./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor734663789 <...> DUID 00:04:ef:48:41:79:0b:5e:d9:4d:76:cd:70:81:2e:69:59:2c forked to background, child pid 4669 [ 23.165725][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.179599][ T4670] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.143' (ECDSA) to the list of known hosts. execve("./syz-executor734663789", ["./syz-executor734663789"], 0x7ffcd1ebd530 /* 10 vars */) = 0 brk(NULL) = 0x555556717000 brk(0x555556717c40) = 0x555556717c40 arch_prctl(ARCH_SET_FS, 0x555556717300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555567175d0) = 5000 set_robust_list(0x5555567175e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f02d07947c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f02d0794e90}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f02d0794860, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02d0794e90}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor734663789", 4096) = 27 brk(0x555556738c40) = 0x555556738c40 brk(0x555556739000) = 0x555556739000 mprotect(0x7f02d0856000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5000 mkdir("./syzkaller.kaT7nj", 0700) = 0 chmod("./syzkaller.kaT7nj", 0777) = 0 chdir("./syzkaller.kaT7nj") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x5555567175e0, 24) = 0 [pid 5001] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setsid() = 1 [pid 5001] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5001] unshare(CLONE_NEWNS) = 0 [pid 5001] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5001] unshare(CLONE_NEWIPC) = 0 [pid 5001] unshare(CLONE_NEWCGROUP) = 0 [pid 5001] unshare(CLONE_NEWUTS) = 0 [pid 5001] unshare(CLONE_SYSVSEM) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "16777216", 8) = 8 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "536870912", 9) = 9 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "8192", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5001] close(3) = 0 [pid 5001] getpid() = 1 [pid 5001] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5004] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5004] memfd_create("syzkaller", 0) = 3 [pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5004] munmap(0x7f02c8363000, 524288) = 0 [pid 5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5004] close(3) = 0 [pid 5004] mkdir("./file0", 0777) = 0 syzkaller login: [ 47.686459][ T5004] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5004 'syz-executor734' [ 47.705098][ T5004] loop0: detected capacity change from 0 to 1024 [ 47.717035][ T5004] ======================================================= [ 47.717035][ T5004] WARNING: The mand mount option has been deprecated and [pid 5004] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5004] chdir("./file0") = 0 [pid 5004] ioctl(4, LOOP_CLR_FD) = 0 [pid 5004] close(4) = 0 [pid 5004] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... futex resumed>) = 1 [ 47.717035][ T5004] and is ignored by this kernel. Remove the mand [ 47.717035][ T5004] option from the mount to silence this warning. [ 47.717035][ T5004] ======================================================= [ 47.776261][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5004] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5003] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5003] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 4 [pid 5003] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7f02c83e29e0, 24) = 0 [ 47.783872][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.791585][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.798982][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.806400][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.813822][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.822510][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.830244][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5006] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5006] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [ 47.837694][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.845383][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.852793][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.860167][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.868302][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.875673][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5006] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5003] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5003] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 5 [pid 5003] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5007] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 6 [pid 5007] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5007] <... futex resumed>) = 1 [pid 5007] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5008 attached [pid 5008] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 47.884443][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.891952][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.900086][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.909767][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.917513][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.924807][ T5006] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5006] <... write resumed>) = 53248 [pid 5006] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 47.932256][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.940841][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.948672][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.956221][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.964110][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.971569][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.978996][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.986317][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 47.994001][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.001697][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.009176][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.017262][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.025111][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5006] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] +++ killed by SIGSEGV (core dumped) +++ [pid 5007] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5003] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=6, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5003] getpid() = 2 [pid 5003] rt_sigreturn({mask=[]}) = 0 [pid 5007] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] close(3) = 0 [pid 5003] close(4) = -1 EBADF (Bad file descriptor) [pid 5003] close(5) = 0 [pid 5003] close(6) = -1 EBADF (Bad file descriptor) [pid 5003] close(7) = -1 EBADF (Bad file descriptor) [pid 5003] close(8) = -1 EBADF (Bad file descriptor) [pid 5003] close(9) = -1 EBADF (Bad file descriptor) [pid 5003] close(10) = -1 EBADF (Bad file descriptor) [pid 5003] close(11) = -1 EBADF (Bad file descriptor) [pid 5003] close(12) = -1 EBADF (Bad file descriptor) [pid 5003] close(13) = -1 EBADF (Bad file descriptor) [pid 5003] close(14) = -1 EBADF (Bad file descriptor) [pid 5003] close(15) = -1 EBADF (Bad file descriptor) [pid 5003] close(16) = -1 EBADF (Bad file descriptor) [pid 5003] close(17) = -1 EBADF (Bad file descriptor) [ 48.032522][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.039948][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.047303][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.055029][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.057221][ T5008] syz-executor734 (5008) used greatest stack depth: 22600 bytes left [ 48.062558][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.077891][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5003] close(18) = -1 EBADF (Bad file descriptor) [pid 5003] close(19) = -1 EBADF (Bad file descriptor) [pid 5003] close(20) = -1 EBADF (Bad file descriptor) [pid 5003] close(21) = -1 EBADF (Bad file descriptor) [pid 5003] close(22) = -1 EBADF (Bad file descriptor) [pid 5003] close(23) = -1 EBADF (Bad file descriptor) [pid 5003] close(24) = -1 EBADF (Bad file descriptor) [pid 5003] close(25) = -1 EBADF (Bad file descriptor) [pid 5003] close(26) = -1 EBADF (Bad file descriptor) [pid 5003] close(27) = -1 EBADF (Bad file descriptor) [pid 5003] close(28) = -1 EBADF (Bad file descriptor) [pid 5003] close(29) = -1 EBADF (Bad file descriptor) [pid 5003] exit_group(0 [pid 5007] <... futex resumed>) = ? [pid 5006] <... futex resumed>) = ? [pid 5003] <... exit_group resumed>) = ? [pid 5007] +++ exited with 0 +++ [pid 5006] +++ exited with 0 +++ [pid 5004] <... open resumed>) = ? [pid 5004] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./0/binderfs") = 0 [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./0/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./0") = 0 [pid 5001] mkdir("./1", 0777) = 0 [ 48.085464][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.093537][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.101152][ T5004] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.109023][ T26] audit: type=1800 audit(1687442187.891:2): pid=5004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 7 ./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x5555567175e0, 24) = 0 [pid 5009] chdir("./1") = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5009] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5009] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[8], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 8 [pid 5009] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5010] memfd_create("syzkaller", 0) = 3 [pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5010] munmap(0x7f02c8363000, 524288) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5010] close(3) = 0 [pid 5010] mkdir("./file0", 0777) = 0 [pid 5010] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5010] chdir("./file0") = 0 [pid 5010] ioctl(4, LOOP_CLR_FD) = 0 [pid 5010] close(4) = 0 [pid 5010] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... futex resumed>) = 0 [ 48.199672][ T5010] loop0: detected capacity change from 0 to 1024 [ 48.230256][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.237896][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5010] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5009] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[9], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 9 [pid 5009] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5011] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5011] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 1 [ 48.245421][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.252849][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.260513][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.268033][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.275990][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.283507][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.290920][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5011] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5009] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 10 [pid 5009] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5012] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 11 ./strace-static-x86_64: Process 5013 attached [ 48.298269][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.305654][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.313595][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.321286][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.328648][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.336165][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5012] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5012] <... futex resumed>) = 1 [pid 5012] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... write resumed>) = 53248 [pid 5011] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.344074][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.351611][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.361843][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.369474][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.377076][ T5011] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.384717][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.392462][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5011] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] +++ killed by SIGSEGV (core dumped) +++ [pid 5012] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5012] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=11, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5012] getpid() = 7 [pid 5012] rt_sigreturn({mask=[]}) = 202 [ 48.399921][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.407410][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.414712][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.422207][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.429554][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.436976][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5012] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] close(3) = 0 [pid 5009] close(4) = -1 EBADF (Bad file descriptor) [pid 5009] close(5) = 0 [pid 5009] close(6) = -1 EBADF (Bad file descriptor) [pid 5009] close(7) = -1 EBADF (Bad file descriptor) [pid 5009] close(8) = -1 EBADF (Bad file descriptor) [pid 5009] close(9) = -1 EBADF (Bad file descriptor) [pid 5009] close(10) = -1 EBADF (Bad file descriptor) [pid 5009] close(11) = -1 EBADF (Bad file descriptor) [pid 5009] close(12) = -1 EBADF (Bad file descriptor) [pid 5009] close(13) = -1 EBADF (Bad file descriptor) [pid 5009] close(14) = -1 EBADF (Bad file descriptor) [pid 5009] close(15) = -1 EBADF (Bad file descriptor) [pid 5009] close(16) = -1 EBADF (Bad file descriptor) [pid 5009] close(17) = -1 EBADF (Bad file descriptor) [ 48.444319][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.451945][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.459690][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.467182][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.474497][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.481806][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.489168][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5009] close(18) = -1 EBADF (Bad file descriptor) [pid 5009] close(19) = -1 EBADF (Bad file descriptor) [pid 5009] close(20) = -1 EBADF (Bad file descriptor) [pid 5009] close(21) = -1 EBADF (Bad file descriptor) [pid 5009] close(22) = -1 EBADF (Bad file descriptor) [pid 5009] close(23) = -1 EBADF (Bad file descriptor) [pid 5009] close(24) = -1 EBADF (Bad file descriptor) [pid 5009] close(25) = -1 EBADF (Bad file descriptor) [pid 5009] close(26) = -1 EBADF (Bad file descriptor) [pid 5009] close(27) = -1 EBADF (Bad file descriptor) [pid 5009] close(28) = -1 EBADF (Bad file descriptor) [pid 5009] close(29) = -1 EBADF (Bad file descriptor) [pid 5009] exit_group(0 [pid 5012] <... futex resumed>) = ? [pid 5011] <... futex resumed>) = ? [pid 5009] <... exit_group resumed>) = ? [pid 5012] +++ exited with 0 +++ [pid 5011] +++ exited with 0 +++ [pid 5010] <... open resumed>) = ? [pid 5010] +++ exited with 0 +++ [pid 5009] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=11, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 48.496453][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.504487][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.512507][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.519843][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.527149][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.534431][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.541732][ T5010] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./1/binderfs") = 0 [pid 5001] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./1/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./1") = 0 [pid 5001] mkdir("./2", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5014 attached , child_tidptr=0x5555567175d0) = 12 [pid 5014] set_robust_list(0x5555567175e0, 24) = 0 [pid 5014] chdir("./2") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5014] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5015 attached , parent_tid=[13], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 13 [pid 5015] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5015] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5015] munmap(0x7f02c8363000, 524288) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 48.549711][ T26] audit: type=1800 audit(1687442188.321:3): pid=5010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file0", 0777) = 0 [pid 5015] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./file0") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5014] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.603745][ T5015] loop0: detected capacity change from 0 to 1024 [ 48.628383][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.635717][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.643241][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5014] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5014] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[14], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 14 [pid 5014] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5016 attached [pid 5016] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5016] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5016] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [ 48.650602][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.657949][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.665229][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.672636][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.680719][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.688400][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.695690][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5016] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5014] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[15], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 15 [pid 5014] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5017 attached [ 48.703078][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.710417][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.717869][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.725188][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.733397][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.741086][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5017] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5017] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 16 [pid 5017] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5018 attached [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5018] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5017] <... futex resumed>) = 0 [ 48.748469][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.756956][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.764364][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.771979][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.779469][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.787436][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.795473][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5017] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] <... write resumed>) = 53248 [pid 5016] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.803146][ T5016] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.811012][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.818638][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.826970][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.834441][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.841878][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5016] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] +++ killed by SIGSEGV (core dumped) +++ [pid 5017] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5017] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=16, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5017] getpid() = 12 [pid 5017] rt_sigreturn({mask=[]}) = 202 [ 48.849274][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.856874][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.864246][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.871618][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.878999][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.886334][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.893654][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.901388][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.908779][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.916193][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.923541][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.930927][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [ 48.938486][ T5015] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5017] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... open resumed>) = 4 [pid 5015] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] close(3) = 0 [pid 5014] close(4) = 0 [pid 5014] close(5) = 0 [pid 5014] close(6) = -1 EBADF (Bad file descriptor) [pid 5014] close(7) = -1 EBADF (Bad file descriptor) [pid 5014] close(8) = -1 EBADF (Bad file descriptor) [pid 5014] close(9) = -1 EBADF (Bad file descriptor) [pid 5014] close(10) = -1 EBADF (Bad file descriptor) [pid 5014] close(11) = -1 EBADF (Bad file descriptor) [pid 5014] close(12) = -1 EBADF (Bad file descriptor) [pid 5014] close(13) = -1 EBADF (Bad file descriptor) [pid 5014] close(14) = -1 EBADF (Bad file descriptor) [pid 5014] close(15) = -1 EBADF (Bad file descriptor) [pid 5014] close(16) = -1 EBADF (Bad file descriptor) [pid 5014] close(17) = -1 EBADF (Bad file descriptor) [pid 5014] close(18) = -1 EBADF (Bad file descriptor) [pid 5014] close(19) = -1 EBADF (Bad file descriptor) [pid 5014] close(20) = -1 EBADF (Bad file descriptor) [pid 5014] close(21) = -1 EBADF (Bad file descriptor) [pid 5014] close(22) = -1 EBADF (Bad file descriptor) [pid 5014] close(23) = -1 EBADF (Bad file descriptor) [pid 5014] close(24) = -1 EBADF (Bad file descriptor) [pid 5014] close(25) = -1 EBADF (Bad file descriptor) [pid 5014] close(26) = -1 EBADF (Bad file descriptor) [pid 5014] close(27) = -1 EBADF (Bad file descriptor) [pid 5014] close(28) = -1 EBADF (Bad file descriptor) [pid 5014] close(29) = -1 EBADF (Bad file descriptor) [pid 5014] exit_group(0 [pid 5017] <... futex resumed>) = ? [pid 5016] <... futex resumed>) = ? [pid 5014] <... exit_group resumed>) = ? [pid 5017] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ [pid 5015] <... futex resumed>) = ? [pid 5015] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=16, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./2/binderfs") = 0 [pid 5001] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./2/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./2") = 0 [pid 5001] mkdir("./3", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 17 [ 48.946128][ T26] audit: type=1800 audit(1687442188.721:4): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 ./strace-static-x86_64: Process 5019 attached [pid 5019] set_robust_list(0x5555567175e0, 24) = 0 [pid 5019] chdir("./3") = 0 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5019] setpgid(0, 0) = 0 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5019] write(3, "1000", 4) = 4 [pid 5019] close(3) = 0 [pid 5019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5019] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5019] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5019] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[18], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 18 [pid 5019] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5020] memfd_create("syzkaller", 0) = 3 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5020] munmap(0x7f02c8363000, 524288) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5020] close(3) = 0 [pid 5020] mkdir("./file0", 0777) = 0 [pid 5020] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5020] chdir("./file0") = 0 [pid 5020] ioctl(4, LOOP_CLR_FD) = 0 [pid 5020] close(4) = 0 [pid 5020] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.028199][ T5020] loop0: detected capacity change from 0 to 1024 [ 49.051073][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.058471][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.065778][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5020] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5019] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5019] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5019] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5019] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[19], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 19 [pid 5019] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5021] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5021] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 1 [ 49.073138][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.080459][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.088010][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.095326][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.102681][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.110050][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.117507][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5021] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5019] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5019] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5019] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5019] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[20], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 20 [pid 5019] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5022 attached [pid 5022] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 49.124818][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.132130][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.139454][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.146886][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.154221][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.161666][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.169395][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5022] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 21 [pid 5022] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5023 attached [pid 5023] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5019] <... futex resumed>) = 0 [pid 5022] <... futex resumed>) = 1 [ 49.176913][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.184284][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.191943][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.199480][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.207007][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.214324][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5022] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] <... write resumed>) = 53248 [pid 5021] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.223690][ T5021] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.231055][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.238735][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.246046][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.253646][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.261089][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.268432][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5021] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] +++ killed by SIGSEGV (core dumped) +++ [pid 5022] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5022] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=21, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5022] getpid() = 17 [pid 5022] rt_sigreturn({mask=[]}) = 202 [ 49.276111][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.283470][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.290989][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.298445][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.305833][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.313197][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.320676][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5022] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] close(3) = 0 [pid 5019] close(4) = -1 EBADF (Bad file descriptor) [pid 5019] close(5) = 0 [pid 5019] close(6) = -1 EBADF (Bad file descriptor) [pid 5019] close(7) = -1 EBADF (Bad file descriptor) [pid 5019] close(8) = -1 EBADF (Bad file descriptor) [pid 5019] close(9) = -1 EBADF (Bad file descriptor) [pid 5019] close(10) = -1 EBADF (Bad file descriptor) [pid 5019] close(11) = -1 EBADF (Bad file descriptor) [pid 5019] close(12) = -1 EBADF (Bad file descriptor) [pid 5019] close(13) = -1 EBADF (Bad file descriptor) [pid 5019] close(14) = -1 EBADF (Bad file descriptor) [pid 5019] close(15) = -1 EBADF (Bad file descriptor) [pid 5019] close(16) = -1 EBADF (Bad file descriptor) [pid 5019] close(17) = -1 EBADF (Bad file descriptor) [pid 5019] close(18) = -1 EBADF (Bad file descriptor) [pid 5019] close(19) = -1 EBADF (Bad file descriptor) [pid 5019] close(20) = -1 EBADF (Bad file descriptor) [pid 5019] close(21) = -1 EBADF (Bad file descriptor) [pid 5019] close(22) = -1 EBADF (Bad file descriptor) [pid 5019] close(23) = -1 EBADF (Bad file descriptor) [pid 5019] close(24) = -1 EBADF (Bad file descriptor) [pid 5019] close(25) = -1 EBADF (Bad file descriptor) [pid 5019] close(26) = -1 EBADF (Bad file descriptor) [pid 5019] close(27) = -1 EBADF (Bad file descriptor) [pid 5019] close(28) = -1 EBADF (Bad file descriptor) [pid 5019] close(29) = -1 EBADF (Bad file descriptor) [pid 5019] exit_group(0 [pid 5022] <... futex resumed>) = ? [pid 5021] <... futex resumed>) = ? [pid 5019] <... exit_group resumed>) = ? [pid 5022] +++ exited with 0 +++ [pid 5021] +++ exited with 0 +++ [pid 5020] <... open resumed>) = ? [ 49.328014][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.335307][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.342644][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.349962][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.357345][ T5020] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5020] +++ exited with 0 +++ [pid 5019] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=21, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./3/binderfs") = 0 [pid 5001] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./3/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./3") = 0 [pid 5001] mkdir("./4", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 22 ./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x5555567175e0, 24) = 0 [pid 5024] chdir("./4") = 0 [pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5024] setpgid(0, 0) = 0 [pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5024] write(3, "1000", 4) = 4 [pid 5024] close(3) = 0 [pid 5024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5024] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5024] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5025 attached , parent_tid=[23], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 23 [pid 5025] set_robust_list(0x7f02d07839e0, 24 [pid 5024] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] <... set_robust_list resumed>) = 0 [pid 5024] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5025] memfd_create("syzkaller", 0) = 3 [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5025] munmap(0x7f02c8363000, 524288) = 0 [ 49.364739][ T26] audit: type=1800 audit(1687442189.141:5): pid=5020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5025] close(3) = 0 [pid 5025] mkdir("./file0", 0777) = 0 [pid 5025] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5025] chdir("./file0") = 0 [pid 5025] ioctl(4, LOOP_CLR_FD) = 0 [pid 5025] close(4) = 0 [pid 5025] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = 1 [ 49.422145][ T5025] loop0: detected capacity change from 0 to 1024 [ 49.448136][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.455462][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.462915][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5025] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5024] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5024] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[24], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 24 [pid 5024] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5026] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5026] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [ 49.470516][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.477850][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.485124][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.492502][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.499869][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.507276][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.514562][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5024] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... futex resumed>) = 1 [ 49.522032][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.529488][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.536850][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.544132][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.551538][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.558896][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5026] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5024] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5024] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[25], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 25 [pid 5024] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5027] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 26 [pid 5027] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5028 attached [pid 5028] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5024] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 1 [ 49.566224][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.573565][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.580929][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.588296][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.595606][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.603103][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.610529][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5027] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... write resumed>) = 53248 [pid 5026] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.617975][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.625287][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.632732][ T5026] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.640202][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.648009][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.655341][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.662817][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5026] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] +++ killed by SIGSEGV (core dumped) +++ [pid 5027] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5027] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=26, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5027] getpid() = 22 [pid 5027] rt_sigreturn({mask=[]}) = 202 [ 49.670240][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.677689][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.684996][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.692402][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.700111][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.707594][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.714895][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5027] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] close(3) = 0 [pid 5024] close(4) = -1 EBADF (Bad file descriptor) [pid 5024] close(5) = 0 [pid 5024] close(6) = -1 EBADF (Bad file descriptor) [pid 5024] close(7) = -1 EBADF (Bad file descriptor) [pid 5024] close(8) = -1 EBADF (Bad file descriptor) [pid 5024] close(9) = -1 EBADF (Bad file descriptor) [pid 5024] close(10) = -1 EBADF (Bad file descriptor) [pid 5024] close(11) = -1 EBADF (Bad file descriptor) [pid 5024] close(12) = -1 EBADF (Bad file descriptor) [pid 5024] close(13) = -1 EBADF (Bad file descriptor) [pid 5024] close(14) = -1 EBADF (Bad file descriptor) [pid 5024] close(15) = -1 EBADF (Bad file descriptor) [pid 5024] close(16) = -1 EBADF (Bad file descriptor) [pid 5024] close(17) = -1 EBADF (Bad file descriptor) [pid 5024] close(18) = -1 EBADF (Bad file descriptor) [pid 5024] close(19) = -1 EBADF (Bad file descriptor) [pid 5024] close(20) = -1 EBADF (Bad file descriptor) [pid 5024] close(21) = -1 EBADF (Bad file descriptor) [pid 5024] close(22) = -1 EBADF (Bad file descriptor) [pid 5024] close(23) = -1 EBADF (Bad file descriptor) [pid 5024] close(24) = -1 EBADF (Bad file descriptor) [pid 5024] close(25) = -1 EBADF (Bad file descriptor) [pid 5024] close(26) = -1 EBADF (Bad file descriptor) [pid 5024] close(27) = -1 EBADF (Bad file descriptor) [pid 5024] close(28) = -1 EBADF (Bad file descriptor) [pid 5024] close(29) = -1 EBADF (Bad file descriptor) [pid 5024] exit_group(0 [pid 5027] <... futex resumed>) = ? [pid 5026] <... futex resumed>) = ? [pid 5024] <... exit_group resumed>) = ? [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 5025] <... open resumed>) = ? [ 49.722208][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.729563][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.736961][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.744294][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.751629][ T5025] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5025] +++ exited with 0 +++ [pid 5024] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=26, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./4/binderfs") = 0 [pid 5001] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./4/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./4") = 0 [pid 5001] mkdir("./5", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached [pid 5029] set_robust_list(0x5555567175e0, 24) = 0 [pid 5029] chdir("./5") = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... clone resumed>, child_tidptr=0x5555567175d0) = 27 [pid 5029] <... openat resumed>) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5029] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5029] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[28], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 28 [pid 5029] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5030] memfd_create("syzkaller", 0) = 3 [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5030] munmap(0x7f02c8363000, 524288) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 49.759157][ T26] audit: type=1800 audit(1687442189.541:6): pid=5025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5030] close(3) = 0 [pid 5030] mkdir("./file0", 0777) = 0 [pid 5030] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5030] chdir("./file0") = 0 [pid 5030] ioctl(4, LOOP_CLR_FD) = 0 [pid 5030] close(4) = 0 [pid 5030] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.819119][ T5030] loop0: detected capacity change from 0 to 1024 [ 49.840797][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.848139][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.855433][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5030] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5029] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5029] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[29], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 29 [pid 5029] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5031 attached [pid 5031] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5031] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5031] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [ 49.862732][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.870077][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.877425][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.884801][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.892191][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.899791][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.907459][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5031] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5029] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5029] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5029] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[30], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 30 [pid 5029] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 49.914932][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.922543][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.929925][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.937277][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.944582][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.951983][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.959467][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5032] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 31 ./strace-static-x86_64: Process 5033 attached [pid 5033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5032] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... futex resumed>) = 0 [ 49.967174][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.974530][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.983236][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.990845][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [ 49.998228][ T5031] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.006172][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5031] <... write resumed>) = 53248 [pid 5031] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] +++ killed by SIGSEGV (core dumped) +++ [pid 5032] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5032] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=31, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5032] getpid() = 27 [pid 5032] rt_sigreturn({mask=[]}) = 202 [ 50.013680][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.021138][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.028763][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.036747][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.044103][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.051539][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.059060][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.066398][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.073770][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.081129][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.088466][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.095756][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.103053][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.110425][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.117760][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.125052][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.132487][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.139842][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.147150][ T5030] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5032] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... open resumed>) = 4 [pid 5030] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] close(3) = 0 [pid 5029] close(4) = 0 [pid 5029] close(5) = 0 [pid 5029] close(6) = -1 EBADF (Bad file descriptor) [pid 5029] close(7) = -1 EBADF (Bad file descriptor) [pid 5029] close(8) = -1 EBADF (Bad file descriptor) [pid 5029] close(9) = -1 EBADF (Bad file descriptor) [pid 5029] close(10) = -1 EBADF (Bad file descriptor) [pid 5029] close(11) = -1 EBADF (Bad file descriptor) [pid 5029] close(12) = -1 EBADF (Bad file descriptor) [pid 5029] close(13) = -1 EBADF (Bad file descriptor) [pid 5029] close(14) = -1 EBADF (Bad file descriptor) [pid 5029] close(15) = -1 EBADF (Bad file descriptor) [pid 5029] close(16) = -1 EBADF (Bad file descriptor) [pid 5029] close(17) = -1 EBADF (Bad file descriptor) [pid 5029] close(18) = -1 EBADF (Bad file descriptor) [pid 5029] close(19) = -1 EBADF (Bad file descriptor) [pid 5029] close(20) = -1 EBADF (Bad file descriptor) [pid 5029] close(21) = -1 EBADF (Bad file descriptor) [pid 5029] close(22) = -1 EBADF (Bad file descriptor) [pid 5029] close(23) = -1 EBADF (Bad file descriptor) [pid 5029] close(24) = -1 EBADF (Bad file descriptor) [pid 5029] close(25) = -1 EBADF (Bad file descriptor) [pid 5029] close(26) = -1 EBADF (Bad file descriptor) [pid 5029] close(27) = -1 EBADF (Bad file descriptor) [pid 5029] close(28) = -1 EBADF (Bad file descriptor) [pid 5029] close(29) = -1 EBADF (Bad file descriptor) [pid 5029] exit_group(0 [pid 5031] <... futex resumed>) = ? [pid 5030] <... futex resumed>) = ? [pid 5032] <... futex resumed>) = ? [pid 5031] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ [pid 5029] <... exit_group resumed>) = ? [pid 5032] +++ exited with 0 +++ [pid 5029] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=31, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./5/binderfs") = 0 [pid 5001] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./5/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./5") = 0 [pid 5001] mkdir("./6", 0777) = 0 [ 50.154591][ T26] audit: type=1800 audit(1687442189.921:7): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x5555567175e0, 24) = 0 [pid 5034] chdir("./6") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5001] <... clone resumed>, child_tidptr=0x5555567175d0) = 32 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5034] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5035 attached , parent_tid=[33], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 33 [pid 5035] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5035] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5034] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5035] memfd_create("syzkaller", 0) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5035] munmap(0x7f02c8363000, 524288) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file0", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file0") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [ 50.235813][ T5035] loop0: detected capacity change from 0 to 1024 [ 50.260659][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.267992][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.275322][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5035] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5034] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5034] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[34], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 34 [pid 5034] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5036] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5036] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... futex resumed>) = 1 [ 50.282637][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.290108][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.297403][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.304752][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.312086][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.319979][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.327543][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5036] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5034] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5034] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[35], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 35 [pid 5034] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5037 attached [ 50.334850][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.342171][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.349487][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.356968][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.364352][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.371714][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.379204][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5037] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5037] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88./strace-static-x86_64: Process 5038 attached ) = 36 [pid 5038] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5037] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [ 50.387159][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.394835][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.402264][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.409943][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.418504][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.425932][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5037] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... write resumed>) = 53248 [pid 5036] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] +++ killed by SIGSEGV (core dumped) +++ [pid 5034] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=36, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5034] getpid() = 32 [pid 5034] rt_sigreturn({mask=[]}) = 0 [pid 5037] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [ 50.433308][ T5036] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.440682][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.448180][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.455759][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.463254][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.470619][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.478133][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.485554][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.492908][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.500299][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.507648][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.514979][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.522304][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.529649][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5037] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... open resumed>) = 4 [pid 5035] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 50.536955][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.544265][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.551595][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.558909][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.566180][ T5035] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5035] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] close(3) = 0 [pid 5034] close(4) = 0 [pid 5034] close(5) = 0 [pid 5034] close(6) = -1 EBADF (Bad file descriptor) [pid 5034] close(7) = -1 EBADF (Bad file descriptor) [pid 5034] close(8) = -1 EBADF (Bad file descriptor) [pid 5034] close(9) = -1 EBADF (Bad file descriptor) [pid 5034] close(10) = -1 EBADF (Bad file descriptor) [pid 5034] close(11) = -1 EBADF (Bad file descriptor) [pid 5034] close(12) = -1 EBADF (Bad file descriptor) [pid 5034] close(13) = -1 EBADF (Bad file descriptor) [pid 5034] close(14) = -1 EBADF (Bad file descriptor) [pid 5034] close(15) = -1 EBADF (Bad file descriptor) [pid 5034] close(16) = -1 EBADF (Bad file descriptor) [pid 5034] close(17) = -1 EBADF (Bad file descriptor) [pid 5034] close(18) = -1 EBADF (Bad file descriptor) [pid 5034] close(19) = -1 EBADF (Bad file descriptor) [pid 5034] close(20) = -1 EBADF (Bad file descriptor) [pid 5034] close(21) = -1 EBADF (Bad file descriptor) [pid 5034] close(22) = -1 EBADF (Bad file descriptor) [pid 5034] close(23) = -1 EBADF (Bad file descriptor) [pid 5034] close(24) = -1 EBADF (Bad file descriptor) [pid 5034] close(25) = -1 EBADF (Bad file descriptor) [pid 5034] close(26) = -1 EBADF (Bad file descriptor) [pid 5034] close(27) = -1 EBADF (Bad file descriptor) [pid 5034] close(28) = -1 EBADF (Bad file descriptor) [pid 5034] close(29) = -1 EBADF (Bad file descriptor) [pid 5034] exit_group(0 [pid 5037] <... futex resumed>) = ? [pid 5036] <... futex resumed>) = ? [pid 5035] <... futex resumed>) = ? [pid 5034] <... exit_group resumed>) = ? [pid 5037] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=36, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./6/binderfs") = 0 [pid 5001] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./6/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./6") = 0 [pid 5001] mkdir("./7", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 37 ./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x5555567175e0, 24) = 0 [pid 5039] chdir("./7") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5039] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5040 attached [pid 5040] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5040] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... clone resumed>, parent_tid=[38], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 38 [pid 5039] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5039] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5040] munmap(0x7f02c8363000, 524288) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.573679][ T26] audit: type=1800 audit(1687442190.341:8): pid=5035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file0", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file0") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.648546][ T5040] loop0: detected capacity change from 0 to 1024 [ 50.672798][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.680192][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.687674][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5040] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5039] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[39], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 39 [pid 5039] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5041] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5041] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [ 50.694959][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.702316][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.709932][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.717354][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.724661][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.732020][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.739366][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5041] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5039] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[40], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 40 [pid 5039] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 50.746731][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.754032][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.761478][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.768916][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.776309][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.783790][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.791189][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5042] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 41 [pid 5042] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5042] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5043 attached [pid 5043] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 50.798761][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.806378][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.814258][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.821950][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.829308][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.836750][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5041] <... write resumed>) = 53248 [pid 5041] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] +++ killed by SIGSEGV (core dumped) +++ [pid 5042] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5042] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=41, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5042] getpid() = 37 [pid 5042] rt_sigreturn({mask=[]}) = 202 [ 50.844032][ T5041] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.851380][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.858788][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.866145][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.874034][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.881943][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.889486][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.896968][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.904331][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.911684][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.919025][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.926332][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.933661][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.940979][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5042] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] close(3) = 0 [pid 5039] close(4) = -1 EBADF (Bad file descriptor) [pid 5039] close(5) = 0 [pid 5039] close(6) = -1 EBADF (Bad file descriptor) [pid 5039] close(7) = -1 EBADF (Bad file descriptor) [pid 5039] close(8) = -1 EBADF (Bad file descriptor) [pid 5039] close(9) = -1 EBADF (Bad file descriptor) [pid 5039] close(10) = -1 EBADF (Bad file descriptor) [pid 5039] close(11) = -1 EBADF (Bad file descriptor) [pid 5039] close(12) = -1 EBADF (Bad file descriptor) [pid 5039] close(13) = -1 EBADF (Bad file descriptor) [pid 5039] close(14) = -1 EBADF (Bad file descriptor) [pid 5039] close(15) = -1 EBADF (Bad file descriptor) [pid 5039] close(16) = -1 EBADF (Bad file descriptor) [pid 5039] close(17) = -1 EBADF (Bad file descriptor) [pid 5039] close(18) = -1 EBADF (Bad file descriptor) [pid 5039] close(19) = -1 EBADF (Bad file descriptor) [pid 5039] close(20) = -1 EBADF (Bad file descriptor) [pid 5039] close(21) = -1 EBADF (Bad file descriptor) [pid 5039] close(22) = -1 EBADF (Bad file descriptor) [pid 5039] close(23) = -1 EBADF (Bad file descriptor) [pid 5039] close(24) = -1 EBADF (Bad file descriptor) [pid 5039] close(25) = -1 EBADF (Bad file descriptor) [pid 5039] close(26) = -1 EBADF (Bad file descriptor) [pid 5039] close(27) = -1 EBADF (Bad file descriptor) [pid 5039] close(28) = -1 EBADF (Bad file descriptor) [pid 5039] close(29) = -1 EBADF (Bad file descriptor) [pid 5039] exit_group(0 [pid 5042] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5040] <... open resumed>) = ? [ 50.948286][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.955636][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.963071][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.970386][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [ 50.977698][ T5040] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=41, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./7/binderfs") = 0 [pid 5001] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./7/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./7") = 0 [pid 5001] mkdir("./8", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached , child_tidptr=0x5555567175d0) = 42 [pid 5044] set_robust_list(0x5555567175e0, 24) = 0 [pid 5044] chdir("./8") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5044] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[43], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 43 [pid 5044] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [ 50.985105][ T26] audit: type=1800 audit(1687442190.761:9): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5045] munmap(0x7f02c8363000, 524288) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file0", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file0") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 51.048235][ T5045] loop0: detected capacity change from 0 to 1024 [ 51.072069][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.079446][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.087062][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5045] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5044] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[44], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 44 [pid 5044] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5046 attached [pid 5046] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5046] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5046] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... futex resumed>) = 1 [ 51.094389][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.101789][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.109347][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.116846][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.124153][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.131487][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.138807][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5046] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5044] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[45], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 45 [pid 5044] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 51.146097][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.153409][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.160898][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.168229][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.175573][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.182928][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.190304][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5047] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 46 ./strace-static-x86_64: Process 5048 attached [pid 5048] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5047] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [ 51.197739][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.205058][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.214285][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.221721][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.229212][ T5046] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.236865][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5047] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... write resumed>) = 53248 [pid 5046] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.244148][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.251819][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.259563][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.267034][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.274509][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.282024][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.289540][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5046] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] +++ killed by SIGSEGV (core dumped) +++ [pid 5047] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5047] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=46, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5047] getpid() = 42 [pid 5047] rt_sigreturn({mask=[]}) = 202 [ 51.296940][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.304240][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.311573][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.319780][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.327222][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.334696][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.342052][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5047] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... open resumed>) = 4 [pid 5045] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.349403][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.356741][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.364026][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.371651][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.378957][ T5045] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5045] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] close(3) = 0 [pid 5044] close(4) = 0 [pid 5044] close(5) = 0 [pid 5044] close(6) = -1 EBADF (Bad file descriptor) [pid 5044] close(7) = -1 EBADF (Bad file descriptor) [pid 5044] close(8) = -1 EBADF (Bad file descriptor) [pid 5044] close(9) = -1 EBADF (Bad file descriptor) [pid 5044] close(10) = -1 EBADF (Bad file descriptor) [pid 5044] close(11) = -1 EBADF (Bad file descriptor) [pid 5044] close(12) = -1 EBADF (Bad file descriptor) [pid 5044] close(13) = -1 EBADF (Bad file descriptor) [pid 5044] close(14) = -1 EBADF (Bad file descriptor) [pid 5044] close(15) = -1 EBADF (Bad file descriptor) [pid 5044] close(16) = -1 EBADF (Bad file descriptor) [pid 5044] close(17) = -1 EBADF (Bad file descriptor) [pid 5044] close(18) = -1 EBADF (Bad file descriptor) [pid 5044] close(19) = -1 EBADF (Bad file descriptor) [pid 5044] close(20) = -1 EBADF (Bad file descriptor) [pid 5044] close(21) = -1 EBADF (Bad file descriptor) [pid 5044] close(22) = -1 EBADF (Bad file descriptor) [pid 5044] close(23) = -1 EBADF (Bad file descriptor) [pid 5044] close(24) = -1 EBADF (Bad file descriptor) [pid 5044] close(25) = -1 EBADF (Bad file descriptor) [pid 5044] close(26) = -1 EBADF (Bad file descriptor) [pid 5044] close(27) = -1 EBADF (Bad file descriptor) [pid 5044] close(28) = -1 EBADF (Bad file descriptor) [pid 5044] close(29) = -1 EBADF (Bad file descriptor) [pid 5044] exit_group(0 [pid 5047] <... futex resumed>) = ? [pid 5046] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5044] <... exit_group resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=46, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5001] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./8/binderfs") = 0 [pid 5001] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./8/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./8") = 0 [pid 5001] mkdir("./9", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 47 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x5555567175e0, 24) = 0 [pid 5049] chdir("./9") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5049] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[48], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 48 [pid 5049] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5050] munmap(0x7f02c8363000, 524288) = 0 [ 51.386379][ T26] audit: type=1800 audit(1687442191.151:10): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file0", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file0") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.447548][ T5050] loop0: detected capacity change from 0 to 1024 [ 51.469307][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.477196][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.484553][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5050] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5049] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5049] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5049] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[49], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 49 [pid 5049] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5051] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5051] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [ 51.492304][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.499730][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.507043][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.514378][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.521723][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.529630][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.536981][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5051] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5049] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5049] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5049] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[50], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 50 [pid 5049] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5052] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 51 [ 51.544288][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.551637][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.558993][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.566621][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.574037][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.582070][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.589884][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5052] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5053 attached [pid 5049] <... futex resumed>) = 0 [pid 5053] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5052] <... futex resumed>) = 1 [ 51.597783][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.605661][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.613609][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.621189][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.629700][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.637226][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5052] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... write resumed>) = 53248 [pid 5051] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=51, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5049] getpid() = 47 [pid 5049] rt_sigreturn({mask=[]}) = 0 [pid 5052] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [ 51.644527][ T5051] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.652346][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.660082][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.667733][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.675031][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.682704][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.690441][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.697904][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.705207][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.712643][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.720018][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.727450][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.734774][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5052] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] close(3) = 0 [pid 5049] close(4) = -1 EBADF (Bad file descriptor) [pid 5049] close(5) = 0 [pid 5049] close(6) = -1 EBADF (Bad file descriptor) [pid 5049] close(7) = -1 EBADF (Bad file descriptor) [pid 5049] close(8) = -1 EBADF (Bad file descriptor) [pid 5049] close(9) = -1 EBADF (Bad file descriptor) [pid 5049] close(10) = -1 EBADF (Bad file descriptor) [pid 5049] close(11) = -1 EBADF (Bad file descriptor) [pid 5049] close(12) = -1 EBADF (Bad file descriptor) [pid 5049] close(13) = -1 EBADF (Bad file descriptor) [pid 5049] close(14) = -1 EBADF (Bad file descriptor) [pid 5049] close(15) = -1 EBADF (Bad file descriptor) [pid 5049] close(16) = -1 EBADF (Bad file descriptor) [pid 5049] close(17) = -1 EBADF (Bad file descriptor) [pid 5049] close(18) = -1 EBADF (Bad file descriptor) [pid 5049] close(19) = -1 EBADF (Bad file descriptor) [pid 5049] close(20) = -1 EBADF (Bad file descriptor) [pid 5049] close(21) = -1 EBADF (Bad file descriptor) [pid 5049] close(22) = -1 EBADF (Bad file descriptor) [pid 5049] close(23) = -1 EBADF (Bad file descriptor) [pid 5049] close(24) = -1 EBADF (Bad file descriptor) [pid 5049] close(25) = -1 EBADF (Bad file descriptor) [pid 5049] close(26) = -1 EBADF (Bad file descriptor) [pid 5049] close(27) = -1 EBADF (Bad file descriptor) [pid 5049] close(28) = -1 EBADF (Bad file descriptor) [pid 5049] close(29) = -1 EBADF (Bad file descriptor) [pid 5049] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5051] <... futex resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ [pid 5049] <... exit_group resumed>) = ? [pid 5050] <... open resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=51, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./9/binderfs") = 0 [ 51.742235][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.749563][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.757028][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.764750][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.773173][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.780521][ T5050] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5001] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./9/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./9") = 0 [pid 5001] mkdir("./10", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x5555567175e0, 24) = 0 [pid 5054] chdir("./10" [pid 5001] <... clone resumed>, child_tidptr=0x5555567175d0) = 52 [pid 5054] <... chdir resumed>) = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5054] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5055] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... clone resumed>, parent_tid=[53], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 53 [pid 5054] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5054] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5055] memfd_create("syzkaller", 0) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5055] munmap(0x7f02c8363000, 524288) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.787999][ T26] audit: type=1800 audit(1687442191.561:11): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./file0", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./file0") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.853035][ T5055] loop0: detected capacity change from 0 to 1024 [ 51.877839][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.885820][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.893377][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5055] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5054] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[54], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 54 [pid 5054] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5056] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5056] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 1 [ 51.900826][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.908179][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.915455][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.923298][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.931288][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.939049][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.946335][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5056] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5054] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5054] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[55], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 55 [pid 5054] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5057] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 56 [ 51.954049][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.961445][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.968873][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.976197][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.983739][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [ 51.991731][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5057] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5057] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5058 attached [pid 5058] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 51.999367][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.007494][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.015312][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.024535][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.032020][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.039455][ T5056] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.047024][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5056] <... write resumed>) = 53248 [pid 5056] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.054350][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.061901][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.069370][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.077270][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.084858][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.092299][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5056] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] +++ killed by SIGSEGV (core dumped) +++ [pid 5057] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5057] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=56, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5057] getpid() = 52 [pid 5057] rt_sigreturn({mask=[]}) = 202 [ 52.099653][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.107314][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.114857][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.122398][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.129777][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.137661][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.145070][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5057] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... open resumed>) = 4 [pid 5055] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] close(3) = 0 [pid 5054] close(4) = 0 [pid 5054] close(5) = 0 [pid 5054] close(6) = -1 EBADF (Bad file descriptor) [pid 5054] close(7) = -1 EBADF (Bad file descriptor) [pid 5054] close(8) = -1 EBADF (Bad file descriptor) [pid 5054] close(9) = -1 EBADF (Bad file descriptor) [pid 5054] close(10) = -1 EBADF (Bad file descriptor) [pid 5054] close(11) = -1 EBADF (Bad file descriptor) [pid 5054] close(12) = -1 EBADF (Bad file descriptor) [pid 5054] close(13) = -1 EBADF (Bad file descriptor) [pid 5054] close(14) = -1 EBADF (Bad file descriptor) [pid 5054] close(15) = -1 EBADF (Bad file descriptor) [pid 5054] close(16) = -1 EBADF (Bad file descriptor) [pid 5054] close(17) = -1 EBADF (Bad file descriptor) [pid 5054] close(18) = -1 EBADF (Bad file descriptor) [pid 5054] close(19) = -1 EBADF (Bad file descriptor) [pid 5054] close(20) = -1 EBADF (Bad file descriptor) [pid 5054] close(21) = -1 EBADF (Bad file descriptor) [pid 5054] close(22) = -1 EBADF (Bad file descriptor) [pid 5054] close(23) = -1 EBADF (Bad file descriptor) [pid 5054] close(24) = -1 EBADF (Bad file descriptor) [pid 5054] close(25) = -1 EBADF (Bad file descriptor) [pid 5054] close(26) = -1 EBADF (Bad file descriptor) [pid 5054] close(27) = -1 EBADF (Bad file descriptor) [pid 5054] close(28) = -1 EBADF (Bad file descriptor) [pid 5054] close(29) = -1 EBADF (Bad file descriptor) [pid 5054] exit_group(0 [pid 5057] <... futex resumed>) = ? [pid 5056] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=56, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./10/binderfs") = 0 [pid 5001] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./10/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./10") = 0 [pid 5001] mkdir("./11", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.152674][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.160136][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.167578][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.174883][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.182336][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.189688][ T5055] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 57 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x5555567175e0, 24) = 0 [pid 5059] chdir("./11") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5059] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5060 attached , parent_tid=[58], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 58 [pid 5060] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5060] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5059] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5060] munmap(0x7f02c8363000, 524288) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file0", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5059] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.261117][ T5060] loop0: detected capacity change from 0 to 1024 [ 52.288726][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.296081][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.303494][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5059] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5059] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5059] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[59], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 59 [pid 5059] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5061] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5061] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 1 [ 52.310894][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.318350][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.325636][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.333104][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.340485][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.348359][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5061] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5059] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5059] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5059] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[60], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 60 [pid 5059] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5062] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 61 [ 52.355675][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.363141][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.370740][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.378300][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.385616][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.393125][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.400917][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree ./strace-static-x86_64: Process 5063 attached [pid 5063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5062] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [ 52.408551][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.415904][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.423853][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.432825][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.440389][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.448179][ T5061] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5062] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... write resumed>) = 53248 [pid 5061] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] +++ killed by SIGSEGV (core dumped) +++ [pid 5062] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5062] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=61, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5062] getpid() = 57 [pid 5062] rt_sigreturn({mask=[]}) = 202 [ 52.455600][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.463543][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.471325][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.479144][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.486966][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.494352][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.501879][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.509300][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.516749][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.524072][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.531521][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.538889][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.546240][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.553580][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5062] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] close(3) = 0 [pid 5059] close(4) = -1 EBADF (Bad file descriptor) [pid 5059] close(5) = 0 [pid 5059] close(6) = -1 EBADF (Bad file descriptor) [pid 5059] close(7) = -1 EBADF (Bad file descriptor) [pid 5059] close(8) = -1 EBADF (Bad file descriptor) [pid 5059] close(9) = -1 EBADF (Bad file descriptor) [pid 5059] close(10) = -1 EBADF (Bad file descriptor) [pid 5059] close(11) = -1 EBADF (Bad file descriptor) [pid 5059] close(12) = -1 EBADF (Bad file descriptor) [pid 5059] close(13) = -1 EBADF (Bad file descriptor) [pid 5059] close(14) = -1 EBADF (Bad file descriptor) [pid 5059] close(15) = -1 EBADF (Bad file descriptor) [pid 5059] close(16) = -1 EBADF (Bad file descriptor) [pid 5059] close(17) = -1 EBADF (Bad file descriptor) [pid 5059] close(18) = -1 EBADF (Bad file descriptor) [pid 5059] close(19) = -1 EBADF (Bad file descriptor) [pid 5059] close(20) = -1 EBADF (Bad file descriptor) [pid 5059] close(21) = -1 EBADF (Bad file descriptor) [pid 5059] close(22) = -1 EBADF (Bad file descriptor) [pid 5059] close(23) = -1 EBADF (Bad file descriptor) [pid 5059] close(24) = -1 EBADF (Bad file descriptor) [pid 5059] close(25) = -1 EBADF (Bad file descriptor) [pid 5059] close(26) = -1 EBADF (Bad file descriptor) [pid 5059] close(27) = -1 EBADF (Bad file descriptor) [pid 5059] close(28) = -1 EBADF (Bad file descriptor) [pid 5059] close(29) = -1 EBADF (Bad file descriptor) [pid 5059] exit_group(0 [pid 5062] <... futex resumed>) = ? [pid 5061] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5060] <... open resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=61, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./11/binderfs") = 0 [pid 5001] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [ 52.560908][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.568234][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.575548][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.582895][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.590218][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.597524][ T5060] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5001] rmdir("./11/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./11") = 0 [pid 5001] mkdir("./12", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 62 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555567175e0, 24) = 0 [pid 5064] chdir("./12") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5064] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5065 attached , parent_tid=[63], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 63 [pid 5065] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5065] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5065] munmap(0x7f02c8363000, 524288) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.662864][ T5065] loop0: detected capacity change from 0 to 1024 [ 52.688168][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.695453][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.702819][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5065] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5064] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[64], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 64 [pid 5064] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5066] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5066] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [ 52.710132][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.717494][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.724768][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.732175][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.739483][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.747103][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.754393][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5066] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5064] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[65], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 65 [pid 5064] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 52.761768][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.769359][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.776783][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.784094][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.791460][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.799236][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5067] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 66 ./strace-static-x86_64: Process 5068 attached [pid 5068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5067] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5067] <... futex resumed>) = 0 [ 52.806687][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.813970][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.821980][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.830019][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.837622][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.845468][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.853469][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5067] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... write resumed>) = 53248 [pid 5068] +++ killed by SIGSEGV (core dumped) +++ [pid 5066] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5064] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=66, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5067] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] getpid() = 62 [pid 5064] rt_sigreturn({mask=[]}) = 0 [pid 5066] <... futex resumed>) = 0 [ 52.861016][ T5066] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.868382][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.875978][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.884073][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.891451][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.898846][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.906123][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.913530][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.920850][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.928188][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.935449][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.942796][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.950101][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5066] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] close(3) = 0 [pid 5064] close(4) = -1 EBADF (Bad file descriptor) [pid 5064] close(5) = 0 [pid 5064] close(6) = -1 EBADF (Bad file descriptor) [pid 5064] close(7) = -1 EBADF (Bad file descriptor) [pid 5064] close(8) = -1 EBADF (Bad file descriptor) [pid 5064] close(9) = -1 EBADF (Bad file descriptor) [pid 5064] close(10) = -1 EBADF (Bad file descriptor) [pid 5064] close(11) = -1 EBADF (Bad file descriptor) [pid 5064] close(12) = -1 EBADF (Bad file descriptor) [pid 5064] close(13) = -1 EBADF (Bad file descriptor) [pid 5064] close(14) = -1 EBADF (Bad file descriptor) [pid 5064] close(15) = -1 EBADF (Bad file descriptor) [pid 5064] close(16) = -1 EBADF (Bad file descriptor) [pid 5064] close(17) = -1 EBADF (Bad file descriptor) [pid 5064] close(18) = -1 EBADF (Bad file descriptor) [pid 5064] close(19) = -1 EBADF (Bad file descriptor) [pid 5064] close(20) = -1 EBADF (Bad file descriptor) [pid 5064] close(21) = -1 EBADF (Bad file descriptor) [pid 5064] close(22) = -1 EBADF (Bad file descriptor) [pid 5064] close(23) = -1 EBADF (Bad file descriptor) [pid 5064] close(24) = -1 EBADF (Bad file descriptor) [pid 5064] close(25) = -1 EBADF (Bad file descriptor) [pid 5064] close(26) = -1 EBADF (Bad file descriptor) [pid 5064] close(27) = -1 EBADF (Bad file descriptor) [pid 5064] close(28) = -1 EBADF (Bad file descriptor) [pid 5064] close(29) = -1 EBADF (Bad file descriptor) [pid 5064] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = ? [pid 5064] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5065] <... open resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=66, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./12/binderfs") = 0 [pid 5001] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./12/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./12") = 0 [pid 5001] mkdir("./13", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x5555567175d0) = 67 [pid 5069] set_robust_list(0x5555567175e0, 24) = 0 [pid 5069] chdir("./13") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5069] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5070 attached , parent_tid=[68], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 68 [pid 5069] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [ 52.957430][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.964705][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.972073][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.979383][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.987025][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [ 52.994320][ T5065] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5070] munmap(0x7f02c8363000, 524288) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file0", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 53.048389][ T5070] loop0: detected capacity change from 0 to 1024 [ 53.070106][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.077480][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.084824][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5070] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5069] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[69], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 69 [pid 5069] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5071] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5071] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [ 53.092184][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.099941][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.107255][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.114585][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.121955][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.129363][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.136704][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5071] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5069] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[70], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 70 [pid 5069] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 53.144056][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.151459][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.158911][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.166241][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.173690][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.181246][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.188824][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5072] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 71 [pid 5072] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5073 attached [pid 5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5069] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5072] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... write resumed>) = 53248 [pid 5071] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.196113][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.204971][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.212566][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.219938][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.227506][ T5071] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.235020][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.242556][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.250101][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.257495][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.264803][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.272143][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.279919][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.287262][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5071] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] +++ killed by SIGSEGV (core dumped) +++ [pid 5072] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5072] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=71, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5072] getpid() = 67 [pid 5072] rt_sigreturn({mask=[]}) = 202 [ 53.294578][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.301891][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.309226][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.316658][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.323948][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.331261][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.338631][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5072] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] close(3) = 0 [pid 5069] close(4) = -1 EBADF (Bad file descriptor) [pid 5069] close(5) = 0 [pid 5069] close(6) = -1 EBADF (Bad file descriptor) [pid 5069] close(7) = -1 EBADF (Bad file descriptor) [pid 5069] close(8) = -1 EBADF (Bad file descriptor) [pid 5069] close(9) = -1 EBADF (Bad file descriptor) [pid 5069] close(10) = -1 EBADF (Bad file descriptor) [pid 5069] close(11) = -1 EBADF (Bad file descriptor) [pid 5069] close(12) = -1 EBADF (Bad file descriptor) [pid 5069] close(13) = -1 EBADF (Bad file descriptor) [pid 5069] close(14) = -1 EBADF (Bad file descriptor) [pid 5069] close(15) = -1 EBADF (Bad file descriptor) [pid 5069] close(16) = -1 EBADF (Bad file descriptor) [pid 5069] close(17) = -1 EBADF (Bad file descriptor) [pid 5069] close(18) = -1 EBADF (Bad file descriptor) [pid 5069] close(19) = -1 EBADF (Bad file descriptor) [pid 5069] close(20) = -1 EBADF (Bad file descriptor) [pid 5069] close(21) = -1 EBADF (Bad file descriptor) [pid 5069] close(22) = -1 EBADF (Bad file descriptor) [pid 5069] close(23) = -1 EBADF (Bad file descriptor) [pid 5069] close(24) = -1 EBADF (Bad file descriptor) [pid 5069] close(25) = -1 EBADF (Bad file descriptor) [pid 5069] close(26) = -1 EBADF (Bad file descriptor) [pid 5069] close(27) = -1 EBADF (Bad file descriptor) [pid 5069] close(28) = -1 EBADF (Bad file descriptor) [pid 5069] close(29) = -1 EBADF (Bad file descriptor) [pid 5069] exit_group(0 [pid 5072] <... futex resumed>) = ? [pid 5071] <... futex resumed>) = ? [pid 5069] <... exit_group resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ [pid 5070] <... open resumed>) = ? [ 53.345919][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.353359][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.360781][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.368258][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.375582][ T5070] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.383297][ T26] kauditd_printk_skb: 3 callbacks suppressed [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=71, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./13/binderfs") = 0 [pid 5001] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./13/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./13") = 0 [pid 5001] mkdir("./14", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 72 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x5555567175e0, 24) = 0 [pid 5074] chdir("./14") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5074] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5075 attached , parent_tid=[73], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 73 [pid 5075] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5075] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5074] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5075] munmap(0x7f02c8363000, 524288) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.383309][ T26] audit: type=1800 audit(1687442193.161:15): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.461243][ T5075] loop0: detected capacity change from 0 to 1024 [ 53.478424][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.487031][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.494581][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.502367][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5075] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5074] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[74], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 74 [pid 5074] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5076] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5076] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [ 53.509925][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.517272][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.524668][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.532656][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.540252][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.547784][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5076] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5074] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[75], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 75 [pid 5074] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 53.555118][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.562445][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.569959][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.577388][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.584875][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.592745][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.600847][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5077] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 76 [pid 5077] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5078 attached [pid 5078] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5077] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5077] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... write resumed>) = 53248 [pid 5076] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.608580][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.616872][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.624850][ T5076] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.633093][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.640900][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.648649][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.655989][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.663422][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.670800][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.678296][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.685652][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.693117][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.700507][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5076] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] +++ killed by SIGSEGV (core dumped) +++ [pid 5074] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=76, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5074] getpid() = 72 [pid 5074] rt_sigreturn({mask=[]}) = 0 [pid 5077] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [ 53.708079][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.715708][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.723523][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.730874][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.738335][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.745627][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.753116][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5077] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] close(3) = 0 [pid 5074] close(4) = -1 EBADF (Bad file descriptor) [pid 5074] close(5) = 0 [pid 5074] close(6) = -1 EBADF (Bad file descriptor) [pid 5074] close(7) = -1 EBADF (Bad file descriptor) [pid 5074] close(8) = -1 EBADF (Bad file descriptor) [pid 5074] close(9) = -1 EBADF (Bad file descriptor) [pid 5074] close(10) = -1 EBADF (Bad file descriptor) [pid 5074] close(11) = -1 EBADF (Bad file descriptor) [pid 5074] close(12) = -1 EBADF (Bad file descriptor) [pid 5074] close(13) = -1 EBADF (Bad file descriptor) [pid 5074] close(14) = -1 EBADF (Bad file descriptor) [pid 5074] close(15) = -1 EBADF (Bad file descriptor) [pid 5074] close(16) = -1 EBADF (Bad file descriptor) [pid 5074] close(17) = -1 EBADF (Bad file descriptor) [pid 5074] close(18) = -1 EBADF (Bad file descriptor) [pid 5074] close(19) = -1 EBADF (Bad file descriptor) [pid 5074] close(20) = -1 EBADF (Bad file descriptor) [pid 5074] close(21) = -1 EBADF (Bad file descriptor) [pid 5074] close(22) = -1 EBADF (Bad file descriptor) [pid 5074] close(23) = -1 EBADF (Bad file descriptor) [pid 5074] close(24) = -1 EBADF (Bad file descriptor) [pid 5074] close(25) = -1 EBADF (Bad file descriptor) [pid 5074] close(26) = -1 EBADF (Bad file descriptor) [pid 5074] close(27) = -1 EBADF (Bad file descriptor) [pid 5074] close(28) = -1 EBADF (Bad file descriptor) [pid 5074] close(29) = -1 EBADF (Bad file descriptor) [pid 5074] exit_group(0 [pid 5077] <... futex resumed>) = ? [pid 5074] <... exit_group resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [ 53.760456][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.767856][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.775165][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.782625][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.790481][ T5075] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5075] <... open resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=76, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5001] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./14/binderfs") = 0 [pid 5001] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./14/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./14") = 0 [pid 5001] mkdir("./15", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 77 ./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x5555567175e0, 24) = 0 [pid 5079] chdir("./15") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5079] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[78], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 78 [pid 5079] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5080] munmap(0x7f02c8363000, 524288) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.798184][ T26] audit: type=1800 audit(1687442193.571:16): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [pid 5080] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 0 [ 53.857972][ T5080] loop0: detected capacity change from 0 to 1024 [ 53.890073][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.897510][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5080] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5079] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5079] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[79], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 79 [pid 5079] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5081] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5081] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 1 [ 53.905031][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.912440][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.920047][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.927814][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.935606][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.943024][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.951094][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5081] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5079] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5079] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[80], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 80 [pid 5079] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 53.958410][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.965736][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.973064][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.980413][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.988062][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 53.995433][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5082] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 81 [pid 5082] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5083 attached [pid 5083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5079] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [ 54.002963][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.011255][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.018912][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.026559][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.034718][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.042417][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.050135][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5082] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... write resumed>) = 53248 [pid 5081] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.057641][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.065163][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.072612][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.080295][ T5081] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.087804][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.095684][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5081] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] +++ killed by SIGSEGV (core dumped) +++ [pid 5082] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5082] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=81, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5082] getpid() = 77 [pid 5082] rt_sigreturn({mask=[]}) = 202 [ 54.103743][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.111335][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.118914][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.126631][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.133988][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.141417][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.148850][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5082] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] close(3) = 0 [pid 5079] close(4) = -1 EBADF (Bad file descriptor) [pid 5079] close(5) = 0 [pid 5079] close(6) = -1 EBADF (Bad file descriptor) [pid 5079] close(7) = -1 EBADF (Bad file descriptor) [pid 5079] close(8) = -1 EBADF (Bad file descriptor) [pid 5079] close(9) = -1 EBADF (Bad file descriptor) [pid 5079] close(10) = -1 EBADF (Bad file descriptor) [pid 5079] close(11) = -1 EBADF (Bad file descriptor) [pid 5079] close(12) = -1 EBADF (Bad file descriptor) [pid 5079] close(13) = -1 EBADF (Bad file descriptor) [pid 5079] close(14) = -1 EBADF (Bad file descriptor) [pid 5079] close(15) = -1 EBADF (Bad file descriptor) [pid 5079] close(16) = -1 EBADF (Bad file descriptor) [pid 5079] close(17) = -1 EBADF (Bad file descriptor) [pid 5079] close(18) = -1 EBADF (Bad file descriptor) [pid 5079] close(19) = -1 EBADF (Bad file descriptor) [ 54.156132][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.163549][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.171037][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.178506][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.185816][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.193270][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.200599][ T5080] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5079] close(20) = -1 EBADF (Bad file descriptor) [pid 5079] close(21) = -1 EBADF (Bad file descriptor) [pid 5079] close(22) = -1 EBADF (Bad file descriptor) [pid 5079] close(23) = -1 EBADF (Bad file descriptor) [pid 5079] close(24) = -1 EBADF (Bad file descriptor) [pid 5079] close(25) = -1 EBADF (Bad file descriptor) [pid 5079] close(26) = -1 EBADF (Bad file descriptor) [pid 5079] close(27) = -1 EBADF (Bad file descriptor) [pid 5079] close(28) = -1 EBADF (Bad file descriptor) [pid 5079] close(29) = -1 EBADF (Bad file descriptor) [pid 5079] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5081] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ [pid 5080] <... open resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=81, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5001] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./15/binderfs") = 0 [pid 5001] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./15/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./15") = 0 [pid 5001] mkdir("./16", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 82 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555567175e0, 24) = 0 [pid 5084] chdir("./16") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5084] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5085 attached , parent_tid=[83], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 83 [pid 5085] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5085] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5084] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [ 54.208792][ T26] audit: type=1800 audit(1687442193.981:17): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5085] munmap(0x7f02c8363000, 524288) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.274492][ T5085] loop0: detected capacity change from 0 to 1024 [ 54.303137][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.310805][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5085] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5084] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[84], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 84 [pid 5084] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5086] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5086] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [ 54.318478][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.325766][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.333193][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.340596][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.348121][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.355445][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.362943][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5086] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5084] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[85], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 85 [pid 5084] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 54.370385][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.377965][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.385354][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.392813][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.400394][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.407859][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.415183][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5087] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 86 [pid 5087] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5087] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5088 attached [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5086] <... write resumed>) = 53248 [ 54.422981][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.431170][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.438795][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.446110][ T5086] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.453930][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.461873][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5086] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.470173][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.478114][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.485658][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.493264][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.500683][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.508332][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.515786][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5086] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] +++ killed by SIGSEGV (core dumped) +++ [pid 5087] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5087] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=86, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5087] getpid() = 82 [pid 5087] rt_sigreturn({mask=[]}) = 202 [ 54.523434][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.531011][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.538394][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.545693][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.553007][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.560348][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.567692][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5087] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.574993][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.582310][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.589664][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.596988][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.604280][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.611593][ T5085] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5085] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] close(3) = 0 [pid 5084] close(4) = 0 [pid 5084] close(5) = 0 [pid 5084] close(6) = -1 EBADF (Bad file descriptor) [pid 5084] close(7) = -1 EBADF (Bad file descriptor) [pid 5084] close(8) = -1 EBADF (Bad file descriptor) [pid 5084] close(9) = -1 EBADF (Bad file descriptor) [pid 5084] close(10) = -1 EBADF (Bad file descriptor) [pid 5084] close(11) = -1 EBADF (Bad file descriptor) [pid 5084] close(12) = -1 EBADF (Bad file descriptor) [pid 5084] close(13) = -1 EBADF (Bad file descriptor) [pid 5084] close(14) = -1 EBADF (Bad file descriptor) [pid 5084] close(15) = -1 EBADF (Bad file descriptor) [pid 5084] close(16) = -1 EBADF (Bad file descriptor) [pid 5084] close(17) = -1 EBADF (Bad file descriptor) [pid 5084] close(18) = -1 EBADF (Bad file descriptor) [pid 5084] close(19) = -1 EBADF (Bad file descriptor) [pid 5084] close(20) = -1 EBADF (Bad file descriptor) [pid 5084] close(21) = -1 EBADF (Bad file descriptor) [pid 5084] close(22) = -1 EBADF (Bad file descriptor) [pid 5084] close(23) = -1 EBADF (Bad file descriptor) [pid 5084] close(24) = -1 EBADF (Bad file descriptor) [pid 5084] close(25) = -1 EBADF (Bad file descriptor) [pid 5084] close(26) = -1 EBADF (Bad file descriptor) [pid 5084] close(27) = -1 EBADF (Bad file descriptor) [pid 5084] close(28) = -1 EBADF (Bad file descriptor) [pid 5084] close(29) = -1 EBADF (Bad file descriptor) [pid 5084] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5087] <... futex resumed>) = ? [pid 5085] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=86, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./16/binderfs") = 0 [pid 5001] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./16/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./16") = 0 [pid 5001] mkdir("./17", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 87 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x5555567175e0, 24) = 0 [pid 5089] chdir("./17") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5089] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[88], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 88 [pid 5089] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5090] munmap(0x7f02c8363000, 524288) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.619009][ T26] audit: type=1800 audit(1687442194.401:18): pid=5085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [ 54.675974][ T5090] loop0: detected capacity change from 0 to 1024 [ 54.690144][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.697734][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.705164][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.712960][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5090] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5089] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[89], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 89 [pid 5089] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5091] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5091] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [ 54.720477][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.727942][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.735356][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.742772][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.750204][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.757725][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.765104][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5091] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5089] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[90], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 90 [pid 5089] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5092] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 91 [ 54.772485][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.779882][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.787280][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.794775][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.802220][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.809721][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.817355][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5092] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5093 attached [pid 5089] <... futex resumed>) = 0 [pid 5093] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5092] <... futex resumed>) = 1 [ 54.824698][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.832226][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.839702][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.847159][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.854486][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.861967][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.869340][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5092] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... write resumed>) = 53248 [pid 5091] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.876975][ T5091] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.884298][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.891869][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.899384][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.906808][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.914114][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5091] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] +++ killed by SIGSEGV (core dumped) +++ [pid 5092] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5092] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=91, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5092] getpid() = 87 [pid 5092] rt_sigreturn({mask=[]}) = 202 [ 54.921453][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.928980][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.936297][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.943869][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.951227][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.958566][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.965836][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5092] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... open resumed>) = 4 [pid 5090] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] close(3) = 0 [pid 5089] close(4) = 0 [pid 5089] close(5) = 0 [pid 5089] close(6) = -1 EBADF (Bad file descriptor) [pid 5089] close(7) = -1 EBADF (Bad file descriptor) [pid 5089] close(8) = -1 EBADF (Bad file descriptor) [pid 5089] close(9) = -1 EBADF (Bad file descriptor) [pid 5089] close(10) = -1 EBADF (Bad file descriptor) [pid 5089] close(11) = -1 EBADF (Bad file descriptor) [pid 5089] close(12) = -1 EBADF (Bad file descriptor) [pid 5089] close(13) = -1 EBADF (Bad file descriptor) [pid 5089] close(14) = -1 EBADF (Bad file descriptor) [pid 5089] close(15) = -1 EBADF (Bad file descriptor) [pid 5089] close(16) = -1 EBADF (Bad file descriptor) [pid 5089] close(17) = -1 EBADF (Bad file descriptor) [pid 5089] close(18) = -1 EBADF (Bad file descriptor) [pid 5089] close(19) = -1 EBADF (Bad file descriptor) [pid 5089] close(20) = -1 EBADF (Bad file descriptor) [pid 5089] close(21) = -1 EBADF (Bad file descriptor) [pid 5089] close(22) = -1 EBADF (Bad file descriptor) [pid 5089] close(23) = -1 EBADF (Bad file descriptor) [pid 5089] close(24) = -1 EBADF (Bad file descriptor) [pid 5089] close(25) = -1 EBADF (Bad file descriptor) [pid 5089] close(26) = -1 EBADF (Bad file descriptor) [pid 5089] close(27) = -1 EBADF (Bad file descriptor) [pid 5089] close(28) = -1 EBADF (Bad file descriptor) [pid 5089] close(29) = -1 EBADF (Bad file descriptor) [pid 5089] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5091] <... futex resumed>) = ? [pid 5090] <... futex resumed>) = ? [pid 5089] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=91, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5001] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./17/binderfs") = 0 [pid 5001] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./17/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./17") = 0 [pid 5001] mkdir("./18", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 92 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555567175e0, 24) = 0 [pid 5094] chdir("./18") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5094] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[93], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 93 [pid 5094] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5095] munmap(0x7f02c8363000, 524288) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.973181][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.980483][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.987858][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 54.995143][ T5090] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.002651][ T26] audit: type=1800 audit(1687442194.781:19): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file0", 0777) = 0 [pid 5095] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file0") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.058694][ T5095] loop0: detected capacity change from 0 to 1024 [ 55.079575][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.086975][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.094365][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5095] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5094] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[94], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 94 [pid 5094] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5096] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5096] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [ 55.101977][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.109442][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.117008][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.124360][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.131862][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.139394][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.146775][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5096] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5094] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[95], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 95 [pid 5094] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 55.154070][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.161546][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.168904][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.176416][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.183811][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.191441][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.199063][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5097] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88./strace-static-x86_64: Process 5098 attached ) = 96 [pid 5097] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5097] <... futex resumed>) = 1 [pid 5097] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... futex resumed>) = 0 [pid 5096] <... write resumed>) = 53248 [pid 5096] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.206343][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.214093][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.221749][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.229455][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.237033][ T5096] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.244409][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.252191][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5096] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] +++ killed by SIGSEGV (core dumped) +++ [pid 5097] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5097] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=96, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5097] getpid() = 92 [pid 5097] rt_sigreturn({mask=[]}) = 202 [ 55.259707][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.267396][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.274756][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.282125][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.289632][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.297035][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.304333][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.311671][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.318996][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.326275][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.333627][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.340935][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.348372][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5097] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] close(3) = 0 [pid 5094] close(4) = -1 EBADF (Bad file descriptor) [pid 5094] close(5) = 0 [pid 5094] close(6) = -1 EBADF (Bad file descriptor) [pid 5094] close(7) = -1 EBADF (Bad file descriptor) [pid 5094] close(8) = -1 EBADF (Bad file descriptor) [pid 5094] close(9) = -1 EBADF (Bad file descriptor) [pid 5094] close(10) = -1 EBADF (Bad file descriptor) [pid 5094] close(11) = -1 EBADF (Bad file descriptor) [pid 5094] close(12) = -1 EBADF (Bad file descriptor) [pid 5094] close(13) = -1 EBADF (Bad file descriptor) [pid 5094] close(14) = -1 EBADF (Bad file descriptor) [pid 5094] close(15) = -1 EBADF (Bad file descriptor) [pid 5094] close(16) = -1 EBADF (Bad file descriptor) [pid 5094] close(17) = -1 EBADF (Bad file descriptor) [pid 5094] close(18) = -1 EBADF (Bad file descriptor) [pid 5094] close(19) = -1 EBADF (Bad file descriptor) [pid 5094] close(20) = -1 EBADF (Bad file descriptor) [pid 5094] close(21) = -1 EBADF (Bad file descriptor) [pid 5094] close(22) = -1 EBADF (Bad file descriptor) [pid 5094] close(23) = -1 EBADF (Bad file descriptor) [pid 5094] close(24) = -1 EBADF (Bad file descriptor) [pid 5094] close(25) = -1 EBADF (Bad file descriptor) [pid 5094] close(26) = -1 EBADF (Bad file descriptor) [pid 5094] close(27) = -1 EBADF (Bad file descriptor) [pid 5094] close(28) = -1 EBADF (Bad file descriptor) [pid 5094] close(29) = -1 EBADF (Bad file descriptor) [pid 5094] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [ 55.355660][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.363380][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.370696][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.378077][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.385355][ T5095] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5095] <... open resumed>) = ? [pid 5096] <... futex resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=96, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./18/binderfs") = 0 [pid 5001] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./18/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./18") = 0 [pid 5001] mkdir("./19", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x5555567175e0, 24) = 0 [pid 5099] chdir("./19") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... clone resumed>, child_tidptr=0x5555567175d0) = 97 [pid 5099] <... openat resumed>) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5099] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[98], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 98 [pid 5099] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [ 55.392818][ T26] audit: type=1800 audit(1687442195.171:20): pid=5095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5100] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5100] munmap(0x7f02c8363000, 524288) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [ 55.458885][ T5100] loop0: detected capacity change from 0 to 1024 [ 55.486202][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.493730][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.501211][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5100] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5099] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5099] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5099] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[99], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 99 [pid 5099] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5101] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5101] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [ 55.508887][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.516226][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.523831][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.531359][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.538749][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.546096][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5101] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5099] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5099] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5099] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[100], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 100 [pid 5099] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.553508][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.560931][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.568297][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.575623][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.583187][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.590773][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.598144][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5099] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5102] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 101 [pid 5102] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5102] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5103 attached [pid 5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 55.605508][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.613125][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.620685][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.630644][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.638096][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.645418][ T5101] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5101] <... write resumed>) = 53248 [pid 5101] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] +++ killed by SIGSEGV (core dumped) +++ [pid 5102] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5102] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=101, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5099] getpid() = 97 [pid 5099] rt_sigreturn({mask=[]}) = 0 [ 55.653122][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.660769][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.668239][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.675664][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.683376][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.691064][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.698539][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.705879][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.713544][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.721012][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.728457][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.735779][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.743419][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.750780][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5099] close(3) = 0 [pid 5099] close(4) = -1 EBADF (Bad file descriptor) [pid 5099] close(5) = 0 [pid 5099] close(6) = -1 EBADF (Bad file descriptor) [pid 5099] close(7) = -1 EBADF (Bad file descriptor) [pid 5099] close(8) = -1 EBADF (Bad file descriptor) [pid 5099] close(9) = -1 EBADF (Bad file descriptor) [pid 5099] close(10) = -1 EBADF (Bad file descriptor) [pid 5099] close(11) = -1 EBADF (Bad file descriptor) [pid 5099] close(12) = -1 EBADF (Bad file descriptor) [pid 5099] close(13) = -1 EBADF (Bad file descriptor) [pid 5099] close(14) = -1 EBADF (Bad file descriptor) [pid 5099] close(15) = -1 EBADF (Bad file descriptor) [pid 5099] close(16) = -1 EBADF (Bad file descriptor) [pid 5099] close(17) = -1 EBADF (Bad file descriptor) [pid 5099] close(18) = -1 EBADF (Bad file descriptor) [pid 5099] close(19) = -1 EBADF (Bad file descriptor) [pid 5099] close(20) = -1 EBADF (Bad file descriptor) [pid 5099] close(21) = -1 EBADF (Bad file descriptor) [pid 5099] close(22) = -1 EBADF (Bad file descriptor) [pid 5099] close(23) = -1 EBADF (Bad file descriptor) [pid 5099] close(24) = -1 EBADF (Bad file descriptor) [pid 5099] close(25) = -1 EBADF (Bad file descriptor) [pid 5099] close(26) = -1 EBADF (Bad file descriptor) [pid 5099] close(27) = -1 EBADF (Bad file descriptor) [pid 5099] close(28) = -1 EBADF (Bad file descriptor) [pid 5099] close(29) = -1 EBADF (Bad file descriptor) [pid 5099] exit_group(0 [pid 5102] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] <... open resumed>) = ? [ 55.758287][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.765603][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.773062][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.780431][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.787889][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.795217][ T5100] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=101, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./19/binderfs") = 0 [pid 5001] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./19/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./19") = 0 [pid 5001] mkdir("./20", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x5555567175d0) = 102 [pid 5104] set_robust_list(0x5555567175e0, 24) = 0 [pid 5104] chdir("./20") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5104] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[103], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 103 [pid 5104] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5105] munmap(0x7f02c8363000, 524288) = 0 [ 55.802770][ T26] audit: type=1800 audit(1687442195.581:21): pid=5100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 0 [ 55.872792][ T5105] loop0: detected capacity change from 0 to 1024 [ 55.899800][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.907405][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.914801][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5105] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5104] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[104], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 104 [pid 5104] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5106] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5106] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 1 [ 55.922233][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.929907][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.937376][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.945747][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.953186][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.960752][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5106] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5104] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[105], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 105 [pid 5104] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5107] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 106 [ 55.968105][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.975595][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.983004][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.990531][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 55.997967][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.005391][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.013175][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5107] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5108 attached [pid 5104] <... futex resumed>) = 0 [pid 5108] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5107] <... futex resumed>) = 1 [pid 5107] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] <... write resumed>) = 53248 [pid 5106] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.021371][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.029208][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.036735][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.044101][ T5106] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.051966][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.059717][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5106] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] +++ killed by SIGSEGV (core dumped) +++ [pid 5107] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5107] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=106, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5107] getpid() = 102 [pid 5107] rt_sigreturn({mask=[]}) = 202 [ 56.067288][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.074625][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.082658][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.090299][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.097760][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.105074][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.112980][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5107] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] close(3) = 0 [pid 5104] close(4) = -1 EBADF (Bad file descriptor) [pid 5104] close(5) = 0 [pid 5104] close(6) = -1 EBADF (Bad file descriptor) [pid 5104] close(7) = -1 EBADF (Bad file descriptor) [pid 5104] close(8) = -1 EBADF (Bad file descriptor) [pid 5104] close(9) = -1 EBADF (Bad file descriptor) [pid 5104] close(10) = -1 EBADF (Bad file descriptor) [pid 5104] close(11) = -1 EBADF (Bad file descriptor) [ 56.120527][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.128011][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.135322][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.142770][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.150143][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.157588][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.164910][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5104] close(12) = -1 EBADF (Bad file descriptor) [pid 5104] close(13) = -1 EBADF (Bad file descriptor) [pid 5104] close(14) = -1 EBADF (Bad file descriptor) [pid 5104] close(15) = -1 EBADF (Bad file descriptor) [pid 5104] close(16) = -1 EBADF (Bad file descriptor) [pid 5104] close(17) = -1 EBADF (Bad file descriptor) [pid 5104] close(18) = -1 EBADF (Bad file descriptor) [pid 5104] close(19) = -1 EBADF (Bad file descriptor) [pid 5104] close(20) = -1 EBADF (Bad file descriptor) [pid 5104] close(21) = -1 EBADF (Bad file descriptor) [pid 5104] close(22) = -1 EBADF (Bad file descriptor) [pid 5104] close(23) = -1 EBADF (Bad file descriptor) [pid 5104] close(24) = -1 EBADF (Bad file descriptor) [pid 5104] close(25) = -1 EBADF (Bad file descriptor) [pid 5104] close(26) = -1 EBADF (Bad file descriptor) [pid 5104] close(27) = -1 EBADF (Bad file descriptor) [pid 5104] close(28) = -1 EBADF (Bad file descriptor) [pid 5104] close(29) = -1 EBADF (Bad file descriptor) [pid 5104] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5107] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5105] <... open resumed>) = ? [ 56.173026][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.180532][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.188084][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.195407][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.202890][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.210243][ T5105] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=106, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./20/binderfs") = 0 [pid 5001] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./20/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./20") = 0 [pid 5001] mkdir("./21", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 107 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555567175e0, 24) = 0 [pid 5109] chdir("./21") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5109] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[108], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 108 [pid 5109] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5110] munmap(0x7f02c8363000, 524288) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.217795][ T26] audit: type=1800 audit(1687442196.001:22): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5109] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.277562][ T5110] loop0: detected capacity change from 0 to 1024 [ 56.303368][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.311116][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.318683][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5109] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5109] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5109] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5109] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[109], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 109 [pid 5109] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5111] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5111] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [ 56.326049][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.333824][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.341533][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.349010][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.356298][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.364119][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5111] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5109] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5109] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [ 56.371830][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.379257][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.386728][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.394137][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.401628][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.409137][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.416593][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5109] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[110], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 110 [pid 5109] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5112] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 111 [pid 5112] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5113 attached [pid 5113] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5109] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [ 56.424069][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.432088][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.439549][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.447911][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.455601][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.463343][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.470761][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5112] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... write resumed>) = 53248 [pid 5111] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.478203][ T5111] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.485564][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.494703][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.502759][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.510896][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.518430][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5111] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] +++ killed by SIGSEGV (core dumped) +++ [pid 5112] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5112] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=111, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5112] getpid() = 107 [pid 5112] rt_sigreturn({mask=[]}) = 202 [ 56.525763][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.533545][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.540980][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.548397][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.555683][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.563078][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.570398][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5112] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] close(3) = 0 [pid 5109] close(4) = -1 EBADF (Bad file descriptor) [pid 5109] close(5) = 0 [pid 5109] close(6) = -1 EBADF (Bad file descriptor) [pid 5109] close(7) = -1 EBADF (Bad file descriptor) [pid 5109] close(8) = -1 EBADF (Bad file descriptor) [pid 5109] close(9) = -1 EBADF (Bad file descriptor) [pid 5109] close(10) = -1 EBADF (Bad file descriptor) [pid 5109] close(11) = -1 EBADF (Bad file descriptor) [pid 5109] close(12) = -1 EBADF (Bad file descriptor) [pid 5109] close(13) = -1 EBADF (Bad file descriptor) [pid 5109] close(14) = -1 EBADF (Bad file descriptor) [pid 5109] close(15) = -1 EBADF (Bad file descriptor) [pid 5109] close(16) = -1 EBADF (Bad file descriptor) [pid 5109] close(17) = -1 EBADF (Bad file descriptor) [pid 5109] close(18) = -1 EBADF (Bad file descriptor) [pid 5109] close(19) = -1 EBADF (Bad file descriptor) [pid 5109] close(20) = -1 EBADF (Bad file descriptor) [pid 5109] close(21) = -1 EBADF (Bad file descriptor) [pid 5109] close(22) = -1 EBADF (Bad file descriptor) [pid 5109] close(23) = -1 EBADF (Bad file descriptor) [pid 5109] close(24) = -1 EBADF (Bad file descriptor) [pid 5109] close(25) = -1 EBADF (Bad file descriptor) [pid 5109] close(26) = -1 EBADF (Bad file descriptor) [pid 5109] close(27) = -1 EBADF (Bad file descriptor) [pid 5109] close(28) = -1 EBADF (Bad file descriptor) [pid 5109] close(29) = -1 EBADF (Bad file descriptor) [pid 5109] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5111] <... futex resumed>) = ? [pid 5109] <... exit_group resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ [pid 5110] <... open resumed>) = ? [ 56.577804][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.585110][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.592517][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.599854][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.607263][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.614575][ T5110] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=111, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./21/binderfs") = 0 [pid 5001] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./21/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./21") = 0 [pid 5001] mkdir("./22", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 112 ./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x5555567175e0, 24) = 0 [pid 5114] chdir("./22") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5114] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[113], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 113 [pid 5114] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5115] munmap(0x7f02c8363000, 524288) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.622102][ T26] audit: type=1800 audit(1687442196.401:23): pid=5110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file0", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file0") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5115] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... futex resumed>) = 0 [pid 5115] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 56.686897][ T5115] loop0: detected capacity change from 0 to 1024 [ 56.713444][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.720939][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.728348][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5114] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5114] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5114] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[114], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 114 [pid 5114] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5116] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5116] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 1 [ 56.735617][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.743486][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.750850][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.758402][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.765723][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.773141][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5116] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5114] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5114] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[115], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 115 [pid 5114] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 56.780504][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.787893][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.795191][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.802785][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.810157][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.817592][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.824885][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5117] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 116 [pid 5117] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5117] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5118 attached [pid 5118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 56.832313][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.839685][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.847108][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.854413][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.861864][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.870622][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.878149][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5116] <... write resumed>) = 53248 [pid 5116] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.885456][ T5116] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.893051][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.900620][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.908134][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.915629][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.923178][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.930605][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.938102][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.945488][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.952929][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.960344][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.967685][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.974968][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5116] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] +++ killed by SIGSEGV (core dumped) +++ [pid 5117] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5117] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=116, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5117] getpid() = 112 [pid 5117] rt_sigreturn({mask=[]}) = 202 [pid 5117] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... open resumed>) = 4 [pid 5115] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] close(3) = 0 [pid 5114] close(4) = 0 [pid 5114] close(5) = 0 [pid 5114] close(6) = -1 EBADF (Bad file descriptor) [pid 5114] close(7) = -1 EBADF (Bad file descriptor) [pid 5114] close(8) = -1 EBADF (Bad file descriptor) [pid 5114] close(9) = -1 EBADF (Bad file descriptor) [pid 5114] close(10) = -1 EBADF (Bad file descriptor) [pid 5114] close(11) = -1 EBADF (Bad file descriptor) [pid 5114] close(12) = -1 EBADF (Bad file descriptor) [pid 5114] close(13) = -1 EBADF (Bad file descriptor) [pid 5114] close(14) = -1 EBADF (Bad file descriptor) [pid 5114] close(15) = -1 EBADF (Bad file descriptor) [ 56.982362][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.989688][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 56.997409][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.004801][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.012208][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.019578][ T5115] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5114] close(16) = -1 EBADF (Bad file descriptor) [pid 5114] close(17) = -1 EBADF (Bad file descriptor) [pid 5114] close(18) = -1 EBADF (Bad file descriptor) [pid 5114] close(19) = -1 EBADF (Bad file descriptor) [pid 5114] close(20) = -1 EBADF (Bad file descriptor) [pid 5114] close(21) = -1 EBADF (Bad file descriptor) [pid 5114] close(22) = -1 EBADF (Bad file descriptor) [pid 5114] close(23) = -1 EBADF (Bad file descriptor) [pid 5114] close(24) = -1 EBADF (Bad file descriptor) [pid 5114] close(25) = -1 EBADF (Bad file descriptor) [pid 5114] close(26) = -1 EBADF (Bad file descriptor) [pid 5114] close(27) = -1 EBADF (Bad file descriptor) [pid 5114] close(28) = -1 EBADF (Bad file descriptor) [pid 5114] close(29) = -1 EBADF (Bad file descriptor) [pid 5114] exit_group(0 [pid 5117] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5115] <... futex resumed>) = ? [pid 5114] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=116, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5001] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./22/binderfs") = 0 [pid 5001] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./22/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./22") = 0 [pid 5001] mkdir("./23", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 117 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555567175e0, 24) = 0 [pid 5119] chdir("./23") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5119] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[118], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 118 [pid 5119] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5120] munmap(0x7f02c8363000, 524288) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.027033][ T26] audit: type=1800 audit(1687442196.801:24): pid=5115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [ 57.088770][ T5120] loop0: detected capacity change from 0 to 1024 [ 57.111824][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.119547][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.127333][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5120] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5119] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[119], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 119 [pid 5119] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5121] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5121] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [ 57.134936][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.142535][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.149865][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.157402][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.165219][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.172607][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.179904][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5121] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5119] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[120], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 120 [pid 5119] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5122] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 121 [ 57.187539][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.194850][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.202259][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.209629][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.217566][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.225523][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5122] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5122] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5123 attached [pid 5123] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 57.233142][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.240834][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.248459][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.256096][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.263666][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.271150][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.278664][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5121] <... write resumed>) = 53248 [pid 5121] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] +++ killed by SIGSEGV (core dumped) +++ [pid 5122] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5122] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=121, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5122] getpid() = 117 [pid 5122] rt_sigreturn({mask=[]}) = 202 [ 57.286020][ T5121] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.293501][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.301130][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.308976][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.316637][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.324063][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.331527][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.339295][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.346821][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.354164][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.361497][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.368929][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.376214][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5122] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] close(3) = 0 [pid 5119] close(4) = -1 EBADF (Bad file descriptor) [pid 5119] close(5) = 0 [pid 5119] close(6) = -1 EBADF (Bad file descriptor) [pid 5119] close(7) = -1 EBADF (Bad file descriptor) [pid 5119] close(8) = -1 EBADF (Bad file descriptor) [pid 5119] close(9) = -1 EBADF (Bad file descriptor) [pid 5119] close(10) = -1 EBADF (Bad file descriptor) [pid 5119] close(11) = -1 EBADF (Bad file descriptor) [pid 5119] close(12) = -1 EBADF (Bad file descriptor) [pid 5119] close(13) = -1 EBADF (Bad file descriptor) [pid 5119] close(14) = -1 EBADF (Bad file descriptor) [pid 5119] close(15) = -1 EBADF (Bad file descriptor) [pid 5119] close(16) = -1 EBADF (Bad file descriptor) [pid 5119] close(17) = -1 EBADF (Bad file descriptor) [pid 5119] close(18) = -1 EBADF (Bad file descriptor) [pid 5119] close(19) = -1 EBADF (Bad file descriptor) [pid 5119] close(20) = -1 EBADF (Bad file descriptor) [pid 5119] close(21) = -1 EBADF (Bad file descriptor) [pid 5119] close(22) = -1 EBADF (Bad file descriptor) [pid 5119] close(23) = -1 EBADF (Bad file descriptor) [pid 5119] close(24) = -1 EBADF (Bad file descriptor) [pid 5119] close(25) = -1 EBADF (Bad file descriptor) [pid 5119] close(26) = -1 EBADF (Bad file descriptor) [pid 5119] close(27) = -1 EBADF (Bad file descriptor) [pid 5119] close(28) = -1 EBADF (Bad file descriptor) [pid 5119] close(29) = -1 EBADF (Bad file descriptor) [pid 5119] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5119] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] <... open resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=121, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./23/binderfs") = 0 [pid 5001] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./23/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./23") = 0 [pid 5001] mkdir("./24", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555567175e0, 24) = 0 [pid 5124] chdir("./24") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5001] <... clone resumed>, child_tidptr=0x5555567175d0) = 122 [pid 5124] <... prctl resumed>) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5124] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[123], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 123 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5125] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] memfd_create("syzkaller", 0 [pid 5124] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5125] <... memfd_create resumed>) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [ 57.383597][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.390902][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.398226][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.405513][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.412879][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.420194][ T5120] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5125] munmap(0x7f02c8363000, 524288) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] mkdir("./file0", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file0") = 0 [pid 5125] ioctl(4, LOOP_CLR_FD) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.475369][ T5125] loop0: detected capacity change from 0 to 1024 [ 57.499951][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.507572][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.514859][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5125] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5124] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5124] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[124], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 124 [pid 5124] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5126] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5126] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [ 57.522176][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.529537][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.536837][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.544171][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.551532][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.558929][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.566207][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5126] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5124] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5124] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[125], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 125 [pid 5124] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5127] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 126 [ 57.573757][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.581105][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.588660][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.596155][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.603553][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.611126][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.618475][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5127] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5128 attached [pid 5124] <... futex resumed>) = 0 [pid 5128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5127] <... futex resumed>) = 1 [ 57.625766][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.633282][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.642165][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.649551][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.657066][ T5126] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.664385][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5127] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... write resumed>) = 53248 [pid 5126] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.671806][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.679181][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.686759][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.694066][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.701571][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.708937][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.716210][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5126] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] +++ killed by SIGSEGV (core dumped) +++ [pid 5127] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5124] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=126, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5127] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] getpid() = 122 [pid 5124] rt_sigreturn({mask=[]}) = 0 [ 57.723585][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.731089][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.739796][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.747125][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.754413][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.761717][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.769073][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5124] close(3) = 0 [pid 5124] close(4) = -1 EBADF (Bad file descriptor) [pid 5124] close(5) = 0 [pid 5124] close(6) = -1 EBADF (Bad file descriptor) [pid 5124] close(7) = -1 EBADF (Bad file descriptor) [pid 5124] close(8) = -1 EBADF (Bad file descriptor) [pid 5124] close(9) = -1 EBADF (Bad file descriptor) [pid 5124] close(10) = -1 EBADF (Bad file descriptor) [pid 5124] close(11) = -1 EBADF (Bad file descriptor) [pid 5124] close(12) = -1 EBADF (Bad file descriptor) [pid 5124] close(13) = -1 EBADF (Bad file descriptor) [pid 5124] close(14) = -1 EBADF (Bad file descriptor) [pid 5124] close(15) = -1 EBADF (Bad file descriptor) [pid 5124] close(16) = -1 EBADF (Bad file descriptor) [pid 5124] close(17) = -1 EBADF (Bad file descriptor) [pid 5124] close(18) = -1 EBADF (Bad file descriptor) [pid 5124] close(19) = -1 EBADF (Bad file descriptor) [pid 5124] close(20) = -1 EBADF (Bad file descriptor) [pid 5124] close(21) = -1 EBADF (Bad file descriptor) [pid 5124] close(22) = -1 EBADF (Bad file descriptor) [pid 5124] close(23) = -1 EBADF (Bad file descriptor) [pid 5124] close(24) = -1 EBADF (Bad file descriptor) [pid 5124] close(25) = -1 EBADF (Bad file descriptor) [pid 5124] close(26) = -1 EBADF (Bad file descriptor) [pid 5124] close(27) = -1 EBADF (Bad file descriptor) [pid 5124] close(28) = -1 EBADF (Bad file descriptor) [pid 5124] close(29) = -1 EBADF (Bad file descriptor) [pid 5124] exit_group(0 [pid 5127] <... futex resumed>) = ? [pid 5126] <... futex resumed>) = ? [pid 5124] <... exit_group resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5125] <... open resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=126, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./24/binderfs") = 0 [pid 5001] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./24/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./24") = 0 [pid 5001] mkdir("./25", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 127 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x5555567175e0, 24) = 0 [pid 5129] chdir("./25") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5129] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[128], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 128 [pid 5129] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5130] munmap(0x7f02c8363000, 524288) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.776350][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.783701][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.791087][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.798460][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.805779][ T5125] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file0", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file0") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.851436][ T5130] loop0: detected capacity change from 0 to 1024 [ 57.876285][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.883831][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.891355][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5130] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5129] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5129] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[129], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 129 [pid 5129] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5131] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5131] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... futex resumed>) = 1 [ 57.898689][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.906003][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.913548][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.920936][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.928270][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.935785][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.943245][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5131] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5129] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5129] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[130], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 130 [pid 5129] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f02c83c19e0, 24) = 0 [ 57.950657][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.957994][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.965449][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.973222][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.980594][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 57.987948][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5132] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 131 ./strace-static-x86_64: Process 5133 attached [pid 5133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5132] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5132] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... write resumed>) = 53248 [ 57.995790][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.003502][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.011062][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.020931][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.028370][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.035659][ T5131] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.043020][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5131] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] +++ killed by SIGSEGV (core dumped) +++ [pid 5132] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5132] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=131, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5132] getpid() = 127 [pid 5132] rt_sigreturn({mask=[]}) = 202 [ 58.050642][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.058571][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.066199][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.073814][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.081987][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.089480][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.097131][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.104420][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.111723][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.119042][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.126325][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.133654][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.140948][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5132] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] close(3) = 0 [pid 5129] close(4) = -1 EBADF (Bad file descriptor) [pid 5129] close(5) = 0 [pid 5129] close(6) = -1 EBADF (Bad file descriptor) [pid 5129] close(7) = -1 EBADF (Bad file descriptor) [pid 5129] close(8) = -1 EBADF (Bad file descriptor) [pid 5129] close(9) = -1 EBADF (Bad file descriptor) [pid 5129] close(10) = -1 EBADF (Bad file descriptor) [pid 5129] close(11) = -1 EBADF (Bad file descriptor) [pid 5129] close(12) = -1 EBADF (Bad file descriptor) [pid 5129] close(13) = -1 EBADF (Bad file descriptor) [pid 5129] close(14) = -1 EBADF (Bad file descriptor) [pid 5129] close(15) = -1 EBADF (Bad file descriptor) [pid 5129] close(16) = -1 EBADF (Bad file descriptor) [pid 5129] close(17) = -1 EBADF (Bad file descriptor) [pid 5129] close(18) = -1 EBADF (Bad file descriptor) [pid 5129] close(19) = -1 EBADF (Bad file descriptor) [pid 5129] close(20) = -1 EBADF (Bad file descriptor) [pid 5129] close(21) = -1 EBADF (Bad file descriptor) [pid 5129] close(22) = -1 EBADF (Bad file descriptor) [pid 5129] close(23) = -1 EBADF (Bad file descriptor) [pid 5129] close(24) = -1 EBADF (Bad file descriptor) [pid 5129] close(25) = -1 EBADF (Bad file descriptor) [pid 5129] close(26) = -1 EBADF (Bad file descriptor) [pid 5129] close(27) = -1 EBADF (Bad file descriptor) [pid 5129] close(28) = -1 EBADF (Bad file descriptor) [pid 5129] close(29) = -1 EBADF (Bad file descriptor) [pid 5129] exit_group(0 [pid 5132] <... futex resumed>) = ? [pid 5129] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] <... futex resumed>) = ? [pid 5130] <... open resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=131, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./25/binderfs") = 0 [pid 5001] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./25/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./25") = 0 [pid 5001] mkdir("./26", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 132 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555567175e0, 24) = 0 [pid 5134] chdir("./26") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5134] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5135] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... clone resumed>, parent_tid=[133], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 133 [pid 5134] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5135] munmap(0x7f02c8363000, 524288) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.148289][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.155565][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.162901][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.170208][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.177958][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.186147][ T5130] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5134] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.233332][ T5135] loop0: detected capacity change from 0 to 1024 [ 58.257294][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.264637][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.272216][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5134] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5134] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[134], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 134 [pid 5134] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5136] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5136] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [ 58.279522][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.286855][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.294119][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.301544][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.308916][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.316295][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.323686][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5136] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.331073][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.338420][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.345714][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.353264][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.360833][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.368270][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.375654][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5134] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[135], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 135 [pid 5134] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5137] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 136 [pid 5137] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5137] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5138 attached [pid 5138] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5136] <... write resumed>) = 53248 [ 58.383267][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.390726][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.400156][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.407606][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.414932][ T5136] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.422332][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5136] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.430028][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.437676][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.445152][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.452829][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.460233][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.467710][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.475030][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5136] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] +++ killed by SIGSEGV (core dumped) +++ [pid 5137] <... futex resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 5137] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] --- SIGRT_1 {si_signo=SIGRT_1, si_code=0x3, si_pid=136, si_uid=0, si_int=11, si_ptr=0xb} --- [pid 5134] getpid() = 132 [pid 5134] rt_sigreturn({mask=[]}) = 0 [ 58.483141][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.491208][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.498667][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.505988][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.513803][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.521324][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.528888][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.536228][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.543744][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.551127][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.558558][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.565866][ T5135] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.573402][ T26] kauditd_printk_skb: 3 callbacks suppressed [pid 5134] close(3 [pid 5135] <... open resumed>) = 4 [pid 5134] <... close resumed>) = 0 [pid 5135] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] close(4) = 0 [pid 5134] close(5) = 0 [pid 5134] close(6) = -1 EBADF (Bad file descriptor) [pid 5134] close(7) = -1 EBADF (Bad file descriptor) [pid 5134] close(8) = -1 EBADF (Bad file descriptor) [pid 5134] close(9) = -1 EBADF (Bad file descriptor) [pid 5134] close(10) = -1 EBADF (Bad file descriptor) [pid 5134] close(11) = -1 EBADF (Bad file descriptor) [pid 5134] close(12) = -1 EBADF (Bad file descriptor) [pid 5134] close(13) = -1 EBADF (Bad file descriptor) [pid 5134] close(14) = -1 EBADF (Bad file descriptor) [pid 5134] close(15) = -1 EBADF (Bad file descriptor) [pid 5134] close(16) = -1 EBADF (Bad file descriptor) [pid 5134] close(17) = -1 EBADF (Bad file descriptor) [pid 5134] close(18) = -1 EBADF (Bad file descriptor) [pid 5134] close(19) = -1 EBADF (Bad file descriptor) [pid 5134] close(20) = -1 EBADF (Bad file descriptor) [pid 5134] close(21) = -1 EBADF (Bad file descriptor) [pid 5134] close(22) = -1 EBADF (Bad file descriptor) [pid 5134] close(23) = -1 EBADF (Bad file descriptor) [pid 5134] close(24) = -1 EBADF (Bad file descriptor) [pid 5134] close(25) = -1 EBADF (Bad file descriptor) [pid 5134] close(26) = -1 EBADF (Bad file descriptor) [pid 5134] close(27) = -1 EBADF (Bad file descriptor) [pid 5134] close(28) = -1 EBADF (Bad file descriptor) [pid 5134] close(29) = -1 EBADF (Bad file descriptor) [pid 5134] exit_group(0 [pid 5136] <... futex resumed>) = ? [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5137] <... futex resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=136, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./26/binderfs") = 0 [pid 5001] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5001] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x555556720660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x555556720660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./26/file0") = 0 [pid 5001] getdents64(3, 0x555556718620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./26") = 0 [pid 5001] mkdir("./27", 0777) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567175d0) = 137 ./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x5555567175e0, 24) = 0 [pid 5139] chdir("./27") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02d0763000 [pid 5139] mprotect(0x7f02d0764000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7f02d07833f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[138], tls=0x7f02d0783700, child_tidptr=0x7f02d07839d0) = 138 [pid 5139] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7f02d07839e0, 24) = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02c8363000 [ 58.573411][ T26] audit: type=1800 audit(1687442198.351:28): pid=5135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5140] munmap(0x7f02c8363000, 524288) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./file0", 0777) = 0 [pid 5140] mount("/dev/loop0", "./file0", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK|MS_STRICTATIME, "") = 0 [pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file0") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f02d085c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f02d085c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... futex resumed>) = 0 [ 58.651887][ T5140] loop0: detected capacity change from 0 to 1024 [ 58.677390][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.684736][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.692168][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5140] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5139] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5139] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83c2000 [pid 5139] mprotect(0x7f02c83c3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7f02c83e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[139], tls=0x7f02c83e2700, child_tidptr=0x7f02c83e29d0) = 139 [pid 5139] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x7f02c83e29e0, 24) = 0 [pid 5141] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5141] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7f02d085c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f02d085c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [ 58.699495][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.707130][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.714424][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.721983][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.729317][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.736729][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.744262][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.752048][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.759373][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.766715][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.773993][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.781758][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.789144][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5141] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5139] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5139] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02c83a1000 [pid 5139] mprotect(0x7f02c83a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7f02c83c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[140], tls=0x7f02c83c1700, child_tidptr=0x7f02c83c19d0) = 140 [pid 5139] futex(0x7f02d085c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f02d085c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7f02c83c19e0, 24) = 0 [pid 5142] clone3({flags=CLONE_PTRACE|CLONE_SYSVSEM, exit_signal=SIGRT_1, stack=0x20000240, stack_size=0xa8, cgroup=5}, 88) = 141 [pid 5142] futex(0x7f02d085c7cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5143 attached [pid 5143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5139] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [ 58.796486][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.803862][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.811338][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.819010][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.826341][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.835844][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.843350][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [pid 5142] futex(0x7f02d085c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... write resumed>) = 53248 [pid 5141] futex(0x7f02d085c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.851493][ T5141] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.858998][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.866350][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.874131][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.881780][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.889197][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.896489][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.904202][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.911703][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.919091][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.926375][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.934126][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.941697][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.949092][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.949694][ T5143] ------------[ cut here ]------------ [ 58.956361][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.956402][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.962030][ T5143] WARNING: CPU: 0 PID: 5143 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x3d6/0x510 [ 58.969727][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.976641][ T5143] Modules linked in: [pid 5141] futex(0x7f02d085c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... open resumed>) = 4 [pid 5140] futex(0x7f02d085c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f02d085c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] close(5) = 0 [pid 5139] close(6) = -1 EBADF (Bad file descriptor) [pid 5139] close(7) = -1 EBADF (Bad file descriptor) [pid 5139] close(8) = -1 EBADF (Bad file descriptor) [pid 5139] close(9) = -1 EBADF (Bad file descriptor) [pid 5139] close(10) = -1 EBADF (Bad file descriptor) [pid 5139] close(11) = -1 EBADF (Bad file descriptor) [pid 5139] close(12) = -1 EBADF (Bad file descriptor) [pid 5139] close(13) = -1 EBADF (Bad file descriptor) [pid 5139] close(14) = -1 EBADF (Bad file descriptor) [pid 5139] close(15) = -1 EBADF (Bad file descriptor) [pid 5139] close(16) = -1 EBADF (Bad file descriptor) [pid 5139] close(17) = -1 EBADF (Bad file descriptor) [pid 5139] close(18) = -1 EBADF (Bad file descriptor) [pid 5139] close(19) = -1 EBADF (Bad file descriptor) [pid 5139] close(20) = -1 EBADF (Bad file descriptor) [pid 5139] close(21) = -1 EBADF (Bad file descriptor) [pid 5139] close(22) = -1 EBADF (Bad file descriptor) [pid 5139] close(23) = -1 EBADF (Bad file descriptor) [pid 5139] close(24) = -1 EBADF (Bad file descriptor) [pid 5139] close(25) = -1 EBADF (Bad file descriptor) [pid 5139] close(26) = -1 EBADF (Bad file descriptor) [pid 5139] close(27) = -1 EBADF (Bad file descriptor) [pid 5139] close(28) = -1 EBADF (Bad file descriptor) [pid 5139] close(29) = -1 EBADF (Bad file descriptor) [pid 5139] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5141] <... futex resumed>) = ? [pid 5141] +++ exited with 0 +++ [ 58.976656][ T5143] CPU: 0 PID: 5143 Comm: syz-executor734 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0 [ 58.976676][ T5143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 58.976687][ T5143] RIP: 0010:hfsplus_free_extents+0x3d6/0x510 [ 58.987388][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.993863][ T5143] Code: d1 34 ff 8b 44 24 04 85 c0 0f 84 34 fe ff ff e8 e0 d4 34 ff 48 c7 c7 a0 d5 66 8a e8 d4 b8 18 ff e9 1e fe ff ff e8 ca d4 34 ff <0f> 0b e9 b7 fc ff ff e8 be d4 34 ff 8b 14 24 8b 74 24 04 48 8b 7c [pid 5142] <... futex resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=137, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- [pid 5001] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x555556718620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./27/binderfs") = 0 [ 58.997692][ T5140] hfsplus: request for non-existent node 16777216 in B*Tree [ 58.997907][ T26] audit: type=1800 audit(1687442198.781:29): pid=5140 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor734" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 59.008168][ T5143] RSP: 0018:ffffc90003ceeed8 EFLAGS: 00010293 [ 59.084878][ T5143] RAX: 0000000000000000 RBX: ffff88801668b618 RCX: 0000000000000000 [ 59.092928][ T5143] RDX: ffff888029695940 RSI: ffffffff824f7246 RDI: 0000000000000001 [ 59.100928][ T5143] RBP: 000000000000014e R08: 0000000000000001 R09: 0000000000000000 [ 59.108928][ T5143] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000024655901 [ 59.116927][ T5143] R13: 000000000000000a R14: ffff88807b864000 R15: ffff88801668b740 [ 59.124886][ T5143] FS: 00007f02c83c1700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.133953][ T5143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.140575][ T5143] CR2: 00007f02c83e21f8 CR3: 000000007b9c9000 CR4: 0000000000350ef0 [ 59.148586][ T5143] Call Trace: [ 59.151872][ T5143] [ 59.154786][ T5143] ? __warn+0xe6/0x390 [ 59.158943][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.164371][ T5143] ? report_bug+0x2da/0x500 [ 59.168989][ T5143] ? handle_bug+0x3c/0x70 [ 59.173329][ T5143] ? exc_invalid_op+0x18/0x50 [ 59.178101][ T5143] ? asm_exc_invalid_op+0x1a/0x20 [ 59.183157][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.188669][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.194059][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.199480][ T5143] hfsplus_file_truncate+0xe42/0x10e0 [ 59.204900][ T5143] ? hfsplus_get_block+0x9b0/0x9b0 [ 59.210087][ T5143] ? unmap_mapping_pages+0x280/0x280 [ 59.215405][ T5143] hfsplus_write_begin+0x116/0x150 [ 59.220593][ T5143] cont_write_begin+0x334/0x740 [ 59.225469][ T5143] ? hfsplus_file_extend+0xf90/0xf90 [ 59.230810][ T5143] ? block_write_begin+0x4d0/0x4d0 [ 59.235940][ T5143] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 59.241907][ T5143] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.247154][ T5143] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 59.253049][ T5143] ? ktime_get_coarse_real_ts64+0x15e/0x200 [ 59.259063][ T5143] hfsplus_write_begin+0x87/0x150 [ 59.264122][ T5143] ? hfsplus_file_extend+0xf90/0xf90 [ 59.269452][ T5143] generic_perform_write+0x256/0x570 [ 59.274767][ T5143] ? generic_file_readonly_mmap+0x180/0x180 [ 59.280716][ T5143] ? new_inode+0x280/0x280 [ 59.285181][ T5143] ? generic_write_checks+0x2c0/0x400 [ 59.290592][ T5143] __generic_file_write_iter+0x2ae/0x500 [ 59.296244][ T5143] generic_file_write_iter+0xe3/0x350 [ 59.301639][ T5143] __kernel_write_iter+0x262/0x7a0 [ 59.306797][ T5143] ? vfs_read+0x8a0/0x8a0 [ 59.311113][ T5143] ? get_dump_page+0x148/0x210 [ 59.315872][ T5143] ? __kernel_write+0xcb/0x110 [ 59.320655][ T5143] ? __kernel_write_iter+0x7a0/0x7a0 [ 59.325963][ T5143] dump_user_range+0x23c/0x710 [ 59.330758][ T5143] ? do_coredump+0x4020/0x4020 [ 59.335537][ T5143] ? dump_align+0xa0/0xc0 [ 59.339895][ T5143] ? notesize+0x90/0x90 [ 59.344078][ T5143] elf_core_dump+0x277e/0x36e0 [ 59.348890][ T5143] ? load_elf_phdrs+0x210/0x210 [ 59.353763][ T5143] ? kvmalloc_node+0xa2/0x1a0 [ 59.358478][ T5143] ? kasan_save_stack+0x32/0x40 [ 59.363354][ T5143] ? kasan_set_track+0x25/0x30 [ 59.368143][ T5143] ? __kasan_kmalloc+0xa2/0xb0 [ 59.372945][ T5143] ? __lock_acquire+0x1987/0x5f30 [ 59.378000][ T5143] ? 0xffffffffff600000 [ 59.382159][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.388214][ T5143] do_coredump+0x2f2b/0x4020 [ 59.392851][ T5143] ? dump_emit+0x340/0x340 [ 59.397316][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.403340][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.409368][ T5143] ? lock_sync+0x190/0x190 [ 59.413796][ T5143] ? find_held_lock+0x2d/0x110 [ 59.418594][ T5143] ? intel_dvo_init+0xf80/0x1050 [ 59.423549][ T5143] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.428792][ T5143] get_signal+0x1c02/0x25b0 [ 59.433323][ T5143] ? exit_signals+0x910/0x910 [ 59.438026][ T5143] ? force_sig_fault+0xb6/0xf0 [ 59.442806][ T5143] ? force_sig+0xe0/0xe0 [ 59.447080][ T5143] arch_do_signal_or_restart+0x79/0x5c0 [ 59.452644][ T5143] ? get_sigframe_size+0x10/0x10 [ 59.457605][ T5143] ? rcu_is_watching+0x12/0xb0 [ 59.462401][ T5143] exit_to_user_mode_prepare+0x11f/0x240 [ 59.468070][ T5143] irqentry_exit_to_user_mode+0x9/0x40 [ 59.473552][ T5143] exc_page_fault+0xc0/0x170 [ 59.478175][ T5143] asm_exc_page_fault+0x26/0x30 [ 59.483058][ T5143] RIP: 0033:0x0 [ 59.486497][ T5143] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 59.493882][ T5143] RSP: 002b:00000000200002f0 EFLAGS: 00010217 [ 59.499975][ T5143] RAX: 0000000000000000 RBX: 00007f02d085c7c0 RCX: 00007f02d07d78d9 [ 59.507984][ T5143] RDX: 00007f02c83c1700 RSI: 0000000000000058 RDI: 00007f02c83c1200 [ 59.515970][ T5143] RBP: 00007f02d0829810 R08: 00007f02c83c1700 R09: 0000000000042000 [ 59.523983][ T5143] R10: 00007f02c83c1200 R11: 0000000000000246 R12: 0030656c69662f2e [ 59.531991][ T5143] R13: 0073756c70736668 R14: 0031656c69662f2e R15: 00007f02d085c7c8 [ 59.540016][ T5143] [ 59.543039][ T5143] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 59.550299][ T5143] CPU: 0 PID: 5143 Comm: syz-executor734 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0 [ 59.560693][ T5143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 59.570727][ T5143] Call Trace: [ 59.573987][ T5143] [ 59.576904][ T5143] dump_stack_lvl+0xd9/0x150 [ 59.581479][ T5143] panic+0x686/0x730 [ 59.585362][ T5143] ? panic_smp_self_stop+0xa0/0xa0 [ 59.590459][ T5143] ? show_trace_log_lvl+0x284/0x390 [ 59.595659][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.601021][ T5143] check_panic_on_warn+0xb1/0xc0 [ 59.605947][ T5143] __warn+0xf2/0x390 [ 59.609830][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.615193][ T5143] report_bug+0x2da/0x500 [ 59.619523][ T5143] handle_bug+0x3c/0x70 [ 59.623663][ T5143] exc_invalid_op+0x18/0x50 [ 59.628150][ T5143] asm_exc_invalid_op+0x1a/0x20 [ 59.633000][ T5143] RIP: 0010:hfsplus_free_extents+0x3d6/0x510 [ 59.638991][ T5143] Code: d1 34 ff 8b 44 24 04 85 c0 0f 84 34 fe ff ff e8 e0 d4 34 ff 48 c7 c7 a0 d5 66 8a e8 d4 b8 18 ff e9 1e fe ff ff e8 ca d4 34 ff <0f> 0b e9 b7 fc ff ff e8 be d4 34 ff 8b 14 24 8b 74 24 04 48 8b 7c [ 59.658597][ T5143] RSP: 0018:ffffc90003ceeed8 EFLAGS: 00010293 [ 59.664653][ T5143] RAX: 0000000000000000 RBX: ffff88801668b618 RCX: 0000000000000000 [ 59.672617][ T5143] RDX: ffff888029695940 RSI: ffffffff824f7246 RDI: 0000000000000001 [ 59.680574][ T5143] RBP: 000000000000014e R08: 0000000000000001 R09: 0000000000000000 [ 59.688533][ T5143] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000024655901 [ 59.696489][ T5143] R13: 000000000000000a R14: ffff88807b864000 R15: ffff88801668b740 [ 59.704458][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.709841][ T5143] ? hfsplus_free_extents+0x3d6/0x510 [ 59.715211][ T5143] hfsplus_file_truncate+0xe42/0x10e0 [ 59.720587][ T5143] ? hfsplus_get_block+0x9b0/0x9b0 [ 59.725696][ T5143] ? unmap_mapping_pages+0x280/0x280 [ 59.730976][ T5143] hfsplus_write_begin+0x116/0x150 [ 59.736086][ T5143] cont_write_begin+0x334/0x740 [ 59.740929][ T5143] ? hfsplus_file_extend+0xf90/0xf90 [ 59.746207][ T5143] ? block_write_begin+0x4d0/0x4d0 [ 59.751308][ T5143] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 59.757200][ T5143] ? lockdep_hardirqs_on+0x7d/0x100 [ 59.762395][ T5143] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 59.768286][ T5143] ? ktime_get_coarse_real_ts64+0x15e/0x200 [ 59.774176][ T5143] hfsplus_write_begin+0x87/0x150 [ 59.779194][ T5143] ? hfsplus_file_extend+0xf90/0xf90 [ 59.784500][ T5143] generic_perform_write+0x256/0x570 [ 59.789793][ T5143] ? generic_file_readonly_mmap+0x180/0x180 [ 59.795681][ T5143] ? new_inode+0x280/0x280 [ 59.800096][ T5143] ? generic_write_checks+0x2c0/0x400 [ 59.805467][ T5143] __generic_file_write_iter+0x2ae/0x500 [ 59.811102][ T5143] generic_file_write_iter+0xe3/0x350 [ 59.816473][ T5143] __kernel_write_iter+0x262/0x7a0 [ 59.821594][ T5143] ? vfs_read+0x8a0/0x8a0 [ 59.825927][ T5143] ? get_dump_page+0x148/0x210 [ 59.830694][ T5143] ? __kernel_write+0xcb/0x110 [ 59.835458][ T5143] ? __kernel_write_iter+0x7a0/0x7a0 [ 59.840743][ T5143] dump_user_range+0x23c/0x710 [ 59.845505][ T5143] ? do_coredump+0x4020/0x4020 [ 59.850261][ T5143] ? dump_align+0xa0/0xc0 [ 59.854582][ T5143] ? notesize+0x90/0x90 [ 59.858740][ T5143] elf_core_dump+0x277e/0x36e0 [ 59.863510][ T5143] ? load_elf_phdrs+0x210/0x210 [ 59.868355][ T5143] ? kvmalloc_node+0xa2/0x1a0 [ 59.873030][ T5143] ? kasan_save_stack+0x32/0x40 [ 59.877881][ T5143] ? kasan_set_track+0x25/0x30 [ 59.882643][ T5143] ? __kasan_kmalloc+0xa2/0xb0 [ 59.887405][ T5143] ? __lock_acquire+0x1987/0x5f30 [ 59.892426][ T5143] ? 0xffffffffff600000 [ 59.896573][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.902574][ T5143] do_coredump+0x2f2b/0x4020 [ 59.907161][ T5143] ? dump_emit+0x340/0x340 [ 59.911568][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.917547][ T5143] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 59.923531][ T5143] ? lock_sync+0x190/0x190 [ 59.927941][ T5143] ? find_held_lock+0x2d/0x110 [ 59.932698][ T5143] ? intel_dvo_init+0xf80/0x1050 [ 59.937629][ T5143] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.942832][ T5143] get_signal+0x1c02/0x25b0 [ 59.947339][ T5143] ? exit_signals+0x910/0x910 [ 59.952011][ T5143] ? force_sig_fault+0xb6/0xf0 [ 59.956768][ T5143] ? force_sig+0xe0/0xe0 [ 59.961010][ T5143] arch_do_signal_or_restart+0x79/0x5c0 [ 59.966556][ T5143] ? get_sigframe_size+0x10/0x10 [ 59.971487][ T5143] ? rcu_is_watching+0x12/0xb0 [ 59.976264][ T5143] exit_to_user_mode_prepare+0x11f/0x240 [ 59.981901][ T5143] irqentry_exit_to_user_mode+0x9/0x40 [ 59.987361][ T5143] exc_page_fault+0xc0/0x170 [ 59.991945][ T5143] asm_exc_page_fault+0x26/0x30 [ 59.996802][ T5143] RIP: 0033:0x0 [ 60.000251][ T5143] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 60.007602][ T5143] RSP: 002b:00000000200002f0 EFLAGS: 00010217 [ 60.013656][ T5143] RAX: 0000000000000000 RBX: 00007f02d085c7c0 RCX: 00007f02d07d78d9 [ 60.021618][ T5143] RDX: 00007f02c83c1700 RSI: 0000000000000058 RDI: 00007f02c83c1200 [ 60.029578][ T5143] RBP: 00007f02d0829810 R08: 00007f02c83c1700 R09: 0000000000042000 [ 60.037561][ T5143] R10: 00007f02c83c1200 R11: 0000000000000246 R12: 0030656c69662f2e [ 60.045517][ T5143] R13: 0073756c70736668 R14: 0031656c69662f2e R15: 00007f02d085c7c8 [ 60.053484][ T5143] [ 60.057349][ T5143] Kernel Offset: disabled [ 60.061749][ T5143] Rebooting in 86400 seconds..