./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3039671142 <...> [ 11.067557][ T24] audit: type=1400 audit(1686429072.459:62): avc: denied { noatsecure } for pid=217 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.070442][ T24] audit: type=1400 audit(1686429072.459:63): avc: denied { write } for pid=217 comm="sh" path="pipe:[222]" dev="pipefs" ino=222 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.073746][ T24] audit: type=1400 audit(1686429072.459:64): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.076317][ T24] audit: type=1400 audit(1686429072.459:65): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.206' (ECDSA) to the list of known hosts. execve("./syz-executor3039671142", ["./syz-executor3039671142"], 0x7ffeeb493380 /* 10 vars */) = 0 brk(NULL) = 0x555555d07000 brk(0x555555d07c40) = 0x555555d07c40 arch_prctl(ARCH_SET_FS, 0x555555d07300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555d075d0) = 286 set_robust_list(0x555555d075e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7ffa6cc15560, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7ffa6cc15c30}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7ffa6cc15600, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ffa6cc15c30}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3039671142", 4096) = 28 brk(0x555555d28c40) = 0x555555d28c40 brk(0x555555d29000) = 0x555555d29000 mprotect(0x7ffa6ccd7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 287 attached , child_tidptr=0x555555d075d0) = 287 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] set_robust_list(0x555555d075e0, 24./strace-static-x86_64: Process 288 attached ) = 0 [pid 286] <... clone resumed>, child_tidptr=0x555555d075d0) = 288 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d075d0) = 289 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] set_robust_list(0x555555d075e0, 24 [pid 287] getpid(./strace-static-x86_64: Process 290 attached [pid 286] <... clone resumed>, child_tidptr=0x555555d075d0) = 290 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... set_robust_list resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x555555d075d0) = 291 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... getpid resumed>) = 287 [pid 290] set_robust_list(0x555555d075e0, 24 [pid 288] getpid( [pid 286] <... clone resumed>, child_tidptr=0x555555d075d0) = 292 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555555d075e0, 24) = 0 [pid 292] getpid() = 292 [pid 292] mkdir("./syzkaller.dNl0zh", 0700 [pid 287] mkdir("./syzkaller.xfnQZT", 0700 [pid 288] <... getpid resumed>) = 288 [pid 290] <... set_robust_list resumed>) = 0 [pid 288] mkdir("./syzkaller.ybgOZY", 0700 [pid 290] getpid( [pid 292] <... mkdir resumed>) = 0 [pid 292] chmod("./syzkaller.dNl0zh", 0777) = 0 [pid 292] chdir("./syzkaller.dNl0zh") = 0 [pid 292] mkdir("./0", 0777./strace-static-x86_64: Process 291 attached ) = 0 [pid 291] set_robust_list(0x555555d075e0, 24) = 0 [pid 291] getpid( [pid 287] <... mkdir resumed>) = 0 [pid 291] <... getpid resumed>) = 291 [pid 291] mkdir("./syzkaller.YYdTHe", 0700 [pid 288] <... mkdir resumed>) = 0 [pid 287] chmod("./syzkaller.xfnQZT", 0777 [pid 292] openat(AT_FDCWD, "/dev/loop5", O_RDWR./strace-static-x86_64: Process 289 attached ) = 3 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... getpid resumed>) = 290 [pid 288] chmod("./syzkaller.ybgOZY", 0777 [pid 287] <... chmod resumed>) = 0 [pid 288] <... chmod resumed>) = 0 [pid 287] chdir("./syzkaller.xfnQZT" [pid 288] chdir("./syzkaller.ybgOZY" [pid 287] <... chdir resumed>) = 0 [pid 288] <... chdir resumed>) = 0 [pid 287] mkdir("./0", 0777 [pid 288] mkdir("./0", 0777 [pid 287] <... mkdir resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 288] close(3 [pid 287] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] mkdir("./syzkaller.RlNUE6", 0700 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... mkdir resumed>) = 0 [pid 287] <... clone resumed>, child_tidptr=0x555555d075d0) = 294 [pid 288] <... clone resumed>, child_tidptr=0x555555d075d0) = 295 [pid 290] chmod("./syzkaller.RlNUE6", 0777) = 0 [pid 290] chdir("./syzkaller.RlNUE6") = 0 [pid 290] mkdir("./0", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d075d0) = 296 ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555555d075e0, 24./strace-static-x86_64: Process 296 attached [pid 295] set_robust_list(0x555555d075e0, 24 [pid 294] <... set_robust_list resumed>) = 0 [pid 292] ioctl(3, LOOP_CLR_FD [pid 291] chmod("./syzkaller.YYdTHe", 0777 [pid 289] set_robust_list(0x555555d075e0, 24 [pid 296] set_robust_list(0x555555d075e0, 24) = 0 [pid 294] chdir("./0" [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... chmod resumed>) = 0 [pid 289] <... set_robust_list resumed>) = 0 [pid 294] <... chdir resumed>) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] close(3 [pid 291] chdir("./syzkaller.YYdTHe" [pid 289] getpid( [pid 294] setpgid(0, 0 [pid 292] <... close resumed>) = 0 [pid 291] <... chdir resumed>) = 0 [pid 289] <... getpid resumed>) = 289 [pid 294] <... setpgid resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] mkdir("./0", 0777 [pid 289] mkdir("./syzkaller.LOdOr3", 0700 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] <... mkdir resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... openat resumed>) = 3 [pid 291] <... mkdir resumed>) = 0 [pid 294] write(3, "1000", 4 [pid 295] chdir("./0" [pid 294] <... write resumed>) = 4 [pid 291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] chmod("./syzkaller.LOdOr3", 0777 [pid 294] close(3 [pid 292] <... clone resumed>, child_tidptr=0x555555d075d0) = 297 [pid 291] <... openat resumed>) = 3 [pid 294] <... close resumed>) = 0 [pid 291] ioctl(3, LOOP_CLR_FD [pid 289] <... chmod resumed>) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs" [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] chdir("./syzkaller.LOdOr3" [pid 295] <... chdir resumed>) = 0 [pid 289] <... chdir resumed>) = 0 [pid 294] <... symlink resumed>) = 0 [pid 291] close(3 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] mkdir("./0", 0777 [pid 291] <... close resumed>) = 0 [pid 295] <... prctl resumed>) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 294] <... futex resumed>) = 0 [pid 295] close(3 [pid 294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... mkdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 294] <... mmap resumed>) = 0x7ffa6cbe4000 [pid 296] chdir("./0" [pid 295] symlink("/dev/binderfs", "./binderfs" [pid 296] <... chdir resumed>) = 0 [pid 295] <... symlink resumed>) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 291] <... clone resumed>, child_tidptr=0x555555d075d0) = 298 [pid 289] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... prctl resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 294] <... mprotect resumed>) = 0 [pid 289] <... openat resumed>) = 3 ./strace-static-x86_64: Process 297 attached [pid 296] setpgid(0, 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 289] ioctl(3, LOOP_CLR_FD [pid 297] set_robust_list(0x555555d075e0, 24 [pid 296] <... setpgid resumed>) = 0 [pid 295] <... mmap resumed>) = 0x7ffa6cbe4000 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... set_robust_list resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 294] <... clone resumed>, parent_tid=[299], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 299 [pid 289] close(3 [pid 297] chdir("./0" [pid 296] <... openat resumed>) = 3 [pid 295] <... mprotect resumed>) = 0 [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... close resumed>) = 0 [pid 297] <... chdir resumed>) = 0 [pid 296] write(3, "1000", 4 [pid 295] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 294] <... futex resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... write resumed>) = 4 [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 299 attached [pid 297] <... prctl resumed>) = 0 [pid 296] close(3 [pid 295] <... clone resumed>, parent_tid=[300], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 300 [pid 299] set_robust_list(0x7ffa6cc049e0, 24 [pid 297] setpgid(0, 0 [pid 296] <... close resumed>) = 0 [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... clone resumed>, child_tidptr=0x555555d075d0) = 301 [pid 299] <... set_robust_list resumed>) = 0 [pid 297] <... setpgid resumed>) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 295] <... futex resumed>) = 0 ./strace-static-x86_64: Process 298 attached [pid 299] memfd_create("syzkaller", 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... symlink resumed>) = 0 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] <... memfd_create resumed>) = 3 [pid 298] set_robust_list(0x555555d075e0, 24 [pid 297] <... openat resumed>) = 3 [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... set_robust_list resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 298] chdir("./0" [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... chdir resumed>) = 0 [pid 296] <... mmap resumed>) = 0x7ffa6cbe4000 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 298] <... prctl resumed>) = 0 [pid 296] <... mprotect resumed>) = 0 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] setpgid(0, 0 [pid 297] write(3, "1000", 4 [pid 296] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 299] <... mmap resumed>) = 0x7ffa647e4000 [pid 298] <... setpgid resumed>) = 0 [pid 297] <... write resumed>) = 4 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] close(3 [pid 296] <... clone resumed>, parent_tid=[302], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 302 ./strace-static-x86_64: Process 300 attached [pid 298] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] set_robust_list(0x7ffa6cc049e0, 24 [pid 298] write(3, "1000", 4 [pid 297] symlink("/dev/binderfs", "./binderfs" [pid 296] <... futex resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 298] <... write resumed>) = 4 [pid 297] <... symlink resumed>) = 0 [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 300] memfd_create("syzkaller", 0 [pid 298] close(3 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ffa6cbe4000 [pid 300] <... memfd_create resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 297] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] symlink("/dev/binderfs", "./binderfs" [pid 300] <... mmap resumed>) = 0x7ffa647e4000 [pid 298] <... symlink resumed>) = 0 [pid 297] <... mprotect resumed>) = 0 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 298] <... futex resumed>) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 301 attached ) = 0x7ffa6cbe4000 [pid 298] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 297] <... clone resumed>, parent_tid=[303], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 303 ./strace-static-x86_64: Process 302 attached [pid 301] set_robust_list(0x555555d075e0, 24 [pid 298] <... mprotect resumed>) = 0 [pid 302] set_robust_list(0x7ffa6cc049e0, 24 [pid 298] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 302] <... set_robust_list resumed>) = 0 [pid 302] memfd_create("syzkaller", 0 [pid 298] <... clone resumed>, parent_tid=[304], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 304 [pid 302] <... memfd_create resumed>) = 3 [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... mmap resumed>) = 0x7ffa647e4000 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 301] chdir("./0" [pid 299] <... write resumed>) = 1048576 [pid 303] set_robust_list(0x7ffa6cc049e0, 24 [pid 301] <... chdir resumed>) = 0 [pid 299] munmap(0x7ffa647e4000, 1048576 [pid 303] <... set_robust_list resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... munmap resumed>) = 0 [pid 303] memfd_create("syzkaller", 0 [pid 301] <... prctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 303] <... memfd_create resumed>) = 3 [pid 301] setpgid(0, 0 [pid 299] <... openat resumed>) = 4 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... setpgid resumed>) = 0 [pid 303] <... mmap resumed>) = 0x7ffa647e4000 [ 19.520462][ T24] audit: type=1400 audit(1686429080.909:66): avc: denied { execmem } for pid=286 comm="syz-executor303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.528927][ T24] audit: type=1400 audit(1686429080.919:67): avc: denied { read write } for pid=292 comm="syz-executor303" name="loop5" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.532546][ T24] audit: type=1400 audit(1686429080.919:68): avc: denied { open } for pid=292 comm="syz-executor303" path="/dev/loop5" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.536445][ T24] audit: type=1400 audit(1686429080.919:69): avc: denied { ioctl } for pid=287 comm="syz-executor303" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3./strace-static-x86_64: Process 304 attached ) = 0 [pid 304] set_robust_list(0x7ffa6cc049e0, 24 [pid 301] symlink("/dev/binderfs", "./binderfs" [pid 304] <... set_robust_list resumed>) = 0 [pid 301] <... symlink resumed>) = 0 [pid 304] memfd_create("syzkaller", 0 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... memfd_create resumed>) = 3 [pid 301] <... futex resumed>) = 0 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] <... mmap resumed>) = 0x7ffa647e4000 [pid 301] <... mmap resumed>) = 0x7ffa6cbe4000 [pid 299] ioctl(4, LOOP_SET_FD, 3 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 301] mprotect(0x7ffa6cbe5000, 131072, PROT_READ|PROT_WRITE [pid 300] <... write resumed>) = 1048576 [pid 301] <... mprotect resumed>) = 0 [pid 300] munmap(0x7ffa647e4000, 1048576 [pid 301] clone(child_stack=0x7ffa6cc043f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 300] <... munmap resumed>) = 0 [pid 301] <... clone resumed>, parent_tid=[306], tls=0x7ffa6cc04700, child_tidptr=0x7ffa6cc049d0) = 306 [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7ffa6cc049e0, 24) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 303] <... write resumed>) = 1048576 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffa647e4000 [pid 303] munmap(0x7ffa647e4000, 1048576) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 302] <... write resumed>) = 1048576 [pid 299] <... ioctl resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3 [pid 299] close(3 [pid 302] munmap(0x7ffa647e4000, 1048576 [pid 299] <... close resumed>) = 0 [pid 299] mkdir("./file0", 0777 [pid 302] <... munmap resumed>) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] <... mkdir resumed>) = 0 [pid 299] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 304] <... write resumed>) = 1048576 [pid 304] munmap(0x7ffa647e4000, 1048576) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 306] <... write resumed>) = 1048576 [pid 306] munmap(0x7ffa647e4000, 1048576) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] <... ioctl resumed>) = 0 [pid 300] close(3) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 303] <... openat resumed>) = 4 [pid 302] <... openat resumed>) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3 [pid 302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 302] close(3) = 0 [pid 302] mkdir("./file0", 0777 [pid 304] <... openat resumed>) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... mkdir resumed>) = 0 [pid 302] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 306] <... openat resumed>) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... ioctl resumed>) = 0 [pid 303] close(3) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 306] <... ioctl resumed>) = 0 [pid 306] close(3) = 0 [pid 306] mkdir("./file0", 0777) = 0 [ 19.598341][ T24] audit: type=1400 audit(1686429080.989:70): avc: denied { mounton } for pid=294 comm="syz-executor303" path="/root/syzkaller.xfnQZT/0/file0" dev="sda1" ino=1945 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 19.650054][ T300] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 19.650518][ T304] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 19.662857][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 19.667450][ T24] audit: type=1400 audit(1686429081.049:71): avc: denied { mount } for pid=295 comm="syz-executor303" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 306] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 303] <... mount resumed>) = 0 [pid 300] <... mount resumed>) = 0 [pid 299] <... mount resumed>) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 300] chdir("./file0" [pid 299] chdir("./file0" [pid 300] <... chdir resumed>) = 0 [pid 299] <... chdir resumed>) = 0 [pid 300] ioctl(4, LOOP_CLR_FD [pid 299] ioctl(4, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = 0 [pid 299] <... ioctl resumed>) = 0 [pid 300] close(4 [pid 299] close(4 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 300] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 1 [pid 295] <... futex resumed>) = 0 [pid 300] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 299] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... open resumed>) = 4 [pid 295] <... futex resumed>) = 0 [pid 300] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... mount resumed>) = 0 [pid 300] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... open resumed>) = 5 [pid 295] <... futex resumed>) = 0 [pid 300] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] ftruncate(5, 33587195 [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ftruncate resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 300] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] sendfile(4, 5, NULL, 4 [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... sendfile resumed>) = 4 [pid 295] <... futex resumed>) = 0 [pid 300] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 295] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 302] <... mount resumed>) = 0 [pid 299] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 1 [pid 306] <... mount resumed>) = 0 [pid 299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 295] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... open resumed>) = 4 [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file0") = 0 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... openat resumed>) = 3 [pid 302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 306] <... openat resumed>) = 3 [pid 304] chdir("./file0" [pid 302] <... openat resumed>) = 3 [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] chdir("./file0" [pid 304] <... chdir resumed>) = 0 [pid 302] chdir("./file0" [pid 297] <... futex resumed>) = 1 [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... chdir resumed>) = 0 [pid 304] ioctl(4, LOOP_CLR_FD [pid 302] <... chdir resumed>) = 0 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 306] ioctl(4, LOOP_CLR_FD [pid 304] <... ioctl resumed>) = 0 [pid 302] ioctl(4, LOOP_CLR_FD [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... ioctl resumed>) = 0 [pid 304] close(4 [pid 302] <... ioctl resumed>) = 0 [pid 306] close(4 [pid 304] <... close resumed>) = 0 [pid 302] close(4 [pid 303] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 0 [pid 303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 303] <... open resumed>) = 4 [pid 299] <... open resumed>) = 5 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 1 [pid 303] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 19.676792][ T303] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 19.698402][ T302] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 19.716264][ T306] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 19.725525][ T24] audit: type=1400 audit(1686429081.099:72): avc: denied { write } for pid=295 comm="syz-executor303" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 299] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] <... close resumed>) = 0 [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... close resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 1 [pid 302] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 1 [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 1 [pid 306] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... open resumed>) = 4 [pid 303] <... futex resumed>) = 0 [pid 302] <... open resumed>) = 4 [pid 299] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 302] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] ftruncate(5, 33587195 [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 1 [pid 303] <... open resumed>) = 5 [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 299] <... ftruncate resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 306] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 304] <... futex resumed>) = 0 [pid 302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... open resumed>) = 5 [pid 304] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 302] <... open resumed>) = 5 [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... open resumed>) = 4 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] <... futex resumed>) = 0 [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... futex resumed>) = 0 [pid 302] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] ftruncate(5, 33587195 [pid 302] ftruncate(5, 33587195 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... ftruncate resumed>) = 0 [pid 302] <... ftruncate resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 1 [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] sendfile(4, 5, NULL, 4 [pid 302] sendfile(4, 5, NULL, 4 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... sendfile resumed>) = 4 [pid 302] <... sendfile resumed>) = 4 [pid 306] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 1 [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 306] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 302] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 301] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 1 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 295] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 0 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] ftruncate(5, 33587195 [pid 299] sendfile(4, 5, NULL, 4 [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 303] <... ftruncate resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... sendfile resumed>) = 4 [pid 298] <... futex resumed>) = 1 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] <... futex resumed>) = 1 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 295] <... mmap resumed>) = 0x7ffa648c3000 [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 303] sendfile(4, 5, NULL, 4 [pid 299] <... futex resumed>) = 1 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... sendfile resumed>) = 4 [pid 299] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mprotect resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 295] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 304] ftruncate(5, 33587195 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... ftruncate resumed>) = 0 [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] <... futex resumed>) = 1 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 303] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... clone resumed>, parent_tid=[328], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 328 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 295] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [ 19.752848][ T24] audit: type=1400 audit(1686429081.099:73): avc: denied { add_name } for pid=295 comm="syz-executor303" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 303] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 298] <... futex resumed>) = 1 [pid 297] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = 0 ./strace-static-x86_64: Process 328 attached [pid 304] sendfile(4, 5, NULL, 4 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] set_robust_list(0x7ffa648e39e0, 24 [pid 304] <... sendfile resumed>) = 4 [pid 328] <... set_robust_list resumed>) = 0 [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] madvise(0x20000000, 6291467, MADV_REMOVE [pid 304] <... futex resumed>) = 1 [pid 298] <... futex resumed>) = 0 [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7ffa6ccdd7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... futex resumed>) = 0 [pid 304] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 298] futex(0x7ffa6ccdd7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 294] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... mmap resumed>) = 0x7ffa648c3000 [pid 294] <... mmap resumed>) = 0x7ffa648c3000 [pid 301] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 294] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 301] <... mprotect resumed>) = 0 [pid 301] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[329], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 329 [pid 301] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7ffa648e39e0, 24) = 0 [ 19.816524][ T328] EXT4-fs error (device loop1): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 329] madvise(0x20000000, 6291467, MADV_REMOVE [pid 298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 294] <... mprotect resumed>) = 0 [pid 298] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] <... clone resumed>, parent_tid=[330], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 330 [pid 298] <... mmap resumed>) = 0x7ffa648c3000 [pid 297] <... mmap resumed>) = 0x7ffa648c3000 [pid 295] <... mmap resumed>) = 0x7ffa648a2000 [pid 294] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 297] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 295] mprotect(0x7ffa648a3000, 131072, PROT_READ|PROT_WRITE [pid 294] <... futex resumed>) = 0 [pid 298] <... mprotect resumed>) = 0 [pid 297] <... mprotect resumed>) = 0 [pid 295] <... mprotect resumed>) = 0 [pid 294] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 297] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 295] clone(child_stack=0x7ffa648c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 298] <... clone resumed>, parent_tid=[331], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 331 [pid 297] <... clone resumed>, parent_tid=[332], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 332 [pid 295] <... clone resumed>, parent_tid=[333], tls=0x7ffa648c2700, child_tidptr=0x7ffa648c29d0) = 333 [pid 298] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7ffa6ccdd7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 298] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] futex(0x7ffa6ccdd7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 328] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7ffa6ccdd7b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 330 attached ./strace-static-x86_64: Process 331 attached ./strace-static-x86_64: Process 332 attached ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7ffa648c29e0, 24 [pid 330] set_robust_list(0x7ffa648e39e0, 24 [pid 332] set_robust_list(0x7ffa648e39e0, 24 [pid 331] set_robust_list(0x7ffa648e39e0, 24 [pid 333] <... set_robust_list resumed>) = 0 [pid 332] <... set_robust_list resumed>) = 0 [pid 331] <... set_robust_list resumed>) = 0 [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 332] madvise(0x20000000, 6291467, MADV_REMOVE [pid 331] madvise(0x20000000, 6291467, MADV_REMOVE [pid 330] <... set_robust_list resumed>) = 0 [pid 328] <... futex resumed>) = ? [pid 295] <... futex resumed>) = ? [ 19.862666][ T329] EXT4-fs error (device loop2): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 330] madvise(0x20000000, 6291467, MADV_REMOVE [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 294] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 294] <... futex resumed>) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... mmap resumed>) = 0x7ffa648a2000 [pid 298] <... mmap resumed>) = 0x7ffa648a2000 [pid 297] <... mmap resumed>) = 0x7ffa648a2000 [pid 294] <... mmap resumed>) = 0x7ffa648a2000 [pid 301] mprotect(0x7ffa648a3000, 131072, PROT_READ|PROT_WRITE [pid 298] mprotect(0x7ffa648a3000, 131072, PROT_READ|PROT_WRITE [pid 297] mprotect(0x7ffa648a3000, 131072, PROT_READ|PROT_WRITE [pid 294] mprotect(0x7ffa648a3000, 131072, PROT_READ|PROT_WRITE [pid 301] <... mprotect resumed>) = 0 [pid 298] <... mprotect resumed>) = 0 [pid 297] <... mprotect resumed>) = 0 [pid 301] clone(child_stack=0x7ffa648c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 298] clone(child_stack=0x7ffa648c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 297] clone(child_stack=0x7ffa648c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 294] <... mprotect resumed>) = 0 [pid 294] clone(child_stack=0x7ffa648c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 301] <... clone resumed>, parent_tid=[334], tls=0x7ffa648c2700, child_tidptr=0x7ffa648c29d0) = 334 [pid 298] <... clone resumed>, parent_tid=[335], tls=0x7ffa648c2700, child_tidptr=0x7ffa648c29d0) = 335 [pid 297] <... clone resumed>, parent_tid=[336], tls=0x7ffa648c2700, child_tidptr=0x7ffa648c29d0) = 336 [pid 301] futex(0x7ffa6ccdd7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] futex(0x7ffa6ccdd7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7ffa6ccdd7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... clone resumed>, parent_tid=[337], tls=0x7ffa648c2700, child_tidptr=0x7ffa648c29d0) = 337 ./strace-static-x86_64: Process 337 attached ./strace-static-x86_64: Process 336 attached ./strace-static-x86_64: Process 335 attached ./strace-static-x86_64: Process 334 attached [pid 329] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 303] <... mmap resumed>) = 0x20000000 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 296] <... mmap resumed>) = 0x7ffa648c3000 [pid 294] futex(0x7ffa6ccdd7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7ffa6ccdd7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7ffa6ccdd7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7ffa6ccdd7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] mprotect(0x7ffa648c4000, 131072, PROT_READ|PROT_WRITE [pid 294] <... futex resumed>) = 0 [pid 296] <... mprotect resumed>) = 0 [pid 294] futex(0x7ffa6ccdd7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] clone(child_stack=0x7ffa648e33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[338], tls=0x7ffa648e3700, child_tidptr=0x7ffa648e39d0) = 338 [pid 296] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 19.909752][ T331] EXT4-fs error (device loop4): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 19.924610][ T332] EXT4-fs error (device loop5): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 19.944006][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 296] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] set_robust_list(0x7ffa648c29e0, 24 [pid 336] set_robust_list(0x7ffa648c29e0, 24 [pid 335] set_robust_list(0x7ffa648c29e0, 24 [pid 334] set_robust_list(0x7ffa648c29e0, 24 [pid 329] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... set_robust_list resumed>) = 0 [pid 336] <... set_robust_list resumed>) = 0 [pid 335] <... set_robust_list resumed>) = 0 [pid 334] <... set_robust_list resumed>) = 0 [pid 329] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 329] futex(0x7ffa6ccdd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] <... futex resumed>) = ? [pid 301] <... futex resumed>) = ? ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7ffa648e39e0, 24) = 0 [pid 338] madvise(0x20000000, 6291467, MADV_REMOVE [pid 300] <... mmap resumed>) = ? [pid 306] <... mmap resumed>) = ? [pid 306] +++ killed by SIGBUS +++ [pid 329] +++ killed by SIGBUS +++ [pid 332] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 331] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 332] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 0 [pid 332] futex(0x7ffa6ccdd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7ffa6ccdd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 337] openat(AT_FDCWD, 0x20000000, O_RDONLY [pid 336] openat(AT_FDCWD, 0x20000000, O_RDONLY [pid 335] openat(AT_FDCWD, 0x20000000, O_RDONLY [pid 330] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7ffa6ccdd7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... madvise resumed>) = -1 ENOSPC (No space left on device) [pid 338] futex(0x7ffa6ccdd7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7ffa6ccdd7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7ffa6ccdd7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 1 [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000000} --- [pid 296] <... futex resumed>) = ? [ 19.962394][ T24] audit: type=1400 audit(1686429081.099:74): avc: denied { create } for pid=295 comm="syz-executor303" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 19.985673][ T338] EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 337] <... openat resumed>) = 6 [pid 336] <... openat resumed>) = 6 [pid 335] <... openat resumed>) = 6 [pid 334] +++ killed by SIGBUS +++ [pid 304] <... mmap resumed>) = 0x20000000 [pid 302] <... mmap resumed>) = ? [pid 301] +++ killed by SIGBUS +++ [pid 299] <... mmap resumed>) = 0x20000000 [pid 337] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7ffa6ccdd7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 1 [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 1 [pid 337] futex(0x7ffa6ccdd7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] futex(0x7ffa6ccdd7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7ffa6ccdd7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7ffa6ccdd7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7ffa6ccdd7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 289] getdents64(3, 0x555555d08620 /* 4 entries */, 32768) = 112 [pid 289] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 289] unlink("./0/binderfs") = 0 [pid 289] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... futex resumed>) = 0 [pid 298] exit_group(0 [pid 335] <... futex resumed>) = ? [pid 298] <... exit_group resumed>) = ? [pid 335] +++ exited with 0 +++ [pid 304] <... futex resumed>) = ? [pid 304] +++ exited with 0 +++ [pid 297] <... futex resumed>) = 0 [pid 297] exit_group(0 [pid 336] <... futex resumed>) = ? [pid 303] <... futex resumed>) = ? [pid 297] <... exit_group resumed>) = ? [pid 336] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [pid 294] <... futex resumed>) = 0 [pid 294] exit_group(0 [pid 337] <... futex resumed>) = ? [pid 294] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 299] <... futex resumed>) = ? [pid 299] +++ exited with 0 +++ [pid 302] +++ killed by SIGBUS +++ [pid 332] <... futex resumed>) = ? [pid 331] <... futex resumed>) = ? [pid 328] +++ killed by SIGBUS +++ [pid 300] +++ killed by SIGBUS +++ [pid 330] <... futex resumed>) = ? [pid 333] +++ killed by SIGBUS +++ [pid 295] +++ killed by SIGBUS +++ [pid 332] +++ exited with 0 +++ [pid 297] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=295, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=8} --- [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 292] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] fstat(3, [pid 288] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 288] <... openat resumed>) = 3 [pid 292] getdents64(3, [pid 288] fstat(3, [pid 292] <... getdents64 resumed>0x555555d08620 /* 4 entries */, 32768) = 112 [pid 288] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 292] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... getdents64 resumed>0x555555d08620 /* 4 entries */, 32768) = 112 [pid 292] lstat("./0/binderfs", [pid 288] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 292] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] unlink("./0/binderfs" [pid 288] lstat("./0/binderfs", [pid 292] <... unlink resumed>) = 0 [pid 288] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 292] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 288] unlink("./0/binderfs" [pid 331] +++ exited with 0 +++ [pid 330] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ [pid 338] +++ killed by SIGBUS +++ [pid 296] +++ killed by SIGBUS +++ [pid 294] +++ exited with 0 +++ [pid 288] <... unlink resumed>) = 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=11} --- [pid 288] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 291] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 290] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 287] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 291] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 291] fstat(3, [pid 290] fstat(3, [pid 287] fstat(3, [pid 291] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 290] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 287] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 291] getdents64(3, [pid 290] getdents64(3, [pid 287] getdents64(3, [pid 291] <... getdents64 resumed>0x555555d08620 /* 4 entries */, 32768) = 112 [pid 290] <... getdents64 resumed>0x555555d08620 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x555555d08620 /* 4 entries */, 32768) = 112 [pid 291] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 290] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 287] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] lstat("./0/binderfs", [pid 290] lstat("./0/binderfs", [pid 287] lstat("./0/binderfs", [pid 291] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 290] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 287] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 291] unlink("./0/binderfs" [pid 290] unlink("./0/binderfs" [pid 287] unlink("./0/binderfs" [pid 291] <... unlink resumed>) = 0 [pid 290] <... unlink resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 291] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 290] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 20.007927][ T24] audit: type=1400 audit(1686429081.099:75): avc: denied { read write open } for pid=295 comm="syz-executor303" path="/root/syzkaller.ybgOZY/0/file0/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.051761][ T7] ------------[ cut here ]------------ [ 20.063276][ T48] ------------[ cut here ]------------ [ 20.063722][ T7] kernel BUG at fs/ext4/inode.c:2776! [ 20.073011][ T48] kernel BUG at fs/ext4/inode.c:2776! [ 20.073850][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 20.085487][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.178-syzkaller-00127-g43c801dc3325 #0 [ 20.095106][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 20.105187][ T7] Workqueue: writeback wb_workfn (flush-7:5) [ 20.110989][ T7] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 20.116550][ T7] Code: 03 8d ff 31 ff 89 de e8 8f 03 8d ff 45 84 f6 75 27 e8 f5 00 8d ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 e1 00 8d ff <0f> 0b e8 da 00 8d ff e8 91 0c 23 ff eb 9b e8 ce 00 8d ff e8 85 0c [ 20.135982][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 20.141885][ T7] RAX: ffffffff81dd723f RBX: 0000008000000000 RCX: ffff88810024cf00 [ 20.149782][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 20.157593][ T7] RBP: ffffc90000077490 R08: ffffffff81dd3cb3 R09: ffffed10238abe12 [ 20.165405][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 20.173217][ T7] R13: ffffc900000777d0 R14: 000000c410000000 R15: ffffc90000077360 [ 20.181031][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.190142][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.196563][ T7] CR2: 0000555555d10628 CR3: 000000011e6d6000 CR4: 00000000003506b0 [ 20.204394][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.212188][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.219998][ T7] Call Trace: [ 20.223135][ T7] ? __kasan_check_read+0x11/0x20 [ 20.227984][ T7] ? mark_page_accessed+0x4f8/0x900 [ 20.233029][ T7] ? __find_get_block+0xdce/0x1320 [ 20.237966][ T7] ? write_boundary_block+0x150/0x150 [ 20.243177][ T7] ? update_irq_load_avg+0x10b/0x370 [ 20.248304][ T7] ? ext4_readpage+0x230/0x230 [ 20.252892][ T7] ? __getblk_gfp+0x3d/0x7e0 [ 20.257326][ T7] ? ext4_get_group_desc+0x260/0x2b0 [ 20.262444][ T7] ? voluntary_active_balance+0x4c0/0x4c0 [ 20.267996][ T7] ? ext4_readpage+0x230/0x230 [ 20.272767][ T7] do_writepages+0x12e/0x270 [ 20.277196][ T7] ? __writepage+0x130/0x130 [ 20.281882][ T7] ? __kasan_check_write+0x14/0x20 [ 20.286841][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 20.291429][ T7] __writeback_single_inode+0xd7/0xac0 [ 20.296727][ T7] writeback_sb_inodes+0x99c/0x16b0 [ 20.301765][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 20.306358][ T7] ? queue_io+0x520/0x520 [ 20.310625][ T7] ? writeback_sb_inodes+0x16b0/0x16b0 [ 20.315907][ T7] ? queue_io+0x3d3/0x520 [ 20.320070][ T7] wb_writeback+0x404/0xc60 [ 20.324415][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 20.329878][ T7] ? set_worker_desc+0x158/0x1c0 [ 20.334653][ T7] ? update_load_avg+0x541/0x1690 [ 20.339513][ T7] ? __kasan_check_write+0x14/0x20 [ 20.344462][ T7] wb_workfn+0x3d9/0x1110 [ 20.348629][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 20.354202][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 20.359312][ T7] ? finish_task_switch+0x130/0x5a0 [ 20.364342][ T7] ? switch_mm_irqs_off+0x6ef/0x940 [ 20.369371][ T7] ? __switch_to_asm+0x34/0x60 [ 20.373971][ T7] ? __kasan_check_read+0x11/0x20 [ 20.378838][ T7] ? read_word_at_a_time+0x12/0x20 [ 20.383777][ T7] ? strscpy+0x9c/0x260 [ 20.387769][ T7] process_one_work+0x6dc/0xbd0 [ 20.392457][ T7] worker_thread+0xaea/0x1510 [ 20.396973][ T7] kthread+0x34b/0x3d0 [ 20.400962][ T7] ? worker_clr_flags+0x180/0x180 [ 20.405824][ T7] ? kthread_blkcg+0xd0/0xd0 [ 20.410253][ T7] ret_from_fork+0x1f/0x30 [ 20.414499][ T7] Modules linked in: [ 20.418284][ T48] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 20.419001][ T7] ---[ end trace f265b76698a4794e ]--- [ 20.424943][ T48] CPU: 1 PID: 48 Comm: kworker/u4:2 Tainted: G D 5.10.178-syzkaller-00127-g43c801dc3325 #0 [ 20.430242][ T7] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 20.441322][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 20.441334][ T48] Workqueue: writeback wb_workfn (flush-7:4) [ 20.446888][ T7] Code: 03 8d ff 31 ff 89 de e8 8f 03 8d ff 45 84 f6 75 27 e8 f5 00 8d ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 e1 00 8d ff <0f> 0b e8 da 00 8d ff e8 91 0c 23 ff eb 9b e8 ce 00 8d ff e8 85 0c [ 20.456855][ T48] [ 20.456867][ T48] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 20.456881][ T48] Code: 03 8d ff 31 ff 89 de e8 8f 03 8d ff 45 84 f6 75 27 e8 f5 00 8d ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 e1 00 8d ff <0f> 0b e8 da 00 8d ff e8 91 0c 23 ff eb 9b e8 ce 00 8d ff e8 85 0c [ 20.462679][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 20.482114][ T48] RSP: 0018:ffffc900009d70a0 EFLAGS: 00010293 [ 20.482124][ T48] RAX: ffffffff81dd723f RBX: 0000008000000000 RCX: ffff888101babb40 [ 20.482135][ T48] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 20.484283][ T7] [ 20.489841][ T48] RBP: ffffc900009d7490 R08: ffffffff81dd3cb3 R09: ffffed10238aa242 [ 20.489846][ T48] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 20.489859][ T48] R13: ffffc900009d77d0 R14: 000000c410000000 R15: ffffc900009d7360 [ 20.509470][ T7] RAX: ffffffff81dd723f RBX: 0000008000000000 RCX: ffff88810024cf00 [ 20.515371][ T48] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.515384][ T48] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.521266][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 20.529068][ T48] CR2: 0000000020000000 CR3: 000000011eb58000 CR4: 00000000003506a0 [ 20.529076][ T48] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.529087][ T48] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.536894][ T7] RBP: ffffc90000077490 R08: ffffffff81dd3cb3 R09: ffffed10238abe12 [ 20.539053][ T48] Call Trace: [ 20.546970][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 20.554784][ T48] ? __kasan_check_write+0x14/0x20 [ 20.562592][ T7] R13: ffffc900000777d0 R14: 000000c410000000 R15: ffffc90000077360 [ 20.570401][ T48] ? _raw_spin_lock+0xa4/0x1b0 [ 20.570416][ T48] ? _raw_spin_trylock_bh+0x190/0x190 [ 20.579175][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.585589][ T48] ? pagecache_get_page+0x86c/0x950 [ 20.585603][ T48] ? __kasan_check_write+0x14/0x20 [ 20.593581][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.601476][ T48] ? __find_get_block+0xfbe/0x1320 [ 20.601491][ T48] ? write_boundary_block+0x150/0x150 [ 20.609294][ T7] CR2: 0000555555d10628 CR3: 000000011ed00000 CR4: 00000000003506b0 [ 20.617100][ T48] ? unwind_next_frame+0x3cb/0x700 [ 20.617115][ T48] ? stack_trace_save+0x1c0/0x1c0 [ 20.624911][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.628037][ T48] ? ext4_readpage+0x230/0x230 [ 20.628052][ T48] ? __getblk_gfp+0x3d/0x7e0 [ 20.635852][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.640809][ T48] ? ext4_get_group_desc+0x260/0x2b0 [ 20.649133][ T7] Kernel panic - not syncing: Fatal exception [ 20.653735][ T48] ? __ext4_get_inode_loc+0x5af/0xbf0 [ 20.755833][ T48] ? voluntary_active_balance+0x4c0/0x4c0 [ 20.761376][ T48] ? ext4_readpage+0x230/0x230 [ 20.765976][ T48] do_writepages+0x12e/0x270 [ 20.770402][ T48] ? __writepage+0x130/0x130 [ 20.774827][ T48] ? __kasan_check_write+0x14/0x20 [ 20.779778][ T48] ? _raw_spin_lock+0xa4/0x1b0 [ 20.784380][ T48] __writeback_single_inode+0xd7/0xac0 [ 20.789668][ T48] writeback_sb_inodes+0x99c/0x16b0 [ 20.794706][ T48] ? _raw_spin_lock+0xa4/0x1b0 [ 20.799309][ T48] ? queue_io+0x520/0x520 [ 20.803566][ T48] ? writeback_sb_inodes+0x16b0/0x16b0 [ 20.808864][ T48] ? queue_io+0x3d3/0x520 [ 20.813027][ T48] wb_writeback+0x404/0xc60 [ 20.817376][ T48] ? wb_io_lists_depopulated+0x180/0x180 [ 20.822836][ T48] ? set_worker_desc+0x158/0x1c0 [ 20.827608][ T48] ? update_load_avg+0x541/0x1690 [ 20.832478][ T48] ? __kasan_check_write+0x14/0x20 [ 20.837417][ T48] wb_workfn+0x3d9/0x1110 [ 20.841587][ T48] ? inode_wait_for_writeback+0x280/0x280 [ 20.847224][ T48] ? _raw_spin_unlock_irq+0x4e/0x70 [ 20.852266][ T48] ? finish_task_switch+0x130/0x5a0 [ 20.857290][ T48] ? switch_mm_irqs_off+0x310/0x940 [ 20.862328][ T48] ? __switch_to_asm+0x34/0x60 [ 20.866927][ T48] ? __kasan_check_read+0x11/0x20 [ 20.871787][ T48] ? read_word_at_a_time+0x12/0x20 [ 20.876740][ T48] ? strscpy+0x9c/0x260 [ 20.880724][ T48] process_one_work+0x6dc/0xbd0 [ 20.885412][ T48] worker_thread+0xaea/0x1510 [ 20.889930][ T48] ? _raw_spin_lock+0x1b0/0x1b0 [ 20.894618][ T48] kthread+0x34b/0x3d0 [ 20.898516][ T48] ? worker_clr_flags+0x180/0x180 [ 20.903380][ T48] ? kthread_blkcg+0xd0/0xd0 [ 20.907805][ T48] ret_from_fork+0x1f/0x30 [ 20.912054][ T48] Modules linked in: [ 20.915937][ T7] Kernel Offset: disabled [ 20.920148][ T7] Rebooting in 86400 seconds..