./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3447654259 <...> Warning: Permanently added '10.128.0.64' (ED25519) to the list of known hosts. execve("./syz-executor3447654259", ["./syz-executor3447654259"], 0x7ffd3b9d1f50 /* 10 vars */) = 0 brk(NULL) = 0x555557454000 brk(0x555557454d00) = 0x555557454d00 arch_prctl(ARCH_SET_FS, 0x555557454380) = 0 set_tid_address(0x555557454650) = 5064 set_robust_list(0x555557454660, 24) = 0 rseq(0x555557454ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3447654259", 4096) = 28 getrandom("\xe4\x07\x0b\xee\xf0\xf1\x1a\xb2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557454d00 brk(0x555557475d00) = 0x555557475d00 brk(0x555557476000) = 0x555557476000 mprotect(0x7f83696df000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 78.129281][ T27] audit: type=1400 audit(1703589436.195:83): avc: denied { execmem } for pid=5064 comm="syz-executor344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 78.152419][ T27] audit: type=1400 audit(1703589436.225:84): avc: denied { read write } for pid=5064 comm="syz-executor344" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x555557454650) = 5065 [pid 5065] set_robust_list(0x555557454660, 24) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [ 78.179267][ T27] audit: type=1400 audit(1703589436.225:85): avc: denied { open } for pid=5064 comm="syz-executor344" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.204157][ T27] audit: type=1400 audit(1703589436.225:86): avc: denied { ioctl } for pid=5064 comm="syz-executor344" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.230746][ T27] audit: type=1400 audit(1703589436.245:87): avc: denied { append } for pid=4494 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.254088][ T27] audit: type=1400 audit(1703589436.245:88): avc: denied { open } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.277775][ T27] audit: type=1400 audit(1703589436.245:89): avc: denied { getattr } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5065] munmap(0x7f8361226000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "jfs", MS_LAZYTIME, "") = 0 [ 78.458598][ T5065] loop0: detected capacity change from 0 to 32768 [ 78.486027][ T27] audit: type=1400 audit(1703589436.545:90): avc: denied { mounton } for pid=5065 comm="syz-executor344" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 78.509205][ T27] audit: type=1400 audit(1703589436.555:91): avc: denied { mount } for pid=5065 comm="syz-executor344" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 78.537460][ T5065] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 78.537460][ T5065] [pid 5065] getdents64(4, 0x20000080 /* 4 entries */, 166) = 112 [pid 5065] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5065] mount(NULL, ".", 0x20000180, MS_REMOUNT, "") = -1 EINVAL (Invalid argument) [ 78.555061][ T5065] ERROR: (device loop0): remounting filesystem as read-only [ 78.563468][ T5065] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 3 [ 78.563468][ T5065] [ 78.575378][ T5065] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4 [ 78.575378][ T5065] [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached , child_tidptr=0x555557454650) = 5067 [pid 5067] set_robust_list(0x555557454660, 24) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [ 78.600065][ T27] audit: type=1400 audit(1703589436.665:92): avc: denied { remount } for pid=5065 comm="syz-executor344" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5067] close(3) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5067] munmap(0x7f8361226000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5067] close(4) = 0 [pid 5067] close(3) = 0 [pid 5067] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5067] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5067] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5067] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x555557454660, 24) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... clone resumed>, child_tidptr=0x555557454650) = 5068 [pid 5068] <... openat resumed>) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5068] munmap(0x7f8361226000, 138412032) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5068] close(4) = 0 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5068] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5068] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5068] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5068] exit_group(0) = ? [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x555557454650) = 5069 [pid 5069] set_robust_list(0x555557454660, 24) = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5069] munmap(0x7f8361226000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5069] close(4) = 0 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5069] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5069] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5069] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached , child_tidptr=0x555557454650) = 5070 [pid 5070] set_robust_list(0x555557454660, 24) = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5070] munmap(0x7f8361226000, 138412032) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5070] close(4) = 0 [pid 5070] close(3) = 0 [pid 5070] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5070] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5070] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5070] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5070] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x555557454660, 24) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x555557454650) = 5071 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5071] munmap(0x7f8361226000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5071] close(4) = 0 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5071] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5071] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5071] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x555557454650) = 5072 [pid 5072] set_robust_list(0x555557454660, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5072] munmap(0x7f8361226000, 138412032) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5072] close(4) = 0 [pid 5072] close(3) = 0 [pid 5072] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5072] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5072] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5072] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5072] exit_group(0) = ? [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x555557454650) = 5073 [pid 5073] set_robust_list(0x555557454660, 24) = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7f8361226000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5073] close(4) = 0 [pid 5073] close(3) = 0 [pid 5073] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5073] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5073] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5073] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x555557454650) = 5074 [pid 5074] set_robust_list(0x555557454660, 24) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5074] munmap(0x7f8361226000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5074] close(4) = 0 [pid 5074] close(3) = 0 [pid 5074] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5074] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5074] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5074] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x555557454650) = 5075 [pid 5075] set_robust_list(0x555557454660, 24) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5075] munmap(0x7f8361226000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5075] close(4) = 0 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5075] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5075] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5075] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x555557454650) = 5076 [pid 5076] set_robust_list(0x555557454660, 24) = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5076] munmap(0x7f8361226000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5076] close(4) = 0 [pid 5076] close(3) = 0 [pid 5076] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5076] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5076] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5076] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555557454660, 24) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... clone resumed>, child_tidptr=0x555557454650) = 5077 [pid 5077] <... prctl resumed>) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5077] munmap(0x7f8361226000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5077] close(4) = 0 [pid 5077] close(3) = 0 [pid 5077] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5077] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5077] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5077] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557454650) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555557454660, 24) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [ 83.569903][ T108] BUG: Bad page state in process jfsCommit pfn:203f4 [ 83.577002][ T108] page:ffffea000080fd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x203f4 [ 83.588173][ T108] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 83.600079][ T108] page_type: 0xffffffff() [ 83.604882][ T108] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000 [ 83.614415][ T108] raw: 000000000000001c ffff88801f8a34d8 00000000ffffffff 0000000000000000 [ 83.623784][ T108] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 83.631840][ T108] page_owner tracks the page as allocated [ 83.638449][ T108] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5065, tgid 5065 (syz-executor344), ts 78499630615, free_ts 78220594656 [ 83.656476][ T108] post_alloc_hook+0x2d0/0x350 [ 83.661701][ T108] get_page_from_freelist+0xa25/0x36d0 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [ 83.668085][ T108] __alloc_pages+0x22e/0x2420 [ 83.673202][ T108] alloc_pages_mpol+0x258/0x5f0 [ 83.678927][ T108] folio_alloc+0x1e/0xe0 [ 83.683798][ T108] filemap_alloc_folio+0x3bb/0x490 [ 83.690228][ T108] do_read_cache_folio+0x1b8/0x540 [ 83.695817][ T108] read_cache_page+0x5b/0x160 [ 83.701423][ T108] __get_metapage+0x993/0x1170 [ 83.707096][ T108] diRead+0x650/0xb00 [ 83.711691][ T108] jfs_iget+0x84/0x4c0 [ 83.715971][ T108] jfs_fill_super+0x6c8/0xd20 [pid 5078] munmap(0x7f8361226000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [ 83.721523][ T108] mount_bdev+0x1f3/0x2e0 [ 83.725953][ T108] legacy_get_tree+0x109/0x220 [ 83.731028][ T108] vfs_get_tree+0x8c/0x370 [ 83.736667][ T108] path_mount+0x1492/0x1ed0 [ 83.741248][ T108] page last free stack trace: [ 83.745905][ T108] free_unref_page_prepare+0x4fa/0xaa0 [ 83.751791][ T108] free_unref_page+0x33/0x3b0 [ 83.756677][ T108] slabs_destroy+0x85/0xc0 [ 83.761190][ T108] ___cache_free+0x2b7/0x420 [ 83.766556][ T108] qlist_free_all+0x4c/0x1b0 [pid 5078] close(4) = 0 [ 83.771181][ T108] kasan_quarantine_reduce+0x18e/0x1d0 [ 83.777244][ T108] __kasan_slab_alloc+0x65/0x90 [ 83.782125][ T108] kmem_cache_alloc+0x159/0x360 [ 83.787502][ T108] flock_lock_inode+0xb7f/0xff0 [ 83.792387][ T108] locks_lock_inode_wait+0x1c7/0x450 [ 83.806130][ T108] __do_sys_flock+0x403/0x4c0 [ 83.810867][ T108] do_syscall_64+0x40/0x110 [ 83.815398][ T108] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 83.828194][ T108] Modules linked in: [ 83.832136][ T108] CPU: 1 PID: 108 Comm: jfsCommit Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 [ 83.841960][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 83.852122][ T108] Call Trace: [ 83.855459][ T108] [ 83.858403][ T108] dump_stack_lvl+0x125/0x1b0 [ 83.863116][ T108] bad_page+0xb4/0x200 [ 83.867208][ T108] ? folio_flags+0x130/0x130 [ 83.871820][ T108] ? page_bad_reason+0x9d/0x190 [ 83.876780][ T108] free_unref_page_prepare+0x52f/0xaa0 [ 83.882266][ T108] free_unref_page+0x33/0x3b0 [ 83.886965][ T108] ? lockdep_hardirqs_on+0x7d/0x110 [ 83.892289][ T108] __folio_put+0xc3/0x110 [ 83.896654][ T108] txUnlock+0x6bb/0xd10 [ 83.900837][ T108] jfs_lazycommit+0x724/0xb10 [ 83.905541][ T108] ? txCommit+0x4fd0/0x4fd0 [ 83.910070][ T108] ? wake_up_state+0x10/0x10 [ 83.914675][ T108] ? lockdep_hardirqs_on+0x7d/0x110 [ 83.919901][ T108] ? __kthread_parkme+0x14b/0x220 [pid 5078] close(3) = 0 [pid 5078] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5078] getdents64(3, 0x20000080 /* 4 entries */, 166) = 152 [pid 5078] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5078] mount(NULL, ".", 0x20000180, MS_REMOUNT, "\xff\x30\x78\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x66\x60\xd4\x56\xaa\x83\x85\x41\x63\xdf\x19\xaa\x56\x62\x72\xeb\x53\x3a\xd8\x9c\x6f\x9b\xab\x2c\x3b\x92\x77\xd2\x87\x5d\x28\x25\x46\xf2\xf4\xdc\x38\xf6\xd0\xac\xaa\xf2\x73\xfe\x26\x43\x04\x3a\xd0\x1a\x65\x24\xf2\x07\xe2\xbc\x3d\x55\x96\xdf\xe8\xcf\xc8\x98\xae\xb4\x80\x1e\xf2\x37\xb5\x51\x94\xbb\x71\xfd\xf0\xfc\x39\x9f\x8a\xaf"...) = -1 EINVAL (Invalid argument) [ 83.924945][ T108] ? txCommit+0x4fd0/0x4fd0 [ 83.929466][ T108] kthread+0x2c6/0x3a0 [ 83.933526][ T108] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.938731][ T108] ? kthread_complete_and_exit+0x40/0x40 [ 83.944454][ T108] ret_from_fork+0x45/0x80 [ 83.948883][ T108] ? kthread_complete_and_exit+0x40/0x40 [ 83.954536][ T108] ret_from_fork_asm+0x11/0x20 [ 83.959308][ T108] [ 83.965848][ T108] Disabling lock debugging due to kernel taint [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557454650) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x555557454660, 24) = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8361226000 [ 83.972424][ T108] page:ffffea000080fd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x203f4 [ 83.982931][ T108] flags: 0xfff0000000820d(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) [ 83.994674][ T108] page_type: 0xffffffff() [ 83.999412][ T108] raw: 00fff0000000820d dead000000000100 dead000000000122 0000000000000000 [ 84.008335][ T108] raw: 000000000000001c ffff88801f8a34d8 00000000ffffffff 0000000000000000 [ 84.017345][ T108] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u)) [ 84.030755][ T108] page_owner tracks the page as allocated [ 84.039915][ T108] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5065, tgid 5065 (syz-executor344), ts 78499630615, free_ts 78220594656 [ 84.059628][ T108] post_alloc_hook+0x2d0/0x350 [ 84.064521][ T108] get_page_from_freelist+0xa25/0x36d0 [ 84.070726][ T108] __alloc_pages+0x22e/0x2420 [ 84.075474][ T108] alloc_pages_mpol+0x258/0x5f0 [ 84.080808][ T108] folio_alloc+0x1e/0xe0 [ 84.085118][ T108] filemap_alloc_folio+0x3bb/0x490 [ 84.090727][ T108] do_read_cache_folio+0x1b8/0x540 [ 84.095926][ T108] read_cache_page+0x5b/0x160 [ 84.101178][ T108] __get_metapage+0x993/0x1170 [ 84.105983][ T108] diRead+0x650/0xb00 [ 84.110378][ T108] jfs_iget+0x84/0x4c0 [ 84.114657][ T108] jfs_fill_super+0x6c8/0xd20 [ 84.119998][ T108] mount_bdev+0x1f3/0x2e0 [ 84.124530][ T108] legacy_get_tree+0x109/0x220 [ 84.129721][ T108] vfs_get_tree+0x8c/0x370 [ 84.134440][ T108] path_mount+0x1492/0x1ed0 [ 84.139415][ T108] page last free stack trace: [ 84.144189][ T108] free_unref_page_prepare+0x4fa/0xaa0 [ 84.150076][ T108] free_unref_page+0x33/0x3b0 [ 84.154796][ T108] slabs_destroy+0x85/0xc0 [ 84.162390][ T108] ___cache_free+0x2b7/0x420 [ 84.167269][ T108] qlist_free_all+0x4c/0x1b0 [ 84.171885][ T108] kasan_quarantine_reduce+0x18e/0x1d0 [ 84.177889][ T108] __kasan_slab_alloc+0x65/0x90 [ 84.182767][ T108] kmem_cache_alloc+0x159/0x360 [ 84.188102][ T108] flock_lock_inode+0xb7f/0xff0 [ 84.192986][ T108] locks_lock_inode_wait+0x1c7/0x450 [ 84.198710][ T108] __do_sys_flock+0x403/0x4c0 [ 84.203423][ T108] do_syscall_64+0x40/0x110 [ 84.208723][ T108] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 84.215012][ T108] ------------[ cut here ]------------ [ 84.220603][ T108] kernel BUG at include/linux/mm.h:1449! [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f8361226000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 84.226934][ T108] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 84.233028][ T108] CPU: 1 PID: 108 Comm: jfsCommit Tainted: G B 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 [ 84.244411][ T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 84.254566][ T108] RIP: 0010:put_metapage+0x2da/0x340 [ 84.259889][ T108] Code: 8c fe 49 8d 6f ff e9 66 fe ff ff e8 70 22 e2 fe e9 d9 fd ff ff e8 46 3b 8c fe 48 c7 c6 60 da 0a 8b 48 89 ef e8 97 9c ca fe 90 <0f> 0b 4c 89 ef e8 6c 22 e2 fe e9 72 fd ff ff 4c 89 f7 e8 5f 22 e2 [ 84.279527][ T108] RSP: 0018:ffffc900025cfd10 EFLAGS: 00010293 [ 84.285753][ T108] RAX: 0000000000000000 RBX: ffff88801f8a34d8 RCX: ffffffff8166e765 [ 84.293814][ T108] RDX: ffff888014f04040 RSI: ffffffff82fa2949 RDI: 0000000000000000 [ 84.301785][ T108] RBP: ffffea000080fd00 R08: 0000000000000000 R09: fffffbfff1e30e22 [ 84.309842][ T108] R10: ffffffff8f187117 R11: 0000000000000000 R12: ffffea000080fd34 [ 84.317815][ T108] R13: ffff88801f8a3568 R14: ffff88801f8a3500 R15: 000000000000007f [ 84.325778][ T108] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 84.334719][ T108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.341655][ T108] CR2: 00007f8362225000 CR3: 0000000077240000 CR4: 00000000003506f0 [ 84.349918][ T108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.358060][ T108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.366141][ T108] Call Trace: [ 84.369526][ T108] [ 84.372465][ T108] ? show_regs+0x8f/0xa0 [ 84.376743][ T108] ? die+0x36/0xa0 [ 84.380483][ T108] ? do_trap+0x22b/0x420 [ 84.384823][ T108] ? put_metapage+0x2da/0x340 [ 84.389504][ T108] ? put_metapage+0x2da/0x340 [ 84.394180][ T108] ? do_error_trap+0xf4/0x230 [ 84.398869][ T108] ? put_metapage+0x2da/0x340 [ 84.403560][ T108] ? handle_invalid_op+0x34/0x40 [ 84.408501][ T108] ? put_metapage+0x2da/0x340 [ 84.413196][ T108] ? exc_invalid_op+0x2e/0x40 [ 84.417874][ T108] ? asm_exc_invalid_op+0x1a/0x20 [ 84.422925][ T108] ? lock_release+0xa5/0x690 [ 84.427514][ T108] ? put_metapage+0x2d9/0x340 [ 84.432276][ T108] ? put_metapage+0x2da/0x340 [ 84.436954][ T108] txUnlock+0x46d/0xd10 [ 84.441134][ T108] jfs_lazycommit+0x724/0xb10 [ 84.445815][ T108] ? txCommit+0x4fd0/0x4fd0 [ 84.450318][ T108] ? wake_up_state+0x10/0x10 [ 84.454902][ T108] ? lockdep_hardirqs_on+0x7d/0x110 [ 84.460120][ T108] ? __kthread_parkme+0x14b/0x220 [ 84.465314][ T108] ? txCommit+0x4fd0/0x4fd0 [ 84.469821][ T108] kthread+0x2c6/0x3a0 [ 84.473900][ T108] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5079] close(4) = 0 [ 84.479147][ T108] ? kthread_complete_and_exit+0x40/0x40 [ 84.484790][ T108] ret_from_fork+0x45/0x80 [ 84.489209][ T108] ? kthread_complete_and_exit+0x40/0x40 [ 84.494838][ T108] ret_from_fork_asm+0x11/0x20 [ 84.499603][ T108] [ 84.502618][ T108] Modules linked in: [ 84.507634][ T108] ---[ end trace 0000000000000000 ]--- [ 84.513329][ T108] RIP: 0010:put_metapage+0x2da/0x340 [ 84.518976][ T108] Code: 8c fe 49 8d 6f ff e9 66 fe ff ff e8 70 22 e2 fe e9 d9 fd ff ff e8 46 3b 8c fe 48 c7 c6 60 da 0a 8b 48 89 ef e8 97 9c ca fe 90 <0f> 0b 4c 89 ef e8 6c 22 e2 fe e9 72 fd ff ff 4c 89 f7 e8 5f 22 e2 [ 84.539185][ T108] RSP: 0018:ffffc900025cfd10 EFLAGS: 00010293 [ 84.545288][ T108] RAX: 0000000000000000 RBX: ffff88801f8a34d8 RCX: ffffffff8166e765 [ 84.576144][ T108] RDX: ffff888014f04040 RSI: ffffffff82fa2949 RDI: 0000000000000000 [ 84.584374][ T108] RBP: ffffea000080fd00 R08: 0000000000000000 R09: fffffbfff1e30e22 [ 84.592872][ T108] R10: ffffffff8f187117 R11: 0000000000000000 R12: ffffea000080fd34 [ 84.601530][ T108] R13: ffff88801f8a3568 R14: ffff88801f8a3500 R15: 000000000000007f [ 84.609782][ T108] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 84.619027][ T108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.625935][ T108] CR2: 00007f8362225000 CR3: 0000000077240000 CR4: 00000000003506f0 [ 84.634639][ T108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 84.642942][ T108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 84.651280][ T108] Kernel panic - not syncing: Fatal exception [ 84.657523][ T108] Kernel Offset: disabled [ 84.661839][ T108] Rebooting in 86400 seconds..