./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4001056693

<...>
Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts.
execve("./syz-executor4001056693", ["./syz-executor4001056693"], 0x7ffc000d7e10 /* 10 vars */) = 0
brk(NULL)                               = 0x55555d5b7000
brk(0x55555d5b7d40)                     = 0x55555d5b7d40
arch_prctl(ARCH_SET_FS, 0x55555d5b73c0) = 0
set_tid_address(0x55555d5b7690)         = 5245
set_robust_list(0x55555d5b76a0, 24)     = 0
rseq(0x55555d5b7ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4001056693", 4096) = 28
getrandom("\x51\x9d\x77\xf8\x5d\x40\x5b\xae", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555d5b7d40
brk(0x55555d5d8d40)                     = 0x55555d5d8d40
brk(0x55555d5d9000)                     = 0x55555d5d9000
mprotect(0x7f0af0265000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d5b7690) = 5246
./strace-static-x86_64: Process 5246 attached
[pid  5245] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5246] set_robust_list(0x55555d5b76a0, 24) = 0
./strace-static-x86_64: Process 5247 attached
[pid  5246] mkdir("./syzkaller.iFzPvC", 0700 <unfinished ...>
[pid  5247] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5245] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5247
[pid  5247] <... set_robust_list resumed>) = 0
[pid  5247] mkdir("./syzkaller.glOJRK", 0700 <unfinished ...>
[pid  5245] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5246] <... mkdir resumed>)        = 0
[pid  5247] <... mkdir resumed>)        = 0
[pid  5246] chmod("./syzkaller.iFzPvC", 0777./strace-static-x86_64: Process 5248 attached
 <unfinished ...>
[pid  5247] chmod("./syzkaller.glOJRK", 0777 <unfinished ...>
[pid  5245] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5248
[pid  5248] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5246] <... chmod resumed>)        = 0
[pid  5247] <... chmod resumed>)        = 0
[pid  5247] chdir("./syzkaller.glOJRK" <unfinished ...>
[pid  5245] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5248] <... set_robust_list resumed>) = 0
[pid  5247] <... chdir resumed>)        = 0
[pid  5246] chdir("./syzkaller.iFzPvC" <unfinished ...>
[pid  5247] mkdir("./0", 0777 <unfinished ...>
[pid  5246] <... chdir resumed>)        = 0
[pid  5247] <... mkdir resumed>)        = 0
./strace-static-x86_64: Process 5249 attached
[pid  5248] mkdir("./syzkaller.MU0bpG", 0700 <unfinished ...>
[pid  5246] mkdir("./0", 0777 <unfinished ...>
[pid  5245] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5249
[pid  5249] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5247] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5245] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5249] <... set_robust_list resumed>) = 0
[pid  5247] <... openat resumed>)       = 3
[pid  5249] mkdir("./syzkaller.srPDIQ", 0700 <unfinished ...>
[pid  5248] <... mkdir resumed>)        = 0
[pid  5246] <... mkdir resumed>)        = 0
[pid  5248] chmod("./syzkaller.MU0bpG", 0777./strace-static-x86_64: Process 5250 attached
 <unfinished ...>
[pid  5249] <... mkdir resumed>)        = 0
[pid  5247] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5245] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5250
[pid  5250] set_robust_list(0x55555d5b76a0, 24) = 0
[pid  5249] chmod("./syzkaller.srPDIQ", 0777 <unfinished ...>
[pid  5248] <... chmod resumed>)        = 0
[pid  5250] mkdir("./syzkaller.9hG2ZZ", 0700 <unfinished ...>
[pid  5247] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5249] <... chmod resumed>)        = 0
[pid  5246] <... openat resumed>)       = 3
[pid  5249] chdir("./syzkaller.srPDIQ" <unfinished ...>
[pid  5248] chdir("./syzkaller.MU0bpG" <unfinished ...>
[pid  5247] close(3 <unfinished ...>
[pid  5250] <... mkdir resumed>)        = 0
[pid  5249] <... chdir resumed>)        = 0
[pid  5248] <... chdir resumed>)        = 0
[pid  5250] chmod("./syzkaller.9hG2ZZ", 0777 <unfinished ...>
[pid  5247] <... close resumed>)        = 0
[pid  5246] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5247] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5250] <... chmod resumed>)        = 0
[pid  5249] mkdir("./0", 0777 <unfinished ...>
[pid  5248] mkdir("./0", 0777 <unfinished ...>
[pid  5246] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5250] chdir("./syzkaller.9hG2ZZ" <unfinished ...>
[pid  5249] <... mkdir resumed>)        = 0
[pid  5248] <... mkdir resumed>)        = 0
[pid  5246] close(3./strace-static-x86_64: Process 5252 attached
 <unfinished ...>
[pid  5250] <... chdir resumed>)        = 0
[pid  5252] set_robust_list(0x55555d5b76a0, 24) = 0
[pid  5252] chdir("./0" <unfinished ...>
[pid  5250] mkdir("./0", 0777 <unfinished ...>
[pid  5249] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5247] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5252
[pid  5246] <... close resumed>)        = 0
[pid  5252] <... chdir resumed>)        = 0
[pid  5250] <... mkdir resumed>)        = 0
[pid  5249] <... openat resumed>)       = 3
[pid  5248] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5246] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5252] setpgid(0, 0)               = 0
[pid  5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5252] write(3, "1000", 4)         = 4
[pid  5252] close(3)                    = 0
[pid  5252] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5253 attached
) = 0
[pid  5250] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5249] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5248] <... openat resumed>)       = 3
[pid  5253] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5250] <... openat resumed>)       = 3
[pid  5249] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5253] <... set_robust_list resumed>) = 0
[pid  5249] close(3 <unfinished ...>
[pid  5248] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5246] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5253
[pid  5253] chdir("./0" <unfinished ...>
[pid  5250] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5249] <... close resumed>)        = 0
[pid  5250] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5249] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5248] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5253] <... chdir resumed>)        = 0
[pid  5252] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid  5253] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5252] <... write resumed>)        = 18
[pid  5250] close(3 <unfinished ...>
[pid  5253] <... prctl resumed>)        = 0
[pid  5252] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5250] <... close resumed>)        = 0
[pid  5248] close(3 <unfinished ...>
[pid  5252] <... futex resumed>)        = 0
[pid  5253] setpgid(0, 0 <unfinished ...>
[pid  5252] rt_sigaction(SIGRT_1, {sa_handler=0x7f0af01fffe0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0af01f1190},  <unfinished ...>
[pid  5250] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5248] <... close resumed>)        = 0
[pid  5253] <... setpgid resumed>)      = 0
[pid  5252] <... rt_sigaction resumed>NULL, 8) = 0
[pid  5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1],  <unfinished ...>
[pid  5253] <... openat resumed>)       = 3
[pid  5252] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5248] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached
 <unfinished ...>
[pid  5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5249] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5254
[pid  5253] write(3, "1000", 4)         = 4
./strace-static-x86_64: Process 5255 attached
[pid  5254] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5253] close(3 <unfinished ...>
[pid  5252] <... mmap resumed>)         = 0x7f0af016f000
[pid  5250] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5255
[pid  5252] mprotect(0x7f0af0170000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5255] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5253] <... close resumed>)        = 0
[pid  5252] <... mprotect resumed>)     = 0
./strace-static-x86_64: Process 5256 attached
[pid  5253] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5256] set_robust_list(0x55555d5b76a0, 24 <unfinished ...>
[pid  5255] <... set_robust_list resumed>) = 0
[pid  5254] <... set_robust_list resumed>) = 0
[pid  5253] <... symlink resumed>)      = 0
[pid  5252] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5248] <... clone resumed>, child_tidptr=0x55555d5b7690) = 5256
[pid  5256] <... set_robust_list resumed>) = 0
[pid  5254] chdir("./0" <unfinished ...>
[pid  5256] chdir("./0" <unfinished ...>
[pid  5255] chdir("./0" <unfinished ...>
[pid  5254] <... chdir resumed>)        = 0
[pid  5253] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid  5252] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5256] <... chdir resumed>)        = 0
[pid  5255] <... chdir resumed>)        = 0
[pid  5254] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5253] <... write resumed>)        = 18
[pid  5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af018f990, parent_tid=0x7f0af018f990, exit_signal=0, stack=0x7f0af016f000, stack_size=0x20300, tls=0x7f0af018f6c0} <unfinished ...>
[pid  5256] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5255] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5254] <... prctl resumed>)        = 0
[pid  5253] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5256] <... prctl resumed>)        = 0
[pid  5255] <... prctl resumed>)        = 0
[pid  5254] setpgid(0, 0 <unfinished ...>
[pid  5253] <... futex resumed>)        = 0
[pid  5256] setpgid(0, 0 <unfinished ...>
[pid  5255] setpgid(0, 0 <unfinished ...>
[pid  5254] <... setpgid resumed>)      = 0
[pid  5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f0af01fffe0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0af01f1190}, ./strace-static-x86_64: Process 5257 attached
 <unfinished ...>
[pid  5256] <... setpgid resumed>)      = 0
[pid  5255] <... setpgid resumed>)      = 0
[pid  5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5253] <... rt_sigaction resumed>NULL, 8) = 0
[pid  5252] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257
[pid  5257] rseq(0x7f0af018ffe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5254] <... openat resumed>)       = 3
[pid  5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1],  <unfinished ...>
[pid  5257] <... rseq resumed>)         = 0
[pid  5256] <... openat resumed>)       = 3
[pid  5253] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5252] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5256] write(3, "1000", 4 <unfinished ...>
[pid  5253] <... mmap resumed>)         = 0x7f0af016f000
[pid  5256] <... write resumed>)        = 4
[pid  5256] close(3 <unfinished ...>
[pid  5253] mprotect(0x7f0af0170000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5256] <... close resumed>)        = 0
[pid  5256] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5253] <... mprotect resumed>)     = 0
[pid  5257] set_robust_list(0x7f0af018f9a0, 24 <unfinished ...>
[pid  5255] <... openat resumed>)       = 3
[pid  5254] write(3, "1000", 4 <unfinished ...>
[pid  5252] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5255] write(3, "1000", 4 <unfinished ...>
[pid  5254] <... write resumed>)        = 4
[pid  5252] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5257] <... set_robust_list resumed>) = 0
[pid  5254] close(3 <unfinished ...>
[pid  5252] <... futex resumed>)        = 0
[pid  5257] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5255] <... write resumed>)        = 4
[pid  5254] <... close resumed>)        = 0
[pid  5252] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5257] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5256] <... symlink resumed>)      = 0
[pid  5255] close(3 <unfinished ...>
[pid  5254] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5257] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5255] <... close resumed>)        = 0
[pid  5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af018f990, parent_tid=0x7f0af018f990, exit_signal=0, stack=0x7f0af016f000, stack_size=0x20300, tls=0x7f0af018f6c0}executing program
./strace-static-x86_64: Process 5258 attached
 <unfinished ...>
[pid  5256] write(1, "executing program\n", 18 <unfinished ...>
[pid  5255] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5254] <... symlink resumed>)      = 0
executing program
[pid  5258] rseq(0x7f0af018ffe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5256] <... write resumed>)        = 18
[pid  5253] <... clone3 resumed> => {parent_tid=[5258]}, 88) = 5258
[pid  5258] <... rseq resumed>)         = 0
[pid  5256] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5255] <... symlink resumed>)      = 0
[pid  5254] write(1, "executing program\n", 18 <unfinished ...>
[pid  5258] set_robust_list(0x7f0af018f9a0, 24 <unfinished ...>
[pid  5257] <... memfd_create resumed>) = 3
[pid  5256] <... futex resumed>)        = 0
[pid  5255] write(1, "executing program\n", 18 <unfinished ...>
[pid  5254] <... write resumed>)        = 18
[pid  5253] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5258] <... set_robust_list resumed>) = 0
[pid  5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f0af01fffe0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0af01f1190},  <unfinished ...>
[pid  5254] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5253] <... rt_sigprocmask resumed>NULL, 8) = 0
executing program
[pid  5258] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5256] <... rt_sigaction resumed>NULL, 8) = 0
[pid  5255] <... write resumed>)        = 18
[pid  5254] <... futex resumed>)        = 0
[pid  5253] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5258] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1],  <unfinished ...>
[pid  5257] <... mmap resumed>)         = 0x7f0ae7c00000
[pid  5253] <... futex resumed>)        = 0
[pid  5254] rt_sigaction(SIGRT_1, {sa_handler=0x7f0af01fffe0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0af01f1190},  <unfinished ...>
[pid  5258] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5255] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5254] <... rt_sigaction resumed>NULL, 8) = 0
[pid  5255] <... futex resumed>)        = 0
[pid  5254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1],  <unfinished ...>
[pid  5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f0af01fffe0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0af01f1190},  <unfinished ...>
[pid  5254] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5255] <... rt_sigaction resumed>NULL, 8) = 0
[pid  5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1],  <unfinished ...>
[pid  5258] <... memfd_create resumed>) = 3
[pid  5256] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5255] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5254] <... mmap resumed>)         = 0x7f0af016f000
[pid  5253] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5258] <... mmap resumed>)         = 0x7f0ae7c00000
[pid  5256] <... mmap resumed>)         = 0x7f0af016f000
[pid  5256] mprotect(0x7f0af0170000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5257] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5256] <... mprotect resumed>)     = 0
[pid  5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5254] mprotect(0x7f0af0170000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5254] <... mprotect resumed>)     = 0
[pid  5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af018f990, parent_tid=0x7f0af018f990, exit_signal=0, stack=0x7f0af016f000, stack_size=0x20300, tls=0x7f0af018f6c0}./strace-static-x86_64: Process 5259 attached
 => {parent_tid=[5259]}, 88) = 5259
[pid  5259] rseq(0x7f0af018ffe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5256] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5259] <... rseq resumed>)         = 0
[pid  5258] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5256] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5259] set_robust_list(0x7f0af018f9a0, 24) = 0
[pid  5259] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5256] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5259] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5256] <... futex resumed>)        = 0
[pid  5259] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5256] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5258] <... write resumed>)        = 65536
[pid  5255] <... mmap resumed>)         = 0x7f0af016f000
[pid  5255] mprotect(0x7f0af0170000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5254] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5257] <... write resumed>)        = 65536
[pid  5255] <... mprotect resumed>)     = 0
[pid  5254] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5259] <... memfd_create resumed>) = 3
[pid  5258] munmap(0x7f0ae7c00000, 138412032 <unfinished ...>
[pid  5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af018f990, parent_tid=0x7f0af018f990, exit_signal=0, stack=0x7f0af016f000, stack_size=0x20300, tls=0x7f0af018f6c0}./strace-static-x86_64: Process 5260 attached
 <unfinished ...>
[pid  5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5258] <... munmap resumed>)       = 0
[pid  5257] munmap(0x7f0ae7c00000, 138412032 <unfinished ...>
[pid  5255] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5260] rseq(0x7f0af018ffe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5259] <... mmap resumed>)         = 0x7f0ae7c00000
[pid  5255] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5254] <... clone3 resumed> => {parent_tid=[5260]}, 88) = 5260
[pid  5260] <... rseq resumed>)         = 0
[pid  5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af018f990, parent_tid=0x7f0af018f990, exit_signal=0, stack=0x7f0af016f000, stack_size=0x20300, tls=0x7f0af018f6c0} <unfinished ...>
[pid  5254] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5260] set_robust_list(0x7f0af018f9a0, 24./strace-static-x86_64: Process 5261 attached
) = 0
[pid  5259] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5257] <... munmap resumed>)       = 0
[pid  5254] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5261] rseq(0x7f0af018ffe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5260] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5257] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5254] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5261] <... rseq resumed>)         = 0
[pid  5260] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5254] <... futex resumed>)        = 0
[pid  5261] set_robust_list(0x7f0af018f9a0, 24 <unfinished ...>
[pid  5260] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5258] <... openat resumed>)       = 4
[pid  5254] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5261] <... set_robust_list resumed>) = 0
[pid  5258] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5257] <... openat resumed>)       = 4
[pid  5261] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5255] <... clone3 resumed> => {parent_tid=[5261]}, 88) = 5261
[pid  5261] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5260] <... memfd_create resumed>) = 3
[pid  5257] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5255] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5261] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5255] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5260] <... mmap resumed>)         = 0x7f0ae7c00000
[pid  5259] <... write resumed>)        = 65536
[pid  5258] <... ioctl resumed>)        = 0
[pid  5257] <... ioctl resumed>)        = 0
[pid  5260] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5259] munmap(0x7f0ae7c00000, 138412032 <unfinished ...>
[pid  5255] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5259] <... munmap resumed>)       = 0
[pid  5259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4
[pid  5260] <... write resumed>)        = 65536
[pid  5259] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5255] <... futex resumed>)        = 1
[pid  5261] <... futex resumed>)        = 0
[pid  5257] close(3 <unfinished ...>
[pid  5261] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5260] munmap(0x7f0ae7c00000, 138412032 <unfinished ...>
[pid  5259] <... ioctl resumed>)        = 0
[pid  5258] close(3 <unfinished ...>
[pid  5255] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5261] <... memfd_create resumed>) = 3
[pid  5260] <... munmap resumed>)       = 0
[pid  5258] <... close resumed>)        = 0
[pid  5257] <... close resumed>)        = 0
[pid  5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5260] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5257] close(4 <unfinished ...>
[pid  5261] <... mmap resumed>)         = 0x7f0ae7c00000
[pid  5260] <... openat resumed>)       = 4
[pid  5259] close(3 <unfinished ...>
[pid  5258] close(4 <unfinished ...>
[pid  5257] <... close resumed>)        = 0
[pid  5259] <... close resumed>)        = 0
[pid  5258] <... close resumed>)        = 0
[pid  5259] close(4 <unfinished ...>
[pid  5258] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5261] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536 <unfinished ...>
[pid  5260] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5259] <... close resumed>)        = 0
[pid  5258] <... mkdir resumed>)        = 0
[  128.278400][ T5258] loop0: detected capacity change from 0 to 128
[  128.287002][ T5257] loop1: detected capacity change from 0 to 128
[  128.307913][ T5259] loop2: detected capacity change from 0 to 128
[pid  5257] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5259] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5258] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", MS_RDONLY|MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "\xff" <unfinished ...>
[pid  5257] <... mkdir resumed>)        = 0
[pid  5259] <... mkdir resumed>)        = 0
[pid  5259] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", MS_RDONLY|MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "\xff") = 0
[pid  5259] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5259] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5261] <... write resumed>)        = 65536
[pid  5259] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5259] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5259] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5256] <... futex resumed>)        = 0
[pid  5256] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5259] <... futex resumed>)        = 0
[pid  5256] <... futex resumed>)        = 1
[  128.338052][ T5258] =======================================================
[  128.338052][ T5258] WARNING: The mand mount option has been deprecated and
[  128.338052][ T5258]          and is ignored by this kernel. Remove the mand
[  128.338052][ T5258]          option from the mount to silence this warning.
[  128.338052][ T5258] =======================================================
[  128.338859][ T5260] loop3: detected capacity change from 0 to 128
[pid  5259] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY <unfinished ...>
[pid  5256] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5261] munmap(0x7f0ae7c00000, 138412032 <unfinished ...>
[pid  5257] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", MS_RDONLY|MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "\xff" <unfinished ...>
[pid  5261] <... munmap resumed>)       = 0
[pid  5261] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5258] <... mount resumed>)        = 0
[pid  5261] <... openat resumed>)       = 4
[pid  5261] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5258] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[  128.388982][ T5259] syz-executor400: attempt to access beyond end of device
[  128.388982][ T5259] loop2: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  128.406014][ T5259] Buffer I/O error on dev loop2, logical block 3245768, async page read
[  128.420604][ T5259] syz-executor400: attempt to access beyond end of device
[  128.420604][ T5259] loop2: rw=0, sector=17666806, nr_sectors = 2 limit=128
[pid  5258] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0
[pid  5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5258] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5258] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5253] <... futex resumed>)        = 0
[pid  5261] <... ioctl resumed>)        = 0
[pid  5257] <... mount resumed>)        = 0
[pid  5253] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5261] close(3 <unfinished ...>
[pid  5258] <... futex resumed>)        = 0
[pid  5257] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5253] <... futex resumed>)        = 1
[  128.436357][ T5261] loop4: detected capacity change from 0 to 128
[  128.455362][ T5259] Buffer I/O error on dev loop2, logical block 8833403, async page read
[  128.465242][ T5259] syz-executor400: attempt to access beyond end of device
[  128.465242][ T5259] loop2: rw=0, sector=26539618, nr_sectors = 2 limit=128
[  128.466946][ T5258] syz-executor400: attempt to access beyond end of device
[pid  5261] <... close resumed>)        = 0
[pid  5260] <... ioctl resumed>)        = 0
[pid  5258] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY <unfinished ...>
[pid  5257] <... openat resumed>)       = 3
[pid  5256] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5253] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5261] close(4 <unfinished ...>
[pid  5260] close(3 <unfinished ...>
[pid  5257] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5261] <... close resumed>)        = 0
[pid  5260] <... close resumed>)        = 0
[pid  5257] <... chdir resumed>)        = 0
[pid  5256] futex(0x7f0af026b6bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5260] close(4 <unfinished ...>
[pid  5257] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5256] <... futex resumed>)        = 0
[pid  5261] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5260] <... close resumed>)        = 0
[pid  5257] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5260] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 <unfinished ...>
[pid  5256] <... mmap resumed>)         = 0x7f0af014e000
[pid  5256] mprotect(0x7f0af014f000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5261] <... mkdir resumed>)        = 0
[pid  5257] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af016e990, parent_tid=0x7f0af016e990, exit_signal=0, stack=0x7f0af014e000, stack_size=0x20300, tls=0x7f0af016e6c0} <unfinished ...>
[pid  5260] <... mkdir resumed>)        = 0
[pid  5257] <... futex resumed>)        = 1
[pid  5257] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5256] <... clone3 resumed> => {parent_tid=[5264]}, 88) = 5264
[pid  5252] <... futex resumed>)        = 0
[pid  5260] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", MS_RDONLY|MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "\xff" <unfinished ...>
[pid  5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5256] futex(0x7f0af026b6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5261] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "sysv", MS_RDONLY|MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "\xff" <unfinished ...>
[pid  5256] futex(0x7f0af026b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5252] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5257] <... futex resumed>)        = 0
[pid  5257] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY./strace-static-x86_64: Process 5264 attached
 <unfinished ...>
[pid  5264] rseq(0x7f0af016efe0, 0x20, 0, 0x53053053) = 0
[pid  5264] set_robust_list(0x7f0af016e9a0, 24) = 0
[pid  5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[  128.466946][ T5258] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  128.480418][ T5259] Buffer I/O error on dev loop2, logical block 13269809, async page read
[  128.516893][ T5257] syz-executor400: attempt to access beyond end of device
[  128.516893][ T5257] loop1: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  128.521220][ T5258] Buffer I/O error on dev loop0, logical block 3245768, async page read
[pid  5264] open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 0460 <unfinished ...>
[pid  5261] <... mount resumed>)        = 0
[pid  5252] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5261] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3
[pid  5253] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5261] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5253] futex(0x7f0af026b6bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5261] <... chdir resumed>)        = 0
[pid  5253] <... futex resumed>)        = 0
[pid  5261] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5260] <... mount resumed>)        = 0
[pid  5256] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5261] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5253] <... mmap resumed>)         = 0x7f0af014e000
[pid  5261] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5253] mprotect(0x7f0af014f000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5261] <... futex resumed>)        = 1
[pid  5260] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5253] <... mprotect resumed>)     = 0
[pid  5261] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5253] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5260] <... openat resumed>)       = 3
[pid  5253] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af016e990, parent_tid=0x7f0af016e990, exit_signal=0, stack=0x7f0af014e000, stack_size=0x20300, tls=0x7f0af016e6c0}./strace-static-x86_64: Process 5265 attached
 <unfinished ...>
[pid  5265] rseq(0x7f0af016efe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5253] <... clone3 resumed> => {parent_tid=[5265]}, 88) = 5265
[pid  5265] <... rseq resumed>)         = 0
[pid  5253] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5265] set_robust_list(0x7f0af016e9a0, 24 <unfinished ...>
[pid  5253] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5265] <... set_robust_list resumed>) = 0
[pid  5253] futex(0x7f0af026b6b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5265] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5260] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" <unfinished ...>
[pid  5255] <... futex resumed>)        = 0
[pid  5253] <... futex resumed>)        = 0
[pid  5265] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5253] futex(0x7f0af026b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5265] open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 0460 <unfinished ...>
[pid  5260] <... chdir resumed>)        = 0
[  128.541754][ T5258] syz-executor400: attempt to access beyond end of device
[  128.541754][ T5258] loop0: rw=0, sector=17666806, nr_sectors = 2 limit=128
[  128.542671][ T5259] syz-executor400: attempt to access beyond end of device
[  128.542671][ T5259] loop2: rw=0, sector=16147212, nr_sectors = 2 limit=128
[  128.560883][ T5257] Buffer I/O error on dev loop1, logical block 3245768, async page read
[pid  5255] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5261] <... futex resumed>)        = 0
[pid  5260] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5255] <... futex resumed>)        = 1
[pid  5261] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY <unfinished ...>
[pid  5260] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5255] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5252] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5252] futex(0x7f0af026b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0af014e000
[pid  5252] mprotect(0x7f0af014f000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5260] futex(0x7f0af026b6ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5252] <... mprotect resumed>)     = 0
[pid  5260] <... futex resumed>)        = 1
[pid  5254] <... futex resumed>)        = 0
[pid  5252] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5253] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5252] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af016e990, parent_tid=0x7f0af016e990, exit_signal=0, stack=0x7f0af014e000, stack_size=0x20300, tls=0x7f0af016e6c0}./strace-static-x86_64: Process 5266 attached
 <unfinished ...>
[pid  5266] rseq(0x7f0af016efe0, 0x20, 0, 0x53053053) = 0
[pid  5252] <... clone3 resumed> => {parent_tid=[5266]}, 88) = 5266
[  128.591831][ T5258] Buffer I/O error on dev loop0, logical block 8833403, async page read
[  128.594371][ T5257] syz-executor400: attempt to access beyond end of device
[  128.594371][ T5257] loop1: rw=0, sector=17666806, nr_sectors = 2 limit=128
[  128.604036][ T5261] syz-executor400: attempt to access beyond end of device
[  128.604036][ T5261] loop4: rw=0, sector=6491536, nr_sectors = 2 limit=128
[  128.619341][ T5259] Buffer I/O error on dev loop2, logical block 8073606, async page read
[pid  5266] set_robust_list(0x7f0af016e9a0, 24 <unfinished ...>
[pid  5260] futex(0x7f0af026b6a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5266] <... set_robust_list resumed>) = 0
[pid  5254] futex(0x7f0af026b6a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5252] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5266] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5252] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5266] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5252] futex(0x7f0af026b6b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5266] open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 0460 <unfinished ...>
[pid  5252] <... futex resumed>)        = 0
[pid  5260] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5254] <... futex resumed>)        = 0
[pid  5252] futex(0x7f0af026b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5254] futex(0x7f0af026b6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5260] openat(AT_FDCWD, "./binderfs/binder0", O_RDONLY <unfinished ...>
[pid  5255] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5255] futex(0x7f0af026b6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0af014e000
[pid  5255] mprotect(0x7f0af014f000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5254] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5252] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5254] futex(0x7f0af026b6bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5255] rt_sigprocmask(SIG_BLOCK, ~[],  <unfinished ...>
[pid  5254] <... futex resumed>)        = 0
[pid  5255] <... rt_sigprocmask resumed>[], 8) = 0
[pid  5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af016e990, parent_tid=0x7f0af016e990, exit_signal=0, stack=0x7f0af014e000, stack_size=0x20300, tls=0x7f0af016e6c0}./strace-static-x86_64: Process 5267 attached
 <unfinished ...>
[pid  5267] rseq(0x7f0af016efe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5255] <... clone3 resumed> => {parent_tid=[5267]}, 88) = 5267
[pid  5267] <... rseq resumed>)         = 0
[pid  5255] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5267] set_robust_list(0x7f0af016e9a0, 24 <unfinished ...>
[pid  5255] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5267] <... set_robust_list resumed>) = 0
[pid  5255] futex(0x7f0af026b6b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5267] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5255] <... futex resumed>)        = 0
[pid  5254] <... mmap resumed>)         = 0x7f0af014e000
[pid  5267] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5255] futex(0x7f0af026b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5254] mprotect(0x7f0af014f000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  5267] open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 0460 <unfinished ...>
[pid  5254] <... mprotect resumed>)     = 0
[pid  5254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[  128.646801][ T5257] Buffer I/O error on dev loop1, logical block 8833403, async page read
[  128.657449][ T5258] syz-executor400: attempt to access beyond end of device
[  128.657449][ T5258] loop0: rw=0, sector=26539618, nr_sectors = 2 limit=128
[  128.664029][ T5259] Buffer I/O error on dev loop2, logical block 3245771, async page read
[  128.674030][ T5261] Buffer I/O error on dev loop4, logical block 3245768, async page read
[pid  5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0af016e990, parent_tid=0x7f0af016e990, exit_signal=0, stack=0x7f0af014e000, stack_size=0x20300, tls=0x7f0af016e6c0}./strace-static-x86_64: Process 5268 attached
 <unfinished ...>
[pid  5268] rseq(0x7f0af016efe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5254] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268
[pid  5268] <... rseq resumed>)         = 0
[pid  5254] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5268] set_robust_list(0x7f0af016e9a0, 24 <unfinished ...>
[pid  5254] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5268] <... set_robust_list resumed>) = 0
[pid  5254] futex(0x7f0af026b6b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5254] <... futex resumed>)        = 0
[pid  5254] futex(0x7f0af026b6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5268] open("./file0", O_WRONLY|O_CREAT|O_EXCL|O_DIRECT|0x4, 0460 <unfinished ...>
[pid  5255] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5254] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5256] exit_group(0)               = ?
[pid  5253] exit_group(0)               = ?
[pid  5252] exit_group(0)               = ?
[pid  5255] exit_group(0)               = ?
[pid  5254] exit_group(0)               = ?
[pid  5247] kill(-5252, SIGKILL)        = 0
[pid  5247] kill(5252, SIGKILL)         = 0
[pid  5246] kill(-5253, SIGKILL)        = 0
[pid  5246] kill(5253, SIGKILL)         = 0
[pid  5250] kill(-5255, SIGKILL <unfinished ...>
[pid  5249] kill(-5254, SIGKILL <unfinished ...>
[pid  5248] kill(-5256, SIGKILL <unfinished ...>
[pid  5250] <... kill resumed>)         = 0
[pid  5249] <... kill resumed>)         = 0
[pid  5250] kill(5255, SIGKILL <unfinished ...>
[pid  5248] <... kill resumed>)         = 0
[pid  5250] <... kill resumed>)         = 0
[pid  5249] kill(5254, SIGKILL <unfinished ...>
[pid  5248] kill(5256, SIGKILL <unfinished ...>
[pid  5249] <... kill resumed>)         = 0
[pid  5248] <... kill resumed>)         = 0
[pid  5246] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5246] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5246] getdents64(3, 0x55555d5b8730 /* 2 entries */, 32768) = 48
[pid  5246] getdents64(3, 0x55555d5b8730 /* 0 entries */, 32768) = 0
[pid  5246] close(3)                    = 0
[pid  5247] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5247] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5247] getdents64(3, 0x55555d5b8730 /* 2 entries */, 32768) = 48
[pid  5247] getdents64(3, 0x55555d5b8730 /* 0 entries */, 32768) = 0
[pid  5247] close(3)                    = 0
[pid  5248] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5248] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5248] getdents64(3, 0x55555d5b8730 /* 2 entries */, 32768) = 48
[pid  5248] getdents64(3, 0x55555d5b8730 /* 0 entries */, 32768) = 0
[pid  5248] close(3)                    = 0
[pid  5249] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5249] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5249] getdents64(3, 0x55555d5b8730 /* 2 entries */, 32768) = 48
[pid  5249] getdents64(3, 0x55555d5b8730 /* 0 entries */, 32768) = 0
[pid  5249] close(3)                    = 0
[pid  5250] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5250] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5250] getdents64(3, 0x55555d5b8730 /* 2 entries */, 32768) = 48
[pid  5250] getdents64(3, 0x55555d5b8730 /* 0 entries */, 32768) = 0
[pid  5250] close(3)                    = 0
[  286.794205][   T30] INFO: task syz-executor400:5266 blocked for more than 143 seconds.
[  286.802574][   T30]       Not tainted 6.11.0-syzkaller #0
[  286.854076][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.862930][   T30] task:syz-executor400 state:D stack:27952 pid:5266  tgid:5252  ppid:5247   flags:0x00004006
[  286.934072][   T30] Call Trace:
[  286.937531][   T30]  <TASK>
[  286.940496][   T30]  __schedule+0x17ae/0x4a10
[  286.984080][   T30]  ? __pfx___schedule+0x10/0x10
[  286.989114][   T30]  ? __pfx_lock_release+0x10/0x10
[  287.014055][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  287.020201][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  287.044460][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  287.049652][   T30]  ? schedule+0x90/0x320
[  287.053940][   T30]  schedule+0x14b/0x320
[  287.094069][   T30]  schedule_preempt_disabled+0x13/0x30
[  287.099719][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[  287.144069][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[  287.150157][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  287.194056][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  287.199266][   T30]  ? rcu_read_lock_any_held+0xb7/0x160
[  287.224079][   T30]  down_write+0x1d7/0x220
[  287.228561][   T30]  ? __pfx_down_write+0x10/0x10
[  287.233450][   T30]  ? sb_end_write+0xe9/0x1c0
[  287.264065][   T30]  path_openat+0x7fb/0x3470
[  287.268660][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  287.304530][   T30]  ? __lock_acquire+0x137a/0x2040
[  287.309648][   T30]  ? __pfx_path_openat+0x10/0x10
[  287.344141][   T30]  do_filp_open+0x235/0x490
[  287.348869][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  287.353966][   T30]  ? _raw_spin_unlock+0x28/0x50
[  287.389103][   T30]  ? alloc_fd+0x5a1/0x640
[  287.393504][   T30]  do_sys_openat2+0x13e/0x1d0
[  287.444055][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  287.449354][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  287.484051][   T30]  ? _raw_spin_unlock_irq+0x2e/0x50
[  287.489342][   T30]  ? ptrace_notify+0x279/0x380
[  287.514057][   T30]  __x64_sys_open+0x225/0x270
[  287.518898][   T30]  ? __pfx___x64_sys_open+0x10/0x10
[  287.544055][   T30]  ? do_syscall_64+0x100/0x230
[  287.548982][   T30]  do_syscall_64+0xf3/0x230
[  287.553524][   T30]  ? clear_bhb_loop+0x35/0x90
[  287.584502][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.590485][   T30] RIP: 0033:0x7f0af01d9bc9
[  287.624067][   T30] RSP: 002b:00007f0af016e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  287.632545][   T30] RAX: ffffffffffffffda RBX: 00007f0af026b6b8 RCX: 00007f0af01d9bc9
[  287.704101][   T30] RDX: 0000000000000130 RSI: 00000000000040c5 RDI: 0000000020000080
[  287.712138][   T30] RBP: 00007f0af026b6b0 R08: 00007ffd610a2d67 R09: 00007f0af016e6c0
[  287.764124][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6bc
[  287.772173][   T30] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  287.834100][   T30]  </TASK>
[  287.837285][   T30] INFO: task syz-executor400:5265 blocked for more than 144 seconds.
[  287.874055][   T30]       Not tainted 6.11.0-syzkaller #0
[  287.879699][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  287.924085][   T30] task:syz-executor400 state:D stack:27952 pid:5265  tgid:5253  ppid:5246   flags:0x00004006
[  287.974080][   T30] Call Trace:
[  287.977429][   T30]  <TASK>
[  287.980400][   T30]  __schedule+0x17ae/0x4a10
[  288.024100][   T30]  ? __pfx___schedule+0x10/0x10
[  288.029054][   T30]  ? __pfx_lock_release+0x10/0x10
[  288.064085][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  288.070161][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  288.114117][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  288.119347][   T30]  ? schedule+0x90/0x320
[  288.123658][   T30]  schedule+0x14b/0x320
[  288.154245][   T30]  schedule_preempt_disabled+0x13/0x30
[  288.159812][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[  288.184107][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[  288.190112][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  288.234197][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  288.239345][   T30]  ? rcu_read_lock_any_held+0xb7/0x160
[  288.274166][   T30]  down_write+0x1d7/0x220
[  288.278590][   T30]  ? __pfx_down_write+0x10/0x10
[  288.283483][   T30]  ? sb_end_write+0xe9/0x1c0
[  288.314129][   T30]  path_openat+0x7fb/0x3470
[  288.318783][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  288.354128][   T30]  ? __lock_acquire+0x137a/0x2040
[  288.359257][   T30]  ? __pfx_path_openat+0x10/0x10
[  288.404105][   T30]  do_filp_open+0x235/0x490
[  288.408711][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  288.413807][   T30]  ? _raw_spin_unlock+0x28/0x50
[  288.444081][   T30]  ? alloc_fd+0x5a1/0x640
[  288.448507][   T30]  do_sys_openat2+0x13e/0x1d0
[  288.453223][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  288.484122][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  288.489420][   T30]  ? _raw_spin_unlock_irq+0x2e/0x50
[  288.524101][   T30]  ? ptrace_notify+0x279/0x380
[  288.528954][   T30]  __x64_sys_open+0x225/0x270
[  288.533680][   T30]  ? __pfx___x64_sys_open+0x10/0x10
[  288.584073][   T30]  ? do_syscall_64+0x100/0x230
[  288.588929][   T30]  do_syscall_64+0xf3/0x230
[  288.624081][   T30]  ? clear_bhb_loop+0x35/0x90
[  288.629005][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.674052][   T30] RIP: 0033:0x7f0af01d9bc9
[  288.678555][   T30] RSP: 002b:00007f0af016e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  288.704050][   T30] RAX: ffffffffffffffda RBX: 00007f0af026b6b8 RCX: 00007f0af01d9bc9
[  288.712095][   T30] RDX: 0000000000000130 RSI: 00000000000040c5 RDI: 0000000020000080
[  288.764043][   T30] RBP: 00007f0af026b6b0 R08: 00007ffd610a2d67 R09: 00007f0af016e6c0
[  288.772095][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6bc
[  288.804051][   T30] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  288.812125][   T30]  </TASK>
[  288.854096][   T30] INFO: task syz-executor400:5268 blocked for more than 145 seconds.
[  288.884089][   T30]       Not tainted 6.11.0-syzkaller #0
[  288.889696][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.924065][   T30] task:syz-executor400 state:D stack:27952 pid:5268  tgid:5254  ppid:5249   flags:0x00004006
[  288.964102][   T30] Call Trace:
[  288.967448][   T30]  <TASK>
[  288.970423][   T30]  __schedule+0x17ae/0x4a10
[  289.014085][   T30]  ? __pfx___schedule+0x10/0x10
[  289.019027][   T30]  ? __pfx_lock_release+0x10/0x10
[  289.054140][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.060223][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  289.104087][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  289.109300][   T30]  ? schedule+0x90/0x320
[  289.113588][   T30]  schedule+0x14b/0x320
[  289.154070][   T30]  schedule_preempt_disabled+0x13/0x30
[  289.159642][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[  289.194206][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[  289.200222][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  289.234085][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  289.239207][   T30]  ? rcu_read_lock_any_held+0xb7/0x160
[  289.284094][   T30]  down_write+0x1d7/0x220
[  289.288519][   T30]  ? __pfx_down_write+0x10/0x10
[  289.293410][   T30]  ? sb_end_write+0xe9/0x1c0
[  289.334088][   T30]  path_openat+0x7fb/0x3470
[  289.338693][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  289.374056][   T30]  ? __lock_acquire+0x137a/0x2040
[  289.379187][   T30]  ? __pfx_path_openat+0x10/0x10
[  289.404124][   T30]  do_filp_open+0x235/0x490
[  289.408716][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  289.413813][   T30]  ? _raw_spin_unlock+0x28/0x50
[  289.454067][   T30]  ? alloc_fd+0x5a1/0x640
[  289.458500][   T30]  do_sys_openat2+0x13e/0x1d0
[  289.463216][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  289.494061][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  289.499345][   T30]  ? _raw_spin_unlock_irq+0x2e/0x50
[  289.534082][   T30]  ? ptrace_notify+0x279/0x380
[  289.538937][   T30]  __x64_sys_open+0x225/0x270
[  289.543655][   T30]  ? __pfx___x64_sys_open+0x10/0x10
[  289.614080][   T30]  ? do_syscall_64+0x100/0x230
[  289.618931][   T30]  do_syscall_64+0xf3/0x230
[  289.623468][   T30]  ? clear_bhb_loop+0x35/0x90
[  289.664108][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.670083][   T30] RIP: 0033:0x7f0af01d9bc9
[  289.704306][   T30] RSP: 002b:00007f0af016e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  289.712901][   T30] RAX: ffffffffffffffda RBX: 00007f0af026b6b8 RCX: 00007f0af01d9bc9
[  289.764080][   T30] RDX: 0000000000000130 RSI: 00000000000040c5 RDI: 0000000020000080
[  289.772140][   T30] RBP: 00007f0af026b6b0 R08: 00007ffd610a2d67 R09: 00007f0af016e6c0
[  289.814544][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6bc
[  289.822611][   T30] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  289.894105][   T30]  </TASK>
[  289.897202][   T30] INFO: task syz-executor400:5267 blocked for more than 146 seconds.
[  289.924532][   T30]       Not tainted 6.11.0-syzkaller #0
[  289.930140][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.964084][   T30] task:syz-executor400 state:D stack:27952 pid:5267  tgid:5255  ppid:5250   flags:0x00004006
[  289.994149][   T30] Call Trace:
[  289.997538][   T30]  <TASK>
[  290.000508][   T30]  __schedule+0x17ae/0x4a10
[  290.054093][   T30]  ? __pfx___schedule+0x10/0x10
[  290.059050][   T30]  ? __pfx_lock_release+0x10/0x10
[  290.094055][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  290.100133][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  290.134055][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  290.139274][   T30]  ? schedule+0x90/0x320
[  290.143574][   T30]  schedule+0x14b/0x320
[  290.174134][   T30]  schedule_preempt_disabled+0x13/0x30
[  290.179687][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[  290.204087][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[  290.210086][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  290.254076][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  290.259203][   T30]  ? rcu_read_lock_any_held+0xb7/0x160
[  290.294060][   T30]  down_write+0x1d7/0x220
[  290.298474][   T30]  ? __pfx_down_write+0x10/0x10
[  290.303359][   T30]  ? sb_end_write+0xe9/0x1c0
[  290.334075][   T30]  path_openat+0x7fb/0x3470
[  290.338664][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[  290.364075][   T30]  ? __lock_acquire+0x137a/0x2040
[  290.369282][   T30]  ? __pfx_path_openat+0x10/0x10
[  290.404167][   T30]  do_filp_open+0x235/0x490
[  290.408761][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  290.413857][   T30]  ? _raw_spin_unlock+0x28/0x50
[  290.444091][   T30]  ? alloc_fd+0x5a1/0x640
[  290.448515][   T30]  do_sys_openat2+0x13e/0x1d0
[  290.453254][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  290.494072][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  290.499366][   T30]  ? _raw_spin_unlock_irq+0x2e/0x50
[  290.534075][   T30]  ? ptrace_notify+0x279/0x380
[  290.538928][   T30]  __x64_sys_open+0x225/0x270
[  290.543733][   T30]  ? __pfx___x64_sys_open+0x10/0x10
[  290.574066][   T30]  ? do_syscall_64+0x100/0x230
[  290.578972][   T30]  do_syscall_64+0xf3/0x230
[  290.583513][   T30]  ? clear_bhb_loop+0x35/0x90
[  290.624085][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.630063][   T30] RIP: 0033:0x7f0af01d9bc9
[  290.674077][   T30] RSP: 002b:00007f0af016e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  290.682614][   T30] RAX: ffffffffffffffda RBX: 00007f0af026b6b8 RCX: 00007f0af01d9bc9
[  290.734069][   T30] RDX: 0000000000000130 RSI: 00000000000040c5 RDI: 0000000020000080
[  290.742136][   T30] RBP: 00007f0af026b6b0 R08: 00007ffd610a2d67 R09: 00007f0af016e6c0
[  290.784075][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6bc
[  290.792122][   T30] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  290.864111][   T30]  </TASK>
[  290.867207][   T30] INFO: task syz-executor400:5264 blocked for more than 147 seconds.
[  290.894557][   T30]       Not tainted 6.11.0-syzkaller #0
[  290.900160][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  290.964086][   T30] task:syz-executor400 state:D stack:27320 pid:5264  tgid:5256  ppid:5248   flags:0x00004006
[  291.004087][   T30] Call Trace:
[  291.007522][   T30]  <TASK>
[  291.010487][   T30]  __schedule+0x17ae/0x4a10
[  291.044373][   T30]  ? __pfx___schedule+0x10/0x10
[  291.049403][   T30]  ? __pfx_lock_release+0x10/0x10
[  291.084094][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  291.090163][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  291.124075][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  291.129276][   T30]  ? schedule+0x90/0x320
[  291.133576][   T30]  schedule+0x14b/0x320
[  291.164089][   T30]  schedule_preempt_disabled+0x13/0x30
[  291.169653][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[  291.204090][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[  291.210095][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  291.254058][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  291.259195][   T30]  ? rcu_read_lock_any_held+0xb7/0x160
[  291.294074][   T30]  down_write+0x1d7/0x220
[  291.298511][   T30]  ? __pfx_down_write+0x10/0x10
[  291.303399][   T30]  ? sb_end_write+0xe9/0x1c0
[  291.344113][   T30]  path_openat+0x7fb/0x3470
[  291.348739][   T30]  ? __lock_acquire+0x137a/0x2040
[  291.353828][   T30]  ? __pfx_path_openat+0x10/0x10
[  291.404094][   T30]  do_filp_open+0x235/0x490
[  291.408691][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  291.413794][   T30]  ? _raw_spin_unlock+0x28/0x50
[  291.464064][   T30]  ? alloc_fd+0x5a1/0x640
[  291.468496][   T30]  do_sys_openat2+0x13e/0x1d0
[  291.473220][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  291.514055][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  291.519336][   T30]  ? _raw_spin_unlock_irq+0x2e/0x50
[  291.544484][   T30]  ? ptrace_notify+0x279/0x380
[  291.549328][   T30]  __x64_sys_open+0x225/0x270
[  291.574069][   T30]  ? __pfx___x64_sys_open+0x10/0x10
[  291.579356][   T30]  ? do_syscall_64+0x100/0x230
[  291.604471][   T30]  do_syscall_64+0xf3/0x230
[  291.609045][   T30]  ? clear_bhb_loop+0x35/0x90
[  291.613764][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.684049][   T30] RIP: 0033:0x7f0af01d9bc9
[  291.688542][   T30] RSP: 002b:00007f0af016e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  291.724070][   T30] RAX: ffffffffffffffda RBX: 00007f0af026b6b8 RCX: 00007f0af01d9bc9
[  291.732133][   T30] RDX: 0000000000000130 RSI: 00000000000040c5 RDI: 0000000020000080
[  291.774047][   T30] RBP: 00007f0af026b6b0 R08: 00007ffd610a2d67 R09: 00007f0af016e6c0
[  291.782090][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6bc
[  291.854064][   T30] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  291.862227][   T30]  </TASK>
[  291.894064][   T30] 
[  291.894064][   T30] Showing all locks held in the system:
[  291.901925][   T30] 1 lock held by khungtaskd/30:
[  291.934056][   T30]  #0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  291.964112][   T30] 2 locks held by kswapd0/89:
[  291.968966][   T30] 2 locks held by getty/4983:
[  291.973678][   T30]  #0: ffff8880650600a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  292.044088][   T30]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00
[  292.074065][   T30] 2 locks held by syz-executor400/5257:
[  292.079684][   T30] 1 lock held by syz-executor400/5266:
[  292.104531][   T30]  #0: ffff888075cac180 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: path_openat+0x7fb/0x3470
[  292.134096][   T30] 2 locks held by syz-executor400/5258:
[  292.139721][   T30] 1 lock held by syz-executor400/5265:
[  292.184079][   T30]  #0: ffff888075d146c0 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: path_openat+0x7fb/0x3470
[  292.224085][   T30] 2 locks held by syz-executor400/5260:
[  292.229702][   T30] 1 lock held by syz-executor400/5268:
[  292.264069][   T30]  #0: ffff888075cac6c0 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: path_openat+0x7fb/0x3470
[  292.294104][   T30] 1 lock held by syz-executor400/5261:
[  292.299620][   T30] 1 lock held by syz-executor400/5267:
[  292.324348][   T30]  #0: ffff888075d14c00 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: path_openat+0x7fb/0x3470
[  292.364097][   T30] 2 locks held by syz-executor400/5259:
[  292.369709][   T30] 1 lock held by syz-executor400/5264:
[  292.414074][   T30]  #0: ffff888075d14180 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: path_openat+0x7fb/0x3470
[  292.454061][   T30] 
[  292.456530][   T30] =============================================
[  292.456530][   T30] 
[  292.484083][   T30] NMI backtrace for cpu 1
[  292.488473][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller #0
[  292.496933][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  292.507016][   T30] Call Trace:
[  292.510314][   T30]  <TASK>
[  292.513281][   T30]  dump_stack_lvl+0x241/0x360
[  292.518001][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.523232][   T30]  ? __pfx__printk+0x10/0x10
[  292.527905][   T30]  ? vprintk_emit+0x667/0x7c0
[  292.532612][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  292.537672][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  292.542712][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  292.548199][   T30]  ? _printk+0xd5/0x120
[  292.552385][   T30]  ? __pfx__printk+0x10/0x10
[  292.557095][   T30]  ? __wake_up_klogd+0xcc/0x110
[  292.561977][   T30]  ? __pfx__printk+0x10/0x10
[  292.566596][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  292.571680][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  292.577696][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  292.583719][   T30]  watchdog+0xff4/0x1040
[  292.587998][   T30]  ? watchdog+0x1ea/0x1040
[  292.592465][   T30]  ? __pfx_watchdog+0x10/0x10
[  292.597180][   T30]  kthread+0x2f0/0x390
[  292.601288][   T30]  ? __pfx_watchdog+0x10/0x10
[  292.605997][   T30]  ? __pfx_kthread+0x10/0x10
[  292.610628][   T30]  ret_from_fork+0x4b/0x80
[  292.615083][   T30]  ? __pfx_kthread+0x10/0x10
[  292.619795][   T30]  ret_from_fork_asm+0x1a/0x30
[  292.624607][   T30]  </TASK>
[  292.627869][   T30] Sending NMI from CPU 1 to CPUs 0:
[  292.633124][    C0] NMI backtrace for cpu 0
[  292.633138][    C0] CPU: 0 UID: 0 PID: 5260 Comm: syz-executor400 Not tainted 6.11.0-syzkaller #0
[  292.633157][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  292.633168][    C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x35/0x90
[  292.633199][    C0] Code: 0c 25 c0 d6 03 00 65 8b 05 f0 47 70 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 57 83 b9 1c 16 00 00 00 74 4e 8b 81 f8 15 00 00 <83> f8 03 75 43 48 8b 91 00 16 00 00 44 8b 89 fc 15 00 00 49 c1 e1
[  292.633220][    C0] RSP: 0018:ffffc90003eb6cc0 EFLAGS: 00000246
[  292.633237][    C0] RAX: 0000000000000000 RBX: ffffc90003eb8000 RCX: ffff888025428000
[  292.633250][    C0] RDX: ffff888025428000 RSI: ffffc90003eb7278 RDI: ffffc90003eb72e0
[  292.633263][    C0] RBP: ffffc90003eb6da0 R08: ffffffff81414545 R09: ffffffff814140bf
[  292.633276][    C0] R10: 0000000000000003 R11: ffff888025428000 R12: ffffc90003eb72e0
[  292.633288][    C0] R13: dffffc0000000000 R14: ffffc90003eb0000 R15: ffffc90003eb72e8
[  292.633301][    C0] FS:  00007f0af018f6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[  292.633317][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  292.633329][    C0] CR2: 00005598d295a600 CR3: 00000000665b8000 CR4: 00000000003506f0
[  292.633344][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  292.633355][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  292.633365][    C0] Call Trace:
[  292.633372][    C0]  <NMI>
[  292.633379][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  292.633404][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  292.633431][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  292.633454][    C0]  ? nmi_handle+0x2a/0x5a0
[  292.633480][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  292.633502][    C0]  ? nmi_handle+0x14f/0x5a0
[  292.633531][    C0]  ? nmi_handle+0x2a/0x5a0
[  292.633548][    C0]  ? __sanitizer_cov_trace_cmp8+0x35/0x90
[  292.633571][    C0]  ? default_do_nmi+0x63/0x160
[  292.633595][    C0]  ? exc_nmi+0x123/0x1f0
[  292.633617][    C0]  ? end_repeat_nmi+0xf/0x53
[  292.633648][    C0]  ? unwind_next_frame+0x196f/0x2a00
[  292.633672][    C0]  ? unwind_next_frame+0x1df5/0x2a00
[  292.633698][    C0]  ? __sanitizer_cov_trace_cmp8+0x35/0x90
[  292.633722][    C0]  ? __sanitizer_cov_trace_cmp8+0x35/0x90
[  292.633746][    C0]  ? __sanitizer_cov_trace_cmp8+0x35/0x90
[  292.633770][    C0]  </NMI>
[  292.633775][    C0]  <TASK>
[  292.633780][    C0]  unwind_next_frame+0x1df5/0x2a00
[  292.633811][    C0]  ? create_empty_buffers+0x3a/0x740
[  292.633838][    C0]  ? create_empty_buffers+0x3a/0x740
[  292.633862][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  292.633884][    C0]  arch_stack_walk+0x151/0x1b0
[  292.633904][    C0]  ? block_read_full_folio+0x25c/0xcd0
[  292.633934][    C0]  stack_trace_save+0x118/0x1d0
[  292.633956][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  292.633984][    C0]  kasan_save_track+0x3f/0x80
[  292.634006][    C0]  ? kasan_save_track+0x3f/0x80
[  292.634023][    C0]  ? __kasan_slab_alloc+0x66/0x80
[  292.634044][    C0]  ? kmem_cache_alloc_noprof+0x135/0x2a0
[  292.634086][    C0]  ? alloc_buffer_head+0x2a/0x290
[  292.634109][    C0]  ? folio_alloc_buffers+0x241/0x5b0
[  292.634132][    C0]  ? create_empty_buffers+0x3a/0x740
[  292.634186][    C0]  __kasan_slab_alloc+0x66/0x80
[  292.634206][    C0]  ? alloc_buffer_head+0x2a/0x290
[  292.634230][    C0]  kmem_cache_alloc_noprof+0x135/0x2a0
[  292.634257][    C0]  alloc_buffer_head+0x2a/0x290
[  292.634280][    C0]  ? folio_alloc_buffers+0x34c/0x5b0
[  292.634306][    C0]  folio_alloc_buffers+0x241/0x5b0
[  292.634334][    C0]  create_empty_buffers+0x3a/0x740
[  292.634365][    C0]  block_read_full_folio+0x25c/0xcd0
[  292.634400][    C0]  ? __pfx_get_block+0x10/0x10
[  292.634503][    C0]  ? __pfx_block_read_full_folio+0x10/0x10
[  292.634534][    C0]  ? __pfx_lru_add_fn+0x10/0x10
[  292.634560][    C0]  ? folio_add_lru+0x4b3/0x9e0
[  292.634584][    C0]  ? folio_add_lru+0x27b/0x9e0
[  292.634610][    C0]  filemap_read_folio+0x1a0/0x790
[  292.634641][    C0]  ? __pfx_sysv_read_folio+0x10/0x10
[  292.634674][    C0]  ? __pfx_filemap_read_folio+0x10/0x10
[  292.634700][    C0]  ? __filemap_get_folio+0x984/0xc10
[  292.634729][    C0]  do_read_cache_folio+0x134/0x820
[  292.634756][    C0]  ? __pfx_sysv_read_folio+0x10/0x10
[  292.634784][    C0]  do_read_cache_page+0x30/0x200
[  292.634812][    C0]  sysv_find_entry+0x1af/0x410
[  292.634847][    C0]  sysv_inode_by_name+0x98/0x1f0
[  292.634864][    C0]  ? __pfx_sysv_inode_by_name+0x10/0x10
[  292.634887][    C0]  sysv_lookup+0x6b/0xe0
[  292.634904][    C0]  __lookup_slow+0x28c/0x3f0
[  292.634928][    C0]  ? __pfx___lookup_slow+0x10/0x10
[  292.634948][    C0]  ? __d_lookup+0x64/0x7b0
[  292.634976][    C0]  ? generic_permission+0x1d6/0x550
[  292.635002][    C0]  lookup_slow+0x53/0x70
[  292.635028][    C0]  link_path_walk+0x99b/0xea0
[  292.635057][    C0]  path_openat+0x25d/0x3470
[  292.635085][    C0]  ? mark_lock+0x9a/0x350
[  292.635109][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  292.635132][    C0]  ? __lock_acquire+0x137a/0x2040
[  292.635163][    C0]  ? __pfx_path_openat+0x10/0x10
[  292.635198][    C0]  do_filp_open+0x235/0x490
[  292.635223][    C0]  ? __pfx_do_filp_open+0x10/0x10
[  292.635261][    C0]  ? _raw_spin_unlock+0x28/0x50
[  292.635285][    C0]  ? alloc_fd+0x5a1/0x640
[  292.635317][    C0]  do_sys_openat2+0x13e/0x1d0
[  292.635339][    C0]  ? __pfx_do_sys_openat2+0x10/0x10
[  292.635359][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  292.635378][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  292.635404][    C0]  ? ptrace_notify+0x279/0x380
[  292.635427][    C0]  __x64_sys_openat+0x247/0x2a0
[  292.635449][    C0]  ? __pfx___x64_sys_openat+0x10/0x10
[  292.635472][    C0]  ? do_syscall_64+0x100/0x230
[  292.635496][    C0]  do_syscall_64+0xf3/0x230
[  292.635515][    C0]  ? clear_bhb_loop+0x35/0x90
[  292.635538][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.635560][    C0] RIP: 0033:0x7f0af01d9bc9
[  292.635576][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  292.635589][    C0] RSP: 002b:00007f0af018f228 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  292.635607][    C0] RAX: ffffffffffffffda RBX: 00007f0af026b6a8 RCX: 00007f0af01d9bc9
[  292.635620][    C0] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c
[  292.635636][    C0] RBP: 00007f0af026b6a0 R08: 00007f0af018f6c0 R09: 00007f0af018f6c0
[  292.635648][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af026b6ac
[  292.635659][    C0] R13: 00007f0af022e0c0 R14: 0030656c69662f2e R15: 00007ffd610a2d68
[  292.635682][    C0]  </TASK>
[  292.635690][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.566 msecs
[  293.824113][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  293.831017][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller #0
[  293.839461][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  293.849584][   T30] Call Trace:
[  293.852884][   T30]  <TASK>
[  293.855923][   T30]  dump_stack_lvl+0x241/0x360
[  293.860635][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.865950][   T30]  ? __pfx__printk+0x10/0x10
[  293.870571][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  293.876594][   T30]  ? vscnprintf+0x5d/0x90
[  293.881085][   T30]  panic+0x349/0x860
[  293.885012][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  293.891238][   T30]  ? __pfx_panic+0x10/0x10
[  293.895675][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  293.901079][   T30]  ? __irq_work_queue_local+0x137/0x410
[  293.906657][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  293.912050][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  293.918263][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  293.924473][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  293.930671][   T30]  watchdog+0x1033/0x1040
[  293.935041][   T30]  ? watchdog+0x1ea/0x1040
[  293.939517][   T30]  ? __pfx_watchdog+0x10/0x10
[  293.944225][   T30]  kthread+0x2f0/0x390
[  293.948325][   T30]  ? __pfx_watchdog+0x10/0x10
[  293.953037][   T30]  ? __pfx_kthread+0x10/0x10
[  293.957673][   T30]  ret_from_fork+0x4b/0x80
[  293.962124][   T30]  ? __pfx_kthread+0x10/0x10
[  293.966751][   T30]  ret_from_fork_asm+0x1a/0x30
[  293.971568][   T30]  </TASK>
[  293.974976][   T30] Kernel Offset: disabled
[  293.979313][   T30] Rebooting in 86400 seconds..