./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor120898172 <...> forked to background, child pid 3207 no interfaces have a carrier [ 26.742620][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.751908][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.99' (ECDSA) to the list of known hosts. execve("./syz-executor120898172", ["./syz-executor120898172"], 0x7fff4781b590 /* 10 vars */) = 0 brk(NULL) = 0x55555589a000 brk(0x55555589ac40) = 0x55555589ac40 arch_prctl(ARCH_SET_FS, 0x55555589a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor120898172", 4096) = 27 brk(0x5555558bbc40) = 0x5555558bbc40 brk(0x5555558bc000) = 0x5555558bc000 mprotect(0x7f7f2ac08000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3628 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3628", 4) = 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3629 attached , child_tidptr=0x55555589a5d0) = 3629 [pid 3628] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3630 ./strace-static-x86_64: Process 3630 attached [pid 3628] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3630] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 3629] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3631 attached [pid 3630] ioctl(3, LOOP_CLR_FD [pid 3629] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3629] close(3) = 0 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3632 [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3628] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3631 [pid 3628] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... openat resumed>) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3628] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3633 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3628] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3634 [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3635 [pid 3628] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3630] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 3632 attached [pid 3630] close(3 [pid 3628] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3636 [pid 3630] <... close resumed>) = 0 ./strace-static-x86_64: Process 3635 attached [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3630] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3637 ./strace-static-x86_64: Process 3634 attached ./strace-static-x86_64: Process 3633 attached [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3635] write(3, "1000", 4) = 4 [pid 3634] <... openat resumed>) = 3 [pid 3632] <... openat resumed>) = 3 [pid 3635] close(3 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3635] <... close resumed>) = 0 [pid 3634] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3635] memfd_create("syzkaller", 0 [pid 3634] close(3 [pid 3635] <... memfd_create resumed>) = 3 [pid 3634] <... close resumed>) = 0 [pid 3635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] write(3, "1000", 4 [pid 3635] <... mmap resumed>) = 0x7f7f2274d000 [pid 3632] <... write resumed>) = 4 ./strace-static-x86_64: Process 3637 attached [pid 3635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3634] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3638 [pid 3633] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3632] close(3 [pid 3633] <... openat resumed>) = 3 [pid 3632] <... close resumed>) = 0 [pid 3633] ioctl(3, LOOP_CLR_FD [pid 3632] memfd_create("syzkaller", 0./strace-static-x86_64: Process 3636 attached [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3635] <... write resumed>) = 524288 [pid 3632] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 3638 attached [pid 3637] <... prctl resumed>) = 0 [pid 3633] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f2274d000 [pid 3637] setpgid(0, 0 [pid 3633] close(3 [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4 [pid 3632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3638] <... write resumed>) = 4 [pid 3637] <... setpgid resumed>) = 0 [pid 3635] munmap(0x7f7f2274d000, 524288 [pid 3633] <... close resumed>) = 0 [pid 3638] close(3 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3635] <... munmap resumed>) = 0 [pid 3633] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3638] <... close resumed>) = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3635] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3638] memfd_create("syzkaller", 0 [pid 3635] <... openat resumed>) = 4 [pid 3638] <... memfd_create resumed>) = 3 [pid 3637] <... openat resumed>) = 3 [pid 3635] ioctl(4, LOOP_SET_FD, 3 [pid 3638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3637] write(3, "1000", 4 [pid 3636] <... openat resumed>) = 3 [pid 3633] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3640 [pid 3632] <... write resumed>) = 524288 [pid 3638] <... mmap resumed>) = 0x7f7f2274d000 ./strace-static-x86_64: Process 3640 attached [pid 3638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3637] <... write resumed>) = 4 [pid 3636] ioctl(3, LOOP_CLR_FD [pid 3632] munmap(0x7f7f2274d000, 524288 [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3637] close(3 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3636] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3640] <... openat resumed>) = 3 [pid 3637] <... close resumed>) = 0 [pid 3636] close(3 [pid 3632] <... munmap resumed>) = 0 [pid 3640] write(3, "1000", 4 [pid 3637] memfd_create("syzkaller", 0 [pid 3636] <... close resumed>) = 0 [pid 3640] <... write resumed>) = 4 [pid 3632] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3640] close(3) = 0 [pid 3640] memfd_create("syzkaller", 0 [pid 3637] <... memfd_create resumed>) = 3 [pid 3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3640] <... memfd_create resumed>) = 3 [pid 3637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3632] <... openat resumed>) = 4 [pid 3640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f2274d000 [pid 3640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3637] <... mmap resumed>) = 0x7f7f2274d000 [pid 3636] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3641 [pid 3632] ioctl(4, LOOP_SET_FD, 3 [pid 3638] <... write resumed>) = 524288 [pid 3635] <... ioctl resumed>) = 0 [pid 3640] <... write resumed>) = 524288 [pid 3638] munmap(0x7f7f2274d000, 524288 [pid 3637] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3635] close(3./strace-static-x86_64: Process 3641 attached [pid 3638] <... munmap resumed>) = 0 [pid 3635] <... close resumed>) = 0 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3638] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3635] mkdir("./file0", 0777 [pid 3641] <... prctl resumed>) = 0 [pid 3638] <... openat resumed>) = 4 [pid 3635] <... mkdir resumed>) = 0 [pid 3641] setpgid(0, 0 [pid 3638] ioctl(4, LOOP_SET_FD, 3 syzkaller login: [ 50.680509][ T3635] loop2: detected capacity change from 0 to 1024 [ 50.711775][ T3632] loop0: detected capacity change from 0 to 1024 [ 50.717601][ T3638] loop4: detected capacity change from 0 to 1024 [pid 3635] mount("/dev/loop2", "./file0", "hfsplus", 0, "" [pid 3641] <... setpgid resumed>) = 0 [pid 3637] <... write resumed>) = 524288 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] memfd_create("syzkaller", 0 [pid 3640] munmap(0x7f7f2274d000, 524288 [pid 3641] <... memfd_create resumed>) = 3 [pid 3640] <... munmap resumed>) = 0 [pid 3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3640] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3641] <... mmap resumed>) = 0x7f7f2274d000 [pid 3640] <... openat resumed>) = 4 [pid 3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3640] ioctl(4, LOOP_SET_FD, 3 [pid 3637] munmap(0x7f7f2274d000, 524288 [pid 3640] <... ioctl resumed>) = 0 [pid 3638] <... ioctl resumed>) = 0 [pid 3637] <... munmap resumed>) = 0 [pid 3632] <... ioctl resumed>) = 0 [pid 3638] close(3) = 0 [pid 3638] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3637] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3632] close(3 [pid 3638] mount("/dev/loop4", "./file0", "hfsplus", 0, "" [pid 3635] <... mount resumed>) = 0 [pid 3637] <... openat resumed>) = 4 [pid 3635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3632] <... close resumed>) = 0 [pid 3641] <... write resumed>) = 524288 [pid 3637] ioctl(4, LOOP_SET_FD, 3 [pid 3635] <... openat resumed>) = 3 [pid 3632] mkdir("./file0", 0777 [pid 3641] munmap(0x7f7f2274d000, 524288 [pid 3638] <... mount resumed>) = 0 [pid 3635] ioctl(4, LOOP_CLR_FD [pid 3641] <... munmap resumed>) = 0 [pid 3638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3635] <... ioctl resumed>) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3638] <... openat resumed>) = 3 [pid 3635] close(4 [pid 3641] <... openat resumed>) = 4 [pid 3638] ioctl(4, LOOP_CLR_FD [pid 3635] <... close resumed>) = 0 [pid 3641] ioctl(4, LOOP_SET_FD, 3 [pid 3638] <... ioctl resumed>) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3638] close(4 [pid 3637] <... ioctl resumed>) = 0 [pid 3635] <... openat resumed>) = 4 [pid 3632] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3638] <... close resumed>) = 0 [pid 3635] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 3638] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3640] close(3 [pid 3638] <... openat resumed>) = 4 [pid 3632] mount("/dev/loop0", "./file0", "hfsplus", 0, "" [pid 3640] <... close resumed>) = 0 [pid 3638] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 3640] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 3640] mount("/dev/loop3", "./file0", "hfsplus", 0, "" [pid 3637] close(3) = 0 [pid 3641] <... ioctl resumed>) = 0 [pid 3637] mkdir("./file0", 0777 [pid 3641] close(3 [pid 3640] <... mount resumed>) = 0 [pid 3637] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3632] <... mount resumed>) = 0 [pid 3641] <... close resumed>) = 0 [pid 3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3637] mount("/dev/loop1", "./file0", "hfsplus", 0, "" [pid 3641] mkdir("./file0", 0777 [pid 3640] <... openat resumed>) = 3 [pid 3641] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3640] ioctl(4, LOOP_CLR_FD [pid 3641] mount("/dev/loop5", "./file0", "hfsplus", 0, "" [pid 3640] <... ioctl resumed>) = 0 [pid 3632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3640] close(4 [pid 3632] <... openat resumed>) = 3 [pid 3640] <... close resumed>) = 0 [pid 3632] ioctl(4, LOOP_CLR_FD [pid 3640] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3632] <... ioctl resumed>) = 0 [pid 3640] <... openat resumed>) = 4 [pid 3640] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 3632] close(4) = 0 [pid 3637] <... mount resumed>) = 0 [pid 3632] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3632] <... openat resumed>) = 4 [pid 3637] <... openat resumed>) = 3 [pid 3632] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 3637] ioctl(4, LOOP_CLR_FD) = 0 [pid 3637] close(4) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop5", O_RDONLY) = 4 [ 50.723341][ T3639] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 50.736828][ T3640] loop3: detected capacity change from 0 to 1024 [ 50.760000][ T3637] loop1: detected capacity change from 0 to 1024 [ 50.763071][ T3641] loop5: detected capacity change from 0 to 1024 [pid 3637] ioctl(4, LOOP_SET_BLOCK_SIZE, 2048 [pid 3640] <... ioctl resumed>) = 0 [pid 3638] <... ioctl resumed>) = 0 [pid 3635] <... ioctl resumed>) = 0 [ 50.818480][ T41] ================================================================== [ 50.826573][ T41] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0xb55/0x1140 [ 50.834155][ T41] Write of size 2048 at addr ffff88801dbb1000 by task kworker/u4:2/41 [ 50.842320][ T41] [ 50.844819][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0 [ 50.854814][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 50.864982][ T41] Workqueue: loop5 loop_rootcg_workfn [ 50.870454][ T41] Call Trace: [ 50.873738][ T41] [ 50.876909][ T41] dump_stack_lvl+0xd1/0x138 [ 50.881515][ T41] print_report+0x15e/0x45d [ 50.886039][ T41] ? __phys_addr+0xc8/0x140 [ 50.890565][ T41] ? _copy_to_iter+0xb55/0x1140 [ 50.895442][ T41] kasan_report+0xbf/0x1f0 [ 50.899884][ T41] ? _copy_to_iter+0xb55/0x1140 [ 50.904746][ T41] kasan_check_range+0x141/0x190 [ 50.909700][ T41] memcpy+0x3d/0x60 [ 50.913528][ T41] _copy_to_iter+0xb55/0x1140 [ 50.918225][ T41] ? _copy_from_iter+0xf40/0xf40 [ 50.923178][ T41] ? folio_flags.constprop.0+0x53/0x150 [ 50.928747][ T41] ? shmem_get_folio_gfp+0x1026/0x1a60 [ 50.934228][ T41] ? page_copy_sane+0x28f/0x410 [ 50.939087][ T41] copy_page_to_iter+0xe0/0xa20 [ 50.943951][ T41] shmem_file_read_iter+0x37e/0xa50 [ 50.949181][ T41] ? shmem_read_mapping_page_gfp+0x230/0x230 [ 50.955188][ T41] ? mark_lock.part.0+0xee/0x1910 [ 50.960235][ T41] do_iter_readv_writev+0x2e0/0x3b0 [ 50.965447][ T41] ? lock_chain_count+0x20/0x20 [ 50.970321][ T41] ? generic_copy_file_range+0x1d0/0x1d0 [ 50.975970][ T41] ? security_file_permission+0xaf/0xd0 [ 50.981546][ T41] do_iter_read+0x2f2/0x750 [ 50.986072][ T41] ? mark_held_locks+0x9f/0xe0 [ 50.990867][ T41] ? rwlock_bug.part.0+0x90/0x90 [ 50.995809][ T41] vfs_iter_read+0x74/0xa0 [ 51.000244][ T41] loop_process_work+0x1592/0x2070 [ 51.005373][ T41] ? loop_queue_rq+0x11f0/0x11f0 [ 51.010418][ T41] ? lock_release+0x810/0x810 [ 51.015123][ T41] ? lock_downgrade+0x6e0/0x6e0 [ 51.020008][ T41] process_one_work+0x9bf/0x1710 [ 51.024954][ T41] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 51.030329][ T41] ? rwlock_bug.part.0+0x90/0x90 [ 51.035271][ T41] ? _raw_spin_lock_irq+0x45/0x50 [ 51.040308][ T41] worker_thread+0x669/0x1090 [ 51.045013][ T41] ? process_one_work+0x1710/0x1710 [ 51.050219][ T41] kthread+0x2e8/0x3a0 [ 51.054291][ T41] ? kthread_complete_and_exit+0x40/0x40 [ 51.059936][ T41] ret_from_fork+0x1f/0x30 [ 51.064376][ T41] [ 51.067397][ T41] [ 51.069733][ T41] Allocated by task 3641: [ 51.074065][ T41] kasan_save_stack+0x22/0x40 [ 51.078769][ T41] kasan_set_track+0x25/0x30 [ 51.083373][ T41] __kasan_kmalloc+0xa5/0xb0 [ 51.087970][ T41] __kmalloc+0x5a/0xd0 [ 51.092046][ T41] hfsplus_read_wrapper+0x407/0xfd0 [ 51.097262][ T41] hfsplus_fill_super+0x31a/0x1a30 [ 51.102393][ T41] mount_bdev+0x351/0x410 [ 51.106738][ T41] legacy_get_tree+0x109/0x220 [ 51.111505][ T41] vfs_get_tree+0x8d/0x2f0 [ 51.115931][ T41] path_mount+0x132a/0x1e20 [ 51.120453][ T41] __x64_sys_mount+0x283/0x300 [ 51.125232][ T41] do_syscall_64+0x39/0xb0 [ 51.129666][ T41] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.135584][ T41] [ 51.137907][ T41] The buggy address belongs to the object at ffff88801dbb1000 [ 51.137907][ T41] which belongs to the cache kmalloc-512 of size 512 [ 51.152129][ T41] The buggy address is located 0 bytes inside of [ 51.152129][ T41] 512-byte region [ffff88801dbb1000, ffff88801dbb1200) [ 51.165228][ T41] [ 51.167557][ T41] The buggy address belongs to the physical page: [ 51.173964][ T41] page:ffffea000076ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dbb0 [ 51.184113][ T41] head:ffffea000076ec00 order:2 compound_mapcount:0 compound_pincount:0 [ 51.192439][ T41] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 51.200432][ T41] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888012041c80 [ 51.209023][ T41] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 51.217606][ T41] page dumped because: kasan: bad access detected [ 51.224023][ T41] page_owner tracks the page as allocated [ 51.229735][ T41] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 722, tgid 722 (kworker/u4:1), ts 6148153635, free_ts 0 [ 51.250064][ T41] get_page_from_freelist+0x10b5/0x2d50 [ 51.255645][ T41] __alloc_pages+0x1cb/0x5b0 [ 51.260358][ T41] alloc_pages+0x1aa/0x270 [ 51.264787][ T41] allocate_slab+0x25f/0x350 [ 51.269381][ T41] ___slab_alloc+0xa91/0x1400 [ 51.274069][ T41] __slab_alloc.constprop.0+0x56/0xa0 [ 51.279534][ T41] __kmem_cache_alloc_node+0x199/0x3e0 [ 51.285009][ T41] kmalloc_trace+0x26/0x60 [ 51.289439][ T41] alloc_bprm+0x51/0x900 [ 51.293696][ T41] kernel_execve+0xaf/0x500 [ 51.298203][ T41] call_usermodehelper_exec_async+0x2e7/0x580 [ 51.304277][ T41] ret_from_fork+0x1f/0x30 [ 51.308704][ T41] page_owner free stack trace missing [ 51.314075][ T41] [ 51.316403][ T41] Memory state around the buggy address: [ 51.322028][ T41] ffff88801dbb1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.330093][ T41] ffff88801dbb1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.338156][ T41] >ffff88801dbb1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.346216][ T41] ^ [ 51.350278][ T41] ffff88801dbb1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.358344][ T41] ffff88801dbb1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [pid 3640] exit_group(0 [pid 3638] exit_group(0 [pid 3637] <... ioctl resumed>) = 0 [pid 3635] exit_group(0 [pid 3632] <... ioctl resumed>) = 0 [pid 3640] <... exit_group resumed>) = ? [pid 3638] <... exit_group resumed>) = ? [pid 3635] <... exit_group resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3638] +++ exited with 0 +++ [pid 3635] +++ exited with 0 +++ [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3634] <... openat resumed>) = 3 [pid 3631] <... ioctl resumed>) = 0 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] close(3 [pid 3634] <... ioctl resumed>) = 0 [pid 3631] <... close resumed>) = 0 [pid 3634] close(3 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3634] <... close resumed>) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3643 [pid 3634] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3644 ./strace-static-x86_64: Process 3644 attached [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4./strace-static-x86_64: Process 3643 attached ) = 4 [pid 3644] close(3 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3644] <... close resumed>) = 0 [pid 3643] <... prctl resumed>) = 0 [pid 3644] memfd_create("syzkaller", 0 [pid 3643] setpgid(0, 0 [pid 3644] <... memfd_create resumed>) = 3 [pid 3643] <... setpgid resumed>) = 0 [pid 3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3644] <... mmap resumed>) = 0x7f7f2274d000 [pid 3643] <... openat resumed>) = 3 [pid 3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f2274d000 [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3644] <... write resumed>) = 524288 [pid 3644] munmap(0x7f7f2274d000, 524288) = 0 [pid 3644] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3643] munmap(0x7f7f2274d000, 524288 [pid 3644] <... openat resumed>) = 4 [pid 3643] <... munmap resumed>) = 0 [pid 3644] ioctl(4, LOOP_SET_FD, 3 [pid 3643] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3644] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3643] <... openat resumed>) = 4 [pid 3644] ioctl(4, LOOP_CLR_FD [pid 3643] ioctl(4, LOOP_SET_FD, 3 [pid 3644] <... ioctl resumed>) = 0 [pid 3643] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3644] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3644] close(4 [pid 3643] ioctl(4, LOOP_SET_FD, 3 [pid 3644] <... close resumed>) = 0 [pid 3643] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3644] close(3 [pid 3643] close(4 [pid 3644] <... close resumed>) = 0 [pid 3643] <... close resumed>) = 0 [pid 3644] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3643] close(3 [pid 3644] <... openat resumed>) = 3 [pid 3643] <... close resumed>) = 0 [pid 3644] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3643] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3644] <... ioctl resumed>) = 0 [pid 3643] <... openat resumed>) = 3 [pid 3644] exit_group(0 [pid 3643] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3644] <... exit_group resumed>) = ? [pid 3643] <... ioctl resumed>) = 0 [pid 3644] +++ exited with 0 +++ [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3634] <... openat resumed>) = 3 [pid 3631] restart_syscall(<... resuming interrupted clone ...> [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] <... restart_syscall resumed>) = 0 [pid 3634] <... ioctl resumed>) = 0 [pid 3634] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... openat resumed>) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3634] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3645 [pid 3631] <... ioctl resumed>) = 0 [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3646 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3646 attached [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3645] <... prctl resumed>) = 0 [pid 3645] setpgid(0, 0 [pid 3646] <... prctl resumed>) = 0 [pid 3645] <... setpgid resumed>) = 0 [pid 3646] setpgid(0, 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3646] <... setpgid resumed>) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3645] <... openat resumed>) = 3 [pid 3646] <... openat resumed>) = 3 [pid 3645] write(3, "1000", 4 [pid 3646] write(3, "1000", 4 [pid 3645] <... write resumed>) = 4 [pid 3646] <... write resumed>) = 4 [pid 3645] close(3 [pid 3646] close(3 [pid 3645] <... close resumed>) = 0 [pid 3646] <... close resumed>) = 0 [pid 3645] memfd_create("syzkaller", 0 [pid 3646] memfd_create("syzkaller", 0 [pid 3645] <... memfd_create resumed>) = 3 [pid 3646] <... memfd_create resumed>) = 3 [pid 3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3645] <... mmap resumed>) = 0x7f7f2274d000 [pid 3646] <... mmap resumed>) = 0x7f7f2274d000 [pid 3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3645] <... write resumed>) = 524288 [pid 3645] munmap(0x7f7f2274d000, 524288) = 0 [pid 3646] munmap(0x7f7f2274d000, 524288) = 0 [pid 3645] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3646] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3645] <... openat resumed>) = 4 [pid 3646] <... openat resumed>) = 4 [pid 3645] ioctl(4, LOOP_SET_FD, 3 [pid 3646] ioctl(4, LOOP_SET_FD, 3 [pid 3645] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3646] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3646] ioctl(4, LOOP_CLR_FD [pid 3645] ioctl(4, LOOP_CLR_FD [pid 3646] <... ioctl resumed>) = 0 [pid 3645] <... ioctl resumed>) = 0 [pid 3646] ioctl(4, LOOP_SET_FD, 3 [pid 3645] ioctl(4, LOOP_SET_FD, 3 [pid 3646] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3645] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3646] close(4 [pid 3645] close(4 [pid 3646] <... close resumed>) = 0 [pid 3645] <... close resumed>) = 0 [pid 3646] close(3 [pid 3645] close(3 [pid 3646] <... close resumed>) = 0 [pid 3645] <... close resumed>) = 0 [pid 3646] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3645] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3646] <... openat resumed>) = 3 [pid 3645] <... openat resumed>) = 3 [pid 3646] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3645] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3646] <... ioctl resumed>) = 0 [pid 3645] <... ioctl resumed>) = 0 [pid 3646] exit_group(0 [pid 3645] exit_group(0 [pid 3646] <... exit_group resumed>) = ? [pid 3645] <... exit_group resumed>) = ? [pid 3646] +++ exited with 0 +++ [pid 3645] +++ exited with 0 +++ [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3634] <... openat resumed>) = 3 [pid 3631] <... openat resumed>) = 3 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3634] <... ioctl resumed>) = 0 [pid 3631] <... ioctl resumed>) = 0 [pid 3634] close(3 [pid 3631] close(3 [pid 3634] <... close resumed>) = 0 [pid 3631] <... close resumed>) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3634] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3647 [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0./strace-static-x86_64: Process 3647 attached ) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3648] <... openat resumed>) = 3 [pid 3647] <... prctl resumed>) = 0 [pid 3648] write(3, "1000", 4 [pid 3647] setpgid(0, 0 [pid 3648] <... write resumed>) = 4 [pid 3647] <... setpgid resumed>) = 0 [pid 3648] close(3 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3648] <... close resumed>) = 0 [pid 3647] <... openat resumed>) = 3 [pid 3648] memfd_create("syzkaller", 0 [pid 3647] write(3, "1000", 4 [pid 3648] <... memfd_create resumed>) = 3 [pid 3647] <... write resumed>) = 4 [pid 3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3647] close(3 [pid 3648] <... mmap resumed>) = 0x7f7f2274d000 [pid 3647] <... close resumed>) = 0 [pid 3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3647] memfd_create("syzkaller", 0) = 3 [pid 3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f2274d000 [pid 3647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3633] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3633] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3648] <... write resumed>) = 524288 [pid 3633] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 3647] munmap(0x7f7f2274d000, 524288 [pid 3633] ioctl(3, LOOP_CLR_FD [pid 3648] munmap(0x7f7f2274d000, 524288 [pid 3647] <... munmap resumed>) = 0 [pid 3633] <... ioctl resumed>) = 0 [pid 3648] <... munmap resumed>) = 0 [pid 3647] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3633] close(3 [pid 3648] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3647] <... openat resumed>) = 4 [pid 3633] <... close resumed>) = 0 [pid 3648] <... openat resumed>) = 4 [pid 3647] ioctl(4, LOOP_SET_FD, 3 [pid 3633] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3648] ioctl(4, LOOP_SET_FD, 3 [pid 3647] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3648] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3647] ioctl(4, LOOP_CLR_FD [pid 3633] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3649 [pid 3648] ioctl(4, LOOP_CLR_FD [pid 3647] <... ioctl resumed>) = 0 [pid 3648] <... ioctl resumed>) = 0 [pid 3647] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3648] ioctl(4, LOOP_SET_FD, 3 [pid 3647] close(4 [pid 3648] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3647] <... close resumed>) = 0 [pid 3648] close(4 [pid 3647] close(3 [pid 3648] <... close resumed>) = 0 [pid 3647] <... close resumed>) = 0 [pid 3648] close(3 [pid 3647] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3648] <... close resumed>) = 0 [pid 3647] <... openat resumed>) = 3 [pid 3648] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3647] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3648] <... openat resumed>) = 3 [pid 3647] <... ioctl resumed>) = 0 [pid 3648] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3647] exit_group(0 [pid 3648] <... ioctl resumed>) = 0 [pid 3647] <... exit_group resumed>) = ? [pid 3648] exit_group(0 [pid 3647] +++ exited with 0 +++ [pid 3648] <... exit_group resumed>) = ? [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3648] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 3634] ioctl(3, LOOP_CLR_FD) = 0 [pid 3634] close(3) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3650 [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = 0 [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3651 ./strace-static-x86_64: Process 3650 attached [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3651 attached [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] <... prctl resumed>) = 0 [pid 3651] setpgid(0, 0 [pid 3650] setpgid(0, 0 [pid 3651] <... setpgid resumed>) = 0 [pid 3650] <... setpgid resumed>) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3651] <... openat resumed>) = 3 [pid 3650] <... openat resumed>) = 3 [pid 3651] write(3, "1000", 4 [pid 3650] write(3, "1000", 4 [pid 3651] <... write resumed>) = 4 [pid 3650] <... write resumed>) = 4 [pid 3651] close(3 [pid 3650] close(3 [pid 3651] <... close resumed>) = 0 [pid 3650] <... close resumed>) = 0 [pid 3651] memfd_create("syzkaller", 0 [pid 3650] memfd_create("syzkaller", 0 [pid 3651] <... memfd_create resumed>) = 3 [pid 3650] <... memfd_create resumed>) = 3 [pid 3651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3651] <... mmap resumed>) = 0x7f7f2274d000 [pid 3650] <... mmap resumed>) = 0x7f7f2274d000 [pid 3651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3651] <... write resumed>) = 524288 [pid 3651] munmap(0x7f7f2274d000, 524288 [pid 3650] <... write resumed>) = 524288 [pid 3651] <... munmap resumed>) = 0 [pid 3650] munmap(0x7f7f2274d000, 524288 [pid 3651] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3650] <... munmap resumed>) = 0 [pid 3651] <... openat resumed>) = 4 [pid 3650] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3651] ioctl(4, LOOP_SET_FD, 3 [pid 3650] <... openat resumed>) = 4 [pid 3651] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3650] ioctl(4, LOOP_SET_FD, 3 [pid 3651] ioctl(4, LOOP_CLR_FD [pid 3650] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3651] <... ioctl resumed>) = 0 [pid 3650] ioctl(4, LOOP_CLR_FD) = 0 [pid 3651] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3650] ioctl(4, LOOP_SET_FD, 3 [pid 3651] close(4 [pid 3650] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3651] <... close resumed>) = 0 [pid 3650] close(4 [pid 3651] close(3 [pid 3650] <... close resumed>) = 0 [pid 3651] <... close resumed>) = 0 [pid 3650] close(3 [pid 3651] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3650] <... close resumed>) = 0 [pid 3651] <... openat resumed>) = 3 [pid 3650] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3651] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3650] <... openat resumed>) = 3 [pid 3651] <... ioctl resumed>) = 0 [pid 3650] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3651] exit_group(0 [pid 3650] <... ioctl resumed>) = 0 [pid 3651] <... exit_group resumed>) = ? [pid 3650] exit_group(0 [pid 3651] +++ exited with 0 +++ [pid 3650] <... exit_group resumed>) = ? [pid 3650] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = 0 [pid 3631] close(3) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3634] <... openat resumed>) = 3 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3653 [pid 3634] <... ioctl resumed>) = 0 [pid 3634] close(3) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3654 ./strace-static-x86_64: Process 3653 attached [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 3654 attached ) = 3 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3653] write(3, "1000", 4 [pid 3654] <... prctl resumed>) = 0 [pid 3653] <... write resumed>) = 4 [pid 3654] setpgid(0, 0 [pid 3653] close(3 [pid 3654] <... setpgid resumed>) = 0 [pid 3653] <... close resumed>) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3653] memfd_create("syzkaller", 0 [pid 3654] <... openat resumed>) = 3 [pid 3653] <... memfd_create resumed>) = 3 [pid 3654] write(3, "1000", 4 [pid 3653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3654] <... write resumed>) = 4 [pid 3653] <... mmap resumed>) = 0x7f7f2274d000 [pid 3654] close(3 [pid 3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3654] <... close resumed>) = 0 [pid 3654] memfd_create("syzkaller", 0 [pid 3653] <... write resumed>) = 524288 [pid 3654] <... memfd_create resumed>) = 3 [pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f2274d000 [pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3653] munmap(0x7f7f2274d000, 524288) = 0 [pid 3653] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3653] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 3653] ioctl(4, LOOP_CLR_FD) = 0 [pid 3654] munmap(0x7f7f2274d000, 524288) = 0 [pid 3654] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3653] ioctl(4, LOOP_SET_FD, 3 [pid 3654] <... openat resumed>) = 4 [pid 3653] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3654] ioctl(4, LOOP_SET_FD, 3 [pid 3653] close(4 [pid 3654] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3653] <... close resumed>) = 0 [pid 3654] ioctl(4, LOOP_CLR_FD [pid 3653] close(3 [pid 3654] <... ioctl resumed>) = 0 [pid 3653] <... close resumed>) = 0 [pid 3653] openat(AT_FDCWD, "/dev/loop5", O_RDONLY) = 3 [pid 3653] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048) = 0 [pid 3654] ioctl(4, LOOP_SET_FD, 3 [pid 3653] exit_group(0 [pid 3654] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3653] <... exit_group resumed>) = ? [pid 3654] close(4 [pid 3653] +++ exited with 0 +++ [pid 3654] <... close resumed>) = 0 [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3654] close(3) = 0 [pid 3654] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3654] <... openat resumed>) = 3 [pid 3631] <... openat resumed>) = 3 [pid 3654] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3654] <... ioctl resumed>) = 0 [pid 3631] <... ioctl resumed>) = 0 [pid 3654] exit_group(0 [pid 3631] close(3 [pid 3654] <... exit_group resumed>) = ? [pid 3631] <... close resumed>) = 0 [pid 3654] +++ exited with 0 +++ [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3656 [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 3634] ioctl(3, LOOP_CLR_FD) = 0 [pid 3634] close(3) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3657 ./strace-static-x86_64: Process 3656 attached ./strace-static-x86_64: Process 3657 attached [pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3656] <... prctl resumed>) = 0 [pid 3657] <... prctl resumed>) = 0 [pid 3656] setpgid(0, 0 [pid 3657] setpgid(0, 0 [pid 3656] <... setpgid resumed>) = 0 [pid 3657] <... setpgid resumed>) = 0 [pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3656] <... openat resumed>) = 3 [pid 3657] <... openat resumed>) = 3 [pid 3656] write(3, "1000", 4 [pid 3657] write(3, "1000", 4 [pid 3656] <... write resumed>) = 4 [pid 3657] <... write resumed>) = 4 [pid 3656] close(3 [pid 3657] close(3 [pid 3656] <... close resumed>) = 0 [pid 3657] <... close resumed>) = 0 [pid 3656] memfd_create("syzkaller", 0 [pid 3657] memfd_create("syzkaller", 0 [pid 3656] <... memfd_create resumed>) = 3 [pid 3657] <... memfd_create resumed>) = 3 [pid 3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3656] <... mmap resumed>) = 0x7f7f2274d000 [pid 3657] <... mmap resumed>) = 0x7f7f2274d000 [pid 3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 3656] <... write resumed>) = 524288 [pid 3657] munmap(0x7f7f2274d000, 524288 [pid 3656] munmap(0x7f7f2274d000, 524288 [pid 3657] <... munmap resumed>) = 0 [pid 3656] <... munmap resumed>) = 0 [pid 3657] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3656] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3657] <... openat resumed>) = 4 [pid 3656] <... openat resumed>) = 4 [pid 3657] ioctl(4, LOOP_SET_FD, 3 [pid 3656] ioctl(4, LOOP_SET_FD, 3 [pid 3657] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3656] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3657] ioctl(4, LOOP_CLR_FD [pid 3656] ioctl(4, LOOP_CLR_FD [pid 3657] <... ioctl resumed>) = 0 [pid 3656] <... ioctl resumed>) = 0 [pid 3657] ioctl(4, LOOP_SET_FD, 3 [pid 3656] ioctl(4, LOOP_SET_FD, 3 [pid 3657] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3656] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3657] close(4 [pid 3656] close(4 [pid 3657] <... close resumed>) = 0 [pid 3656] <... close resumed>) = 0 [pid 3657] close(3 [pid 3656] close(3 [pid 3657] <... close resumed>) = 0 [pid 3656] <... close resumed>) = 0 [pid 3657] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3656] openat(AT_FDCWD, "/dev/loop5", O_RDONLY [pid 3657] <... openat resumed>) = 3 [pid 3656] <... openat resumed>) = 3 [pid 3657] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3656] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3657] <... ioctl resumed>) = 0 [pid 3656] <... ioctl resumed>) = 0 [pid 3657] exit_group(0 [pid 3656] exit_group(0 [pid 3657] <... exit_group resumed>) = ? [pid 3656] <... exit_group resumed>) = ? [pid 3657] +++ exited with 0 +++ [pid 3656] +++ exited with 0 +++ [pid 3634] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3634] restart_syscall(<... resuming interrupted clone ...> [pid 3631] restart_syscall(<... resuming interrupted clone ...> [pid 3634] <... restart_syscall resumed>) = 0 [pid 3631] <... restart_syscall resumed>) = 0 [pid 3634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3631] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 3634] <... openat resumed>) = 3 [pid 3631] <... openat resumed>) = 3 [pid 3634] ioctl(3, LOOP_CLR_FD [pid 3631] ioctl(3, LOOP_CLR_FD [pid 3634] <... ioctl resumed>) = 0 [pid 3631] <... ioctl resumed>) = 0 [pid 3634] close(3 [pid 3631] close(3 [pid 3634] <... close resumed>) = 0 [pid 3631] <... close resumed>) = 0 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3637] exit_group(0 [pid 3632] exit_group(0 [pid 3637] <... exit_group resumed>) = ? [pid 3634] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3658 [pid 3632] <... exit_group resumed>) = ? [pid 3631] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3659 [pid 3637] +++ exited with 0 +++ [pid 3632] +++ exited with 0 +++ [pid 3630] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3629] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3630] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3630] <... openat resumed>) = 3 [pid 3629] <... openat resumed>) = 3 [pid 3630] ioctl(3, LOOP_CLR_FD [pid 3629] ioctl(3, LOOP_CLR_FD [pid 3630] <... ioctl resumed>) = 0 [pid 3629] <... ioctl resumed>) = 0 [pid 3630] close(3 [pid 3629] close(3 [pid 3630] <... close resumed>) = 0 [pid 3629] <... close resumed>) = 0 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3630] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3660 [pid 3629] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3661 ./strace-static-x86_64: Process 3661 attached [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 3660 attached ) = 3 [pid 3661] write(3, "1000", 4 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3661] <... write resumed>) = 4 [pid 3660] <... prctl resumed>) = 0 [pid 3661] close(3 [pid 3660] setpgid(0, 0 [pid 3661] <... close resumed>) = 0 [pid 3660] <... setpgid resumed>) = 0 [pid 3661] memfd_create("syzkaller", 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3661] <... memfd_create resumed>) = 3 [pid 3660] <... openat resumed>) = 3 [pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3660] write(3, "1000", 4 [pid 3661] <... mmap resumed>) = 0x7f7f2274d000 [pid 3660] <... write resumed>) = 4 [pid 3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 3660] close(3 [pid 3661] <... write resumed>) = 524288 [pid 3660] <... close resumed>) = 0 [pid 3660] memfd_create("syzkaller", 0) = 3 [pid 3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 3661] munmap(0x7f7f2274d000, 524288 [pid 3660] <... mmap resumed>) = 0x7f7f2274d000 [pid 3661] <... munmap resumed>) = 0 [pid 3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 3659 attached ./strace-static-x86_64: Process 3658 attached ./strace-static-x86_64: Process 3649 attached ) = 524288 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3659] <... prctl resumed>) = 0 [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3649] <... prctl resumed>) = 0 [pid 3661] <... openat resumed>) = 4 [pid 3659] setpgid(0, 0 [pid 3658] <... prctl resumed>) = 0 [pid 3649] setpgid(0, 0 [pid 3661] ioctl(4, LOOP_SET_FD, 3 [pid 3659] <... setpgid resumed>) = 0 [pid 3658] setpgid(0, 0 [pid 3649] <... setpgid resumed>) = 0 [pid 3661] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3661] ioctl(4, LOOP_CLR_FD [pid 3660] munmap(0x7f7f2274d000, 524288 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3658] <... setpgid resumed>) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3661] <... ioctl resumed>) = 0 [pid 3660] <... munmap resumed>) = 0 [pid 3659] <... openat resumed>) = 3 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3649] <... openat resumed>) = 3 [pid 3660] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 51.366402][ T41] ================================================================== [pid 3659] write(3, "1000", 4 [pid 3658] <... openat resumed>) = 3 [pid 3649] write(3, "1000", 4 [pid 3660] <... openat resumed>) = 4 [pid 3659] <... write resumed>) = 4 [pid 3658] write(3, "1000", 4 [pid 3649] <... write resumed>) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3 [pid 3660] ioctl(4, LOOP_SET_FD, 3 [pid 3659] close(3 [pid 3658] <... write resumed>) = 4 [pid 3649] close(3 [pid 3661] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3660] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3659] <... close resumed>) = 0 [pid 3661] close(4 [pid 3660] ioctl(4, LOOP_CLR_FD [pid 3661] <... close resumed>) = 0 [pid 3660] <... ioctl resumed>) = 0 [pid 3661] close(3) = 0 [pid 3661] openat(AT_FDCWD, "/dev/loop5", O_RDONLY) = 3 [pid 3661] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3660] ioctl(4, LOOP_SET_FD, 3 [pid 3661] <... ioctl resumed>) = 0 [pid 3660] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3661] exit_group(0 [ 51.421156][ T41] Kernel panic - not syncing: panic_on_warn set ... [ 51.427774][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0 [ 51.437933][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.447987][ T41] Workqueue: loop5 loop_rootcg_workfn [ 51.453373][ T41] Call Trace: [ 51.456656][ T41] [ 51.459591][ T41] dump_stack_lvl+0xd1/0x138 [ 51.464202][ T41] panic+0x2cc/0x626 [pid 3660] close(4 [pid 3661] <... exit_group resumed>) = ? [pid 3660] <... close resumed>) = 0 [pid 3661] +++ exited with 0 +++ [pid 3660] close(3) = 0 [pid 3629] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3660] openat(AT_FDCWD, "/dev/loop5", O_RDONLY) = 3 [pid 3660] ioctl(3, LOOP_SET_BLOCK_SIZE, 2048 [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3660] <... ioctl resumed>) = 0 [pid 3629] <... openat resumed>) = 3 [pid 3660] exit_group(0 [pid 3629] ioctl(3, LOOP_CLR_FD [pid 3660] <... exit_group resumed>) = ? [pid 3629] <... ioctl resumed>) = 0 [pid 3660] +++ exited with 0 +++ [pid 3629] close(3 [pid 3630] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3629] <... close resumed>) = 0 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589a5d0) = 3665 [pid 3630] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 3630] ioctl(3, LOOP_CLR_FD) = 0 [pid 3630] close(3) = 0 [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3665 attached [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3630] <... clone resumed>, child_tidptr=0x55555589a5d0) = 3666 [pid 3665] <... prctl resumed>) = 0 [pid 3665] setpgid(0, 0) = 0 [ 51.468127][ T41] ? panic_print_sys_info.part.0+0x110/0x110 [ 51.474135][ T41] ? preempt_schedule_common+0x59/0xc0 [ 51.479608][ T41] ? preempt_schedule_thunk+0x1a/0x1c [ 51.485015][ T41] end_report.part.0+0x3f/0x7c [ 51.489794][ T41] ? _copy_to_iter+0xb55/0x1140 [ 51.494656][ T41] kasan_report.cold+0xa/0xf [ 51.499256][ T41] ? _copy_to_iter+0xb55/0x1140 [ 51.504130][ T41] kasan_check_range+0x141/0x190 [ 51.509094][ T41] memcpy+0x3d/0x60 [ 51.512928][ T41] _copy_to_iter+0xb55/0x1140 [ 51.517616][ T41] ? _copy_from_iter+0xf40/0xf40 [ 51.522556][ T41] ? folio_flags.constprop.0+0x53/0x150 [ 51.528118][ T41] ? shmem_get_folio_gfp+0x1026/0x1a60 [ 51.533608][ T41] ? page_copy_sane+0x28f/0x410 [ 51.538474][ T41] copy_page_to_iter+0xe0/0xa20 [ 51.543339][ T41] shmem_file_read_iter+0x37e/0xa50 [ 51.548557][ T41] ? shmem_read_mapping_page_gfp+0x230/0x230 [ 51.554551][ T41] ? mark_lock.part.0+0xee/0x1910 [ 51.559689][ T41] do_iter_readv_writev+0x2e0/0x3b0 [ 51.564912][ T41] ? lock_chain_count+0x20/0x20 [ 51.569791][ T41] ? generic_copy_file_range+0x1d0/0x1d0 [ 51.575619][ T41] ? security_file_permission+0xaf/0xd0 [ 51.581184][ T41] do_iter_read+0x2f2/0x750 [ 51.585706][ T41] ? mark_held_locks+0x9f/0xe0 [ 51.590489][ T41] ? rwlock_bug.part.0+0x90/0x90 [ 51.595442][ T41] vfs_iter_read+0x74/0xa0 [ 51.599900][ T41] loop_process_work+0x1592/0x2070 [ 51.605040][ T41] ? loop_queue_rq+0x11f0/0x11f0 [ 51.609985][ T41] ? lock_release+0x810/0x810 [ 51.614689][ T41] ? lock_downgrade+0x6e0/0x6e0 [ 51.619580][ T41] process_one_work+0x9bf/0x1710 [ 51.624537][ T41] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 51.629923][ T41] ? rwlock_bug.part.0+0x90/0x90 [ 51.634874][ T41] ? _raw_spin_lock_irq+0x45/0x50 [ 51.639909][ T41] worker_thread+0x669/0x1090 [ 51.644612][ T41] ? process_one_work+0x1710/0x1710 [ 51.649817][ T41] kthread+0x2e8/0x3a0 [ 51.653896][ T41] ? kthread_complete_and_exit+0x40/0x40 [ 51.659540][ T41] ret_from_fork+0x1f/0x30 [ 51.663985][ T41] [ 51.667789][ T41] Kernel Offset: disabled [ 51.672192][ T41] Rebooting in 86400 seconds..