./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor365843835 <...> Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. execve("./syz-executor365843835", ["./syz-executor365843835"], 0x7ffc647f4bc0 /* 10 vars */) = 0 brk(NULL) = 0x555559502000 brk(0x555559502d00) = 0x555559502d00 arch_prctl(ARCH_SET_FS, 0x555559502380) = 0 set_tid_address(0x555559502650) = 289 set_robust_list(0x555559502660, 24) = 0 rseq(0x555559502ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor365843835", 4096) = 27 getrandom("\xc8\x4c\x57\xcb\xd8\xa5\xf2\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555559502d00 brk(0x555559523d00) = 0x555559523d00 brk(0x555559524000) = 0x555559524000 mprotect(0x7f49877e3000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 290 ./strace-static-x86_64: Process 290 attached [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] set_robust_list(0x555559502660, 24) = 0 ./strace-static-x86_64: Process 291 attached [pid 289] <... clone resumed>, child_tidptr=0x555559502650) = 291 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] set_robust_list(0x555559502660, 24 [pid 290] mkdir("./syzkaller.FxYdS9", 0700 [pid 291] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 292 attached [pid 289] <... clone resumed>, child_tidptr=0x555559502650) = 292 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] getrandom( [pid 289] <... clone resumed>, child_tidptr=0x555559502650) = 293 ./strace-static-x86_64: Process 293 attached [pid 292] set_robust_list(0x555559502660, 24 [pid 291] <... getrandom resumed>"\x02\xf5\xd4\x54\x5b\xca\x0f\xc9", 8, GRND_NONBLOCK) = 8 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... set_robust_list resumed>) = 0 [pid 293] set_robust_list(0x555559502660, 24 [pid 291] mkdir("./syzkaller.Sl3Q0P", 0700 [pid 290] <... mkdir resumed>) = 0 [pid 290] chmod("./syzkaller.FxYdS9", 0777 [pid 289] <... clone resumed>, child_tidptr=0x555559502650) = 294 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... chmod resumed>) = 0 [pid 291] chmod("./syzkaller.Sl3Q0P", 0777 [pid 290] chdir("./syzkaller.FxYdS9" [pid 291] <... chmod resumed>) = 0 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] mkdir("./syzkaller.6OZIAy", 0700 [pid 291] chdir("./syzkaller.Sl3Q0P" [pid 290] <... chdir resumed>) = 0 [pid 290] unshare(CLONE_NEWPID [pid 292] <... mkdir resumed>) = 0 [pid 291] <... chdir resumed>) = 0 [pid 292] chmod("./syzkaller.6OZIAy", 0777 [pid 291] unshare(CLONE_NEWPID [pid 292] <... chmod resumed>) = 0 [pid 292] chdir("./syzkaller.6OZIAy" [pid 293] mkdir("./syzkaller.ObQ8ab", 0700 [pid 292] <... chdir resumed>) = 0 [pid 292] unshare(CLONE_NEWPID./strace-static-x86_64: Process 294 attached [pid 293] <... mkdir resumed>) = 0 [pid 292] <... unshare resumed>) = 0 [pid 293] chmod("./syzkaller.ObQ8ab", 0777 [pid 291] <... unshare resumed>) = 0 [pid 294] set_robust_list(0x555559502660, 24 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... unshare resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] <... chmod resumed>) = 0 [pid 293] chdir("./syzkaller.ObQ8ab" [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... clone resumed>, child_tidptr=0x555559502650) = 295 [pid 293] <... chdir resumed>) = 0 [pid 293] unshare(CLONE_NEWPID [pid 291] <... clone resumed>, child_tidptr=0x555559502650) = 296 ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached [pid 293] <... unshare resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555559502650) = 297 [pid 293] <... clone resumed>, child_tidptr=0x555559502650) = 298 [pid 296] set_robust_list(0x555559502660, 24) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] getppid() = 0 [pid 296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 296] unshare(CLONE_NEWNS./strace-static-x86_64: Process 298 attached [pid 297] set_robust_list(0x555559502660, 24 [pid 295] set_robust_list(0x555559502660, 24 [pid 294] mkdir("./syzkaller.VTkqHo", 0700 [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... unshare resumed>) = 0 [pid 298] set_robust_list(0x555559502660, 24 [pid 296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 295] <... set_robust_list resumed>) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] <... mkdir resumed>) = 0 [ 25.305628][ T28] audit: type=1400 audit(1747367557.472:64): avc: denied { execmem } for pid=289 comm="syz-executor365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 297] <... prctl resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 296] <... mount resumed>) = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] chmod("./syzkaller.VTkqHo", 0777 [pid 296] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 296] unshare(CLONE_NEWCGROUP) = 0 [pid 296] unshare(CLONE_NEWUTS) = 0 [pid 296] unshare(CLONE_SYSVSEM) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] getpid() = 1 [pid 296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 294] <... chmod resumed>) = 0 [pid 294] chdir("./syzkaller.VTkqHo") = 0 [pid 294] unshare(CLONE_NEWPID) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 299 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... prctl resumed>) = 0 [pid 295] getppid() = 0 [pid 298] <... prctl resumed>) = 0 [pid 295] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 298] getppid() = 0 [pid 298] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 298] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 295] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 295] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 298] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 298] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 295] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 298] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 295] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 295] <... prlimit64 resumed>NULL) = 0 [pid 298] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 295] unshare(CLONE_NEWNS [pid 298] <... prlimit64 resumed>NULL) = 0 [pid 295] <... unshare resumed>) = 0 [pid 298] unshare(CLONE_NEWNS) = 0 [pid 298] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 298] unshare(CLONE_NEWCGROUP [pid 295] unshare(CLONE_NEWIPC [pid 298] <... unshare resumed>) = 0 [pid 295] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 298] unshare(CLONE_NEWUTS [pid 295] unshare(CLONE_NEWCGROUP [pid 298] <... unshare resumed>) = 0 [pid 295] <... unshare resumed>) = 0 [pid 298] unshare(CLONE_SYSVSEM [pid 295] unshare(CLONE_NEWUTS [pid 298] <... unshare resumed>) = 0 [pid 295] <... unshare resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 295] unshare(CLONE_SYSVSEM) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 298] getpid() = 1 [pid 298] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 298] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 295] <... getpid resumed>) = 1 [pid 298] <... capset resumed>) = 0 [pid 295] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 298] unshare(CLONE_NEWNET [pid 295] <... capget resumed>{effective=1< [pid 297] getppid(./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555559502660, 24 [pid 297] <... getppid resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 297] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... prctl resumed>) = 0 [pid 297] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 299] getppid( [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... getppid resumed>) = 0 [pid 297] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 299] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 299] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 299] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 299] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 297] <... prlimit64 resumed>NULL) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] unshare(CLONE_NEWNS [pid 299] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 297] <... unshare resumed>) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 299] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 297] <... mount resumed>) = 0 [pid 299] <... prlimit64 resumed>NULL) = 0 [pid 297] unshare(CLONE_NEWIPC [pid 299] unshare(CLONE_NEWNS [pid 297] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... unshare resumed>) = 0 [pid 297] unshare(CLONE_NEWCGROUP [pid 299] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 297] <... unshare resumed>) = 0 [pid 299] <... mount resumed>) = 0 [pid 297] unshare(CLONE_NEWUTS [pid 299] unshare(CLONE_NEWIPC [pid 297] <... unshare resumed>) = 0 [pid 299] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 297] unshare(CLONE_SYSVSEM [pid 299] unshare(CLONE_NEWCGROUP [pid 297] <... unshare resumed>) = 0 [pid 299] <... unshare resumed>) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 299] unshare(CLONE_NEWUTS [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... unshare resumed>) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 299] unshare(CLONE_SYSVSEM [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... unshare resumed>) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 297] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] getpid( [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 297] <... getpid resumed>) = 1 [pid 299] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 297] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 299] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 297] <... capget resumed>{effective=1<) = -1 ENOENT (No such file or directory) [pid 297] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 299] getpid( [pid 297] <... capset resumed>) = 0 [pid 299] <... getpid resumed>) = 1 [pid 297] unshare(CLONE_NEWNET [pid 299] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 295] <... unshare resumed>) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "0 65535", 7) = 7 [pid 295] close(3) = 0 [pid 295] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "100000", 6) = 6 [pid 295] close(3) = 0 [pid 295] mkdir("./syz-tmp", 0777) = 0 [pid 295] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 295] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 295] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 295] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 295] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 295] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 295] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 295] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 295] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 295] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 295] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 295] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [ 25.335530][ T28] audit: type=1400 audit(1747367557.502:65): avc: denied { mounton } for pid=296 comm="syz-executor365" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 295] chdir("/") = 0 [pid 295] umount2("./pivot", MNT_DETACH [pid 296] <... unshare resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0 65535", 7) = 7 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "100000", 6) = 6 [pid 296] close(3) = 0 [pid 296] mkdir("./syz-tmp", 0777) = 0 [pid 296] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] chroot("./newroot") = 0 [pid 295] chdir("/") = 0 [pid 295] mkdir("/dev/gadgetfs", 0777) = 0 [ 25.392088][ T28] audit: type=1400 audit(1747367557.552:66): avc: denied { mounton } for pid=295 comm="syz-executor365" path="/root/syzkaller.6OZIAy/syz-tmp" dev="sda1" ino=2029 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.416518][ T28] audit: type=1400 audit(1747367557.552:67): avc: denied { mount } for pid=295 comm="syz-executor365" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 295] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 296] mkdir("./syz-tmp/newroot", 0777 [pid 295] <... mount resumed>) = -1 ENODEV (No such device) [pid 296] <... mkdir resumed>) = 0 [pid 295] mkdir("/dev/binderfs", 0777) = 0 [pid 295] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 297] <... unshare resumed>) = 0 [pid 296] mkdir("./syz-tmp/newroot/dev", 0700 [pid 297] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "0 65535", 7) = 7 [pid 297] close(3) = 0 [pid 297] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "100000", 6) = 6 [pid 297] close(3) = 0 [pid 297] mkdir("./syz-tmp", 0777) = 0 [pid 297] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 297] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 297] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 297] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [ 25.418042][ T295] request_module fs-gadgetfs succeeded, but still no fs? [ 25.438815][ T28] audit: type=1400 audit(1747367557.552:68): avc: denied { mounton } for pid=295 comm="syz-executor365" path="/root/syzkaller.6OZIAy/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [pid 297] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 297] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 297] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 297] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 297] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 297] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 298] <... unshare resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 296] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 297] <... mount resumed>) = 0 [pid 295] <... mount resumed>) = 0 [pid 297] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 297] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 297] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 297] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 297] chdir("/") = 0 [pid 297] umount2("./pivot", MNT_DETACH [pid 295] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 295] mkdir("./0", 0777) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 2 [pid 299] <... unshare resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "0 65535", 7) = 7 [pid 299] close(3) = 0 [pid 299] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "100000", 6) = 6 [pid 299] close(3) = 0 [pid 299] mkdir("./syz-tmp", 0777) = 0 [pid 299] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 299] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 299] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 299] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 299] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 299] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 299] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 299] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 299] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 299] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 299] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 299] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 299] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 299] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 299] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 299] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 299] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 299] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 299] chdir("/") = 0 [pid 299] umount2("./pivot", MNT_DETACH [pid 298] <... openat resumed>) = 3 [pid 298] write(3, "0 65535", 7) = 7 [pid 298] close(3) = 0 [pid 298] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "100000", 6) = 6 [pid 298] close(3) = 0 [pid 298] mkdir("./syz-tmp", 0777) = 0 [pid 298] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 298] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 298] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 298] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 298] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 298] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 298] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 298] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 298] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 298] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 298] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 298] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 298] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 298] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 298] chdir("/") = 0 [pid 298] umount2("./pivot", MNT_DETACH [pid 296] <... mount resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 297] <... umount2 resumed>) = 0 [pid 296] mkdir("./syz-tmp/newroot/proc", 0700 [pid 297] chroot("./newroot" [pid 296] <... mkdir resumed>) = 0 [pid 297] <... chroot resumed>) = 0 [pid 296] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 297] chdir("/" [pid 296] <... mount resumed>) = 0 [pid 297] <... chdir resumed>) = 0 [pid 297] mkdir("/dev/gadgetfs", 0777 [pid 296] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 297] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 296] <... mkdir resumed>) = 0 [pid 297] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 296] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 297] <... mount resumed>) = -1 ENODEV (No such device) [pid 296] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 297] mkdir("/dev/binderfs", 0777 [pid 296] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 297] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 296] <... mount resumed>) = 0 [pid 297] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 296] mkdir("./syz-tmp/newroot/sys", 0700 [pid 297] <... mount resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 297] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 296] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 297] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... mount resumed>) = 0 [pid 297] mkdir("./0", 0777 [pid 296] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mount resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 297] <... clone resumed>, child_tidptr=0x555559502650) = 2 [pid 296] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 296] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 296] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 296] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 296] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 296] chdir("/") = 0 [ 25.473017][ T28] audit: type=1400 audit(1747367557.552:69): avc: denied { mount } for pid=295 comm="syz-executor365" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 25.497034][ T28] audit: type=1400 audit(1747367557.552:70): avc: denied { mounton } for pid=295 comm="syz-executor365" path="/root/syzkaller.6OZIAy/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [pid 296] umount2("./pivot", MNT_DETACHexecuting program [pid 300] set_robust_list(0x555559502660, 24) = 0 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] perf_event_open(./strace-static-x86_64: Process 301 attached [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] chroot("./newroot" [pid 296] chroot("./newroot" [pid 298] <... chroot resumed>) = 0 [pid 296] <... chroot resumed>) = 0 [pid 298] chdir("/" [pid 296] chdir("/" [pid 298] <... chdir resumed>) = 0 [pid 296] <... chdir resumed>) = 0 [pid 298] mkdir("/dev/gadgetfs", 0777 [pid 296] mkdir("/dev/gadgetfs", 0777 [pid 298] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 296] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 298] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 296] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 298] <... mount resumed>) = -1 ENODEV (No such device) [pid 296] <... mount resumed>) = -1 ENODEV (No such device) [pid 298] mkdir("/dev/binderfs", 0777 [pid 296] mkdir("/dev/binderfs", 0777 [pid 298] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 296] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 298] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 296] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 298] <... mount resumed>) = 0 [pid 296] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 296] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 299] chroot("./newroot" [pid 298] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... chroot resumed>) = 0 [pid 298] mkdir("./0", 0777 [pid 296] mkdir("./0", 0777 [pid 299] chdir("/" [pid 298] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 299] <... chdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] mkdir("/dev/gadgetfs", 0777) = -1 EEXIST (File exists) [pid 298] <... clone resumed>, child_tidptr=0x555559502650) = 2 [pid 296] <... clone resumed>, child_tidptr=0x555559502650) = 2 [pid 299] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device) [pid 299] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 299] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 299] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 299] mkdir("./0", 0777) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 2 [pid 301] set_robust_list(0x555559502660, 24./strace-static-x86_64: Process 304 attached ./strace-static-x86_64: Process 303 attached ./strace-static-x86_64: Process 302 attached ) = 0 [ 25.524045][ T28] audit: type=1400 audit(1747367557.552:71): avc: denied { mounton } for pid=295 comm="syz-executor365" path="/root/syzkaller.6OZIAy/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 25.551806][ T28] audit: type=1400 audit(1747367557.562:72): avc: denied { unmount } for pid=295 comm="syz-executor365" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 304] set_robust_list(0x555559502660, 24 [pid 303] set_robust_list(0x555559502660, 24 [pid 302] set_robust_list(0x555559502660, 24 [pid 304] <... set_robust_list resumed>) = 0 [pid 303] <... set_robust_list resumed>) = 0 [pid 302] <... set_robust_list resumed>) = 0 [pid 301] chdir("./0" [pid 304] chdir("./0" [pid 303] chdir("./0" [pid 304] <... chdir resumed>) = 0 [pid 303] <... chdir resumed>) = 0 [pid 302] chdir("./0" [pid 301] <... chdir resumed>) = 0 [pid 300] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] <... chdir resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] <... prctl resumed>) = 0 [pid 303] <... prctl resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... prctl resumed>) = 0 [pid 304] setpgid(0, 0 [pid 303] setpgid(0, 0 [pid 302] <... prctl resumed>) = 0 [pid 301] setpgid(0, 0 [pid 304] <... setpgid resumed>) = 0 [pid 303] <... setpgid resumed>) = 0 [pid 302] setpgid(0, 0 [pid 301] <... setpgid resumed>) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] <... setpgid resumed>) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] <... openat resumed>) = 3 [pid 303] <... openat resumed>) = 3 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... openat resumed>) = 3 [pid 302] <... openat resumed>) = 3 [pid 301] write(3, "1000", 4 [pid 304] write(3, "1000", 4 [pid 303] write(3, "1000", 4 [pid 304] <... write resumed>) = 4 [pid 301] <... write resumed>) = 4 [pid 304] close(3 [pid 302] write(3, "1000", 4 [pid 303] <... write resumed>) = 4 [pid 301] close(3 [pid 302] <... write resumed>) = 4 [pid 304] <... close resumed>) = 0 [pid 303] close(3 [pid 302] close(3 [pid 301] <... close resumed>) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs" [pid 303] <... close resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs" [pid 304] <... symlink resumed>) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs" [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 301] <... symlink resumed>) = 0 [pid 303] <... symlink resumed>) = 0 [pid 302] <... symlink resumed>) = 0 [pid 301] write(1, "executing program\n", 18 [pid 304] write(1, "executing program\n", 18 [pid 303] write(1, "executing program\n", 18executing program executing program executing program executing program [pid 302] write(1, "executing program\n", 18 [pid 304] <... write resumed>) = 18 [pid 301] <... write resumed>) = 18 [pid 303] <... write resumed>) = 18 [pid 302] <... write resumed>) = 18 [pid 304] perf_event_open( [pid 303] perf_event_open( [pid 301] perf_event_open( [pid 302] perf_event_open( [pid 303] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3 [pid 302] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3 [pid 301] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3 [pid 303] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 301] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] <... perf_event_open resumed>{type=PERF_TYPE_TRACEPOINT, size=PERF_ATTR_SIZE_VER7, config=354, sample_period=0, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_DATA_SRC, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, 0, -1, PERF_FLAG_FD_OUTPUT) = 3 [pid 302] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 304] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=19, insns=0x200000000300, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144 [pid 303] <... bpf resumed>) = 4 [pid 301] <... bpf resumed>) = 4 [pid 300] <... bpf resumed>) = 4 [pid 302] <... bpf resumed>) = 4 [pid 303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 [pid 303] <... bpf resumed>) = 5 [pid 301] <... bpf resumed>) = 5 [pid 303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 304] <... bpf resumed>) = 4 [pid 303] <... openat resumed>) = 6 [pid 302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 [pid 300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 [pid 304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="percpu_alloc_percpu", prog_fd=4}}, 16 [pid 302] <... bpf resumed>) = 5 [pid 301] <... openat resumed>) = 6 [pid 303] write(6, "1", 1 [pid 304] <... bpf resumed>) = 5 [pid 303] <... write resumed>) = 1 [pid 302] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] write(6, "1", 1) = 1 [pid 301] close(3 [pid 304] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 301] <... close resumed>) = 0 [pid 301] close(3) = -1 EBADF (Bad file descriptor) [pid 301] close(4) = 0 [pid 302] <... openat resumed>) = 6 [pid 301] close(5 [pid 304] <... openat resumed>) = 6 [pid 303] close(3 [pid 302] write(6, "1", 1 [pid 304] write(6, "1", 1 [pid 303] <... close resumed>) = 0 [pid 302] <... write resumed>) = 1 [pid 304] <... write resumed>) = 1 [pid 303] close(3 [pid 302] close(3 [pid 304] close(3 [pid 303] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 302] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 303] close(4 [pid 302] close(3 [pid 304] close(3 [pid 303] <... close resumed>) = 0 [pid 302] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 304] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 303] close(5 [pid 302] close(4 [pid 304] close(4 [pid 302] <... close resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 302] close(5 [ 25.571803][ T28] audit: type=1400 audit(1747367557.582:73): avc: denied { mounton } for pid=295 comm="syz-executor365" path="/dev/gadgetfs" dev="devtmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 25.606384][ T301] FAULT_INJECTION: forcing a failure. [ 25.606384][ T301] name failslab, interval 1, probability 0, space 0, times 1 [ 25.619024][ T301] CPU: 1 PID: 301 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 25.629190][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.639271][ T301] Call Trace: [ 25.642563][ T301] [ 25.645494][ T301] __dump_stack+0x21/0x24 [ 25.649830][ T301] dump_stack_lvl+0xee/0x150 [ 25.654411][ T301] ? __cfi_dump_stack_lvl+0x8/0x8 [ 25.659514][ T301] ? 0xffffffffa0003dcc [ 25.663669][ T301] ? is_bpf_text_address+0x177/0x190 [ 25.668953][ T301] dump_stack+0x15/0x24 [ 25.673110][ T301] should_fail_ex+0x3d4/0x520 [ 25.677793][ T301] __should_failslab+0xac/0xf0 [ 25.682550][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.688522][ T301] should_failslab+0x9/0x20 [ 25.693017][ T301] __kmem_cache_alloc_node+0x3d/0x2c0 [ 25.698393][ T301] ? __cfi_mutex_lock+0x10/0x10 [ 25.703236][ T301] ? delete_node+0x3dc/0xa60 [ 25.707819][ T301] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.713790][ T301] __kmalloc+0xa1/0x1e0 [ 25.717934][ T301] ? __cfi___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 25.724610][ T301] tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.730410][ T301] bpf_probe_unregister+0x61/0x70 [ 25.735453][ T301] bpf_raw_tp_link_release+0x63/0x90 [ 25.740728][ T301] bpf_link_free+0x13a/0x390 [ 25.745311][ T301] ? bpf_link_put_deferred+0x20/0x20 [ 25.750589][ T301] bpf_link_release+0x15f/0x170 [ 25.755466][ T301] ? __cfi_bpf_link_release+0x10/0x10 [ 25.760832][ T301] __fput+0x1fc/0x8f0 [ 25.764804][ T301] ____fput+0x15/0x20 [ 25.768777][ T301] task_work_run+0x1db/0x240 [ 25.773371][ T301] ? __cfi_task_work_run+0x10/0x10 [ 25.778483][ T301] ? task_work_add+0x2b1/0x330 [ 25.783266][ T301] ptrace_notify+0x221/0x250 [ 25.787849][ T301] ? __cfi_ptrace_notify+0x10/0x10 [ 25.792953][ T301] ? fput+0x15b/0x1a0 [ 25.796923][ T301] ? filp_close+0x111/0x160 [ 25.801411][ T301] ? close_fd+0x28b/0x300 [ 25.805735][ T301] syscall_exit_work+0x84/0x140 [ 25.810568][ T301] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 25.816707][ T301] syscall_exit_to_user_mode+0xd/0x30 [ 25.822081][ T301] do_syscall_64+0x58/0xa0 [ 25.826520][ T301] ? clear_bhb_loop+0x15/0x70 [ 25.831190][ T301] ? clear_bhb_loop+0x15/0x70 [ 25.835867][ T301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.841757][ T301] RIP: 0033:0x7f4987775630 [ 25.846164][ T301] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 31 2a 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 25.865756][ T301] RSP: 002b:00007ffe1f532708 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 25.874159][ T301] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f4987775630 [ 25.882114][ T301] RDX: ffffffffffffffb8 RSI: 00007ffe1f532730 RDI: 0000000000000005 [pid 304] close(5 [pid 301] <... close resumed>) = 0 [pid 300] <... bpf resumed>) = 5 [pid 301] close(6) = 0 [pid 301] close(7) = -1 EBADF (Bad file descriptor) [pid 301] close(8) = -1 EBADF (Bad file descriptor) [pid 301] close(9) = -1 EBADF (Bad file descriptor) [pid 301] close(10) = -1 EBADF (Bad file descriptor) [pid 301] close(11) = -1 EBADF (Bad file descriptor) [pid 301] close(12) = -1 EBADF (Bad file descriptor) [pid 301] close(13) = -1 EBADF (Bad file descriptor) [pid 301] close(14) = -1 EBADF (Bad file descriptor) [pid 301] close(15) = -1 EBADF (Bad file descriptor) [pid 301] close(16) = -1 EBADF (Bad file descriptor) [pid 301] close(17) = -1 EBADF (Bad file descriptor) [pid 301] close(18) = -1 EBADF (Bad file descriptor) [pid 301] close(19) = -1 EBADF (Bad file descriptor) [pid 301] close(20) = -1 EBADF (Bad file descriptor) [pid 301] close(21) = -1 EBADF (Bad file descriptor) [pid 301] close(22) = -1 EBADF (Bad file descriptor) [pid 301] close(23) = -1 EBADF (Bad file descriptor) [pid 301] close(24) = -1 EBADF (Bad file descriptor) [pid 301] close(25) = -1 EBADF (Bad file descriptor) [pid 301] close(26) = -1 EBADF (Bad file descriptor) [pid 301] close(27) = -1 EBADF (Bad file descriptor) [pid 301] close(28) = -1 EBADF (Bad file descriptor) [pid 301] close(29) = -1 EBADF (Bad file descriptor) [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ [pid 300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 300] write(6, "1", 1) = 1 [pid 300] close(3executing program [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555595036f0 /* 3 entries */, 32768) = 80 [pid 297] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./0/binderfs") = 0 [pid 297] getdents64(3, 0x5555595036f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./0") = 0 [pid 297] mkdir("./1", 0777) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 3 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555559502660, 24) = 0 [pid 305] chdir("./1") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] write(1, "executing program\n", 18) = 18 [ 25.890073][ T301] RBP: 0000000000000001 R08: 00007ffe1f5324a7 R09: 0000000000000000 [ 25.898030][ T301] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000000 [ 25.905989][ T301] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.913950][ T301] [ 25.917121][ T303] FAULT_INJECTION: forcing a failure. [ 25.917121][ T303] name failslab, interval 1, probability 0, space 0, times 0 [ 25.929982][ T303] CPU: 1 PID: 303 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 25.940153][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 25.950201][ T303] Call Trace: [ 25.953483][ T303] [ 25.956434][ T303] __dump_stack+0x21/0x24 [ 25.960754][ T303] dump_stack_lvl+0xee/0x150 [ 25.965335][ T303] ? __cfi_dump_stack_lvl+0x8/0x8 [ 25.970353][ T303] ? 0xffffffffa0003dcc [ 25.974491][ T303] ? is_bpf_text_address+0x177/0x190 [ 25.979773][ T303] dump_stack+0x15/0x24 [ 25.983929][ T303] should_fail_ex+0x3d4/0x520 [ 25.988604][ T303] __should_failslab+0xac/0xf0 [ 25.993355][ T303] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 25.999328][ T303] should_failslab+0x9/0x20 [ 26.003827][ T303] __kmem_cache_alloc_node+0x3d/0x2c0 [ 26.009190][ T303] ? __cfi_mutex_lock+0x10/0x10 [ 26.014038][ T303] ? delete_node+0x3dc/0xa60 [ 26.018628][ T303] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.024599][ T303] __kmalloc+0xa1/0x1e0 [ 26.028750][ T303] ? __cfi___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 26.035427][ T303] tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.041240][ T303] bpf_probe_unregister+0x61/0x70 [ 26.046264][ T303] bpf_raw_tp_link_release+0x63/0x90 [ 26.051540][ T303] bpf_link_free+0x13a/0x390 [ 26.056132][ T303] ? bpf_link_put_deferred+0x20/0x20 [ 26.061415][ T303] bpf_link_release+0x15f/0x170 [ 26.066262][ T303] ? __cfi_bpf_link_release+0x10/0x10 [ 26.071632][ T303] __fput+0x1fc/0x8f0 [ 26.075603][ T303] ____fput+0x15/0x20 [ 26.079571][ T303] task_work_run+0x1db/0x240 [ 26.084181][ T303] ? __cfi_task_work_run+0x10/0x10 [ 26.089307][ T303] ? task_work_add+0x2b1/0x330 [ 26.094076][ T303] ptrace_notify+0x221/0x250 [ 26.098666][ T303] ? __cfi_ptrace_notify+0x10/0x10 [ 26.103773][ T303] ? fput+0x15b/0x1a0 [ 26.107759][ T303] ? filp_close+0x111/0x160 [ 26.112258][ T303] ? close_fd+0x28b/0x300 [ 26.116618][ T303] syscall_exit_work+0x84/0x140 [ 26.121639][ T303] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 26.127786][ T303] syscall_exit_to_user_mode+0xd/0x30 [ 26.133237][ T303] do_syscall_64+0x58/0xa0 [ 26.137670][ T303] ? clear_bhb_loop+0x15/0x70 [ 26.142337][ T303] ? clear_bhb_loop+0x15/0x70 [ 26.147008][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.152903][ T303] RIP: 0033:0x7f4987775630 [ 26.157312][ T303] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 31 2a 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 26.176905][ T303] RSP: 002b:00007ffe1f532708 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 26.185323][ T303] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f4987775630 [pid 305] perf_event_open( [pid 303] <... close resumed>) = 0 [pid 303] close(6) = 0 [pid 303] close(7) = -1 EBADF (Bad file descriptor) [pid 303] close(8) = -1 EBADF (Bad file descriptor) [pid 303] close(9) = -1 EBADF (Bad file descriptor) [pid 303] close(10) = -1 EBADF (Bad file descriptor) [pid 303] close(11) = -1 EBADF (Bad file descriptor) [pid 303] close(12) = -1 EBADF (Bad file descriptor) [pid 303] close(13) = -1 EBADF (Bad file descriptor) [pid 303] close(14) = -1 EBADF (Bad file descriptor) [pid 303] close(15) = -1 EBADF (Bad file descriptor) [pid 303] close(16) = -1 EBADF (Bad file descriptor) [pid 303] close(17) = -1 EBADF (Bad file descriptor) [pid 303] close(18) = -1 EBADF (Bad file descriptor) [pid 303] close(19) = -1 EBADF (Bad file descriptor) [pid 303] close(20) = -1 EBADF (Bad file descriptor) [pid 303] close(21) = -1 EBADF (Bad file descriptor) [pid 303] close(22) = -1 EBADF (Bad file descriptor) [pid 303] close(23) = -1 EBADF (Bad file descriptor) [pid 303] close(24) = -1 EBADF (Bad file descriptor) [pid 303] close(25) = -1 EBADF (Bad file descriptor) [pid 303] close(26) = -1 EBADF (Bad file descriptor) [pid 303] close(27) = -1 EBADF (Bad file descriptor) [pid 303] close(28) = -1 EBADF (Bad file descriptor) [pid 303] close(29) = -1 EBADF (Bad file descriptor) [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555595036f0 /* 3 entries */, 32768) = 80 [pid 296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./0/binderfs") = 0 [pid 296] getdents64(3, 0x5555595036f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./0") = 0 [pid 296] mkdir("./1", 0777) = 0 [ 26.193293][ T303] RDX: ffffffffffffffb8 RSI: 00007ffe1f532730 RDI: 0000000000000005 [ 26.201256][ T303] RBP: 0000000000000001 R08: 00007ffe1f5324a7 R09: 0000000000000000 [ 26.209218][ T303] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000000 [ 26.217267][ T303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.225242][ T303] [ 26.229911][ T304] FAULT_INJECTION: forcing a failure. [ 26.229911][ T304] name failslab, interval 1, probability 0, space 0, times 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 3 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555559502660, 24) = 0 [pid 306] chdir("./1") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [ 26.242933][ T304] CPU: 1 PID: 304 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 26.253219][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 26.263288][ T304] Call Trace: [ 26.266560][ T304] [ 26.269495][ T304] __dump_stack+0x21/0x24 [ 26.273830][ T304] dump_stack_lvl+0xee/0x150 [ 26.278431][ T304] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.283478][ T304] ? 0xffffffffa0003dcc [ 26.287637][ T304] ? is_bpf_text_address+0x177/0x190 [ 26.292915][ T304] dump_stack+0x15/0x24 [ 26.297068][ T304] should_fail_ex+0x3d4/0x520 [ 26.301742][ T304] __should_failslab+0xac/0xf0 [ 26.306502][ T304] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.312472][ T304] should_failslab+0x9/0x20 [ 26.316986][ T304] __kmem_cache_alloc_node+0x3d/0x2c0 [ 26.322346][ T304] ? __cfi_mutex_lock+0x10/0x10 [ 26.327222][ T304] ? delete_node+0x3e6/0xa60 [ 26.331818][ T304] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.337825][ T304] __kmalloc+0xa1/0x1e0 [ 26.341971][ T304] ? __cfi___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 26.348638][ T304] tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.354435][ T304] bpf_probe_unregister+0x61/0x70 [ 26.359453][ T304] bpf_raw_tp_link_release+0x63/0x90 [ 26.364726][ T304] bpf_link_free+0x13a/0x390 [ 26.369308][ T304] ? bpf_link_put_deferred+0x20/0x20 [ 26.374587][ T304] bpf_link_release+0x15f/0x170 [ 26.379430][ T304] ? __cfi_bpf_link_release+0x10/0x10 [ 26.384798][ T304] __fput+0x1fc/0x8f0 [ 26.388776][ T304] ____fput+0x15/0x20 [ 26.392765][ T304] task_work_run+0x1db/0x240 [ 26.398137][ T304] ? __cfi_task_work_run+0x10/0x10 [ 26.403267][ T304] ? task_work_add+0x2b1/0x330 [ 26.408029][ T304] ptrace_notify+0x221/0x250 [ 26.412619][ T304] ? __cfi_ptrace_notify+0x10/0x10 [ 26.417727][ T304] ? fput+0x15b/0x1a0 [ 26.421695][ T304] ? filp_close+0x111/0x160 [ 26.426190][ T304] ? close_fd+0x28b/0x300 [ 26.430526][ T304] syscall_exit_work+0x84/0x140 [ 26.435382][ T304] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 26.441527][ T304] syscall_exit_to_user_mode+0xd/0x30 [ 26.446890][ T304] do_syscall_64+0x58/0xa0 [ 26.451307][ T304] ? clear_bhb_loop+0x15/0x70 [ 26.455995][ T304] ? clear_bhb_loop+0x15/0x70 [ 26.460679][ T304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.466569][ T304] RIP: 0033:0x7f4987775630 [ 26.470977][ T304] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 31 2a 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [pid 306] perf_event_open( [pid 304] <... close resumed>) = 0 [pid 304] close(6) = 0 [pid 304] close(7) = -1 EBADF (Bad file descriptor) [pid 304] close(8) = -1 EBADF (Bad file descriptor) [pid 304] close(9) = -1 EBADF (Bad file descriptor) [pid 304] close(10) = -1 EBADF (Bad file descriptor) [pid 304] close(11) = -1 EBADF (Bad file descriptor) [pid 304] close(12) = -1 EBADF (Bad file descriptor) [pid 304] close(13) = -1 EBADF (Bad file descriptor) [pid 304] close(14) = -1 EBADF (Bad file descriptor) [pid 304] close(15) = -1 EBADF (Bad file descriptor) [pid 304] close(16) = -1 EBADF (Bad file descriptor) [pid 304] close(17) = -1 EBADF (Bad file descriptor) [pid 304] close(18) = -1 EBADF (Bad file descriptor) [pid 304] close(19) = -1 EBADF (Bad file descriptor) [pid 304] close(20) = -1 EBADF (Bad file descriptor) [pid 304] close(21) = -1 EBADF (Bad file descriptor) [pid 304] close(22) = -1 EBADF (Bad file descriptor) [pid 304] close(23) = -1 EBADF (Bad file descriptor) [pid 304] close(24) = -1 EBADF (Bad file descriptor) [pid 304] close(25) = -1 EBADF (Bad file descriptor) [pid 304] close(26) = -1 EBADF (Bad file descriptor) [pid 304] close(27) = -1 EBADF (Bad file descriptor) [pid 304] close(28) = -1 EBADF (Bad file descriptor) [pid 304] close(29) = -1 EBADF (Bad file descriptor) [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 26.490571][ T304] RSP: 002b:00007ffe1f532708 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 26.498975][ T304] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f4987775630 [ 26.506932][ T304] RDX: ffffffffffffffb8 RSI: 00007ffe1f532730 RDI: 0000000000000005 [ 26.514897][ T304] RBP: 0000000000000001 R08: 00007ffe1f5324a7 R09: 0000000000000000 [ 26.522863][ T304] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000000 [ 26.530825][ T304] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.538789][ T304] [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555595036f0 /* 3 entries */, 32768) = 80 [pid 299] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./0/binderfs") = 0 [pid 299] getdents64(3, 0x5555595036f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./0") = 0 [pid 299] mkdir("./1", 0777) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 3 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555559502660, 24) = 0 [pid 307] chdir("./1") = 0 executing program [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] write(1, "executing program\n", 18) = 18 [ 26.543561][ T302] FAULT_INJECTION: forcing a failure. [ 26.543561][ T302] name failslab, interval 1, probability 0, space 0, times 0 [ 26.556441][ T302] CPU: 1 PID: 302 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 26.566611][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 26.576655][ T302] Call Trace: [ 26.579922][ T302] [ 26.582839][ T302] __dump_stack+0x21/0x24 [ 26.587166][ T302] dump_stack_lvl+0xee/0x150 [ 26.591750][ T302] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.596769][ T302] ? 0xffffffffa0003dcc [ 26.600906][ T302] ? is_bpf_text_address+0x177/0x190 [ 26.606202][ T302] dump_stack+0x15/0x24 [ 26.610346][ T302] should_fail_ex+0x3d4/0x520 [ 26.615010][ T302] __should_failslab+0xac/0xf0 [ 26.619759][ T302] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.625728][ T302] should_failslab+0x9/0x20 [ 26.630225][ T302] __kmem_cache_alloc_node+0x3d/0x2c0 [ 26.635604][ T302] ? __cfi_mutex_lock+0x10/0x10 [ 26.640453][ T302] ? delete_node+0x3dc/0xa60 [ 26.645038][ T302] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.651009][ T302] __kmalloc+0xa1/0x1e0 [ 26.655184][ T302] ? __cfi___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 26.661883][ T302] tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.667701][ T302] bpf_probe_unregister+0x61/0x70 [ 26.672720][ T302] bpf_raw_tp_link_release+0x63/0x90 [ 26.677993][ T302] bpf_link_free+0x13a/0x390 [ 26.682574][ T302] ? bpf_link_put_deferred+0x20/0x20 [ 26.687855][ T302] bpf_link_release+0x15f/0x170 [ 26.692700][ T302] ? __cfi_bpf_link_release+0x10/0x10 [ 26.698116][ T302] __fput+0x1fc/0x8f0 [ 26.702130][ T302] ____fput+0x15/0x20 [ 26.706105][ T302] task_work_run+0x1db/0x240 [ 26.710708][ T302] ? __cfi_task_work_run+0x10/0x10 [ 26.715806][ T302] ? task_work_add+0x2b1/0x330 [ 26.720561][ T302] ptrace_notify+0x221/0x250 [ 26.725142][ T302] ? __cfi_ptrace_notify+0x10/0x10 [ 26.730246][ T302] ? fput+0x15b/0x1a0 [ 26.734213][ T302] ? filp_close+0x111/0x160 [ 26.738701][ T302] ? close_fd+0x28b/0x300 [ 26.743020][ T302] syscall_exit_work+0x84/0x140 [ 26.747858][ T302] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 26.753998][ T302] syscall_exit_to_user_mode+0xd/0x30 [ 26.759362][ T302] do_syscall_64+0x58/0xa0 [ 26.763788][ T302] ? clear_bhb_loop+0x15/0x70 [ 26.768453][ T302] ? clear_bhb_loop+0x15/0x70 [ 26.773119][ T302] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.779274][ T302] RIP: 0033:0x7f4987775630 [ 26.783677][ T302] Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 31 2a 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c [ 26.803270][ T302] RSP: 002b:00007ffe1f532708 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 26.811677][ T302] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f4987775630 [ 26.819641][ T302] RDX: ffffffffffffffb8 RSI: 00007ffe1f532730 RDI: 0000000000000005 [ 26.827630][ T302] RBP: 0000000000000001 R08: 00007ffe1f5324a7 R09: 0000000000000000 [ 26.835602][ T302] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000000 [pid 307] perf_event_open( [pid 302] <... close resumed>) = 0 [pid 302] close(6) = 0 [pid 302] close(7) = -1 EBADF (Bad file descriptor) [pid 302] close(8) = -1 EBADF (Bad file descriptor) [pid 302] close(9) = -1 EBADF (Bad file descriptor) [pid 302] close(10) = -1 EBADF (Bad file descriptor) [pid 302] close(11) = -1 EBADF (Bad file descriptor) [pid 302] close(12) = -1 EBADF (Bad file descriptor) [pid 302] close(13) = -1 EBADF (Bad file descriptor) [pid 302] close(14) = -1 EBADF (Bad file descriptor) [pid 302] close(15) = -1 EBADF (Bad file descriptor) [pid 302] close(16) = -1 EBADF (Bad file descriptor) [pid 302] close(17) = -1 EBADF (Bad file descriptor) [pid 302] close(18) = -1 EBADF (Bad file descriptor) [pid 302] close(19) = -1 EBADF (Bad file descriptor) [pid 302] close(20) = -1 EBADF (Bad file descriptor) [pid 302] close(21) = -1 EBADF (Bad file descriptor) [pid 302] close(22) = -1 EBADF (Bad file descriptor) [pid 302] close(23) = -1 EBADF (Bad file descriptor) [pid 302] close(24) = -1 EBADF (Bad file descriptor) [pid 302] close(25) = -1 EBADF (Bad file descriptor) [pid 302] close(26) = -1 EBADF (Bad file descriptor) [pid 302] close(27) = -1 EBADF (Bad file descriptor) [pid 302] close(28) = -1 EBADF (Bad file descriptor) [pid 302] close(29) = -1 EBADF (Bad file descriptor) [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ [ 26.843583][ T302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.851557][ T302] [ 26.854787][ T300] FAULT_INJECTION: forcing a failure. [ 26.854787][ T300] name failslab, interval 1, probability 0, space 0, times 0 [ 26.868258][ T300] CPU: 1 PID: 300 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 26.878428][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 26.888540][ T300] Call Trace: [ 26.891815][ T300] [ 26.894760][ T300] __dump_stack+0x21/0x24 [ 26.899091][ T300] dump_stack_lvl+0xee/0x150 [ 26.903674][ T300] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.908697][ T300] dump_stack+0x15/0x24 [ 26.912851][ T300] should_fail_ex+0x3d4/0x520 [ 26.917542][ T300] __should_failslab+0xac/0xf0 [ 26.922297][ T300] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.928275][ T300] should_failslab+0x9/0x20 [ 26.932780][ T300] __kmem_cache_alloc_node+0x3d/0x2c0 [ 26.938146][ T300] ? __cfi_mutex_lock+0x10/0x10 [ 26.943015][ T300] ? tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.949002][ T300] __kmalloc+0xa1/0x1e0 [ 26.953154][ T300] ? __kasan_check_write+0x14/0x20 [ 26.958260][ T300] ? __cfi_perf_trace_percpu_alloc_percpu+0x10/0x10 [ 26.964841][ T300] tracepoint_probe_unregister+0x1e6/0x8b0 [ 26.970644][ T300] trace_event_reg+0x21c/0x260 [ 26.975408][ T300] perf_trace_event_unreg+0xcc/0x1c0 [ 26.980687][ T300] perf_trace_destroy+0xbe/0x180 [ 26.985616][ T300] tp_perf_event_destroy+0x15/0x20 [ 26.990718][ T300] ? __cfi_tp_perf_event_destroy+0x10/0x10 [ 26.996524][ T300] _free_event+0x9cd/0xce0 [ 27.000942][ T300] perf_event_release_kernel+0x819/0x8a0 [ 27.006568][ T300] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.012641][ T300] ? __cfi_perf_event_release_kernel+0x10/0x10 [ 27.018786][ T300] perf_release+0x3b/0x40 [ 27.023127][ T300] ? __cfi_perf_release+0x10/0x10 [ 27.028157][ T300] __fput+0x1fc/0x8f0 [ 27.032138][ T300] ____fput+0x15/0x20 [ 27.036116][ T300] task_work_run+0x1db/0x240 [ 27.040709][ T300] ? __cfi_task_work_run+0x10/0x10 [ 27.045826][ T300] ? task_work_add+0x2b1/0x330 [ 27.050590][ T300] ptrace_notify+0x221/0x250 [ 27.055183][ T300] ? __cfi_ptrace_notify+0x10/0x10 [ 27.060299][ T300] ? fput+0x15b/0x1a0 [ 27.064288][ T300] ? filp_close+0x111/0x160 [ 27.068786][ T300] ? close_fd+0x28b/0x300 [ 27.073113][ T300] syscall_exit_work+0x84/0x140 [ 27.077953][ T300] syscall_exit_to_user_mode_prepare+0x1c/0x20 [ 27.084095][ T300] syscall_exit_to_user_mode+0xd/0x30 [ 27.089477][ T300] do_syscall_64+0x58/0xa0 [ 27.093888][ T300] ? clear_bhb_loop+0x15/0x70 [ 27.098555][ T300] ? clear_bhb_loop+0x15/0x70 [ 27.103223][ T300] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.109118][ T300] RIP: 0033:0x7f4987776509 [ 27.113523][ T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.133126][ T300] RSP: 002b:00007ffe1f532708 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 27.141534][ T300] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f4987776509 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555595036f0 /* 3 entries */, 32768) = 80 [pid 298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./0/binderfs") = 0 [pid 298] getdents64(3, 0x5555595036f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./0") = 0 [pid 298] mkdir("./1", 0777) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 3 [pid 300] close(3) = -1 EBADF (Bad file descriptor) [pid 300] close(4) = 0 [ 27.149497][ T300] RDX: 00007f4987775560 RSI: 00007ffe1f532730 RDI: 0000000000000003 [ 27.157463][ T300] RBP: 0000000000000001 R08: 00007ffe1f5324a7 R09: 0000000000000000 [ 27.165435][ T300] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 27.173401][ T300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.181381][ T300] [ 27.189622][ T305] CFI failure at __traceiter_percpu_alloc_percpu+0xb3/0x110 (target: 0xffffc90000ef79c8; expected type: 0x42e72b63) [ 27.202013][ T305] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.208139][ T305] CPU: 0 PID: 305 Comm: syz-executor365 Not tainted 6.1.134-syzkaller-00015-g218e2bd24587 #0 [ 27.218287][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 27.228340][ T305] RIP: 0010:__traceiter_percpu_alloc_percpu+0xb3/0x110 [ 27.235191][ T305] Code: d4 44 89 e9 4c 8b 45 c0 4c 8b 4d b8 8b 45 30 50 ff 75 28 ff 75 20 8b 45 18 50 ff 75 10 41 ba 9d d4 18 bd 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 28 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 [ 27.254813][ T305] RSP: 0018:ffffc90000ef79c8 EFLAGS: 00010a17 [ 27.260870][ T305] RAX: 000000000000fbc8 RBX: ffff8881248b9010 RCX: 0000000000000000 [ 27.268831][ T305] RDX: 0000000000000000 RSI: ffffffff81a47214 RDI: ffffffff87053360 [ 27.276792][ T305] RBP: ffffc90000ef7a38 R08: 0000000000000008 R09: 0000000000000008 [ 27.284754][ T305] R10: 0000000062593ba9 R11: 1ffffffff0ee43fd R12: ffffffff81710320 [ 27.293408][ T305] R13: 0000000000000000 R14: ffff8881248b9010 R15: dffffc0000000000 [ 27.301366][ T305] FS: 0000555559502380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 27.310282][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.316856][ T305] CR2: 00007f49877ea1d0 CR3: 0000000124881000 CR4: 00000000003506b0 [ 27.324821][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.332781][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.340741][ T305] Call Trace: [ 27.344006][ T305] [ 27.346926][ T305] ? __alloc_percpu+0x24/0x30 [ 27.351601][ T305] ? __alloc_percpu+0x24/0x30 [ 27.356274][ T305] pcpu_alloc+0x1566/0x16b0 [ 27.360785][ T305] __alloc_percpu+0x24/0x30 [ 27.365287][ T305] perf_trace_event_init+0x227/0x960 [ 27.370574][ T305] ? __kasan_slab_alloc+0x72/0x80 [ 27.375675][ T305] perf_trace_init+0x240/0x2e0 [ 27.380436][ T305] perf_tp_event_init+0x8e/0x120 [ 27.385375][ T305] perf_try_init_event+0x15b/0x450 [ 27.390481][ T305] perf_event_alloc+0x10f7/0x1970 [ 27.395518][ T305] __se_sys_perf_event_open+0x6c5/0x1b80 [ 27.401146][ T305] ? ptrace_stop+0x6ce/0x8b0 [ 27.405730][ T305] ? __x64_sys_perf_event_open+0xd0/0xd0 [ 27.411360][ T305] ? do_user_addr_fault+0x9ac/0x1050 [ 27.416643][ T305] __x64_sys_perf_event_open+0xbf/0xd0 [ 27.422102][ T305] x64_sys_call+0x385/0x9a0 [ 27.426601][ T305] do_syscall_64+0x4c/0xa0 [ 27.431015][ T305] ? clear_bhb_loop+0x15/0x70 [ 27.435712][ T305] ? clear_bhb_loop+0x15/0x70 [ 27.440382][ T305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 27.446303][ T305] RIP: 0033:0x7f4987776509 [ 27.450707][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.470389][ T305] RSP: 002b:00007ffe1f532708 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 27.479063][ T305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4987776509 [ 27.487031][ T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [pid 300] close(5./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555559502660, 24) = 0 [pid 309] chdir("./1") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 309] write(1, "executing program\n", 18) = 18 [pid 309] perf_event_open( [pid 300] <... close resumed>) = 0 [pid 300] close(6) = 0 [pid 300] close(7) = -1 EBADF (Bad file descriptor) [pid 300] close(8) = -1 EBADF (Bad file descriptor) [pid 300] close(9) = -1 EBADF (Bad file descriptor) [pid 300] close(10) = -1 EBADF (Bad file descriptor) [pid 300] close(11) = -1 EBADF (Bad file descriptor) [pid 300] close(12) = -1 EBADF (Bad file descriptor) [pid 300] close(13) = -1 EBADF (Bad file descriptor) [pid 300] close(14) = -1 EBADF (Bad file descriptor) [pid 300] close(15) = -1 EBADF (Bad file descriptor) [pid 300] close(16) = -1 EBADF (Bad file descriptor) [pid 300] close(17) = -1 EBADF (Bad file descriptor) [pid 300] close(18) = -1 EBADF (Bad file descriptor) [pid 300] close(19) = -1 EBADF (Bad file descriptor) [pid 300] close(20) = -1 EBADF (Bad file descriptor) [pid 300] close(21) = -1 EBADF (Bad file descriptor) [pid 300] close(22) = -1 EBADF (Bad file descriptor) [pid 300] close(23) = -1 EBADF (Bad file descriptor) [pid 300] close(24) = -1 EBADF (Bad file descriptor) [pid 300] close(25) = -1 EBADF (Bad file descriptor) [pid 300] close(26) = -1 EBADF (Bad file descriptor) [pid 300] close(27) = -1 EBADF (Bad file descriptor) [pid 300] close(28) = -1 EBADF (Bad file descriptor) [pid 300] close(29) = -1 EBADF (Bad file descriptor) [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=40} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=60, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555595036f0 /* 3 entries */, 32768) = 80 [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] getdents64(3, 0x5555595036f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555559502650) = 3 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555559502660, 24) = 0 [ 27.494995][ T305] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 [ 27.502966][ T305] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 27.510928][ T305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.518890][ T305] [ 27.521905][ T305] Modules linked in: [ 27.526154][ T305] ---[ end trace 0000000000000000 ]--- [ 27.532092][ T305] RIP: 0010:__traceiter_percpu_alloc_percpu+0xb3/0x110 [pid 310] chdir("./1"executing program ) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18) = 18 [ 27.538995][ T305] Code: d4 44 89 e9 4c 8b 45 c0 4c 8b 4d b8 8b 45 30 50 ff 75 28 ff 75 20 8b 45 18 50 ff 75 10 41 ba 9d d4 18 bd 45 03 54 24 fc 74 02 <0f> 0b 41 ff d4 48 83 c4 28 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 [ 27.559627][ T305] RSP: 0018:ffffc90000ef79c8 EFLAGS: 00010a17 [ 27.565782][ T305] RAX: 000000000000fbc8 RBX: ffff8881248b9010 RCX: 0000000000000000 [ 27.573773][ T305] RDX: 0000000000000000 RSI: ffffffff81a47214 RDI: ffffffff87053360 [ 27.581738][ T305] RBP: ffffc90000ef7a38 R08: 0000000000000008 R09: 0000000000000008 [ 27.589764][ T305] R10: 0000000062593ba9 R11: 1ffffffff0ee43fd R12: ffffffff81710320 [ 27.597806][ T305] R13: 0000000000000000 R14: ffff8881248b9010 R15: dffffc0000000000 [ 27.605819][ T305] FS: 0000555559502380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 27.614778][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.621363][ T305] CR2: 00007f49877ea1d0 CR3: 0000000124881000 CR4: 00000000003506b0 [ 27.629372][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.637366][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.645366][ T305] Kernel panic - not syncing: Fatal exception [ 27.651678][ T305] Kernel Offset: disabled [ 27.655999][ T305] Rebooting in 86400 seconds..