./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1163759200 <...> Warning: Permanently added '10.128.0.199' (ED25519) to the list of known hosts. execve("./syz-executor1163759200", ["./syz-executor1163759200"], 0x7fff7c86d090 /* 10 vars */) = 0 brk(NULL) = 0x555556b84000 brk(0x555556b84d40) = 0x555556b84d40 arch_prctl(ARCH_SET_FS, 0x555556b843c0) = 0 set_tid_address(0x555556b84690) = 5032 set_robust_list(0x555556b846a0, 24) = 0 rseq(0x555556b84ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1163759200", 4096) = 28 getrandom("\x5b\xb1\x79\x0a\xf0\xde\x54\xa1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b84d40 brk(0x555556ba5d40) = 0x555556ba5d40 brk(0x555556ba6000) = 0x555556ba6000 mprotect(0x7fcd3aff9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.JUn9P6", 0700) = 0 chmod("./syzkaller.JUn9P6", 0777) = 0 chdir("./syzkaller.JUn9P6") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 75.705096][ T27] audit: type=1400 audit(1697637689.631:83): avc: denied { write } for pid=5029 comm="strace-static-x" path="pipe:[4291]" dev="pipefs" ino=4291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x555556b846a0, 24) = 0 [ 75.737011][ T27] audit: type=1400 audit(1697637689.671:84): avc: denied { execmem } for pid=5032 comm="syz-executor116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 75.760353][ T27] audit: type=1400 audit(1697637689.681:85): avc: denied { read write } for pid=5032 comm="syz-executor116" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5033] chdir("./0") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5033] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5035 attached => {parent_tid=[5035]}, 88) = 5035 [pid 5035] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] <... rseq resumed>) = 0 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... set_robust_list resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] memfd_create("syzkaller", 0) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [ 75.785255][ T27] audit: type=1400 audit(1697637689.681:86): avc: denied { open } for pid=5032 comm="syz-executor116" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.812165][ T27] audit: type=1400 audit(1697637689.681:87): avc: denied { ioctl } for pid=5032 comm="syz-executor116" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.835934][ T5035] syz-executor116[5035]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5035] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./bus", 0777) = 0 [ 76.050830][ T5035] loop0: detected capacity change from 0 to 32768 [ 76.063248][ T27] audit: type=1400 audit(1697637689.991:88): avc: denied { mounton } for pid=5033 comm="syz-executor116" path="/root/syzkaller.JUn9P6/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 76.077942][ T5035] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5035) [ 76.097448][ T27] audit: type=1400 audit(1697637690.031:89): avc: denied { append } for pid=4466 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 76.123206][ T27] audit: type=1400 audit(1697637690.031:90): avc: denied { open } for pid=4466 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 76.146175][ T27] audit: type=1400 audit(1697637690.031:91): avc: denied { getattr } for pid=4466 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 76.176791][ T5035] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.185934][ T5035] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5035] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [ 76.197223][ T5035] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.208137][ T5035] BTRFS info (device loop0): trying to use backup root at mount time [ 76.216333][ T5035] BTRFS info (device loop0): enabling ssd optimizations [ 76.223384][ T5035] BTRFS info (device loop0): using spread ssd allocation scheme [ 76.231231][ T5035] BTRFS info (device loop0): using free space tree [pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./bus") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 0 [pid 5035] creat("./bus", 000) = 4 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... futex resumed>) = 0 [ 76.267835][ T27] audit: type=1400 audit(1697637690.201:92): avc: denied { mount } for pid=5033 comm="syz-executor116" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 1 [pid 5035] open("./bus", O_RDONLY [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... open resumed>) = 5 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... mmap resumed>) = 0x20000000 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] fallocate(6, 0, 0, 1048820) = 0 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5033] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0}./strace-static-x86_64: Process 5052 attached => {parent_tid=[5052]}, 88) = 5052 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] <... rseq resumed>) = 0 [pid 5033] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] set_robust_list(0x7fcd3af0e9a0, 24 [pid 5033] <... futex resumed>) = 0 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5052] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5052] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... write resumed>) = 144 [pid 5035] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5033] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5035] <... futex resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x555556b846a0, 24) = 0 [pid 5054] chdir("./1") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5054] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5055]}, 88) = 5055 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5055 attached [pid 5055] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5055] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] memfd_create("syzkaller", 0) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5055] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./bus", 0777) = 0 [ 76.917161][ T5055] loop0: detected capacity change from 0 to 32768 [ 76.927504][ T5055] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5055) [ 76.945341][ T5055] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.954278][ T5055] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5055] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./bus") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] creat("./bus", 000) = 4 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 76.965495][ T5055] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.976628][ T5055] BTRFS info (device loop0): trying to use backup root at mount time [ 76.984743][ T5055] BTRFS info (device loop0): enabling ssd optimizations [ 76.991811][ T5055] BTRFS info (device loop0): using spread ssd allocation scheme [ 76.999495][ T5055] BTRFS info (device loop0): using free space tree [pid 5055] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./bus", O_RDONLY) = 5 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open resumed>) = 6 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] fallocate(6, 0, 0, 1048820 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... fallocate resumed>) = 0 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5055] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5054] exit_group(0 [pid 5055] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x555556b84690) = 5072 [pid 5072] set_robust_list(0x555556b846a0, 24) = 0 [pid 5072] chdir("./2") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5072] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5073]}, 88) = 5073 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5073] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [ 77.575906][ T5073] loop0: detected capacity change from 0 to 32768 [ 77.587060][ T5073] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5073) [ 77.605872][ T5073] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.614594][ T5073] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5073] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./bus") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.626129][ T5073] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.636838][ T5073] BTRFS info (device loop0): trying to use backup root at mount time [ 77.645078][ T5073] BTRFS info (device loop0): enabling ssd optimizations [ 77.652081][ T5073] BTRFS info (device loop0): using spread ssd allocation scheme [ 77.660100][ T5073] BTRFS info (device loop0): using free space tree [pid 5073] creat("./bus", 000) = 4 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDONLY) = 5 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 6 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5073] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] fallocate(6, 0, 0, 1048820) = 0 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5072] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] <... write resumed>) = 144 [pid 5073] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5090] set_robust_list(0x7fcd3af0e9a0, 24 [pid 5072] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5072] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5090] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5072] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x555556b84690) = 5091 [pid 5091] set_robust_list(0x555556b846a0, 24) = 0 [pid 5091] chdir("./3") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5091] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5092] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5092] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./bus", 0777) = 0 [ 78.267005][ T5092] loop0: detected capacity change from 0 to 32768 [ 78.278712][ T5092] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5092) [ 78.295149][ T5092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.304031][ T5092] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5092] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./bus") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] creat("./bus", 000 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... creat resumed>) = 4 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] open("./bus", O_RDONLY [ 78.314904][ T5092] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.325683][ T5092] BTRFS info (device loop0): trying to use backup root at mount time [ 78.333779][ T5092] BTRFS info (device loop0): enabling ssd optimizations [ 78.340824][ T5092] BTRFS info (device loop0): using spread ssd allocation scheme [ 78.348491][ T5092] BTRFS info (device loop0): using free space tree [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... open resumed>) = 5 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 1 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] fallocate(6, 0, 0, 1048820 [pid 5091] <... futex resumed>) = 1 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... fallocate resumed>) = 0 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5092] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5091] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555556b846a0, 24) = 0 [pid 5110] chdir("./4") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5110] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5111] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5111] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./bus", 0777) = 0 [ 78.921414][ T5111] loop0: detected capacity change from 0 to 32768 [ 78.931805][ T5111] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5111) [ 78.950310][ T5111] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.959452][ T5111] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5111] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./bus") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] creat("./bus", 000 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... creat resumed>) = 4 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDONLY) = 5 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 78.970314][ T5111] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.980983][ T5111] BTRFS info (device loop0): trying to use backup root at mount time [ 78.989153][ T5111] BTRFS info (device loop0): enabling ssd optimizations [ 78.996311][ T5111] BTRFS info (device loop0): using spread ssd allocation scheme [ 79.003955][ T5111] BTRFS info (device loop0): using free space tree [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... open resumed>) = 6 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] fallocate(6, 0, 0, 1048820) = 0 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 0 [pid 5111] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5110] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5110] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053 [pid 5110] <... clone3 resumed> => {parent_tid=[5128]}, 88) = 5128 [pid 5128] <... rseq resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] set_robust_list(0x7fcd3af0e9a0, 24 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... set_robust_list resumed>) = 0 [pid 5110] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... futex resumed>) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5128] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5128] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... write resumed>) = 144 [pid 5111] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] exit_group(0) = ? [pid 5128] <... futex resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5111] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5129 ./strace-static-x86_64: Process 5129 attached [pid 5129] set_robust_list(0x555556b846a0, 24) = 0 [pid 5129] chdir("./5") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5129] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5129] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... futex resumed>) = 0 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5130] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./bus", 0777) = 0 [ 79.588368][ T5130] loop0: detected capacity change from 0 to 32768 [ 79.600550][ T5130] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5130) [ 79.618005][ T5130] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.626883][ T5130] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5130] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./bus") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] creat("./bus", 000 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] <... creat resumed>) = 4 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] open("./bus", O_RDONLY [pid 5129] <... futex resumed>) = 0 [ 79.637759][ T5130] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.648607][ T5130] BTRFS info (device loop0): trying to use backup root at mount time [ 79.656762][ T5130] BTRFS info (device loop0): enabling ssd optimizations [ 79.663706][ T5130] BTRFS info (device loop0): using spread ssd allocation scheme [ 79.671525][ T5130] BTRFS info (device loop0): using free space tree [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... open resumed>) = 5 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] <... futex resumed>) = 0 [pid 5130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... open resumed>) = 6 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... mmap resumed>) = 0x20000000 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] fallocate(6, 0, 0, 1048820 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... fallocate resumed>) = 0 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5130] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5129] <... futex resumed>) = 1 [pid 5129] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5130] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] exit_group(0) = ? [pid 5130] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x555556b84690) = 5147 [pid 5147] set_robust_list(0x555556b846a0, 24) = 0 [pid 5147] chdir("./6") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5147] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5148]}, 88) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... futex resumed>) = 0 [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5148] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] mkdir("./bus", 0777) = 0 [ 80.241478][ T5148] loop0: detected capacity change from 0 to 32768 [ 80.251829][ T5148] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5148) [ 80.270561][ T5148] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.279943][ T5148] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5148] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5148] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./bus") = 0 [pid 5148] ioctl(4, LOOP_CLR_FD) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] creat("./bus", 000 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... creat resumed>) = 4 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] open("./bus", O_RDONLY) = 5 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5148] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5147] <... futex resumed>) = 0 [ 80.290878][ T5148] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.301626][ T5148] BTRFS info (device loop0): trying to use backup root at mount time [ 80.310387][ T5148] BTRFS info (device loop0): enabling ssd optimizations [ 80.317424][ T5148] BTRFS info (device loop0): using spread ssd allocation scheme [ 80.325059][ T5148] BTRFS info (device loop0): using free space tree [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 6 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5148] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... mmap resumed>) = 0x20000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] fallocate(6, 0, 0, 1048820) = 0 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5148] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] exit_group(0) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x555556b846a0, 24) = 0 [pid 5165] chdir("./7") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5165] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5166 attached => {parent_tid=[5166]}, 88) = 5166 [pid 5166] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] <... rseq resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5166] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./bus", 0777) = 0 [ 80.874330][ T5166] loop0: detected capacity change from 0 to 32768 [ 80.885385][ T5166] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5166) [ 80.904933][ T5166] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.913827][ T5166] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5166] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5166] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./bus") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5166] creat("./bus", 000 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... creat resumed>) = 4 [ 80.924854][ T5166] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.935557][ T5166] BTRFS info (device loop0): trying to use backup root at mount time [ 80.943723][ T5166] BTRFS info (device loop0): enabling ssd optimizations [ 80.951054][ T5166] BTRFS info (device loop0): using spread ssd allocation scheme [ 80.958771][ T5166] BTRFS info (device loop0): using free space tree [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5166] open("./bus", O_RDONLY [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... open resumed>) = 5 [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] fallocate(6, 0, 0, 1048820) = 0 [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [ 81.009560][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 81.009576][ T27] audit: type=1804 audit(1697637694.941:130): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/7/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5166] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5165] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5165] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5165] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0} => {parent_tid=[5183]}, 88) = 5183 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5165] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5183 attached [pid 5183] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5183] set_robust_list(0x7fcd3af0e9a0, 24) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 81.042314][ T27] audit: type=1804 audit(1697637694.951:131): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/7/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 81.067647][ T27] audit: type=1804 audit(1697637694.951:132): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/7/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5183] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5183] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5183] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... write resumed>) = 144 [pid 5166] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] exit_group(0 [pid 5183] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5166] <... futex resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 [ 81.096123][ T27] audit: type=1804 audit(1697637694.951:133): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/7/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5184 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x555556b846a0, 24) = 0 [pid 5184] chdir("./8") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5184] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5185 attached [pid 5185] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5184] <... clone3 resumed> => {parent_tid=[5185]}, 88) = 5185 [pid 5185] <... rseq resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5185] memfd_create("syzkaller", 0 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] <... memfd_create resumed>) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5185] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./bus", 0777) = 0 [ 81.574631][ T5185] loop0: detected capacity change from 0 to 32768 [ 81.585848][ T5185] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5185) [ 81.603334][ T5185] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.613185][ T5185] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5185] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./bus") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [pid 5185] close(4) = 0 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] creat("./bus", 000) = 4 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [ 81.624048][ T5185] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 81.634721][ T5185] BTRFS info (device loop0): trying to use backup root at mount time [ 81.643131][ T5185] BTRFS info (device loop0): enabling ssd optimizations [ 81.650326][ T5185] BTRFS info (device loop0): using spread ssd allocation scheme [ 81.658326][ T5185] BTRFS info (device loop0): using free space tree [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 0 [pid 5185] open("./bus", O_RDONLY) = 5 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 1 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.707999][ T27] audit: type=1804 audit(1697637695.641:134): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/8/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5185] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... mmap resumed>) = 0x20000000 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] fallocate(6, 0, 0, 1048820 [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... fallocate resumed>) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [ 81.737949][ T27] audit: type=1804 audit(1697637695.671:135): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/8/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5184] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5184] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [ 81.796252][ T27] audit: type=1804 audit(1697637695.691:136): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/8/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 [ 81.849905][ T27] audit: type=1804 audit(1697637695.691:137): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/8/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x555556b846a0, 24) = 0 [pid 5204] chdir("./9") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5204] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5205 attached => {parent_tid=[5205]}, 88) = 5205 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5205] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] <... rseq resumed>) = 0 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5205] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [ 82.506484][ T5205] loop0: detected capacity change from 0 to 32768 [ 82.516207][ T5205] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5205) [ 82.533734][ T5205] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.543101][ T5205] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5205] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./bus") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] creat("./bus", 000 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... creat resumed>) = 4 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5205] open("./bus", O_RDONLY [ 82.554125][ T5205] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 82.564906][ T5205] BTRFS info (device loop0): trying to use backup root at mount time [ 82.573172][ T5205] BTRFS info (device loop0): enabling ssd optimizations [ 82.580359][ T5205] BTRFS info (device loop0): using spread ssd allocation scheme [ 82.588252][ T5205] BTRFS info (device loop0): using free space tree [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 5 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 6 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... mmap resumed>) = 0x20000000 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] fallocate(6, 0, 0, 1048820) = 0 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.634563][ T27] audit: type=1804 audit(1697637696.561:138): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/9/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 82.660752][ T27] audit: type=1804 audit(1697637696.601:139): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/9/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5205] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5205] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5204] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5205] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5205] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5222 ./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x555556b846a0, 24) = 0 [pid 5222] chdir("./10") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5222] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5223]}, 88) = 5223 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5223 attached NULL, 8) = 0 [pid 5223] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... rseq resumed>) = 0 [pid 5223] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] memfd_create("syzkaller", 0) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5223] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] mkdir("./bus", 0777) = 0 [ 83.184552][ T5223] loop0: detected capacity change from 0 to 32768 [ 83.194955][ T5223] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5223) [ 83.212076][ T5223] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.222326][ T5223] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5223] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5223] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./bus") = 0 [pid 5223] ioctl(4, LOOP_CLR_FD) = 0 [pid 5223] close(4) = 0 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] creat("./bus", 000 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... creat resumed>) = 4 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] open("./bus", O_RDONLY) = 5 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [ 83.233356][ T5223] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.244003][ T5223] BTRFS info (device loop0): trying to use backup root at mount time [ 83.252240][ T5223] BTRFS info (device loop0): enabling ssd optimizations [ 83.259207][ T5223] BTRFS info (device loop0): using spread ssd allocation scheme [ 83.266921][ T5223] BTRFS info (device loop0): using free space tree [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... mmap resumed>) = 0x20000000 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] fallocate(6, 0, 0, 1048820 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... fallocate resumed>) = 0 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 0 [pid 5223] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5223] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] exit_group(0 [pid 5223] <... futex resumed>) = ? [pid 5222] <... exit_group resumed>) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5240 ./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x555556b846a0, 24) = 0 [pid 5240] chdir("./11") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5240] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5241 attached => {parent_tid=[5241]}, 88) = 5241 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5241] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] memfd_create("syzkaller", 0 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] <... memfd_create resumed>) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5241] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] mkdir("./bus", 0777) = 0 [ 83.836494][ T5241] loop0: detected capacity change from 0 to 32768 [ 83.846541][ T5241] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5241) [ 83.862115][ T5241] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.870878][ T5241] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5241] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./bus") = 0 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5241] creat("./bus", 000 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... creat resumed>) = 4 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] open("./bus", O_RDONLY [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] <... open resumed>) = 5 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5241] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] <... futex resumed>) = 0 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... open resumed>) = 6 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [ 83.881727][ T5241] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 83.892612][ T5241] BTRFS info (device loop0): trying to use backup root at mount time [ 83.900837][ T5241] BTRFS info (device loop0): enabling ssd optimizations [ 83.907826][ T5241] BTRFS info (device loop0): using spread ssd allocation scheme [ 83.915466][ T5241] BTRFS info (device loop0): using free space tree [pid 5241] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5240] <... futex resumed>) = 0 [pid 5241] <... mmap resumed>) = 0x20000000 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] fallocate(6, 0, 0, 1048820 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... fallocate resumed>) = 0 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 1 [pid 5241] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5241] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] exit_group(0) = ? [pid 5241] <... futex resumed>) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x555556b846a0, 24 [pid 5032] <... clone resumed>, child_tidptr=0x555556b84690) = 5258 [pid 5258] <... set_robust_list resumed>) = 0 [pid 5258] chdir("./12") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5258] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5259]}, 88) = 5259 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5259 attached NULL, 8) = 0 [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5259] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5259] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./bus", 0777) = 0 [ 84.463447][ T5259] loop0: detected capacity change from 0 to 32768 [ 84.475133][ T5259] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5259) [ 84.495919][ T5259] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [pid 5259] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5259] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./bus") = 0 [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5259] creat("./bus", 000 [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... creat resumed>) = 4 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5259] open("./bus", O_RDONLY [ 84.504653][ T5259] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.515462][ T5259] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 84.526211][ T5259] BTRFS info (device loop0): trying to use backup root at mount time [ 84.534297][ T5259] BTRFS info (device loop0): enabling ssd optimizations [ 84.541261][ T5259] BTRFS info (device loop0): using spread ssd allocation scheme [ 84.549061][ T5259] BTRFS info (device loop0): using free space tree [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... open resumed>) = 5 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5259] <... futex resumed>) = 1 [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5258] <... futex resumed>) = 0 [pid 5259] <... open resumed>) = 6 [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] <... futex resumed>) = 0 [pid 5259] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... mmap resumed>) = 0x20000000 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] fallocate(6, 0, 0, 1048820) = 0 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5258] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5259] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] exit_group(0 [pid 5259] <... futex resumed>) = ? [pid 5258] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5276 ./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x555556b846a0, 24) = 0 [pid 5276] chdir("./13") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5276] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5277 attached [pid 5277] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5276] <... clone3 resumed> => {parent_tid=[5277]}, 88) = 5277 [pid 5277] <... rseq resumed>) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... futex resumed>) = 0 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5277] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5277] close(3) = 0 [pid 5277] mkdir("./bus", 0777) = 0 [ 85.099565][ T5277] loop0: detected capacity change from 0 to 32768 [ 85.113676][ T5277] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5277) [ 85.131183][ T5277] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [pid 5277] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5277] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./bus") = 0 [pid 5277] ioctl(4, LOOP_CLR_FD) = 0 [pid 5277] close(4) = 0 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] creat("./bus", 000) = 4 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] open("./bus", O_RDONLY) = 5 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [ 85.140023][ T5277] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.151448][ T5277] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.164293][ T5277] BTRFS info (device loop0): trying to use backup root at mount time [ 85.172605][ T5277] BTRFS info (device loop0): enabling ssd optimizations [ 85.179746][ T5277] BTRFS info (device loop0): using spread ssd allocation scheme [ 85.188520][ T5277] BTRFS info (device loop0): using free space tree [pid 5277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] fallocate(6, 0, 0, 1048820) = 0 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = 1 [pid 5276] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5277] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5276] exit_group(0) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5294 ./strace-static-x86_64: Process 5294 attached [pid 5294] set_robust_list(0x555556b846a0, 24) = 0 [pid 5294] chdir("./14") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5294] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5295 attached => {parent_tid=[5295]}, 88) = 5295 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5295] <... rseq resumed>) = 0 [pid 5295] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5295] memfd_create("syzkaller", 0) = 3 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5295] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5295] close(3) = 0 [pid 5295] mkdir("./bus", 0777) = 0 [ 85.731419][ T5295] loop0: detected capacity change from 0 to 32768 [ 85.742953][ T5295] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5295) [ 85.761417][ T5295] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.770432][ T5295] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5295] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5295] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5295] chdir("./bus") = 0 [pid 5295] ioctl(4, LOOP_CLR_FD) = 0 [pid 5295] close(4) = 0 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5295] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5295] creat("./bus", 000 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... creat resumed>) = 4 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5295] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [ 85.781685][ T5295] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 85.792790][ T5295] BTRFS info (device loop0): trying to use backup root at mount time [ 85.801211][ T5295] BTRFS info (device loop0): enabling ssd optimizations [ 85.808645][ T5295] BTRFS info (device loop0): using spread ssd allocation scheme [ 85.816559][ T5295] BTRFS info (device loop0): using free space tree [pid 5295] open("./bus", O_RDONLY [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... open resumed>) = 5 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5294] <... futex resumed>) = 0 [pid 5295] <... open resumed>) = 6 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... futex resumed>) = 1 [pid 5295] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] fallocate(6, 0, 0, 1048820) = 0 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... futex resumed>) = 1 [pid 5295] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5295] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] exit_group(0) = ? [pid 5295] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x555556b84690) = 5312 [pid 5312] set_robust_list(0x555556b846a0, 24) = 0 [pid 5312] chdir("./15") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5312] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5313]}, 88) = 5313 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5313 attached [pid 5313] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5313] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5313] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./bus", 0777) = 0 [ 86.377543][ T5313] loop0: detected capacity change from 0 to 32768 [ 86.388569][ T5313] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5313) [ 86.404818][ T5313] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.413991][ T5313] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5313] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5313] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./bus") = 0 [pid 5313] ioctl(4, LOOP_CLR_FD) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] creat("./bus", 000 [pid 5312] <... futex resumed>) = 0 [pid 5313] <... creat resumed>) = 4 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [ 86.425061][ T5313] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 86.435922][ T5313] BTRFS info (device loop0): trying to use backup root at mount time [ 86.443998][ T5313] BTRFS info (device loop0): enabling ssd optimizations [ 86.451306][ T5313] BTRFS info (device loop0): using spread ssd allocation scheme [ 86.459375][ T5313] BTRFS info (device loop0): using free space tree [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] open("./bus", O_RDONLY) = 5 [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 0 [pid 5313] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [ 86.509068][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 86.509077][ T27] audit: type=1804 audit(1697637700.441:162): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/15/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5313] fallocate(6, 0, 0, 1048820) = 0 [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [ 86.543472][ T27] audit: type=1804 audit(1697637700.481:163): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/15/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 86.567270][ T27] audit: type=1804 audit(1697637700.481:164): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/15/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5312] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5312] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0} => {parent_tid=[5329]}, 88) = 5329 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5329 attached [pid 5313] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5329] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5329] set_robust_list(0x7fcd3af0e9a0, 24) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5329] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5329] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... write resumed>) = 144 [pid 5313] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.591160][ T27] audit: type=1804 audit(1697637700.481:165): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/15/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5312] exit_group(0 [pid 5329] <... futex resumed>) = ? [pid 5312] <... exit_group resumed>) = ? [pid 5329] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x555556b846a0, 24) = 0 [pid 5331] chdir("./16") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5331] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5332]}, 88) = 5332 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5332 attached [pid 5332] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5332] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [ 87.037654][ T22] cfg80211: failed to load regulatory.db [pid 5332] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] mkdir("./bus", 0777) = 0 [ 87.105169][ T5332] loop0: detected capacity change from 0 to 32768 [ 87.115072][ T5332] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5332) [ 87.131962][ T5332] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.142352][ T5332] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5332] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5332] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./bus") = 0 [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5332] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] creat("./bus", 000 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... creat resumed>) = 4 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] open("./bus", O_RDONLY [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... open resumed>) = 5 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [ 87.153325][ T5332] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.163950][ T5332] BTRFS info (device loop0): trying to use backup root at mount time [ 87.172080][ T5332] BTRFS info (device loop0): enabling ssd optimizations [ 87.179046][ T5332] BTRFS info (device loop0): using spread ssd allocation scheme [ 87.187189][ T5332] BTRFS info (device loop0): using free space tree [pid 5332] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5331] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5332] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] fallocate(6, 0, 0, 1048820 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... fallocate resumed>) = 0 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 1 [ 87.225466][ T27] audit: type=1804 audit(1697637701.151:166): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/16/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5332] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5332] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] exit_group(0) = ? [pid 5332] <... futex resumed>) = ? [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 [ 87.272627][ T27] audit: type=1804 audit(1697637701.151:167): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/16/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 87.297246][ T27] audit: type=1804 audit(1697637701.151:168): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/16/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 87.335706][ T27] audit: type=1804 audit(1697637701.151:169): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/16/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5349] set_robust_list(0x555556b846a0, 24) = 0 [pid 5349] chdir("./17") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5349] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5350 attached [pid 5350] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5350] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... clone3 resumed> => {parent_tid=[5350]}, 88) = 5350 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5350] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] mkdir("./bus", 0777) = 0 [ 87.799019][ T5350] loop0: detected capacity change from 0 to 32768 [ 87.808911][ T5350] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5350) [ 87.828334][ T5350] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.837145][ T5350] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5350] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5350] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./bus") = 0 [pid 5350] ioctl(4, LOOP_CLR_FD) = 0 [pid 5350] close(4) = 0 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] creat("./bus", 000 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... creat resumed>) = 4 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [pid 5350] open("./bus", O_RDONLY) = 5 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 87.848037][ T5350] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 87.858792][ T5350] BTRFS info (device loop0): trying to use backup root at mount time [ 87.866909][ T5350] BTRFS info (device loop0): enabling ssd optimizations [ 87.873880][ T5350] BTRFS info (device loop0): using spread ssd allocation scheme [ 87.881629][ T5350] BTRFS info (device loop0): using free space tree [pid 5350] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... open resumed>) = 6 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [pid 5350] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... mmap resumed>) = 0x20000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [pid 5350] fallocate(6, 0, 0, 1048820) = 0 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [ 87.929132][ T27] audit: type=1804 audit(1697637701.861:170): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/17/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 87.953349][ T27] audit: type=1804 audit(1697637701.861:171): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/17/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5350] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5349] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5349] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5349] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0} => {parent_tid=[5367]}, 88) = 5367 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5367 attached NULL, 8) = 0 [pid 5367] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5367] set_robust_list(0x7fcd3af0e9a0, 24) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5350] <... write resumed>) = 144 [pid 5350] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] <... futex resumed>) = 0 [pid 5349] exit_group(0 [pid 5367] <... futex resumed>) = ? [pid 5350] <... futex resumed>) = ? [pid 5349] <... exit_group resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached , child_tidptr=0x555556b84690) = 5368 [pid 5368] set_robust_list(0x555556b846a0, 24) = 0 [pid 5368] chdir("./18") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5368] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5369 attached => {parent_tid=[5369]}, 88) = 5369 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5369] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5369] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./bus", 0777) = 0 [ 88.469390][ T5369] loop0: detected capacity change from 0 to 32768 [ 88.479632][ T5369] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5369) [ 88.495188][ T5369] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.503973][ T5369] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5369] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5369] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./bus") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] creat("./bus", 000 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... creat resumed>) = 4 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] open("./bus", O_RDONLY [pid 5368] <... futex resumed>) = 0 [pid 5369] <... open resumed>) = 5 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5368] <... futex resumed>) = 0 [pid 5369] <... open resumed>) = 6 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] fallocate(6, 0, 0, 1048820) = 0 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [ 88.514865][ T5369] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 88.525561][ T5369] BTRFS info (device loop0): trying to use backup root at mount time [ 88.533774][ T5369] BTRFS info (device loop0): enabling ssd optimizations [ 88.540800][ T5369] BTRFS info (device loop0): using spread ssd allocation scheme [ 88.548497][ T5369] BTRFS info (device loop0): using free space tree [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5369] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] exit_group(0) = ? [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5385 ./strace-static-x86_64: Process 5385 attached [pid 5385] set_robust_list(0x555556b846a0, 24) = 0 [pid 5385] chdir("./19") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5385] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5386 attached [pid 5386] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5385] <... clone3 resumed> => {parent_tid=[5386]}, 88) = 5386 [pid 5386] <... rseq resumed>) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] <... set_robust_list resumed>) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] <... futex resumed>) = 0 [pid 5386] memfd_create("syzkaller", 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5386] <... memfd_create resumed>) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5386] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] mkdir("./bus", 0777) = 0 [ 89.114709][ T5386] loop0: detected capacity change from 0 to 32768 [ 89.126667][ T5386] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5386) [ 89.143838][ T5386] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.152730][ T5386] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5386] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5386] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./bus") = 0 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] creat("./bus", 000) = 4 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] open("./bus", O_RDONLY) = 5 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 89.163572][ T5386] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.174233][ T5386] BTRFS info (device loop0): trying to use backup root at mount time [ 89.182371][ T5386] BTRFS info (device loop0): enabling ssd optimizations [ 89.189383][ T5386] BTRFS info (device loop0): using spread ssd allocation scheme [ 89.198387][ T5386] BTRFS info (device loop0): using free space tree [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... open resumed>) = 6 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... mmap resumed>) = 0x20000000 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] fallocate(6, 0, 0, 1048820 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... fallocate resumed>) = 0 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 0 [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5385] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5386] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5385] exit_group(0) = ? [pid 5386] <... futex resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5385, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5403 attached , child_tidptr=0x555556b84690) = 5403 [pid 5403] set_robust_list(0x555556b846a0, 24) = 0 [pid 5403] chdir("./20") = 0 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5403] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5404]}, 88) = 5404 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5404 attached [pid 5404] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5404] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5404] memfd_create("syzkaller", 0) = 3 [pid 5404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5404] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5404] close(3) = 0 [pid 5404] mkdir("./bus", 0777) = 0 [ 89.781282][ T5404] loop0: detected capacity change from 0 to 32768 [ 89.792302][ T5404] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5404) [ 89.810366][ T5404] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.819145][ T5404] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5404] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5404] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5404] chdir("./bus") = 0 [pid 5404] ioctl(4, LOOP_CLR_FD) = 0 [pid 5404] close(4) = 0 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] creat("./bus", 000 [pid 5403] <... futex resumed>) = 0 [pid 5404] <... creat resumed>) = 4 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... futex resumed>) = 1 [pid 5404] open("./bus", O_RDONLY) = 5 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.830007][ T5404] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 89.841182][ T5404] BTRFS info (device loop0): trying to use backup root at mount time [ 89.849663][ T5404] BTRFS info (device loop0): enabling ssd optimizations [ 89.856932][ T5404] BTRFS info (device loop0): using spread ssd allocation scheme [ 89.864561][ T5404] BTRFS info (device loop0): using free space tree [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... futex resumed>) = 1 [pid 5404] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... mmap resumed>) = 0x20000000 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5404] fallocate(6, 0, 0, 1048820 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... fallocate resumed>) = 0 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5404] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5404] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] exit_group(0) = ? [pid 5404] <... futex resumed>) = ? [pid 5404] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5403, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5421 ./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x555556b846a0, 24) = 0 [pid 5421] chdir("./21") = 0 [pid 5421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5421] setpgid(0, 0) = 0 [pid 5421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5421] write(3, "1000", 4) = 4 [pid 5421] close(3) = 0 [pid 5421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5421] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5422 attached => {parent_tid=[5422]}, 88) = 5422 [pid 5422] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] <... rseq resumed>) = 0 [pid 5421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... set_robust_list resumed>) = 0 [pid 5421] <... futex resumed>) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] memfd_create("syzkaller", 0) = 3 [pid 5422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5422] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5422] close(3) = 0 [pid 5422] mkdir("./bus", 0777) = 0 [ 90.418812][ T5422] loop0: detected capacity change from 0 to 32768 [ 90.429770][ T5422] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5422) [ 90.447497][ T5422] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.456496][ T5422] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5422] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5422] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5422] chdir("./bus") = 0 [pid 5422] ioctl(4, LOOP_CLR_FD) = 0 [pid 5422] close(4) = 0 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] creat("./bus", 000) = 4 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] open("./bus", O_RDONLY) = 5 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] fallocate(6, 0, 0, 1048820) = 0 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [ 90.467422][ T5422] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 90.478120][ T5422] BTRFS info (device loop0): trying to use backup root at mount time [ 90.486588][ T5422] BTRFS info (device loop0): enabling ssd optimizations [ 90.493544][ T5422] BTRFS info (device loop0): using spread ssd allocation scheme [ 90.501251][ T5422] BTRFS info (device loop0): using free space tree [pid 5422] <... futex resumed>) = 1 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... futex resumed>) = 1 [pid 5422] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5422] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5421] exit_group(0) = ? [pid 5422] <... futex resumed>) = ? [pid 5422] +++ exited with 0 +++ [pid 5421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5421, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5439 ./strace-static-x86_64: Process 5439 attached [pid 5439] set_robust_list(0x555556b846a0, 24) = 0 [pid 5439] chdir("./22") = 0 [pid 5439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5439] setpgid(0, 0) = 0 [pid 5439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5439] write(3, "1000", 4) = 4 [pid 5439] close(3) = 0 [pid 5439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5439] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5440 attached [pid 5440] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5439] <... clone3 resumed> => {parent_tid=[5440]}, 88) = 5440 [pid 5440] <... rseq resumed>) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] <... set_robust_list resumed>) = 0 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] rt_sigprocmask(SIG_SETMASK, [], [pid 5439] <... futex resumed>) = 0 [pid 5440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5440] memfd_create("syzkaller", 0) = 3 [pid 5440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5440] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5440] close(3) = 0 [pid 5440] mkdir("./bus", 0777) = 0 [ 91.056368][ T5440] loop0: detected capacity change from 0 to 32768 [ 91.066406][ T5440] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5440) [ 91.085207][ T5440] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.093972][ T5440] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5440] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5440] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5440] chdir("./bus") = 0 [pid 5440] ioctl(4, LOOP_CLR_FD) = 0 [pid 5440] close(4) = 0 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5440] creat("./bus", 000 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... creat resumed>) = 4 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] open("./bus", O_RDONLY) = 5 [ 91.104811][ T5440] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 91.115448][ T5440] BTRFS info (device loop0): trying to use backup root at mount time [ 91.123594][ T5440] BTRFS info (device loop0): enabling ssd optimizations [ 91.130589][ T5440] BTRFS info (device loop0): using spread ssd allocation scheme [ 91.138285][ T5440] BTRFS info (device loop0): using free space tree [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... mmap resumed>) = 0x20000000 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5440] fallocate(6, 0, 0, 1048820 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... fallocate resumed>) = 0 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5440] <... futex resumed>) = 1 [pid 5440] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5440] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5439] exit_group(0) = ? [pid 5440] <... futex resumed>) = ? [pid 5440] +++ exited with 0 +++ [pid 5439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5439, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5457 attached , child_tidptr=0x555556b84690) = 5457 [pid 5457] set_robust_list(0x555556b846a0, 24) = 0 [pid 5457] chdir("./23") = 0 [pid 5457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5457] setpgid(0, 0) = 0 [pid 5457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5457] write(3, "1000", 4) = 4 [pid 5457] close(3) = 0 [pid 5457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5457] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5458 attached [pid 5458] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5457] <... clone3 resumed> => {parent_tid=[5458]}, 88) = 5458 [pid 5458] <... rseq resumed>) = 0 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] <... set_robust_list resumed>) = 0 [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] <... futex resumed>) = 0 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5458] memfd_create("syzkaller", 0) = 3 [pid 5458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5458] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5458] close(3) = 0 [pid 5458] mkdir("./bus", 0777) = 0 [ 91.674450][ T5458] loop0: detected capacity change from 0 to 32768 [ 91.686569][ T5458] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5458) [ 91.705231][ T5458] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [pid 5458] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5458] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5458] chdir("./bus") = 0 [pid 5458] ioctl(4, LOOP_CLR_FD) = 0 [pid 5458] close(4) = 0 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... futex resumed>) = 1 [pid 5458] creat("./bus", 000) = 4 [ 91.714173][ T5458] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.724990][ T5458] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 91.735630][ T5458] BTRFS info (device loop0): trying to use backup root at mount time [ 91.743730][ T5458] BTRFS info (device loop0): enabling ssd optimizations [ 91.751005][ T5458] BTRFS info (device loop0): using spread ssd allocation scheme [ 91.758714][ T5458] BTRFS info (device loop0): using free space tree [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5458] open("./bus", O_RDONLY [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... open resumed>) = 5 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5458] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... open resumed>) = 6 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5457] <... futex resumed>) = 0 [pid 5458] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... mmap resumed>) = 0x20000000 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 1 [pid 5457] <... futex resumed>) = 0 [pid 5458] fallocate(6, 0, 0, 1048820 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... fallocate resumed>) = 0 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 91.810219][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 91.810234][ T27] audit: type=1804 audit(1697637705.741:194): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/23/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5458] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5457] <... futex resumed>) = 1 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 91.841085][ T27] audit: type=1804 audit(1697637705.741:195): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/23/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 91.867049][ T27] audit: type=1804 audit(1697637705.771:196): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/23/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5458] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] <... futex resumed>) = 1 [pid 5458] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5458] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5457] exit_group(0) = ? [pid 5458] <... futex resumed>) = ? [pid 5458] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5457, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 [ 91.892165][ T27] audit: type=1804 audit(1697637705.771:197): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/23/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5475 ./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x555556b846a0, 24) = 0 [pid 5475] chdir("./24") = 0 [pid 5475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5475] setpgid(0, 0) = 0 [pid 5475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5475] write(3, "1000", 4) = 4 [pid 5475] close(3) = 0 [pid 5475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5475] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5476 attached [pid 5476] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5475] <... clone3 resumed> => {parent_tid=[5476]}, 88) = 5476 [pid 5476] <... rseq resumed>) = 0 [pid 5476] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], [pid 5476] <... set_robust_list resumed>) = 0 [pid 5475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] memfd_create("syzkaller", 0 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5476] <... memfd_create resumed>) = 3 [pid 5476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5476] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5476] close(3) = 0 [pid 5476] mkdir("./bus", 0777) = 0 [ 92.360984][ T5476] loop0: detected capacity change from 0 to 32768 [ 92.372220][ T5476] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5476) [ 92.388430][ T5476] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.397247][ T5476] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5476] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5476] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5476] chdir("./bus") = 0 [pid 5476] ioctl(4, LOOP_CLR_FD) = 0 [pid 5476] close(4) = 0 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 1 [pid 5476] creat("./bus", 000) = 4 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 1 [pid 5476] open("./bus", O_RDONLY) = 5 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5476] <... futex resumed>) = 1 [ 92.408090][ T5476] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 92.418731][ T5476] BTRFS info (device loop0): trying to use backup root at mount time [ 92.426858][ T5476] BTRFS info (device loop0): enabling ssd optimizations [ 92.433800][ T5476] BTRFS info (device loop0): using spread ssd allocation scheme [ 92.441624][ T5476] BTRFS info (device loop0): using free space tree [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... open resumed>) = 6 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 1 [pid 5476] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] <... futex resumed>) = 1 [pid 5476] fallocate(6, 0, 0, 1048820) = 0 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... futex resumed>) = 0 [pid 5475] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = 0 [pid 5475] <... futex resumed>) = 1 [ 92.489373][ T27] audit: type=1804 audit(1697637706.421:198): pid=5476 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/24/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5475] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5476] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5475] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5475] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5475] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [ 92.528498][ T27] audit: type=1804 audit(1697637706.421:199): pid=5476 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/24/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 92.556632][ T27] audit: type=1804 audit(1697637706.421:200): pid=5476 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/24/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0} => {parent_tid=[5493]}, 88) = 5493 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5475] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5493 attached [pid 5493] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5493] set_robust_list(0x7fcd3af0e9a0, 24) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5493] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5475] <... futex resumed>) = 0 [pid 5493] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] <... write resumed>) = 144 [pid 5476] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] exit_group(0 [pid 5493] <... futex resumed>) = ? [pid 5475] <... exit_group resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ [pid 5475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5475, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 [ 92.581324][ T27] audit: type=1804 audit(1697637706.421:201): pid=5476 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/24/bus/bus" dev="loop0" ino=263 res=1 errno=0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5494 attached , child_tidptr=0x555556b84690) = 5494 [pid 5494] set_robust_list(0x555556b846a0, 24) = 0 [pid 5494] chdir("./25") = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5494] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5495]}, 88) = 5495 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5495 attached [pid 5495] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5495] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5495] memfd_create("syzkaller", 0) = 3 [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5495] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5495] close(3) = 0 [pid 5495] mkdir("./bus", 0777) = 0 [ 93.051419][ T5495] loop0: detected capacity change from 0 to 32768 [ 93.062082][ T5495] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5495) [ 93.078670][ T5495] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.087461][ T5495] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5495] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5495] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] chdir("./bus") = 0 [pid 5495] ioctl(4, LOOP_CLR_FD) = 0 [pid 5495] close(4) = 0 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] creat("./bus", 000) = 4 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... futex resumed>) = 1 [ 93.098315][ T5495] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.108955][ T5495] BTRFS info (device loop0): trying to use backup root at mount time [ 93.117109][ T5495] BTRFS info (device loop0): enabling ssd optimizations [ 93.124051][ T5495] BTRFS info (device loop0): using spread ssd allocation scheme [ 93.131738][ T5495] BTRFS info (device loop0): using free space tree [pid 5495] open("./bus", O_RDONLY) = 5 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5495] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... open resumed>) = 6 [ 93.175289][ T27] audit: type=1804 audit(1697637707.101:202): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/25/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... mmap resumed>) = 0x20000000 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] fallocate(6, 0, 0, 1048820 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... fallocate resumed>) = 0 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 93.204215][ T27] audit: type=1804 audit(1697637707.141:203): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/25/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5495] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5495] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] exit_group(0 [pid 5495] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... exit_group resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5512 attached , child_tidptr=0x555556b84690) = 5512 [pid 5512] set_robust_list(0x555556b846a0, 24) = 0 [pid 5512] chdir("./26") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5512] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5513 attached => {parent_tid=[5513]}, 88) = 5513 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5513] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5513] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5513] memfd_create("syzkaller", 0) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5513] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./bus", 0777) = 0 [ 93.737339][ T5513] loop0: detected capacity change from 0 to 32768 [ 93.748690][ T5513] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5513) [ 93.767084][ T5513] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.775860][ T5513] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5513] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5513] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./bus") = 0 [pid 5513] ioctl(4, LOOP_CLR_FD) = 0 [pid 5513] close(4) = 0 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] creat("./bus", 000) = 4 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] <... futex resumed>) = 0 [pid 5513] open("./bus", O_RDONLY [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... open resumed>) = 5 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... open resumed>) = 6 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.786697][ T5513] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 93.797428][ T5513] BTRFS info (device loop0): trying to use backup root at mount time [ 93.805524][ T5513] BTRFS info (device loop0): enabling ssd optimizations [ 93.812560][ T5513] BTRFS info (device loop0): using spread ssd allocation scheme [ 93.820240][ T5513] BTRFS info (device loop0): using free space tree [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5512] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] fallocate(6, 0, 0, 1048820 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... fallocate resumed>) = 0 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5512] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5513] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5512] exit_group(0 [pid 5513] ???( [pid 5512] <... exit_group resumed>) = ? [pid 5513] <... ??? resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5512, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x555556b846a0, 24) = 0 [pid 5530] chdir("./27") = 0 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5530] setpgid(0, 0) = 0 [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5530] write(3, "1000", 4) = 4 [pid 5530] close(3) = 0 [pid 5530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5530] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5531]}, 88) = 5531 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5531 attached [pid 5531] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5531] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5531] memfd_create("syzkaller", 0) = 3 [pid 5531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5531] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5531] close(3) = 0 [pid 5531] mkdir("./bus", 0777) = 0 [ 94.401045][ T5531] loop0: detected capacity change from 0 to 32768 [ 94.412527][ T5531] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5531) [ 94.431196][ T5531] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.440358][ T5531] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5531] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5531] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5531] chdir("./bus") = 0 [pid 5531] ioctl(4, LOOP_CLR_FD) = 0 [pid 5531] close(4) = 0 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... futex resumed>) = 1 [pid 5531] creat("./bus", 000) = 4 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... futex resumed>) = 1 [pid 5531] open("./bus", O_RDONLY) = 5 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5531] <... futex resumed>) = 1 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5531] <... futex resumed>) = 1 [pid 5531] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... mmap resumed>) = 0x20000000 [pid 5530] <... futex resumed>) = 0 [ 94.451352][ T5531] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 94.462114][ T5531] BTRFS info (device loop0): trying to use backup root at mount time [ 94.470262][ T5531] BTRFS info (device loop0): enabling ssd optimizations [ 94.477243][ T5531] BTRFS info (device loop0): using spread ssd allocation scheme [ 94.484861][ T5531] BTRFS info (device loop0): using free space tree [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... futex resumed>) = 1 [pid 5531] fallocate(6, 0, 0, 1048820) = 0 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... futex resumed>) = 1 [pid 5531] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5530] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5530] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5530] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5530] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0}./strace-static-x86_64: Process 5548 attached [pid 5548] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5548] set_robust_list(0x7fcd3af0e9a0, 24 [pid 5530] <... clone3 resumed> => {parent_tid=[5548]}, 88) = 5548 [pid 5548] <... set_robust_list resumed>) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5548] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] <... futex resumed>) = 0 [pid 5548] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5530] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5548] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5548] <... futex resumed>) = 1 [pid 5548] futex(0x7fcd3afff6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] <... write resumed>) = 144 [pid 5531] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5531] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] exit_group(0 [pid 5548] <... futex resumed>) = ? [pid 5531] <... futex resumed>) = ? [pid 5530] <... exit_group resumed>) = ? [pid 5548] +++ exited with 0 +++ [pid 5531] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5530, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5549 ./strace-static-x86_64: Process 5549 attached [pid 5549] set_robust_list(0x555556b846a0, 24) = 0 [pid 5549] chdir("./28") = 0 [pid 5549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5549] setpgid(0, 0) = 0 [pid 5549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5549] write(3, "1000", 4) = 4 [pid 5549] close(3) = 0 [pid 5549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5549] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5550]}, 88) = 5550 ./strace-static-x86_64: Process 5550 attached [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5550] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5550] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5550] memfd_create("syzkaller", 0) = 3 [pid 5550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5550] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5550] close(3) = 0 [pid 5550] mkdir("./bus", 0777) = 0 [ 95.054163][ T5550] loop0: detected capacity change from 0 to 32768 [ 95.065759][ T5550] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5550) [ 95.082837][ T5550] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.091653][ T5550] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5550] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5550] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5550] chdir("./bus") = 0 [pid 5550] ioctl(4, LOOP_CLR_FD) = 0 [pid 5550] close(4) = 0 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5549] <... futex resumed>) = 1 [pid 5550] creat("./bus", 000 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... creat resumed>) = 4 [ 95.102697][ T5550] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.113355][ T5550] BTRFS info (device loop0): trying to use backup root at mount time [ 95.121470][ T5550] BTRFS info (device loop0): enabling ssd optimizations [ 95.128468][ T5550] BTRFS info (device loop0): using spread ssd allocation scheme [ 95.136144][ T5550] BTRFS info (device loop0): using free space tree [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5550] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5549] <... futex resumed>) = 0 [pid 5550] open("./bus", O_RDONLY [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... open resumed>) = 5 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5550] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... open resumed>) = 6 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5549] <... futex resumed>) = 0 [pid 5550] <... mmap resumed>) = 0x20000000 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] fallocate(6, 0, 0, 1048820 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... fallocate resumed>) = 0 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5550] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] <... futex resumed>) = 0 [pid 5549] exit_group(0 [pid 5550] <... futex resumed>) = ? [pid 5549] <... exit_group resumed>) = ? [pid 5550] +++ exited with 0 +++ [pid 5549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5549, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5567 attached , child_tidptr=0x555556b84690) = 5567 [pid 5567] set_robust_list(0x555556b846a0, 24) = 0 [pid 5567] chdir("./29") = 0 [pid 5567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5567] setpgid(0, 0) = 0 [pid 5567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5567] write(3, "1000", 4) = 4 [pid 5567] close(3) = 0 [pid 5567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5567] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5567] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0} => {parent_tid=[5568]}, 88) = 5568 ./strace-static-x86_64: Process 5568 attached [pid 5567] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5568] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5568] memfd_create("syzkaller", 0) = 3 [pid 5568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5568] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5568] close(3) = 0 [pid 5568] mkdir("./bus", 0777) = 0 [ 95.691509][ T5568] loop0: detected capacity change from 0 to 32768 [ 95.702613][ T5568] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5568) [ 95.720977][ T5568] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.729767][ T5568] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5568] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5568] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5568] chdir("./bus") = 0 [pid 5568] ioctl(4, LOOP_CLR_FD) = 0 [pid 5568] close(4) = 0 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] creat("./bus", 000 [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... creat resumed>) = 4 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... futex resumed>) = 1 [pid 5568] open("./bus", O_RDONLY) = 5 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5568] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... open resumed>) = 6 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 95.740667][ T5568] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 95.751363][ T5568] BTRFS info (device loop0): trying to use backup root at mount time [ 95.759517][ T5568] BTRFS info (device loop0): enabling ssd optimizations [ 95.766519][ T5568] BTRFS info (device loop0): using spread ssd allocation scheme [ 95.774165][ T5568] BTRFS info (device loop0): using free space tree [pid 5568] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... futex resumed>) = 1 [pid 5568] fallocate(6, 0, 0, 1048820) = 0 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5567] <... futex resumed>) = 1 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5568] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5568] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] exit_group(0 [pid 5568] <... futex resumed>) = ? [pid 5567] <... exit_group resumed>) = ? [pid 5568] +++ exited with 0 +++ [pid 5567] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5567, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5585 attached , child_tidptr=0x555556b84690) = 5585 [pid 5585] set_robust_list(0x555556b846a0, 24) = 0 [pid 5585] chdir("./30") = 0 [pid 5585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5585] setpgid(0, 0) = 0 [pid 5585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5585] write(3, "1000", 4) = 4 [pid 5585] close(3) = 0 [pid 5585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5585] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5585] <... clone3 resumed> => {parent_tid=[5586]}, 88) = 5586 [pid 5586] <... rseq resumed>) = 0 [pid 5586] set_robust_list(0x7fcd3af2f9a0, 24) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5586] memfd_create("syzkaller", 0) = 3 [pid 5586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5586] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5586] close(3) = 0 [pid 5586] mkdir("./bus", 0777) = 0 [ 96.317109][ T5586] loop0: detected capacity change from 0 to 32768 [ 96.326799][ T5586] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5586) [ 96.342427][ T5586] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.351229][ T5586] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5586] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5586] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5586] chdir("./bus") = 0 [pid 5586] ioctl(4, LOOP_CLR_FD) = 0 [pid 5586] close(4) = 0 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] creat("./bus", 000 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... creat resumed>) = 4 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] open("./bus", O_RDONLY [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... open resumed>) = 5 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... open resumed>) = 6 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... futex resumed>) = 0 [pid 5586] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 96.362290][ T5586] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 96.372962][ T5586] BTRFS info (device loop0): trying to use backup root at mount time [ 96.381065][ T5586] BTRFS info (device loop0): enabling ssd optimizations [ 96.388093][ T5586] BTRFS info (device loop0): using spread ssd allocation scheme [ 96.395770][ T5586] BTRFS info (device loop0): using free space tree [pid 5586] fallocate(6, 0, 0, 1048820) = 0 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5585] <... futex resumed>) = 1 [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5585] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5586] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] exit_group(0 [pid 5586] <... futex resumed>) = ? [pid 5585] <... exit_group resumed>) = ? [pid 5586] +++ exited with 0 +++ [pid 5585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5585, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5603 ./strace-static-x86_64: Process 5603 attached [pid 5603] set_robust_list(0x555556b846a0, 24) = 0 [pid 5603] chdir("./31") = 0 [pid 5603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5603] setpgid(0, 0) = 0 [pid 5603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5603] write(3, "1000", 4) = 4 [pid 5603] close(3) = 0 [pid 5603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5603] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5604 attached => {parent_tid=[5604]}, 88) = 5604 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053 [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... rseq resumed>) = 0 [pid 5603] <... futex resumed>) = 0 [pid 5604] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5604] <... set_robust_list resumed>) = 0 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] memfd_create("syzkaller", 0) = 3 [pid 5604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5604] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5604] close(3) = 0 [pid 5604] mkdir("./bus", 0777) = 0 [ 96.948520][ T5604] loop0: detected capacity change from 0 to 32768 [ 96.960249][ T5604] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5604) [ 96.977805][ T5604] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.986572][ T5604] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5604] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5604] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5604] chdir("./bus") = 0 [pid 5604] ioctl(4, LOOP_CLR_FD) = 0 [pid 5604] close(4) = 0 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] creat("./bus", 000) = 4 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5604] open("./bus", O_RDONLY [ 96.997472][ T5604] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.008106][ T5604] BTRFS info (device loop0): trying to use backup root at mount time [ 97.016234][ T5604] BTRFS info (device loop0): enabling ssd optimizations [ 97.023174][ T5604] BTRFS info (device loop0): using spread ssd allocation scheme [ 97.030971][ T5604] BTRFS info (device loop0): using free space tree [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... open resumed>) = 5 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5604] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5603] <... futex resumed>) = 0 [pid 5604] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... open resumed>) = 6 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... mmap resumed>) = 0x20000000 [ 97.079013][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 97.079028][ T27] audit: type=1804 audit(1697637711.011:226): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/31/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] fallocate(6, 0, 0, 1048820 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... fallocate resumed>) = 0 [ 97.117563][ T27] audit: type=1804 audit(1697637711.051:227): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/31/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 97.142661][ T27] audit: type=1804 audit(1697637711.051:228): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/31/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [ 97.179378][ T27] audit: type=1804 audit(1697637711.051:229): pid=5604 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/31/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5603] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... futex resumed>) = 1 [pid 5604] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5604] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5603] exit_group(0 [pid 5604] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] <... exit_group resumed>) = ? [pid 5604] <... futex resumed>) = ? [pid 5604] +++ exited with 0 +++ [pid 5603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5603, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556b85730 /* 4 entries */, 32768) = 104 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556b8d770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b8d770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b84690) = 5621 ./strace-static-x86_64: Process 5621 attached [pid 5621] set_robust_list(0x555556b846a0, 24) = 0 [pid 5621] chdir("./32") = 0 [pid 5621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5621] setpgid(0, 0) = 0 [pid 5621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5621] write(3, "1000", 4) = 4 [pid 5621] close(3) = 0 [pid 5621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] rt_sigaction(SIGRT_1, {sa_handler=0x7fcd3af99230, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcd3af8a3e0}, NULL, 8) = 0 [pid 5621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3af0f000 [pid 5621] mprotect(0x7fcd3af10000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af2f990, parent_tid=0x7fcd3af2f990, exit_signal=0, stack=0x7fcd3af0f000, stack_size=0x20300, tls=0x7fcd3af2f6c0}./strace-static-x86_64: Process 5622 attached => {parent_tid=[5622]}, 88) = 5622 [pid 5622] rseq(0x7fcd3af2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] set_robust_list(0x7fcd3af2f9a0, 24 [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] <... set_robust_list resumed>) = 0 [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] <... futex resumed>) = 0 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5622] memfd_create("syzkaller", 0) = 3 [pid 5622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd32b0f000 [pid 5622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5622] munmap(0x7fcd32b0f000, 138412032) = 0 [pid 5622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5622] close(3) = 0 [pid 5622] mkdir("./bus", 0777) = 0 [ 97.696289][ T5622] loop0: detected capacity change from 0 to 32768 [ 97.707826][ T5622] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor116 (5622) [ 97.724744][ T5622] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.734141][ T5622] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5622] mount("/dev/loop0", "./bus", "btrfs", 0, "nodiscard,noautodefrag,inode_cache,usebackuproot,nossd,commit=0x0000000000000005,ssd_spread,") = 0 [pid 5622] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5622] chdir("./bus") = 0 [pid 5622] ioctl(4, LOOP_CLR_FD) = 0 [pid 5622] close(4) = 0 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] creat("./bus", 000 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... creat resumed>) = 4 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... futex resumed>) = 1 [pid 5622] open("./bus", O_RDONLY) = 5 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5622] <... futex resumed>) = 1 [pid 5622] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 97.745002][ T5622] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 97.755651][ T5622] BTRFS info (device loop0): trying to use backup root at mount time [ 97.763738][ T5622] BTRFS info (device loop0): enabling ssd optimizations [ 97.771016][ T5622] BTRFS info (device loop0): using spread ssd allocation scheme [ 97.778901][ T5622] BTRFS info (device loop0): using free space tree [pid 5622] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] <... futex resumed>) = 0 [pid 5622] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... mmap resumed>) = 0x20000000 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... futex resumed>) = 1 [pid 5622] fallocate(6, 0, 0, 1048820) = 0 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7fcd3afff6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.813254][ T27] audit: type=1804 audit(1697637711.741:230): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor116" name="/root/syzkaller.JUn9P6/32/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 97.843375][ T27] audit: type=1804 audit(1697637711.741:231): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/32/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 97.867240][ T27] audit: type=1804 audit(1697637711.741:232): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/32/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5621] futex(0x7fcd3afff6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5621] futex(0x7fcd3afff6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcd3aeee000 [pid 5621] mprotect(0x7fcd3aeef000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcd3af0e990, parent_tid=0x7fcd3af0e990, exit_signal=0, stack=0x7fcd3aeee000, stack_size=0x20300, tls=0x7fcd3af0e6c0} => {parent_tid=[5638]}, 88) = 5638 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5621] futex(0x7fcd3afff6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5638 attached [pid 5638] rseq(0x7fcd3af0efe0, 0x20, 0, 0x53053053) = 0 [pid 5638] set_robust_list(0x7fcd3af0e9a0, 24) = 0 [pid 5622] write(6, "\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 97.890848][ T27] audit: type=1804 audit(1697637711.741:233): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor116" name="/root/syzkaller.JUn9P6/32/bus/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5638] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=1181803792, fm_flags=0, fm_extent_count=1} [pid 5622] <... write resumed>) = 144 [pid 5622] futex(0x7fcd3afff6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7fcd3afff6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5621] futex(0x7fcd3afff6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5621] exit_group(0 [pid 5622] <... futex resumed>) = ? [pid 5622] +++ exited with 0 +++ [pid 5621] <... exit_group resumed>) = ? [pid 5032] kill(-5621, SIGKILL) = 0 [pid 5032] kill(5621, SIGKILL) = 0 [pid 5032] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5032] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5032] getdents64(3, 0x555556b85730 /* 2 entries */, 32768) = 48 [pid 5032] getdents64(3, 0x555556b85730 /* 0 entries */, 32768) = 0 [pid 5032] close(3) = 0 [ 286.705649][ T28] INFO: task syz-executor116:5638 blocked for more than 143 seconds. [ 286.713840][ T28] Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0 [ 286.721500][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.730227][ T28] task:syz-executor116 state:D stack:26512 pid:5638 ppid:5032 flags:0x00004006 [ 286.739505][ T28] Call Trace: [ 286.742788][ T28] [ 286.745764][ T28] __schedule+0xee1/0x5a10 [ 286.750275][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.756328][ T28] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.762486][ T28] ? lock_acquire+0x1ae/0x510 [ 286.767226][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.772550][ T28] ? wait_extent_bit+0x573/0x670 [ 286.777636][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.782427][ T28] schedule+0xe7/0x1b0 [ 286.786619][ T28] wait_extent_bit+0x578/0x670 [ 286.791413][ T28] ? __clear_extent_bit+0xc60/0xc60 [ 286.796654][ T28] ? __set_extent_bit+0x4ed/0x1530 [ 286.801811][ T28] ? cpuacct_percpu_seq_show+0x10/0x10 [ 286.807318][ T28] lock_extent+0x104/0x190 [ 286.811804][ T28] ? try_lock_extent+0x130/0x130 [ 286.816784][ T28] ? down_write_killable+0x250/0x250 [ 286.822102][ T28] ? preempt_count_sub+0x150/0x150 [ 286.827249][ T28] ? folio_flags.constprop.0+0x56/0x150 [ 286.832846][ T28] btrfs_page_mkwrite+0x653/0x11e0 [ 286.838014][ T28] ? btrfs_dio_write+0xe0/0xe0 [ 286.842794][ T28] ? rcu_read_unlock+0x33/0xb0 [ 286.847620][ T28] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.853022][ T28] do_page_mkwrite+0x17a/0x380 [ 286.857838][ T28] do_wp_page+0xc66/0x3420 [ 286.862281][ T28] ? lock_sync+0x190/0x190 [ 286.866745][ T28] ? finish_mkwrite_fault+0x2f0/0x2f0 [ 286.872135][ T28] ? do_raw_spin_lock+0x12e/0x2b0 [ 286.877223][ T28] ? spin_bug+0x1d0/0x1d0 [ 286.881579][ T28] __handle_mm_fault+0x1d1b/0x3e10 [ 286.886758][ T28] ? vm_iomap_memory+0x170/0x170 [ 286.891718][ T28] ? find_vma+0x10e/0x1b0 [ 286.896076][ T28] ? can_vma_merge_before+0x3a0/0x3a0 [ 286.901462][ T28] handle_mm_fault+0x478/0xa00 [ 286.906262][ T28] ? lock_mm_and_find_vma+0xa6/0x760 [ 286.911563][ T28] do_user_addr_fault+0x3d1/0x1000 [ 286.916726][ T28] ? rcu_is_watching+0x12/0xb0 [ 286.921521][ T28] exc_page_fault+0x5c/0xd0 [ 286.926081][ T28] asm_exc_page_fault+0x26/0x30 [ 286.930947][ T28] RIP: 0010:rep_movs_alternative+0x33/0x70 [ 286.936816][ T28] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 286.956473][ T28] RSP: 0018:ffffc90005807720 EFLAGS: 00050206 [ 286.962531][ T28] RAX: 0000000000000000 RBX: 0000000000000038 RCX: 0000000000000038 [ 286.970546][ T28] RDX: fffff52000b00efb RSI: ffffc900058077a0 RDI: 0000000020000120 [ 286.978580][ T28] RBP: 0000000020000120 R08: 0000000000000000 R09: fffff52000b00efa [ 286.986613][ T28] R10: ffffc900058077d7 R11: ffffffff8a60008b R12: ffffc900058077a0 [ 286.994585][ T28] R13: 0000000020000158 R14: 0000000000000000 R15: 0000000000000000 [ 287.002604][ T28] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.008718][ T28] _copy_to_user+0xa8/0xb0 [ 287.013154][ T28] fiemap_fill_next_extent+0x232/0x380 [ 287.018655][ T28] ? compat_ptr_ioctl+0xa0/0xa0 [ 287.023521][ T28] emit_fiemap_extent+0x195/0x380 [ 287.028608][ T28] fiemap_process_hole+0x52d/0x620 [ 287.033738][ T28] ? emit_fiemap_extent+0x380/0x380 [ 287.038973][ T28] ? btrfs_get_64+0x259/0x440 [ 287.043663][ T28] ? btrfs_get_token_64+0x6c0/0x6c0 [ 287.048894][ T28] ? emit_fiemap_extent+0x270/0x380 [ 287.054111][ T28] ? preempt_count_sub+0x150/0x150 [ 287.059257][ T28] extent_fiemap+0x12be/0x19f0 [ 287.064040][ T28] ? btrfs_clone_extent_buffer+0x680/0x680 [ 287.069896][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.075923][ T28] ? find_held_lock+0x2d/0x110 [ 287.080678][ T28] ? __print_lock_name+0x1d0/0x260 [ 287.085816][ T28] ? reacquire_held_locks+0x4b0/0x4b0 [ 287.091203][ T28] ? fiemap_prep+0x142/0x220 [ 287.095837][ T28] btrfs_fiemap+0xe4/0x160 [ 287.100278][ T28] ? btrfs_dir_llseek+0xe0/0xe0 [ 287.105144][ T28] do_vfs_ioctl+0x339/0x1920 [ 287.109793][ T28] ? vfs_fileattr_set+0xbf0/0xbf0 [ 287.114813][ T28] ? selinux_bprm_creds_for_exec+0xb30/0xb30 [ 287.121128][ T28] ? reacquire_held_locks+0x4b0/0x4b0 [ 287.126569][ T28] ? selinux_file_ioctl+0xb5/0x270 [ 287.131690][ T28] __x64_sys_ioctl+0x112/0x210 [ 287.136481][ T28] do_syscall_64+0x38/0xb0 [ 287.140928][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.146852][ T28] RIP: 0033:0x7fcd3af72e19 [ 287.151275][ T28] RSP: 002b:00007fcd3af0e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.159711][ T28] RAX: ffffffffffffffda RBX: 00007fcd3afff6d8 RCX: 00007fcd3af72e19 [ 287.167714][ T28] RDX: 0000000020000100 RSI: 00000000c020660b RDI: 0000000000000005 [ 287.175725][ T28] RBP: 00007fcd3afff6d0 R08: 00007ffd9ffca257 R09: 0000000000000000 [ 287.183704][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd3afcc1b0 [ 287.191704][ T28] R13: 61635f65646f6e69 R14: 65646f7475616f6e R15: 7261637369646f6e [ 287.199709][ T28] [ 287.202733][ T28] [ 287.202733][ T28] Showing all locks held in the system: [ 287.210502][ T28] 1 lock held by khungtaskd/28: [ 287.215357][ T28] #0: ffffffff8cba7960 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 287.225323][ T28] 2 locks held by getty/4783: [ 287.230024][ T28] #0: ffff88814bd420a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 287.239827][ T28] #1: ffffc900020682f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc5/0x1480 [ 287.249987][ T28] 4 locks held by syz-executor116/5638: [ 287.255558][ T28] #0: ffff88806d407650 (&sb->s_type->i_mutex_key#15){++++}-{3:3}, at: btrfs_inode_lock+0xf9/0x100 [ 287.266318][ T28] #1: ffff88807d512420 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x760 [ 287.276274][ T28] #2: ffff88807b37c508 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x380 [ 287.285826][ T28] #3: ffff88806d4074d8 (&ei->i_mmap_lock){++++}-{3:3}, at: btrfs_page_mkwrite+0x6e4/0x11e0 [ 287.295969][ T28] [ 287.298294][ T28] ============================================= [ 287.298294][ T28] [ 287.306725][ T28] NMI backtrace for cpu 1 [ 287.311052][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0 [ 287.320839][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 287.330885][ T28] Call Trace: [ 287.334163][ T28] [ 287.337093][ T28] dump_stack_lvl+0xd9/0x1b0 [ 287.341704][ T28] nmi_cpu_backtrace+0x277/0x380 [ 287.346641][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.351843][ T28] nmi_trigger_cpumask_backtrace+0x299/0x300 [ 287.357827][ T28] watchdog+0xf87/0x1210 [ 287.362094][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.368079][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.373281][ T28] ? __kthread_parkme+0x14b/0x220 [ 287.378399][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.384386][ T28] kthread+0x33c/0x440 [ 287.388453][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.393694][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.399321][ T28] ret_from_fork+0x45/0x80 [ 287.403753][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.409385][ T28] ret_from_fork_asm+0x11/0x20 [ 287.414165][ T28] [ 287.417332][ T28] Sending NMI from CPU 1 to CPUs 0: [ 287.422553][ C0] NMI backtrace for cpu 0 [ 287.422562][ C0] CPU: 0 PID: 47 Comm: kworker/u4:3 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0 [ 287.422583][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 287.422594][ C0] Workqueue: events_unbound toggle_allocation_gate [ 287.422622][ C0] RIP: 0010:x2apic_send_IPI+0x3c/0xe0 [ 287.422642][ C0] Code: 1a 02 00 48 83 fd 07 0f 87 a6 00 00 00 48 8d 3c ed 40 ba 5c 8c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <75> 7d 48 03 1c ed 40 ba 5c 8c 48 b8 00 00 00 00 00 fc ff df 48 89 [ 287.422660][ C0] RSP: 0018:ffffc90000d8f900 EFLAGS: 00000246 [ 287.422674][ C0] RAX: dffffc0000000000 RBX: 0000000000021a0c RCX: 0000000000000000 [ 287.422686][ C0] RDX: 1ffffffff18b9749 RSI: 00000000000000fb RDI: ffffffff8c5cba48 [ 287.422698][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 287.422709][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000fb [ 287.422720][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b983d910 [ 287.422732][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.422751][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.422764][ C0] CR2: 000055d3cf0c3680 CR3: 000000000c976000 CR4: 00000000003506f0 [ 287.422776][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.422786][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.422798][ C0] Call Trace: [ 287.422804][ C0] [ 287.422809][ C0] ? show_regs+0x8f/0xa0 [ 287.422830][ C0] ? nmi_cpu_backtrace+0x1d4/0x380 [ 287.422849][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.422874][ C0] ? nmi_handle+0x1a6/0x570 [ 287.422895][ C0] ? x2apic_send_IPI+0x3c/0xe0 [ 287.422911][ C0] ? default_do_nmi+0x69/0x160 [ 287.422934][ C0] ? exc_nmi+0x171/0x1e0 [ 287.422954][ C0] ? end_repeat_nmi+0x16/0x31 [ 287.422980][ C0] ? x2apic_send_IPI+0x3c/0xe0 [ 287.422996][ C0] ? x2apic_send_IPI+0x3c/0xe0 [ 287.423013][ C0] ? x2apic_send_IPI+0x3c/0xe0 [ 287.423030][ C0] [ 287.423034][ C0] [ 287.423040][ C0] ? on_each_cpu_cond_mask+0x40/0x90 [ 287.423064][ C0] smp_call_function_many_cond+0x12df/0x1570 [ 287.423090][ C0] ? __text_poke+0xc90/0xc90 [ 287.423106][ C0] ? __kmem_cache_alloc_node+0xb8/0x470 [ 287.423125][ C0] ? generic_smp_call_function_single_interrupt+0x20/0x20 [ 287.423153][ C0] ? apply_relocation+0x830/0x830 [ 287.423170][ C0] ? __text_poke+0xc90/0xc90 [ 287.423186][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 287.423210][ C0] ? __kmem_cache_alloc_node+0xb8/0x470 [ 287.423228][ C0] text_poke_bp_batch+0x746/0x960 [ 287.423246][ C0] ? __kmem_cache_alloc_node+0xb9/0x470 [ 287.423266][ C0] ? do_sync_core+0x40/0x40 [ 287.423281][ C0] ? __jump_label_patch+0x1db/0x3f0 [ 287.423304][ C0] ? text_poke_queue+0xef/0x180 [ 287.423332][ C0] ? arch_jump_label_transform_queue+0xc0/0x110 [ 287.423358][ C0] text_poke_finish+0x30/0x40 [ 287.423376][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 287.423407][ C0] jump_label_update+0x32e/0x410 [ 287.423430][ C0] static_key_enable_cpuslocked+0x1b5/0x270 [ 287.423452][ C0] static_key_enable+0x1a/0x20 [ 287.423473][ C0] toggle_allocation_gate+0xf4/0x250 [ 287.423497][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 287.423524][ C0] process_one_work+0x884/0x15c0 [ 287.423547][ C0] ? lock_sync+0x190/0x190 [ 287.423569][ C0] ? init_worker_pool+0x770/0x770 [ 287.423590][ C0] ? assign_work+0x1a0/0x240 [ 287.423609][ C0] worker_thread+0x8b9/0x1290 [ 287.423631][ C0] ? __kthread_parkme+0x14b/0x220 [ 287.423658][ C0] ? process_one_work+0x15c0/0x15c0 [ 287.423678][ C0] kthread+0x33c/0x440 [ 287.423694][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.423712][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.423731][ C0] ret_from_fork+0x45/0x80 [ 287.423751][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.423770][ C0] ret_from_fork_asm+0x11/0x20 [ 287.423797][ C0] [ 287.423804][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.250 msecs [ 287.424644][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.828037][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0 [ 287.837848][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 287.847906][ T28] Call Trace: [ 287.851189][ T28] [ 287.854120][ T28] dump_stack_lvl+0xd9/0x1b0 [ 287.858720][ T28] panic+0x6a6/0x750 [ 287.862708][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 287.867824][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.873053][ T28] ? preempt_schedule_thunk+0x1a/0x30 [ 287.878435][ T28] ? watchdog+0xd3e/0x1210 [ 287.882860][ T28] watchdog+0xd4f/0x1210 [ 287.887113][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.893101][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.898405][ T28] ? __kthread_parkme+0x14b/0x220 [ 287.903467][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.909469][ T28] kthread+0x33c/0x440 [ 287.913538][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.918739][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.924373][ T28] ret_from_fork+0x45/0x80 [ 287.928797][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.934434][ T28] ret_from_fork_asm+0x11/0x20 [ 287.939207][ T28] [ 287.942406][ T28] Kernel Offset: disabled [ 287.946721][ T28] Rebooting in 86400 seconds..