./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2842679118

<...>
Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts.
execve("./syz-executor2842679118", ["./syz-executor2842679118"], 0x7ffdd7362c40 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b20000
brk(0x555555b20d00)                     = 0x555555b20d00
arch_prctl(ARCH_SET_FS, 0x555555b20380) = 0
set_tid_address(0x555555b20650)         = 5028
set_robust_list(0x555555b20660, 24)     = 0
rseq(0x555555b20ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2842679118", 4096) = 28
getrandom("\x42\x47\xf1\xc6\xec\x6f\xf4\x51", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555b20d00
brk(0x555555b41d00)                     = 0x555555b41d00
brk(0x555555b42000)                     = 0x555555b42000
mprotect(0x7f10ea590000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 5029
./strace-static-x86_64: Process 5029 attached
[pid  5029] set_robust_list(0x555555b20660, 24) = 0
[pid  5029] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5029] setsid()                    = 1
[pid  5029] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5029] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5029] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5029] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5029] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5029] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5029] unshare(CLONE_NEWNS)        = 0
[pid  5029] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5029] unshare(CLONE_NEWIPC)       = 0
[pid  5029] unshare(CLONE_NEWCGROUP)    = 0
[pid  5029] unshare(CLONE_NEWUTS)       = 0
[pid  5029] unshare(CLONE_SYSVSEM)      = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "16777216", 8)     = 8
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "536870912", 9)    = 9
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "1024", 4)         = 4
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "8192", 4)         = 4
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "1024", 4)         = 4
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "1024", 4)         = 4
[pid  5029] close(3)                    = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5029] close(3)                    = 0
[pid  5029] getpid()                    = 1
[pid  5029] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5029] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5029] unshare(CLONE_NEWNET)       = 0
[pid  5029] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "0 65535", 7)      = 7
[pid  5029] close(3)                    = 0
[pid  5029] mkdir("/dev/binderfs", 0777) = 0
[pid  5029] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 2
./strace-static-x86_64: Process 5032 attached
[pid  5032] set_robust_list(0x555555b20660, 24) = 0
[pid  5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5032] setpgid(0, 0)               = 0
[pid  5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5032] write(3, "1000", 4)         = 4
[pid  5032] close(3)                    = 0
[pid  5032] memfd_create("syzkaller", 0) = 3
[pid  5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[   65.630501][ T5032] syz-executor284[5032]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid  5032] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5032] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5032] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5032] close(3)                    = 0
[pid  5032] mkdir("./file0", 0777)      = 0
[   65.819632][ T5032] loop0: detected capacity change from 0 to 32768
[   65.832577][ T5032] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[pid  5032] mount("/dev/loop0", "./file0", "xfs", MS_NODIRATIME|MS_RELATIME, "pqnoenforce,,nouuid") = 0
[pid  5032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5032] chdir("./file0")            = 0
[pid  5032] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5032] close(4)                    = 0
[pid  5032] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5032] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5032] ftruncate(5, 33587195)      = 0
[   65.871906][ T5032] XFS (loop0): Ending clean mount
[   65.878628][ T5032] XFS (loop0): Quotacheck needed: Please wait.
[   65.892795][ T5032] XFS (loop0): Quotacheck: Done.
[pid  5032] open("./bus", O_RDONLY)     = 6
[pid  5032] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20001000
[pid  5032] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 7
[pid  5032] pwritev2(7, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5032] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=2, si_uid=0} ---
[   65.916038][   T28] audit: type=1804 audit(1694602231.401:2): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/file0/bus" dev="loop0" ino=9290 res=1 errno=0
[   65.937910][   T28] audit: type=1804 audit(1694602231.421:3): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/file0/bus" dev="loop0" ino=9290 res=1 errno=0
[   66.022573][ T5032] BUG: Bad page map in process syz-executor284  pte:fffff8d464120 pmd:74843067
[   66.031672][ T5032] page:ffffea0001cae6c0 refcount:9 mapcount:-1 mapping:ffff888076470410 index:0x3 pfn:0x72b9b
[   66.041966][ T5032] head:ffffea0001cae600 order:2 entire_mapcount:0 nr_pages_mapped:8388607 pincount:0
[   66.051508][ T5032] memcg:ffff888015e5a000
[   66.055789][ T5032] aops:xfs_address_space_operations ino:244a dentry name:"bus"
[   66.063401][ T5032] flags: 0xfff0000000816c(referenced|uptodate|lru|active|private|head|node=0|zone=1|lastcpupid=0x7ff)
[   66.074377][ T5032] page_type: 0xffffffff()
[   66.078754][ T5032] raw: 00fff00000000000 ffffea0001cae601 dead000000000122 dead000000000400
[   66.087393][ T5032] raw: 0000000000000001 0000000000000000 00000000fffffffe 0000000000000000
[   66.096124][ T5032] head: 00fff0000000816c ffffea0001d1b008 ffff888013245030 ffff888076470410
[   66.104822][ T5032] head: 0000000000000000 ffff88814567a100 00000009ffffffff ffff888015e5a000
[   66.113563][ T5032] page dumped because: bad pte
[   66.118372][ T5032] page_owner tracks the page as allocated
[   66.124079][ T5032] page last allocated via order 2, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5032, tgid 5032 (syz-executor284), ts 65940832270, free_ts 22284310038
[   66.147126][ T5032]  post_alloc_hook+0x1e6/0x210
[   66.152015][ T5032]  get_page_from_freelist+0x31db/0x3360
[   66.157645][ T5032]  __alloc_pages+0x255/0x670
[   66.162273][ T5032]  folio_alloc+0x1e/0x60
[   66.166584][ T5032]  filemap_alloc_folio+0xde/0x500
[   66.171713][ T5032]  page_cache_ra_order+0x423/0xcc0
[   66.176974][ T5032]  do_sync_mmap_readahead+0x444/0x850
[   66.182369][ T5032]  filemap_fault+0x7d3/0x1710
[   66.187180][ T5032]  __xfs_filemap_fault+0x286/0x960
[   66.192399][ T5032]  __do_fault+0x133/0x4e0
[   66.196788][ T5032]  handle_mm_fault+0x48d2/0x6200
[   66.201754][ T5032]  __get_user_pages+0x6bd/0x15e0
[   66.206927][ T5032]  get_dump_page+0x146/0x2b0
[   66.211721][ T5032]  dump_user_range+0x126/0x910
[   66.216563][ T5032]  elf_core_dump+0x3b75/0x4490
[   66.221377][ T5032]  do_coredump+0x1b73/0x2ab0
[   66.226050][ T5032] page last free stack trace:
[   66.230841][ T5032]  free_unref_page_prepare+0x8c3/0x9f0
[   66.236358][ T5032]  free_unref_page+0x37/0x3f0
[   66.241069][ T5032]  free_contig_range+0x9e/0x150
[   66.245984][ T5032]  destroy_args+0x95/0x7c0
[   66.250431][ T5032]  debug_vm_pgtable+0x4ac/0x540
[   66.255342][ T5032]  do_one_initcall+0x23d/0x7d0
[   66.260138][ T5032]  do_initcall_level+0x157/0x210
[   66.265093][ T5032]  do_initcalls+0x3f/0x80
[   66.269483][ T5032]  kernel_init_freeable+0x440/0x5d0
[   66.274712][ T5032]  kernel_init+0x1d/0x2a0
[   66.279077][ T5032]  ret_from_fork+0x48/0x80
[   66.283525][ T5032]  ret_from_fork_asm+0x11/0x20
[   66.288421][ T5032] addr:0000000020006000 vm_flags:080000d0 anon_vma:0000000000000000 mapping:ffff888076470410 index:5
[   66.299325][ T5032] file:bus fault:xfs_filemap_fault mmap:xfs_file_mmap read_folio:xfs_vm_read_folio
[   66.308690][ T5032] CPU: 1 PID: 5032 Comm: syz-executor284 Not tainted 6.6.0-rc1-syzkaller-00033-g3669558bdf35 #0
[   66.319206][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   66.329269][ T5032] Call Trace:
[   66.332557][ T5032]  <TASK>
[   66.335490][ T5032]  dump_stack_lvl+0x1e7/0x2d0
[   66.340181][ T5032]  ? nf_tcp_handle_invalid+0x650/0x650
[   66.345653][ T5032]  ? panic+0x770/0x770
[   66.349728][ T5032]  ? dump_page+0x9c2/0x1090
[   66.354238][ T5032]  ? xfs_dio_write_end_io+0x6f0/0x6f0
[   66.359611][ T5032]  ? xfs_file_write_iter+0x620/0x620
[   66.364899][ T5032]  print_bad_pte+0x581/0x5c0
[   66.369501][ T5032]  unmap_page_range+0x1a76/0x3300
[   66.374550][ T5032]  ? mmu_notifier_invalidate_range_start+0xf0/0xf0
[   66.381063][ T5032]  ? __might_sleep+0xc0/0xc0
[   66.385669][ T5032]  ? uprobe_munmap+0x183/0x410
[   66.390440][ T5032]  ? unmap_single_vma+0x1b9/0x2a0
[   66.395478][ T5032]  unmap_vmas+0x209/0x3a0
[   66.399821][ T5032]  ? unmap_page_range+0x3300/0x3300
[   66.405032][ T5032]  ? tlb_gather_mmu_fullmm+0x160/0x210
[   66.410503][ T5032]  exit_mmap+0x297/0xc50
[   66.414775][ T5032]  ? vm_brk+0x30/0x30
[   66.418763][ T5032]  ? __asan_memset+0x23/0x40
[   66.423369][ T5032]  ? uprobe_clear_state+0x275/0x290
[   66.428577][ T5032]  ? mm_update_next_owner+0x4a3/0x520
[   66.433981][ T5032]  __mmput+0x115/0x3c0
[   66.438065][ T5032]  exit_mm+0x21f/0x300
[   66.442152][ T5032]  ? coredump_task_exit+0x460/0x460
[   66.447372][ T5032]  ? taskstats_exit+0x39d/0x920
[   66.452243][ T5032]  ? tty_audit_exit+0x154/0x1f0
[   66.457109][ T5032]  do_exit+0x612/0x2290
[   66.461282][ T5032]  ? put_task_struct+0xc0/0xc0
[   66.466064][ T5032]  do_group_exit+0x206/0x2c0
[   66.470666][ T5032]  get_signal+0x175d/0x1840
[   66.475181][ T5032]  ? ptrace_notify+0x380/0x380
[   66.479951][ T5032]  arch_do_signal_or_restart+0x96/0x860
[   66.485510][ T5032]  ? rcu_is_watching+0x15/0xb0
[   66.490278][ T5032]  ? get_sigframe_size+0x20/0x20
[   66.495255][ T5032]  ? rcu_is_watching+0x15/0xb0
[   66.500025][ T5032]  exit_to_user_mode_loop+0x6a/0x100
[   66.505332][ T5032]  exit_to_user_mode_prepare+0xb1/0x140
[   66.510968][ T5032]  syscall_exit_to_user_mode+0x64/0x280
[   66.516527][ T5032]  do_syscall_64+0x4d/0xc0
[   66.520971][ T5032]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   66.526893][ T5032] RIP: 0033:0x7f10ea512eb9
[   66.531323][ T5032] Code: Unable to access opcode bytes at 0x7f10ea512e8f.
[   66.538342][ T5032] RSP: 002b:00007ffe74043128 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   66.546766][ T5032] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007f10ea512eb9
[   66.554737][ T5032] RDX: 0000000000000002 RSI: 0000000020000300 RDI: 0000000000000007
[   66.562709][ T5032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   66.570681][ T5032] R10: 0000000008800000 R11: 0000000000000246 R12: 00000000000f4240
[   66.578653][ T5032] R13: 00007ffe740433a8 R14: 0000000000000001 R15: 00007ffe74043170
[   66.586635][ T5032]  </TASK>
[   66.589831][ T5032] BUG: Bad page map in process syz-executor284  pte:fffff8d465120 pmd:74843067
[   66.598891][ T5032] page:ffffea0001cae680 refcount:9 mapcount:-1 mapping:ffff888076470410 index:0x2 pfn:0x72b9a
[   66.609205][ T5032] head:ffffea0001cae600 order:2 entire_mapcount:0 nr_pages_mapped:8388606 pincount:0
[   66.618721][ T5032] memcg:ffff888015e5a000
[   66.622998][ T5032] aops:xfs_address_space_operations ino:244a dentry name:"bus"
[   66.630640][ T5032] flags: 0xfff0000000816c(referenced|uptodate|lru|active|private|head|node=0|zone=1|lastcpupid=0x7ff)
[   66.641706][ T5032] page_type: 0xffffffff()
[   66.646104][ T5032] raw: 00fff00000000000 ffffea0001cae601 ffffea0001cae690 ffffea0001cae690
[   66.654707][ T5032] raw: 0000000000000001 0000000000000000 00000000fffffffe 0000000000000000
[   66.663379][ T5032] head: 00fff0000000816c ffffea0001d1b008 ffff888013245030 ffff888076470410
[   66.672094][ T5032] head: 0000000000000000 ffff88814567a100 00000009ffffffff ffff888015e5a000
[   66.680865][ T5032] page dumped because: bad pte
[   66.685665][ T5032] page_owner tracks the page as allocated
[   66.691383][ T5032] page last allocated via order 2, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5032, tgid 5032 (syz-executor284), ts 65940832270, free_ts 22284300404
[   66.714458][ T5032]  post_alloc_hook+0x1e6/0x210
[   66.719298][ T5032]  get_page_from_freelist+0x31db/0x3360
[   66.725052][ T5032]  __alloc_pages+0x255/0x670
[   66.729757][ T5032]  folio_alloc+0x1e/0x60
[   66.734049][ T5032]  filemap_alloc_folio+0xde/0x500
[   66.739195][ T5032]  page_cache_ra_order+0x423/0xcc0
[   66.744340][ T5032]  do_sync_mmap_readahead+0x444/0x850
[   66.749779][ T5032]  filemap_fault+0x7d3/0x1710
[   66.754478][ T5032]  __xfs_filemap_fault+0x286/0x960
[   66.759637][ T5032]  __do_fault+0x133/0x4e0
[   66.763984][ T5032]  handle_mm_fault+0x48d2/0x6200
[   66.768995][ T5032]  __get_user_pages+0x6bd/0x15e0
[   66.773953][ T5032]  get_dump_page+0x146/0x2b0
[   66.778608][ T5032]  dump_user_range+0x126/0x910
[   66.783398][ T5032]  elf_core_dump+0x3b75/0x4490
[   66.788333][ T5032]  do_coredump+0x1b73/0x2ab0
[   66.792975][ T5032] page last free stack trace:
[   66.797702][ T5032]  free_unref_page_prepare+0x8c3/0x9f0
[   66.803198][ T5032]  free_unref_page+0x37/0x3f0
[   66.807948][ T5032]  free_contig_range+0x9e/0x150
[   66.812821][ T5032]  destroy_args+0x95/0x7c0
[   66.817299][ T5032]  debug_vm_pgtable+0x4ac/0x540
[   66.822175][ T5032]  do_one_initcall+0x23d/0x7d0
[   66.826997][ T5032]  do_initcall_level+0x157/0x210
[   66.831964][ T5032]  do_initcalls+0x3f/0x80
[   66.836363][ T5032]  kernel_init_freeable+0x440/0x5d0
[   66.841613][ T5032]  kernel_init+0x1d/0x2a0
[   66.846005][ T5032]  ret_from_fork+0x48/0x80
[   66.850442][ T5032]  ret_from_fork_asm+0x11/0x20
[   66.855275][ T5032] addr:0000000020007000 vm_flags:080000d0 anon_vma:0000000000000000 mapping:ffff888076470410 index:6
[   66.866173][ T5032] file:bus fault:xfs_filemap_fault mmap:xfs_file_mmap read_folio:xfs_vm_read_folio
[   66.875526][ T5032] CPU: 0 PID: 5032 Comm: syz-executor284 Tainted: G    B              6.6.0-rc1-syzkaller-00033-g3669558bdf35 #0
[   66.887431][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   66.897486][ T5032] Call Trace:
[   66.900765][ T5032]  <TASK>
[   66.903709][ T5032]  dump_stack_lvl+0x1e7/0x2d0
[   66.908413][ T5032]  ? nf_tcp_handle_invalid+0x650/0x650
[   66.913879][ T5032]  ? panic+0x770/0x770
[   66.917951][ T5032]  ? dump_page+0x9c2/0x1090
[   66.922466][ T5032]  ? xfs_dio_write_end_io+0x6f0/0x6f0
[   66.927848][ T5032]  ? xfs_file_write_iter+0x620/0x620
[   66.933145][ T5032]  print_bad_pte+0x581/0x5c0
[   66.937835][ T5032]  unmap_page_range+0x1a76/0x3300
[   66.942885][ T5032]  ? mmu_notifier_invalidate_range_start+0xf0/0xf0
[   66.949398][ T5032]  ? __might_sleep+0xc0/0xc0
[   66.953999][ T5032]  ? uprobe_munmap+0x183/0x410
[   66.958771][ T5032]  ? unmap_single_vma+0x1b9/0x2a0
[   66.963808][ T5032]  unmap_vmas+0x209/0x3a0
[   66.968152][ T5032]  ? unmap_page_range+0x3300/0x3300
[   66.973362][ T5032]  ? tlb_gather_mmu_fullmm+0x160/0x210
[   66.978830][ T5032]  exit_mmap+0x297/0xc50
[   66.983087][ T5032]  ? vm_brk+0x30/0x30
[   66.987076][ T5032]  ? __asan_memset+0x23/0x40
[   66.991682][ T5032]  ? uprobe_clear_state+0x275/0x290
[   66.996890][ T5032]  ? mm_update_next_owner+0x4a3/0x520
[   67.002277][ T5032]  __mmput+0x115/0x3c0
[   67.006351][ T5032]  exit_mm+0x21f/0x300
[   67.010446][ T5032]  ? coredump_task_exit+0x460/0x460
[   67.015656][ T5032]  ? taskstats_exit+0x39d/0x920
[   67.020513][ T5032]  ? tty_audit_exit+0x154/0x1f0
[   67.025375][ T5032]  do_exit+0x612/0x2290
[   67.029546][ T5032]  ? put_task_struct+0xc0/0xc0
[   67.034355][ T5032]  do_group_exit+0x206/0x2c0
[   67.039045][ T5032]  get_signal+0x175d/0x1840
[   67.043583][ T5032]  ? ptrace_notify+0x380/0x380
[   67.048362][ T5032]  arch_do_signal_or_restart+0x96/0x860
[   67.053917][ T5032]  ? rcu_is_watching+0x15/0xb0
[   67.058683][ T5032]  ? get_sigframe_size+0x20/0x20
[   67.063642][ T5032]  ? rcu_is_watching+0x15/0xb0
[   67.068420][ T5032]  exit_to_user_mode_loop+0x6a/0x100
[   67.073710][ T5032]  exit_to_user_mode_prepare+0xb1/0x140
[   67.079263][ T5032]  syscall_exit_to_user_mode+0x64/0x280
[   67.084823][ T5032]  do_syscall_64+0x4d/0xc0
[   67.089249][ T5032]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   67.095322][ T5032] RIP: 0033:0x7f10ea512eb9
[   67.099740][ T5032] Code: Unable to access opcode bytes at 0x7f10ea512e8f.
[   67.106753][ T5032] RSP: 002b:00007ffe74043128 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   67.115166][ T5032] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007f10ea512eb9
[   67.123137][ T5032] RDX: 0000000000000002 RSI: 0000000020000300 RDI: 0000000000000007
[   67.131109][ T5032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   67.139090][ T5032] R10: 0000000008800000 R11: 0000000000000246 R12: 00000000000f4240
[   67.147073][ T5032] R13: 00007ffe740433a8 R14: 0000000000000001 R15: 00007ffe74043170
[   67.155064][ T5032]  </TASK>
[   67.162159][ T5032] BUG: Bad page map in process syz-executor284  pte:fffff8d466120 pmd:74843067
[   67.171178][ T5032] page:ffffea0001cae640 refcount:9 mapcount:-1 mapping:ffff888076470410 index:0x1 pfn:0x72b99
[   67.181485][ T5032] head:ffffea0001cae600 order:2 entire_mapcount:0 nr_pages_mapped:8388605 pincount:0
[   67.190982][ T5032] memcg:ffff888015e5a000
[   67.195301][ T5032] aops:xfs_address_space_operations ino:244a dentry name:"bus"
[   67.203010][ T5032] flags: 0xfff0000000816c(referenced|uptodate|lru|active|private|head|node=0|zone=1|lastcpupid=0x7ff)
[   67.213980][ T5032] page_type: 0xffffffff()
[   67.218343][ T5032] raw: 00fff00000000202 ffffea0001cae601 dead000000000122 fffffffdffffffff
[   67.226951][ T5032] raw: 0000000400000000 0000000000000000 00000000fffffffe 0000000000000000
[   67.235599][ T5032] head: 00fff0000000816c ffffea0001d1b008 ffff888013245030 ffff888076470410
[   67.244289][ T5032] head: 0000000000000000 ffff88814567a100 00000009ffffffff ffff888015e5a000
[   67.253009][ T5032] page dumped because: bad pte
[   67.257813][ T5032] page_owner tracks the page as allocated
[   67.263595][ T5032] page last allocated via order 2, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5032, tgid 5032 (syz-executor284), ts 65940832270, free_ts 22284290709
[   67.286705][ T5032]  post_alloc_hook+0x1e6/0x210
[   67.291505][ T5032]  get_page_from_freelist+0x31db/0x3360
[   67.297120][ T5032]  __alloc_pages+0x255/0x670
[   67.301750][ T5032]  folio_alloc+0x1e/0x60
[   67.306086][ T5032]  filemap_alloc_folio+0xde/0x500
[   67.311131][ T5032]  page_cache_ra_order+0x423/0xcc0
[   67.316306][ T5032]  do_sync_mmap_readahead+0x444/0x850
[   67.321704][ T5032]  filemap_fault+0x7d3/0x1710
[   67.326450][ T5032]  __xfs_filemap_fault+0x286/0x960
[   67.331578][ T5032]  __do_fault+0x133/0x4e0
[   67.335941][ T5032]  handle_mm_fault+0x48d2/0x6200
[   67.340905][ T5032]  __get_user_pages+0x6bd/0x15e0
[   67.345896][ T5032]  get_dump_page+0x146/0x2b0
[   67.350506][ T5032]  dump_user_range+0x126/0x910
[   67.355326][ T5032]  elf_core_dump+0x3b75/0x4490
[   67.360153][ T5032]  do_coredump+0x1b73/0x2ab0
[   67.364742][ T5032] page last free stack trace:
[   67.369474][ T5032]  free_unref_page_prepare+0x8c3/0x9f0
[   67.374956][ T5032]  free_unref_page+0x37/0x3f0
[   67.379679][ T5032]  free_contig_range+0x9e/0x150
[   67.384547][ T5032]  destroy_args+0x95/0x7c0
[   67.389019][ T5032]  debug_vm_pgtable+0x4ac/0x540
[   67.393897][ T5032]  do_one_initcall+0x23d/0x7d0
[   67.398716][ T5032]  do_initcall_level+0x157/0x210
[   67.403683][ T5032]  do_initcalls+0x3f/0x80
[   67.408079][ T5032]  kernel_init_freeable+0x440/0x5d0
[   67.413311][ T5032]  kernel_init+0x1d/0x2a0
[   67.417691][ T5032]  ret_from_fork+0x48/0x80
[   67.422128][ T5032]  ret_from_fork_asm+0x11/0x20
[   67.426954][ T5032] addr:0000000020008000 vm_flags:080000d0 anon_vma:0000000000000000 mapping:ffff888076470410 index:7
[   67.437861][ T5032] file:bus fault:xfs_filemap_fault mmap:xfs_file_mmap read_folio:xfs_vm_read_folio
[   67.447262][ T5032] CPU: 0 PID: 5032 Comm: syz-executor284 Tainted: G    B              6.6.0-rc1-syzkaller-00033-g3669558bdf35 #0
[   67.459308][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   67.469379][ T5032] Call Trace:
[   67.472760][ T5032]  <TASK>
[   67.475701][ T5032]  dump_stack_lvl+0x1e7/0x2d0
[   67.480408][ T5032]  ? nf_tcp_handle_invalid+0x650/0x650
[   67.485878][ T5032]  ? panic+0x770/0x770
[   67.489951][ T5032]  ? dump_page+0x9c2/0x1090
[   67.494459][ T5032]  ? xfs_dio_write_end_io+0x6f0/0x6f0
[   67.499831][ T5032]  ? xfs_file_write_iter+0x620/0x620
[   67.505132][ T5032]  print_bad_pte+0x581/0x5c0
[   67.509738][ T5032]  unmap_page_range+0x1a76/0x3300
[   67.514814][ T5032]  ? mmu_notifier_invalidate_range_start+0xf0/0xf0
[   67.521413][ T5032]  ? __might_sleep+0xc0/0xc0
[   67.526023][ T5032]  ? uprobe_munmap+0x183/0x410
[   67.530793][ T5032]  ? unmap_single_vma+0x1b9/0x2a0
[   67.535830][ T5032]  unmap_vmas+0x209/0x3a0
[   67.540193][ T5032]  ? unmap_page_range+0x3300/0x3300
[   67.545412][ T5032]  ? tlb_gather_mmu_fullmm+0x160/0x210
[   67.550883][ T5032]  exit_mmap+0x297/0xc50
[   67.555135][ T5032]  ? vm_brk+0x30/0x30
[   67.559129][ T5032]  ? __asan_memset+0x23/0x40
[   67.563735][ T5032]  ? uprobe_clear_state+0x275/0x290
[   67.568935][ T5032]  ? mm_update_next_owner+0x4a3/0x520
[   67.574317][ T5032]  __mmput+0x115/0x3c0
[   67.578386][ T5032]  exit_mm+0x21f/0x300
[   67.582464][ T5032]  ? coredump_task_exit+0x460/0x460
[   67.587671][ T5032]  ? taskstats_exit+0x39d/0x920
[   67.592534][ T5032]  ? tty_audit_exit+0x154/0x1f0
[   67.597394][ T5032]  do_exit+0x612/0x2290
[   67.601566][ T5032]  ? put_task_struct+0xc0/0xc0
[   67.606351][ T5032]  do_group_exit+0x206/0x2c0
[   67.610953][ T5032]  get_signal+0x175d/0x1840
[   67.615470][ T5032]  ? ptrace_notify+0x380/0x380
[   67.620241][ T5032]  arch_do_signal_or_restart+0x96/0x860
[   67.625795][ T5032]  ? rcu_is_watching+0x15/0xb0
[   67.630563][ T5032]  ? get_sigframe_size+0x20/0x20
[   67.635514][ T5032]  ? rcu_is_watching+0x15/0xb0
[   67.640282][ T5032]  exit_to_user_mode_loop+0x6a/0x100
[   67.645571][ T5032]  exit_to_user_mode_prepare+0xb1/0x140
[   67.651122][ T5032]  syscall_exit_to_user_mode+0x64/0x280
[   67.656679][ T5032]  do_syscall_64+0x4d/0xc0
[   67.661111][ T5032]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   67.667030][ T5032] RIP: 0033:0x7f10ea512eb9
[   67.671449][ T5032] Code: Unable to access opcode bytes at 0x7f10ea512e8f.
[pid  5032] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=2, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=109 /* 1.09 s */} ---
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 3
./strace-static-x86_64: Process 5041 attached
[pid  5041] set_robust_list(0x555555b20660, 24) = 0
[pid  5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5041] setpgid(0, 0)               = 0
[pid  5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5041] write(3, "1000", 4)         = 4
[pid  5041] close(3)                    = 0
[pid  5041] memfd_create("syzkaller", 0) = 3
[pid  5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[   67.678459][ T5032] RSP: 002b:00007ffe74043128 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   67.686872][ T5032] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007f10ea512eb9
[   67.694854][ T5032] RDX: 0000000000000002 RSI: 0000000020000300 RDI: 0000000000000007
[   67.702823][ T5032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   67.710794][ T5032] R10: 0000000008800000 R11: 0000000000000246 R12: 00000000000f4240
[   67.718765][ T5032] R13: 00007ffe740433a8 R14: 0000000000000001 R15: 00007ffe74043170
[   67.726743][ T5032]  </TASK>
[pid  5041] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5041] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5041] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5041] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5041] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5041] close(4)                    = 0
[pid  5041] close(3)                    = 0
[pid  5041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5041] ftruncate(4, 33587195)      = 0
[pid  5041] open("./bus", O_RDONLY)     = 5
[pid  5041] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5041] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5041] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=3, si_uid=0} ---
[   68.014151][   T28] audit: type=1804 audit(1694602233.491:4): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   68.034752][   T28] audit: type=1804 audit(1694602233.501:5): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5041] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=3, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} ---
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached
, child_tidptr=0x555555b20650) = 4
[pid  5042] set_robust_list(0x555555b20660, 24) = 0
[pid  5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5042] setpgid(0, 0)               = 0
[pid  5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "1000", 4)         = 4
[pid  5042] close(3)                    = 0
[pid  5042] memfd_create("syzkaller", 0) = 3
[pid  5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5042] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5042] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5042] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5042] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5042] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5042] close(4)                    = 0
[pid  5042] close(3)                    = 0
[pid  5042] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5042] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5042] ftruncate(4, 33587195)      = 0
[pid  5042] open("./bus", O_RDONLY)     = 5
[pid  5042] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5042] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5042] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5042] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=4, si_uid=0} ---
[   68.714192][   T28] audit: type=1804 audit(1694602234.191:6): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   68.734840][   T28] audit: type=1804 audit(1694602234.201:7): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5042] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=4, si_uid=0, si_status=SIGXFSZ, si_utime=2 /* 0.02 s */, si_stime=58 /* 0.58 s */} ---
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 5
./strace-static-x86_64: Process 5043 attached
[pid  5043] set_robust_list(0x555555b20660, 24) = 0
[pid  5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5043] setpgid(0, 0)               = 0
[pid  5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5043] write(3, "1000", 4)         = 4
[pid  5043] close(3)                    = 0
[pid  5043] memfd_create("syzkaller", 0) = 3
[pid  5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5043] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5043] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5043] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5043] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5043] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5043] close(4)                    = 0
[pid  5043] close(3)                    = 0
[pid  5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5043] ftruncate(4, 33587195)      = 0
[pid  5043] open("./bus", O_RDONLY)     = 5
[pid  5043] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5043] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5043] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=5, si_uid=0} ---
[   69.271722][   T28] audit: type=1804 audit(1694602234.751:8): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   69.293016][   T28] audit: type=1804 audit(1694602234.751:9): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5043] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=5, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=46 /* 0.46 s */} ---
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached
 <unfinished ...>
[pid  5044] set_robust_list(0x555555b20660, 24) = 0
[pid  5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5044] setpgid(0, 0)               = 0
[pid  5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 6
[pid  5044] <... openat resumed>)       = 3
[pid  5044] write(3, "1000", 4)         = 4
[pid  5044] close(3)                    = 0
[pid  5044] memfd_create("syzkaller", 0) = 3
[pid  5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5044] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5044] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5044] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5044] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5044] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5044] close(4)                    = 0
[pid  5044] close(3)                    = 0
[pid  5044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5044] ftruncate(4, 33587195)      = 0
[pid  5044] open("./bus", O_RDONLY)     = 5
[pid  5044] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5044] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5044] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=6, si_uid=0} ---
[   69.814620][   T28] audit: type=1804 audit(1694602235.291:10): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   69.835198][   T28] audit: type=1804 audit(1694602235.301:11): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5044] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=6, si_uid=0, si_status=SIGXFSZ, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached
 <unfinished ...>
[pid  5045] set_robust_list(0x555555b20660, 24) = 0
[pid  5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5045] setpgid(0, 0)               = 0
[pid  5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 7
[pid  5045] write(3, "1000", 4)         = 4
[pid  5045] close(3)                    = 0
[pid  5045] memfd_create("syzkaller", 0) = 3
[pid  5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5045] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5045] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5045] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5045] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5045] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5045] close(4)                    = 0
[pid  5045] close(3)                    = 0
[pid  5045] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5045] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5045] ftruncate(4, 33587195)      = 0
[pid  5045] open("./bus", O_RDONLY)     = 5
[pid  5045] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5045] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5045] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5045] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=7, si_uid=0} ---
[pid  5045] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=7, si_uid=0, si_status=SIGXFSZ, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached
, child_tidptr=0x555555b20650) = 8
[pid  5046] set_robust_list(0x555555b20660, 24) = 0
[pid  5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5046] setpgid(0, 0)               = 0
[pid  5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5046] write(3, "1000", 4)         = 4
[pid  5046] close(3)                    = 0
[pid  5046] memfd_create("syzkaller", 0) = 3
[pid  5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5046] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5046] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5046] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5046] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5046] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5046] close(4)                    = 0
[pid  5046] close(3)                    = 0
[pid  5046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5046] ftruncate(4, 33587195)      = 0
[pid  5046] open("./bus", O_RDONLY)     = 5
[pid  5046] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5046] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5046] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=8, si_uid=0} ---
[pid  5046] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=8, si_uid=0, si_status=SIGXFSZ, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached
, child_tidptr=0x555555b20650) = 9
[pid  5047] set_robust_list(0x555555b20660, 24) = 0
[pid  5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5047] setpgid(0, 0)               = 0
[pid  5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5047] write(3, "1000", 4)         = 4
[pid  5047] close(3)                    = 0
[pid  5047] memfd_create("syzkaller", 0) = 3
[pid  5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5047] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5047] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5047] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5047] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5047] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5047] close(4)                    = 0
[pid  5047] close(3)                    = 0
[pid  5047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5047] ftruncate(4, 33587195)      = 0
[pid  5047] open("./bus", O_RDONLY)     = 5
[pid  5047] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5047] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5047] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=9, si_uid=0} ---
[   71.388670][   T28] kauditd_printk_skb: 4 callbacks suppressed
[   71.388686][   T28] audit: type=1804 audit(1694602236.871:16): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   71.416096][   T28] audit: type=1804 audit(1694602236.871:17): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5047] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=9, si_uid=0, si_status=SIGXFSZ, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5048 attached
, child_tidptr=0x555555b20650) = 10
[pid  5048] set_robust_list(0x555555b20660, 24) = 0
[pid  5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5048] setpgid(0, 0)               = 0
[pid  5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5048] write(3, "1000", 4)         = 4
[pid  5048] close(3)                    = 0
[pid  5048] memfd_create("syzkaller", 0) = 3
[pid  5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5048] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5048] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5048] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5048] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5048] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5048] close(4)                    = 0
[pid  5048] close(3)                    = 0
[pid  5048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5048] ftruncate(4, 33587195)      = 0
[pid  5048] open("./bus", O_RDONLY)     = 5
[pid  5048] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5048] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5048] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=10, si_uid=0} ---
[   71.923941][   T28] audit: type=1804 audit(1694602237.401:18): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   71.944732][   T28] audit: type=1804 audit(1694602237.411:19): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5048] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=10, si_uid=0, si_status=SIGXFSZ, si_utime=6 /* 0.06 s */, si_stime=44 /* 0.44 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached
 <unfinished ...>
[pid  5049] set_robust_list(0x555555b20660, 24 <unfinished ...>
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 11
[pid  5049] <... set_robust_list resumed>) = 0
[pid  5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5049] setpgid(0, 0)               = 0
[pid  5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5049] write(3, "1000", 4)         = 4
[pid  5049] close(3)                    = 0
[pid  5049] memfd_create("syzkaller", 0) = 3
[pid  5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5049] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5049] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5049] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5049] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5049] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5049] close(4)                    = 0
[pid  5049] close(3)                    = 0
[pid  5049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5049] ftruncate(4, 33587195)      = 0
[pid  5049] open("./bus", O_RDONLY)     = 5
[pid  5049] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5049] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5049] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=11, si_uid=0} ---
[   72.451623][   T28] audit: type=1804 audit(1694602237.931:20): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   72.471838][   T28] audit: type=1804 audit(1694602237.931:21): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5049] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=11, si_uid=0, si_status=SIGXFSZ, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 12
./strace-static-x86_64: Process 5050 attached
[pid  5050] set_robust_list(0x555555b20660, 24) = 0
[pid  5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5050] setpgid(0, 0)               = 0
[pid  5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5050] write(3, "1000", 4)         = 4
[pid  5050] close(3)                    = 0
[pid  5050] memfd_create("syzkaller", 0) = 3
[pid  5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5050] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5050] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5050] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5050] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5050] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5050] close(4)                    = 0
[pid  5050] close(3)                    = 0
[pid  5050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5050] ftruncate(4, 33587195)      = 0
[pid  5050] open("./bus", O_RDONLY)     = 5
[pid  5050] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5050] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5050] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=12, si_uid=0} ---
[   72.984143][   T28] audit: type=1804 audit(1694602238.461:22): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   73.004882][   T28] audit: type=1804 audit(1694602238.471:23): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5050] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=12, si_uid=0, si_status=SIGXFSZ, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 13
./strace-static-x86_64: Process 5051 attached
[pid  5051] set_robust_list(0x555555b20660, 24) = 0
[pid  5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5051] setpgid(0, 0)               = 0
[pid  5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5051] write(3, "1000", 4)         = 4
[pid  5051] close(3)                    = 0
[pid  5051] memfd_create("syzkaller", 0) = 3
[pid  5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5051] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5051] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5051] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5051] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5051] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5051] close(4)                    = 0
[pid  5051] close(3)                    = 0
[pid  5051] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5051] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5051] ftruncate(4, 33587195)      = 0
[pid  5051] open("./bus", O_RDONLY)     = 5
[pid  5051] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5051] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5051] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5051] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=13, si_uid=0} ---
[   73.525545][   T28] audit: type=1804 audit(1694602239.011:24): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[   73.546251][   T28] audit: type=1804 audit(1694602239.011:25): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor284" name="/root/bus" dev="sda1" ino=1929 res=1 errno=0
[pid  5051] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=13, si_uid=0, si_status=SIGXFSZ, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b20650) = 14
./strace-static-x86_64: Process 5052 attached
[pid  5052] set_robust_list(0x555555b20660, 24) = 0
[pid  5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5052] setpgid(0, 0)               = 0
[pid  5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5052] write(3, "1000", 4)         = 4
[pid  5052] close(3)                    = 0
[pid  5052] memfd_create("syzkaller", 0) = 3
[pid  5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5052] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5052] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5052] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5052] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5052] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5052] close(4)                    = 0
[pid  5052] close(3)                    = 0
[pid  5052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5052] ftruncate(4, 33587195)      = 0
[pid  5052] open("./bus", O_RDONLY)     = 5
[pid  5052] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5052] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5052] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=14, si_uid=0} ---
[pid  5052] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=14, si_uid=0, si_status=SIGXFSZ, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached
 <unfinished ...>
[pid  5053] set_robust_list(0x555555b20660, 24) = 0
[pid  5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5053] setpgid(0, 0)               = 0
[pid  5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 15
[pid  5053] <... openat resumed>)       = 3
[pid  5053] write(3, "1000", 4)         = 4
[pid  5053] close(3)                    = 0
[pid  5053] memfd_create("syzkaller", 0) = 3
[pid  5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5053] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5053] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5053] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5053] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5053] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5053] close(4)                    = 0
[pid  5053] close(3)                    = 0
[pid  5053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5053] ftruncate(4, 33587195)      = 0
[pid  5053] open("./bus", O_RDONLY)     = 5
[pid  5053] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5053] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5053] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=15, si_uid=0} ---
[pid  5053] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=15, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached
, child_tidptr=0x555555b20650) = 16
[pid  5054] set_robust_list(0x555555b20660, 24) = 0
[pid  5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] setpgid(0, 0)               = 0
[pid  5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5054] write(3, "1000", 4)         = 4
[pid  5054] close(3)                    = 0
[pid  5054] memfd_create("syzkaller", 0) = 3
[pid  5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5054] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5054] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5054] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5054] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5054] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5054] close(4)                    = 0
[pid  5054] close(3)                    = 0
[pid  5054] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5054] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5054] ftruncate(4, 33587195)      = 0
[pid  5054] open("./bus", O_RDONLY)     = 5
[pid  5054] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5054] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5054] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5054] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=16, si_uid=0} ---
[pid  5054] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=16, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5055 attached
 <unfinished ...>
[pid  5055] set_robust_list(0x555555b20660, 24) = 0
[pid  5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5055] setpgid(0, 0)               = 0
[pid  5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 17
[pid  5055] <... openat resumed>)       = 3
[pid  5055] write(3, "1000", 4)         = 4
[pid  5055] close(3)                    = 0
[pid  5055] memfd_create("syzkaller", 0) = 3
[pid  5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5055] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5055] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5055] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5055] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5055] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5055] close(4)                    = 0
[pid  5055] close(3)                    = 0
[pid  5055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3
[pid  5055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[pid  5055] ftruncate(4, 33587195)      = 0
[pid  5055] open("./bus", O_RDONLY)     = 5
[pid  5055] mmap(0x20001000, 40960, PROT_NONE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20001000
[pid  5055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|FASYNC, 000) = 6
[pid  5055] pwritev2(6, [{iov_base="\x1d", iov_len=1}, {iov_base=NULL, iov_len=0}], 2, 142606336, 0) = -1 EFBIG (File too large)
[pid  5055] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=17, si_uid=0} ---
[pid  5055] +++ killed by SIGXFSZ (core dumped) +++
[pid  5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=17, si_uid=0, si_status=SIGXFSZ, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} ---
[pid  5029] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5029] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5029] close(3)                    = 0
[pid  5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached
 <unfinished ...>
[pid  5056] set_robust_list(0x555555b20660, 24) = 0
[pid  5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5056] setpgid(0, 0)               = 0
[pid  5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5029] <... clone resumed>, child_tidptr=0x555555b20650) = 18
[pid  5056] <... openat resumed>)       = 3
[pid  5056] write(3, "1000", 4)         = 4
[pid  5056] close(3)                    = 0
[pid  5056] memfd_create("syzkaller", 0) = 3
[pid  5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f10e20d4000
[pid  5056] write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216
[pid  5056] munmap(0x7f10e20d4000, 16777216) = 0
[pid  5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5056] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5056] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5056] ioctl(4, LOOP_SET_FD, 3)    = -1 EBUSY (Device or resource busy)
[pid  5056] close(4)                    = 0
[pid  5056] close(3)                    = 0