------------ [ 21.848844][ T387] EXT4-fs (loop2): Ignoring removed nobh option [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb3b2b2e000 [pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 400] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_SET_FD, 3 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 374] <... mount resumed>) = 0 [pid 401] <... prctl resumed>) = 0 [pid 400] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 401] setpgid(0, 0 [pid 400] ioctl(4, LOOP_CLR_FD [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 401] <... setpgid resumed>) = 0 [pid 400] <... ioctl resumed>) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] <... openat resumed>) = 3 [ 21.862309][ T388] EXT4-fs (loop1): Ignoring removed nobh option [ 21.868672][ T374] EXT4-fs (loop0): 1 truncate cleaned up [ 21.874654][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [ 21.893413][ T381] kernel BUG at fs/ext4/ext4.h:3248! [ 21.898844][ T381] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.904924][ T381] CPU: 0 PID: 381 Comm: syz-executor243 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [pid 401] write(3, "1000", 4 [pid 374] chdir("./file0" [pid 401] <... write resumed>) = 4 [pid 400] ioctl(4, LOOP_SET_FD, 3 [pid 374] <... chdir resumed>) = 0 [pid 401] close(3 [pid 374] ioctl(4, LOOP_CLR_FD [pid 401] <... close resumed>) = 0 [pid 400] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 374] <... ioctl resumed>) = 0 [pid 401] memfd_create("syzkaller", 0 [pid 400] close(4 [pid 374] close(4 [pid 401] <... memfd_create resumed>) = 3 [pid 400] <... close resumed>) = 0 [pid 374] <... close resumed>) = 0 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 400] close(3 [pid 374] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 401] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 400] <... close resumed>) = 0 [pid 374] <... openat resumed>) = 4 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 400] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 374] ioctl(4, FS_IOC_GETFSMAP, 0x20000380 [pid 401] <... write resumed>) = 262144 [pid 400] <... openat resumed>) = 3 [pid 374] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 400] ioctl(3, FS_IOC_GETFSMAP, 0x20000380 [pid 374] exit_group(0 [pid 400] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 374] <... exit_group resumed>) = ? [pid 400] exit_group(0 [pid 374] +++ exited with 0 +++ [pid 401] munmap(0x7fb3b2b2e000, 262144 [pid 400] <... exit_group resumed>) = ? [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 401] <... munmap resumed>) = 0 [pid 400] +++ exited with 0 +++ [pid 401] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 377] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 401] <... openat resumed>) = 4 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 401] ioctl(4, LOOP_SET_FD, 3 [pid 372] <... openat resumed>) = 3 [pid 401] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 21.915162][ T381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 21.925399][ T381] RIP: 0010:ext4_mb_load_buddy_gfp+0xe54/0xec0 [ 21.931563][ T381] Code: ff e8 40 13 c8 ff e9 c8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 14 f4 ff ff e8 46 13 c8 ff e9 0a f4 ff ff e8 ec 10 8e ff <0f> 0b e8 e5 10 8e ff 4c 89 ef e8 5d 64 cd ff e9 34 fc ff ff e8 d3 [ 21.937951][ T387] EXT4-fs (loop2): 1 truncate cleaned up [ 21.951174][ T381] RSP: 0018:ffffc90000b971f8 EFLAGS: 00010293 [ 21.951189][ T381] RAX: ffffffff81df10c4 RBX: 0000000000000001 RCX: ffff88810699a780 [ 21.951196][ T381] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 21.951205][ T381] RBP: ffffc90000b97290 R08: ffffffff81df034c R09: ffffc90000b97320 [ 21.951213][ T381] R10: fffff52000172e6b R11: 1ffff92000172e64 R12: 1ffff110209f3a79 [ 21.951231][ T381] R13: ffff888104f9c000 R14: 0000000000000001 R15: dffffc0000000000 [ 22.002695][ T381] FS: 0000555556601300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.011626][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.018371][ T381] CR2: 00005555566015d0 CR3: 00000001085f5000 CR4: 00000000003506b0 [ 22.026421][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.034397][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.042370][ T381] Call Trace: [ 22.045656][ T381] ext4_mballoc_query_range+0xb8/0x7a0 [ 22.051104][ T381] ? ext4_getfsmap_dev_compare+0x80/0x80 [ 22.056724][ T381] ? ext4_trim_all_free+0xb80/0xb80 [ 22.061931][ T381] ? kmem_cache_alloc_trace+0x1dd/0x330 [ 22.067739][ T381] ext4_getfsmap_datadev+0x1b7f/0x2710 [ 22.073206][ T381] ? sort_r+0x1387/0x13a0 [ 22.077552][ T381] ? ext4_getfsmap+0x10c0/0x10c0 [ 22.082478][ T381] ? ext4_getfsmap+0x10c0/0x10c0 [ 22.087491][ T381] ? ext4_getfsmap+0xb97/0x10c0 [ 22.092331][ T381] ? ext4_getfsmap+0x10c0/0x10c0 [ 22.097256][ T381] ext4_getfsmap+0xd66/0x10c0 [ 22.101922][ T381] ? ext4_fsmap_to_internal+0x260/0x260 [ 22.107458][ T381] ? ext4_getfsmap+0x10c0/0x10c0 [ 22.112397][ T381] ? ext4_shutdown+0x4d0/0x4d0 [ 22.117156][ T381] ? __reset_page_pinner+0x4d0/0x4d0 [ 22.122429][ T381] ? ext4_fsmap_to_internal+0x25/0x260 [ 22.127885][ T381] ext4_ioctl+0x35bd/0x6330 [ 22.132552][ T381] ? avc_has_extended_perms+0x731/0x1270 [ 22.138187][ T381] ? memcpy+0x56/0x70 [ 22.142158][ T381] ? ext4_has_metadata_csum+0x1f0/0x1f0 [ 22.147692][ T381] ? avc_has_extended_perms+0xb66/0x1270 [ 22.153314][ T381] ? avc_ss_reset+0x290/0x290 [ 22.157995][ T381] ? __kasan_check_write+0x14/0x20 [ 22.163093][ T381] ? __switch_to+0x5e4/0x1220 [ 22.167772][ T381] ? ioctl_has_perm+0x3da/0x560 [ 22.172639][ T381] ? __x32_compat_sys_ioctl+0x90/0x90 [ 22.178018][ T381] ? has_cap_mac_admin+0xb0/0xb0 [ 22.182944][ T381] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 22.188054][ T381] ? __kasan_check_write+0x14/0x20 [ 22.193258][ T381] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 22.198357][ T381] ? cgroup_update_frozen+0x155/0x320 [ 22.203715][ T381] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.208918][ T381] ? selinux_file_ioctl+0x3c9/0x530 [ 22.214120][ T381] ? ptrace_stop+0x6ff/0x9f0 [ 22.218697][ T381] ? selinux_file_alloc_security+0x120/0x120 [ 22.224670][ T381] ? _raw_spin_unlock_irq+0x4e/0x70 [ 22.229857][ T381] ? ptrace_notify+0x248/0x340 [ 22.234609][ T381] ? do_notify_parent+0xa40/0xa40 [ 22.239635][ T381] ? security_file_ioctl+0xb1/0xd0 [ 22.244746][ T381] ? ext4_has_metadata_csum+0x1f0/0x1f0 [ 22.250292][ T381] __se_sys_ioctl+0x115/0x190 [ 22.254952][ T381] __x64_sys_ioctl+0x7b/0x90 [ 22.259530][ T381] do_syscall_64+0x34/0x70 [ 22.263945][ T381] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 22.269824][ T381] RIP: 0033:0x7fb3baf7b3f9 [ 22.274227][ T381] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.293833][ T381] RSP: 002b:00007fff26697b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 22.302345][ T381] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fb3baf7b3f9 [ 22.310323][ T381] RDX: 0000000020000380 RSI: 00000000c0c0583b RDI: 0000000000000004 [ 22.318301][ T381] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d [ 22.326281][ T381] R10: 000000000000041b R11: 0000000000000246 R12: 00007fb3baf3a5d0 [ 22.334259][ T381] R13: 00007fff26697bb0 R14: 00007fff26697b9c R15: 00007fff26697ba0 [ 22.342225][ T381] Modules linked in: [pid 377] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 372] ioctl(3, LOOP_CLR_FD [pid 401] ioctl(4, LOOP_CLR_FD [pid 387] <... mount resumed>) = 0 [pid 401] <... ioctl resumed>) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 377] <... openat resumed>) = 3 [pid 372] <... ioctl resumed>) = 0 [ 22.352323][ T387] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [ 22.353541][ T381] ---[ end trace 44c298afa3ce7f60 ]--- [ 22.377025][ T23] audit: type=1400 audit(1677063829.720:82): avc: denied { read append open } for pid=382 comm="syz-executor243" path="/root/file0/cgroup.controllers" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.378026][ T381] RIP: 0010:ext4_mb_load_buddy_gfp+0xe54/0xec0 [ 22.403956][ T388] EXT4-fs (loop1): 1 truncate cleaned up [pid 387] <... openat resumed>) = 3 [pid 377] ioctl(3, LOOP_CLR_FD [pid 372] close(3 [pid 387] chdir("./file0" [pid 377] <... ioctl resumed>) = 0 [pid 372] <... close resumed>) = 0 [pid 387] <... chdir resumed>) = 0 [pid 377] close(3 [pid 372] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 401] ioctl(4, LOOP_SET_FD, 3 [pid 387] ioctl(4, LOOP_CLR_FD [pid 377] <... close resumed>) = 0 [pid 401] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 387] <... ioctl resumed>) = 0 [pid 377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 401] close(4 [pid 387] close(4 [pid 372] <... clone resumed>, child_tidptr=0x5555566015d0) = 406 [pid 401] <... close resumed>) = 0 [pid 387] <... close resumed>) = 0 [pid 377] <... clone resumed>, child_tidptr=0x5555566015d0) = 407 [pid 401] close(3 [pid 387] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 401] <... close resumed>) = 0 [pid 401] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 401] ioctl(3, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 401] exit_group(0) = ? [pid 401] +++ exited with 0 +++ [pid 379] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 379] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 379] ioctl(3, LOOP_CLR_FD) = 0 [pid 379] close(3) = 0 [pid 379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 408 [pid 387] <... openat resumed>) = 4 [pid 387] ioctl(4, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 376] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 376] ioctl(3, LOOP_CLR_FD) = 0 [pid 376] close(3) = 0 [pid 376] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566015d0) = 409 ./strace-static-x86_64: Process 409 attached ./strace-static-x86_64: Process 408 attached ./strace-static-x86_64: Process 407 attached ./strace-static-x86_64: Process 406 attached [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 388] <... mount resumed>) = 0 [pid 409] <... prctl resumed>) = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 409] setpgid(0, 0 [pid 406] <... prctl resumed>) = 0 [pid 388] <... openat resumed>) = 3 [pid 409] <... setpgid resumed>) = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 406] setpgid(0, 0 [pid 388] chdir("./file0" [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 407] <... prctl resumed>) = 0 [pid 406] <... setpgid resumed>) = 0 [pid 388] <... chdir resumed>) = 0 [pid 409] <... openat resumed>) = 3 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 388] ioctl(4, LOOP_CLR_FD [pid 407] setpgid(0, 0 [pid 409] write(3, "1000", 4 [pid 407] <... setpgid resumed>) = 0 [pid 406] <... openat resumed>) = 3 [pid 388] <... ioctl resumed>) = 0 [pid 409] <... write resumed>) = 4 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 406] write(3, "1000", 4 [pid 388] close(4 [pid 409] close(3 [pid 407] <... openat resumed>) = 3 [pid 406] <... write resumed>) = 4 [pid 388] <... close resumed>) = 0 [pid 409] <... close resumed>) = 0 [pid 407] write(3, "1000", 4 [pid 406] close(3 [pid 388] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 409] memfd_create("syzkaller", 0 [pid 407] <... write resumed>) = 4 [pid 406] <... close resumed>) = 0 [pid 409] <... memfd_create resumed>) = 3 [pid 388] <... openat resumed>) = 4 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 407] close(3 [pid 406] memfd_create("syzkaller", 0 [pid 388] ioctl(4, FS_IOC_GETFSMAP, 0x20000380 [pid 409] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 408] <... prctl resumed>) = 0 [pid 407] <... close resumed>) = 0 [pid 406] <... memfd_create resumed>) = 3 [pid 388] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [ 22.410298][ T381] Code: ff e8 40 13 c8 ff e9 c8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 14 f4 ff ff e8 46 13 c8 ff e9 0a f4 ff ff e8 ec 10 8e ff <0f> 0b e8 e5 10 8e ff 4c 89 ef e8 5d 64 cd ff e9 34 fc ff ff e8 d3 [ 22.414351][ T388] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000,block_validity,debug_want_extra_isize=0x0000000000000064,nombcache,nobh,nobh,,errors=continue [ 22.433827][ T381] RSP: 0018:ffffc90000b971f8 EFLAGS: 00010293 [ 22.433851][ T381] RAX: ffffffff81df10c4 RBX: 0000000000000001 RCX: ffff88810699a780 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 408] setpgid(0, 0 [pid 407] memfd_create("syzkaller", 0 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 388] exit_group(0 [pid 409] <... write resumed>) = 262144 [pid 408] <... setpgid resumed>) = 0 [pid 407] <... memfd_create resumed>) = 3 [pid 406] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 388] <... exit_group resumed>) = ? [pid 409] munmap(0x7fb3b2b2e000, 262144 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 409] <... munmap resumed>) = 0 [pid 408] <... openat resumed>) = 3 [pid 407] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 388] +++ exited with 0 +++ [pid 409] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 408] write(3, "1000", 4 [pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 409] <... openat resumed>) = 4 [pid 408] <... write resumed>) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3 [pid 408] close(3 [pid 409] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 408] <... close resumed>) = 0 [pid 409] ioctl(4, LOOP_CLR_FD [pid 408] memfd_create("syzkaller", 0 [pid 409] <... ioctl resumed>) = 0 [pid 408] <... memfd_create resumed>) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb3b2b2e000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 409] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 409] close(4) = 0 [pid 409] close(3) = 0 [pid 409] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 406] <... write resumed>) = 262144 [pid 409] ioctl(3, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 409] exit_group(0) = ? [pid 409] +++ exited with 0 +++ [pid 375] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 407] <... write resumed>) = 262144 [pid 406] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 407] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 407] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 407] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] <... write resumed>) = 262144 [pid 408] munmap(0x7fb3b2b2e000, 262144) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 408] ioctl(4, LOOP_CLR_FD [pid 406] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 406] close(4) = 0 [pid 406] close(3) = 0 [pid 407] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 407] close(4) = 0 [pid 407] close(3) = 0 [pid 406] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 406] ioctl(3, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 406] exit_group(0 [pid 376] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 406] <... exit_group resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 407] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 408] <... ioctl resumed>) = 0 [pid 407] ioctl(3, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 407] exit_group(0) = ? [pid 407] +++ exited with 0 +++ [pid 408] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 408] close(4) = 0 [pid 408] close(3) = 0 [pid 408] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 408] ioctl(3, FS_IOC_GETFSMAP, 0x20000380) = -1 EINVAL (Invalid argument) [pid 408] exit_group(0) = ? [pid 408] +++ exited with 0 +++ [pid 376] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 375] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 379] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 377] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 379] restart_syscall(<... resuming interrupted clone ...> [pid 377] restart_syscall(<... resuming interrupted clone ...> [pid 379] <... restart_syscall resumed>) = 0 [pid 377] <... restart_syscall resumed>) = 0 [ 22.477394][ T381] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 22.486532][ T381] RBP: ffffc90000b97290 R08: ffffffff81df034c R09: ffffc90000b97320 [ 22.496241][ T381] R10: fffff52000172e6b R11: 1ffff92000172e64 R12: 1ffff110209f3a79 [ 22.504844][ T381] R13: ffff888104f9c000 R14: 0000000000000001 R15: dffffc0000000000 [ 22.513694][ T381] FS: 0000555556601300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [pid 379] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 377] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 379] <... openat resumed>) = 3 [pid 377] <... openat resumed>) = 3 [pid 379] ioctl(3, LOOP_CLR_FD [pid 377] ioctl(3, LOOP_CLR_FD [pid 379] <... ioctl resumed>) = 0 [pid 377] <... ioctl resumed>) = 0 [pid 379] close(3 [pid 377] close(3 [pid 376] <... openat resumed>) = 3 [pid 375] <... openat resumed>) = 3 [pid 372] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 379] <... close resumed>) = 0 [pid 377] <... close resumed>) = 0 [pid 379] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 377] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 379] <... clone resumed>, child_tidptr=0x5555566015d0) = 410 [pid 377] <... clone resumed>, child_tidptr=0x5555566015d0) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 410 attached [pid 411] write(3, "1000", 4 [pid 376] ioctl(3, LOOP_CLR_FD [pid 375] ioctl(3, LOOP_CLR_FD [pid 372] restart_syscall(<... resuming interrupted clone ...> [pid 411] <... write resumed>) = 4 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 411] close(3) = 0 [pid 410] <... prctl resumed>) = 0 [pid 410] setpgid(0, 0 [pid 411] memfd_create("syzkaller", 0 [pid 410] <... setpgid resumed>) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 411] <... memfd_create resumed>) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 410] <... openat resumed>) = 3 [pid 411] <... mmap resumed>) = 0x7fb3b2b2e000 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3 [pid 376] <... ioctl resumed>) = 0 [pid 375] <... ioctl resumed>) = 0 [pid 376] close(3 [pid 372] <... restart_syscall resumed>) = 0 [pid 375] close(3 [pid 410] <... close resumed>) = 0 [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb3b2b2e000 [pid 376] <... close resumed>) = 0 [pid 375] <... close resumed>) = 0 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 22.523027][ T381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.529805][ T381] CR2: 00007fff26697b68 CR3: 00000001085f5000 CR4: 00000000003506b0 [ 22.537893][ T381] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.545977][ T381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.554185][ T381] Kernel panic - not syncing: Fatal exception [ 22.560462][ T381] Kernel Offset: disabled [ 22.564807][ T381] Rebooting in 86400 seconds..