./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4203754072 <...> Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. execve("./syz-executor4203754072", ["./syz-executor4203754072"], 0x7ffebe242020 /* 10 vars */) = 0 brk(NULL) = 0x555555e5a000 brk(0x555555e5ae00) = 0x555555e5ae00 arch_prctl(ARCH_SET_FS, 0x555555e5a480) = 0 set_tid_address(0x555555e5a750) = 288 set_robust_list(0x555555e5a760, 24) = 0 rseq(0x555555e5ada0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4203754072", 4096) = 28 getrandom("\xb4\x3c\x09\x3e\x82\x9f\xf4\x5b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555e5ae00 brk(0x555555e7be00) = 0x555555e7be00 brk(0x555555e7c000) = 0x555555e7c000 mprotect(0x7fe7f98b5000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fe7f97f5d60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fe7f97f5d60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 289 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 290 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555555e5a760, 24) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 295 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555555e5a760, 24) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 ./strace-static-x86_64: Process 291 attached ./strace-static-x86_64: Process 290 attached ./strace-static-x86_64: Process 289 attached [pid 291] set_robust_list(0x555555e5a760, 24 [pid 290] set_robust_list(0x555555e5a760, 24 [pid 289] set_robust_list(0x555555e5a760, 24 [pid 291] <... set_robust_list resumed>) = 0 [pid 290] <... set_robust_list resumed>) = 0 [pid 289] <... set_robust_list resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 291] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 291] close(3) = 0 [pid 290] close(3 [pid 289] <... close resumed>) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 298 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... clone resumed>, child_tidptr=0x555555e5a750) = 299 [pid 291] <... clone resumed>, child_tidptr=0x555555e5a750) = 297 [pid 290] <... clone resumed>, child_tidptr=0x555555e5a750) = 300 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555555e5a760, 24) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] write(1, "executing program\n", 18executing program ) = 18 [pid 297] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe7f97cb000 [pid 297] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0}./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 299 attached [pid 300] set_robust_list(0x555555e5a760, 24 [pid 295] set_robust_list(0x555555e5a760, 24) = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... clone3 resumed> => {parent_tid=[301]}, 88) = 301 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... prctl resumed>) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 298 attached ) = 3 [pid 298] set_robust_list(0x555555e5a760, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] write(3, "1000", 4) = 4 [pid 298] <... prctl resumed>) = 0 [pid 298] setpgid(0, 0 [pid 295] close(3) = 0 [pid 298] <... setpgid resumed>) = 0 executing program [pid 295] write(1, "executing program\n", 18 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... write resumed>) = 18 [pid 295] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... openat resumed>) = 3 [pid 295] <... mmap resumed>) = 0x7fe7f97cb000 [pid 295] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] write(3, "1000", 4) = 4 executing program [pid 298] close(3) = 0 [pid 298] write(1, "executing program\n", 18 [pid 295] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} [pid 298] <... write resumed>) = 18 [pid 298] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe7f97cb000 [pid 298] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... clone3 resumed> => {parent_tid=[302]}, 88) = 302 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} => {parent_tid=[303]}, 88) = 303 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [ 22.929639][ T30] audit: type=1400 audit(1750458276.605:64): avc: denied { execmem } for pid=288 comm="syz-executor420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] memfd_create("syzkaller", 0) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] set_robust_list(0x555555e5a760, 24./strace-static-x86_64: Process 303 attached [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... set_robust_list resumed>) = 0 [pid 303] set_robust_list(0x7fe7f97eb9a0, 24 [pid 300] <... prctl resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... set_robust_list resumed>) = 0 [pid 300] setpgid(0, 0 [pid 299] <... prctl resumed>) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... setpgid resumed>) = 0 [ 22.963202][ T30] audit: type=1400 audit(1750458276.615:65): avc: denied { read write } for pid=293 comm="syz-executor420" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.989403][ T30] audit: type=1400 audit(1750458276.615:66): avc: denied { open } for pid=293 comm="syz-executor420" path="/dev/loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 299] setpgid(0, 0 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... setpgid resumed>) = 0 [pid 303] memfd_create("syzkaller", 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 303] <... memfd_create resumed>) = 3 [pid 299] write(3, "1000", 4 [pid 300] write(3, "1000", 4 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... write resumed>) = 4 [pid 300] <... write resumed>) = 4 [pid 303] <... mmap resumed>) = 0x7fe7f13cb000 [pid 300] close(3 [pid 299] close(3executing program executing program [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 300] write(1, "executing program\n", 18 [pid 299] write(1, "executing program\n", 18 [pid 300] <... write resumed>) = 18 [pid 299] <... write resumed>) = 18 [pid 300] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 0 [pid 300] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, [pid 300] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... mmap resumed>) = 0x7fe7f97cb000 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE [pid 299] <... mmap resumed>) = 0x7fe7f97cb000 [pid 300] <... mprotect resumed>) = 0 [pid 299] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... mprotect resumed>) = 0 [pid 300] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 300] <... clone3 resumed> => {parent_tid=[305]}, 88) = 305 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] <... clone3 resumed> => {parent_tid=[306]}, 88) = 306 [pid 300] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... futex resumed>) = 0 [pid 299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 305 attached [pid 306] memfd_create("syzkaller", 0 [pid 305] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], [pid 306] <... memfd_create resumed>) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [ 23.022613][ T30] audit: type=1400 audit(1750458276.615:67): avc: denied { ioctl } for pid=293 comm="syz-executor420" path="/dev/loop4" dev="devtmpfs" ino=120 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 301] <... write resumed>) = 20699119 [pid 301] munmap(0x7fe7f13cb000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... write resumed>) = 20699119 [pid 301] <... ioctl resumed>) = 0 [pid 303] <... write resumed>) = 20699119 [pid 306] <... write resumed>) = 20699119 [pid 301] close(3 [pid 306] munmap(0x7fe7f13cb000, 138412032 [pid 301] <... close resumed>) = 0 [pid 303] munmap(0x7fe7f13cb000, 138412032 [pid 301] close(4 [pid 302] munmap(0x7fe7f13cb000, 138412032 [pid 301] <... close resumed>) = 0 [pid 303] <... munmap resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 302] <... munmap resumed>) = 0 [pid 303] ioctl(4, LOOP_SET_FD, 3 [pid 306] <... munmap resumed>) = 0 [pid 301] mkdir("./file4", 0777 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] <... mkdir resumed>) = 0 [pid 301] mount("/dev/loop2", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 306] <... openat resumed>) = 4 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 302] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... ioctl resumed>) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file4", 0777) = -1 EEXIST (File exists) [ 23.463755][ T301] loop2: detected capacity change from 0 to 40427 [ 23.477077][ T303] loop3: detected capacity change from 0 to 40427 [ 23.487498][ T301] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 23.494063][ T302] loop4: detected capacity change from 0 to 40427 [pid 303] mount("/dev/loop3", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... ioctl resumed>) = 0 [pid 302] close(3) = 0 [pid 302] close(4) = 0 [pid 302] mkdir("./file4", 0777) = -1 EEXIST (File exists) [pid 302] mount("/dev/loop4", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 306] <... ioctl resumed>) = 0 [ 23.494548][ T30] audit: type=1400 audit(1750458277.165:68): avc: denied { mounton } for pid=297 comm="syz-executor420" path="/root/file4" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.513468][ T303] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 23.531838][ T306] loop0: detected capacity change from 0 to 40427 [ 23.538692][ T301] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 23.548265][ T302] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 23.553949][ T301] F2FS-fs (loop2): fault_injection options not supported [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file4", 0777) = -1 EEXIST (File exists) [pid 306] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 305] <... write resumed>) = 20699119 [ 23.562763][ T302] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 23.572040][ T306] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 23.572087][ T303] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 23.585266][ T306] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 23.588375][ T302] F2FS-fs (loop4): fault_injection options not supported [ 23.596278][ T301] F2FS-fs (loop2): fault_type options not supported [pid 305] munmap(0x7fe7f13cb000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 23.604854][ T303] F2FS-fs (loop3): fault_injection options not supported [ 23.611928][ T306] F2FS-fs (loop0): fault_injection options not supported [ 23.618859][ T302] F2FS-fs (loop4): fault_type options not supported [ 23.627322][ T301] F2FS-fs (loop2): invalid crc value [ 23.633936][ T303] F2FS-fs (loop3): fault_type options not supported [ 23.639563][ T306] F2FS-fs (loop0): fault_type options not supported [ 23.648460][ T305] loop1: detected capacity change from 0 to 40427 [ 23.654442][ T306] F2FS-fs (loop0): invalid crc value [pid 305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 305] close(3) = 0 [ 23.659509][ T302] F2FS-fs (loop4): invalid crc value [ 23.669463][ T303] F2FS-fs (loop3): invalid crc value [ 23.671344][ T306] F2FS-fs (loop0): Found nat_bits in checkpoint [ 23.676580][ T301] F2FS-fs (loop2): Found nat_bits in checkpoint [ 23.694484][ T302] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 305] close(4) = 0 [pid 305] mkdir("./file4", 0777) = -1 EEXIST (File exists) [ 23.711428][ T303] F2FS-fs (loop3): Found nat_bits in checkpoint [ 23.720075][ T305] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 23.733997][ T301] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 23.741797][ T301] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 23.744099][ T305] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 305] mount("/dev/loop1", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 301] <... mount resumed>) = 0 [ 23.757560][ T306] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 23.769506][ T30] audit: type=1400 audit(1750458277.445:69): avc: denied { mount } for pid=297 comm="syz-executor420" name="/" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.769568][ T306] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 23.801825][ T302] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 301] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 306] <... mount resumed>) = 0 [pid 302] <... mount resumed>) = 0 [pid 301] chdir("./file4" [pid 306] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY [pid 302] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY [pid 301] <... chdir resumed>) = 0 [pid 306] <... openat resumed>) = 3 [pid 302] <... openat resumed>) = 3 [pid 301] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 306] chdir("./file4" [pid 302] chdir("./file4" [pid 301] <... openat resumed>) = 4 [pid 306] <... chdir resumed>) = 0 [pid 302] <... chdir resumed>) = 0 [pid 301] ioctl(4, LOOP_CLR_FD [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] <... ioctl resumed>) = 0 [pid 306] <... openat resumed>) = 4 [pid 302] <... openat resumed>) = 4 [pid 301] close(4 [pid 306] ioctl(4, LOOP_CLR_FD [pid 302] ioctl(4, LOOP_CLR_FD [pid 301] <... close resumed>) = 0 [pid 306] <... ioctl resumed>) = 0 [pid 302] <... ioctl resumed>) = 0 [pid 301] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] close(4 [pid 302] close(4 [pid 301] <... futex resumed>) = 1 [pid 297] <... futex resumed>) = 0 [pid 306] <... close resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 297] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 4 [pid 297] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 302] <... futex resumed>) = 1 [pid 301] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = 0 [pid 306] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 301] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 23.809328][ T302] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 23.809528][ T305] F2FS-fs (loop1): fault_injection options not supported [ 23.824751][ T303] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 23.827018][ T30] audit: type=1400 audit(1750458277.505:70): avc: denied { write } for pid=297 comm="syz-executor420" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.833732][ T303] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [pid 295] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... openat resumed>) = 4 [pid 301] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 297] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 302] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 295] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... futex resumed>) = 0 [pid 299] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 302] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... futex resumed>) = 1 [pid 295] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = 0 [pid 306] <... openat resumed>) = 4 [pid 302] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 295] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] <... futex resumed>) = 0 [pid 306] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 1 [pid 306] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 299] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 301] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [ 23.857467][ T301] F2FS-fs (loop0): switch discard_unit option is not allowed [ 23.876519][ T302] F2FS-fs (loop0): switch discard_unit option is not allowed [ 23.880012][ T305] F2FS-fs (loop1): fault_type options not supported [ 23.886084][ T301] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 23.904616][ T301] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 23.911309][ T305] F2FS-fs (loop1): invalid crc value [ 23.913674][ T301] CPU: 0 PID: 301 Comm: syz-executor420 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 23.913692][ T301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 23.913700][ T301] RIP: 0010:update_sit_entry+0x5b4/0xf70 [ 23.922491][ T30] audit: type=1400 audit(1750458277.505:71): avc: denied { write open } for pid=297 comm="syz-executor420" path=2F726F6F742F66696C65342F233130202864656C6574656429 dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.931740][ T301] Code: 00 00 49 8d 5d 18 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 0a 59 92 ff 48 8b 1b 48 03 5d b0 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 a9 08 00 00 44 0f b6 33 44 89 f0 44 8b [ 23.931758][ T301] RSP: 0018:ffffc90000ac6f20 EFLAGS: 00010246 [ 23.931782][ T301] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881071ca780 [pid 301] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 303] <... mount resumed>) = 0 [pid 302] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY [pid 302] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fe7f98bb6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... openat resumed>) = 3 [pid 302] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 0 [pid 303] chdir("./file4" [pid 302] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] <... chdir resumed>) = 0 [pid 299] <... mmap resumed>) = 0x7fe7f97aa000 [pid 303] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] mprotect(0x7fe7f97ab000, 131072, PROT_READ|PROT_WRITE [pid 303] <... openat resumed>) = 4 [pid 299] <... mprotect resumed>) = 0 [pid 303] ioctl(4, LOOP_CLR_FD [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] <... ioctl resumed>) = 0 [pid 299] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] close(4 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97ca990, parent_tid=0x7fe7f97ca990, exit_signal=0, stack=0x7fe7f97aa000, stack_size=0x20240, tls=0x7fe7f97ca6c0} [pid 303] <... close resumed>) = 0 [pid 303] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone3 resumed> => {parent_tid=[325]}, 88) = 325 [pid 303] <... futex resumed>) = 1 [pid 299] rt_sigprocmask(SIG_SETMASK, [], [pid 303] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] futex(0x7fe7f98bb6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe7f98bb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 306] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fe7f98bb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 1 [pid 302] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 295] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x7fe7f97ca9a0, 24) = 0 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 1 [pid 303] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 298] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... openat resumed>) = 4 [pid 303] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] <... futex resumed>) = 0 [pid 303] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 298] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 303] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = 59 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7fe7f98bb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 303] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 0 [pid 298] exit_group(0) = ? [pid 303] <... futex resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ [ 23.931792][ T301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.943490][ T30] audit: type=1400 audit(1750458277.535:72): avc: denied { remount } for pid=297 comm="syz-executor420" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.948747][ T301] RBP: ffffc90000ac6fa0 R08: ffff8881071ca780 R09: 0000000000000003 [ 23.948768][ T301] R10: 00000000ffffffff R11: 0000000000000000 R12: dffffc0000000000 [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.948777][ T301] R13: ffff88810a81c1b8 R14: 0000000000000000 R15: ffff8881019fe000 [ 23.948787][ T301] FS: 00007fe7f97eb6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.948801][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.948812][ T301] CR2: 0000200000001740 CR3: 0000000121c2f000 CR4: 00000000003506b0 [ 23.948826][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=10, si_stime=21} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = 0 [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 328 [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file4") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [ 23.977655][ T30] audit: type=1400 audit(1750458277.565:73): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 23.997951][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.997971][ T301] Call Trace: [ 23.997977][ T301] [ 23.997985][ T301] f2fs_allocate_data_block+0x15e8/0x3240 [ 24.017841][ T306] F2FS-fs (loop0): switch discard_unit option is not allowed [ 24.021408][ T301] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0 [pid 305] close(4) = 0 [pid 305] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 305] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 305] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = 59 [pid 305] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] exit_group(0) = ? [pid 305] <... futex resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555555e5a760, 24) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] write(1, "executing program\n", 18executing program ) = 18 [pid 328] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe7f97cb000 [pid 328] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} => {parent_tid=[329]}, 88) = 329 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [ 24.047979][ T303] F2FS-fs (loop3): switch discard_unit option is not allowed [ 24.051573][ T301] __allocate_data_block+0x526/0xa00 [ 24.051609][ T301] ? f2fs_map_blocks+0x38a0/0x38a0 [ 24.051623][ T301] ? xas_find+0xe6/0x830 [ 24.051638][ T301] f2fs_map_blocks+0xeea/0x38a0 [ 24.051652][ T301] ? find_get_entry+0x3bc/0x3d0 [ 24.066753][ T303] syz-executor420 (303) used greatest stack depth: 22816 bytes left [ 24.068396][ T301] ? f2fs_do_map_lock+0x80/0x80 [pid 299] exit_group(0 [pid 306] <... futex resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 306] +++ exited with 0 +++ [pid 295] exit_group(0) = ? [ 24.068418][ T301] ? invalidate_inode_pages2_range+0xb3e/0xbe0 [ 24.068438][ T301] f2fs_iomap_begin+0x1fc/0x8d0 [ 24.068453][ T301] ? f2fs_destroy_bio_entry_cache+0x20/0x20 [ 24.068469][ T301] ? filemap_write_and_wait_range+0x1e1/0x380 [ 24.079094][ T305] F2FS-fs (loop1): Found nat_bits in checkpoint [ 24.086154][ T301] iomap_iter+0x57d/0xaf0 [ 24.086179][ T301] ? f2fs_destroy_bio_entry_cache+0x20/0x20 [ 24.086197][ T301] __iomap_dio_rw+0xa15/0x19f0 [ 24.086215][ T301] ? iomap_dio_complete+0x6f0/0x6f0 [ 24.136357][ T305] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 24.137981][ T301] ? down_read_trylock+0x341/0x660 [ 24.138008][ T301] ? f2fs_down_read+0x9f/0x190 [ 24.141265][ T305] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 24.147369][ T301] ? need_inode_page_update+0x1e0/0x1e0 [ 24.147397][ T301] ? fault_in_iov_iter_readable+0x23e/0x280 [ 24.147414][ T301] f2fs_file_write_iter+0xf96/0x2910 [ 24.181410][ T305] F2FS-fs (loop1): switch discard_unit option is not allowed [ 24.183078][ T301] ? f2fs_file_read_iter+0xf30/0xf30 [ 24.183104][ T301] ? save_fpregs_to_fpstate+0x14a/0x1b0 [ 24.183124][ T301] ? irqentry_exit+0x37/0x40 [ 24.183139][ T301] ? common_interrupt+0x70/0xe0 [ 24.183154][ T301] ? asm_common_interrupt+0x27/0x40 [ 24.183171][ T301] ? finish_task_switch+0x173/0x780 [ 24.183188][ T301] ? avc_policy_seqno+0x1b/0x70 [ 24.356068][ T301] ? memset+0x35/0x40 [ 24.361016][ T301] ? iov_iter_init+0xbc/0x180 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 329] munmap(0x7fe7f13cb000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=8, si_stime=20} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = 0 [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 330 [pid 329] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 329] close(4) = 0 [ 24.367547][ T301] vfs_write+0x802/0xf70 [ 24.372158][ T301] ? file_end_write+0x1b0/0x1b0 [ 24.377543][ T301] ? wait_for_completion_killable_timeout+0x10/0x10 [ 24.385547][ T301] ? __fget_files+0x2c4/0x320 [ 24.392966][ T301] ? __fdget_pos+0x2d2/0x380 [ 24.397831][ T301] ? ksys_write+0x71/0x240 [ 24.402933][ T301] ksys_write+0x140/0x240 [ 24.407276][ T301] ? __ia32_sys_read+0x90/0x90 [pid 329] close(3) = 0 [pid 329] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 3 [pid 329] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 329] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] write(3, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 329] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] exit_group(0) = ? [pid 329] <... futex resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=8, si_stime=13} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555555e5a760, 24) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = 0 [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e5a750) = 331 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 24.412802][ T301] ? __kasan_check_write+0x14/0x20 [ 24.420065][ T301] ? switch_fpu_return+0x15d/0x2c0 [ 24.425463][ T301] __x64_sys_write+0x7b/0x90 [ 24.430503][ T301] x64_sys_call+0x8ef/0x9a0 [ 24.436179][ T301] do_syscall_64+0x4c/0xa0 [ 24.441654][ T301] ? clear_bhb_loop+0x50/0xa0 [ 24.446774][ T301] ? clear_bhb_loop+0x50/0xa0 [ 24.451945][ T301] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 24.458141][ T301] RIP: 0033:0x7fe7f982f679 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] write(1, "executing program\n", 18executing program ) = 18 [pid 330] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe7f97cb000 [pid 330] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} => {parent_tid=[332]}, 88) = 332 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555555e5a760, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] futex(0x7fe7f98bb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] rt_sigaction(SIGRT_1, {sa_handler=0x7fe7f9855340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe7f97feda0}, NULL, 8) = 0 [pid 331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe7f97cb000 [pid 331] mprotect(0x7fe7f97cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe7f97eb990, parent_tid=0x7fe7f97eb990, exit_signal=0, stack=0x7fe7f97cb000, stack_size=0x20240, tls=0x7fe7f97eb6c0} => {parent_tid=[333]}, 88) = 333 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] futex(0x7fe7f98bb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7fe7f98bb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [ 24.463537][ T301] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 24.485508][ T301] RSP: 002b:00007fe7f97eb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 24.494874][ T301] RAX: ffffffffffffffda RBX: 00007fe7f98bb6c8 RCX: 00007fe7f982f679 [ 24.504332][ T301] RDX: 000000000000003b RSI: 0000200000000080 RDI: 0000000000000004 ./strace-static-x86_64: Process 332 attached [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 332] set_robust_list(0x7fe7f97eb9a0, 24) = 0 [ 24.513179][ T301] RBP: 00007fe7f98bb6c0 R08: 00007fe7f97eaf07 R09: 0000000000000000 [ 24.521916][ T301] R10: 0000000000000014 R11: 0000000000000246 R12: 00007fe7f98bb6cc [ 24.531496][ T301] R13: 0000000000000006 R14: 00007fff189ce930 R15: 00007fff189cea18 [ 24.539898][ T301] [ 24.543010][ T301] Modules linked in: [ 24.547310][ T301] ---[ end trace 4cef8471f5e11671 ]--- [ 24.553122][ T301] RIP: 0010:update_sit_entry+0x5b4/0xf70 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] memfd_create("syzkaller", 0) = 3 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe7f13cb000 [ 24.559153][ T301] Code: 00 00 49 8d 5d 18 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 0a 59 92 ff 48 8b 1b 48 03 5d b0 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 a9 08 00 00 44 0f b6 33 44 89 f0 44 8b [ 24.580205][ T301] RSP: 0018:ffffc90000ac6f20 EFLAGS: 00010246 [ 24.586657][ T301] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881071ca780 [ 24.595224][ T301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.603665][ T301] RBP: ffffc90000ac6fa0 R08: ffff8881071ca780 R09: 0000000000000003 [ 24.612576][ T301] R10: 00000000ffffffff R11: 0000000000000000 R12: dffffc0000000000 [ 24.637340][ T301] R13: ffff88810a81c1b8 R14: 0000000000000000 R15: ffff8881019fe000 [ 24.655030][ T301] FS: 00007fe7f97eb6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.674705][ T301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.682004][ T301] CR2: 00007fe7f2788000 CR3: 0000000121c2f000 CR4: 00000000003506a0 [ 24.700403][ T301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.719193][ T301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.733716][ T301] Kernel panic - not syncing: Fatal exception [ 24.740233][ T301] Kernel Offset: disabled [ 24.744776][ T301] Rebooting in 86400 seconds..