./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1607027358 <...> Warning: Permanently added '10.128.1.71' (ECDSA) to the list of known hosts. execve("./syz-executor1607027358", ["./syz-executor1607027358"], 0x7ffe6a191560 /* 10 vars */) = 0 brk(NULL) = 0x55555661a000 brk(0x55555661ac40) = 0x55555661ac40 arch_prctl(ARCH_SET_FS, 0x55555661a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555661a5d0) = 297 set_robust_list(0x55555661a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f02be7fc700, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f02be7fcdd0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f02be7fc7a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02be7fcdd0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1607027358", 4096) = 28 brk(0x55555663bc40) = 0x55555663bc40 brk(0x55555663c000) = 0x55555663c000 mprotect(0x7f02be8be000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 300 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 301 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 302 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x55555661a5e0, 24) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 303] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 303] close(3) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 305 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55555661a5e0, 24) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 302] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 302] close(3) = 0 ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 301 attached [pid 300] set_robust_list(0x55555661a5e0, 24 [pid 299] set_robust_list(0x55555661a5e0, 24 [pid 298] set_robust_list(0x55555661a5e0, 24./strace-static-x86_64: Process 305 attached [pid 301] set_robust_list(0x55555661a5e0, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555661a5e0, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02be7cb000 [pid 306] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[308], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 308 [pid 306] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 305] set_robust_list(0x55555661a5e0, 24 [pid 301] <... set_robust_list resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 ./strace-static-x86_64: Process 308 attached [pid 305] <... set_robust_list resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [ 26.984901][ T28] audit: type=1400 audit(1684337091.874:66): avc: denied { execmem } for pid=297 comm="syz-executor160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.004644][ T28] audit: type=1400 audit(1684337091.874:67): avc: denied { read write } for pid=303 comm="syz-executor160" name="loop5" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 308] set_robust_list(0x7f02be7eb9e0, 24) = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02b63cb000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 308] munmap(0x7f02b63cb000, 524288) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 308] <... ioctl resumed>) = 0 [pid 308] close(3) = 0 [pid 308] mkdir("./file0", 0777) = 0 [pid 308] mount("/dev/loop4", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 305] <... prctl resumed>) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02be7cb000 [pid 305] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[311], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 311 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 312 [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] close(3 [pid 298] close(3./strace-static-x86_64: Process 313 attached ./strace-static-x86_64: Process 312 attached [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 27.029898][ T28] audit: type=1400 audit(1684337091.874:68): avc: denied { open } for pid=303 comm="syz-executor160" path="/dev/loop5" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 27.044980][ T308] loop4: detected capacity change from 0 to 1024 [ 27.054731][ T28] audit: type=1400 audit(1684337091.874:69): avc: denied { ioctl } for pid=303 comm="syz-executor160" path="/dev/loop5" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached [pid 313] set_robust_list(0x55555661a5e0, 24 [pid 312] set_robust_list(0x55555661a5e0, 24 [pid 299] <... clone resumed>, child_tidptr=0x55555661a5d0) = 314 ./strace-static-x86_64: Process 315 attached ./strace-static-x86_64: Process 314 attached [pid 313] <... set_robust_list resumed>) = 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 311] set_robust_list(0x7f02be7eb9e0, 24 [pid 298] <... clone resumed>, child_tidptr=0x55555661a5d0) = 315 [pid 315] set_robust_list(0x55555661a5e0, 24 [pid 314] set_robust_list(0x55555661a5e0, 24 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 315] <... set_robust_list resumed>) = 0 [pid 314] <... set_robust_list resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] <... set_robust_list resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x55555661a5d0) = 313 [pid 313] <... prctl resumed>) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] memfd_create("syzkaller", 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] setpgid(0, 0 [pid 312] <... prctl resumed>) = 0 [pid 315] <... prctl resumed>) = 0 [pid 314] <... prctl resumed>) = 0 [pid 313] <... setpgid resumed>) = 0 [pid 311] <... memfd_create resumed>) = 3 [pid 315] setpgid(0, 0 [pid 312] setpgid(0, 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 315] <... setpgid resumed>) = 0 [pid 314] setpgid(0, 0 [pid 312] <... setpgid resumed>) = 0 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 314] <... setpgid resumed>) = 0 [pid 313] <... openat resumed>) = 3 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] <... mmap resumed>) = 0x7f02b63cb000 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 315] <... openat resumed>) = 3 [pid 314] <... openat resumed>) = 3 [pid 313] write(3, "1000", 4 [pid 312] <... openat resumed>) = 3 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 312] write(3, "1000", 4 [pid 315] write(3, "1000", 4 [pid 314] write(3, "1000", 4 [pid 313] <... write resumed>) = 4 [pid 315] <... write resumed>) = 4 [pid 314] <... write resumed>) = 4 [pid 313] close(3 [pid 312] <... write resumed>) = 4 [pid 311] <... write resumed>) = 524288 [pid 311] munmap(0x7f02b63cb000, 524288) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3 [pid 315] close(3 [pid 314] close(3 [pid 313] <... close resumed>) = 0 [pid 312] close(3 [pid 315] <... close resumed>) = 0 [pid 314] <... close resumed>) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... close resumed>) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 312] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] <... futex resumed>) = 0 [pid 313] <... mmap resumed>) = 0x7f02be7cb000 [ 27.087554][ T28] audit: type=1400 audit(1684337091.954:70): avc: denied { mounton } for pid=306 comm="syz-executor160" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 27.114619][ T308] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 315] <... mmap resumed>) = 0x7f02be7cb000 [pid 314] <... mmap resumed>) = 0x7f02be7cb000 [pid 313] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 312] <... mmap resumed>) = 0x7f02be7cb000 [pid 308] <... mount resumed>) = 0 [pid 315] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 314] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 313] <... mprotect resumed>) = 0 [pid 312] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 315] <... mprotect resumed>) = 0 [pid 314] <... mprotect resumed>) = 0 [pid 313] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 312] <... mprotect resumed>) = 0 [pid 308] <... openat resumed>) = 3 [pid 315] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 312] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 314] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 308] chdir("./file0") = 0 ./strace-static-x86_64: Process 316 attached ./strace-static-x86_64: Process 319 attached ./strace-static-x86_64: Process 318 attached ./strace-static-x86_64: Process 317 attached [pid 314] <... clone resumed>, parent_tid=[317], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 317 [pid 313] <... clone resumed>, parent_tid=[316], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 316 [pid 311] <... ioctl resumed>) = 0 [pid 308] ioctl(4, LOOP_CLR_FD [pid 319] set_robust_list(0x7f02be7eb9e0, 24 [pid 318] set_robust_list(0x7f02be7eb9e0, 24 [pid 317] set_robust_list(0x7f02be7eb9e0, 24 [pid 316] set_robust_list(0x7f02be7eb9e0, 24 [pid 315] <... clone resumed>, parent_tid=[318], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 318 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... clone resumed>, parent_tid=[319], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 319 [pid 311] close(3 [pid 308] <... ioctl resumed>) = 0 [pid 319] <... set_robust_list resumed>) = 0 [pid 318] <... set_robust_list resumed>) = 0 [pid 317] <... set_robust_list resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 0 [pid 312] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] close(4 [pid 311] <... close resumed>) = 0 [pid 311] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 311] mount("/dev/loop5", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 319] memfd_create("syzkaller", 0 [pid 318] memfd_create("syzkaller", 0 [pid 315] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 0 [pid 317] memfd_create("syzkaller", 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 316] memfd_create("syzkaller", 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 312] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 319] <... memfd_create resumed>) = 3 [pid 318] <... memfd_create resumed>) = 3 [pid 317] <... memfd_create resumed>) = 3 [pid 308] <... close resumed>) = 0 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 316] <... memfd_create resumed>) = 3 [pid 308] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... mmap resumed>) = 0x7f02b63cb000 [pid 318] <... mmap resumed>) = 0x7f02b63cb000 [pid 317] <... mmap resumed>) = 0x7f02b63cb000 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 308] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 306] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 27.123928][ T28] audit: type=1400 audit(1684337092.014:71): avc: denied { mount } for pid=306 comm="syz-executor160" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 27.125169][ T311] loop5: detected capacity change from 0 to 1024 [ 27.163904][ T28] audit: type=1400 audit(1684337092.054:72): avc: denied { mounton } for pid=305 comm="syz-executor160" path="/root/file0" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 306] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... write resumed>) = 524288 [pid 318] <... write resumed>) = 524288 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 316] <... mmap resumed>) = 0x7f02b63cb000 [pid 308] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 319] munmap(0x7f02b63cb000, 524288 [pid 318] munmap(0x7f02b63cb000, 524288 [pid 311] <... mount resumed>) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./file0") = 0 [pid 317] <... write resumed>) = 524288 [pid 311] ioctl(4, LOOP_CLR_FD) = 0 [pid 311] close(4 [pid 319] <... munmap resumed>) = 0 [pid 318] <... munmap resumed>) = 0 [pid 317] munmap(0x7f02b63cb000, 524288 [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 311] <... close resumed>) = 0 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 306] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 306] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b642a000 [pid 306] mprotect(0x7f02b642b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f02b644a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[321], tls=0x7f02b644a700, child_tidptr=0x7f02b644a9d0) = 321 [pid 306] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] ftruncate(5, 33587199) = 0 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] sendfile(4, 5, NULL, 281474978811909 [pid 319] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 319] <... openat resumed>) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3 [pid 318] <... openat resumed>) = 4 [pid 318] ioctl(4, LOOP_SET_FD, 3 [pid 317] <... munmap resumed>) = 0 [pid 318] <... ioctl resumed>) = 0 [pid 311] <... sendfile resumed>) = 376832 [pid 316] <... write resumed>) = 524288 [pid 317] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 316] munmap(0x7f02b63cb000, 524288 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 321 attached [pid 319] <... ioctl resumed>) = 0 [pid 318] close(3 [pid 317] <... openat resumed>) = 4 [pid 305] <... futex resumed>) = 0 [pid 321] set_robust_list(0x7f02b644a9e0, 24 [pid 319] close(3 [pid 318] <... close resumed>) = 0 [pid 316] <... munmap resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... set_robust_list resumed>) = 0 [pid 319] <... close resumed>) = 0 [pid 318] mkdir("./file0", 0777 [pid 317] ioctl(4, LOOP_SET_FD, 3 [pid 316] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [ 27.168917][ T311] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 27.200458][ T28] audit: type=1400 audit(1684337092.094:73): avc: denied { write } for pid=306 comm="syz-executor160" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.223025][ T319] loop3: detected capacity change from 0 to 1024 [ 27.229434][ T318] loop0: detected capacity change from 0 to 1024 [pid 311] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5) = 1099 [pid 311] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] exit_group(0) = ? [pid 311] <... futex resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ [pid 321] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 319] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 319] mount("/dev/loop3", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 318] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 318] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 317] <... ioctl resumed>) = 0 [pid 316] <... openat resumed>) = 4 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] futex(0x7f02be8c47cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b6409000 [pid 306] mprotect(0x7f02b640a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f02b64293f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[323], tls=0x7f02b6429700, child_tidptr=0x7f02b64299d0) = 323 [pid 306] futex(0x7f02be8c47c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f02b64299e0, 24) = 0 [pid 323] ftruncate(-1, 33587199) = -1 EBADF (Bad file descriptor) [pid 323] futex(0x7f02be8c47cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f02be8c47c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] sendfile(-1, -1, NULL, 281474978811909) = -1 EBADF (Bad file descriptor) [pid 323] futex(0x7f02be8c47cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f02be8c47c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = -1 ENOENT (No such file or directory) [pid 323] futex(0x7f02be8c47cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f02be8c47c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f02be8c47cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 319] <... mount resumed>) = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("./file0") = 0 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [ 27.238762][ T28] audit: type=1400 audit(1684337092.094:74): avc: denied { add_name } for pid=306 comm="syz-executor160" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 27.259622][ T317] loop1: detected capacity change from 0 to 1024 [ 27.261805][ T319] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [pid 319] close(4 [pid 317] close(3 [pid 316] ioctl(4, LOOP_SET_FD, 3 [pid 319] <... close resumed>) = 0 [pid 319] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] <... close resumed>) = 0 [pid 317] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 317] mount("/dev/loop1", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 303] ioctl(3, LOOP_CLR_FD) = 0 [pid 303] close(3) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 312] <... futex resumed>) = 0 [pid 316] <... ioctl resumed>) = 0 [pid 312] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... clone resumed>, child_tidptr=0x55555661a5d0) = 325 [pid 308] <... open resumed>) = 4 [pid 323] <... open resumed>) = 6 [pid 321] <... open resumed>) = 5 [pid 312] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 325 attached [pid 316] close(3 [pid 323] futex(0x7f02be8c47cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = 1 [pid 321] <... futex resumed>) = 0 [pid 316] <... close resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 308] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 323] futex(0x7f02be8c47c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] mount("/dev/loop2", "./file0", "ext4", MS_NOSUID|MS_SILENT|MS_STRICTATIME, "grpquota,debug_want_extra_isize=0x0000000000000082,nodiscard,nojournal_checksum,data=ordered,init_it"... [pid 306] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 0 [pid 308] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 319] <... futex resumed>) = 0 [pid 319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 325] set_robust_list(0x55555661a5e0, 24) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4 [pid 308] <... writev resumed>) = 1099 [pid 308] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 308] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0 [pid 323] <... futex resumed>) = ? [pid 321] <... futex resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ [pid 308] <... futex resumed>) = ? [pid 325] <... write resumed>) = 4 [pid 325] close(3) = 0 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02be7cb000 [pid 325] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 319] <... open resumed>) = 4 [pid 325] <... mprotect resumed>) = 0 [pid 325] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 319] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... clone resumed>, parent_tid=[330], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 330 [pid 325] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7f02be7eb9e0, 24) = 0 [pid 330] memfd_create("syzkaller", 0) = 3 [pid 312] <... futex resumed>) = 0 [pid 317] <... mount resumed>) = 0 [pid 308] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 312] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 312] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 319] <... futex resumed>) = 0 [pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 302] <... openat resumed>) = 3 [pid 302] ioctl(3, LOOP_CLR_FD) = 0 [pid 302] close(3) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 331 [pid 317] <... openat resumed>) = 3 [pid 317] chdir("./file0") = 0 [pid 317] ioctl(4, LOOP_CLR_FD) = 0 [pid 317] close(4) = 0 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 319] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 319] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] ftruncate(5, 33587199) = 0 [pid 319] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] sendfile(4, 5, NULL, 281474978811909 [pid 317] <... open resumed>) = 4 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] ftruncate(5, 33587199) = 0 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [ 27.266055][ T28] audit: type=1400 audit(1684337092.094:75): avc: denied { create } for pid=306 comm="syz-executor160" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 27.295316][ T316] loop2: detected capacity change from 0 to 1024 [ 27.305977][ T317] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 27.317411][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 317] sendfile(4, 5, NULL, 281474978811909 [pid 330] <... mmap resumed>) = 0x7f02b63cb000 [pid 318] <... mount resumed>) = 0 [pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 318] chdir("./file0") = 0 [pid 318] ioctl(4, LOOP_CLR_FD) = 0 [pid 318] close(4) = 0 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] ftruncate(5, 33587199) = 0 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] sendfile(4, 5, NULL, 281474978811909 [pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x55555661a5e0, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 330] <... write resumed>) = 524288 [pid 331] <... prctl resumed>) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4 [pid 312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b642a000 [pid 312] mprotect(0x7f02b642b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] clone(child_stack=0x7f02b644a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[332], tls=0x7f02b644a700, child_tidptr=0x7f02b644a9d0) = 332 [pid 312] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 331] <... write resumed>) = 4 [pid 331] close(3 [pid 314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 314] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... close resumed>) = 0 [pid 314] <... futex resumed>) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b642a000 [pid 314] mprotect(0x7f02b642b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] clone(child_stack=0x7f02b644a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[333], tls=0x7f02b644a700, child_tidptr=0x7f02b644a9d0) = 333 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... sendfile resumed>) = 376832 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 331] <... futex resumed>) = 0 [pid 318] <... mount resumed>) = 0 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5) = 1099 [pid 318] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] exit_group(0) = ? [pid 318] <... futex resumed>) = ? [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 318] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ [pid 330] munmap(0x7f02b63cb000, 524288 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = 0 [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 331] <... mmap resumed>) = 0x7f02be7cb000 [pid 316] <... mount resumed>) = 0 [pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 316] chdir("./file0") = 0 [pid 316] ioctl(4, LOOP_CLR_FD [pid 331] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 298] <... clone resumed>, child_tidptr=0x55555661a5d0) = 334 [pid 316] <... ioctl resumed>) = 0 [pid 316] close(4 [pid 330] <... munmap resumed>) = 0 [pid 331] <... mprotect resumed>) = 0 [pid 316] <... close resumed>) = 0 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 331] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 316] <... futex resumed>) = 1 [pid 316] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ftruncate(5, 33587199) = 0 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [ 27.346727][ T316] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [pid 316] sendfile(4, 5, NULL, 281474978811909 [pid 330] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 331] <... clone resumed>, parent_tid=[335], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 335 [pid 330] <... openat resumed>) = 4 [pid 331] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] ioctl(4, LOOP_SET_FD, 3 [pid 331] <... futex resumed>) = 0 [pid 330] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7f02be7eb9e0, 24) = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02b63cb000 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 330] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 330] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 330] close(4./strace-static-x86_64: Process 332 attached ) = 0 [pid 330] close(3 [pid 335] <... write resumed>) = 524288 [pid 332] set_robust_list(0x7f02b644a9e0, 24 [pid 330] <... close resumed>) = 0 [pid 330] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 334 attached [pid 332] <... set_robust_list resumed>) = 0 [pid 330] <... futex resumed>) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] munmap(0x7f02b63cb000, 524288) = 0 [pid 332] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 330] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 335] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 334] set_robust_list(0x55555661a5e0, 24 [pid 335] <... openat resumed>) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 335] ioctl(4, LOOP_CLR_FD [pid 330] <... open resumed>) = 3 [pid 335] <... ioctl resumed>) = 0 [pid 330] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... set_robust_list resumed>) = 0 [pid 325] <... futex resumed>) = 0 [pid 330] <... futex resumed>) = 1 [pid 325] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 330] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 335] close(4) = 0 [pid 335] close(3 [pid 334] <... prctl resumed>) = 0 [pid 332] <... mount resumed>) = 0 [pid 330] <... open resumed>) = 4 [pid 334] setpgid(0, 0 [pid 332] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 333 attached [pid 334] <... setpgid resumed>) = 0 [pid 332] <... futex resumed>) = 1 [pid 330] <... futex resumed>) = 1 [pid 325] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 0 [pid 325] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 0 [pid 335] <... close resumed>) = 0 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] ftruncate(4, 33587199 [pid 332] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 330] <... ftruncate resumed>) = 0 [pid 332] <... open resumed>) = 6 [pid 330] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... openat resumed>) = 3 [pid 331] <... futex resumed>) = 0 [pid 332] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... futex resumed>) = 1 [pid 325] <... futex resumed>) = 0 [pid 334] write(3, "1000", 4 [pid 332] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 330] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 0 [pid 312] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 334] <... write resumed>) = 4 [pid 333] set_robust_list(0x7f02b644a9e0, 24 [pid 332] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = 0 [pid 335] <... open resumed>) = 3 [pid 312] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 330] sendfile(3, 4, NULL, 281474978811909 [pid 335] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 331] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... open resumed>) = 4 [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 0 [pid 335] ftruncate(4, 33587199 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... writev resumed>) = 1099 [pid 335] <... ftruncate resumed>) = 0 [pid 335] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] close(3 [pid 332] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 335] sendfile(3, 4, NULL, 281474978811909 [pid 331] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = 1 [pid 334] <... close resumed>) = 0 [pid 333] <... set_robust_list resumed>) = 0 [pid 334] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 334] <... futex resumed>) = 0 [pid 317] <... sendfile resumed>) = 376832 [pid 333] <... mount resumed>) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... mmap resumed>) = 0x7f02be7cb000 [pid 333] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 0 [pid 316] <... sendfile resumed>) = 376832 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5) = 1099 [pid 316] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] exit_group(0) = ? [pid 316] <... futex resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 334] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 333] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 300] <... openat resumed>) = 3 [pid 334] <... mprotect resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 317] <... open resumed>) = 6 [pid 300] <... ioctl resumed>) = 0 [pid 300] close(3) = 0 [pid 334] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555661a5d0) = 337 [pid 314] <... futex resumed>) = 0 [pid 334] <... clone resumed>, parent_tid=[338], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 338 [pid 317] <... futex resumed>) = 1 [pid 314] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] writev(6, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 334] <... futex resumed>) = 0 [pid 314] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 317] <... writev resumed>) = 1099 [pid 317] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 314] exit_group(0) = ? [pid 333] <... futex resumed>) = ? [pid 333] +++ exited with 0 +++ ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x55555661a5e0, 24) = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02be7cb000 [pid 337] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[339], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 339 [pid 337] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f02be7eb9e0, 24) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02b63cb000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 339] munmap(0x7f02b63cb000, 524288) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 339] close(4) = 0 [pid 339] close(3) = 0 [pid 339] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... open resumed>) = 3 [pid 339] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 337] <... futex resumed>) = 0 [pid 339] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 337] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... open resumed>) = 4 [pid 337] <... futex resumed>) = 0 [pid 339] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] ftruncate(4, 33587199 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 317] +++ exited with 0 +++ [pid 314] +++ exited with 0 +++ [pid 325] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 325] <... futex resumed>) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b642a000 [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 325] mprotect(0x7f02b642b000, 131072, PROT_READ|PROT_WRITE [pid 299] <... openat resumed>) = 3 [pid 325] <... mprotect resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 325] clone(child_stack=0x7f02b644a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 299] <... ioctl resumed>) = 0 [pid 299] close(3 [pid 325] <... clone resumed>, parent_tid=[340], tls=0x7f02b644a700, child_tidptr=0x7f02b644a9d0) = 340 [pid 299] <... close resumed>) = 0 [pid 325] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] <... futex resumed>) = 0 [pid 331] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 325] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... clone resumed>, child_tidptr=0x55555661a5d0) = 341 [pid 331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 331] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02b642a000 [pid 331] mprotect(0x7f02b642b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 331] clone(child_stack=0x7f02b644a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[342], tls=0x7f02b644a700, child_tidptr=0x7f02b644a9d0) = 342 [pid 331] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 27.442310][ T319] EXT4-fs error (device loop3): ext4_map_blocks:731: inode #18: block 491: comm syz-executor160: lblock 347 mapped to illegal pblock 491 (length 1) [pid 331] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... ftruncate resumed>) = 0 [pid 339] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 342 attached ./strace-static-x86_64: Process 341 attached ./strace-static-x86_64: Process 340 attached ) = 1 [pid 338] set_robust_list(0x7f02be7eb9e0, 24 [pid 337] <... futex resumed>) = 0 [pid 319] <... sendfile resumed>) = 327680 [pid 342] set_robust_list(0x7f02b644a9e0, 24 [pid 341] set_robust_list(0x55555661a5e0, 24 [pid 340] set_robust_list(0x7f02b644a9e0, 24 [pid 339] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... set_robust_list resumed>) = 0 [pid 337] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] exit_group(0 [pid 342] <... set_robust_list resumed>) = 0 [pid 341] <... set_robust_list resumed>) = 0 [pid 340] <... set_robust_list resumed>) = 0 [pid 339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] memfd_create("syzkaller", 0 [pid 337] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = ? [pid 319] <... futex resumed>) = ? [pid 312] <... exit_group resumed>) = ? [pid 342] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 340] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 339] sendfile(3, 4, NULL, 281474978811909 [pid 338] <... memfd_create resumed>) = 3 [pid 337] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ [pid 341] <... prctl resumed>) = 0 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 341] setpgid(0, 0 [pid 338] <... mmap resumed>) = 0x7f02b63cb000 [pid 341] <... setpgid resumed>) = 0 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] <... write resumed>) = 524288 [pid 341] <... openat resumed>) = 3 [pid 341] write(3, "1000", 4 [pid 338] munmap(0x7f02b63cb000, 524288 [pid 341] <... write resumed>) = 4 [pid 341] close(3 [pid 338] <... munmap resumed>) = 0 [pid 341] <... close resumed>) = 0 [pid 341] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 341] <... futex resumed>) = 0 [pid 341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 338] <... openat resumed>) = 4 [pid 341] <... mmap resumed>) = 0x7f02be7cb000 [pid 341] mprotect(0x7f02be7cc000, 131072, PROT_READ|PROT_WRITE [pid 338] ioctl(4, LOOP_SET_FD, 3 [pid 341] <... mprotect resumed>) = 0 [pid 338] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 341] clone(child_stack=0x7f02be7eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] <... clone resumed>, parent_tid=[343], tls=0x7f02be7eb700, child_tidptr=0x7f02be7eb9d0) = 343 [pid 341] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 338] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 338] close(4) = 0 [pid 338] close(3 [pid 342] <... mount resumed>) = 0 [pid 340] <... mount resumed>) = 0 [pid 338] <... close resumed>) = 0 [pid 340] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... futex resumed>) = 0 [pid 342] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 325] <... futex resumed>) = 1 [pid 340] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 325] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = 1 [pid 334] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 0 [pid 340] <... open resumed>) = 5 [pid 342] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] <... futex resumed>) = 1 [pid 334] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 0 [pid 325] <... futex resumed>) = 0 [pid 342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 340] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 331] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... open resumed>) = 3 [pid 325] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] writev(5, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 338] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] <... futex resumed>) = 0 [pid 338] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... writev resumed>) = 1099 [pid 342] <... open resumed>) = 5 [pid 342] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 340] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 325] <... futex resumed>) = 0 [pid 342] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] futex(0x7f02be8c47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 0 [pid 342] writev(5, [{iov_base="\x46\xbd\x26\x2b\x9e\x1b\xd9\xd3\x26\x37\x9b\x13\x50\x4d\xd6\xfd\xac\xc6\xcd\x5c\x17\x5a\xf2\xf8\x3d\x3a\x25\xb3\x2e\xa9\x45\xdb\x18\x66\x51\x15\x58\xa3\x92\x3f\xd7\xe7\x7e\xa6\x78\x86\xda\x01\x84\x34\x97\x0f\x86\x4b\x4c\x1a\x9c\x55\xcc\x54\xda\xf1\x12\x18\xab\x55\x1b\xe9\xde\xac\x81\xf1\x65\x69\xe1\xaa\x70\x43\x8e\xc3\x22\xed\x93\xf4\xc0\x4b\xa6\xe8\xb6\xe2\x84\x79\x03\xf8\x58\x76\xe9\x86\x0c\x5f"..., iov_len=110}, {iov_base="\xc1\x3f\x4e\x2a\xf2\x9b\xb0\x30\x8e\x36\x30\x3a\x7b\x03\x07\xff\x53\x78\x57\xa1\x6d\xd7\x4e\x47\xe6\x96\xf9\xc7\xae\xb7\x27\x65\xad\xba\xd6\x1d\x04\xf9\x3e\x4a\x5e\xb4\x13\x71\x31\x71\xdf\xd3\x73\x1b\x74\xf0\xc9\x3a\xd2\x70\x2a\x1c\x9d\x49\x28\x98\x77\x69\xf2\x25\xe4\xdc\x5d\xd8\xe8\xae\x3c\x31\xc0\x8d\x5d\x1e\x0b\x49\x27\xb0\x26\x15\x35\x2b\x6b\x55\x7b\x48\x9e\x35\x2d\x07\x87\x94\x37\x47\x8d\xc8"..., iov_len=132}, {iov_base="\x34\xee\x3a\x2c\x11\x7e\x44\x32\x79\xe6\x7b\xfc\xba\x85\xae\xb6\xdb\x8c\x5b\x21\x8f\xcc\x1d\xca\xc5\x59\xe0\x50\x48\xcd\x76\xcc\xd8\x54\xd7\x37\xc4\x62\x2b\xc8\xc9\xb8\x2f\x51\x77\xf2\x27\x84\x1f\xe1\xf5\x3f\x0f\x8f\x7c\x3a\x80\x03\x7c\xcb\x36\xb4\x17\x6e\xbe\x9a\xe1\x11\xe8\x40\xd9\xaa\xeb\x99\xb6\xf2\x46\xea\xc6\x9a\x85\xa3\xb5\x2a\xff\x52\x0e\x11\x30\xdd\x72\x1b\xa2\x94\xe5\x5b\xcf\x3b\xdb\xba"..., iov_len=107}, {iov_base="\x6f\x90\x8a\xac\xf0\xcd\x92\x31\x69\xf3\x7d\xc7\x3a\x11\xe2\x5b\x26\x19\xc4\xd9\x1a\x04\xf2\x63\xb3\xae\xa7\xf4\xfd\x5f\x01\xe6\x24\x96\xe4\x4b\x83\x1e\xdd\x5d\x30\x8a\x6c\x79\xe7\xc4\x59\x94\x23\x86\x48\x8a\xd9\x3a\xe3\x73\x40\x83\x57\xbd\x80\x46\xdf\x53\x40\x7d\x3d\x76\x32\x45\x45\x98\x58\x72\x63\x6d\x29\xbb\xf1\x30\xa5\xff\x4b\x4a\x57\x85\x84\xc8\x24\x5c\x5a\x12\x7c\xb3\x6c\x64\x5b\xb3\x4c\x74"..., iov_len=176}, {iov_base="\xd3\x25\xd5\x12\x13\x6e\xfa\xc1\x9c\x33\x47\x09\xcf\x13\xf9\xa9\xac\x3d\x2d\x36\x20\x64\x0a\x56\xdf\x58\xa5\x62\xea\x3d\x18\x2f\xfa\x18\xdc\x34\x7b\xdd\x8f\xcb\x18\xbb\x6f\x22\x3b\x6f\xe0\xc6\x40\xbf\x1b\xd8\xa3\x55\xb0\x41\xab\xa3\x3b\x90\x0c\x45\x25\xff\x33\xe2\x0e\x34\x9f\xd2\xba\x0b\x3e\x61\x10\xfe\x0e\x4e\x57\x8b\x0b\x20\x65\xd2\x91\x95\x3e\x5c\x09\x2a\x9f\x20\x6e\x04\xe8\xe8\x2b\x1a\xc7\x1b"..., iov_len=574}], 5 [pid 338] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 331] futex(0x7f02be8c47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 342] <... writev resumed>) = 1099 [pid 338] <... open resumed>) = 4 [pid 334] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7f02be7eb9e0, 24) = 0 [pid 342] futex(0x7f02be8c47bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] <... futex resumed>) = 1 [pid 334] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = 0 [pid 342] futex(0x7f02be8c47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 338] ftruncate(4, 33587199 [pid 334] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... ftruncate resumed>) = -1 EINVAL (Invalid argument) [pid 338] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 338] futex(0x7f02be8c47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] futex(0x7f02be8c47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] <... futex resumed>) = 0 [pid 338] sendfile(3, 4, NULL, 281474978811909 [pid 334] futex(0x7f02be8c47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02b63cb000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 343] munmap(0x7f02b63cb000, 524288) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [ 27.481615][ T319] EXT4-fs error (device loop3): __ext4_get_inode_loc:4492: comm syz-executor160: Invalid inode table block 5 in block_group 0 [ 27.499434][ T312] ------------[ cut here ]------------ [ 27.504717][ T312] kernel BUG at fs/ext4/ext4.h:3331! [ 27.539833][ T312] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.545743][ T312] CPU: 1 PID: 312 Comm: syz-executor160 Not tainted 6.1.25-syzkaller-00226-g7d346b229c78 #0 [ 27.555632][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 27.565533][ T312] RIP: 0010:ext4_mb_load_buddy_gfp+0xef8/0xf10 [pid 338] <... sendfile resumed>) = 524288 [pid 338] futex(0x7f02be8c47ac, FUTEX_WAKE_PRIVATE, 1000000