./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2480951691 <...> Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts. execve("./syz-executor2480951691", ["./syz-executor2480951691"], 0x7fff2bf0b9d0 /* 10 vars */) = 0 brk(NULL) = 0x555561135000 brk(0x555561135d40) = 0x555561135d40 arch_prctl(ARCH_SET_FS, 0x5555611353c0) = 0 set_tid_address(0x555561135690) = 5824 set_robust_list(0x5555611356a0, 24) = 0 rseq(0x555561135ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2480951691", 4096) = 28 getrandom("\xbe\xc9\x57\x90\xcf\xea\x2a\xc4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555561135d40 brk(0x555561156d40) = 0x555561156d40 brk(0x555561157000) = 0x555561157000 mprotect(0x7febdf7a1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.sOa6lP", 0700) = 0 chmod("./syzkaller.sOa6lP", 0777) = 0 chdir("./syzkaller.sOa6lP") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5825 [pid 5825] <... set_robust_list resumed>) = 0 [pid 5825] chdir("./0") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] write(1, "executing program\n", 18executing program ) = 18 [pid 5825] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5825] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5827 attached [pid 5827] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5825] <... clone3 resumed> => {parent_tid=[5827]}, 88) = 5827 [pid 5827] <... rseq resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] set_robust_list(0x7febdf6ce9a0, 24 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5825] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... futex resumed>) = 0 [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5827] munmap(0x7febd7200000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file0") = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5827] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5825] <... futex resumed>) = 0 [ 90.691953][ T5827] loop0: detected capacity change from 0 to 32768 [pid 5825] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... openat resumed>) = 4 [pid 5827] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5827] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5825] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... openat resumed>) = 5 [pid 5827] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5827] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5827] sendfile(4, 5, NULL, 16776834 [ 90.749488][ T30] audit: type=1800 audit(1748933540.723:2): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5825] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 90.907041][ T5827] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 90.907041][ T5827] [ 90.919842][ T5827] ERROR: (device loop0): remounting filesystem as read-only [pid 5827] <... sendfile resumed>) = 15269888 [pid 5827] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] exit_group(0 [pid 5827] <... futex resumed>) = 0 [pid 5825] <... exit_group resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached , child_tidptr=0x555561135690) = 5828 [pid 5828] set_robust_list(0x5555611356a0, 24) = 0 [pid 5828] chdir("./1") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5828] write(1, "executing program\n", 18) = 18 [pid 5828] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5828] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5829 attached [pid 5829] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5828] <... clone3 resumed> => {parent_tid=[5829]}, 88) = 5829 [pid 5829] set_robust_list(0x7febdf6ce9a0, 24 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... set_robust_list resumed>) = 0 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5829] memfd_create("syzkaller", 0 [pid 5828] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... memfd_create resumed>) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5829] munmap(0x7febd7200000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./file0", 0777) = 0 [pid 5829] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 92.073074][ T5829] loop0: detected capacity change from 0 to 32768 [pid 5829] chdir("./file0") = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5829] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... openat resumed>) = 4 [pid 5829] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5828] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] <... openat resumed>) = 5 [pid 5828] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5829] sendfile(4, 5, NULL, 16776834 [ 92.151669][ T30] audit: type=1800 audit(1748933542.133:3): pid=5829 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5828] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 92.318270][ T5829] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 92.318270][ T5829] [ 92.330101][ T5829] ERROR: (device loop0): remounting filesystem as read-only [pid 5829] <... sendfile resumed>) = 15269888 [pid 5829] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] exit_group(0 [pid 5829] <... futex resumed>) = ? [pid 5828] <... exit_group resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561135690) = 5830 ./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x5555611356a0, 24) = 0 [pid 5830] chdir("./2") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5830] write(1, "executing program\n", 18) = 18 [pid 5830] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5830] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5830] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] set_robust_list(0x7febdf6ce9a0, 24 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5831] memfd_create("syzkaller", 0 [pid 5830] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... memfd_create resumed>) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5831] munmap(0x7febd7200000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./file0", 0777) = 0 [pid 5831] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./file0") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 93.404912][ T5831] loop0: detected capacity change from 0 to 32768 [pid 5830] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5830] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 4 [pid 5831] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5831] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... futex resumed>) = 0 [pid 5831] sendfile(4, 5, NULL, 16776834 [ 93.466247][ T30] audit: type=1800 audit(1748933543.443:4): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5830] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 93.626368][ T5831] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 93.626368][ T5831] [ 93.639257][ T5831] ERROR: (device loop0): remounting filesystem as read-only [pid 5831] <... sendfile resumed>) = 15269888 [pid 5831] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] exit_group(0 [pid 5831] <... futex resumed>) = ? [pid 5831] +++ exited with 0 +++ [pid 5830] <... exit_group resumed>) = ? [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x555561135690) = 5832 [pid 5832] set_robust_list(0x5555611356a0, 24) = 0 [pid 5832] chdir("./3") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5832] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5833] set_robust_list(0x7febdf6ce9a0, 24 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] memfd_create("syzkaller", 0 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... memfd_create resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7febd7200000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file0", 0777) = 0 [ 94.745160][ T5833] loop0: detected capacity change from 0 to 32768 [pid 5833] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] chdir("./file0") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5833] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 4 [pid 5833] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5832] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... openat resumed>) = 5 [pid 5833] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5833] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5832] <... futex resumed>) = 0 [pid 5833] sendfile(4, 5, NULL, 16776834 [ 94.823556][ T30] audit: type=1800 audit(1748933544.803:5): pid=5833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5832] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 94.988573][ T5833] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 94.988573][ T5833] [ 95.000070][ T5833] ERROR: (device loop0): remounting filesystem as read-only [pid 5833] <... sendfile resumed>) = 15269888 [pid 5833] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] exit_group(0 [pid 5833] <... futex resumed>) = ? [pid 5832] <... exit_group resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached , child_tidptr=0x555561135690) = 5837 [pid 5837] set_robust_list(0x5555611356a0, 24) = 0 [pid 5837] chdir("./4") = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] write(1, "executing program\n", 18executing program ) = 18 [pid 5837] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5837] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5837] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] <... rseq resumed>) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] memfd_create("syzkaller", 0 [pid 5837] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5838] <... memfd_create resumed>) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5838] munmap(0x7febd7200000, 138412032) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] close(4) = 0 [pid 5838] mkdir("./file0", 0777) = 0 [ 95.866999][ T5838] loop0: detected capacity change from 0 to 32768 [pid 5838] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./file0") = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] <... futex resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5837] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... openat resumed>) = 4 [pid 5838] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5838] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5837] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... openat resumed>) = 5 [pid 5838] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] sendfile(4, 5, NULL, 16776834 [pid 5837] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.972006][ T30] audit: type=1800 audit(1748933545.953:6): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5837] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 96.146588][ T5838] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 96.146588][ T5838] [ 96.158094][ T5838] ERROR: (device loop0): remounting filesystem as read-only [pid 5838] <... sendfile resumed>) = 15269888 [pid 5838] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] exit_group(0) = ? [pid 5838] <... futex resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x555561135690) = 5842 [pid 5842] set_robust_list(0x5555611356a0, 24) = 0 [pid 5842] chdir("./5") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5842] write(1, "executing program\n", 18) = 18 [pid 5842] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5842] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5843 attached => {parent_tid=[5843]}, 88) = 5843 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... rseq resumed>) = 0 [pid 5842] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] set_robust_list(0x7febdf6ce9a0, 24 [pid 5842] <... futex resumed>) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5842] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7febd7200000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [pid 5843] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.038121][ T5843] loop0: detected capacity change from 0 to 32768 [pid 5843] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... openat resumed>) = 4 [pid 5843] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... openat resumed>) = 5 [pid 5843] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 97.115182][ T30] audit: type=1800 audit(1748933547.093:7): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5843] sendfile(4, 5, NULL, 16776834 [pid 5842] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 97.271562][ T5843] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 97.271562][ T5843] [ 97.283418][ T5843] ERROR: (device loop0): remounting filesystem as read-only [ 97.322843][ T977] cfg80211: failed to load regulatory.db [pid 5843] <... sendfile resumed>) = 15269888 [pid 5843] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x555561135690) = 5845 [pid 5845] set_robust_list(0x5555611356a0, 24) = 0 [pid 5845] chdir("./6") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] write(1, "executing program\n", 18executing program ) = 18 [pid 5845] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5845] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5845] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] memfd_create("syzkaller", 0 [pid 5845] <... futex resumed>) = 0 [pid 5845] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... memfd_create resumed>) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5846] munmap(0x7febd7200000, 138412032) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [pid 5846] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./file0") = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5846] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5845] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... openat resumed>) = 4 [pid 5846] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5845] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... openat resumed>) = 5 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5846] sendfile(4, 5, NULL, 16776834 [ 98.184835][ T5846] loop0: detected capacity change from 0 to 32768 [ 98.213837][ T30] audit: type=1800 audit(1748933548.193:8): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5845] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 98.385227][ T5846] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 98.385227][ T5846] [ 98.399106][ T5846] ERROR: (device loop0): remounting filesystem as read-only [pid 5846] <... sendfile resumed>) = 15269888 [pid 5846] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] exit_group(0 [pid 5846] <... futex resumed>) = ? [pid 5845] <... exit_group resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x555561135690) = 5847 [pid 5847] set_robust_list(0x5555611356a0, 24) = 0 [pid 5847] chdir("./7") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5847] write(1, "executing program\n", 18) = 18 [pid 5847] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5847] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5848 attached => {parent_tid=[5848]}, 88) = 5848 [pid 5848] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... rseq resumed>) = 0 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] set_robust_list(0x7febdf6ce9a0, 24 [pid 5847] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... futex resumed>) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5848] munmap(0x7febd7200000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file0", 0777) = 0 [pid 5848] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./file0") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... futex resumed>) = 0 [ 99.315293][ T5848] loop0: detected capacity change from 0 to 32768 [pid 5847] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = 1 [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5848] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] <... futex resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5847] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... openat resumed>) = 5 [pid 5848] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] <... futex resumed>) = 0 [pid 5848] sendfile(4, 5, NULL, 16776834 [ 99.385106][ T30] audit: type=1800 audit(1748933549.363:9): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5847] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 99.533683][ T5848] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 99.533683][ T5848] [ 99.545151][ T5848] ERROR: (device loop0): remounting filesystem as read-only [pid 5848] <... sendfile resumed>) = 15269888 [pid 5848] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] exit_group(0 [pid 5848] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5847] <... exit_group resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached , child_tidptr=0x555561135690) = 5849 [pid 5849] set_robust_list(0x5555611356a0, 24) = 0 [pid 5849] chdir("./8") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] write(1, "executing program\n", 18executing program ) = 18 [pid 5849] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5849] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5849] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] <... rseq resumed>) = 0 [pid 5850] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5850] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5849] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] <... memfd_create resumed>) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5850] munmap(0x7febd7200000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [pid 5850] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5849] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... openat resumed>) = 4 [pid 5850] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5850] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] sendfile(4, 5, NULL, 16776834 [ 100.640233][ T5850] loop0: detected capacity change from 0 to 32768 [pid 5849] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.671845][ T30] audit: type=1800 audit(1748933550.653:10): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5849] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 100.834751][ T5850] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 100.834751][ T5850] [ 100.847739][ T5850] ERROR: (device loop0): remounting filesystem as read-only [pid 5850] <... sendfile resumed>) = 15269888 [pid 5850] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5849] <... exit_group resumed>) = ? [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x555561135690) = 5851 [pid 5851] set_robust_list(0x5555611356a0, 24) = 0 [pid 5851] chdir("./9") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] write(1, "executing program\n", 18executing program ) = 18 [pid 5851] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5851] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5852 attached [pid 5852] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5852] set_robust_list(0x7febdf6ce9a0, 24 [pid 5851] <... clone3 resumed> => {parent_tid=[5852]}, 88) = 5852 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] <... futex resumed>) = 0 [pid 5852] <... memfd_create resumed>) = 3 [pid 5851] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5852] munmap(0x7febd7200000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 101.728162][ T5852] loop0: detected capacity change from 0 to 32768 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5851] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5851] <... futex resumed>) = 0 [pid 5852] <... openat resumed>) = 4 [pid 5851] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5851] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... openat resumed>) = 5 [pid 5852] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5852] sendfile(4, 5, NULL, 16776834 [ 101.814332][ T30] audit: type=1800 audit(1748933551.793:11): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5851] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 101.967339][ T5852] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 101.967339][ T5852] [ 101.979071][ T5852] ERROR: (device loop0): remounting filesystem as read-only [pid 5852] <... sendfile resumed>) = 15269888 [pid 5852] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] exit_group(0) = ? [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached , child_tidptr=0x555561135690) = 5853 [pid 5853] set_robust_list(0x5555611356a0, 24) = 0 [pid 5853] chdir("./10") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] write(1, "executing program\n", 18executing program ) = 18 [pid 5853] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5853] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5854 attached [pid 5854] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5853] <... clone3 resumed> => {parent_tid=[5854]}, 88) = 5854 [pid 5854] set_robust_list(0x7febdf6ce9a0, 24 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... set_robust_list resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] memfd_create("syzkaller", 0 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5854] <... memfd_create resumed>) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5854] munmap(0x7febd7200000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file0", 0777) = 0 [ 102.973679][ T5854] loop0: detected capacity change from 0 to 32768 [pid 5854] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file0") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5853] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... openat resumed>) = 4 [pid 5853] <... futex resumed>) = 0 [pid 5854] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5853] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... openat resumed>) = 5 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] sendfile(4, 5, NULL, 16776834 [pid 5853] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.037405][ T30] audit: type=1800 audit(1748933553.013:12): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5853] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 103.190443][ T5854] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 103.190443][ T5854] [ 103.202002][ T5854] ERROR: (device loop0): remounting filesystem as read-only [pid 5854] <... sendfile resumed>) = 15269888 [pid 5854] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] exit_group(0 [pid 5854] <... futex resumed>) = ? [pid 5853] <... exit_group resumed>) = ? [pid 5854] +++ exited with 0 +++ [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5855 attached , child_tidptr=0x555561135690) = 5855 [pid 5855] set_robust_list(0x5555611356a0, 24) = 0 [pid 5855] chdir("./11") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5855] write(1, "executing program\n", 18) = 18 [pid 5855] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5855] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5856 attached => {parent_tid=[5856]}, 88) = 5856 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... rseq resumed>) = 0 [pid 5855] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] set_robust_list(0x7febdf6ce9a0, 24 [pid 5855] <... futex resumed>) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5856] munmap(0x7febd7200000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file0", 0777) = 0 [pid 5856] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 104.312877][ T5856] loop0: detected capacity change from 0 to 32768 [pid 5856] chdir("./file0") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5855] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... openat resumed>) = 4 [pid 5856] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5856] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5855] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] sendfile(4, 5, NULL, 16776834 [pid 5855] <... futex resumed>) = 0 [ 104.401205][ T30] audit: type=1800 audit(1748933554.383:13): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5855] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 104.563724][ T5856] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 104.563724][ T5856] [ 104.575457][ T5856] ERROR: (device loop0): remounting filesystem as read-only [pid 5856] <... sendfile resumed>) = 15269888 [pid 5856] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5856] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] exit_group(0) = ? [pid 5856] <... futex resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached , child_tidptr=0x555561135690) = 5857 [pid 5857] set_robust_list(0x5555611356a0, 24) = 0 [pid 5857] chdir("./12") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5857] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5858] set_robust_list(0x7febdf6ce9a0, 24 [pid 5857] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] memfd_create("syzkaller", 0 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] <... memfd_create resumed>) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5858] munmap(0x7febd7200000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5857] <... futex resumed>) = 0 [pid 5858] <... openat resumed>) = 4 [ 105.469088][ T5858] loop0: detected capacity change from 0 to 32768 [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5858] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 105.510515][ T30] audit: type=1800 audit(1748933555.483:14): pid=5858 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5858] sendfile(4, 5, NULL, 16776834 [pid 5857] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 105.675026][ T5858] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 105.675026][ T5858] [ 105.686513][ T5858] ERROR: (device loop0): remounting filesystem as read-only [pid 5858] <... sendfile resumed>) = 15269888 [pid 5858] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] exit_group(0) = ? [pid 5858] <... futex resumed>) = ? [pid 5858] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x555561135690) = 5859 [pid 5859] set_robust_list(0x5555611356a0, 24) = 0 [pid 5859] chdir("./13") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5859] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5860 attached [pid 5860] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5860] set_robust_list(0x7febdf6ce9a0, 24 [pid 5859] <... clone3 resumed> => {parent_tid=[5860]}, 88) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5860] <... memfd_create resumed>) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7febd7200000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file0", 0777) = 0 [pid 5860] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file0") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5860] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [ 106.832187][ T5860] loop0: detected capacity change from 0 to 32768 [pid 5859] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... openat resumed>) = 4 [pid 5860] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5860] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5859] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5859] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] sendfile(4, 5, NULL, 16776834 [pid 5859] <... futex resumed>) = 0 [ 106.875273][ T30] audit: type=1800 audit(1748933556.853:15): pid=5860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5859] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 107.049906][ T5860] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 107.049906][ T5860] [ 107.062676][ T5860] ERROR: (device loop0): remounting filesystem as read-only [pid 5860] <... sendfile resumed>) = 15269888 [pid 5860] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] exit_group(0 [pid 5860] <... futex resumed>) = ? [pid 5859] <... exit_group resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached , child_tidptr=0x555561135690) = 5861 [pid 5861] set_robust_list(0x5555611356a0, 24) = 0 [pid 5861] chdir("./14") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5861] write(1, "executing program\n", 18) = 18 [pid 5861] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5861] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5862 attached [pid 5862] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5862] set_robust_list(0x7febdf6ce9a0, 24 [pid 5861] <... clone3 resumed> => {parent_tid=[5862]}, 88) = 5862 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] memfd_create("syzkaller", 0 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5862] <... memfd_create resumed>) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5862] munmap(0x7febd7200000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file0", 0777) = 0 [pid 5862] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file0") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5861] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... openat resumed>) = 4 [pid 5861] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.172710][ T5862] loop0: detected capacity change from 0 to 32768 [pid 5862] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5861] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5862] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] sendfile(4, 5, NULL, 16776834 [pid 5861] <... futex resumed>) = 0 [ 108.208546][ T30] audit: type=1800 audit(1748933558.183:16): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5861] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 108.372907][ T5862] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 108.372907][ T5862] [ 108.384391][ T5862] ERROR: (device loop0): remounting filesystem as read-only [pid 5862] <... sendfile resumed>) = 15269888 [pid 5862] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] exit_group(0 [pid 5862] <... futex resumed>) = ? [pid 5861] <... exit_group resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached [pid 5863] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5863 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] chdir("./15") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5863] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5864] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5863] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5863] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5864] munmap(0x7febd7200000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [pid 5864] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 109.418511][ T5864] loop0: detected capacity change from 0 to 32768 [pid 5864] chdir("./file0") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5863] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... openat resumed>) = 4 [pid 5864] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5863] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] sendfile(4, 5, NULL, 16776834 [ 109.516918][ T30] audit: type=1800 audit(1748933559.493:17): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5863] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 109.659252][ T5864] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 109.659252][ T5864] [ 109.671209][ T5864] ERROR: (device loop0): remounting filesystem as read-only [pid 5864] <... sendfile resumed>) = 15269888 [pid 5864] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] exit_group(0 [pid 5864] <... futex resumed>) = ? [pid 5863] <... exit_group resumed>) = ? [pid 5864] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached , child_tidptr=0x555561135690) = 5865 [pid 5865] set_robust_list(0x5555611356a0, 24) = 0 [pid 5865] chdir("./16") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5865] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5865] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5866 attached [pid 5866] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5865] <... clone3 resumed> => {parent_tid=[5866]}, 88) = 5866 [pid 5866] <... rseq resumed>) = 0 [pid 5866] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5866] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5865] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5865] <... futex resumed>) = 1 [pid 5866] memfd_create("syzkaller", 0 [pid 5865] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5866] <... memfd_create resumed>) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5866] munmap(0x7febd7200000, 138412032) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] mkdir("./file0", 0777) = 0 [pid 5866] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./file0") = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5865] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... openat resumed>) = 4 [ 110.748583][ T5866] loop0: detected capacity change from 0 to 32768 [pid 5866] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5866] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] sendfile(4, 5, NULL, 16776834 [pid 5865] <... futex resumed>) = 0 [ 110.785331][ T30] audit: type=1800 audit(1748933560.763:18): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5865] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 110.950322][ T5866] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 110.950322][ T5866] [ 110.961816][ T5866] ERROR: (device loop0): remounting filesystem as read-only [pid 5866] <... sendfile resumed>) = 15269888 [pid 5866] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] exit_group(0 [pid 5866] <... futex resumed>) = ? [pid 5865] <... exit_group resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5867 attached , child_tidptr=0x555561135690) = 5867 [pid 5867] set_robust_list(0x5555611356a0, 24) = 0 [pid 5867] chdir("./17") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5867] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5868 attached => {parent_tid=[5868]}, 88) = 5868 [pid 5868] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] <... rseq resumed>) = 0 [pid 5867] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5868] munmap(0x7febd7200000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file0", 0777) = 0 [pid 5868] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file0") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.921862][ T5868] loop0: detected capacity change from 0 to 32768 [pid 5868] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5868] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5867] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5868] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5867] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 5 [pid 5868] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5868] sendfile(4, 5, NULL, 16776834 [ 111.985547][ T30] audit: type=1800 audit(1748933561.963:19): pid=5868 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5867] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 112.156175][ T5868] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 112.156175][ T5868] [ 112.169069][ T5868] ERROR: (device loop0): remounting filesystem as read-only [pid 5868] <... sendfile resumed>) = 15269888 [pid 5868] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] exit_group(0) = ? [pid 5868] <... futex resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x555561135690) = 5869 [pid 5869] set_robust_list(0x5555611356a0, 24) = 0 [pid 5869] chdir("./18") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5869] write(1, "executing program\n", 18) = 18 [pid 5869] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5869] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5869] <... clone3 resumed> => {parent_tid=[5870]}, 88) = 5870 [pid 5870] set_robust_list(0x7febdf6ce9a0, 24 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... set_robust_list resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... futex resumed>) = 0 [pid 5870] memfd_create("syzkaller", 0 [pid 5869] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... memfd_create resumed>) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5870] munmap(0x7febd7200000, 138412032) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5870] mkdir("./file0", 0777) = 0 [pid 5870] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./file0") = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5870] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5869] <... futex resumed>) = 1 [ 113.097997][ T5870] loop0: detected capacity change from 0 to 32768 [pid 5869] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5870] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5869] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 5 [pid 5870] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5870] sendfile(4, 5, NULL, 16776834 [ 113.142338][ T30] audit: type=1800 audit(1748933563.123:20): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5869] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 113.298474][ T5870] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 113.298474][ T5870] [ 113.309975][ T5870] ERROR: (device loop0): remounting filesystem as read-only [pid 5870] <... sendfile resumed>) = 15269888 [pid 5870] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] exit_group(0) = ? [pid 5870] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x555561135690) = 5871 [pid 5871] set_robust_list(0x5555611356a0, 24) = 0 [pid 5871] chdir("./19") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5871] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5872] set_robust_list(0x7febdf6ce9a0, 24 [pid 5871] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 [pid 5872] <... set_robust_list resumed>) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] memfd_create("syzkaller", 0 [pid 5871] <... futex resumed>) = 0 [pid 5872] <... memfd_create resumed>) = 3 [pid 5871] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7febd7200000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [ 114.438121][ T5872] loop0: detected capacity change from 0 to 32768 [pid 5872] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file0") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5871] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5872] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5872] sendfile(4, 5, NULL, 16776834 [ 114.514682][ T30] audit: type=1800 audit(1748933564.493:21): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5871] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 114.681302][ T5872] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 114.681302][ T5872] [ 114.693631][ T5872] ERROR: (device loop0): remounting filesystem as read-only [pid 5872] <... sendfile resumed>) = 15269888 [pid 5872] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached [pid 5873] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5873 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5873] chdir("./20") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] write(1, "executing program\n", 18executing program ) = 18 [pid 5873] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5873] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5873] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] set_robust_list(0x7febdf6ce9a0, 24 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... set_robust_list resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... futex resumed>) = 0 [pid 5874] memfd_create("syzkaller", 0 [pid 5873] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] <... memfd_create resumed>) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5874] munmap(0x7febd7200000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./file0", 0777) = 0 [pid 5874] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./file0") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5873] <... futex resumed>) = 0 [ 115.565832][ T5874] loop0: detected capacity change from 0 to 32768 [pid 5874] <... openat resumed>) = 4 [pid 5873] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5874] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5873] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] sendfile(4, 5, NULL, 16776834 [pid 5873] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.626716][ T30] audit: type=1800 audit(1748933565.603:22): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5873] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 115.776587][ T5874] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 115.776587][ T5874] [ 115.789157][ T5874] ERROR: (device loop0): remounting filesystem as read-only [pid 5874] <... sendfile resumed>) = 15269888 [pid 5874] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] exit_group(0 [pid 5874] <... futex resumed>) = ? [pid 5873] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x555561135690) = 5875 [pid 5875] set_robust_list(0x5555611356a0, 24) = 0 [pid 5875] chdir("./21") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5875] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5875] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5876] set_robust_list(0x7febdf6ce9a0, 24 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... set_robust_list resumed>) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] <... futex resumed>) = 0 [pid 5876] memfd_create("syzkaller", 0 [pid 5875] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] <... memfd_create resumed>) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5876] munmap(0x7febd7200000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [pid 5876] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [ 116.706420][ T5876] loop0: detected capacity change from 0 to 32768 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5875] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] <... openat resumed>) = 4 [pid 5875] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5876] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5876] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5876] sendfile(4, 5, NULL, 16776834 [ 116.783872][ T30] audit: type=1800 audit(1748933566.763:23): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5875] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 116.949541][ T5876] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 116.949541][ T5876] [ 116.965115][ T5876] ERROR: (device loop0): remounting filesystem as read-only [pid 5876] <... sendfile resumed>) = 15269888 [pid 5876] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] exit_group(0 [pid 5876] <... futex resumed>) = 0 [pid 5875] <... exit_group resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached , child_tidptr=0x555561135690) = 5877 [pid 5877] set_robust_list(0x5555611356a0, 24) = 0 [pid 5877] chdir("./22") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18executing program ) = 18 [pid 5877] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5877] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5878 attached [pid 5878] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5877] <... clone3 resumed> => {parent_tid=[5878]}, 88) = 5878 [pid 5878] <... rseq resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] set_robust_list(0x7febdf6ce9a0, 24 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5877] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5877] <... futex resumed>) = 0 [pid 5878] memfd_create("syzkaller", 0 [pid 5877] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5878] <... memfd_create resumed>) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5878] munmap(0x7febd7200000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file0", 0777) = 0 [pid 5878] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./file0") = 0 [ 118.009647][ T5878] loop0: detected capacity change from 0 to 32768 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5878] <... futex resumed>) = 1 [pid 5877] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5877] <... futex resumed>) = 0 [pid 5878] <... openat resumed>) = 4 [pid 5877] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5877] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5877] <... futex resumed>) = 0 [pid 5878] <... openat resumed>) = 5 [pid 5877] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5878] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5878] sendfile(4, 5, NULL, 16776834 [pid 5877] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.081682][ T30] audit: type=1800 audit(1748933568.063:24): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5877] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 118.225522][ T5878] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 118.225522][ T5878] [ 118.238234][ T5878] ERROR: (device loop0): remounting filesystem as read-only [pid 5878] <... sendfile resumed>) = 15269888 [pid 5878] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] exit_group(0 [pid 5878] <... futex resumed>) = ? [pid 5877] <... exit_group resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x555561135690) = 5879 [pid 5879] set_robust_list(0x5555611356a0, 24) = 0 [pid 5879] chdir("./23") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5879] write(1, "executing program\n", 18) = 18 [pid 5879] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5879] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5879] <... clone3 resumed> => {parent_tid=[5880]}, 88) = 5880 [pid 5880] set_robust_list(0x7febdf6ce9a0, 24 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5879] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5880] munmap(0x7febd7200000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./file0", 0777) = 0 [pid 5880] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file0") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [ 119.205210][ T5880] loop0: detected capacity change from 0 to 32768 [pid 5879] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... openat resumed>) = 4 [pid 5880] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 1 [pid 5880] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5880] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 1 [ 119.274069][ T30] audit: type=1800 audit(1748933569.253:25): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5880] sendfile(4, 5, NULL, 16776834 [pid 5879] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 119.423591][ T5880] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 119.423591][ T5880] [ 119.435303][ T5880] ERROR: (device loop0): remounting filesystem as read-only [pid 5880] <... sendfile resumed>) = 15269888 [pid 5880] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] exit_group(0 [pid 5880] <... futex resumed>) = ? [pid 5879] <... exit_group resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached [pid 5881] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5881 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5881] chdir("./24") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] write(1, "executing program\n", 18executing program ) = 18 [pid 5881] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5881] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5882 attached [pid 5882] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5882] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5881] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5882] munmap(0x7febd7200000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] mkdir("./file0", 0777) = 0 [pid 5882] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file0") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5881] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... openat resumed>) = 4 [pid 5882] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5881] <... futex resumed>) = 0 [pid 5882] <... openat resumed>) = 5 [pid 5881] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] sendfile(4, 5, NULL, 16776834 [ 120.567414][ T5882] loop0: detected capacity change from 0 to 32768 [pid 5881] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 120.606239][ T30] audit: type=1800 audit(1748933570.583:26): pid=5882 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 120.756228][ T5882] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 120.756228][ T5882] [ 120.768511][ T5882] ERROR: (device loop0): remounting filesystem as read-only [pid 5882] <... sendfile resumed>) = 15269888 [pid 5882] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] exit_group(0 [pid 5882] <... futex resumed>) = 0 [pid 5881] <... exit_group resumed>) = ? [pid 5882] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x555561135690) = 5883 [pid 5883] set_robust_list(0x5555611356a0, 24) = 0 [pid 5883] chdir("./25") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] write(1, "executing program\n", 18executing program ) = 18 [pid 5883] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5883] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5884 attached => {parent_tid=[5884]}, 88) = 5884 [pid 5884] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... rseq resumed>) = 0 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] set_robust_list(0x7febdf6ce9a0, 24 [pid 5883] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... futex resumed>) = 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5884] memfd_create("syzkaller", 0) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5884] munmap(0x7febd7200000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file0", 0777) = 0 [ 121.637887][ T5884] loop0: detected capacity change from 0 to 32768 [pid 5884] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file0") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5883] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 4 [pid 5884] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5884] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5883] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 5 [pid 5884] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] sendfile(4, 5, NULL, 16776834 [pid 5883] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.749886][ T30] audit: type=1800 audit(1748933571.723:27): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5883] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 121.904079][ T5884] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 121.904079][ T5884] [ 121.916741][ T5884] ERROR: (device loop0): remounting filesystem as read-only [pid 5884] <... sendfile resumed>) = 15269888 [pid 5884] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0 [pid 5884] <... futex resumed>) = ? [pid 5883] <... exit_group resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached , child_tidptr=0x555561135690) = 5885 [pid 5885] set_robust_list(0x5555611356a0, 24) = 0 [pid 5885] chdir("./26") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5885] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5885] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5886] set_robust_list(0x7febdf6ce9a0, 24 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... set_robust_list resumed>) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] memfd_create("syzkaller", 0 [pid 5885] <... futex resumed>) = 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5885] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5886] munmap(0x7febd7200000, 138412032) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] mkdir("./file0", 0777) = 0 [pid 5886] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./file0") = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5886] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 122.948205][ T5886] loop0: detected capacity change from 0 to 32768 [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5885] <... futex resumed>) = 0 [pid 5886] <... openat resumed>) = 4 [pid 5885] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5886] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5886] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5886] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] <... futex resumed>) = 0 [pid 5886] sendfile(4, 5, NULL, 16776834 [ 122.995280][ T30] audit: type=1800 audit(1748933572.973:28): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5885] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 123.183129][ T5886] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 123.183129][ T5886] [ 123.195165][ T5886] ERROR: (device loop0): remounting filesystem as read-only [pid 5886] <... sendfile resumed>) = 15269888 [pid 5886] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] exit_group(0 [pid 5886] <... futex resumed>) = ? [pid 5885] <... exit_group resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x555561135690) = 5887 [pid 5887] set_robust_list(0x5555611356a0, 24) = 0 [pid 5887] chdir("./27") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] write(1, "executing program\n", 18executing program ) = 18 [pid 5887] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5887] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5887] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] set_robust_list(0x7febdf6ce9a0, 24 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] <... set_robust_list resumed>) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] <... futex resumed>) = 0 [pid 5888] memfd_create("syzkaller", 0 [pid 5887] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] <... memfd_create resumed>) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7febd7200000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file0", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file0") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5887] <... futex resumed>) = 0 [ 124.273120][ T5888] loop0: detected capacity change from 0 to 32768 [pid 5887] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5888] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] sendfile(4, 5, NULL, 16776834 [pid 5887] <... futex resumed>) = 0 [ 124.327951][ T30] audit: type=1800 audit(1748933574.303:29): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5887] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 124.477289][ T5888] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 124.477289][ T5888] [ 124.488783][ T5888] ERROR: (device loop0): remounting filesystem as read-only [pid 5888] <... sendfile resumed>) = 15269888 [pid 5888] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] exit_group(0 [pid 5888] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... exit_group resumed>) = ? [pid 5888] <... futex resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached , child_tidptr=0x555561135690) = 5889 [pid 5889] set_robust_list(0x5555611356a0, 24) = 0 [pid 5889] chdir("./28") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5889] write(1, "executing program\n", 18) = 18 [pid 5889] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5889] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5889] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] set_robust_list(0x7febdf6ce9a0, 24 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] <... set_robust_list resumed>) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] <... futex resumed>) = 0 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5890] <... memfd_create resumed>) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5890] munmap(0x7febd7200000, 138412032) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] mkdir("./file0", 0777) = 0 [pid 5890] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./file0") = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5890] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [ 125.396531][ T5890] loop0: detected capacity change from 0 to 32768 [pid 5890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5889] <... futex resumed>) = 0 [pid 5890] <... openat resumed>) = 4 [pid 5890] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5889] <... futex resumed>) = 1 [pid 5890] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5889] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... openat resumed>) = 5 [pid 5890] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5890] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] sendfile(4, 5, NULL, 16776834 [pid 5889] <... futex resumed>) = 0 [ 125.452207][ T30] audit: type=1800 audit(1748933575.433:30): pid=5890 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5889] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 125.617348][ T5890] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 125.617348][ T5890] [ 125.630101][ T5890] ERROR: (device loop0): remounting filesystem as read-only [pid 5890] <... sendfile resumed>) = 15269888 [pid 5890] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] exit_group(0 [pid 5890] <... futex resumed>) = 0 [pid 5889] <... exit_group resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x555561135690) = 5891 [pid 5891] set_robust_list(0x5555611356a0, 24) = 0 [pid 5891] chdir("./29") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] write(1, "executing program\n", 18executing program ) = 18 [pid 5891] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5891] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5892 attached => {parent_tid=[5892]}, 88) = 5892 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] <... rseq resumed>) = 0 [pid 5891] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5892] munmap(0x7febd7200000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] close(4) = 0 [pid 5892] mkdir("./file0", 0777) = 0 [pid 5892] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./file0") = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5892] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [ 126.475590][ T5892] loop0: detected capacity change from 0 to 32768 [pid 5892] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5891] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... openat resumed>) = 4 [pid 5892] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5891] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... openat resumed>) = 5 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5892] sendfile(4, 5, NULL, 16776834 [pid 5891] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.543745][ T30] audit: type=1800 audit(1748933576.523:31): pid=5892 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5891] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 126.685899][ T5892] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 126.685899][ T5892] [ 126.699565][ T5892] ERROR: (device loop0): remounting filesystem as read-only [pid 5892] <... sendfile resumed>) = 15269888 [pid 5892] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] exit_group(0 [pid 5892] <... futex resumed>) = ? [pid 5891] <... exit_group resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached , child_tidptr=0x555561135690) = 5894 [pid 5894] set_robust_list(0x5555611356a0, 24) = 0 [pid 5894] chdir("./30") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5894] write(1, "executing program\n", 18) = 18 [pid 5894] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5894] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5894] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] set_robust_list(0x7febdf6ce9a0, 24 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] <... futex resumed>) = 0 [pid 5895] memfd_create("syzkaller", 0 [pid 5894] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] <... memfd_create resumed>) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5895] munmap(0x7febd7200000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file0", 0777) = 0 [pid 5895] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 127.631449][ T5895] loop0: detected capacity change from 0 to 32768 [pid 5895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file0") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5894] <... futex resumed>) = 0 [pid 5895] <... openat resumed>) = 4 [pid 5894] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5894] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5895] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] sendfile(4, 5, NULL, 16776834 [pid 5894] <... futex resumed>) = 0 [ 127.744327][ T30] audit: type=1800 audit(1748933577.723:32): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5894] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 127.916496][ T5895] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 127.916496][ T5895] [ 127.929860][ T5895] ERROR: (device loop0): remounting filesystem as read-only [pid 5895] <... sendfile resumed>) = 15269888 [pid 5895] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] exit_group(0 [pid 5895] <... futex resumed>) = 0 [pid 5894] <... exit_group resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached , child_tidptr=0x555561135690) = 5900 [pid 5900] set_robust_list(0x5555611356a0, 24) = 0 [pid 5900] chdir("./31") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5900] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5902 attached [pid 5902] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5902] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5900] <... clone3 resumed> => {parent_tid=[5902]}, 88) = 5902 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5902] memfd_create("syzkaller", 0 [pid 5900] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] <... memfd_create resumed>) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5902] munmap(0x7febd7200000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./file0", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file0") = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 128.874941][ T5902] loop0: detected capacity change from 0 to 32768 [pid 5900] <... futex resumed>) = 0 [pid 5902] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5900] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5902] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5900] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5900] <... futex resumed>) = 0 [pid 5902] <... openat resumed>) = 5 [pid 5900] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] <... futex resumed>) = 1 [pid 5900] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 128.946685][ T30] audit: type=1800 audit(1748933578.923:33): pid=5902 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5902] sendfile(4, 5, NULL, 16776834 [pid 5900] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 129.102361][ T5902] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 129.102361][ T5902] [ 129.115462][ T5902] ERROR: (device loop0): remounting filesystem as read-only [pid 5902] <... sendfile resumed>) = 15269888 [pid 5902] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] exit_group(0 [pid 5902] <... futex resumed>) = ? [pid 5900] <... exit_group resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached , child_tidptr=0x555561135690) = 5903 [pid 5903] set_robust_list(0x5555611356a0, 24) = 0 [pid 5903] chdir("./32") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5903] write(1, "executing program\n", 18executing program ) = 18 [pid 5903] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5903] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5904 attached [pid 5904] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5903] <... clone3 resumed> => {parent_tid=[5904]}, 88) = 5904 [pid 5904] <... rseq resumed>) = 0 [pid 5904] set_robust_list(0x7febdf6ce9a0, 24 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] <... set_robust_list resumed>) = 0 [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] <... futex resumed>) = 0 [pid 5904] memfd_create("syzkaller", 0 [pid 5903] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5904] <... memfd_create resumed>) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5904] munmap(0x7febd7200000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] close(4) = 0 [pid 5904] mkdir("./file0", 0777) = 0 [pid 5904] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./file0") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5903] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... openat resumed>) = 4 [ 129.960125][ T5904] loop0: detected capacity change from 0 to 32768 [pid 5904] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5903] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5904] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] sendfile(4, 5, NULL, 16776834 [pid 5903] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.995425][ T30] audit: type=1800 audit(1748933579.973:34): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5903] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 130.166818][ T5904] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 130.166818][ T5904] [ 130.179862][ T5904] ERROR: (device loop0): remounting filesystem as read-only [pid 5904] <... sendfile resumed>) = 15269888 [pid 5904] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] exit_group(0 [pid 5904] <... futex resumed>) = ? [pid 5903] <... exit_group resumed>) = ? [pid 5904] +++ exited with 0 +++ [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached , child_tidptr=0x555561135690) = 5905 [pid 5905] set_robust_list(0x5555611356a0, 24) = 0 [pid 5905] chdir("./33") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5905] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5906 attached => {parent_tid=[5906]}, 88) = 5906 [pid 5906] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5905] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7febd7200000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file0", 0777) = 0 [pid 5906] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file0") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5905] <... futex resumed>) = 0 [ 131.186526][ T5906] loop0: detected capacity change from 0 to 32768 [pid 5905] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5905] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5906] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5905] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] sendfile(4, 5, NULL, 16776834 [pid 5905] <... futex resumed>) = 0 [ 131.221453][ T30] audit: type=1800 audit(1748933581.203:35): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5905] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 131.387452][ T5906] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 131.387452][ T5906] [ 131.400768][ T5906] ERROR: (device loop0): remounting filesystem as read-only [pid 5906] <... sendfile resumed>) = 15269888 [pid 5906] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] exit_group(0 [pid 5906] <... futex resumed>) = ? [pid 5905] <... exit_group resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x555561135690) = 5907 [pid 5907] set_robust_list(0x5555611356a0, 24) = 0 [pid 5907] chdir("./34") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5907] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5908 attached [pid 5908] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5907] <... clone3 resumed> => {parent_tid=[5908]}, 88) = 5908 [pid 5908] <... rseq resumed>) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] set_robust_list(0x7febdf6ce9a0, 24 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5907] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... futex resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] memfd_create("syzkaller", 0) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5908] munmap(0x7febd7200000, 138412032) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5908] close(3) = 0 [pid 5908] close(4) = 0 [pid 5908] mkdir("./file0", 0777) = 0 [pid 5908] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] chdir("./file0") = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 132.346318][ T5908] loop0: detected capacity change from 0 to 32768 [pid 5908] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5907] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... openat resumed>) = 4 [pid 5907] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5908] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] <... futex resumed>) = 0 [pid 5908] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5907] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... openat resumed>) = 5 [pid 5908] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5907] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 132.408971][ T30] audit: type=1800 audit(1748933582.383:36): pid=5908 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5908] sendfile(4, 5, NULL, 16776834 [pid 5907] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 132.555927][ T5908] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 132.555927][ T5908] [ 132.568248][ T5908] ERROR: (device loop0): remounting filesystem as read-only [pid 5908] <... sendfile resumed>) = 15269888 [pid 5908] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] exit_group(0 [pid 5908] <... futex resumed>) = 0 [pid 5907] <... exit_group resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached , child_tidptr=0x555561135690) = 5909 [pid 5909] set_robust_list(0x5555611356a0, 24) = 0 [pid 5909] chdir("./35") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5909] write(1, "executing program\n", 18) = 18 [pid 5909] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5909] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5910 attached [pid 5910] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5910] set_robust_list(0x7febdf6ce9a0, 24 [pid 5909] <... clone3 resumed> => {parent_tid=[5910]}, 88) = 5910 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] memfd_create("syzkaller", 0 [pid 5909] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] <... memfd_create resumed>) = 3 [pid 5909] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5910] munmap(0x7febd7200000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file0", 0777) = 0 [pid 5910] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./file0") = 0 [ 133.472223][ T5910] loop0: detected capacity change from 0 to 32768 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5910] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5909] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5909] <... futex resumed>) = 1 [pid 5910] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5909] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... openat resumed>) = 5 [pid 5910] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = 1 [pid 5909] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] sendfile(4, 5, NULL, 16776834 [pid 5909] <... futex resumed>) = 0 [ 133.562302][ T30] audit: type=1800 audit(1748933583.543:37): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5909] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 133.722766][ T5910] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 133.722766][ T5910] [ 133.736684][ T5910] ERROR: (device loop0): remounting filesystem as read-only [pid 5910] <... sendfile resumed>) = 15269888 [pid 5910] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] exit_group(0 [pid 5910] <... futex resumed>) = ? [pid 5909] <... exit_group resumed>) = ? [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5911 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5911] chdir("./36") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5911] write(1, "executing program\n", 18) = 18 [pid 5911] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5911] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7febdf6ce9a0, 24 [pid 5911] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] memfd_create("syzkaller", 0 [pid 5911] <... futex resumed>) = 0 [pid 5912] <... memfd_create resumed>) = 3 [pid 5911] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5912] munmap(0x7febd7200000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./file0", 0777) = 0 [pid 5912] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./file0") = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [ 134.536263][ T5912] loop0: detected capacity change from 0 to 32768 [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5911] <... futex resumed>) = 0 [pid 5912] <... openat resumed>) = 4 [pid 5911] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5911] <... futex resumed>) = 0 [pid 5912] <... openat resumed>) = 5 [pid 5911] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] sendfile(4, 5, NULL, 16776834 [pid 5911] <... futex resumed>) = 0 [ 134.590376][ T30] audit: type=1800 audit(1748933584.563:38): pid=5912 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5911] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 134.745334][ T5912] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 134.745334][ T5912] [ 134.757266][ T5912] ERROR: (device loop0): remounting filesystem as read-only [pid 5912] <... sendfile resumed>) = 15269888 [pid 5912] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] exit_group(0) = ? [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x555561135690) = 5913 [pid 5913] set_robust_list(0x5555611356a0, 24) = 0 [pid 5913] chdir("./37") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5913] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5914 attached => {parent_tid=[5914]}, 88) = 5914 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... rseq resumed>) = 0 [pid 5914] set_robust_list(0x7febdf6ce9a0, 24 [pid 5913] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] <... futex resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5914] munmap(0x7febd7200000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5914] mkdir("./file0", 0777) = 0 [pid 5914] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./file0") = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [ 135.647778][ T5914] loop0: detected capacity change from 0 to 32768 [pid 5913] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... openat resumed>) = 4 [pid 5914] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5914] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5913] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... openat resumed>) = 5 [pid 5914] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 135.685057][ T30] audit: type=1800 audit(1748933585.663:39): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5914] sendfile(4, 5, NULL, 16776834 [pid 5913] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 135.853017][ T5914] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 135.853017][ T5914] [ 135.864601][ T5914] ERROR: (device loop0): remounting filesystem as read-only [pid 5914] <... sendfile resumed>) = 15269888 [pid 5914] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] exit_group(0) = ? [pid 5914] +++ exited with 0 +++ [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x555561135690) = 5915 [pid 5915] set_robust_list(0x5555611356a0, 24) = 0 [pid 5915] chdir("./38") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18executing program ) = 18 [pid 5915] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5915] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5915] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] set_robust_list(0x7febdf6ce9a0, 24 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... set_robust_list resumed>) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5915] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] memfd_create("syzkaller", 0 [pid 5915] <... futex resumed>) = 0 [pid 5916] <... memfd_create resumed>) = 3 [pid 5915] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5916] munmap(0x7febd7200000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] close(4) = 0 [pid 5916] mkdir("./file0", 0777) = 0 [pid 5916] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./file0") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [ 136.783130][ T5916] loop0: detected capacity change from 0 to 32768 [pid 5915] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... openat resumed>) = 4 [pid 5916] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [pid 5915] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5915] <... futex resumed>) = 0 [pid 5916] <... openat resumed>) = 5 [pid 5915] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] sendfile(4, 5, NULL, 16776834 [pid 5915] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.844458][ T30] audit: type=1800 audit(1748933586.823:40): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5915] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 137.013028][ T5916] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 137.013028][ T5916] [ 137.024883][ T5916] ERROR: (device loop0): remounting filesystem as read-only [pid 5916] <... sendfile resumed>) = 15269888 [pid 5916] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] exit_group(0 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... exit_group resumed>) = ? [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x5555611356a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x555561135690) = 5917 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5917] chdir("./39") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5917] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5918] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5917] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5918] memfd_create("syzkaller", 0 [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5918] <... memfd_create resumed>) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5918] munmap(0x7febd7200000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./file0", 0777) = 0 [pid 5918] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file0") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5918] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5917] <... futex resumed>) = 0 [ 138.067594][ T5918] loop0: detected capacity change from 0 to 32768 [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 138.106323][ T30] audit: type=1800 audit(1748933588.083:41): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5918] sendfile(4, 5, NULL, 16776834 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5917] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 138.287119][ T5918] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 138.287119][ T5918] [ 138.304837][ T5918] ERROR: (device loop0): remounting filesystem as read-only [pid 5918] <... sendfile resumed>) = 15269888 [pid 5918] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x555561135690) = 5919 [pid 5919] set_robust_list(0x5555611356a0, 24) = 0 [pid 5919] chdir("./40") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5919] write(1, "executing program\n", 18) = 18 [pid 5919] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5919] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5920 attached [pid 5920] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5919] <... clone3 resumed> => {parent_tid=[5920]}, 88) = 5920 [pid 5920] <... rseq resumed>) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] set_robust_list(0x7febdf6ce9a0, 24 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5919] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... futex resumed>) = 0 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] memfd_create("syzkaller", 0 [pid 5919] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5920] <... memfd_create resumed>) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5920] munmap(0x7febd7200000, 138412032) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5920] close(3) = 0 [pid 5920] close(4) = 0 [pid 5920] mkdir("./file0", 0777) = 0 [pid 5920] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file0") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = 0 [ 139.444112][ T5920] loop0: detected capacity change from 0 to 32768 [pid 5919] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5919] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... openat resumed>) = 4 [pid 5920] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5919] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... futex resumed>) = 1 [pid 5920] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5920] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5920] sendfile(4, 5, NULL, 16776834 [ 139.518288][ T30] audit: type=1800 audit(1748933589.493:42): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5919] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 139.661541][ T5920] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 139.661541][ T5920] [ 139.676578][ T5920] ERROR: (device loop0): remounting filesystem as read-only [pid 5920] <... sendfile resumed>) = 15269888 [pid 5920] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] exit_group(0) = ? [pid 5920] <... futex resumed>) = ? [pid 5920] +++ exited with 0 +++ [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached , child_tidptr=0x555561135690) = 5921 [pid 5921] set_robust_list(0x5555611356a0, 24) = 0 [pid 5921] chdir("./41") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5921] write(1, "executing program\n", 18) = 18 [pid 5921] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5921] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5922 attached => {parent_tid=[5922]}, 88) = 5922 [pid 5922] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... rseq resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] set_robust_list(0x7febdf6ce9a0, 24 [pid 5921] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5922] munmap(0x7febd7200000, 138412032) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] close(4) = 0 [pid 5922] mkdir("./file0", 0777) = 0 [pid 5922] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./file0") = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [ 140.572828][ T5922] loop0: detected capacity change from 0 to 32768 [pid 5922] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5921] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... openat resumed>) = 4 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5922] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] sendfile(4, 5, NULL, 16776834 [pid 5921] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 140.622206][ T30] audit: type=1800 audit(1748933590.603:43): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5921] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 140.779984][ T5922] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 140.779984][ T5922] [ 140.792270][ T5922] ERROR: (device loop0): remounting filesystem as read-only [pid 5922] <... sendfile resumed>) = 15269888 [pid 5922] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] exit_group(0 [pid 5922] <... futex resumed>) = ? [pid 5921] <... exit_group resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached , child_tidptr=0x555561135690) = 5923 [pid 5923] set_robust_list(0x5555611356a0, 24) = 0 [pid 5923] chdir("./42") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5923] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5923] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5924 attached => {parent_tid=[5924]}, 88) = 5924 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] <... rseq resumed>) = 0 [pid 5923] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5923] <... futex resumed>) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5924] munmap(0x7febd7200000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file0", 0777) = 0 [pid 5924] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 141.946943][ T5924] loop0: detected capacity change from 0 to 32768 [pid 5924] chdir("./file0") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5924] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5923] <... futex resumed>) = 0 [pid 5924] <... openat resumed>) = 4 [pid 5923] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5923] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... openat resumed>) = 5 [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5924] <... futex resumed>) = 1 [pid 5923] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] sendfile(4, 5, NULL, 16776834 [pid 5923] <... futex resumed>) = 0 [ 142.024653][ T30] audit: type=1800 audit(1748933592.003:44): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5923] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 142.177007][ T5924] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 142.177007][ T5924] [ 142.188510][ T5924] ERROR: (device loop0): remounting filesystem as read-only [pid 5924] <... sendfile resumed>) = 15269888 [pid 5924] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] exit_group(0 [pid 5924] <... futex resumed>) = ? [pid 5923] <... exit_group resumed>) = ? [pid 5924] +++ exited with 0 +++ [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached , child_tidptr=0x555561135690) = 5925 [pid 5925] set_robust_list(0x5555611356a0, 24) = 0 [pid 5925] chdir("./43") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5925] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5926 attached => {parent_tid=[5926]}, 88) = 5926 [pid 5926] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... rseq resumed>) = 0 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] set_robust_list(0x7febdf6ce9a0, 24 [pid 5925] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... set_robust_list resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... futex resumed>) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5926] memfd_create("syzkaller", 0) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5926] munmap(0x7febd7200000, 138412032) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./file0", 0777) = 0 [pid 5926] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5926] chdir("./file0") = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5926] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 143.357246][ T5926] loop0: detected capacity change from 0 to 32768 [pid 5926] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... openat resumed>) = 4 [pid 5926] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5926] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5926] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 143.422324][ T30] audit: type=1800 audit(1748933593.403:45): pid=5926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5926] sendfile(4, 5, NULL, 16776834 [pid 5925] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5925] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 143.564495][ T5926] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 143.564495][ T5926] [ 143.577114][ T5926] ERROR: (device loop0): remounting filesystem as read-only [pid 5926] <... sendfile resumed>) = 15269888 [pid 5926] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] exit_group(0 [pid 5926] <... futex resumed>) = ? [pid 5925] <... exit_group resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached , child_tidptr=0x555561135690) = 5927 [pid 5927] set_robust_list(0x5555611356a0, 24) = 0 [pid 5927] chdir("./44") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] write(1, "executing program\n", 18executing program ) = 18 [pid 5927] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5927] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5927] <... clone3 resumed> => {parent_tid=[5928]}, 88) = 5928 [pid 5928] set_robust_list(0x7febdf6ce9a0, 24 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] <... set_robust_list resumed>) = 0 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] memfd_create("syzkaller", 0 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5928] <... memfd_create resumed>) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5928] munmap(0x7febd7200000, 138412032) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] close(4) = 0 [pid 5928] mkdir("./file0", 0777) = 0 [pid 5928] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 144.727474][ T5928] loop0: detected capacity change from 0 to 32768 [pid 5928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file0") = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5928] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5928] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = 0 [pid 5928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5927] <... futex resumed>) = 1 [pid 5927] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... openat resumed>) = 4 [pid 5928] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5928] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5927] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5928] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 144.804893][ T30] audit: type=1800 audit(1748933594.783:46): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5928] sendfile(4, 5, NULL, 16776834 [pid 5927] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 144.963849][ T5928] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 144.963849][ T5928] [ 144.975374][ T5928] ERROR: (device loop0): remounting filesystem as read-only [pid 5928] <... sendfile resumed>) = 15269888 [pid 5928] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] exit_group(0 [pid 5928] <... futex resumed>) = ? [pid 5927] <... exit_group resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x555561135690) = 5929 [pid 5929] set_robust_list(0x5555611356a0, 24) = 0 [pid 5929] chdir("./45") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5929] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5929] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5929] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] set_robust_list(0x7febdf6ce9a0, 24 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] <... set_robust_list resumed>) = 0 [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5930] munmap(0x7febd7200000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./file0", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file0") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [ 145.826098][ T5930] loop0: detected capacity change from 0 to 32768 [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [pid 5929] <... futex resumed>) = 0 [pid 5930] <... openat resumed>) = 4 [pid 5930] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 0 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5930] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... futex resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC) = 5 [pid 5929] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] sendfile(4, 5, NULL, 16776834 [pid 5929] <... futex resumed>) = 0 [ 145.883144][ T30] audit: type=1800 audit(1748933595.863:47): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5929] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 146.026635][ T5930] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 146.026635][ T5930] [ 146.038492][ T5930] ERROR: (device loop0): remounting filesystem as read-only [pid 5930] <... sendfile resumed>) = 15269888 [pid 5930] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] exit_group(0 [pid 5930] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5930] +++ exited with 0 +++ [pid 5929] <... exit_group resumed>) = ? [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached , child_tidptr=0x555561135690) = 5931 [pid 5931] set_robust_list(0x5555611356a0, 24) = 0 [pid 5931] chdir("./46") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18executing program ) = 18 [pid 5931] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5931] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053) = 0 [pid 5932] set_robust_list(0x7febdf6ce9a0, 24 [pid 5931] <... clone3 resumed> => {parent_tid=[5932]}, 88) = 5932 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] memfd_create("syzkaller", 0 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] <... memfd_create resumed>) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5932] munmap(0x7febd7200000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file0", 0777) = 0 [pid 5932] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file0") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [ 147.167627][ T5932] loop0: detected capacity change from 0 to 32768 [pid 5932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [pid 5931] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5931] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... openat resumed>) = 5 [pid 5932] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] sendfile(4, 5, NULL, 16776834 [ 147.214558][ T30] audit: type=1800 audit(1748933597.193:48): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5931] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 147.370212][ T5932] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 147.370212][ T5932] [ 147.383850][ T5932] ERROR: (device loop0): remounting filesystem as read-only [pid 5932] <... sendfile resumed>) = 15269888 [pid 5932] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] exit_group(0 [pid 5932] <... futex resumed>) = ? [pid 5931] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556113e770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556113e770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555561136730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5933 attached , child_tidptr=0x555561135690) = 5933 [pid 5933] set_robust_list(0x5555611356a0, 24) = 0 [pid 5933] chdir("./47") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] write(1, "executing program\n", 18executing program ) = 18 [pid 5933] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] rt_sigaction(SIGRT_1, {sa_handler=0x7febdf73ff30, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febdf7310e0}, NULL, 8) = 0 [pid 5933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febdf6ae000 [pid 5933] mprotect(0x7febdf6af000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7febdf6ce990, parent_tid=0x7febdf6ce990, exit_signal=0, stack=0x7febdf6ae000, stack_size=0x20300, tls=0x7febdf6ce6c0}./strace-static-x86_64: Process 5934 attached [pid 5934] rseq(0x7febdf6cefe0, 0x20, 0, 0x53053053 [pid 5933] <... clone3 resumed> => {parent_tid=[5934]}, 88) = 5934 [pid 5934] <... rseq resumed>) = 0 [pid 5934] set_robust_list(0x7febdf6ce9a0, 24) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5934] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5933] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5934] memfd_create("syzkaller", 0 [pid 5933] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] <... memfd_create resumed>) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7febd7200000 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5934] munmap(0x7febd7200000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5934] close(3) = 0 [pid 5934] close(4) = 0 [pid 5934] mkdir("./file0", 0777) = 0 [pid 5934] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./file0") = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5934] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777 [ 148.538783][ T5934] loop0: detected capacity change from 0 to 32768 [pid 5933] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... openat resumed>) = 4 [pid 5934] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] futex(0x7febdf7a76c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5934] openat(AT_FDCWD, "/dev/nullb0", O_RDONLY|FASYNC [pid 5933] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... openat resumed>) = 5 [pid 5934] futex(0x7febdf7a76cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5934] sendfile(4, 5, NULL, 16776834 [pid 5933] futex(0x7febdf7a76c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 148.599988][ T30] audit: type=1800 audit(1748933598.573:49): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor248" name="file1" dev="loop0" ino=4 res=0 errno=0 [pid 5933] futex(0x7febdf7a76cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5933] exit_group(0) = ? [pid 5934] <... sendfile resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 148.840067][ T5934] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 148.840067][ T5934] [ 148.853899][ T5934] ERROR: (device loop0): remounting filesystem as read-only umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555561136730 /* 4 entries */, 32768) = 112 [ 148.965764][ T5824] ------------[ cut here ]------------ [ 148.971482][ T5824] kernel BUG at fs/jfs/inode.c:169! [ 148.976741][ T5824] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 148.983000][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor248 Not tainted 6.15.0-syzkaller-10954-gd00a83477e7a #0 PREEMPT(full) [ 148.995076][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.005132][ T5824] RIP: 0010:jfs_evict_inode+0x438/0x440 [ 149.010686][ T5824] Code: fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 17 fe ff ff 4c 89 f7 e8 e3 1f ea fe e9 0a fe ff ff e8 49 c2 88 fe 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 149.031123][ T5824] RSP: 0018:ffffc900041af9c0 EFLAGS: 00010293 [ 149.037289][ T5824] RAX: ffffffff83377797 RBX: ffff888072f4d728 RCX: ffff88802abe0000 [ 149.045310][ T5824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888072f4d728 [ 149.053291][ T5824] RBP: 0000000000000001 R08: ffffffff8f9f96f7 R09: 1ffffffff1f3f2de [ 149.061261][ T5824] R10: dffffc0000000000 R11: ffffffff83375530 R12: dffffc0000000000 [ 149.069306][ T5824] R13: dffffc0000000000 R14: ffff888072f4d3b0 R15: ffffffff83377360 [ 149.077309][ T5824] FS: 00005555611353c0(0000) GS:ffff888125c95000(0000) knlGS:0000000000000000 [ 149.086263][ T5824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.092887][ T5824] CR2: 00007fff848c2c9c CR3: 000000007400a000 CR4: 00000000003526f0 [ 149.100871][ T5824] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.108928][ T5824] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.116901][ T5824] Call Trace: [ 149.120181][ T5824] [ 149.123126][ T5824] ? evict+0x4f8/0x9c0 [ 149.127208][ T5824] ? __pfx_jfs_evict_inode+0x10/0x10 [ 149.132507][ T5824] evict+0x504/0x9c0 [ 149.136503][ T5824] ? __pfx_evict+0x10/0x10 [ 149.141193][ T5824] ? do_raw_spin_unlock+0x122/0x240 [ 149.146408][ T5824] evict_inodes+0x636/0x6c0 [ 149.150921][ T5824] ? __pfx_evict_inodes+0x10/0x10 [ 149.155965][ T5824] generic_shutdown_super+0x9a/0x2c0 [ 149.161649][ T5824] kill_block_super+0x44/0x90 [ 149.166475][ T5824] deactivate_locked_super+0xb9/0x130 [ 149.171895][ T5824] cleanup_mnt+0x425/0x4c0 [ 149.176335][ T5824] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.181578][ T5824] task_work_run+0x1d4/0x260 [ 149.186238][ T5824] ? __pfx_task_work_run+0x10/0x10 [ 149.191355][ T5824] ? __x64_sys_umount+0x122/0x160 [ 149.196558][ T5824] ptrace_notify+0x281/0x2c0 [ 149.201153][ T5824] ? __pfx_ptrace_notify+0x10/0x10 [ 149.206269][ T5824] ? __x64_sys_umount+0x122/0x160 [ 149.211291][ T5824] ? __pfx___x64_sys_umount+0x10/0x10 [ 149.216750][ T5824] ? rcu_is_watching+0x15/0xb0 [ 149.221519][ T5824] syscall_exit_work+0xc6/0x1d0 [ 149.226369][ T5824] do_syscall_64+0x2ad/0x3b0 [ 149.230965][ T5824] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.236167][ T5824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.242234][ T5824] ? clear_bhb_loop+0x60/0xb0 [ 149.246914][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.252988][ T5824] RIP: 0033:0x7febdf71ad77 [ 149.257420][ T5824] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 149.277199][ T5824] RSP: 002b:00007fff848c2c88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 149.285698][ T5824] RAX: 0000000000000000 RBX: 0000000000024285 RCX: 00007febdf71ad77 [ 149.293666][ T5824] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff848c2d40 [ 149.301638][ T5824] RBP: 00007fff848c2d40 R08: 0000000000000000 R09: 0000000000000000 [ 149.309607][ T5824] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff848c3e00 [ 149.317587][ T5824] R13: 0000555561136700 R14: 431bde82d7b634db R15: 00007fff848c3da4 [ 149.325582][ T5824] [ 149.328602][ T5824] Modules linked in: [ 149.332854][ T5824] ---[ end trace 0000000000000000 ]--- [ 149.338419][ T5824] RIP: 0010:jfs_evict_inode+0x438/0x440 [ 149.344109][ T5824] Code: fe e9 e0 fd ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 17 fe ff ff 4c 89 f7 e8 e3 1f ea fe e9 0a fe ff ff e8 49 c2 88 fe 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 149.364027][ T5824] RSP: 0018:ffffc900041af9c0 EFLAGS: 00010293 [ 149.370177][ T5824] RAX: ffffffff83377797 RBX: ffff888072f4d728 RCX: ffff88802abe0000 [ 149.378262][ T5824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888072f4d728 [ 149.386308][ T5824] RBP: 0000000000000001 R08: ffffffff8f9f96f7 R09: 1ffffffff1f3f2de [ 149.394351][ T5824] R10: dffffc0000000000 R11: ffffffff83375530 R12: dffffc0000000000 [ 149.402387][ T5824] R13: dffffc0000000000 R14: ffff888072f4d3b0 R15: ffffffff83377360 [ 149.410375][ T5824] FS: 00005555611353c0(0000) GS:ffff888125c95000(0000) knlGS:0000000000000000 [ 149.419443][ T5824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.426084][ T5824] CR2: 00007fff848c2c9c CR3: 000000007400a000 CR4: 00000000003526f0 [ 149.434116][ T5824] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.443115][ T5824] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.451229][ T5824] Kernel panic - not syncing: Fatal exception [ 149.457716][ T5824] Kernel Offset: disabled [ 149.462052][ T5824] Rebooting in 86400 seconds..