./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor432877352 <...> Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. execve("./syz-executor432877352", ["./syz-executor432877352"], 0x7ffe20026b10 /* 10 vars */) = 0 brk(NULL) = 0x555556e60000 brk(0x555556e60d40) = 0x555556e60d40 arch_prctl(ARCH_SET_FS, 0x555556e603c0) = 0 set_tid_address(0x555556e60690) = 5038 set_robust_list(0x555556e606a0, 24) = 0 rseq(0x555556e60ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor432877352", 4096) = 27 getrandom("\xb9\xf1\x72\x79\x81\x89\x81\x24", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556e60d40 brk(0x555556e81d40) = 0x555556e81d40 brk(0x555556e82000) = 0x555556e82000 mprotect(0x7ff628bc2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.SkyXm9", 0700) = 0 chmod("./syzkaller.SkyXm9", 0777) = 0 chdir("./syzkaller.SkyXm9") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached , child_tidptr=0x555556e60690) = 5039 [pid 5039] set_robust_list(0x555556e606a0, 24) = 0 [pid 5039] chdir("./0") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5039] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5041]}, 88) = 5041 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5041 attached [pid 5041] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] memfd_create("syzkaller", 0) = 3 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 72.912050][ T5041] syz-executor432[5041]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5041] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5041] close(3) = 0 [pid 5041] mkdir("./bus", 0777) = 0 [pid 5041] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5041] chdir("./bus") = 0 [pid 5041] ioctl(4, LOOP_CLR_FD) = 0 [pid 5041] close(4) = 0 [pid 5041] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5041] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5041] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [ 73.067018][ T5041] loop0: detected capacity change from 0 to 32768 [ 73.087544][ T29] audit: type=1800 audit(1693137834.053:2): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="file2" dev="loop0" ino=5 res=0 errno=0 [pid 5041] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... open resumed>) = 5 [pid 5041] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5041] ftruncate(5, 33587199 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... ftruncate resumed>) = 0 [pid 5041] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5041] sendfile(4, 5, NULL, 281474978811908 [ 73.111360][ T29] audit: type=1800 audit(1693137834.073:3): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="bus" dev="loop0" ino=7 res=0 errno=0 [pid 5039] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5039] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5042 attached => {parent_tid=[5042]}, 88) = 5042 [pid 5042] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] <... rseq resumed>) = 0 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] set_robust_list(0x7ff6216d69a0, 24 [pid 5039] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5039] <... futex resumed>) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] rename("./file2", "./bus") = 0 [pid 5042] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5042] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5042] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5039] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... open resumed>) = 6 [pid 5042] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 1 [pid 5042] open("./bus", O_RDONLY [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... open resumed>) = 7 [pid 5042] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5042] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] sendfile(6, 7, NULL, 281474978811908 [pid 5039] <... futex resumed>) = 1 [pid 5039] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... sendfile resumed>) = 565248 [pid 5042] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [ 73.192692][ T29] audit: type=1800 audit(1693137834.153:4): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="file2" dev="loop0" ino=8 res=0 errno=0 [ 73.215265][ T29] audit: type=1804 audit(1693137834.173:5): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor432" name="/root/syzkaller.SkyXm9/0/bus/bus" dev="loop0" ino=5 res=1 errno=0 [pid 5042] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] exit_group(0) = ? [pid 5042] <... futex resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5041] <... sendfile resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e61730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e69770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e69770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555556e61730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached , child_tidptr=0x555556e60690) = 5043 [pid 5043] set_robust_list(0x555556e606a0, 24) = 0 [pid 5043] chdir("./1") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5043] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5044]}, 88) = 5044 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5044] <... rseq resumed>) = 0 [pid 5044] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] memfd_create("syzkaller", 0) = 3 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 73.493839][ T5044] syz-executor432[5044]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5044] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5044] close(3) = 0 [pid 5044] mkdir("./bus", 0777) = 0 [pid 5044] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5044] chdir("./bus") = 0 [pid 5044] ioctl(4, LOOP_CLR_FD) = 0 [pid 5044] close(4) = 0 [pid 5044] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5044] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] <... futex resumed>) = 0 [pid 5044] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... open resumed>) = 4 [pid 5044] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5044] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] <... futex resumed>) = 0 [pid 5044] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... open resumed>) = 5 [ 73.652426][ T5044] loop0: detected capacity change from 0 to 32768 [ 73.667940][ T29] audit: type=1800 audit(1693137834.633:6): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="file2" dev="loop0" ino=5 res=0 errno=0 [pid 5044] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5044] ftruncate(5, 33587199 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... ftruncate resumed>) = 0 [pid 5044] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5044] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] <... futex resumed>) = 0 [pid 5044] sendfile(4, 5, NULL, 281474978811908 [ 73.691325][ T29] audit: type=1800 audit(1693137834.653:7): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="bus" dev="loop0" ino=7 res=0 errno=0 [pid 5043] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5043] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5043] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5045 attached => {parent_tid=[5045]}, 88) = 5045 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5045] set_robust_list(0x7ff6216d69a0, 24) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] rename("./file2", "./bus") = 0 [pid 5045] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... open resumed>) = 6 [pid 5045] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] open("./bus", O_RDONLY [pid 5043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5043] futex(0x7ff628bc872c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff621695000 [pid 5043] mprotect(0x7ff621696000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216b5990, parent_tid=0x7ff6216b5990, exit_signal=0, stack=0x7ff621695000, stack_size=0x20300, tls=0x7ff6216b56c0}./strace-static-x86_64: Process 5046 attached => {parent_tid=[5046]}, 88) = 5046 [pid 5046] rseq(0x7ff6216b5fe0, 0x20, 0, 0x53053053 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5046] <... rseq resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] set_robust_list(0x7ff6216b59a0, 24 [pid 5043] futex(0x7ff628bc8728, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5043] <... futex resumed>) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] futex(0x7ff628bc872c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] sendfile(6, -1, NULL, 281474978811908) = -1 EBADF (Bad file descriptor) [pid 5046] futex(0x7ff628bc872c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5046] futex(0x7ff628bc8728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... open resumed>) = 7 [pid 5045] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.779494][ T29] audit: type=1800 audit(1693137834.743:8): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="file2" dev="loop0" ino=8 res=0 errno=0 [ 73.801093][ T29] audit: type=1804 audit(1693137834.763:9): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor432" name="/root/syzkaller.SkyXm9/1/bus/bus" dev="loop0" ino=5 res=1 errno=0 [pid 5045] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] exit_group(0) = ? [pid 5046] <... futex resumed>) = ? [pid 5045] <... futex resumed>) = ? [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] <... sendfile resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e61730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e69770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e69770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555556e61730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60690) = 5047 ./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x555556e606a0, 24) = 0 [pid 5047] chdir("./2") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5047] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5048]}, 88) = 5048 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] memfd_create("syzkaller", 0) = 3 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 74.087988][ T5048] syz-executor432[5048]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5048] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./bus", 0777) = 0 [pid 5048] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./bus") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5048] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5048] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] ftruncate(5, 33587199) = 0 [pid 5048] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5048] sendfile(4, 5, NULL, 281474978811908 [ 74.243529][ T5048] loop0: detected capacity change from 0 to 32768 [ 74.259868][ T29] audit: type=1800 audit(1693137835.223:10): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="file2" dev="loop0" ino=5 res=0 errno=0 [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5047] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5047] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5047] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5047] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5049 attached => {parent_tid=[5049]}, 88) = 5049 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5049] set_robust_list(0x7ff6216d69a0, 24) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] rename("./file2", "./bus") = 0 [pid 5049] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 1 [pid 5049] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 6 [pid 5049] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 1 [pid 5049] open("./bus", O_RDONLY) = 7 [pid 5049] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5049] <... futex resumed>) = 1 [pid 5047] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] sendfile(6, 7, NULL, 281474978811908 [pid 5047] <... futex resumed>) = 0 [ 74.286651][ T29] audit: type=1800 audit(1693137835.243:11): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor432" name="bus" dev="loop0" ino=7 res=0 errno=0 [pid 5047] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... sendfile resumed>) = 307200 [pid 5049] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] exit_group(0 [pid 5049] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5047] <... exit_group resumed>) = ? [pid 5048] <... sendfile resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e61730 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e69770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e69770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555556e61730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60690) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555556e606a0, 24) = 0 [pid 5050] chdir("./3") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5050] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5051]}, 88) = 5051 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5051 attached [pid 5051] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053) = 0 [pid 5051] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5051] memfd_create("syzkaller", 0) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 74.592811][ T5051] syz-executor432[5051]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5051] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./bus", 0777) = 0 [pid 5051] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./bus") = 0 [pid 5051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5050] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5050] <... futex resumed>) = 0 [pid 5051] <... open resumed>) = 4 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5051] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] ftruncate(5, 33587199) = 0 [pid 5051] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [ 74.743723][ T5051] loop0: detected capacity change from 0 to 32768 [pid 5051] sendfile(4, 5, NULL, 281474978811908 [pid 5050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5050] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5050] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5052 attached [pid 5052] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5052] set_robust_list(0x7ff6216d69a0, 24) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... clone3 resumed> => {parent_tid=[5052]}, 88) = 5052 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5052] rename("./file2", "./bus" [pid 5050] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... rename resumed>) = 0 [pid 5052] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5052] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5050] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... open resumed>) = 6 [pid 5052] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] open("./bus", O_RDONLY) = 7 [pid 5052] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [pid 5052] sendfile(6, 7, NULL, 281474978811908) = 487424 [pid 5052] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5052] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5050] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] <... sendfile resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e61730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e69770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e69770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555556e61730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555556e60690) = 5053 [pid 5053] set_robust_list(0x555556e606a0, 24) = 0 [pid 5053] chdir("./4") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5053] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5054]}, 88) = 5054 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5054 attached [pid 5054] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 75.066709][ T5054] syz-executor432[5054]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5054] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./bus", 0777) = 0 [pid 5054] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./bus") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 1 [pid 5054] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5054] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5054] ftruncate(5, 33587199 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... ftruncate resumed>) = 0 [pid 5054] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5054] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.225295][ T5054] loop0: detected capacity change from 0 to 32768 [pid 5054] sendfile(4, 5, NULL, 281474978811908 [pid 5053] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5053] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5053] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5055 attached [pid 5055] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053 [pid 5053] <... clone3 resumed> => {parent_tid=[5055]}, 88) = 5055 [pid 5055] <... rseq resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] set_robust_list(0x7ff6216d69a0, 24 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5053] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] <... futex resumed>) = 0 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] rename("./file2", "./bus") = 0 [pid 5055] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 6 [pid 5055] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./bus", O_RDONLY) = 7 [pid 5055] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] sendfile(6, 7, NULL, 281474978811908) = 569344 [pid 5055] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... futex resumed>) = 0 [pid 5053] exit_group(0 [pid 5055] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] <... sendfile resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556e61730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556e69770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e69770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555556e61730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e60690) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x555556e606a0, 24) = 0 [pid 5056] chdir("./5") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7ff628b612b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff628b52460}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff628ad7000 [pid 5056] mprotect(0x7ff628ad8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff628af7990, parent_tid=0x7ff628af7990, exit_signal=0, stack=0x7ff628ad7000, stack_size=0x20300, tls=0x7ff628af76c0} => {parent_tid=[5057]}, 88) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] rseq(0x7ff628af7fe0, 0x20, 0, 0x53053053) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] set_robust_list(0x7ff628af79a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6206d7000 [ 75.577958][ T5057] syz-executor432[5057]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5057] munmap(0x7ff6206d7000, 16777216) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./bus", 0777) = 0 [pid 5057] mount("/dev/loop0", "./bus", "jfs", MS_NOSUID|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "errors=continue,nodiscard,uid=0x000000000000ee01,nodiscard,discard=0x0000000000000008,iocharset=cp94"...) = 0 [pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./bus") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7ff628bc8708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5057] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... open resumed>) = 4 [pid 5057] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5057] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] ftruncate(5, 33587199) = 0 [pid 5057] futex(0x7ff628bc870c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7ff628bc8708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [ 75.733306][ T5057] loop0: detected capacity change from 0 to 32768 [pid 5057] sendfile(4, 5, NULL, 281474978811908 [pid 5056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7ff628bc870c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff6216b6000 [pid 5056] mprotect(0x7ff6216b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff6216d6990, parent_tid=0x7ff6216d6990, exit_signal=0, stack=0x7ff6216b6000, stack_size=0x20300, tls=0x7ff6216d66c0}./strace-static-x86_64: Process 5058 attached => {parent_tid=[5058]}, 88) = 5058 [pid 5058] rseq(0x7ff6216d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] set_robust_list(0x7ff6216d69a0, 24) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5058] rename("./file2", "./bus" [pid 5056] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... rename resumed>) = 0 [pid 5058] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5058] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5058] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5056] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 6 [pid 5058] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] open("./bus", O_RDONLY [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7ff628bc871c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 7 [pid 5058] futex(0x7ff628bc871c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5058] futex(0x7ff628bc8718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7ff628bc8718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5058] sendfile(6, 7, NULL, 281474978811908 [ 75.840952][ T5057] ================================================================================ [ 75.850281][ T5057] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_xtree.c:360:4 [ 75.857870][ T5057] index 18 is out of range for type 'xad_t [18]' [ 75.864202][ T5057] CPU: 1 PID: 5057 Comm: syz-executor432 Not tainted 6.5.0-rc7-next-20230825-syzkaller #0 [ 75.874088][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 75.884133][ T5057] Call Trace: [ 75.887406][ T5057] [ 75.890328][ T5057] dump_stack_lvl+0x125/0x1b0 [ 75.895016][ T5057] __ubsan_handle_out_of_bounds+0x111/0x150 [ 75.900914][ T5057] xtSearch+0x12e2/0x1650 [ 75.905251][ T5057] ? unwind_get_return_address+0x45/0xe0 [ 75.910893][ T5057] xtLookup+0x273/0x840 [ 75.915046][ T5057] ? xtSplitUp+0x1dd0/0x1dd0 [ 75.919651][ T5057] ? stack_trace_save+0x96/0xd0 [ 75.924524][ T5057] ? do_iter_readv_writev+0x21e/0x3c0 [ 75.929904][ T5057] ? lock_sync+0x190/0x190 [ 75.934327][ T5057] ? direct_splice_actor+0x118/0x180 [ 75.939610][ T5057] ? splice_direct_to_actor+0x347/0xa30 [ 75.945155][ T5057] ? do_splice_direct+0x1af/0x280 [ 75.950268][ T5057] ? do_sendfile+0xb88/0x1390 [ 75.954950][ T5057] ? __x64_sys_sendfile64+0x1d6/0x220 [ 75.960336][ T5057] ? do_syscall_64+0x38/0xb0 [ 75.964943][ T5057] extHint+0x22f/0x4f0 [ 75.969029][ T5057] ? extAlloc+0xed0/0xed0 [ 75.973361][ T5057] ? down_write_nested+0x153/0x200 [ 75.978475][ T5057] ? iov_iter_extract_pages+0x2d8/0x1870 [ 75.984127][ T5057] jfs_get_block+0x2d4/0xb20 [ 75.988736][ T5057] ? jfs_read_folio+0x20/0x20 [ 75.993431][ T5057] ? kasan_set_track+0x25/0x30 [ 75.998232][ T5057] ? kmem_cache_alloc+0x34e/0x3b0 [ 76.003269][ T5057] __blockdev_direct_IO+0x2456/0x3cc0 [ 76.008663][ T5057] ? submit_page_section+0xa10/0xa10 [ 76.013978][ T5057] ? invalidate_inode_pages2_range+0xdbc/0x1290 [ 76.020226][ T5057] ? jfs_read_folio+0x20/0x20 [ 76.024918][ T5057] jfs_direct_IO+0x10c/0x2c0 [ 76.029688][ T5057] generic_file_direct_write+0x132/0x360 [ 76.035326][ T5057] __generic_file_write_iter+0x11d/0x240 [ 76.040958][ T5057] generic_file_write_iter+0xe3/0x350 [ 76.046332][ T5057] do_iter_readv_writev+0x21e/0x3c0 [ 76.051527][ T5057] ? generic_copy_file_range+0x1d0/0x1d0 [ 76.058117][ T5057] ? bpf_lsm_file_permission+0x9/0x10 [ 76.063486][ T5057] ? security_file_permission+0x94/0x100 [ 76.069123][ T5057] do_iter_write+0x17f/0x830 [ 76.073725][ T5057] vfs_iter_write+0x7a/0xb0 [ 76.078233][ T5057] iter_file_splice_write+0x698/0xbf0 [ 76.083615][ T5057] ? splice_from_pipe_next+0x5d0/0x5d0 [ 76.089072][ T5057] ? warn_unsupported+0xc0/0xc0 [ 76.093924][ T5057] ? security_file_permission+0xdc/0x100 [ 76.099657][ T5057] ? splice_from_pipe_next+0x5d0/0x5d0 [ 76.105123][ T5057] direct_splice_actor+0x118/0x180 [ 76.110326][ T5057] splice_direct_to_actor+0x347/0xa30 [ 76.115726][ T5057] ? folio_flags.constprop.0+0x150/0x150 [ 76.121363][ T5057] ? vfs_splice_read+0x3b0/0x3b0 [ 76.126303][ T5057] ? bpf_lsm_file_permission+0x9/0x10 [ 76.131671][ T5057] ? security_file_permission+0x94/0x100 [ 76.137307][ T5057] do_splice_direct+0x1af/0x280 [ 76.142157][ T5057] ? splice_direct_to_actor+0xa30/0xa30 [ 76.147702][ T5057] ? propagate_umount+0x1af0/0x1af0 [ 76.152898][ T5057] ? preempt_count_sub+0x150/0x150 [ 76.158016][ T5057] do_sendfile+0xb88/0x1390 [ 76.162535][ T5057] ? vfs_iocb_iter_write+0x4c0/0x4c0 [ 76.167837][ T5057] ? lock_release+0x4bf/0x680 [ 76.172529][ T5057] ? ptrace_notify+0xf4/0x130 [ 76.177207][ T5057] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.182589][ T5057] __x64_sys_sendfile64+0x1d6/0x220 [ 76.187792][ T5057] ? rcu_is_watching+0x12/0xb0 [ 76.192552][ T5057] ? __ia32_sys_sendfile+0x220/0x220 [ 76.197838][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.203036][ T5057] ? ptrace_notify+0xf4/0x130 [ 76.207709][ T5057] do_syscall_64+0x38/0xb0 [ 76.212137][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.218037][ T5057] RIP: 0033:0x7ff628b3ae99 [ 76.222444][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.242047][ T5057] RSP: 002b:00007ff628af7218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 76.250454][ T5057] RAX: ffffffffffffffda RBX: 00007ff628bc8708 RCX: 00007ff628b3ae99 [ 76.258419][ T5057] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 76.266382][ T5057] RBP: 00007ff628bc8700 R08: 0000000000000000 R09: 0000000000000000 [ 76.274348][ T5057] R10: 0001000000201004 R11: 0000000000000246 R12: 00007ff628b95110 [ 76.282313][ T5057] R13: 00007ff628b8f06b R14: 0032656c69662f2e R15: 7261637369646f6e [ 76.290459][ T5057] [ 76.293796][ T5057] ================================================================================ [ 76.303470][ T5057] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 76.310669][ T5057] CPU: 0 PID: 5057 Comm: syz-executor432 Not tainted 6.5.0-rc7-next-20230825-syzkaller #0 [ 76.320553][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.330599][ T5057] Call Trace: [ 76.333873][ T5057] [ 76.336798][ T5057] dump_stack_lvl+0xd9/0x1b0 [ 76.341398][ T5057] panic+0x6a6/0x750 [ 76.345291][ T5057] ? panic_smp_self_stop+0xa0/0xa0 [ 76.350402][ T5057] ? syslog_print_all+0x3f0/0x3f0 [ 76.355436][ T5057] check_panic_on_warn+0xab/0xb0 [ 76.360373][ T5057] __ubsan_handle_out_of_bounds+0x139/0x150 [ 76.366268][ T5057] xtSearch+0x12e2/0x1650 [ 76.370603][ T5057] ? unwind_get_return_address+0x45/0xe0 [ 76.376242][ T5057] xtLookup+0x273/0x840 [ 76.380396][ T5057] ? xtSplitUp+0x1dd0/0x1dd0 [ 76.384980][ T5057] ? stack_trace_save+0x96/0xd0 [ 76.389843][ T5057] ? do_iter_readv_writev+0x21e/0x3c0 [ 76.395211][ T5057] ? lock_sync+0x190/0x190 [ 76.399629][ T5057] ? direct_splice_actor+0x118/0x180 [ 76.404921][ T5057] ? splice_direct_to_actor+0x347/0xa30 [ 76.410468][ T5057] ? do_splice_direct+0x1af/0x280 [ 76.415486][ T5057] ? do_sendfile+0xb88/0x1390 [ 76.420162][ T5057] ? __x64_sys_sendfile64+0x1d6/0x220 [ 76.425542][ T5057] ? do_syscall_64+0x38/0xb0 [ 76.430137][ T5057] extHint+0x22f/0x4f0 [ 76.434211][ T5057] ? extAlloc+0xed0/0xed0 [ 76.438540][ T5057] ? down_write_nested+0x153/0x200 [ 76.443648][ T5057] ? iov_iter_extract_pages+0x2d8/0x1870 [ 76.449289][ T5057] jfs_get_block+0x2d4/0xb20 [ 76.453885][ T5057] ? jfs_read_folio+0x20/0x20 [ 76.458562][ T5057] ? kasan_set_track+0x25/0x30 [ 76.463332][ T5057] ? kmem_cache_alloc+0x34e/0x3b0 [ 76.468364][ T5057] __blockdev_direct_IO+0x2456/0x3cc0 [ 76.473757][ T5057] ? submit_page_section+0xa10/0xa10 [ 76.479047][ T5057] ? invalidate_inode_pages2_range+0xdbc/0x1290 [ 76.485292][ T5057] ? jfs_read_folio+0x20/0x20 [ 76.489987][ T5057] jfs_direct_IO+0x10c/0x2c0 [ 76.494582][ T5057] generic_file_direct_write+0x132/0x360 [ 76.500218][ T5057] __generic_file_write_iter+0x11d/0x240 [ 76.505940][ T5057] generic_file_write_iter+0xe3/0x350 [ 76.511318][ T5057] do_iter_readv_writev+0x21e/0x3c0 [ 76.516515][ T5057] ? generic_copy_file_range+0x1d0/0x1d0 [ 76.522147][ T5057] ? bpf_lsm_file_permission+0x9/0x10 [ 76.527520][ T5057] ? security_file_permission+0x94/0x100 [ 76.533161][ T5057] do_iter_write+0x17f/0x830 [ 76.537758][ T5057] vfs_iter_write+0x7a/0xb0 [ 76.542263][ T5057] iter_file_splice_write+0x698/0xbf0 [ 76.547646][ T5057] ? splice_from_pipe_next+0x5d0/0x5d0 [ 76.553110][ T5057] ? warn_unsupported+0xc0/0xc0 [ 76.557963][ T5057] ? security_file_permission+0xdc/0x100 [ 76.563603][ T5057] ? splice_from_pipe_next+0x5d0/0x5d0 [ 76.569067][ T5057] direct_splice_actor+0x118/0x180 [ 76.574184][ T5057] splice_direct_to_actor+0x347/0xa30 [ 76.579566][ T5057] ? folio_flags.constprop.0+0x150/0x150 [ 76.585202][ T5057] ? vfs_splice_read+0x3b0/0x3b0 [ 76.590135][ T5057] ? bpf_lsm_file_permission+0x9/0x10 [ 76.595512][ T5057] ? security_file_permission+0x94/0x100 [ 76.601149][ T5057] do_splice_direct+0x1af/0x280 [ 76.606093][ T5057] ? splice_direct_to_actor+0xa30/0xa30 [ 76.611640][ T5057] ? propagate_umount+0x1af0/0x1af0 [ 76.616838][ T5057] ? preempt_count_sub+0x150/0x150 [ 76.621955][ T5057] do_sendfile+0xb88/0x1390 [ 76.626460][ T5057] ? vfs_iocb_iter_write+0x4c0/0x4c0 [ 76.631740][ T5057] ? lock_release+0x4bf/0x680 [ 76.636419][ T5057] ? ptrace_notify+0xf4/0x130 [ 76.641095][ T5057] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.646485][ T5057] __x64_sys_sendfile64+0x1d6/0x220 [ 76.651687][ T5057] ? rcu_is_watching+0x12/0xb0 [ 76.656448][ T5057] ? __ia32_sys_sendfile+0x220/0x220 [ 76.662894][ T5057] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.668099][ T5057] ? ptrace_notify+0xf4/0x130 [ 76.672775][ T5057] do_syscall_64+0x38/0xb0 [ 76.677203][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.683118][ T5057] RIP: 0033:0x7ff628b3ae99 [ 76.687531][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.707135][ T5057] RSP: 002b:00007ff628af7218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 76.715560][ T5057] RAX: ffffffffffffffda RBX: 00007ff628bc8708 RCX: 00007ff628b3ae99 [ 76.723525][ T5057] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 76.731675][ T5057] RBP: 00007ff628bc8700 R08: 0000000000000000 R09: 0000000000000000 [ 76.739641][ T5057] R10: 0001000000201004 R11: 0000000000000246 R12: 00007ff628b95110 [ 76.747622][ T5057] R13: 00007ff628b8f06b R14: 0032656c69662f2e R15: 7261637369646f6e [ 76.756063][ T5057] [ 76.759271][ T5057] Kernel Offset: disabled [ 76.763584][ T5057] Rebooting in 86400 seconds..