./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1575755523 <...> Warning: Permanently added '10.128.10.24' (ED25519) to the list of known hosts. execve("./syz-executor1575755523", ["./syz-executor1575755523"], 0x7ffc4cf84ff0 /* 10 vars */) = 0 brk(NULL) = 0x555591675000 brk(0x555591675d40) = 0x555591675d40 arch_prctl(ARCH_SET_FS, 0x5555916753c0) = 0 set_tid_address(0x555591675690) = 290 set_robust_list(0x5555916756a0, 24) = 0 rseq(0x555591675ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1575755523", 4096) = 28 getrandom("\x0e\x61\xb2\x3e\x3f\xe9\x1e\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555591675d40 brk(0x555591696d40) = 0x555591696d40 brk(0x555591697000) = 0x555591697000 mprotect(0x7fc699181000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 291 ./strace-static-x86_64: Process 291 attached [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] set_robust_list(0x5555916756a0, 24) = 0 [pid 291] mkdir("./syzkaller.J90A4e", 0700 [pid 290] <... clone resumed>, child_tidptr=0x555591675690) = 292 ./strace-static-x86_64: Process 292 attached [pid 291] <... mkdir resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] chmod("./syzkaller.J90A4e", 0777) = 0 [pid 291] chdir("./syzkaller.J90A4e") = 0 [pid 291] mkdir("./0", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 293 attached [pid 292] set_robust_list(0x5555916756a0, 24 [pid 291] <... openat resumed>) = 3 [pid 290] <... clone resumed>, child_tidptr=0x555591675690) = 293 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 294 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 295 [pid 292] <... set_robust_list resumed>) = 0 [pid 292] getrandom( [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] <... getrandom resumed>"\xe2\x0d\x31\xef\x14\x27\xa7\x46", 8, GRND_NONBLOCK) = 8 [pid 292] mkdir("./syzkaller.Yg9jLW", 0700) = 0 [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] chmod("./syzkaller.Yg9jLW", 0777) = 0 [pid 292] chdir("./syzkaller.Yg9jLW") = 0 [pid 292] mkdir("./0", 0777./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 295] set_robust_list(0x5555916756a0, 24 [pid 294] set_robust_list(0x5555916756a0, 24 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 295] mkdir("./syzkaller.DEOetg", 0700 [pid 294] mkdir("./syzkaller.6jg0yu", 0700 [pid 295] <... mkdir resumed>) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 295] chmod("./syzkaller.DEOetg", 0777 [pid 294] <... mkdir resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 295] <... chmod resumed>) = 0 [pid 294] chmod("./syzkaller.6jg0yu", 0777 [pid 295] chdir("./syzkaller.DEOetg" [pid 294] <... chmod resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 294] chdir("./syzkaller.6jg0yu" [pid 295] mkdir("./0", 0777 [pid 294] <... chdir resumed>) = 0 [pid 294] mkdir("./0", 0777 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] <... mkdir resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 292] close(3 [pid 294] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 294] ioctl(3, LOOP_CLR_FD [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... close resumed>) = 0 [pid 295] close(3 [pid 294] close(3 [pid 295] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 298 [pid 294] <... clone resumed>, child_tidptr=0x555591675690) = 297 [pid 295] <... clone resumed>, child_tidptr=0x555591675690) = 299 ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 297 attached [pid 299] set_robust_list(0x5555916756a0, 24 [pid 297] set_robust_list(0x5555916756a0, 24 [pid 293] set_robust_list(0x5555916756a0, 24) = 0 [ 24.497993][ T28] audit: type=1400 audit(1752599874.271:64): avc: denied { execmem } for pid=290 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.519768][ T28] audit: type=1400 audit(1752599874.291:65): avc: denied { read write } for pid=291 comm="syz-executor157" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 293] mkdir("./syzkaller.5dGEwM", 0700) = 0 [pid 293] chmod("./syzkaller.5dGEwM", 0777) = 0 [pid 293] chdir("./syzkaller.5dGEwM") = 0 [pid 293] mkdir("./0", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x5555916756a0, 24) = 0 [pid 298] chdir("./0") = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... clone resumed>, child_tidptr=0x555591675690) = 300 [pid 298] <... openat resumed>) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 298] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} => {parent_tid=[301]}, 88) = 301 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x5555916756a0, 24) = 0 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 300] <... futex resumed>) = 0 [pid 300] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] chdir("./0" [pid 300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] chdir("./0"./strace-static-x86_64: Process 301 attached [pid 297] <... chdir resumed>) = 0 [pid 301] set_robust_list(0x7fc6990b69a0, 24 [pid 299] <... chdir resumed>) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... mmap resumed>) = 0x7fc699096000 [pid 300] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} => {parent_tid=[302]}, 88) = 302 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] memfd_create("syzkaller", 0) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [pid 291] <... clone resumed>, child_tidptr=0x555591675690) = 303 [pid 301] <... set_robust_list resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... prctl resumed>) = 0 [pid 297] setpgid(0, 0 [pid 299] <... prctl resumed>) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 303 attached [pid 301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] setpgid(0, 0 [pid 303] set_robust_list(0x5555916756a0, 24 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] <... set_robust_list resumed>) = 0 [pid 301] memfd_create("syzkaller", 0 [pid 299] <... setpgid resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 303] chdir("./0" [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... memfd_create resumed>) = 3 [pid 303] <... chdir resumed>) = 0 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... openat resumed>) = 3 [pid 297] write(3, "1000", 4 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... mmap resumed>) = 0x7fc690c96000 [pid 299] write(3, "1000", 4 [pid 303] <... prctl resumed>) = 0 [pid 297] <... write resumed>) = 4 [pid 299] <... write resumed>) = 4 [pid 303] setpgid(0, 0) = 0 [pid 299] close(3 [pid 297] close(3 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 299] symlink("/dev/binderfs", "./binderfs" [pid 303] write(3, "1000", 4 [pid 297] symlink("/dev/binderfs", "./binderfs" [pid 299] <... symlink resumed>) = 0 executing program executing program [pid 303] <... write resumed>) = 4 [pid 299] write(1, "executing program\n", 18 [pid 297] <... symlink resumed>) = 0 [pid 303] close(3 [pid 299] <... write resumed>) = 18 [pid 297] write(1, "executing program\n", 18 [pid 303] <... close resumed>) = 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 297] <... write resumed>) = 18 [pid 299] <... futex resumed>) = 0 executing program [pid 303] <... symlink resumed>) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, [pid 303] write(1, "executing program\n", 18 [pid 297] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... write resumed>) = 18 [pid 299] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] <... futex resumed>) = 0 [pid 303] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] <... futex resumed>) = 0 [pid 297] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, [pid 299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... rt_sigaction resumed>NULL, 8) = 0 [pid 303] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... mmap resumed>) = 0x7fc699096000 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] <... mmap resumed>) = 0x7fc699096000 [pid 299] <... mprotect resumed>) = 0 [pid 297] <... mmap resumed>) = 0x7fc699096000 [pid 303] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE [pid 303] <... mprotect resumed>) = 0 [pid 299] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... mprotect resumed>) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} [pid 297] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} [pid 297] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... clone3 resumed> => {parent_tid=[307]}, 88) = 307 [pid 297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} [pid 303] <... clone3 resumed> => {parent_tid=[308]}, 88) = 308 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone3 resumed> => {parent_tid=[309]}, 88) = 309 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... futex resumed>) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] memfd_create("syzkaller", 0./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 307 attached [pid 309] set_robust_list(0x7fc6990b69a0, 24 [pid 307] set_robust_list(0x7fc6990b69a0, 24 [pid 309] <... set_robust_list resumed>) = 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 309] rt_sigprocmask(SIG_SETMASK, [], [pid 307] rt_sigprocmask(SIG_SETMASK, [], [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 309] memfd_create("syzkaller", 0 [pid 307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] <... memfd_create resumed>) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 309] <... memfd_create resumed>) = 3 [pid 307] memfd_create("syzkaller", 0 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [pid 307] <... memfd_create resumed>) = 3 [pid 308] <... mmap resumed>) = 0x7fc690c96000 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [ 24.554900][ T28] audit: type=1400 audit(1752599874.291:66): avc: denied { open } for pid=291 comm="syz-executor157" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.579687][ T28] audit: type=1400 audit(1752599874.301:67): avc: denied { ioctl } for pid=291 comm="syz-executor157" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 308] <... write resumed>) = 20699119 [pid 308] munmap(0x7fc690c96000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... write resumed>) = 20699119 [pid 302] munmap(0x7fc690c96000, 138412032) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 302] close(3 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file0", 0777) = 0 [pid 302] <... close resumed>) = 0 [pid 302] close(4 [ 25.073493][ T308] loop0: detected capacity change from 0 to 40427 [ 25.082719][ T302] loop2: detected capacity change from 0 to 40427 [pid 308] mount("/dev/loop0", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 301] <... write resumed>) = 20699119 [pid 302] <... close resumed>) = 0 [pid 307] <... write resumed>) = 20699119 [pid 302] mkdir("./file0", 0777 [pid 301] munmap(0x7fc690c96000, 138412032 [pid 302] <... mkdir resumed>) = 0 [pid 301] <... munmap resumed>) = 0 [pid 302] mount("/dev/loop2", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 301] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 307] munmap(0x7fc690c96000, 138412032 [pid 301] <... openat resumed>) = 4 [ 25.113410][ T28] audit: type=1400 audit(1752599874.891:68): avc: denied { mounton } for pid=303 comm="syz-executor157" path="/root/syzkaller.J90A4e/0/file0" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.133287][ T308] F2FS-fs (loop0): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 307] <... munmap resumed>) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3 [pid 301] <... ioctl resumed>) = 0 [pid 301] close(3) = 0 [pid 301] close(4) = 0 [pid 301] mkdir("./file0", 0777) = 0 [pid 301] mount("/dev/loop1", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 309] <... write resumed>) = 20699119 [pid 309] munmap(0x7fc690c96000, 138412032) = 0 [ 25.167148][ T301] loop1: detected capacity change from 0 to 40427 [ 25.173756][ T302] F2FS-fs (loop2): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 25.174799][ T307] loop4: detected capacity change from 0 to 40427 [ 25.194738][ T308] F2FS-fs (loop0): Found nat_bits in checkpoint [ 25.203990][ T301] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [pid 307] <... ioctl resumed>) = 0 [pid 307] close(3) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 307] close(4 [pid 309] <... openat resumed>) = 4 [pid 307] <... close resumed>) = 0 [pid 307] mkdir("./file0", 0777) = 0 [pid 309] ioctl(4, LOOP_SET_FD, 3 [pid 307] mount("/dev/loop4", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 309] <... ioctl resumed>) = 0 [pid 309] close(3) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("./file0", 0777) = 0 [ 25.220022][ T302] F2FS-fs (loop2): Found nat_bits in checkpoint [ 25.225415][ T309] loop3: detected capacity change from 0 to 40427 [ 25.235104][ T307] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 25.246952][ T301] F2FS-fs (loop1): Found nat_bits in checkpoint [ 25.257606][ T309] F2FS-fs (loop3): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 25.278449][ T307] F2FS-fs (loop4): Found nat_bits in checkpoint [ 25.304217][ T309] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 309] mount("/dev/loop3", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 308] <... mount resumed>) = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] <... mount resumed>) = 0 [pid 302] <... mount resumed>) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 308] <... openat resumed>) = 4 [pid 302] <... openat resumed>) = 3 [pid 308] ioctl(4, LOOP_CLR_FD [pid 302] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 308] <... ioctl resumed>) = 0 [pid 302] <... openat resumed>) = 4 [pid 308] close(4 [pid 302] ioctl(4, LOOP_CLR_FD [pid 308] <... close resumed>) = 0 [pid 302] <... ioctl resumed>) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] close(4 [pid 308] <... futex resumed>) = 1 [pid 303] <... futex resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 308] fspick(AT_FDCWD, "./file0", 0 [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... fspick resumed>) = 4 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] fspick(AT_FDCWD, "./file0", 0) = 4 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... fsconfig resumed>) = 0 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 1 [pid 302] fspick(AT_FDCWD, "./file0", 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 1 [pid 302] <... fspick resumed>) = 4 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] <... futex resumed>) = 1 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY [pid 303] <... futex resumed>) = 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... openat resumed>) = 5 [pid 303] <... futex resumed>) = 0 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... futex resumed>) = 1 [ 25.341867][ T308] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 25.352582][ T28] audit: type=1400 audit(1752599875.131:69): avc: denied { mount } for pid=303 comm="syz-executor157" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.353560][ T307] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 25.382562][ T302] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [pid 308] <... openat resumed>) = 5 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... futex resumed>) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 1 [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 307] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 300] <... futex resumed>) = 1 [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 303] <... futex resumed>) = 1 [pid 309] <... mount resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 301] <... mount resumed>) = 0 [pid 309] <... openat resumed>) = 3 [pid 308] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] <... openat resumed>) = 3 [pid 309] <... openat resumed>) = 4 [pid 301] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 301] <... openat resumed>) = 4 [pid 309] close(4 [pid 301] ioctl(4, LOOP_CLR_FD [pid 309] <... close resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(4 [pid 309] <... futex resumed>) = 1 [pid 301] <... close resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 1 [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 309] fspick(AT_FDCWD, "./file0", 0 [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... fspick resumed>) = 4 [pid 301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] fspick(AT_FDCWD, "./file0", 0 [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 301] <... fspick resumed>) = 4 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... futex resumed>) = 1 [pid 298] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 309] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... futex resumed>) = 0 [pid 301] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... fsconfig resumed>) = 0 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... openat resumed>) = 5 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 309] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... ioctl resumed>) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 308] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 303] <... futex resumed>) = 0 [pid 308] <... prlimit64 resumed>NULL) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... ioctl resumed>) = 0 [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 1 [pid 308] sched_setscheduler(0, SCHED_FIFO, [7] [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... sched_setscheduler resumed>) = 0 [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 309] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 308] <... futex resumed>) = 1 [pid 307] <... ioctl resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... prlimit64 resumed>NULL) = 0 [pid 308] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 1 [pid 303] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 0 [ 25.402287][ T309] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 25.410218][ T301] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [pid 309] <... futex resumed>) = 1 [pid 308] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 307] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... fsconfig resumed>) = 0 [pid 301] <... fsconfig resumed>) = 0 [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 309] sched_setscheduler(0, SCHED_FIFO, [7] [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 1 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... sched_setscheduler resumed>) = 0 [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 309] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 297] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... mmap resumed>) = 0x200000000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 308] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 1 [pid 307] <... prlimit64 resumed>NULL) = 0 [pid 300] <... futex resumed>) = 1 [pid 298] <... futex resumed>) = 1 [pid 308] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 0 [pid 307] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... futex resumed>) = 0 [pid 307] sched_setscheduler(0, SCHED_FIFO, [7] [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... sched_setscheduler resumed>) = 0 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] <... futex resumed>) = 0 [pid 307] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... futex resumed>) = 0 [pid 307] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 299] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... mmap resumed>) = 0x200000000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] exit_group(0 [pid 302] openat(AT_FDCWD, "./file0", O_RDONLY [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY [pid 309] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 302] <... openat resumed>) = 5 [pid 301] <... openat resumed>) = 5 [pid 297] <... futex resumed>) = 0 [pid 309] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] +++ exited with 0 +++ [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] exit_group(0 [pid 309] <... futex resumed>) = ? [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 1 [pid 297] <... exit_group resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] <... mmap resumed>) = 0x200000000000 [pid 307] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... futex resumed>) = 0 [pid 307] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] exit_group(0 [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = ? [pid 302] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 1 [pid 299] <... exit_group resumed>) = ? [pid 298] <... futex resumed>) = 1 [pid 307] +++ exited with 0 +++ [pid 301] <... futex resumed>) = 0 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 301] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 302] <... ioctl resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 1 [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 302] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 301] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... prlimit64 resumed>NULL) = 0 [pid 301] <... prlimit64 resumed>NULL) = 0 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 1 [pid 301] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 302] sched_setscheduler(0, SCHED_FIFO, [7] [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... sched_setscheduler resumed>) = 0 [pid 301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... futex resumed>) = 0 [pid 301] sched_setscheduler(0, SCHED_FIFO, [7] [pid 300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... sched_setscheduler resumed>) = 0 [pid 302] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 1 [pid 299] +++ exited with 0 +++ [pid 298] <... futex resumed>) = 0 [pid 297] +++ exited with 0 +++ [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 301] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 303] +++ exited with 0 +++ [pid 302] <... mmap resumed>) = 0x200000000000 [pid 302] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=7, si_stime=24} --- [pid 302] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=8, si_stime=24} --- [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555591676730 /* 4 entries */, 32768) = 112 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] <... mmap resumed>) = 0x200000000000 [pid 300] <... futex resumed>) = 0 [pid 301] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] exit_group(0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=7, si_stime=28} --- [pid 302] <... futex resumed>) = ? [pid 301] <... futex resumed>) = 1 [pid 300] <... exit_group resumed>) = ? [pid 298] <... futex resumed>) = 0 [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 302] +++ exited with 0 +++ [pid 301] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", [pid 298] exit_group(0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 301] <... futex resumed>) = ? [pid 298] <... exit_group resumed>) = ? [pid 295] <... getdents64 resumed>0x555591676730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] +++ exited with 0 +++ [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555591676730 /* 4 entries */, 32768) = 112 [ 25.656510][ T28] audit: type=1400 audit(1752599875.431:70): avc: denied { unmount } for pid=294 comm="syz-executor157" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=12, si_stime=26} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555591676730 /* 4 entries */, 32768) = 112 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x55559167e770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x55559167e770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] getdents64(3, 0x555591676730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x5555916756a0, 24) = 0 [pid 331] chdir("./1") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs" [pid 298] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=8, si_stime=24} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 331] <... symlink resumed>) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 331] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 331] <... mprotect resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} [pid 292] <... openat resumed>) = 3 [pid 331] <... clone3 resumed> => {parent_tid=[332]}, 88) = 332 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] newfstatat(3, "", [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555591676730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x55559167e770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x55559167e770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./0/file0") = 0 [pid 291] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./0/binderfs") = 0 [pid 291] getdents64(3, 0x555591676730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./0") = 0 [pid 291] mkdir("./1", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x5555916756a0, 24) = 0 [pid 333] chdir("./1") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 333] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} => {parent_tid=[334]}, 88) = 334 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] memfd_create("syzkaller", 0) = 3 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x55559167e770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x55559167e770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./0/file0") = 0 [pid 294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./0/binderfs") = 0 [pid 294] getdents64(3, 0x555591676730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./0") = 0 [pid 294] mkdir("./1", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x5555916756a0, 24) = 0 [pid 335] chdir("./1") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 335] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} => {parent_tid=[336]}, 88) = 336 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] memfd_create("syzkaller", 0) = 3 [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [pid 293] <... umount2 resumed>) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x55559167e770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x55559167e770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./0/file0") = 0 [pid 293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./0/binderfs") = 0 [pid 293] getdents64(3, 0x555591676730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./0") = 0 [pid 293] mkdir("./1", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591675690) = 337 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x55559167e770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x55559167e770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./0/file0") = 0 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x5555916756a0, 24) = 0 [pid 337] chdir("./1") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./0/binderfs") = 0 [pid 292] getdents64(3, 0x555591676730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 337] write(3, "1000", 4 [pid 292] rmdir("./0" [pid 337] <... write resumed>) = 4 [pid 292] <... rmdir resumed>) = 0 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 292] mkdir("./1", 0777 [pid 337] write(1, "executing program\n", 18 [pid 292] <... mkdir resumed>) = 0 executing program [pid 337] <... write resumed>) = 18 [pid 337] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 337] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 337] <... clone3 resumed> => {parent_tid=[338]}, 88) = 338 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 292] <... clone resumed>, child_tidptr=0x555591675690) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x5555916756a0, 24) = 0 [pid 339] chdir("./1") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6991201a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc699111350}, NULL, 8) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc699096000 [pid 339] mprotect(0x7fc699097000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6990b6990, parent_tid=0x7fc6990b6990, exit_signal=0, stack=0x7fc699096000, stack_size=0x20300, tls=0x7fc6990b66c0} => {parent_tid=[340]}, 88) = 340 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] memfd_create("syzkaller", 0) = 3 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7fc6990b69a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc690c96000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 334] <... write resumed>) = 20699119 [pid 334] munmap(0x7fc690c96000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] close(4) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [ 26.229723][ T334] loop0: detected capacity change from 0 to 40427 [ 26.250536][ T334] F2FS-fs (loop0): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [ 26.303133][ T334] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 332] <... write resumed>) = 20699119 [pid 332] munmap(0x7fc690c96000, 138412032) = 0 [pid 332] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 332] close(3) = 0 [pid 332] close(4) = 0 [pid 332] mkdir("./file0", 0777) = 0 [pid 332] mount("/dev/loop4", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 336] <... write resumed>) = 20699119 [ 26.374985][ T332] loop4: detected capacity change from 0 to 40427 [ 26.402897][ T332] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 26.412549][ T334] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 336] munmap(0x7fc690c96000, 138412032 [pid 334] <... mount resumed>) = 0 [pid 336] <... munmap resumed>) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 336] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] <... openat resumed>) = 4 [pid 334] ioctl(4, LOOP_CLR_FD [pid 336] ioctl(4, LOOP_SET_FD, 3 [pid 334] <... ioctl resumed>) = 0 [pid 334] close(4) = 0 [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... write resumed>) = 20699119 [ 26.434681][ T332] F2FS-fs (loop4): Found nat_bits in checkpoint [ 26.462499][ T336] loop3: detected capacity change from 0 to 40427 [pid 334] <... futex resumed>) = 1 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] munmap(0x7fc690c96000, 138412032 [pid 334] fspick(AT_FDCWD, "./file0", 0 [pid 340] <... munmap resumed>) = 0 [pid 336] <... ioctl resumed>) = 0 [pid 334] <... fspick resumed>) = 4 [pid 340] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... openat resumed>) = 4 [pid 336] close(3 [pid 334] <... futex resumed>) = 1 [pid 333] <... futex resumed>) = 0 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... ioctl resumed>) = 0 [pid 336] <... close resumed>) = 0 [pid 334] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] close(4) = 0 [pid 336] mkdir("./file0", 0777) = 0 [pid 340] close(3) = 0 [pid 340] close(4) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop1", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 336] mount("/dev/loop3", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 334] <... fsconfig resumed>) = 0 [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... openat resumed>) = 5 [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 334] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] <... ioctl resumed>) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 334] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 334] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 334] mmap(0x200000000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0 [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... write resumed>) = 20699119 [pid 338] munmap(0x7fc690c96000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 26.482478][ T340] loop1: detected capacity change from 0 to 40427 [ 26.496125][ T340] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 26.504751][ T336] F2FS-fs (loop3): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 26.524626][ T338] loop2: detected capacity change from 0 to 40427 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("./file0", 0777) = 0 [pid 338] mount("/dev/loop2", "./file0", "f2fs", 0, "resuid=0x000000000000ee01,background_gc=off,nodiscard,grpjquota=:-(,usrjquota=\\A,jqfmt=vfsv1,active_"... [pid 333] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 333] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 334] <... mmap resumed>) = 0x200000000000 [pid 334] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] exit_group(0 [pid 334] <... futex resumed>) = ? [pid 333] <... exit_group resumed>) = ? [pid 334] +++ exited with 0 +++ [ 26.532272][ T340] F2FS-fs (loop1): Found nat_bits in checkpoint [ 26.554563][ T338] F2FS-fs (loop2): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 26.572777][ T338] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 332] <... mount resumed>) = 0 [pid 332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 332] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_CLR_FD) = 0 [pid 332] close(4) = 0 [pid 340] <... mount resumed>) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 340] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 [pid 340] close(4) = 0 [pid 340] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] fspick(AT_FDCWD, "./file0", 0) = 4 [pid 340] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 332] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 332] fspick(AT_FDCWD, "./file0", 0) = 4 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 332] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 332] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] +++ exited with 0 +++ [pid 332] <... fsconfig resumed>) = 0 [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=8, si_stime=22} --- [pid 332] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 332] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 332] futex(0x7fc6991876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 332] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000140 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... ioctl resumed>) = 0 [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 332] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... prlimit64 resumed>NULL) = 0 [pid 331] <... futex resumed>) = 0 [pid 332] futex(0x7fc6991876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] futex(0x7fc6991876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... futex resumed>) = 0 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 332] sched_setscheduler(0, SCHED_FIFO, [7] [pid 331] futex(0x7fc6991876c8, FUTEX_WAKE_PRIVATE, 1000000